Java Reference
In-Depth Information
callback.callMethod();
return null;
}
});
}
}
This code could be safely used by a client, as follows:
public static void main(String[] args) {
int uid = Integer.parseInt(args[0]);
CallBack callBack = new UserLookupCallBack(uid);
CallBackAction action = new CallBackAction(callBack);
// ...
action.perform(); // Looks up user name
System.out.println("User " + uid + " is named " +
callBack.getName());
}
However, an attacker can use
CallBackAction
to execute malicious code with elev-
ated privileges by registering a
MaliciousCallBack
instance:
class MaliciousCallBack implements CallBack {
public void callMethod() {
// Code here gets executed with elevated privileges
}
}
// Client code
public static void main(String[] args) {
CallBack callBack = new MaliciousCallBack();
CallBackAction action = new CallBackAction(callBack);
action.perform(); // Executes malicious code
}