Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

FastJson 1.2.60远程代码执行漏洞(From第三方jar包)

wpadmin~September 19, 2019 /InfoSec

FastJson 1.2.60远程代码执行漏洞(From第三方jar包)

<!–more–>

正文

[漏洞复现]FastJson 1.2.60远程代码执行漏洞(From第三方jar包)
https://qiita.com/shimizukawasaki/items/c61ad93d80e2998ec0d5

抽象语法树分析寻找FastJSON的Gadgets
https://www.freebuf.com/articles/web/213327.html

Jackson
https://github.com/FasterXML/jackson-databind/issues/2460

Leave a Reply

Your email address will not be published. Required fields are marked *