[转载]运行asp脚本的asp脚本
文章作者:Bluer写这个小东西的出发点,由于经常的需要在线利用asp脚本的ado对数据库执行建表,修改字段每次都要ftp修改升级文件传上去或在线修改好了运行!很是麻烦于是写了这个小东西!很方便~~
脚本特点:1.可以运行除了 ssi(如#include file) 和 预处理指令(如@ language=javascript)外的任何 asp vbscript 脚本比如数据库连接,记录集的建立,甚至Fso等2.并可运行<%%> <%=%> HTML混编的 ASP脚本 3.有简单的容错处理机制,可以简单的知道是脚本那个部分错误4.具有验证码登陆,密码和用户名在代码runasp.asp 的头部修改,缺省提供的是帐号:admin 密码:admin
看起来这个脚本很简陋,其实功能极其强大的可怕!虽然有简单的登陆验证,但还是不建议你使用在你的站点上,做为一个辅助调试asp代码的小工具个人认为比较实用的!所以你可以自己测试,玩玩,或作为临时的论坛代码解决问题的测试工具!因为每次都要进入调试环境来运行asp的确麻烦!还需要注意一点的是象 <td width=50%> 的50%一定要写加引号
演示(admin 密码admin):[url]www.paintblue.net/myasp/runasp.asp[/url](实际执行功能已经屏蔽,请下载或粘贴下面代码测试使用):
下载: [url]http://www.paintblue.net/myasp/runasp.rar[/url]
<% @ LANGUAGE="VBSCRIPT" %><%Option Explicitresponse.buffer=truedim Spassword,SUserName SUserName="admin" Spassword="admin"dim SQLMutiStrdim idim action action=request.querystring("action")
IF action="GetCode" then '---------TOT NumCodeJSELSE '--------TOT Response.Write("<!DOCTYPE HTML PUBLIC ""-//W3C//DTD HTML 4.0 Transitional//EN"">") Response.Write("<HTML>") Response.Write("<HEAD>") Response.Write("<TITLE>ASP RunCode SCR V1.0 / Create By PaintBlue.Net V37</TITLE>") Response.Write("<META NAME=""Generator"" CONTENT=""EditPlus,V37,PaintBlue.Net"">") Response.Write("<META NAME=""Author"" CONTENT=""V37,PaintBlue.Net"">") Response.Write("<META NAME=""Keywords"" CONTENT=""PaintBlue.Net,,V37,RunCode,ASP,Script,BlueIdea.COM,Lfgbox.com"">") Response.Write("<META NAME=""Description"" CONTENT=""运行ASP代码的ASP脚本!"">") Response.Write("</HEAD>") Response.Write("<BODY bgcolor=#D4D0C8>")
SQLMutiStr=trim(Request.Form("SQLMutiStr")) if session("login")="" and action="chkpass" then session("login")=checkPass() end if if action="exit" then session("login")="" if session("login")="1" then if action="RunCode" then if SQLMutiStr="" then Response.write "没有输入要运行的代码!" Response.write "<br><br><a href=""javascript:window.history.back();"">返回运行页面</a><br><br>" Response.write "<a href=""?action=exit"">退出登陆</a>" response.end else dim ExeStrArr dim re dim tempSQL,tempSQL2 dim ScriptArr,ScriptSubArr tempSQL2="" tempSQL=split(SQLMutiStr,vbcrlf) if inStr(lcase(tempSQL(0)),"language")>0 then tempSQL2=tempSQL(1) if ubound(tempSQL)>1 then for i=1 to ubound(tempSQL) tempSQL2=tempSQL2&tempSQL(i) next end if tempSQL2=trim(tempSQL2) else tempSQL2=SQLMutiStr end if tempSQL2=replace(tempSQL2,"<%"&"=","<"&"%response.write ") do tempSQL2=replace(tempSQL2,vbcrlf&vbcrlf,vbcrlf) loop while instr(tempSQL2,vbcrlf&vbcrlf)>0 tempSQL2=trim(tempSQL2) tempSQL2="<"&"%%"&">"&tempSQL2&"<"&"%%"&">" ScriptArr=split(tempSQL2,"%"&">") dim ub,kub ub=ubound(ScriptArr) for i=0 to ub-1 ScriptSubArr=split(ScriptArr(i),"<"&"%") if i>0 then response.write (ScriptSubArr(0)) ExeCuteIt(ScriptSubArr(1)) next call EndProc("<font color=#009900>代码运行完毕!</font>") end if else %> 输入要运行的ASP代码: <FORM METHOD=POST ACTION="?action=RunCode" style="margin:0px;"> <TEXTAREA NAME="SQLMutiStr" wrap='OFF' ROWS="20" style="width:100%;height:100%;table-layout:fixed;word-break:break-all;"><%=Server.Htmlencode(SQLMutiStr)%></TEXTAREA> <br> <INPUT TYPE="button" onclick="window.location.href='?action=exit';" Value="LouOut"> <INPUT TYPE="reset" Value="Clear"> <INPUT TYPE="submit" value="Run AspCode"> </FORM> <% end if else call loginmain() end if Response.write ("</BODY></HTML>")END IF '-------TOT
SUB loginMain() %>
<FORM METHOD=POST ACTION="?action=chkpass"> UserName:<INPUT TYPE="text" NAME="UserName"><br> PassWord:<INPUT TYPE="password" NAME="Runpassword"><br> CheckCode:<INPUT TYPE="GetCode" NAME="GetCode"><img src="runasp.asp?action=GetCode&Time=<%=timer()%>"><br> <br><img width=125 height=0><INPUT TYPE="submit" value=" Login "></FORM> <% End SUB
function checkPass() dim UserName,Runpassword,GetCode dim errinfo checkPass="" UserName=trim(request.form("UserName")) Runpassword=trim(request.form("Runpassword")) GetCode=request.form("GetCode") if UserName="" or Runpassword="" then errinfo=errinfo&"<li>用户名和密码输入不能为空" end if if Not isnumeric(GetCode) then errinfo=errinfo&"<li>请输入数字校验码" end if if errinfo<>"" then call loginmain() EndProc errinfo end if if action="chkpass" and Session("GetCode")=int(GetCode) and UserName=SUserName and Runpassword=Spassword then Session("GetCode")=0 checkPass="1" else call loginmain() EndProc "登陆失败!请重新确认正确输入" end ifEnd function
SUB ExeCuteIt(ExString) on error resume next Execute(ExString) if err.number<>0 then Response.write "<div style=""background-color: #ffeedd;padding: 6px;"">" Response.write "<hr size=1>" Response.write "出错信息:<li><font color=#ff0000>"&err.description&"</font>" Response.write "<hr size=1>" Response.write "出错代码:<li><font color=#0000ff>"&Htmlencode(ExString)&"</font>" Response.write "<hr size=1></div>" end if on error goto 0end SUB
function HTMLEncode(reString) dim Str:Str=reString if not isnull(Str) then Str = replace(Str, ">", ">") Str = replace(Str, "<", "<") Str = Replace(Str, CHR(32), " ") Str = Replace(Str, CHR(9), " ") Str = Replace(Str, CHR(34), """) ' " Str = Replace(Str, CHR(39), "'") ' ' Str = Replace(Str, CHR(13), "") Str = Replace(Str, CHR(10) & CHR(10), "</P><P> ") Str = Replace(Str, CHR(10), "<BR> ") HTMLEncode = Str else HTMLEncode="" end ifend function
'断点调试 num=0 中断Sub Response_write(str,num) dim istr:istr=str dim inum:inum=num response.write str&"<br>" if inum=0 then response.endend sub
SUB EndProc(info) Response.write "<hr size=1 color=#00aa00>" Response.write info Response.write "<hr size=1 color=#00aa00><a href=""javascript:window.history.back();"">返回运行页面</a><br><br>" Response.write "<a href=""?action=exit"">退出登陆</a>" response.endEnd SUB %><script language="JScript" runat="Server">function GetNO(num){ var NumArray=[ ["0","0","0","3c","66","66","66","66","66","66","66","66","3c","0","0","0"], ["0","0","0","30","38","30","30","30","30","30","30","30","30","0","0","0"], ["0","0","0","3c","66","60","60","30","18","c","6","6","7e","0","0","0"], ["0","0","0","3c","66","60","60","38","60","60","60","66","3c","0","0","0"], ["0","0","0","30","30","38","38","34","34","32","7e","30","78","0","0","0"], ["0","0","0","7e","6","6","6","3e","60","60","60","66","3c","0","0","0"], ["0","0","0","38","c","6","6","3e","66","66","66","66","3c","0","0","0"], ["0","0","0","7e","66","60","60","30","30","18","18","c","c","0","0","0"], ["0","0","0","3c","66","66","66","3c","66","66","66","66","3c","0","0","0"], ["0","0","0","3c","66","66","66","66","7c","60","60","30","1c","0","0","0"] ]; var str=[]; num=String(num).split(""); for(var i=0;i<NumArray[0].length;i++) for(var j=0;j<num.length;j++) str[str.length]=("0x"+NumArray[num[j]][i]); var str1="#define counter_width "+j*8; var str2="#define counter_height 16"; return str1+String.fromCharCode(13,10)+str2+String.fromCharCode(13,10)+"static unsigned char counter_bits[]={"+str+"}"; }function GetRnd(Num){ return Math.floor(Math.random()*Math.pow(10,Num)); }function NumCodeJS() { Response.buffer=true var zNum; var zNum=GetRnd(4); if (zNum<1000) zNum+=999; Session("GetCode") = zNum; Response.ContentType="image/x-xbitmap"; Session("GetCode") = zNum; Response.Write(GetNO(zNum)); }</script>
[Ctrl+A 全部选择 提示:你可先修改部分代码,再按运行]
代码思路:1.使用 vbs的 execute() 命令执行 字串的强大功能!这个命令有时候很有用,特别是可以把你的脚本当一个方便的字串处理,完成后再调用execute 执行运行!由于execute的执行代码效率比较低,所以实际使用中用的非常少! 我比较过执行只要 50ms的代码,改用execute 来执行后串升到 200ms2.对 提交的 asp脚本表单的处理! 先对 <%=aaaa%>做替换成 <%response.write aaaa%>然后,程序对其在头和尾分别加上一对<%%> form 代码 <%%>然后对<% 和%>分别执行split二次分割!就能有规律的取得 Html代码和 纯asp 代码两部分!然后对 html段的数组成员直接 response.write对 纯asp代码的数组成员执行 execute这样对每段 asp code执行 on error resume next 取 err.description就大致了解asp出错信息了 核心部分就一句话execute(str) 对!
就是用这个
我记的 haicao的 自定义屏蔽注入 函数也用了这个~
页:
[1]