漏洞平台

POC详情： d2f8529b8f60b020575898290804e861fded764c

来源

https://github.com/Ingenuity-Fainting-Goats/CVE-2017-7525-Jackson-Deserialization-Lab

关联漏洞

标题： FasterXML Jackson 代码问题漏洞 (CVE-2017-7525)
描述：FasterXML Jackson是美国FasterXML公司的一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。 FasterXML jackson-databind 2.6.7.1之前版本、2.7.9.1版本和2.8.9版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

描述

Insecure Java Deserialization Lab

介绍

# CVE-2017-7525 Java Insecure Deserialization Lab

Basic Java REST application vulnerable to Insecure Deserialization, leading to RCE.  

The project must be run on Java < **8u45**

Based on Maven with the following dependencies:  

- jackson-databind 2.2.2
- commons-collections 3.1
- spring-context-support 4.3.11

More dependencies can be added through Maven if you want to try some more gadgets.  

## Running

Open (recommended with Intellij Idea) and run the Java class in **src/main/java/com/deserialization/lab/Main.java**.  

Then browse to **http://localhost:9091/api/**

### Exposed APIs

- GET /api/message : returns a serialized object useful to build a payload
- POST /api/message : Accepts a payload, deserializes it and reflects the generated instance as response

### CVEs

The application is actually vulnerable to almost all the [Jackson Databind CVEs](https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/version_id-237456/Fasterxml-Jackson-databind-2.2.2.html).

### References

[ysoserial](https://github.com/frohoff/ysoserial)  
[Exploiting the Jackson RCE: CVE-2017-7525](https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/)  
[Java Deserialization Cheat Sheet](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet)  
[Marshalsec PDF](https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true)  

### JDK Downloads

[Jdk 8 Archive](https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html)  
[Jdk 8u11 Linux x64](https://download.oracle.com/otn/java/jdk/8u11-b12/jdk-8u11-linux-x64.tar.gz)

### Authors

[alp4ca](https://twitter.com/martinolessio)  
[rhpco](https://twitter.com/rhpco)


check

文件快照


 [4.0K]  /data/pocs/d2f8529b8f60b020575898290804e861fded764c
├── [3.5K]  pom.xml
├── [1.7K]  README.md
├── [5.3K]  Solution.md
├── [4.0K]  src
│   └── [4.0K]  main
│       ├── [4.0K]  java
│       │   └── [4.0K]  com
│       │       └── [4.0K]  deserialization
│       │           └── [4.0K]  lab
│       │               ├── [1005]  Main.java
│       │               ├── [4.0K]  model
│       │               │   ├── [ 604]  APIMessage.java
│       │               │   └── [ 489]  Payload.java
│       │               ├── [4.0K]  processor
│       │               │   ├── [ 867]  DefaultPostProcessor.java
│       │               │   ├── [ 984]  PayloadGetBytesProcessor.java
│       │               │   └── [ 975]  PayloadGetProcessor.java
│       │               ├── [4.0K]  route
│       │               │   └── [1.4K]  RouteBuilderImpl.java
│       │               └── [1.4K]  Test.java
│       └── [4.0K]  resources
│           └── [ 571]  log4j2.xml
└── [4.0K]  static
    └── [ 374]  exploit.xml

11 directories, 13 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。