誰幫我解ASP源碼

Venshop 8.0中config.asp文件對域名進行了綁定：

=======================================================================

加密文檔如下:第壹段：

<%#@~^NgkAAA==@#@&/nDPM/G{/.\D mM+COW4NnmD`Jm[GN(RM+^W.[k+OJ*@#@&k;sxr/+sn1Y~e,WMWh,\x/4Wam/H/O+sJ@#@&M/GcGwxPk5s~1W xSFSq@#@&A+(xDkGcES+4Eb@#@&4WsnalL'M/GvJ4G:wCoJb@#@&/kDnxm:+{.dGvJkkO+UCs+E#@#@&/bYn;MV']n$En/D U+.7+M.lMkm8V/cJU2]#AI{g)HAJ#L]n;!+kY ?n.7+..m.km4snk`Jj/"qKK|HzH3r#@#@&:mk^xDkGcJslrsr#@#@&WlX'Dk{cJ6lXJb@#@&r1wxDk{`rk^2r#@#@&OVxDk{vJOVr#@#@&:kU'M/{`r:dUr#@#@&z:mNNMx./F`rXhl[[MJb@#@&^W9+x.kG`E^KNnJ*@#@&VGTW{D/F`rsWTWE#@#@&C4ko4O'M/GvE4+bo4YE#@#@&mhrND4'M/{crhk[O4Jb@#@&4kL4YD'DkGvEtkLtDYEb@#@&hb[Y4Y'Md{`rhbNOtOE*@#@&w4GYKtx.kG`E24WOW4E*@#@&^WK3Y{Dk{`rVGW0YEb@#@&VKG3alox./F`rVGWV2monJ*@#@&^WGV4lxLxM/{`rsKWV4l oJ*@#@&OW o%'M/{crYW LLr#@#@&dGDD4{DdGcEkW.Yrb@#@&2mjD\n.{DdGvEslr^{k+\Drb@#@&2m?D-nMj/.'M/GvEhlbV|Ed+.E*@#@&2|j+M\n.hl/dxM/{`rhmks|wm//r#@#@&2|?nx9HCUtlk^xDkG`rhCk^{k+UNhCbVE#@#@&2|?nU9HlUHm:n'MdF`EslbV{k+ [xm:nJ*@#@&3|?+ [HmxKH2n'M/F`E:Cr^{OXanJ*@#@&hmkVm.od'MdF`EslbV{M+TdJ*@#@&:mksmM+o1xDkG`rhCk^{M+LmEb@#@&hlbs{KD[nM/'.dF`E:mr^{GMND/r#@#@&:mks{KD[nMm'MdGvJ:mrs{KD9+.mEb@#@&d+MxDkGcEk+DEb@#@&d+MmD'.kGvJ/D|OJ*@#@&Wbm5xM/GvEWbm;rb@#@&Kk1;mxx.kGcJKrm${UE*@#@&.nT'./FcrDnTJ*@#@&TEdYKD[+M'.dF`JT;+kYWM[nDr#@#@&^WhhxO/4Gh{Dd{vJmGhs+UYk4KhE*@#@&4lKLbC/4WA'M/{cr4lK%km/tKAE#@#@&mNhkUd4WA'MdGvJC[skxd4KhE#@#@&4EGktKh'M/FcJ4EG/4WAE*@#@&7nxktWamd3bx{DdGcEk3rxrb@#@&0dVbx'.dF`E/0r Jb@#@&b0Pb/ ;V^`-+ /4Ga{/0rx*PY4nUP7+ /4W2mk3rx{EN0C;^YJ@#@&b0~kkU!Vsv0k3k #,Otx~0k3rU{JNWl!VYr@#@&YNk Nn6x.kGcJD%k Nnar#@#@&OLrl{.kGcrYLkmJ*@#@&TEU'M/{croE E#@#@&\(;O'M/F`E\8;DJb@#@&-hKD[xM/GcE7hGD9E*@#@&M/FRm^Wkn@#@&/nY,Dd{{xWD4k o@#@&dnY,Dk'd+.-D mMnlD+G8N+mOcrl[W98cDn1WMN/Yrb@#@&/5V{Jdn^+mD~YKwP8~MP6DK:~\nUktGw|-+ l[E@#@&Dd Kwnx,d$VS1W x~8~8@#@&D{r/{DdcrY{bdJ*@#@&bd"EK'M/cJrd.EGJ*@#@&b/zG!'DdcrkdXK;r#@#@&EMVy!W{./vJ;D^y;Gr#@#@&;D^XW!x./vJ!DsXG;r#@#@&arm.EGxM/`E2bm"EKE*@#@&ak1XW!'Md`rwrmHW;E*@#@&m[{b:o8x./vJmNmkhL8Jb@#@&CN|khLy'Ddcrl[{bhT E*@#@&lN|ksL&{Dd`rl[mb:o2E#@#@&l9mr:Tc{Dd`EC9{r:T*J*@#@&C9{E.s8'./vEmNm!D^FJ*@#@&CN|E.Vy'.dvJl9mEMV rb@#@&mN|E.VfxM/cJm[{!Dsfr#@#@&C9{;D^*{DdvJmN{!D^*J*@#@&DkR^sK/+@#@&/YPMdxxKY4kUo@#@&wEUmDrW P-n mW[nv\nxk4Kwb@#@&6WD,k{qPDW~Vxc-x/4Gw*@#@&bW~:bNv\nxd4KwSkBq#@!@*-AKDN~O4+U@#@&-xxm/1`:bNv-+ /4Wa~rS8## -4!Y@#@&rWP7+ @*q ~Dtnx@#@&\xx-xO1X@#@&nVknb0~7+ @!&yPD4+ @#@&\xx-x_OX@#@&+x9~r0@#@&7+Ulx-xC[14Dv\nU*@#@&nsk+@#@&7n lx7+ l[1tMcF2#@#@&x[~b0@#@&U+XY@#@&-nx1W9+x\nUm@#@&2 [PwEU^DkWUK8UCAA==^#~@%>

破解出來為：

<%

set rs7=server.createobject("adodb.recordset")

sql="select * from venshop_system"

rs7.open sql,conn,1,1

web=rs7("web")

homepage=rs7("homepage")

sitename=rs7("sitename")

siteurl=Request.ServerVariables("SERVER_NAME")&Request.ServerVariables("SCRIPT_NAME")

mail=rs7("mail")

fax=rs7("fax")

icp=rs7("icp")

tel=rs7("tel")

msn=rs7("msn")

ymaddr=rs7("ymaddr")

code=rs7("code")

logo=rs7("logo")

aheight=rs7("height")

awidth=rs7("width")

heightt=rs7("heightt")

widtht=rs7("widtht")

photoh=rs7("photoh")

lookt=rs7("lookt")

lookpage=rs7("lookpage")

lookhang=rs7("lookhang")

tongj=rs7("tongj")

sortb=rs7("sort")

E_Server=rs7("mail_sever")

E_ServerUser=rs7("mail_user")

E_ServerPass=rs7("mail_pass")

E_SendManMail=rs7("mail_sendmail")

E_SendManName=rs7("mail_sendname")

E_SendManType=rs7("mail_type")

mail_regs=rs7("mail_regs")

mail_regc=rs7("mail_regc")

mail_orders=rs7("mail_orders")

mail_orderc=rs7("mail_orderc")

ser=rs7("ser")

ser_t=rs7("ser_t")

oicq=rs7("oicq")

oicq_n=rs7("oicq_n")

reg=rs7("reg")

guestorder=rs7("guestorder")

commentshow=rs7("commentshow")

baojiashow=rs7("baojiashow")

adminshow=rs7("adminshow")

huoshow=rs7("huoshow")

venshop_skin=rs7("skin")

fskin=rs7("skin")

if isnull(venshop_skin) then venshop_skin="default"

if isnull(fskin) then fskin="default"

tjindex=rs7("tjindex")

tejia=rs7("tejia")

gun=rs7("gun")

vbut=rs7("vbut")

vword=rs7("vword")

rs7.close

set rs7=nothing

set rs=server.createobject("adodb.recordset")

sql="select top 1 * from venshop_venad"

rs.open sql,conn,1,1

t_is=rs("t_is")

iszuo=rs("iszuo")

isyou=rs("isyou")

urlzuo=rs("urlzuo")

urlyou=rs("urlyou")

piczuo=rs("piczuo")

picyou=rs("picyou")

ad_img1=rs("ad_img1")

ad_img2=rs("ad_img2")

ad_img3=rs("ad_img3")

ad_img4=rs("ad_img4")

ad_url1=rs("ad_url1")

ad_url2=rs("ad_url2")

ad_url3=rs("ad_url3")

ad_url4=rs("ad_url4")

rs.close

set rs=nothing

Function vencode(venshop)

for i=1 to len(venshop)

if mid(venshop,i,1)<>vword then

ven=asc(mid(venshop,i,1))-vbut

if ven>126 then

ven=ven-95

elseif ven<32 then

ven=ven+95

end if

vena=vena&chr(ven)

else

vena=vena&chr(13)

end if

next

vencode=vena

End Function %>

最後壹段：

Function vencode(venshop)

for i=1 to len(venshop)

if mid(venshop,i,1)<>vword then

ven=asc(mid(venshop,i,1))-vbut

if ven>126 then

ven=ven-95

elseif ven<32 then

ven=ven+95

end if

vena=vena&chr(ven)

else

vena=vena&chr(13)

end if

next

vencode=vena

End Function %> 用來對第二段加密文檔進行解密

第二段加密文檔如下:

<%

venshopcom="iptu>mdbtf)sfrvftu/tfswfswbsjbcmft)#IUUQ`IPTU#**|jg!jotus)iptu-#csboemjgfnbmm#*=>1!boe!jotus)iptu-#2:3/279#*=>1!boe!iptu=?#mpdbmiptu#!boe!!iptu=?#238/1/1/2#!uifo|sftqpotf/sfejsfdu!#iuuq;00xxx/wfotipq/dpn0#|sftqpotf/foe|foe!jg|Gz`Vsm>Sfrvftu/TfswfsWbsjbcmft)#RVFSZ`TUSJOH#*|Gz`b>tqmju)Gz`Vsm-#'#*|sfejn!Gz`Dt)vcpvoe)Gz`b**|Po!Fssps!Sftvnf!Ofyu|gps!Gz`y>1!up!vcpvoe)Gz`b*|Gz`Dt)Gz`y*!>!mfgu)Gz`b)Gz`y*-jotus)Gz`b)Gz`y*-#>#*.2*|Ofyu|Gps!Gz`y>1!up!vcpvoe)Gz`Dt*|Jg!Gz`Dt)Gz`y*=?##!Uifo|Jg!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#(#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#boe#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#tfmfdu#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#vqebuf#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#dis#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#efmfuf&31gspn#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#<#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#jotfsu#*=?1!ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#nje#*=?1!Ps!Jotus)MDbtf)Sfrvftu)Gz`Dt)Gz`y***-#nbtufs/#*=?1!Uifo|sftqpotf/Xsjuf!#=tdsjqu!mbohvbhf>(kbwbtdsjqu(?bmfsu)(Fssps""(*<ijtupsz/hp).2*<=0tdsjqu?#|Sftqpotf/Foe|Foe!Jg|Foe!Jg|Ofyu|Gvodujpo!EfmTus)Tus*|Jg!JtOvmm)Tus*!Ps!JtFnquz)Tus*!Uifo|Tus>!##|Foe!Jg|EfmTus>Sfqmbdf)Tus-#<#-##*|EfmTus>Sfqmbdf)EfmTus-#(#-##*|EfmTus>Sfqmbdf)EfmTus-#'#-##*|EfmTus>Sfqmbdf)EfmTus-#!#-##*|EfmTus>Sfqmbdf)EfmTus-#?#-##*|EfmTus>Sfqmbdf)EfmTus-#&31#-##*|EfmTus>Sfqmbdf)EfmTus-#.#-##*|EfmTus>Sfqmbdf)EfmTus-#>#-##*|EfmTus>Sfqmbdf)EfmTus-#=#-##*|EfmTus>Sfqmbdf)EfmTus-#?#-##*|EfmTus>Sfqmbdf)EfmTus-#-##*|Foe!Gvodujpo|Gvodujpo!dilmphjo)vtfs`obnf*|tfu!st>tfswfs/dsfbufpckfdu)#bepec/sfdpsetfu#*|trm>#tfmfdu!+!gspn!wfotipq`vtfs!xifsf!vtfsobnf>(#'vtfs`obnf'#(#|st/pqfo!trm-dpoo-2-2|jg!st/fpg!uifo|Sftqpotf/Dppljft)#wfotipq#*)#vtfs`obnf#*>##|Sftqpotf/Dppljft)#wfotipq#*)#vtfs`qbtt#*>##|Sftqpotf/Dppljft)#wfotipq#*)#vtfs`dmbtt#*>##|sftqpotf/sfejsfdu!#mphjo/btq#|sftqpotf/foe|fmtf|vtfs`qbtt>st)#vtfsqbtt#*|foe!jg|st/dmptf|tfu!st>opuijoh|jg!usjn)Sfrvftu/Dppljft)#wfotipq#*)#vtfs`qbtt#**=?usjn)vtfs`qbtt*!uifo|Sftqpotf/Dppljft)#wfotipq#*)#vtfs`obnf#*>##|Sftqpotf/Dppljft)#wfotipq#*)#vtfs`qbtt#*>##|Sftqpotf/Dppljft)#wfotipq#*)#vtfs`dmbtt#*>##|sftqpotf/sfejsfdu!#mphjo/btq#|sftqpotf/foe|foe!jg|Foe!Gvodujpo|Gvodujpo!Tipxgmbti)jnh-xu-ih-pobnf*|sftqpotf/xsjuf!#=pckfdu!dmbttje>##dmtje;E38DEC7F.BF7E.22DG.:7C9.555664651111##!obnf>#'pobnf'#!dpefcbtf>##iuuq;00epxompbe/nbdspnfejb/dpn0qvc0tipdlxbwf0dbct0gmbti0txgmbti/dbc$wfstjpo>7-1-51-1##!cpsefs>##1##!xjeui>#'xu'#!ifjhiu>#'ih'#?#|sftqpotf/xsjuf!#=qbsbn!obnf>##npwjf##!wbmvf>#'jnh'#?#|sftqpotf/xsjuf!#=qbsbn!obnf>##rvbmjuz##!wbmvf>##Ijhi##?#|sftqpotf/xsjuf!#=fncfe!tsd>#'jnh'#!qmvhjotqbhf>##iuuq;00xxx/nbdspnfejb/dpn0hp0hfugmbtiqmbzfs##!uzqf>##bqqmjdbujpo0y.tipdlxbwf.gmbti##!obnf>#'pobnf'#!rvbmjuz>##Ijhi##!xjeui>#'xu'#!ifjhiu>#'ih'#?=0pckfdu?#|Foe!Gvodujpo|Gvodujpo!GpsnbuOvn)Ovn*|GpsnbuOvn>GpsnbuOvncfs)Ovn-3-.2*|Foe!Gvodujpo"

execute(vencode(venshopcom))

%>

8.0以下版本將最後壹句execcute(vencode(venshopcom))改為response.write(vencode(venshopcom))

起作用的是

host=lcase(request.servervariables("HTTP_HOST"))

if instr(host,"brandlifemall")<=0 and instr(host,"192.168")<=0 and host<>"localhost" and host<>"127.0.0.1" then

response.redirect "/"

8.0版在加密文檔中輸出了壹個alart,用上面的方法輸出被alart中斷沒法看到完整的解密文檔.把response.write改為文件輸出,從本地文件中獲得解密後的文檔,如下:

<%

host=lcase(request.servervariables("HTTP_HOST"))

if instr(host,"brandlifemall")<=0 and instr(host,"192.168")<=0 and host<>"localhost" and host<>"127.0.0.1" then

response.redirect "/"

response.end

end if

Fy_Url=Request.ServerVariables("QUERY_STRING")

Fy_a=split(Fy_Url,"&")

redim Fy_Cs(ubound(Fy_a))

On Error Resume Next

for Fy_x=0 to ubound(Fy_a)

Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)

Next

For Fy_x=0 to ubound(Fy_Cs)

If Fy_Cs(Fy_x)<>"" Then

If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"update")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),";")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")<>0 Then

response.Write ""

Response.End

End If

End If

Next

Function DelStr(Str)

If IsNull(Str) Or IsEmpty(Str) Then

Str= ""

End If

DelStr=Replace(Str,";","")

DelStr=Replace(DelStr,"'","")

DelStr=Replace(DelStr,"&","")

DelStr=Replace(DelStr," ","")

DelStr=Replace(DelStr,">","")

DelStr=Replace(DelStr,"%20","")

DelStr=Replace(DelStr,"-","")

DelStr=Replace(DelStr,"=","")

DelStr=Replace(DelStr,"<","")

DelStr=Replace(DelStr,">","")

DelStr=Replace(DelStr,"%","")

End Function

Function chklogin(user_name)

set rs=server.createobject("adodb.recordset")

sql="select * from venshop_user where username='"&user_name&"'"

rs.open sql,conn,1,1

if rs.eof then

Response.Cookies("venshop")("user_name")=""

Response.Cookies("venshop")("user_pass")=""

Response.Cookies("venshop")("user_class")=""

response.redirect "login.asp"

response.end

else user_pass=rs("userpass")

end if

rs.close

set rs=nothing

if trim(Request.Cookies("venshop")("user_pass"))<>trim(user_pass) then

Response.Cookies("venshop")("user_name")=""

Response.Cookies("venshop")("user_pass")=""

Response.Cookies("venshop")("user_class")=""

response.redirect "login.asp"

response.end

end if

End Function

Function Showflash(img,wt,hg,oname)

response.write ""

response.write ""

response.write ""

response.write ""

End Function

Function FormatNum(Num)

FormatNum=FormatNumber(Num,2,-1)

End Function

%>

將brandlifemall改為自己的域名,則破解成功.

另外,根據vencode函數逆推,可以得出加密函數,將明碼還原到加密狀態.

ps:8.0版本中vencode函數有兩個vword和vbut變量是從數據庫中提取的,值可能是出廠前隨即設定,也有可能是固定的,我的數據庫裏vword="|" , vbut="1"

上一篇:短線強勢股選股戰法

下一篇:方便的蜜蜂源代碼