CVE-2020-9548 PoC — FasterXML jackson-databind 代码问题漏洞

Source

https://github.com/fairyming/CVE-2020-9548

Associated Vulnerability

Title:FasterXML jackson-databind 代码问题漏洞 (CVE-2020-9548)
Description:FasterXML jackson-databind是FasterXML公司的一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档，同样也可以将json、xml转换成Java对象。 FasterXML jackson-databind 2.9.10.4之前的2.x版本中存在代码问题漏洞。攻击者可借助特制的请求利用该漏洞执行任意代码。

Description

CVE-2020-9548：FasterXML/jackson-databind 远程代码执行漏洞

Readme

# CVE-2020-9548：FasterXML/jackson-databind 远程代码执行漏洞

![WechatIMG804](images/WechatIMG804.png)

File Snapshot


 [4.0K]  /data/pocs/f15836ecea5809de9f98bce6d303ee19815731c4
├── [4.0K]  images
│   └── [1.1M]  WechatIMG804.png
├── [4.0K]  lib
│   ├── [413K]  Anteros-Core-1.1.9.jar
│   ├── [151K]  Anteros-DBCP-1.0.1.jar
│   ├── [375K]  ibatis-sqlmap-2.3.4.726.jar
│   ├── [ 66K]  jackson-annotations-2.10.1.jar
│   ├── [340K]  jackson-core-2.10.1.jar
│   ├── [1.3M]  jackson-databind-2.9.10.3.jar
│   ├── [1.9M]  javaee-api-8.0.1.jar
│   ├── [8.9K]  metrics-healthchecks-3.0.2.jar
│   └── [155K]  xbean-reflect-4.15.jar
├── [ 516]  Poc.java
└── [ 111]  README.md

2 directories, 12 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!