编写一个asp代码执行器

保存为runasp.asp运行。账号密码admin,登陆后输入代码就可执行了!!


<% @ LANGUAGE=”VBSCRIPT” %>
<%Option Explicit
response.buffer=true
dim Spassword,SUserName
    SUserName=”admin”
    Spassword=”admin”
dim SQLMutiStr
dim i
dim action
    action=request.querystring(“action”)


IF action=”GetCode” then ‘———TOT
    NumCodeJS
ELSE ‘——–TOT
    Response.Write(“<!DOCTYPE HTML PUBLIC “”-//W3C//DTD HTML 4.0 Transitional//EN””>”)
    Response.Write(“<HTML>”)
    Response.Write(“<HEAD>”)
    Response.Write(“<TITLE>ASP RunCode SCR V1.0 / Create By PaintBlue.Net V37</TITLE>”)
    Response.Write(“<META NAME=””Generator”” CONTENT=””EditPlus,V37,PaintBlue.Net””>”)
    Response.Write(“<META NAME=””Author”” CONTENT=””V37,PaintBlue.Net””>”)
    Response.Write(“<META NAME=””Keywords”” CONTENT=””PaintBlue.Net,,V37,RunCode,ASP,Script,BlueIdea.COM,Lfgbox.com””>”)
    Response.Write(“<META NAME=””Description”” CONTENT=””运行ASP代码的ASP脚本!””>”)
    Response.Write(“</HEAD>”)
    Response.Write(“<BODY bgcolor=#D4D0C8>”)


    SQLMutiStr=trim(Request.Form(“SQLMutiStr”))
    if session(“login”)=”” and action=”chkpass” then
        session(“login”)=checkPass()
    end if
    if action=”exit” then session(“login”)=””
    if session(“login”)=”1″ then
            if action=”RunCode” then 
                if SQLMutiStr=”” then
                    Response.write “没有输入要运行的代码!”
                    Response.write “<br><br><a javascript:window.history.back();””>返回运行页面</a><br><br>”
                    Response.write “<a ?action=exit””>退出登陆</a>”
                    response.end
                else
                    dim ExeStrArr
                    dim re
                    dim tempSQL,tempSQL2
                        dim ScriptArr,ScriptSubArr
                        tempSQL2=””
                    tempSQL=split(SQLMutiStr,vbcrlf)
                    if inStr(lcase(tempSQL(0)),”language”)>0 then
                        tempSQL2=tempSQL(1)
                        if ubound(tempSQL)>1 then
                            for i=1 to ubound(tempSQL)
                                tempSQL2=tempSQL2&tempSQL(i)
                            next
                        end if
                        tempSQL2=trim(tempSQL2)
                    else
                        tempSQL2=SQLMutiStr
                    end if
                        tempSQL2=replace(tempSQL2,”<%”&”=”,”<“&”%response.write “)
                        do
                            tempSQL2=replace(tempSQL2,vbcrlf&vbcrlf,vbcrlf)
                        loop while instr(tempSQL2,vbcrlf&vbcrlf)>0
                            tempSQL2=trim(tempSQL2)
                            tempSQL2=”<“&”%%”&”>”&tempSQL2&”<“&”%%”&”>”
                            ScriptArr=split(tempSQL2,”%”&”>”)
                        dim ub,kub
                            ub=ubound(ScriptArr)
                        for i=0 to ub-1
                            ScriptSubArr=split(ScriptArr(i),”<“&”%”)
                            if i>0 then response.write (ScriptSubArr(0))
                            ExeCuteIt(ScriptSubArr(1))
                        next
                    call EndProc(“<font color=#009900>代码运行完毕!</font>”)
                end if
            else
                %>
                输入要运行的ASP代码:
                <FORM METHOD=POST ACTION=”?action=RunCode” style=”margin:0px;”>
                <TEXTAREA NAME=”SQLMutiStr” wrap=’OFF’ ROWS=”20″ style=”width:100%;height:100%;table-layout:fixed;word-break:break-all;”><%=Server.Htmlencode(SQLMutiStr)%></TEXTAREA>
                <br>
                <INPUT TYPE=”button” onclick=”window.location.href=’?action=exit’;” Value=”LouOut”>
                <INPUT TYPE=”reset” Value=”Clear”>
                <INPUT TYPE=”submit” value=”Run AspCode”>
                </FORM>
        <%    end if
    else
        call loginmain()
    end if
        Response.write (“</BODY></HTML>”)
END IF ‘——-TOT


SUB loginMain()
    %>


        <FORM METHOD=POST ACTION=”?action=chkpass”>&nbsp;UserName:<INPUT TYPE=”text” NAME=”UserName”><br>
        &nbsp;PassWord:<INPUT TYPE=”password” NAME=”Runpassword”><br>
        CheckCode:<INPUT TYPE=”GetCode” NAME=”GetCode”><img src=”runasp.asp?action=GetCode&Time=<%=timer()%>”><br>
        <br><img width=125 height=0><INPUT TYPE=”submit” value=” Login “></FORM>
    <%   
End SUB


function checkPass()
    dim UserName,Runpassword,GetCode
    dim errinfo
    checkPass=””
    UserName=trim(request.form(“UserName”))
    Runpassword=trim(request.form(“Runpassword”))
    GetCode=request.form(“GetCode”)
    if UserName=”” or Runpassword=”” then
        errinfo=errinfo&”<li>用户名和密码输入不能为空”
    end if
    if Not isnumeric(GetCode) then
        errinfo=errinfo&”<li>请输入数字校验码”
    end if
    if errinfo<>”” then
        call loginmain()       
        EndProc errinfo
    end if
    if action=”chkpass” and Session(“GetCode”)=int(GetCode) and UserName=SUserName and Runpassword=Spassword then
        Session(“GetCode”)=0
        checkPass=”1″
    else
        call loginmain()
        EndProc “登陆失败!请重新确认正确输入”
    end if
End function


SUB    ExeCuteIt(ExString)
    on error resume next
    Execute(ExString)
    if err.number<>0 then
        Response.write “<div style=””background-color: #ffeedd;padding: 6px;””>”
        Response.write “<hr size=1>”
        Response.write “出错信息:<li><font color=#ff0000>”&err.description&”</font>”
        Response.write “<hr size=1>”
        Response.write “出错代码:<li><font color=#0000ff>”&Htmlencode(ExString)&”</font>”
        Response.write “<hr size=1></div>”
    end if
    on error goto 0
end SUB


function HTMLEncode(reString)
    dim Str:Str=reString
    if not isnull(Str) then
        Str = replace(Str, “>”, “&gt;”)
        Str = replace(Str, “<“, “&lt;”)
        Str = Replace(Str, CHR(32), “&nbsp;”)
        Str = Replace(Str, CHR(9), “&nbsp;&nbsp;&nbsp;&nbsp;”)
        Str = Replace(Str, CHR(34), “&quot;”)    ‘ “
        Str = Replace(Str, CHR(39), “‘”)    ‘ ‘
        Str = Replace(Str, CHR(13), “”)
        Str = Replace(Str, CHR(10) & CHR(10), “</P><P> “)
        Str = Replace(Str, CHR(10), “<BR> “)
        HTMLEncode = Str
    else
        HTMLEncode=””
    end if
end function


‘断点调试 num=0 中断
Sub Response_write(str,num)
    dim istr:istr=str
    dim inum:inum=num
    response.write str&”<br>”
    if inum=0 then response.end
end sub


SUB EndProc(info)
    Response.write “<hr size=1 color=#00aa00>”
    Response.write info
    Response.write “<hr size=1 color=#00aa00><a javascript:window.history.back();””>返回运行页面</a><br><br>”
    Response.write “<a ?action=exit””>退出登陆</a>”
    response.end
End SUB   
%>
<script language=”JScript” runat=”Server”>
function GetNO(num){
        var NumArray=[
                ][“0″,”0″,”0″,”3c”,”66″,”66″,”66″,”66″,”66″,”66″,”66″,”66″,”3c”,”0″,”0″,”0″],
                [“0″,”0″,”0″,”30″,”38″,”30″,”30″,”30″,”30″,”30″,”30″,”30″,”30″,”0″,”0″,”0”],
                [“0″,”0″,”0″,”3c”,”66″,”60″,”60″,”30″,”18″,”c”,”6″,”6″,”7e”,”0″,”0″,”0″],
                [“0″,”0″,”0″,”3c”,”66″,”60″,”60″,”38″,”60″,”60″,”60″,”66″,”3c”,”0″,”0″,”0″],
                [“0″,”0″,”0″,”30″,”30″,”38″,”38″,”34″,”34″,”32″,”7e”,”30″,”78″,”0″,”0″,”0″],
                [“0″,”0″,”0″,”7e”,”6″,”6″,”6″,”3e”,”60″,”60″,”60″,”66″,”3c”,”0″,”0″,”0″],
                [“0″,”0″,”0″,”38″,”c”,”6″,”6″,”3e”,”66″,”66″,”66″,”66″,”3c”,”0″,”0″,”0″],
                [“0″,”0″,”0″,”7e”,”66″,”60″,”60″,”30″,”30″,”18″,”18″,”c”,”c”,”0″,”0″,”0″],
                [“0″,”0″,”0″,”3c”,”66″,”66″,”66″,”3c”,”66″,”66″,”66″,”66″,”3c”,”0″,”0″,”0″],
                [“0″,”0″,”0″,”3c”,”66″,”66″,”66″,”66″,”7c”,”60″,”60″,”30″,”1c”,”0″,”0″,”0″]
                ];
        var str=[];
        num=String(num).split(“”);
        for(var i=0;i<NumArray[0].length;i++)
                for(var j=0;j<num.length;j++)
                        str[str.length]=(“0x”+NumArray[num[j]][i]);
        var str1=”#define counter_width “+j*8;
        var str2=”#define counter_height 16″;
        return str1+String.fromCharCode(13,10)+str2+String.fromCharCode(13,10)+”static unsigned char counter_bits[]={“+str+”}”;
        }
function GetRnd(Num){
        return Math.floor(Math.random()*Math.pow(10,Num));
        }
function NumCodeJS()
    {
    Response.buffer=true
    var zNum;
    var zNum=GetRnd(4);
    if (zNum<1000) zNum+=999;
    Session(“GetCode”) = zNum;
    Response.ContentType=”image/x-xbitmap”;
    Session(“GetCode”) = zNum;
    Response.Write(GetNO(zNum));
    }
</script>