I need POC code for this article: http://schierlm.users.sourceforge.net/CVE-2011-3544.html
Normally some code like this don`t work in applet:
Process p = Runtime.getRuntime().exec("calc.exe");
This code don`t work in class that extends Applet because of security reasons. But Michael describe how you can bypass this restrictions. It is possible to switch off Java Security Manager and execute code like this (Runtime.getRuntime().exec("calc.exe")). The resulting POC code is quite short (about 20 lines of Java code and 120 characters of Rhino code), but you must know java very good.
In other worlds: The applet must run calc.exe on Java runtime envirement 6 update 27. You can download it here if you version of JRE is differ: http://www.oldapps.com/java.php?old_java=6281
Something similar but more difficult in implementation can be found here: http://slightlyrandombrokenthoughts.blogspot.com/2010/04/java-trusted-method-chaining-cve-2010.html
And if it help`s you, i can give you POC code (applet that run calc.exe on JRE 6 update 18) for this article.
I have already paid $100 to (https://www.freelancer.com/users/2580898.html), but all he did was simply create a policy file witch grant all permissions to applet.. And he even post this video http://screenr.com/yXus.. But it is fake :(
Sorry for my english..
See more: java rhino poc, java, cve 2011 3544, code html blogspot, java rhino, lines code java code sign, free java applet upload drag drop php, average cost 6000 lines code, visual studio view lines code, average lines code per hour, social bookmarking script lines code, net undoredo drawn lines code, suggestion similar google free php code, code java video streaming applet, net java applet similar