jsyeo · August 24, 2015 03:54
diff --git a/Main.java b/Main.java
 public class Main {

  public static void main(String[] args) {
    Object a = new VulnerableClass();
    a.toString();
  }
 }

 class VulnerableClass {

  void vulnerableMethod() {

  }

  @Override
  public String toString() {
    vulnerableMethod();
    return "pwned";
  }
 }

 class HarmlessClass {
  @Override
  public String toString() {
    return "";
  }
 }
	public class Main {

	public static void main(String[] args) {
	Object a = new VulnerableClass();
	a.toString();
	}
	}

	class VulnerableClass {

	void vulnerableMethod() {

	}

	@Override
	public String toString() {
	vulnerableMethod();
	return "pwned";
	}
	}

	class HarmlessClass {
	@Override
	public String toString() {
	return "";
	}
	}