How can an attacker execute system commands by loading a malicious DLL via JNI in a JSP?

An attacker can craft a JSP page that loads a DLL containing a native method (e.g., `exec`) which uses Windows APIs like `CreateProcess` to run `cmd.exe` with arbitrary commands. The JSP accepts a `cmd` parameter, passes it to the native method, and returns the output. The article's example code shows the C++ implementation using `CreatePipe` and `ReadFile` to capture command results. This technique bypasses Java sandbox restrictions and enables stealthy remote code execution.