编写一个asp代码执行器
保存为runasp.asp运行。账号密码admin,登陆后输入代码就可执行了!!
<% @ LANGUAGE="VBscript" %>
<%Option Explicit
response.buffer=true
dim Spassword,SUserName
SUserName="admin"
Spassword="admin"
dim SQLMutiStr
dim i
dim action
action=request.querystring("action")
IF action="GetCode" then '---------TOT
NumCodeJS
ELSE '--------TOT
Response.Write("<!DOCTYPE HTML PUBLIC ""-//W3C//DTD HTML 4.0 Transitional//EN"">")
Response.Write("<HTML>")
Response.Write("<HEAD>")
Response.Write("<TITLE>ASP RunCode SCR V1.0 / Create By PaintBlue.Net V37</TITLE>")
Response.Write("<METAGenerator"" CONTENT=""EditPlus,V37,PaintBlue.Net"">")
Response.Write("<METAAuthor"" CONTENT=""V37,PaintBlue.Net"">")
Response.Write("<METAKeywords"" CONTENT=""PaintBlue.Net,,V37,RunCode,ASP,script,BlueIdea.COM,Lfgbox.com"">")
Response.Write("<METADescription"" CONTENT=""运行ASP代码的ASP脚本!"">")
Response.Write("</HEAD>")
Response.Write("<BODY bgcolor=#D4D0C8>")
SQLMutiStr=trim(Request.Form("SQLMutiStr"))
if session("login")="" and action="chkpass" then
session("login")=checkPass()
end if
if action="exit" then session("login")=""
if session("login")="1" then
if action="RunCode" then
if SQLMutiStr="" then
Response.write "没有输入要运行的代码!"
Response.write "<br><br><a href=""javascript:window.history.back();"">返回运行页面</a><br><br>"
Response.write "<a href=""?action=exit"">退出登陆</a>"
response.end
else
dim ExeStrArr
dim re
dim tempSQL,tempSQL2
dim scriptArr,scriptSubArr
tempSQL2=""
tempSQL=split(SQLMutiStr,vbcrlf)
if inStr(lcase(tempSQL(0)),"language")>0 then
tempSQL2=tempSQL(1)
if ubound(tempSQL)>1 then
for i=1 to ubound(tempSQL)
tempSQL2=tempSQL2&tempSQL(i)
next
end if
tempSQL2=trim(tempSQL2)
else
tempSQL2=SQLMutiStr
end if
tempSQL2=replace(tempSQL2,"<%"&"=","<"&"%response.write ")
do
tempSQL2=replace(tempSQL2,vbcrlf&vbcrlf,vbcrlf)
loop while instr(tempSQL2,vbcrlf&vbcrlf)>0
tempSQL2=trim(tempSQL2)
tempSQL2="<"&"%%"&">"&tempSQL2&"<"&"%%"&">"
scriptArr=split(tempSQL2,"%"&">")
dim ub,kub
ub=ubound(scriptArr)
for i=0 to ub-1
scriptSubArr=split(scriptArr(i),"<"&"%")
if i>0 then response.write (scriptSubArr(0))
ExeCuteIt(scriptSubArr(1))
next
call EndProc("<font color=#009900>代码运行完毕!</font>")
end if
else
%>
输入要运行的ASP代码:
<FORM METHOD=POST ACTION="?action=RunCode">
<TEXTAREA wrap='OFF' ROWS="20"><%=Server.Htmlencode(SQLMutiStr)%></TEXTAREA>
<br>
<INPUT TYPE="button" Value="LouOut">
<INPUT TYPE="reset" Value="Clear">
<INPUT TYPE="submit" value="Run AspCode">
</FORM>
<% end if
else
call loginmain()
end if
Response.write ("</BODY></HTML>")
END IF '-------TOT
SUB loginMain()
%>
<FORM METHOD=POST ACTION="?action=chkpass"> UserName:<INPUT TYPE="text"><br>
PassWord:<INPUT TYPE="password"><br>
CheckCode:<INPUT TYPE="GetCode"><img src="runasp.asp?action=GetCode&Time=<%=timer()%>"><br>
<br><img width=125 height=0><INPUT TYPE="submit" value=" Login "></FORM>
<%
End SUB
function checkPass()
dim UserName,Runpassword,GetCode
dim errinfo
checkPass=""
UserName=trim(request.form("UserName"))
Runpassword=trim(request.form("Runpassword"))
GetCode=request.form("GetCode")
if UserName="" or Runpassword="" then
errinfo=errinfo&"<li>用户名和密码输入不能为空"
end if
if Not isnumeric(GetCode) then
errinfo=errinfo&"<li>请输入数字校验码"
end if
if errinfo<>"" then
call loginmain()
EndProc errinfo
end if
if action="chkpass" and Session("GetCode")=int(GetCode) and UserName=SUserName and Runpassword=Spassword then
Session("GetCode")=0
checkPass="1"
else
call loginmain()
EndProc "登陆失败!请重新确认正确输入"
end if
End function
SUB ExeCuteIt(ExString)
on error resume next
Execute(ExString)
if err.number<>0 then
Response.write "<divbackground-color: #ffeedd;padding: 6px;"">"
Response.write "<hr size=1>"
Response.write "出错信息:<li><font color=#ff0000>"&err.description&"</font>"
Response.write "<hr size=1>"
Response.write "出错代码:<li><font color=#0000ff>"&Htmlencode(ExString)&"</font>"
Response.write "<hr size=1></div>"
end if
on error goto 0
end SUB
function HTMLEncode(reString)
dim Str:Str=reString
if not isnull(Str) then
Str = replace(Str, ">", ">")
Str = replace(Str, "<", "<")
Str = Replace(Str, CHR(32), " ")
Str = Replace(Str, CHR(9), " ")
Str = Replace(Str, CHR(34), """) ' "
Str = Replace(Str, CHR(39), "'") ' '
Str = Replace(Str, CHR(13), "")
Str = Replace(Str, CHR(10) & CHR(10), "</P><P> ")
Str = Replace(Str, CHR(10), "<BR> ")
HTMLEncode = Str
else
HTMLEncode=""
end if
end function
'断点调试 num=0 中断
Sub Response_write(str,num)
dim istr:istr=str
dim inum:inum=num
response.write str&"<br>"
if inum=0 then response.end
end sub
SUB EndProc(info)
Response.write "<hr size=1 color=#00aa00>"
Response.write info
Response.write "<hr size=1 color=#00aa00><a href=""javascript:window.history.back();"">返回运行页面</a><br><br>"
Response.write "<a href=""?action=exit"">退出登陆</a>"
response.end
End SUB
%>
<script language="Jscript" runat="Server">
function GetNO(num){
var NumArray=[
]["0","0","0","3c","66","66","66","66","66","66","66","66","3c","0","0","0"],
["0","0","0","30","38","30","30","30","30","30","30","30","30","0","0","0"],
["0","0","0","3c","66","60","60","30","18","c","6","6","7e","0","0","0"],
["0","0","0","3c","66","60","60","38","60","60","60","66","3c","0","0","0"],
["0","0","0","30","30","38","38","34","34","32","7e","30","78","0","0","0"],
["0","0","0","7e","6","6","6","3e","60","60","60","66","3c","0","0","0"],
["0","0","0","38","c","6","6","3e","66","66","66","66","3c","0","0","0"],
["0","0","0","7e","66","60","60","30","30","18","18","c","c","0","0","0"],
["0","0","0","3c","66","66","66","3c","66","66","66","66","3c","0","0","0"],
["0","0","0","3c","66","66","66","66","7c","60","60","30","1c","0","0","0"]
];
var str=[];
num=String(num).split("");
for(var i=0;i<NumArray[0].length;i++)
for(var j=0;j<num.length;j++)
str[str.length]=("0x"+NumArray[num[j]][i]);
var str1="#define counter_width "+j*8;
var str2="#define counter_height 16";
return str1+String.fromCharCode(13,10)+str2+String.fromCharCode(13,10)+"static unsigned char counter_bits[]={"+str+"}";
}
function GetRnd(Num){
return Math.floor(Math.random()*Math.pow(10,Num));
}
function NumCodeJS()
{
Response.buffer=true
var zNum;
var zNum=GetRnd(4);
if (zNum<1000) zNum+=999;
Session("GetCode") = zNum;
Response.ContentType="image/x-xbitmap";
Session("GetCode") = zNum;
Response.Write(GetNO(zNum));
}
</script>