...
| Code Block | ||
|---|---|---|
| ||
class BankOperation{
//the account balance has already been retrieved from the database and stored in the foll variable
private Integer balance = 5000;
public BankOperation() {
//invoke java.lang.Object.getClass to get class instance
Class clazz = getClass();
//shows the class of the instantiated object
System.out.println(clazz);
Method m;
try {
m = clazz.getMethod(balance.toString(), (Class[])null);
m.invoke(this, (Object[])null) ;
} catch (Exception e) {
//e.printStackTrace();
}
}
public void getBalance() {
System.out.println("The current balance is: $" + balance);
}
}
//this class has been written by the attacker
public class SubClass extends BankOperation {
public void getBalance() {
//The attacker can change his account balance to any value he wants.
Integer modifiedBalance = 0;
//to read the new balance from the attacker
InputStreamReader input = new InputStreamReader(System.in);
Field balance=null;
BufferedReader reader = new BufferedReader(input);
System.out.print(" Enter balance: ");
try {
balancemodifiedBalance = Integer.parseInt(reader.readLine());
//this gets the private field from the superclass
} balance catch (IOException e) = this.getClass().getSuperclass().getDeclaredField("balance");
//this changes the accessibility so that field can now be accessed
if (!Modifier.isPublic(balance.getModifiers())){
//e.printStackTrace( balance.setAccessible(true);
}
//retrieve the original balance
System.out.println("Original Balance: $"+balance.get(this));
//change the balance
balance.set(this, modifiedBalance);
//display the new changed balance
System.out.println("TheNew balance isBalance: $"+balance.get(this));
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
SubClass subclass = new SubClass();
subclass.getBalance();
}
}
|
...