Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
With the following source code, we can easily find that the 'class. Forname' method can load malicious classes.
'Class.forname' is a method for JVM to retrieve and load into memory. In this process, the static phase of loading class will be executed.
In other words, if a malicious class is defined in advance, you can execute the static code block of the malicious class here.
We successfully execute the code by loading the malicious classes set in advance.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
With the following source code, we can easily find that the 'class. Forname' method can load malicious classes.
'Class.forname' is a method for JVM to retrieve and load into memory. In this process, the static phase of loading class will be executed.
In other words, if a malicious class is defined in advance, you can execute the static code block of the malicious class here.
We successfully execute the code by loading the malicious classes set in advance.
The text was updated successfully, but these errors were encountered: