Web
Nmap discovered a web server on the target port 80
The running service is Apache 2.4.41
Webroot
It’s an online tool that beautifies and validates JSON data
Beautify
I just threw in some dummy JSON data into it for testing and it comes out nicely
It does that by sending a POST request to the /index.php file
Notice the mode parameter is set to 1
That is because there are 2 modes available in the dropdown menu
The Validate mode says that it’s a beta feature
I don’t know what that does
Validate(beta!)
validation failed: Unhandled Java exception: com.fasterxml.jackson.databind.exc.MismatchedInputException: Unexpected token (START_OBJECT), expected START_ARRAY: need JSON Array to contain As.WRAPPER_ARRAY type information for class java.lang.Object
Upon sending the same dummy JSON data with the validate option, I get an error message
Based on the error message, the validate feature seems to process JSON array as it was expecting it, but what I sent in was JSON objects
validation failed: Unhandled Java exception: com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Could not resolve type id ‘Ford’ as a subtype of [simple type, class java.lang.Object]: no such class found
I tried sending in a JSON array and it got a different error message this time.
jackson
While all the tests seem to fail, I noticed that all the error messages consistently contain com.jasterxml.jackson
The backend program is likely using jackson, which is a JSON processor in Java and it’s known to be vulnerable.
While there are many vulnerabilities and exploits for the jackson Java library, I found out that [[Time_CVE-2019-12384#CVE-2019-12384|CVE-2019-12384]] is most relevant as I read through an article found online