adsurbum · August 5, 2015 15:15
diff --git a/"gson" injection b/"gson" injection
    class User{
    	public String name;
    	private Boolean havePermissions;
    };
    
    public static void main(String[] args) {
    	String input = "{name:hacker, havePermissions:true}";
    	
    	Gson gson = new Gson();
    	User user = gson.fromJson(JsonSanitizer.sanitize(input), User.class);
    	
    	if (user.name.equals("admin"))
    		user.havePermissions = true;
    	
    	if (b.havePermissions)
    		System.out.println("OMFG");
 	}
	class User{
	public String name;
	private Boolean havePermissions;
	};

	public static void main(String[] args) {
	String input = "{name:hacker, havePermissions:true}";

	Gson gson = new Gson();
	User user = gson.fromJson(JsonSanitizer.sanitize(input), User.class);

	if (user.name.equals("admin"))
	user.havePermissions = true;

	if (b.havePermissions)
	System.out.println("OMFG");
	}