Title: FastJson full version of Docker vulnerability environment

fastJson full version Docker vulnerability environment (covers versions 1.2.47/1.2.68/1.2.80, etc.), mainly including JNDI injection, waf bypass, file reading and writing, deserialization, chain detection bypass, and no out-of-network utilization. Set the scenario to black box test, cover the entire process of deep utilization of FastJson from the perspective of black box, and some environments need to be decompiled and analyzed by jar package.

Docker environment

docker compose up -d

If the docker pull environment is slow, please try using domestic mirroring

https://www.runoob.com/docker/docker-mirror-acceleration.html

After the environment is started, access the corresponding IP port 80:

Summary of some common vulnerability exploits for FastJson, which can be used with food: Fastjson full version detection and utilization - Poc

Please destroy the environment after use, otherwise it may conflict: docker compose down

Organize the order of shooting ranges: (divided into three categories according to the characteristics of utilization)

FastJson 1.2.47

1247-jndi

1247-jndi-waf

1247-waf-c3p0

1245-jdk8u342

FastJson 1.2.68

1268-readfile

1268-jkd11-writefile

1268-jdk8-writefile

1268-writefile-jsp

1268-writefile-no-network

1268-jdbc

1268 write a file using another article, which can be used in conjunction with: FastJson1268 write file RCE research

FastJson 1.2.80

1280-groovy

1283-serialize

There is a flag file hidden in the root directory of each machine, try to get it!

Some environments have not been given yet, and they are planning to release them in a while. You are also welcome to submit your wp and suggestions.

DOCK environment: https://github.com/lemono0/FastJsonParty