...
| Code Block | ||
|---|---|---|
| ||
public class Cmd {
public static void main(String[] args) throws IOException {
ProcessBuilder pb = new ProcessBuilder("cmd");
pb = pb.redirectErrorStream(true);
Process p = pb.start();
InputStream is = p.getInputStream();
OutputStream os = p.getOutputStream();
PrintWriter pw = new PrintWriter(os, true);
readToPrompt(is);
pw.println("dir");
readToPrompt(is);
}
private static void readToPrompt(InputStream is) throws IOException {
String s = "";
for (;;) {
int i = is.read();
if (i < 0) {
System.out.println();
System.out.println("EOF");
System.exit(0);
}
char c = (char)i; // Safe
s += c;
if (s.endsWith("\r\n") {
System.out.print(s);
s = "";
}
// Detects prompt, to break out
if (c == '>' &amp;&amp; s.length() > 2 &amp;&amp; s.charAt(1) == ':') {
System.out.print(s);
break;
}
}
}
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] method [exec()|http://java.sun.com/javase/6/docs/api/java/lang/Runtime.html#exec(java.lang.String)] \[[Daconta 00|AA. Java References#Daconta 00]\] \[[Daconta 03|AA. Java References#Daconta 03]\] Pitfall 1 |
...