There’s nothing new here. I just want to reiterate though.
class TargetClass {
private static String DB_PASSWORD = "sw0rdfish";
private static String getDatabasePassword() {
return DB_PASSWORD;
}
}
And the attack?
import java.lang.reflect.Method;
public class ClassPiercing {
public static void main(String... args) throws Exception {
Class targetClass = Class.forName("TargetClass");
Method[] methods = targetClass.getDeclaredMethods();
methods[0].setAccessible(true);
String databasePassword = (String)methods[0].invoke(null, null);
System.out.println("Database Password: " + databasePassword);
}
}
Output:
Database Password: sw0rdfish
Check out Val’s Blog by clicking [here]. He has more examples.
No comments:
Post a Comment