/fastjson_payload

Primary LanguageJava

fastjson_payload

来自网上收集,参考文章如下

us-21-Xing-How-I-Use-A-JSON-Deserialization.pdf

https://rmb122.com/2020/06/12/fastjson-1-2-68-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E-gadgets-%E6%8C%96%E6%8E%98%E7%AC%94%E8%AE%B0/

https://mp.weixin.qq.com/s/6fHJ7s6Xo4GEdEGpKFLOyg

https://su18.org/post/fastjson-1.2.68/

https://b1ue.cn/archives/506.html

http://noahblog.360.cn/blackhat-2021yi-ti-xiang-xi-fen-xi-fastjsonfan-xu-lie-hua-lou-dong-ji-zai-qu-kuai-lian-ying-yong-zhong-de-shen-tou-li-yong-2/

https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247489735&idx=1&sn=23f924b612cec2466fc64071805fdfca&chksm=c187d8d6f6f051c05abd4b98edb2030a9719df07bdd814e062a996ffe3af27138e85993626ab#rd

https://github.com/su18/hack-fastjson-1.2.80

https://github.com/Lonely-night/fastjsonVul/tree/7f9d2d8ea1c27ae1f9c06076849ae76c25b6aff7

https://github.com/knownsec/KCon/blob/b6038b4f8768ab41836973e81cb0dd156bd50d64/2022/Hacking%20JSON%E3%80%90KCon2022%E3%80%91.pdf