<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<constant name="struts.i18n.encoding" value="utf-8"></constant>
<package name="test" namespace="/test" extends="struts-default">
<interceptors>
<interceptor name="myInterceptor" class="interceptor.MyInterceptor"></interceptor>
</interceptors>
<action name="tokenAction" class="action.TokenAction">
<interceptor-ref name="token"></interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
<result name="input" type="redirect">/index.jsp</result>
<result name="success">/success.jsp</result>
<result name="invalid.token">/error.jsp</result>
</action>
<action name="singleUploadAction" class="action.SingleUploadAction">
<interceptor-ref name="fileUpload"></interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
<result name="uploadSuccess">/uploadSuccess.jsp</result>
</action>
<action name="multiUploadAction" class="action.MultiUploadAction">
<interceptor-ref name="fileUploadStack"></interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
<result name="uploadSuccess">/uploadSuccess.jsp</result>
</action>
<action name="interceptorAction" class="action.InterceptorAction">
<interceptor-ref name="myInterceptor"></interceptor-ref>
<interceptor-ref name="defaultStack"></interceptor-ref>
<result name="success">/success.jsp</result>
</action>
</package>
</struts>
package action;
import com.opensymphony.xwork2.ActionSupport;
public class InterceptorAction extends ActionSupport {
public String test(){
System.out.println("action in");
return SUCCESS;
}
}
package action;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import javax.servlet.ServletContext;
import org.apache.struts2.util.ServletContextAware;
import com.opensymphony.xwork2.ActionSupport;
public class MultiUploadAction extends ActionSupport implements
ServletContextAware {
private File[] su;
private String[] suContentType;
private String[] suFileName;
private ServletContext context;
private String separator = File.separator;
private String directory = "file";
public String upload() throws Exception {
String realPath = context.getRealPath("");
File uploadDirectory = new File(realPath, directory);// 上传文件保存文件夹
if (!uploadDirectory.exists()) {
uploadDirectory.mkdir();
}
File uploadFile;
FileInputStream fis;
BufferedInputStream bis;
FileOutputStream fos;
BufferedOutputStream bos;
for (int i = 0; i < su.length; i++) {
uploadFile = new File(uploadDirectory, suFileName[i]);// 上传文件
fis = new FileInputStream(su[i]);// 读取源文件
bis = new BufferedInputStream(fis);// 缓冲流
fos = new FileOutputStream(uploadFile);// 上传文件
bos = new BufferedOutputStream(fos);// 缓冲流
int len = 0;
byte[] buff = new byte[1024 * 8];
while ((len = bis.read(buff)) != -1) {
bos.write(buff, 0, len);
bos.flush();
}
if (null != bos) {
bos.close();
}
if (null != fos) {
fos.close();
}
if (null != bis) {
bis.close();
}
if (null != fis) {
fis.close();
}
}
return "uploadSuccess";
}
public File[] getSu() {
return su;
}
public void setSu(File[] su) {
this.su = su;
}
public String[] getSuContentType() {
return suContentType;
}
public void setSuContentType(String[] suContentType) {
this.suContentType = suContentType;
}
public String[] getSuFileName() {
return suFileName;
}
public void setSuFileName(String[] suFileName) {
this.suFileName = suFileName;
}
public void setServletContext(ServletContext context) {
this.context = context;
}
}
package action;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import javax.servlet.ServletContext;
import org.apache.struts2.util.ServletContextAware;
import com.opensymphony.xwork2.ActionSupport;
public class SingleUploadAction extends ActionSupport implements
ServletContextAware {
private File su;
private String suContentType;
private String suFileName;
private ServletContext context;
private String separator = File.separator;
public String upload() throws Exception {
// 上传路径文件夹地址
String path = context.getRealPath("");
File uploadAddress = new File(path, "file");
if (!uploadAddress.exists()) {
uploadAddress.mkdir();
}
File uploadFile = new File(uploadAddress, suFileName);// 上传文件
FileInputStream fis = new FileInputStream(su);// 读取原始文件
BufferedInputStream bis = new BufferedInputStream(fis);// 缓冲流
FileOutputStream fos = new FileOutputStream(uploadFile);// 上传文件流
BufferedOutputStream bos = new BufferedOutputStream(fos);// 缓冲流
int len = 0;
byte[] buff = new byte[1024 * 8];
while ((len = bis.read(buff)) != -1) {
bos.write(buff, 0, len);
bos.flush();
}
bos.close();
fos.close();
bis.close();
fis.close();
return "uploadSuccess";
}
public File getSu() {
return su;
}
public void setSu(File su) {
this.su = su;
}
public String getSuContentType() {
return suContentType;
}
public void setSuContentType(String suContentType) {
this.suContentType = suContentType;
}
public String getSuFileName() {
return suFileName;
}
public void setSuFileName(String suFileName) {
this.suFileName = suFileName;
}
public void setServletContext(ServletContext context) {
this.context = context;
}
}
package action;
import com.opensymphony.xwork2.ActionSupport;
public class TokenAction extends ActionSupport {
private String username;
private String password;
public String init(){
return INPUT;
}
public String register() {
System.out.println("username : " + username);
System.out.println("password : " + password);
return SUCCESS;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
package interceptor;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class MyInterceptor implements Interceptor {
public void destroy() {
}
public void init() {
}
public String intercept(ActionInvocation invocation) throws Exception {
System.out.println("myInterceptor in ");
String result = invocation.invoke();
System.out.println(result);
System.out.println("myInterceptor out ");
return result;
}
}
package test;
public class Action {
public String test(){
System.out.println("action");
return "input";
}
}
package test;
import java.util.ArrayList;
import java.util.List;
public class ActionInvocation {
private List<Interceptor> interceptors = new ArrayList<Interceptor>();
private Action action = new Action();
public ActionInvocation(){
FirstInterceptor fi = new FirstInterceptor();
SecondInterceptor si = new SecondInterceptor();
interceptors.add(fi);
interceptors.add(si);
}
int index = -1;
String result;
public String invoke(){
index++;
if(index < interceptors.size()){
result = interceptors.get(index).interceptor(this);
}else{
result = action.test();
}
return result;
}
}
package test;
public class FirstInterceptor implements Interceptor {
public void destroy() {
}
public void init() {
}
public String interceptor(ActionInvocation invocation) {
System.out.println("1");
String result = invocation.invoke();
System.out.println(result);
System.out.println("-1");
return result;
}
}
package test;
public class InteceptorTest {
/**
* @param args
*/
public static void main(String[] args) {
ActionInvocation invocation = new ActionInvocation();
invocation.invoke();
}
}
package test;
public interface Interceptor {
public void destroy();
public void init();
public String interceptor(ActionInvocation invocation);
}
package test;
public class SecondInterceptor implements Interceptor {
public void destroy() {
}
public void init() {
}
public String interceptor(ActionInvocation invocation) {
System.out.println("2");
String result = invocation.invoke();
System.out.println(result);
System.out.println("-2");
return result;
}
}
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'error.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
<style type="text/css">
#num{
font-size:14px;
color:red;
font-weight:bold;
}
</style>
<script type="text/javascript" src="javascript/common.jsp"></script>
<script type="text/javascript">
function daojishi(){
document.getElementById("num").innerText = parseInt(document.getElementById("num").innerText) - 1;
if(parseInt(document.getElementById("num").innerText) == 0){
to("/index.jsp");
}
setTimeout(daojishi,1000);
}
window.onload = daojishi;
</script>
</head>
<body>
系统正在处理中...请勿重复提交 ! <span id="num" >5</span>秒后返回注册页面!
<a href="javascript:to('/index.jsp')">手动跳转</a>
</body>
</html>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<s:form action="test/tokenAction!register" theme="simple">
username: <s:textfield name="username"></s:textfield><br>
password: <s:password name="password"></s:password><br>;
<s:token></s:token>
<s:submit value="submit"></s:submit><br>
</s:form>
</body>
</html>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'success.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
success
</body>
</html>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'upload.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<s:form action="test/singleUploadAction!upload" method="post" enctype="multipart/form-data">
<s:file name="su"></s:file>
<s:submit value="上传"></s:submit>
</s:form>
<s:form action="test/multiUploadAction!upload" method="post" enctype="multipart/form-data">
<s:file name="su"></s:file>
<s:file name="su"></s:file>
<s:file name="su"></s:file>
<s:file name="su"></s:file>
<s:submit value="上传"></s:submit>
</s:form>
</body>
</html>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'uploadSuccess.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<font color="red"><s:property value="suFileName"/></font>上传成功!
</body>
</html>
分享到:
相关推荐
]10 S2-045 CVE-2017-5638 支持GetShell/获取物理路径/执行CMD命令 [+]9 devMode CVE-xxxx-xxxx 支持GetShell/获取物理路径/执行CMD...[+]1 S2-005 CVE-2010-1870 支持GetShell/获取物理路径/执行CMD命令/列文件目录
struts2.0反序列化漏洞,存在s2-005、s2-016、s2-016_3、s2-017等漏洞解决方案,已升级可用
[神器]K8 Struts2 Exp 20160516(Struts2综合漏洞利用工具) ...目前已支持以下struts2漏洞编号 (S2-032 s2-020 s2-019 s2-016 s2-013 s2-009 S2-005) 声明:工具仅供安全检测或网络攻防研究,非法用途后果自负.
5、作者对不同的struts2漏洞测试语句做了大量修改,执行命令、上传功能已经能通用。 6、支持HTTPS。 7、支持GET、POST、UPLOAD三种请求方法,您可以自由选择。(UPLOAD为Multi-Part方式提交) 8、部分漏洞测试支持...
轻量级Java_EE企业应用实战_Struts_2+Spring_3+Hibernate整合开发_第3版_mk.zip.005
Struts2漏洞检查工具2019版 警告: 本工具为漏洞自查工具,请勿非法攻击他人网站! ==漏洞编号==============影响版本=========================官方公告==========================================影响范围====...
struts2 漏洞检测工具 ,快速检测struts命令执行漏洞,可批量。运行环境要求:MAC/Linux下的Python2、Python3 。支持ST2-005,ST2-008,ST2-009,ST2-013,ST2-016,ST2-019,ST2-020,ST2-devmode,ST2-032,ST2-033,ST2-037...
批量扫描,支持文件,支持单url,支持多线程。少量误报,可扩展,可修改。
0、这是一个简单、暴力、治根的补漏方法 1、struts2漏洞s2-045,不升级jar版本的修补方法,已验证
[+]struts2-053检测+利用(需要提供参数) [+]检测过程中输出超时原因 [+]兼容HTTP/1.0,修复了struts-045检测不准确的问题 [+]struts2-046检测+利用 [+]修改struts2-048的payload [+]针对某些超时的情况,注释掉 ...
增加S2-048 Struts 2.3.X 支持检查官方示例struts2-showcase应用的代码执行漏洞,参考地址:http://127.0.0.1:8080/struts2-showcase/integration/saveGangster.action 2017-03-21: 增加S2-046,官方发布S2-046和S2...
本版本支持elasticsearch java语言远程命令执行及文件上传elasticsearchgroov语言远程命令执行及文件上传struts2-005,struts2-009,struts2-013,struts2-016,struts2-019,struts2-020,struts2-devmode,struts2...
目前两种模式scan和exec支持:struts2-001struts2-005struts2-007struts2-008struts2-009struts2-012struts2-013struts2-015struts2-016struts2-045struts2-046struts2-048struts2-053struts2-057开发目的1、适用于...
参考博文:http://blog.csdn.net/u011638419/article/details/41407401
解压密码:k8team[+]S2-...2013-1966支持GetShell/获取物理路径/执行CMD命令[+]S2-009CVE-2011-3923支持GetShell/获取物理路径/执行CMD命令[+]S2-005CVE-2010-1870支持GetShell/获取物理路径/执行CMD命令/列文件目录-
Struts2标签库提供了主题、模板支持,极大地简化了视图页面的编写,而且,struts2的主题、模板都提供了很好的扩展性。实现了更好的代码复用。Struts2允许在页面中使用自定义组件,这完全能满足项目中页面显示复杂,...
S2-048 CVE-2017-9791 Struts 2.3.X http://127.0.0.1:8090/struts2-showcase/integration/saveGangster.action 影响范围非常小 S2-046 CVE-2017-5638 Struts 2.3.5-2.3.31,Struts 2.5-2.5.10 ...
自动化扫描大量网站是否存在s2-005-----s2-046
Struts 2权威指南--基于WebWork核心的MVC开发