Analysis of commons-collections 1 (CC1)
环境 jdk-7u21 ysoserial IDEA 参考 Java安全之反序列化篇-URLDNS&Commons Collections 1-7反序列化链分析 (seebug.org) Java反序列化-CommonCollections1利用链分析 – 天下大木头 (wjlshare.com) 利用链 yso 调试出来的利用链 transform:124, InvokerTransformer (org.apache.commons.collections.functors) transform:122, ChainedTransformer (org.apache.commons.collections.functors) get:151, LazyMap (org.apache.commons.collections.map) invoke:69, AnnotationInvocationHandler (sun.reflect.annotation) entrySet:-1, $Proxy0 (com.sun.proxy) readObject:346, AnnotationInvocationHandler (sun.reflect.annotation) invoke0:-1, NativeMethodAccessorImpl (sun.reflect) invoke:57, NativeMethodAccessorImpl (sun.reflect) invoke:43, DelegatingMethodAccessorImpl (sun.reflect) invoke:601, Method (java.lang.reflect) invokeReadObject:1004, ObjectStreamClass (java.io) readSerialData:1891, ObjectInputStream (java.io) readOrdinaryObject:1796, ObjectInputStream (java.io) readObject0:1348, ObjectInputStream (java.io) readObject:370, ObjectInputStream (java.io) deserial...