Digital Stronghold - Software Engineering, Musicality and Facts of Life…



February 13, 2009

Method Piercing in Java

Filed under: Progressive Studies, Java

There’s nothing new here. I just want to reiterate though.

class TargetClass {
    private static String DB_PASSWORD = "sw0rdfish";
	
    private static String getDatabasePassword() {
        return DB_PASSWORD;
    }
}

And the attack?

import java.lang.reflect.Method;
	
public class ClassPiercing {
	
    public static void main(String... args) throws Exception {
        Class targetClass = Class.forName("TargetClass");
        Method[] methods = targetClass.getDeclaredMethods();
        methods[0].setAccessible(true);
        String databasePassword = (String)methods[0].invoke(null, null);
        System.out.println("Database Password: " + databasePassword);
    }
}

Output:

Database Password: sw0rdfish

Check out Val’s Blog by clicking [here]. He has more examples.

2 Comments »

The URI to TrackBack this entry is: http://eradicus.blogsome.com/2009/02/13/method-piercing-in-java/trackback/

  1. Hahaha that’s pretty lame :D

    Comment by numerodix — February 13, 2009 @ 3:10 am

  2. Yeah, use your creativity :D

    Comment by Joset Anthony Zamora — February 13, 2009 @ 6:49 am

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>



Anti-spam measure: please retype the above text into the box provided.

Theme designed by Joset Anthony Zamora


Digital Stronghold

↑ Get Headline Animator