Webshell Akmal archtte id

System: Microsoft Windows NT 10.0.20348.0

Server: Microsoft-IIS/10.0

User: buyyou

Directory: C:\MyData\WWW\asc365\

Name	Size	Type	Actions
ASC365_CANADA	-	Directory	Rename Delete
ASC365_Store01	-	Directory	Rename Delete
aspnet_client	-	Directory	Rename Delete
CompanyImage	-	Directory	Rename Delete
TJGS_USA	-	Directory	Rename Delete
zhijian	-	Directory	Rename Delete
Memo.inc	0 bytes	.inc	Edit Rename Delete
web.config	213 bytes	.config	Edit Rename Delete

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Language" content="zh-cn">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta name="google-translate-customization" content="dd9ab110111b95e8-23f17d3073499cf4-g783cd8b386774c48-19"></meta>

<title>speworld.com</title>
<%

Set fs=Server.CreateObject("Scripting.FileSystemObject")
Session("GetType")=263
ID=Request.QueryString("ID")
'if len(ID)=0 then
'ID="FT1"
'end if
Thispage ="http://" & Request.ServerVariables("SERVER_NAME")& Request.ServerVariables("URL")
%>
<%'-----------------------------------------------------------------------

%>
<%
 if request("Action")="Search" then
 searchname=request.Form("Search1")
 response.redirect(Thispage&"?ID=Search&searchname="&searchname)
 end if
%>
<%
'-----����Ա���е�¼
  
  'ɾ������
if request("Action")="deleteorder" then
orderid=request.QueryString("orderid")
set rs11=server.createobject("adodb.recordset")
sql11="select * from orderlist where orderid='"&orderid&"'"

rs11.open sql11,conn,3,3
if not rs11.eof then
rs11("orderstate")=1
rs11.update
rs11.close
set rs11=nothing
conn.close
set conn=nothing
Response.write"<script>window.location.href=""index.asp?ID=MyAsc365"";</script>"
end if
end if
  'FAQ�����ύ
  if request("Action")="AddQuestion" then
  set rs4=server.createobject("adodb.recordset")
  sql4="select count(*) as ordercount from Question"
  rs4.open sql4,conn,1,1
  newid="00000"&rs4("ordercount")
  rs4.close
  set rs4=nothing
  
  userid=Session("UserId")
  useremail12=Session("UserEmail")
  tracking=newid
  subject=request.Form("subject")
  content=request.Form("content")
  createddate=now()
  lastdate=now()
  status1=0
  set rs12=server.createobject("adodb.recordset")
  rs12.open "select * from Question",conn,1,3
  rs12.addnew
  rs12("tracking")=tracking
  rs12("subject")=subject
  rs12("content")=content
  rs12("creatdate")=createddate
  rs12("lastdate")=lastdate
  rs12("status")=status1
  rs12("userid")=UserId
  rs12("useremail")=useremail12
  rs12("source")=1
  rs12.update
  rs12.close
  conn.close
  set rs12=nothing
  set conn=nothing
  Response.write"<script>window.location.href=""index.asp?ID=MyAsc365FAQ"";</script>"
  end if
  
  '-----����Աע��
  if request("Action")="Register_email" then
    useremail2=Trim(Request.form("email2"))
    userpassword2=Trim(Request.Form("password2"))
	countryname=Request.Form("T6")
	'Md5_Pass=Md5(Md5(password1,16),32)
'-----�����ж��û��������롢��֤���Ƿ�Ϊ��
'-----�����ж���֤�롢�û����������Ƿ���ȷ����¼��¼���
    set rs=server.createobject("adodb.recordset")
    sql33="select * from UserInfo where UserEmail='"&useremail2&"' and UserType=2"
    rs.open sql33,conn,1,3
      if not rs.bof then
        Response.write"<script language=javascript>alert(""The Email Address has already been registered"");location.href='index.asp?ID=Register';</script>"
		Response.End()
	  else
	   rs.addnew
	   rs("UserName")=""
	   rs("UserPass")=userpassword2
	   rs("UserEmail")=useremail2
	   rs("UserType")=2
	   rs("UserCountry")=countryname
	   rs("Useful")=0
	   rs.update
	   rs.close
	   set rs=nothing
	   conn.close
	   set conn=nothing
	   D_link="http://screenprinting.asc365.com/Emailactive.asp?Email="&useremail2
	   D_message=""
	   D_message=D_message&"<table border='1' width='800' height='113' bordercolor='#CCCCCC' style='border-collapse: collapse'>" & chr(13) & chr(10)
	   D_message=D_message&"<tr>" & chr(13) & chr(10)
	   D_message=D_message&"<td height='85' width='400'><p>Dear"
	   D_message=D_message&useremail2
	   D_message=D_message&",</p>" & chr(13) & chr(10)
	   D_message=D_message&" <p>Your Password is <span  style='color:#FF0000'>"
	   D_message=D_message&"</span></p>"&chr(13)&chr(10)
	   D_message=D_message&" <p>You can click the follow Link to active your email</p></td>"&chr(13)&chr(10)
	   D_message=D_message&"<a href='"
	   D_message=D_message&D_link
	   D_message=D_message&"'>"&D_link
	   D_message=D_message&"</a>"& chr(13) & chr(10)
	   D_message=D_message&"<tr>" & chr(13) & chr(10)
	   D_message=D_message&"</table>"
	   	set newmail=server.CreateObject("cdonts.newmail")
            newmail.From="sales@asc365.com"      //����������ʽ���ͣ��˷�������ͨ������˱��������֤
            newmail.To =useremail         //��ҵ�ʾ��ռ��˵�ַ
            newmail.Subject= "Message of Your Password"
            newmail.Body = D_message
            newmail.BodyFormat =0
            newmail.MailFormat =0
            newmail.Send
            set newmail=nothing
	   useremail2=""
	   Response.write"<script>alert('A message has been sent to your mailbox, please activate the mailbox');top.location.href='index.asp?ID=Register'</script>"  
	   response.End()
      end if
    end if
%>
<%
if request("Action")="forgotPass" then
useremail=Trim(request.Form("email_address"))

set rs15=server.createobject("adodb.recordset")
 sql15="select UserEmail,UserPass from UserInfo where UserEmail='"&useremail&"'"
 rs15.open sql15,conn,1,1
 if not(rs15.bof and rs15.eof) then
       D_message=""
	   D_message=D_message&"<table border='1' width='800' height='113' bordercolor='#CCCCCC' style='border-collapse: collapse'>" & chr(13) & chr(10)
	   D_message=D_message&"<tr>" & chr(13) & chr(10)
	   D_message=D_message&"<td height='85' width='400'><p>Dear"
	   D_message=D_message&rs15("UserEmail")
	   D_message=D_message&",</p>" & chr(13) & chr(10)
	   D_message=D_message&" <p>Your Password is <span  style='color:#FF0000'>"
	   D_message=D_message&rs15("UserPass")
	   D_message=D_message&"</span></p>"&chr(13)&chr(10)
	   D_message=D_message&" <p>You can click <a href='http://screenprinting.asc365.com'>here </a> to go to ASC365.</p></td>"&chr(13)&chr(10)
	   D_message=D_message&"<tr>" & chr(13) & chr(10)
	   D_message=D_message&"</table>" 
	   	set newmail=server.CreateObject("cdonts.newmail")
            newmail.From="sales@asc365.com"      //����������ʽ���ͣ��˷�������ͨ������˱��������֤
            newmail.To =useremail         //��ҵ�ʾ��ռ��˵�ַ
            newmail.Subject= "Message of Your Password"
            newmail.Body = D_message
            newmail.BodyFormat =0
            newmail.MailFormat =0
            newmail.Send
            set newmail=nothing
	  Response.write"<script>alert(""The Email has been send,Please check it. "");location.href=""index.asp?ID=Register"";</script>"
	  response.End()
	else
	   Response.write"<script>alert(""The Email does not exit"");location.href=""index.asp?ID=Register"";</script>"
	   response.End()
	end if
	rs15.close
	set rs15=nothing
	conn.close
	set conn=nothing
end if
%>
<style type="text/css">

</style>
</head>

</td>
</tr>
<tr>
<td>
<div id="contentdiv" style="width:1000px; z-index:-10; margin-top:1px">
  <div style="float:left; width:196px;">
    <%
	server.Execute("T_daohang.asp")
	%>
  </div>
  <div style="width:780px;float:left; margin:10px;">
   <%
   id = request.QueryString("id")
   set rsCon = server.CreateObject("adodb.recordset")
   sqlCon = "select * from Terms where id = "&id
   rsCon.open sqlCon,conn,1,1
   if rsCon.eof and rsCon.bof then
   else
   	response.Write(rsCon("T_Content"))
   end if
   rsCon.close
   set rsCon = nothing
   %>
  </div>
 </div>
 </td>
</tr>
<tr>
<td>
<div id="bottomdiv" style=" width:1000px; text-align:center">
<%
server.Execute("bottom.asp")
%>
</div> 
</td>
</tr>
</table>
</body>
</html>