WoYiGui's BloG | 关注安全测试

<br />if (lcase(right(wscript.fullname,11))="wscript.exe") then<br />echo "Execute it under the cmd.exe Plz! Thx."<br />echo "code by lcx"<br />wscript.quit<br />end If<br /><br />if wscript.arguments.count<1 then                             <br />   echo "Usage: cscript sql.vbs showTables e:&#92;hytop.mdb或sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs;"<br />   echo "usage: cscript sql.vbs query 连接字符串 <表名=default:""""> sql语句 <页数=default:1>"<br />   echo "exp:cscript sql.vbs showTables "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)<br />   echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"select * from name"&chr(34)&Space(1) & 1<br />   echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"update....."&chr(34)&Space(1) & 1<br />   echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"exec master.dbo.xp_cmdshell &#039;net user ice hacker /add&#039;--"&chr(34)&Space(1) & 1<br />end If<br /><br />Sub chkErr(Err)<br />   If Err Then<br />    echo "错误: " & Err.Description & "错误源: " & Err.Source & vbcrlf<br />    Err.Clear<br />    wscript.quit<br />   End If<br />End Sub<br /><br /><br />Sub echo(str)<br />   wscript.echo str<br />End Sub<br /><br />Function fixNull(str)<br />   If IsNull(str) Then<br />    str = " "<br />   End If<br />   fixNull = str<br />End Function<br /><br />Sub showErr(str)<br />   Dim i, arrayStr<br />   arrayStr = Split(str, "$$")<br />   echo "出错信息:"&vbcrlf<br />   For i = 0 To UBound(arrayStr)<br />    echo   (i + 1) & ". " & arrayStr(i) & "<br />"<br />   Next<br />   echo vbcrlf<br />   wscript.quit<br />End Sub<br /><br />Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-<br />Rem     下面是程序模块选择部分<br />Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-<br /><br /><br />PageMsDataBase()<br />  <br /><br /><br />Sub pageMsDataBase()<br />   Dim theAct, sqlStr<br />        theAct = Wscript.Arguments(0)<br />   sqlStr = Wscript.Arguments(1)<br />  <br />   Select Case theAct<br />    Case "showTables"<br />     showTables()<br />    Case "query"<br />     showQuery()<br />   <br />   End Select<br /><br />End Sub<br /><br />Sub showTables()<br /><br />   Dim conn, sqlStr, rsTable, rsColumn, connStr, tablesStr<br />   sqlStr = Wscript.Arguments(1)<br />   If LCase(Left(sqlStr, 4)) = "sql:" Then<br />    connStr = Mid(sqlStr, 5)<br />   Else<br />    connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr<br />   End If<br />   Set conn = CreateObject("Adodb.Connection")<br />  <br />   conn.Open connStr<br />   chkErr(Err)<br />  <br />   tablesStr = getTableList(conn, sqlStr, rsTable)<br />  <br />  <br />   echo tablesStr & "================================================="<br />  <br /><br />   Do Until rsTable.Eof<br />    Set rsColumn = conn.OpenSchema(4, Array(Empty, Empty, rsTable("Table_Name").value))<br />    echo rsTable("Table_Name") &vbcrlf<br />   <br />    Do Until rsColumn.Eof<br />    <br />     echo "字段名:" & rsColumn("Column_Name")&vbclrf<br />     echo "类型:" & getDataType(rsColumn("Data_Type")) & vbclrf<br />     echo "大小:" & rsColumn("Character_Maximum_Length") & vbclrf<br />     echo "精度:" & rsColumn("Numeric_Precision") & vbclrf<br />     echo "允许为空:" & rsColumn("Is_Nullable") & vbclrf<br />     echo "默认值:" & rsColumn("Column_Default") & vbclrf&vbclrf<br />     rsColumn.MoveNext<br />    <br />    Loop<br />   <br />    rsTable.MoveNext<br />    echo vbcrlf<br />   Loop<br /><br />   echo "==============================================================="<br /><br />   conn.Close<br />   Set conn = Nothing<br />   Set rsTable = Nothing<br />   Set rsColumn = Nothing<br />End Sub<br /><br />Sub showQuery()<br />  <br />   Dim i, j, rs, sql, page, conn, sqlStr, connStr, rsTable, tablesStr, theTable<br />       <br />   sqlStr = Wscript.Arguments(1)<br />   theTable = Wscript.Arguments(2)<br />   sql=Wscript.Arguments(3)<br />   page=Wscript.Arguments(4)<br />  <br />   If Not IsNumeric(page) or page = "" Then<br />    page = 1<br />   End If<br /><br />  <br />   If LCase(Left(sqlStr, 4)) = "sql:" Then<br />    connStr = Mid(sqlStr, 5)<br />   Else<br />    connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr<br />   End If<br />   Set rs = CreateObject("Adodb.RecordSet")<br />   Set conn = CreateObject("Adodb.Connection")<br /><br />   conn.Open connStr<br />   chkErr(Err)<br />  <br />   tablesStr = getTableList(conn, sqlStr, rsTable)<br /><br />   echo "数据库表结构查看:"<br />   echo tablesStr & "========================================================"<br />   echo ">SQL命令执行及查看<:"&vbcrlf<br />   If sql <> "" And Left(LCase(sql), 7) = "select " Then<br />    rs.Open sql, conn, 1, 1<br />    chkErr(Err)<br />    rs.PageSize = 20<br />    If Not rs.Eof Then<br />     rs.AbsolutePage = page<br />    End If<br />    If rs.Fields.Count>0 Then<br />     echo   "SQL操作 - 执行结果"&vbcrlf<br />     echo "===================="&theTable&"列名如下========================================"<br />     For j = 0 To rs.Fields.Count-1<br />      echo   rs.Fields(j).Name & vbcrlf<br />     Next<br />     For i = 1 To 20<br />      If rs.Eof Then<br />       Exit For<br />      End If<br />     <br />     <br />      For j = 0 To rs.Fields.Count-1<br />       echo   fixNull(rs(j))& vbcrlf<br />      Next<br />     <br />      rs.MoveNext<br />     Next<br />    End If<br />    echo "================================================================="<br />    echo " 共有"&rs.Fields.Count&"列" & vbcrlf<br />    For i = 1 To rs.PageCount<br />     page=i<br />    <br />    Next<br />    echo " 共有" & page & "页"<br />    rs.Close<br />   Else<br />   If sql <> "" Then<br />     conn.Execute(sql)<br />     chkErr(Err)<br />     echo "执行完毕!"&vbcrlf<br />    End If<br />   End If<br /><br />  <br /><br />   conn.Close<br />   Set rs = Nothing<br />   Set conn = Nothing<br />   Set rsTable = Nothing<br />End Sub<br /><br />Function getDataType(typeId)<br />   Select Case typeId<br />    Case 130<br />     getDataType = "文本"<br />    Case 2<br />     getDataType = "整型"<br />    Case 3<br />     getDataType = "长整型"<br />    Case 7<br />     getDataType = "日期/时间"<br />    Case 5<br />     getDataType = "双精度型"<br />    Case 11<br />     getDataType = "是/否"<br />    Case 128<br />     getDataType = "OLE 对象"<br />    Case Else<br />     getDataType = typeId<br />   End Select<br />End Function<br /><br />Function getTableList(conn, sqlStr, rsTable)<br />   Set rsTable = conn.OpenSchema(20, Array(Empty, Empty, Empty, "table"))<br />        echo "存在以下表名:"<br />   Do Until rsTable.Eof<br />    getTableList = getTableList & "&#91;"& rsTable("Table_Name") & "&#93;"&vbcrlf<br />    rsTable.MoveNext<br />   Loop<br />   rsTable.MoveFirst<br />End Function