CVE-2017-7525 PoC — FasterXML Jackson 代码问题漏洞

Source

https://github.com/Dannners/jackson-deserialization-2017-7525

Associated Vulnerability

Title:FasterXML Jackson 代码问题漏洞 (CVE-2017-7525)
Description:FasterXML Jackson是美国FasterXML公司的一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。 FasterXML jackson-databind 2.6.7.1之前版本、2.7.9.1版本和2.8.9版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Description

Jackson Deserialization CVE-2017-7525 PoC

Readme

# jackson-deserialization-2017-7525
Jackson Deserialization CVE-2017-7525 PoC

File Snapshot


 [4.0K]  /data/pocs/b8a0f39a07da1d327b3491aee79481cdf7269852
├── [ 184]  exploit.json
├── [ 431]  exp.xml
├── [1.8K]  jackson2.iml
├── [916K]  poc.mp4
├── [2.5K]  pom.xml
├── [  78]  README.md
├── [4.0K]  src
│   └── [4.0K]  main
│       └── [4.0K]  java
│           └── [4.0K]  jackson_20177525
│               └── [ 464]  Appweb.java
└── [4.0K]  target
    └── [4.0K]  classes
        ├── [4.0K]  jackson_20177525
        │   ├── [1023]  Appweb.class
        │   └── [ 324]  boom.class
        └── [4.0K]  META-INF
            └── [  16]  jackson2.kotlin_module

8 directories, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!