Skip to content

Instantly share code, notes, and snippets.

@mwulftange mwulftange/CST-7111.txt Secret
Last active Mar 18, 2020

Embed
What would you like to do?
Liferay Portal JSON Web Service RCE Vulnerabilities (https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-rce-vulns.html)
{"class":"fully.qualified.ClassName", ... }
parameterName:fully.qualified.ClassName
/* */ public Object put(String key, Object value)
/* */ {
/* 64 */ int pos = key.indexOf(':');
/* */
/* 66 */ if (key.startsWith("-")) {
/* */ // [...]
/* */ }
/* 71 */ else if (key.startsWith("+")) {
/* */ // [...]
/* */ }
/* 101 */ else if (pos != -1) {
/* 102 */ String typeName = key.substring(pos + 1);
/* */
/* 104 */ key = key.substring(0, pos);
/* */
/* 106 */ if (_parameterTypes == null) {
/* 107 */ _parameterTypes = new HashMap();
/* */ }
/* */
/* 110 */ _parameterTypes.put(key, typeName);
/* */
/* 112 */ if (Validator.isNull(GetterUtil.getString(value))) {
/* 113 */ value = Void.TYPE;
/* */ }
/* */ }
/* */
/* */ // [...]
/* */
/* 142 */ return super.put(key, value);
/* */ }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.