Skip to content

Ingenuity-Fainting-Goats/CVE-2017-7525-Jackson-Deserialization-Lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src/main
src/main
 
 
static
static
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
Solution.md
Solution.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

CVE-2017-7525 Java Insecure Deserialization Lab

Basic Java REST application vulnerable to Insecure Deserialization, leading to RCE.

The project must be run on Java < 8u45

Based on Maven with the following dependencies:

  • jackson-databind 2.2.2
  • commons-collections 3.1
  • spring-context-support 4.3.11

More dependencies can be added through Maven if you want to try some more gadgets.

Running

Open (recommended with Intellij Idea) and run the Java class in src/main/java/com/deserialization/lab/Main.java.

Then browse to http://localhost:9091/api/

Exposed APIs

  • GET /api/message : returns a serialized object useful to build a payload
  • POST /api/message : Accepts a payload, deserializes it and reflects the generated instance as response

CVEs

The application is actually vulnerable to almost all the Jackson Databind CVEs.

References

ysoserial
Exploiting the Jackson RCE: CVE-2017-7525
Java Deserialization Cheat Sheet
Marshalsec PDF

JDK Downloads

Jdk 8 Archive
Jdk 8u11 Linux x64

Authors

alp4ca
rhpco

check

About

Insecure Java Deserialization Lab

Topics

java deserialization jackson rce exploiting cve-2017-7525

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages