Databases
StackOverflow2013
Postsdbo
POTomcat class load exception after bytecode injection
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POTomcat class load exception after bytecode injection
    primarykey
    data
    text
    <p>I inject a invoke statement(<em>cajolingMe.cajoleMe();</em>) to One of the <a href="http://sourceforge.net/projects/owasp/" rel="nofollow">webgoat</a>'s class(<em>HammerHead.class</em>). This method is a static method that called from a jar file which crated by <a href="http://fjep.sourceforge.net/" rel="nofollow">fat-jar</a>. <br/>I copy that jar to lib directory of [webgoat][3] web application. <br/>When I decompile injected class there are no problem and syntax is true.<br/> (injected codes bolded)<br/></p> <pre><code>package org.owasp.webgoat; **import cajoleMe.cajolingMe;** import java.io.*; import java.text.SimpleDateFormat; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.WelcomeScreen; import org.owasp.webgoat.lessons.admin.WelcomeAdminScreen; import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.ErrorScreen; import org.owasp.webgoat.session.LessonTracker; import org.owasp.webgoat.session.ParameterParser; import org.owasp.webgoat.session.Screen; import org.owasp.webgoat.session.UserTracker; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebgoatContext; ... public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Screen screen; WebSession mySession; screen = null; mySession = null; ServletContext context = getServletContext(); mySession = updateSession(request, response, context); if(response.isCommitted()) { try { writeScreen(mySession, screen, response); } catch(Throwable thr) { thr.printStackTrace(); log(request, (new StringBuilder()).append("Could not write error screen: ").append(thr.getMessage()).toString()); } WebSession.returnConnection(mySession); return; } screen = makeScreen(mySession); if(response.isCommitted()) { try { writeScreen(mySession, screen, response); } catch(Throwable thr) { thr.printStackTrace(); log(request, (new StringBuilder()).append("Could not write error screen: ").append(thr.getMessage()).toString()); } WebSession.returnConnection(mySession); return; } if(screen instanceof AbstractLesson) { AbstractLesson lesson = (AbstractLesson)screen; if("GET".equals(request.getMethod())) { String uri = (new StringBuilder()).append(request.getRequestURI()).append("?").append(request.getQueryString()).toString(); if(!uri.endsWith(lesson.getLink())) screen.getLessonTracker(mySession).incrementNumVisits(); } else if("POST".equals(request.getMethod()) &amp;&amp; mySession.getPreviousScreen() == mySession.getCurrentScreen()) screen.getLessonTracker(mySession).incrementNumVisits(); } UserTracker userTracker = UserTracker.instance(); userTracker.update(mySession, screen); log(request, (new StringBuilder()).append(**cajolingMe.cajoleMe(screen.getClass()).getName()).append(" | ")**.append(**cajolingMe.cajoleMe(cajolingMe.cajoleMe(mySession.getParser()))**.toString()).toString()); String userAgent = request.getHeader("user-agent"); String clientBrowser = "Not known!"; if(userAgent != null) clientBrowser = userAgent; request.setAttribute("client.browser", clientBrowser); request.getSession().setAttribute("websession", mySession); request.getSession().setAttribute("course", mySession.getCourse()); request.getRequestDispatcher(getViewPage(cajolingMe.cajoleMe(mySession))).forward(request, response); try { writeScreen(mySession, screen, response); } catch(Throwable thr) { thr.printStackTrace(); log(request, (new StringBuilder()).append("Could not write error screen: ").append(thr.getMessage()).toString()); } WebSession.returnConnection(mySession); break MISSING_BLOCK_LABEL_631; Throwable t; t; t.printStackTrace(); log((new StringBuilder()).append("ERROR: ").append(t).toString()); screen = new ErrorScreen(mySession, t); try { writeScreen(mySession, screen, response); } catch(Throwable thr) { thr.printStackTrace(); log(request, (new StringBuilder()).append("Could not write error screen: ").append(thr.getMessage()).toString()); } WebSession.returnConnection(mySession); break MISSING_BLOCK_LABEL_631; Exception exception; exception; try { writeScreen(mySession, screen, response); } catch(Throwable thr) { thr.printStackTrace(); log(request, (new StringBuilder()).append("Could not write error screen: ").append(thr.getMessage()).toString()); } WebSession.returnConnection(mySession); throw exception; } ... } </code></pre> <p>But When I run tomcat I saw this exception</p> <pre><code> 31, 2013 12:31:59 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-127.0.0.1-8080 jan 31, 2013 12:31:59 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-127.0.0.1-8443 jan 31, 2013 12:31:59 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 549 ms jan 31, 2013 12:32:00 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina &lt;br/&gt; jan 31, 2013 12:32:00 PM org.apache.catalina.core.StandardEngine start &lt;br/&gt;INFO: Starting Servlet Engine: Apache Tomcat/5.5.4 jan 31, 2013 12:32:00 PM org.apache.catalina.core.StandardHost start INFO: XML validation disabled jan 31, 2013 12:32:00 PM org.apache.catalina.core.ApplicationContext log INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: Iorg.apache.webapp.balancer.RuleChain: Corg.apache.w bapp.balancer.rules.URLStringMatchRule: Target string: News / Redirect URL: http://www.cnn.com], Corg.apache.webapp.bal .ncer.rules.RequestParameterRule: Target param name: paramName / Target param paramUalue / Redirect URL: http://www.yahoo.com], Iorg.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: http://jakarta.apache.org]] **-Marking serv let WebGoat as unavailable Servlet /WebGoat threw load() exception 'avax.servlet.ServletException: Error instantiating servlet class org.owasp.webgoat.HammerHead** at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1020) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:886) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3817) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4079) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:755) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:886) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:849) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1079) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1011) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1003) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:437) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2010) at org.apache.catalina.startup.Catalina.start(Catalina.java:537) at sun.reflect.NativeMethodAccessorImpl.invokeO(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409) jan 31, 2013 12:32:01 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-127.0.0.1-8080 &lt;br/&gt; jan 31, 2013 12:32:01 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-127.0.0.1-8443 jan 31, 2013 12:32:01 PM org.apache.jk.common.ChannelSocket init INFO: JH2: ajp13 listening on /127.0.0.1:8009 &lt;br/&gt; jan 31, 2013 12:32:01 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/11 config=null jan 31, 2013 12:32:01 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 1134 ms </code></pre> <p>and webgoat site is <strong><em>"HTTP Status 404"</em></strong> I used <code>[BCEL][5]</code> for injection. Where is problem?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USAbin M Devasia
    1. USuser2028333
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. POTomcat class load exception after bytecode injection
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POTomcat class load exception after bytecode injection
      1. This table or related slice is empty.
      1. VTApproveEditSuggestion
    3. VO
      singulars
      1. POTomcat class load exception after bytecode injection
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload