Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there any gadget which can be exploded in constructor? #10

Closed
ghost opened this issue Mar 29, 2019 · 2 comments
Closed

Is there any gadget which can be exploded in constructor? #10

ghost opened this issue Mar 29, 2019 · 2 comments

Comments

@ghost
Copy link

ghost commented Mar 29, 2019

Hi, marshalsec,
I wonder if you know about these gadgets which can be exploited in their constructor?
for example:
class A{
A(){
context.lookup(xxxx)
}
}

Thanks!
@mbechler
Copy link
Owner

If you mean a no argument constructor, then no, I don't think so. With these you don't have any controllable inputs, so I guess this would be rare and limited to cases where these do something really stupid(tm), e.g. calling System.exit(), deleting some files, or maybe setting some security relevant system property.

@ghost ghost closed this as completed Apr 13, 2019
@mbechler
Copy link
Owner

Seeing this again makes me realize that I forgot to mention java.rmi.server.UnicastRemoteObject.UnicastRemoteObject()
If the target technology allows to call a protected default constructor, this will open a RMI listener which you might to exploit further on a random port.

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mbechler