FastJSON

FastJSON Deserialization

Lab: Vulhub FastJSON 1.2.24 Deserialization

vulhub/fastjson/1.2.24-rce at master · vulhub/vulhubGitHub

Vulhub

Spawn a Docker container:

cd vulhub/fastjson/1.2.24-rce
docker-compose up -d

The vulnerable application will be hosted on http://localhost:8090. The application shows the following JSON data:

{
	"age":25,
	"name":"Bob"
}

You can modify it by sending a POST request:

curl http://localhost:8090/ -H "Content-Type: application/json" --data '{"name":"hello", "age":20}'

Reference

Vulhub - Docker-Compose file for vulnerability environment

FastJSON 1.2.24 Deserialization - Vulhub