系统相关
首页 > 系统相关> > 注入-shell

注入-shell

作者:互联网

import java.io.IOException;
import java.lang.ref.SoftReference;
import java.text.Normalizer;
import java.util.Scanner;
import java.util.regex.Pattern;

class Solution {
    public static void main(String[] args) throws IOException {
        Scanner scanner = new Scanner(System.in);
        String cmd = scanner.next();//next=88.56.21.22;cat /etc/passwd
        if (isIpValidate(cmd)) {
            f(cmd);
        }
    }

    public static void f(String ip) throws IOException {
        String[] cmd = new String[5];
        //RunTime不提供shell编译器,需要加/bin/bash -c才能提供,不然无法解析| >等符号
        cmd[0] = "/bin/bash";
        cmd[1] = "-c";
        cmd[2] = "ping -c 4 ";
        cmd[3] = ip;
        Runtime.getRuntime().exec(cmd);
    }

    private static boolean isIpValidate(String cmd) {
        String normalize = Normalizer.normalize(cmd, Normalizer.Form.NFKC);
        Pattern pattern = Pattern.compile("\\||`|&|;<>");
        boolean isMatched = pattern.matcher(cmd).find();
        return !isMatched;
    }
}

标签:shell,java,String,cmd,Normalizer,static,import,注入
来源: https://www.cnblogs.com/t1314/p/15782162.html