1
2
3
4
5
6
7
8
|
class Foo {
private String message = "This is a Foo.";
public void show() {
System.out.println(message);
}
}
|
1
2
3
|
Class<foo> fooClass = (Class<foo>) foo.getClass();
Field messageField = fooClass.getDeclaredField("message");
messageField.setAccessible(true); // 绕过权限检测!</foo></foo>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
import java.lang.reflect.*;
public class AccessPrivate {
public static void main(String[] argv) throws Exception {
// 定义一个测试对象
Foo foo = new Foo();
// 正常情况,测试函数
foo.show();
// 绕过Java权限检测
Class<foo> fooClass = (Class<foo>) foo.getClass();
Field messageField = fooClass.getDeclaredField("message");
messageField.setAccessible(true); // 绕过权限检测!
System.out.println("Foo is hacked!");
// 修改message变量
messageField.set(foo, "This is a Bar.");
// 再次调用测试函数
foo.show();
}
}
class Foo {
private String message = "This is a Foo.";
public void show() {
System.out.println(message);
}
}</foo></foo>
|