JasperReports is an open source Java reporting tool that can write to a variety of targets, such as: screen, a printer, into PDF, HTML, Microsoft Excel, RTF, ODT, Comma-separated values or XML files. It can be used in Java-enabled applications, including Java EE or web applications, to generate dynamic content. It reads its instructions from an XML or .jasper file. ~wikipedia
Puoi parlarmi di uno scenario in cui un file jasper dannoso viene caricato e convertito in un vero codice java (jsp shell) e fornisce un accesso alla shell dell'attaccante?