Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-24616 PoC — FasterXML jackson-databind 代码问题漏洞

Source
https://github.com/0xkami/cve-2020-24616-poc
Associated Vulnerability
Title:FasterXML jackson-databind 代码问题漏洞 (CVE-2020-24616)
Description:FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
Description
cve-2020-24616 poc
Readme
# cve-2020-24616-poc
cve-2020-24616 poc
java菜鸟写的第一个poc
参考了很多Jndi注入的Poc
File Snapshot

 [4.0K]  /data/pocs/087112b2e08b051c7e3ebccac2bf73f257db9bfd
├── [4.0K]  exp
│   ├── [ 607]  Exploit.class
│   └── [ 332]  Exploit.java
├── [4.0K]  lib
│   ├── [367K]  Anteros-Core-1.1.3.jar
│   ├── [151K]  Anteros-DBCP-1.0.1.jar
│   ├── [7.5K]  configuration-0.1.3.jar
│   ├── [ 66K]  jackson-annotations-2.10.1.jar
│   ├── [340K]  jackson-core-2.10.1.jar
│   ├── [1.3M]  jackson-databind-2.10.1.jar
│   ├── [ 40K]  slf4j-api-1.7.22.jar
│   ├── [ 11K]  slf4j-simple-1.7.22.jar
│   └── [155K]  xbean-reflect-4.15.jar
├── [ 514]  poc
├── [ 515]  poc.java
└── [ 101]  README.md

2 directories, 14 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →