gistfile1.txt

// shared by @Retrospected:  https://github.com/Retrospected/spring-rce-poc

@InitBinder
  public void initBinder(WebDataBinder binder) {
     String[] blackList = {"class.*","Class.*","*.class.*",".*Class.*"};
     binder.setDisallowedFields(blackList);
}