fastjson不出网
时间: 2023-11-09 15:05:58 浏览: 90
fastjson不出网是指在使用fastjson进行JSON反序列化时,攻击者可以通过构造恶意的JSON数据触发一些危险的操作,而无需真正访问外部网络。具体来说,攻击者可以构造一个恶意的JSON字符串,其中包含特定的类和方法调用,当fastjson对这个JSON字符串进行反序列化时,就会触发这些恶意操作。这种漏洞可以被攻击者利用来执行任意的代码,包括远程命令执行等攻击。<span class="em">1</span><span class="em">2</span><span class="em">3</span>
#### 引用[.reference_title]
- *1* [fastjson-c3p0:fastjson不出网回显利用](https://download.csdn.net/download/weixin_42164702/15927527)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"]
- *2* *3* [fastjson BCEL不出网打法](https://blog.csdn.net/weixin_54648419/article/details/124513950)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"]
[ .reference_list ]
阅读全文