Skip to content

Make AnnotationInvocationHandler usage dynamic #46

New issue
New issue
Open
Open
Make AnnotationInvocationHandler usage dynamic#46
@drosenbauer

Description

@drosenbauer
drosenbauer
opened on May 19, 2016

Right now, there are five different ways (in various branches and pull requests) to use AIH as part of a payload.

  1. The original way, patched in Java 7 and 8 earlier this year
  2. BadAttributeValueExpException (CC5), requires no SecurityManager present
  3. ACC's ListOrderedMap (my CC6: https://github.com/drosenbauer/ysoserial/blob/cli-improvements/src/main/java/ysoserial/payloads/CommonsCollections6.java)
  4. ConcurrentHashMap (@jasinner's CC6: jasinner@f1e23cc, proposed by @matthiaskaiser in IncompleteAnnotationException when testing with OpenJDK 1.8.0_72 #17)
  5. Another (?) CC6 in Adding general CC gadget that works with IBM and Oracle JRE #50 by @matthiaskaiser, unless that's the same as his proposal in IncompleteAnnotationException when testing with OpenJDK 1.8.0_72 #17

Once #45 is done to everybody's satisfaction and merged in, these should all be combined back into the four original payloads, using a (defaulted) command line switch to select among them at generation time.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions