FastJSON

FastJSON Deserialization

Lab: Vulhub FastJSON 1.2.24 Deserialization

Logovulhub/fastjson/1.2.24-rce at master ยท vulhub/vulhubGitHub
Vulhub

Spawn a Docker container:

cd vulhub/fastjson/1.2.24-rce
docker-compose up -d

The vulnerable application will be hosted on http://localhost:8090. The application shows the following JSON data:

{
	"age":25,
	"name":"Bob"
}

You can modify it by sending a POST request:

curl http://localhost:8090/ -H "Content-Type: application/json" --data '{"name":"hello", "age":20}'

Reference

LogoVulhub - Docker-Compose file for vulnerability environment
FastJSON 1.2.24 Deserialization - Vulhub
PreviousShiroNextWebLogic

Last updated

Was this helpful?