Last active
June 2, 2021 13:20
-
-
Save artem-smotrakov/5b9ec83e0b04d05aaf5ac5d808452d78 to your computer and use it in GitHub Desktop.
Example of a vulnerable RMI object
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class Server { | |
| public void bindRemoteObject(Registry registry) throws Exception { | |
| registry.bind("unsafe", UnicastRemoteObject.exportObject(new RemoteObjectImpl())); | |
| } | |
| } | |
| interface RemoteObject extends Remote { | |
| // this remote method is vulnerable because it accepts a complex parameter | |
| void action(Object obj) throws RemoteException; | |
| } | |
| class RemoteObjectImpl implements RemoteObject { | |
| // ... | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment