search

frohoff / ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
http://frohoff.github.io/appseccali-marshalling-pickles/
MIT License
7.77k stars 1.76k forks source link

Error generate payload #181

Closed resource-not-found-blank closed 2 years ago

resource-not-found-blank commented 2 years ago 
$ java -version
openjdk version "17.0.1" 2021-10-19

$ java -jar ysoserial.jar CommonsCollections4 'calc'
Error while generating or serializing payload
java.lang.IllegalAccessError: class ysoserial.payloads.util.Gadgets (in unnamed module @0x68fb2c38) cannot access class com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl (in module java.xml) because module java.xml does not export com.sun.org.apache.xalan.internal.xsltc.trax to unnamed module @0x68fb2c38
    at ysoserial.payloads.util.Gadgets.createTemplatesImpl(Gadgets.java:102)
    at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:32)
    at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:26)
    at ysoserial.GeneratePayload.main(GeneratePayload.java:34)
frohoff commented 2 years ago

Duplicate of #176. See https://github.com/frohoff/ysoserial/issues/176#issuecomment-1059848122