uzy-ssm-mall Fastjson Deserialization Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A deserialization vulnerability allowing arbitrary code execution has been identified in uzy-ssm-mall version 1.1.0. This issue arises from the application using an unsafe version of the Fastjson library, which enables the deserialization of untrusted data. The vulnerability can be exploited by sending a crafted input that is processed by the application, leading to the execution of arbitrary code.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server where uzy-ssm-mall is running.
Reproduction
To reproduce this vulnerability, register a user account and log in. Then, send a request to the 'updateOrderItem' endpoint of the 'ForeOrderController' with a payload that exploits the Fastjson deserialization vulnerability. The payload should be crafted to include a 'java.lang.Exception' object, which can be used to read files from the server, such as 'c:/windows/win.ini'. Once the request is processed, the contents of the requested file will be echoed back in the response.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.