conikeec · June 14, 2018 14:02
diff --git a/b3.java b/b3.java
 // Vulnerable class

 class LogFile implements Serializable
 {
   public String filename;
   public String filecontent;

  // Function called during deserialization

  private void readObject(ObjectInputStream in)
  {
     System.out.println("readObject from LogFile");

     try
     {
        // Unserialize data

        in.defaultReadObject();
        System.out.println("File name: " + filename + ", file content: \n" + filecontent);

        // Do something useful with the data
        // Restore LogFile, write file content to file name

        FileWriter file = new FileWriter(filename);
        BufferedWriter out = new BufferedWriter(file);

        System.out.println("Restoring log data to file...");
        out.write(filecontent);

        out.close();
        file.close();
     }
     catch (Exception e)
     {
         System.out.println("Exception: " + e.toString());
     }
   }
 }
	// Vulnerable class

	class LogFile implements Serializable
	{
	public String filename;
	public String filecontent;

	// Function called during deserialization

	private void readObject(ObjectInputStream in)
	{
	System.out.println("readObject from LogFile");

	try
	{
	// Unserialize data

	in.defaultReadObject();
	System.out.println("File name: " + filename + ", file content: \n" + filecontent);

	// Do something useful with the data
	// Restore LogFile, write file content to file name

	FileWriter file = new FileWriter(filename);
	BufferedWriter out = new BufferedWriter(file);

	System.out.println("Restoring log data to file...");
	out.write(filecontent);

	out.close();
	file.close();
	}
	catch (Exception e)
	{
	System.out.println("Exception: " + e.toString());
	}
	}
	}