ReflectionHelper.newInstance应用面较小 - Githubissues

wh1t3p1g / ysomap

A helpful Java Deserialization exploit framework.

Apache License 2.0

1.17k stars 150 forks source link

ReflectionHelper.newInstance应用面较小 #22

Closed HYWZ36 closed 3 years ago

HYWZ36 commented 3 years ago

ReflectionHelper.newInstance("javax.swing.MultiUIDefaults", new Object[0]);执行错误，貌似改函数仅能获取第一个构造函数的。

wh1t3p1g commented 3 years ago

可以参考这个代码 https://github.com/wh1t3p1g/ysomap/blob/master/core/src/main/java/ysomap/bullets/jdk/LdapAttributeBullet.java#L32 https://github.com/wh1t3p1g/ysomap/blob/master/core/src/main/java/ysomap/core/util/ReflectionHelper.java#L59