Webshell Akmal archtte id
System:
Microsoft Windows NT 10.0.20348.0
Server:
Microsoft-IIS/10.0
User:
buyyou
Directory:
C:
\
MyData
\
WWW
\
asc365
\
Name
Size
Type
Actions
ASC365_CANADA
-
Directory
Rename
Delete
ASC365_Store01
-
Directory
Rename
Delete
aspnet_client
-
Directory
Rename
Delete
CompanyImage
-
Directory
Rename
Delete
TJGS_USA
-
Directory
Rename
Delete
zhijian
-
Directory
Rename
Delete
Memo.inc
0 bytes
.inc
Edit
Rename
Delete
web.config
213 bytes
.config
Edit
Rename
Delete
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <!--#include file="conn.asp" --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <script type="text/javascript"> function check() { //������ʽ�ж� //var re = /^[0-9]+.?[0-9]*$/;//�ж��ַ����Ƿ�Ϊ���� var re = /^[1-9]+[0-9]*]*$/;//�ж��ַ����Ƿ�Ϊ������ if (re.test(document.business.qty.value) ) { return true; } else if(re.test(document.business.bookingNum.value)) { return true } else { alert("Please enter a positive integer"); return false; } } </script> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <% session.codePage = "936" response.charset = "gb2312" Set fs=Server.CreateObject("Scripting.FileSystemObject") Dim SS(1000,6) Dim ASC365_Cart_001 Dim maxacount productid=request.QueryString("productid") if len(productid)<6 then productid=request.Form("productid") end if set rs1=server.CreateObject("adodb.recordset") sql1="select * from usedproductlist where productid='"&productid&"'" response.Write(sql1) rs1.open sql1,conn,1,1 if not rs1.eof then productname=rs1("productname") maxacount=rs1("store") session("maxacount")=maxacount end if rs1.close if request("Action")="Addtoshipping" then maxacount=session("maxacount") Cart_js=0 productid=request.Form("productid") productname=request.Form("productname")&"(special)" price=request.Form("price") weight=request.Form("weight") productnumber=request.Form("qty") if isnumeric(productnumber)=false then productnumber=0 end if if maxacount*1 => productnumber*1 then ASC365_Cart_001=request.Cookies("ASC365_Cart_001") aa=0 if len(ASC365_Cart_001)<>0 then temp=split(ASC365_Cart_001,"|") N_js=ubound(temp) for i=1 to N_js step 7 SS(Cart_js,0)=temp(i) '��Ʒ���� SS(Cart_js,1)=temp(i+1) '��Ʒ���� SS(Cart_js,2)=temp(i+2) '��Ʒ���� SS(Cart_js,3)=temp(i+3) '��Ʒ��� SS(Cart_js,4)=temp(i+4) '���� SS(Cart_js,5)=0 '���� SS(Cart_js,6)=temp(i+6) '���� if SS(Cart_js,0)=productid and SS(Cart_js,6)="u" then SS(Cart_js,4)=SS(Cart_js,4)*1+productnumber if maxacount*1<= SS(Cart_js,4) then SS(Cart_js,4)=maxacount end if if isnumeric(temp(i+3))=false then SS(Cart_js,3)=price end if if isnumeric(temp(i+5))=false then SS(Cart_js,5)=0 end if aa=1 end if Cart_js=Cart_js+1 next end if if aa=0 then ASC365_Cart_001=ASC365_Cart_001&"|" & productid& "|" & productname& "|" & weight& "|" & price& "|" & productnumber & "|" & "|u" else ASC365_Cart_001="" for i=0 to Cart_js-1 if SS(i,0)<>"*" then ASC365_Cart_001=ASC365_Cart_001&"|"&SS(i,0)&"|"&SS(i,1)&"|"&SS(i,2)&"|"&SS(i,3)&"|"&SS(i,4)&"|"&SS(i,5)&"|"&SS(i,6) end if next end if response.Write(ASC365_Cart_001) response.Cookies("ASC365_Cart_001")=ASC365_Cart_001 Response.Write("<script>alert('Added successfully,Please check it in Shopping Cart');</script>") else Response.Write("<script>alert('There is not enough goods');</script>") end if end if %> <title><%=productname%></title> <style type="text/css"> <!-- .STYLEd { font-size: 19px; font-weight: bold; font-family: Verdana, Arial, Helvetica, sans-serif; } a{ position:relative; text-decoration:none; color:#666666; } a:hover{ position:relative; text-decoration:underline; } .STYLE1 {color: #FF0000} .STYLE2 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; } --> </style> </head> <body style="width:1000px; margin:0 auto; text-align:center;background-color:#F1F1F1"> <table border="0" style="width:1000px; background-color:#ffffff"> <tr> <td width="999"> <% server.Execute("head.asp") %> </td></tr> <tr> <td align="left" style="height:50px"> <% dim typepath(10,2) typeid=request.QueryString("typeid") if len(typeid)=0 then typeid=request.Form("typeid") end if if len(typeid)>0 then set rsa=server.CreateObject("adodb.recordset") sqla="select * from menu1 where id="&typeid&"" rsa.open sqla,conn,1,1 fatherpath=split(rsa("ParentPath"),",") if ubound(fatherpath)>0 then for ii=1 to ubound(fatherpath) newid=fatherpath(ii) set rsb=server.CreateObject("adodb.recordset") sqlb="select * from menu1 where id="&newid&"" rsb.open sqlb,conn,1,1 typepath(ii,0)=rsb("id") typepath(ii,1)=rsb("CName") rsb.close next typepath(ii+1,0)=rsa("id") typepath(ii+1,1)=rsa("CName") else typepath(ii,0)=rsa("id") typepath(ii,1)=rsa("CName") end if end if %> <% for i=0 to 10 if len(typepath(i,0))>0 then %> <a href="productlist.asp?typeid=<%=typepath(i,0)%>"><%=typepath(i,1)%></a><span class="STYLE21">></span> <% end if next %> </td> </tr> <tr> <td valign="top"> <% productid=request.QueryString("Productid") set rs=server.CreateObject("adodb.recordset") sql="select * from usedproductlist where productid='"&productid&"'" rs.open sql,conn,1,1 if not rs.eof then dpages="http://buyyou.net/ASC365_canada//"&rs("ImgPrev") %> <table width="1000" border="1" cellpadding="0" cellspacing="0"> <tr> <th width="250" height="250" scope="col"><img src="<%=rs("ImgPrev")%>" border="0" style="width:250px"/></th> <th width="740" scope="col"> <form method="post" name="business" action="?Action=Addtoshipping&productid=<%=rs("productid")%>" onSubmit="return check()"> <table width="640" height="200" border="0" cellspacing="0" cellpadding="0" style="text-align:left; margin-left:100px"> <tr> <input type="hidden" name="productid" value="<%=rs("productid")%>" /> <th colspan="2" align="left" scope="col"><div align="left"> <input type="hidden" name="productname" value="<%=rs("productname")%>" /> <font style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:16px"><%=rs("productid")%>:<%=rs("productname")%></font><span class="STYLE1">(special)</span></div></th> </tr> <tr> <td width="110"><div align="left">Unit:</div></td> <td width="530"><%=rs("productunit")%></td> </tr> <tr> <% newprice=rs("usprice") %> <td><div align="left">Price:</div></td> <td><input type="hidden" name="price" value="<%=newprice%>" /> <%= FormatNumber(newprice, 2, -1)%>$</td> </tr> <tr> <td><div align="left">Weight:</div></td> <td><input type="hidden" name="weight" value="<%=rs("weight")%>" /> <%= FormatNumber(rs("weight"), 2, -1)%>kg</td> </tr> <tr> <td><div align="left">QTY:</div></td> <td><input name="qty" type="text" size="5" /> <span class="STYLE2">(max:<%=maxacount%>)</span></td> </tr> <tr> <td>Item Location:</td> <td><%=rs("location")%></td> </tr> <tr> <td colspan="2"> <input name="image" type="image" value="add to cart" src="image/addtocart.jpg" /> </td> </tr> <tr> <td colspan="2"> </td> </tr> </table> </form> </th> </tr> </table> <table width="1000" border="0"> <tr> <td height="1" bgcolor="#CCCCCC"></td> </tr> </table> <table style="width:980px; border:0;"> <tr> <td valign="top"> <table width="180" border="0" cellpadding="0" cellspacing="0"> <tr> <td> </br> </br> </td> </tr> </table></td> <td style="text-align:left; width:800px" valign="top"> <div style="width:800px; overflow:hidden"> <% productid=rs("productid") Temp=rs("productdetail") 'if fs.FileExists(Server.MapPath(Temp))=true then 'Server.Execute(Temp) 'end if response.Write(Temp) %> </div> </td> </tr> </table> <% end if rs.close %> </td> </tr> <tr> <td> <% server.Execute("bottom.asp") %> </td> </tr> </table> <% conn.close set conn=nothing %> </body> </html>