`

struts2_005

阅读更多
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
	<constant name="struts.i18n.encoding" value="utf-8"></constant>
	<package name="test" namespace="/test" extends="struts-default">
	
		<interceptors>
			<interceptor name="myInterceptor" class="interceptor.MyInterceptor"></interceptor>
		</interceptors>
	
		<action name="tokenAction" class="action.TokenAction">
			<interceptor-ref name="token"></interceptor-ref>
			<interceptor-ref name="defaultStack"></interceptor-ref>
			
			<result name="input" type="redirect">/index.jsp</result>
			<result name="success">/success.jsp</result>
			<result name="invalid.token">/error.jsp</result>
		</action>
		
		<action name="singleUploadAction" class="action.SingleUploadAction">
			<interceptor-ref name="fileUpload"></interceptor-ref>
			<interceptor-ref name="defaultStack"></interceptor-ref>
			
			<result name="uploadSuccess">/uploadSuccess.jsp</result>
		</action>
		
		<action name="multiUploadAction" class="action.MultiUploadAction">
			<interceptor-ref name="fileUploadStack"></interceptor-ref>
			<interceptor-ref name="defaultStack"></interceptor-ref>
			
			<result name="uploadSuccess">/uploadSuccess.jsp</result>
		</action>
		
		<action name="interceptorAction" class="action.InterceptorAction">
			<interceptor-ref name="myInterceptor"></interceptor-ref>
			<interceptor-ref name="defaultStack"></interceptor-ref>
			
			<result name="success">/success.jsp</result>
		</action>
	</package>
</struts>    



package action;

import com.opensymphony.xwork2.ActionSupport;

public class InterceptorAction extends ActionSupport {
	
	public String test(){
		System.out.println("action in");
		return SUCCESS;
	}
}



package action;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;

import javax.servlet.ServletContext;

import org.apache.struts2.util.ServletContextAware;

import com.opensymphony.xwork2.ActionSupport;

public class MultiUploadAction extends ActionSupport implements
		ServletContextAware {

	private File[] su;
	private String[] suContentType;
	private String[] suFileName;

	private ServletContext context;
	private String separator = File.separator;
	private String directory = "file";

	public String upload() throws Exception {

		String realPath = context.getRealPath("");
		File uploadDirectory = new File(realPath, directory);// 上传文件保存文件夹
		if (!uploadDirectory.exists()) {
			uploadDirectory.mkdir();
		}

		File uploadFile;
		FileInputStream fis;
		BufferedInputStream bis;
		FileOutputStream fos;
		BufferedOutputStream bos;

		for (int i = 0; i < su.length; i++) {
			uploadFile = new File(uploadDirectory, suFileName[i]);// 上传文件

			fis = new FileInputStream(su[i]);// 读取源文件
			bis = new BufferedInputStream(fis);// 缓冲流

			fos = new FileOutputStream(uploadFile);// 上传文件
			bos = new BufferedOutputStream(fos);// 缓冲流

			int len = 0;
			byte[] buff = new byte[1024 * 8];
			while ((len = bis.read(buff)) != -1) {
				bos.write(buff, 0, len);
				bos.flush();
			}

			if (null != bos) {
				bos.close();
			}
			if (null != fos) {
				fos.close();
			}
			if (null != bis) {
				bis.close();
			}
			if (null != fis) {
				fis.close();
			}

		}

		return "uploadSuccess";
	}

	public File[] getSu() {
		return su;
	}

	public void setSu(File[] su) {
		this.su = su;
	}

	public String[] getSuContentType() {
		return suContentType;
	}

	public void setSuContentType(String[] suContentType) {
		this.suContentType = suContentType;
	}

	public String[] getSuFileName() {
		return suFileName;
	}

	public void setSuFileName(String[] suFileName) {
		this.suFileName = suFileName;
	}

	public void setServletContext(ServletContext context) {
		this.context = context;
	}

}




package action;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;

import javax.servlet.ServletContext;

import org.apache.struts2.util.ServletContextAware;

import com.opensymphony.xwork2.ActionSupport;

public class SingleUploadAction extends ActionSupport implements
		ServletContextAware {
	private File su;
	private String suContentType;
	private String suFileName;

	private ServletContext context;

	private String separator = File.separator;

	public String upload() throws Exception {

		// 上传路径文件夹地址
		String path = context.getRealPath("");
		File uploadAddress = new File(path, "file");
		if (!uploadAddress.exists()) {
			uploadAddress.mkdir();
		}

		File uploadFile = new File(uploadAddress, suFileName);// 上传文件

		FileInputStream fis = new FileInputStream(su);// 读取原始文件
		BufferedInputStream bis = new BufferedInputStream(fis);// 缓冲流

		FileOutputStream fos = new FileOutputStream(uploadFile);// 上传文件流
		BufferedOutputStream bos = new BufferedOutputStream(fos);// 缓冲流

		int len = 0;
		byte[] buff = new byte[1024 * 8];

		while ((len = bis.read(buff)) != -1) {
			bos.write(buff, 0, len);
			bos.flush();
		}

		bos.close();
		fos.close();

		bis.close();
		fis.close();

		return "uploadSuccess";

	}

	public File getSu() {
		return su;
	}

	public void setSu(File su) {
		this.su = su;
	}

	public String getSuContentType() {
		return suContentType;
	}

	public void setSuContentType(String suContentType) {
		this.suContentType = suContentType;
	}

	public String getSuFileName() {
		return suFileName;
	}

	public void setSuFileName(String suFileName) {
		this.suFileName = suFileName;
	}

	public void setServletContext(ServletContext context) {
		this.context = context;
	}

}



package action;

import com.opensymphony.xwork2.ActionSupport;

public class TokenAction extends ActionSupport {

	private String username;
	private String password;
	
	public String init(){
		return INPUT;
	}

	public String register() {

		System.out.println("username : " + username);
		System.out.println("password : " + password);

		return SUCCESS;
	}

	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

}



package interceptor;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

public class MyInterceptor implements Interceptor {

	public void destroy() {

	}

	public void init() {

	}

	public String intercept(ActionInvocation invocation) throws Exception {

		System.out.println("myInterceptor in ");

		String result = invocation.invoke();
		System.out.println(result);
		System.out.println("myInterceptor out ");

		return result;
	}

}



package test;

public class Action {
	public String test(){
		System.out.println("action");
		return "input";
	}
}



package test;

import java.util.ArrayList;
import java.util.List;

public class ActionInvocation {
	
	private List<Interceptor> interceptors = new ArrayList<Interceptor>();
	private Action action = new Action();
	
	public ActionInvocation(){
		FirstInterceptor fi = new FirstInterceptor();
		SecondInterceptor si = new SecondInterceptor();
		interceptors.add(fi);
		interceptors.add(si);
	}
	
	int index = -1;
	String result;
	public String invoke(){
		index++;
		if(index < interceptors.size()){
			result = interceptors.get(index).interceptor(this);
		}else{
			result = action.test();
		}
		return result;
	}
}



package test;

public class FirstInterceptor implements Interceptor {

	public void destroy() {

	}

	public void init() {

	}

	public String interceptor(ActionInvocation invocation) {
		
		System.out.println("1");
		
		String result = invocation.invoke();
		System.out.println(result);
		System.out.println("-1");
		return result;
	}

}




package test;

public class InteceptorTest {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		ActionInvocation invocation = new ActionInvocation();
		invocation.invoke();
	}

}




package test;

public interface Interceptor {
	public void destroy();
	public void init();
	public String interceptor(ActionInvocation invocation);
}



package test;

public class SecondInterceptor implements Interceptor {

	public void destroy() {

	}

	public void init() {

	}

	public String interceptor(ActionInvocation invocation) {
		System.out.println("2");
		String result = invocation.invoke();
		System.out.println(result);
		System.out.println("-2");
		return result;
	}

}




<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'error.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->
	
	<style type="text/css">
		#num{
			font-size:14px;
			color:red;
			font-weight:bold;
		}
	</style>
	<script type="text/javascript" src="javascript/common.jsp"></script>
	<script type="text/javascript">
		
	
		function daojishi(){
			document.getElementById("num").innerText = parseInt(document.getElementById("num").innerText) - 1;
			if(parseInt(document.getElementById("num").innerText) == 0){
				to("/index.jsp");
			}
			setTimeout(daojishi,1000);
		}
		
		window.onload = daojishi;
	</script>

  </head>
  
  <body>
    	系统正在处理中...请勿重复提交  ! &nbsp;&nbsp; <span id="num" >5</span>秒后返回注册页面!
    	<a href="javascript:to('/index.jsp')">手动跳转</a>
  </body>
  
  
</html>




<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'index.jsp' starting page</title>
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->
  </head>
  
  <body>
  	<s:form action="test/tokenAction!register" theme="simple">
  		username: <s:textfield name="username"></s:textfield><br>
  		password: <s:password name="password"></s:password><br>;
  				  <s:token></s:token>
  		<s:submit value="submit"></s:submit><br>
  	</s:form>
  </body>
</html>



<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'success.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
  	success
  </body>
</html>



<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'upload.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
  	<s:form action="test/singleUploadAction!upload" method="post" enctype="multipart/form-data">
  		<s:file name="su"></s:file>
  		<s:submit value="上传"></s:submit>
  	</s:form>
  	
  	<s:form action="test/multiUploadAction!upload" method="post" enctype="multipart/form-data">
  		<s:file name="su"></s:file>
  		<s:file name="su"></s:file>
  		<s:file name="su"></s:file>
  		<s:file name="su"></s:file>
  		<s:submit value="上传"></s:submit>
  	</s:form>
  </body>
</html>



<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'uploadSuccess.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
    <font color="red"><s:property value="suFileName"/></font>上传成功!
    
    
  </body>
</html>

分享到:
评论

相关推荐

    K8_Struts2_EXP.zip

    ]10 S2-045 CVE-2017-5638 支持GetShell/获取物理路径/执行CMD命令 [+]9 devMode CVE-xxxx-xxxx 支持GetShell/获取物理路径/执行CMD...[+]1 S2-005 CVE-2010-1870 支持GetShell/获取物理路径/执行CMD命令/列文件目录

    struts2反序列化漏洞,存在s2-005、s2-016、s2-016_3、s2-017

    首先,s2-005漏洞(CVE-2012-0881)是2012年发现的一个严重问题,它涉及到Struts2的OGNL(Object-Graph Navigation Language)表达式在反序列化过程中的不当处理。OGNL是一种强大的表达式语言,允许动态访问和操作...

    K8_Struts2_EXP S2-045.rar

    [神器]K8 Struts2 Exp 20160516(Struts2综合漏洞利用工具) ...目前已支持以下struts2漏洞编号 (S2-032 s2-020 s2-019 s2-016 s2-013 s2-009 S2-005) 声明:工具仅供安全检测或网络攻防研究,非法用途后果自负.

    Struts 2 全版本漏洞检测工具 18.09 过waf版

    5、作者对不同的struts2漏洞测试语句做了大量修改,执行命令、上传功能已经能通用。 6、支持HTTPS。 7、支持GET、POST、UPLOAD三种请求方法,您可以自由选择。(UPLOAD为Multi-Part方式提交) 8、部分漏洞测试支持...

    轻量级Java_EE企业应用实战_Struts_2+Spring_3+Hibernate整合开发_第3版_mk.zip.005

    轻量级Java_EE企业应用实战_Struts_2+Spring_3+Hibernate整合开发_第3版_mk.zip.005

    struts2-showcase.rar

    10. **S2-005安全漏洞**:Struts2-showcase还包含了一些已知的安全漏洞实例,用于教育开发者如何避免和修复这些漏洞。 通过深入研究和分析struts2-showcase项目,开发者能够全面了解Struts2的特性和最佳实践,从而...

    Struts2漏洞检查工具2019版 V2.3.exe

    Struts2漏洞检查工具2019版 警告: 本工具为漏洞自查工具,请勿非法攻击他人网站! ==漏洞编号==============影响版本=========================官方公告==========================================影响范围====...

    struts漏洞检测工具

    struts2 漏洞检测工具 ,快速检测struts命令执行漏洞,可批量。运行环境要求:MAC/Linux下的Python2、Python3 。支持ST2-005,ST2-008,ST2-009,ST2-013,ST2-016,ST2-019,ST2-020,ST2-devmode,ST2-032,ST2-033,ST2-037...

    Struts2之Servlet API及单元测试初识案例struts005

    在这个“Struts2之Servlet API及单元测试初识案例struts005”中,我们将探讨Struts2如何与Servlet API结合使用,以及如何进行单元测试。 Servlet API是Java EE平台的核心部分,用于构建动态Web应用程序。Struts2...

    struts2漏洞s2-045,不升级jar版本的修补方法,已验证.docx

    Struts2 漏洞 S2-045 修补方法 Struts2 是一个基于 Java 的 Web 应用程序框架,广泛应用于企业级应用程序中。然而,Struts2 中存在着一些漏洞,例如 S2-045 漏洞,该漏洞可能会导致严重的安全问题。今天,我们将...

    struts2 OGNL表达式

    著名的Struts2漏洞,如S2-005和S2-016,就是由于OGNL表达式的不当处理导致的远程代码执行风险。因此,在使用OGNL时,开发者需要特别注意输入验证和安全配置,避免恶意用户通过OGNL注入执行任意代码。 在深入学习...

    struts2总结项目总结

    1. 虽然Struts2在安全方面有一些漏洞,但通过及时更新版本和合理配置,可以有效避免如S2-005、S2-016等已知漏洞。 七、最佳实践 1. 使用ActionSupport基类,可以自动处理表单回显和错误显示。 2. 避免过度依赖OGNL...

    struts2基本类库

    虽然Struts2强大且灵活,但也曾曝出过安全漏洞,如S2-005、S2-016等。开发者应当关注并及时修复这些漏洞,确保应用安全。 10. **Struts2与Spring集成**: Struts2可以很好地与Spring框架集成,实现依赖注入(DI)...

    struts2 资料 struts2 资料 struts2 资料

    Struts2历史上曾出现过一些严重的安全漏洞,如著名的S2-005和S2-045,这些漏洞可能导致远程代码执行。开发者需要及时更新Struts2的版本,应用安全补丁,并遵循最佳实践,例如限制对Action的访问、使用参数化查询防止...

    struts扫描及利用工具(2018-11新版)

    [+]struts2-053检测+利用(需要提供参数) [+]检测过程中输出超时原因 [+]兼容HTTP/1.0,修复了struts-045检测不准确的问题 [+]struts2-046检测+利用 [+]修改struts2-048的payload [+]针对某些超时的情况,注释掉 ...

    Struts2漏洞检测(带自己编写使用说明一看就上手)

    Struts2是一款非常流行的Java Web框架,用于构建和维护可扩展、易于管理的企业级应用程序。然而,随着时间的推移,Struts2框架发现了一系列的安全漏洞,这些漏洞可能导致远程代码执行、敏感信息泄露等问题,对使用...

    sstruts2.0 struts2.0

    Struts2的安全性是其重要的关注点,比如2.0版本中存在著名的Struts2 S2-005远程代码执行漏洞,需要及时更新框架版本以修复已知的安全问题。 总结来说,Struts2.0是一个功能强大且灵活的Java Web开发框架,其配置...

    struts2 批量扫描 s2-005-----s2-046

    批量扫描,支持文件,支持单url,支持多线程。少量误报,可扩展,可修改。

    Struts2漏洞检查工具2018版.exe

    增加S2-048 Struts 2.3.X 支持检查官方示例struts2-showcase应用的代码执行漏洞,参考地址:http://127.0.0.1:8080/struts2-showcase/integration/saveGangster.action 2017-03-21: 增加S2-046,官方发布S2-046和S2...

    struts2.x所有包及配置文件

    Struts2是一个基于MVC(Model-View-Controller)设计模式的Java web应用程序框架,它在...在实际项目中,还需要关注安全性问题,如利用Struts2的S2-005漏洞进行攻击,因此应保持框架和依赖库的更新,及时修复安全漏洞。

Global site tag (gtag.js) - Google Analytics