Attack using Java reflection API java.lang.reflect.get* method

Asked Mar 16 '17 at 09:54

Active Aug 19 '19 at 12:41

Viewed 483 times

Is java code using java.lang.reflect.get* methods vulnerable to privilege escalation, if yes then how? Also is the below code vulnerable to privilege escalation attack?

A a = new A();

Field[] field = b.getClass().getDeclaredFields();
for(Field f : field) {

  f.setAccessible(true);
  Object fval = f.get(b)
  if(fval!=null){
      a.set(f.getName(), fval);
     } 
}

edited Aug 19 '19 at 12:41

metters

asked Mar 16 '17 at 09:54

niraj

Attack using Java reflection API java.lang.reflect.get* method

0 Answers0