CVE-2020-24616 PoC — FasterXML jackson-databind 代码问题漏洞

Source

https://github.com/0xkami/cve-2020-24616-poc

Associated Vulnerability

Title:FasterXML jackson-databind 代码问题漏洞 (CVE-2020-24616)
Description:FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档，同样也可以将json、xml转换成Java对象。 FasterXML jackson-databind 存在代码问题漏洞，该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Description

cve-2020-24616 poc

Readme

# cve-2020-24616-poc
cve-2020-24616 poc
java菜鸟写的第一个poc
参考了很多Jndi注入的Poc

File Snapshot


 [4.0K]  /data/pocs/087112b2e08b051c7e3ebccac2bf73f257db9bfd
├── [4.0K]  exp
│   ├── [ 607]  Exploit.class
│   └── [ 332]  Exploit.java
├── [4.0K]  lib
│   ├── [367K]  Anteros-Core-1.1.3.jar
│   ├── [151K]  Anteros-DBCP-1.0.1.jar
│   ├── [7.5K]  configuration-0.1.3.jar
│   ├── [ 66K]  jackson-annotations-2.10.1.jar
│   ├── [340K]  jackson-core-2.10.1.jar
│   ├── [1.3M]  jackson-databind-2.10.1.jar
│   ├── [ 40K]  slf4j-api-1.7.22.jar
│   ├── [ 11K]  slf4j-simple-1.7.22.jar
│   └── [155K]  xbean-reflect-4.15.jar
├── [ 514]  poc
├── [ 515]  poc.java
└── [ 101]  README.md

2 directories, 14 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!