You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, marshalsec,
I wonder if you know about these gadgets which can be exploited in their constructor?
for example:
class A{
A(){
context.lookup(xxxx)
}
}
Thanks!
The text was updated successfully, but these errors were encountered:
If you mean a no argument constructor, then no, I don't think so. With these you don't have any controllable inputs, so I guess this would be rare and limited to cases where these do something really stupid(tm), e.g. calling System.exit(), deleting some files, or maybe setting some security relevant system property.
Seeing this again makes me realize that I forgot to mention java.rmi.server.UnicastRemoteObject.UnicastRemoteObject()
If the target technology allows to call a protected default constructor, this will open a RMI listener which you might to exploit further on a random port.
Hi, marshalsec,
I wonder if you know about these gadgets which can be exploited in their constructor?
for example:
class A{
A(){
context.lookup(xxxx)
}
}
Thanks!
The text was updated successfully, but these errors were encountered: