Exploit for Deserialization of Untrusted Data in Alibaba Fastjson CVE-2022-25845

## https://sploitus.com/exploit?id=860EB47D-41AB-5856-9471-C34D579A29EF
# CVE-2022-25845-In-Spring

![Language](https://img.shields.io/badge/language-python-blue.svg)

> [!IMPORTANT]
> 仅供学习交流，请勿用于非法用途

exploit by python

如有帮助，点个star

参考：

https://github.com/luelueking/CVE-2022-25845-In-Spring

# Usage

根据需要自行修改传参逻辑，这里是默认POST的请求体传参

```bash
git clone https://github.com/ph0ebus/CVE-2022-25845-In-Spring.git
cd CVE-2022-25845-In-Spring
python3 exp.py http://127.0.0.1:8080/json
```

```
usage: exp.py [-h] url

positional arguments:
  url         the url of the target server

options:
  -h, --help  show this help message and exit
```

# Demo

![alt](./demo.gif)

## Star History

[![Star History Chart](https://api.star-history.com/svg?repos=ph0ebus/CVE-2022-25845-In-Spring&type=Date)](https://star-history.com/#ph0ebus/CVE-2022-25845-In-Spring&Date)