Finding classes for exploiting Unsafe Reflection / Unchecked Class Instantiation vulnerabilities in Java with Joern
Posted: Sat Oct 19, 2024 12:10 pm
During a pentest engagement we found a Java application vulnerable to unsafe reflection [1]. This application allowed us to instantiate an arbitrary class with a controlled string passed to its constructor as argument. When we became aware of the dependencies used by the application, we posed the following question: How could we automate the process to find good classes?
https://blog.convisoappsec.com/en/findi ... ith-joern/
https://blog.convisoappsec.com/en/findi ... ith-joern/