CVE-2022-25845

This repository contains a proof-of-concept exploit for CVE-2022-25845, a deserialization vulnerability in Spring applications using FastJSON. The exploit demonstrates remote code execution by leveraging gadget chains to write malicious bytecode to a target directory and trigger its execution.

This repository contains a working PoC for CVE-2022-25845, a deserialization vulnerability in Fastjson 1.2.80. It includes payloads for exploiting the vulnerability via AspectJ and Groovy, demonstrating arbitrary code execution.

This repository contains a Python-based exploit for CVE-2022-25845, targeting Fastjson deserialization vulnerabilities in Spring applications. The exploit leverages a multi-step approach to achieve remote code execution (RCE) by writing a malicious class file to the target server and triggering its execution.

This repository contains a functional PoC for CVE-2022-25845, a Fastjson deserialization vulnerability leading to RCE via LDAP. The exploit leverages the `JndiConverter` class to trigger a malicious LDAP lookup, executing arbitrary code (e.g., `calc.exe`).

This PoC demonstrates a Fastjson auto-type bypass RCE vulnerability (CVE-2022-25845) by leveraging malicious JSON deserialization to execute arbitrary commands via a custom `Poc` class extending `Error`.

This PoC demonstrates CVE-2022-25845, a deserialization vulnerability in Fastjson, by leveraging JNDI injection to execute arbitrary code via an LDAP server. The Evil.java class spawns a calculator as a proof of execution, while Main.java constructs the malicious payload.

This repository contains a working PoC for CVE-2022-25845, a deserialization vulnerability in FastJSON where JSON markup is interpreted as Java beans, allowing arbitrary code execution via reflection. The PoC includes a test case that demonstrates the vulnerability by executing a command through a crafted JSON payload.