├── Proposed Architecture Diagram.docx ├── Untitled Diagram.drawio ├── httplog.csv ├── README.md ├── log_parser.py ├── demo_good_requests.csv ├── demo_good_and_bad_requests.csv └── demo_bad_responses.csv /Proposed Architecture Diagram.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/saptajitbanerjee/SQL-Injection-Detection/HEAD/Proposed Architecture Diagram.docx -------------------------------------------------------------------------------- /Untitled Diagram.drawio: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /httplog.csv: -------------------------------------------------------------------------------- 1 | method,path,body,single_q,double_q,dashes,braces,spaces,badwords,class 2 | GET,b'/',b'',0,0,0,0,0,0,good 3 | GET,b'/bank/main.jsp',b'',0,0,0,0,0,0,good 4 | GET,b'/index.jsp',b'',0,0,0,0,0,0,good 5 | GET,b'/login.jsp',b'',0,0,0,0,0,0,good 6 | GET,b'/logout.jsp',b'',0,0,0,0,0,0,good 7 | GET,b'/index.jsp?content=business.htm',b'',0,0,0,0,0,0,good 8 | GET,b'/index.jsp?content=inside.htm',b'',0,0,0,0,0,0,good 9 | GET,b'/index.jsp?content=personal_deposit.htm',b'',0,0,0,0,0,0,good 10 | GET,b'/index.jsp?content=personal_investments.htm',b'',0,0,0,0,0,0,good 11 | POST,b'/doLogin',b'uid=Admin&passw=admin&btnSubmit=Login',0,0,0,0,0,1,good 12 | POST,b'/doLogin',b'uid=JSmith%27+--&passw=1234&btnSubmit=Login',1,0,1,0,0,1,good 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SQL-Injection-Detection 2 | Software used: 3 |
    4 |
  1. Python 3.9.5
    2. 5 |
  2. BurpSuite
    3. 6 |
  3. Accunetix Web Vulnerability Scanner
    4. 7 |
8 | 9 | Python Libraries installed: 10 |
    11 |
  1. urllib
    2. 12 |
  2. csv
    3. 13 |
  3. base64
    4. 14 |
  4. xml
    5. 15 |
16 | 17 | We used Accunetix Web Vulnerability Scanner to generate general web crawling requests and malicious SQL injection requests on a target website. These requests as well as their responses to those requests by the target website are sent to specific port from where they are caught by BurpSuite. These captured requests and responses are saved in log files. One separate log file is made for the normal web crawling requests and another log file is made for malicious SQL injection requests. 18 | 19 | We then used the log_parser.py code to extract the required features from the log files for our Logistic Regression ML model. The requests and responses are saved in XML file format in the log files for which we use the xml python library to extract the requests and responses. From the extracted requests we extract the required features and put them in a csv file 20 | 21 | We use only csv file as the dataset for our Logistic Regression ML model which contains the features of both general web crawling requests and malicious SQL injection requests 22 | 23 | 24 | Result 25 | We finally create our labeled dataset to train our Supervised Machine Learning model using logistic regression. This dataset is also used to predict the accuracy of our ML model. 26 | -------------------------------------------------------------------------------- /log_parser.py: -------------------------------------------------------------------------------- 1 | from xml.etree import ElementTree as ET 2 | from urllib.parse import unquote,unquote_plus 3 | import base64 4 | import csv 5 | log_path='bad_requests.log' 6 | def parse_log(log_path): 7 | result={} 8 | try: 9 | with open(log_path): pass 10 | except IOError as e: 11 | print("Error ",log_path,"doesn't exist") 12 | exit() 13 | try: 14 | tree=ET.parse(log_path) 15 | except Exception as e: 16 | print("Please make sure binary data is not present in log") 17 | exit() 18 | root = tree.getroot() 19 | for reqs in root.findall('item'): 20 | raw_req = reqs.find('request').text 21 | raw_req = unquote(raw_req) 22 | raw_resp = reqs.find('response').text 23 | result[raw_req] = raw_resp 24 | return result 25 | 26 | def parseRawHTTPReq(rawreq): 27 | try: 28 | raw = rawreq.decode('utf8') 29 | except: 30 | raw = rawreq 31 | global headers,method,body,path 32 | headers = {} 33 | sp = raw.split('\r\n\r\n',1) 34 | if sp[1]!="": 35 | head=sp[0] 36 | body=sp[1] 37 | else: 38 | head = sp[0] 39 | body="" 40 | c1 = head.split('\n',head.count('\n')) 41 | method = c1[0].split(' ',2)[0] 42 | path = c1[0].split(' ',2)[1] 43 | for i in range(1, head.count('\n')+1): 44 | slice1 = c1[i].split(': ',1) 45 | if slice1[0] != "": 46 | try: 47 | headers[slice1[0]] = slice1[1] 48 | except: 49 | pass 50 | return headers,method,body,path 51 | 52 | badwords = ['sleep','drop','uid','uname','select','waitfor','delay','system','union','order by','group by'] 53 | category = "bad" 54 | def ExtractFeatures(method,path_enc,body_enc,headers): 55 | badwords_count = 0 56 | path = unquote_plus(path_enc) 57 | body = unquote(body_enc) 58 | single_q = path.count("'") + body.count("'") 59 | double_q = path.count("\"") + body.count("\"") 60 | dashes = path.count("--") + body.count("--") 61 | braces = path.count("(") + body.count("(") 62 | spaces = path.count(" ") + body.count(" ") 63 | for word in badwords: 64 | badwords_count += path.count(word) + body.count(word) 65 | for header in headers: 66 | badwords_count += headers[header].count(word) 67 | #if badwords_count-path.count('uid')-body.count('uid')-path.count('passw')-body.count('passwd')>0: 68 | # category = 0 69 | return [method,path_enc.encode('utf-8').strip(),body_enc.encode('utf-8').strip(),single_q,double_q,dashes,braces,spaces,badwords_count,category] 70 | raw_input('>>>') 71 | #Open the log file 72 | f=open('demo_bad_responses.csv',"w") 73 | c = csv.writer(f) 74 | c.writerow(["method","path","body","single_q","double_q","dashes","braces","spaces","badwords","class"]) 75 | f.close() 76 | #print(parse_log(log_path)) 77 | result = parse_log(log_path) 78 | 79 | f = open('demo_bad_responses.csv','a') 80 | c = csv.writer(f) 81 | for items in result: 82 | #data = [] 83 | raw = base64.b64decode(items) 84 | headers,method,body,path = parseRawHTTPReq(raw) 85 | #data.append(method) 86 | #data.append(body) 87 | #data.append(path) 88 | #data.append(headers) 89 | #f = open('httplog.csv','a') 90 | #c = csv.writer(f) 91 | data = ExtractFeatures(method,path,body,headers) 92 | c.writerow(data) 93 | f.close() 94 | -------------------------------------------------------------------------------- /demo_good_requests.csv: -------------------------------------------------------------------------------- 1 | method,path,body,single_q,double_q,dashes,braces,spaces,badwords,class 2 | GET,b'/',b'',0,0,0,0,0,0,good 3 | GET,b'/.idea/',b'',0,0,0,0,0,0,good 4 | GET,b'/.idea/.name',b'',0,0,0,0,0,0,good 5 | GET,b'/.idea/acuart.iml',b'',0,0,0,0,0,0,good 6 | GET,b'/.idea/encodings.xml',b'',0,0,0,0,0,0,good 7 | GET,b'/.idea/misc.xml',b'',0,0,0,0,0,0,good 8 | GET,b'/.idea/modules.xml',b'',0,0,0,0,0,0,good 9 | GET,b'/.idea/scopes/',b'',0,0,0,0,0,0,good 10 | GET,b'/.idea/scopes/scope_settings.xml',b'',0,0,0,0,0,0,good 11 | GET,b'/.idea/vcs.xml',b'',0,0,0,0,0,0,good 12 | GET,b'/.idea/workspace.xml',b'',0,0,0,0,0,0,good 13 | GET,b'/404.php',b'',0,0,0,0,0,0,good 14 | GET,b'/AJAX/',b'',0,0,0,0,0,0,good 15 | GET,b'/AJAX/artists.php',b'',0,0,0,0,0,0,good 16 | GET,b'/AJAX/categories.php',b'',0,0,0,0,0,0,good 17 | GET,b'/AJAX/htaccess.conf',b'',0,0,0,0,0,0,good 18 | GET,b'/AJAX/index.php',b'',0,0,0,0,0,0,good 19 | GET,b'/AJAX/infoartist.php',b'',0,0,0,0,0,0,good 20 | GET,b'/AJAX/infocateg.php',b'',0,0,0,0,0,0,good 21 | GET,b'/AJAX/infotitle.php',b'',0,0,0,0,0,0,good 22 | GET,b'/AJAX/showxml.php',b'',0,0,0,0,0,0,good 23 | GET,b'/AJAX/titles.php',b'',0,0,0,0,0,0,good 24 | GET,b'/CVS/',b'',0,0,0,0,0,0,good 25 | GET,b'/CVS/Entries',b'',0,0,0,0,0,0,good 26 | GET,b'/CVS/Entries.Log',b'',0,0,0,0,0,0,good 27 | GET,b'/CVS/Repository',b'',0,0,0,0,0,0,good 28 | GET,b'/CVS/Root',b'',0,0,0,0,0,0,good 29 | GET,b'/Connections/',b'',0,0,0,0,0,0,good 30 | GET,b'/Connections/DB_Connection.php',b'',0,0,0,0,0,0,good 31 | GET,b'/Flash/',b'',0,0,0,0,0,0,good 32 | GET,b'/Flash/add.swf',b'',0,0,0,0,0,0,good 33 | GET,b'/Mod_Rewrite_Shop/',b'',0,0,0,0,0,0,good 34 | GET,b'/Mod_Rewrite_Shop/.htaccess',b'',0,0,0,0,0,0,good 35 | GET,b'/Mod_Rewrite_Shop/BuyProduct-1/',b'',0,0,0,0,0,0,good 36 | GET,b'/Mod_Rewrite_Shop/BuyProduct-2/',b'',0,0,0,0,0,0,good 37 | GET,b'/Mod_Rewrite_Shop/BuyProduct-3/',b'',0,0,0,0,0,0,good 38 | GET,b'/Mod_Rewrite_Shop/Details/color-printer/3/',b'',0,0,0,0,0,0,good 39 | GET,b'/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/',b'',0,0,0,0,0,0,good 40 | GET,b'/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/',b'',0,0,0,0,0,0,good 41 | GET,b'/Mod_Rewrite_Shop/RateProduct-1.html',b'',0,0,0,0,0,0,good 42 | GET,b'/Mod_Rewrite_Shop/RateProduct-2.html',b'',0,0,0,0,0,0,good 43 | GET,b'/Mod_Rewrite_Shop/RateProduct-3.html',b'',0,0,0,0,0,0,good 44 | GET,b'/Mod_Rewrite_Shop/buy.php',b'',0,0,0,0,0,0,good 45 | GET,b'/Mod_Rewrite_Shop/details.php',b'',0,0,0,0,0,0,good 46 | GET,b'/Mod_Rewrite_Shop/images/',b'',0,0,0,0,0,0,good 47 | GET,b'/Mod_Rewrite_Shop/index.php',b'',0,0,0,0,0,0,good 48 | GET,b'/Mod_Rewrite_Shop/rate.php',b'',0,0,0,0,0,0,good 49 | GET,b'/Templates/',b'',0,0,0,0,0,0,good 50 | GET,b'/Templates/main_dynamic_template.dwt.php',b'',0,0,0,0,0,0,good 51 | GET,b'/_mmServerScripts/',b'',0,0,0,0,0,0,good 52 | GET,b'/_mmServerScripts/MMHTTPDB.php',b'',0,0,0,0,0,0,good 53 | GET,b'/_mmServerScripts/mysql.php',b'',0,0,0,0,0,0,good 54 | GET,b'/admin/',b'',0,0,0,0,0,0,good 55 | GET,b'/admin/create.sql',b'',0,0,0,0,0,0,good 56 | GET,b'/artists.php',b'',0,0,0,0,0,0,good 57 | GET,b'/bxss/',b'',0,0,0,0,0,0,good 58 | GET,b'/bxss/adminPan3l/',b'',0,0,0,0,0,0,good 59 | GET,b'/bxss/adminPan3l/index.php',b'',0,0,0,0,0,0,good 60 | GET,b'/bxss/cleanDatabase.php',b'',0,0,0,0,0,0,good 61 | GET,b'/bxss/database_connect.php',b'',0,0,0,0,0,0,good 62 | GET,b'/bxss/index.php',b'',0,0,0,0,0,0,good 63 | GET,b'/bxss/test.js',b'',0,0,0,0,0,0,good 64 | GET,b'/bxss/vuln.php',b'',0,0,0,0,0,0,good 65 | GET,b'/cart.php',b'',0,0,0,0,0,0,good 66 | GET,b'/categories.php',b'',0,0,0,0,0,0,good 67 | GET,b'/cgi-bin/le_check_v3.exe',b'',0,0,0,0,0,0,good 68 | GET,b'/clientaccesspolicy.xml',b'',0,0,0,0,0,0,good 69 | GET,b'/crossdomain.xml',b'',0,0,0,0,0,0,good 70 | GET,b'/database_connect.php',b'',0,0,0,0,0,0,good 71 | GET,b'/disclaimer.php',b'',0,0,0,0,0,0,good 72 | GET,b'/guestbook.php',b'',0,0,0,0,0,0,good 73 | GET,b'/hpp/',b'',0,0,0,0,0,0,good 74 | GET,b'/hpp/index.php',b'',0,0,0,0,0,0,good 75 | GET,b'/hpp/params.php',b'',0,0,0,0,0,0,good 76 | GET,b'/hpp/test.php',b'',0,0,0,0,0,0,good 77 | GET,b'/images/',b'',0,0,0,0,0,0,good 78 | GET,b'/index.bak',b'',0,0,0,0,0,0,good 79 | GET,b'/index.php',b'',0,0,0,0,0,0,good 80 | GET,b'/listproducts.php',b'',0,0,0,0,0,0,good 81 | GET,b'/login.php',b'',0,0,0,0,0,0,good 82 | GET,b'/logout.php',b'',0,0,0,0,0,0,good 83 | GET,b'/pictures/',b'',0,0,0,0,0,0,good 84 | GET,b'/pictures/WS_FTP.LOG',b'',0,0,0,0,0,0,good 85 | GET,b'/pictures/credentials.txt',b'',0,0,0,0,0,0,good 86 | GET,b'/pictures/ipaddresses.txt',b'',0,0,0,0,0,0,good 87 | GET,b'/pictures/path-disclosure-unix.html',b'',0,0,0,0,0,0,good 88 | GET,b'/pictures/path-disclosure-win.html',b'',0,0,0,0,0,0,good 89 | GET,b'/pictures/wp-config.bak',b'',0,0,0,0,0,0,good 90 | GET,b'/product.php',b'',0,0,0,0,0,0,good 91 | GET,b'/search.php',b'',0,0,0,0,0,0,good 92 | GET,b'/secured/',b'',0,0,0,0,0,0,good 93 | GET,b'/secured/database_connect.php',b'',0,0,0,0,0,0,good 94 | GET,b'/secured/index.php',b'',0,0,0,0,0,0,good 95 | GET,b'/secured/newuser.php',b'',0,0,0,0,0,0,good 96 | GET,b'/secured/office.htm',b'',0,0,0,0,0,0,good 97 | GET,b'/secured/phpinfo.php',b'',0,0,0,0,0,0,good 98 | GET,b'/sendcommand.php',b'',0,0,0,0,0,0,good 99 | GET,b'/showimage.php',b'',0,0,0,0,0,0,good 100 | GET,b'/signup.php',b'',0,0,0,0,0,0,good 101 | GET,b'/vendor/',b'',0,0,0,0,0,0,good 102 | GET,b'/vendor/installed.json',b'',0,0,0,0,0,0,good 103 | GET,b'/wvstests/',b'',0,0,0,0,0,0,good 104 | GET,b'/wvstests/pmwiki_2_1_19/',b'',0,0,0,0,0,0,good 105 | GET,b'/wvstests/pmwiki_2_1_19/scripts/',b'',0,0,0,0,0,0,good 106 | GET,b'/wvstests/pmwiki_2_1_19/scripts/version.php',b'',0,0,0,0,0,0,good 107 | GET,b'/.idea',b'',0,0,0,0,0,0,good 108 | GET,b'/.idea/scopes',b'',0,0,0,0,0,0,good 109 | GET,b'/AJAX',b'',0,0,0,0,0,0,good 110 | GET,b'/CVS',b'',0,0,0,0,0,0,good 111 | GET,b'/Connections',b'',0,0,0,0,0,0,good 112 | GET,b'/Flash',b'',0,0,0,0,0,0,good 113 | GET,b'/Mod_Rewrite_Shop',b'',0,0,0,0,0,0,good 114 | GET,b'/Mod_Rewrite_Shop/images',b'',0,0,0,0,0,0,good 115 | GET,b'/Templates',b'',0,0,0,0,0,0,good 116 | GET,b'/_mmServerScripts',b'',0,0,0,0,0,0,good 117 | GET,b'/adm1nPan3l',b'',0,0,0,0,0,0,good 118 | GET,b'/admin',b'',0,0,0,0,0,0,good 119 | GET,b'/bxss',b'',0,0,0,0,0,0,good 120 | GET,b'/bxss/adminPan3l',b'',0,0,0,0,0,0,good 121 | GET,b'/hpp',b'',0,0,0,0,0,0,good 122 | GET,b'/images',b'',0,0,0,0,0,0,good 123 | GET,b'/pictures',b'',0,0,0,0,0,0,good 124 | GET,b'/secured',b'',0,0,0,0,0,0,good 125 | GET,b'/vendor',b'',0,0,0,0,0,0,good 126 | GET,b'/wvstests',b'',0,0,0,0,0,0,good 127 | GET,b'/wvstests/pmwiki_2_1_19',b'',0,0,0,0,0,0,good 128 | GET,b'/wvstests/pmwiki_2_1_19/scripts',b'',0,0,0,0,0,0,good 129 | GET,b'/adm1nPan3l/',b'',0,0,0,0,0,0,good 130 | GET,b'/adm1nPan3l/index.php',b'',0,0,0,0,0,0,good 131 | GET,b'/comment.php',b'',0,0,0,0,0,0,good 132 | GET,b'/redir.php',b'',0,0,0,0,0,0,good 133 | GET,b'/userinfo.php',b'',0,0,0,0,0,0,good 134 | GET,b'/AJAX/infoartist.php?id=1',b'',0,0,0,0,0,0,good 135 | GET,b'/AJAX/infoartist.php?id=2',b'',0,0,0,0,0,0,good 136 | GET,b'/AJAX/infoartist.php?id=3',b'',0,0,0,0,0,0,good 137 | GET,b'/AJAX/infocateg.php?id=1',b'',0,0,0,0,0,0,good 138 | GET,b'/AJAX/infocateg.php?id=2',b'',0,0,0,0,0,0,good 139 | GET,b'/AJAX/infocateg.php?id=3',b'',0,0,0,0,0,0,good 140 | GET,b'/AJAX/infocateg.php?id=4',b'',0,0,0,0,0,0,good 141 | POST,b'/AJAX/infotitle.php',b'id=1',0,0,0,0,0,0,good 142 | POST,b'/AJAX/infotitle.php',b'id=2',0,0,0,0,0,0,good 143 | POST,b'/AJAX/infotitle.php',b'id=3',0,0,0,0,0,0,good 144 | POST,b'/AJAX/infotitle.php',b'id=4',0,0,0,0,0,0,good 145 | POST,b'/AJAX/infotitle.php',b'id=5',0,0,0,0,0,0,good 146 | POST,b'/AJAX/infotitle.php',b'id=6',0,0,0,0,0,0,good 147 | POST,b'/AJAX/infotitle.php',b'id=7',0,0,0,0,0,0,good 148 | POST,b'/AJAX/showxml.php',"b'nodetext1nodetext2'",0,4,0,0,2,0,good 149 | GET,b'/artists.php?artist=1',b'',0,0,0,0,0,0,good 150 | GET,b'/artists.php?artist=2',b'',0,0,0,0,0,0,good 151 | GET,b'/artists.php?artist=3',b'',0,0,0,0,0,0,good 152 | GET,b'/bxss/vuln.php?id=1',b'',0,0,0,0,0,0,good 153 | POST,b'/cart.php',b'addcart=1&price=500',0,0,0,0,0,0,good 154 | POST,b'/cart.php',b'addcart=2&price=800',0,0,0,0,0,0,good 155 | POST,b'/cart.php',b'addcart=3&price=986',0,0,0,0,0,0,good 156 | POST,b'/guestbook.php',b'submit=add%20message&name=anonymous%20user&text=1',0,0,0,0,2,0,good 157 | GET,b'/hpp/?pp=12',b'',0,0,0,0,0,0,good 158 | GET,b'/hpp/index.php?pp=12',b'',0,0,0,0,0,0,good 159 | GET,b'/hpp/params.php?aaaa=',b'',0,0,0,0,0,0,good 160 | GET,b'/hpp/params.php?p=valid&pp=12',b'',0,0,0,0,0,0,good 161 | GET,b'/listproducts.php?artist=1',b'',0,0,0,0,0,0,good 162 | GET,b'/listproducts.php?artist=2',b'',0,0,0,0,0,0,good 163 | GET,b'/listproducts.php?artist=3',b'',0,0,0,0,0,0,good 164 | GET,b'/listproducts.php?cat=1',b'',0,0,0,0,0,0,good 165 | GET,b'/listproducts.php?cat=2',b'',0,0,0,0,0,0,good 166 | GET,b'/listproducts.php?cat=4',b'',0,0,0,0,0,0,good 167 | GET,b'/product.php?pic=1',b'',0,0,0,0,0,0,good 168 | GET,b'/product.php?pic=2',b'',0,0,0,0,0,0,good 169 | GET,b'/product.php?pic=3',b'',0,0,0,0,0,0,good 170 | POST,b'/search.php?test=query',b'goButton=go&searchFor=',0,0,0,0,0,0,good 171 | POST,b'/search.php?test=query',b'goButton=go&searchFor=the',0,0,0,0,0,0,good 172 | POST,b'/secured/newuser.php',b'signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606&urname=wabweamw&uuname=lwsajbes',0,0,0,0,2,1,good 173 | GET,b'/secured/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000',b'',0,0,0,0,0,0,good 174 | GET,b'/secured/phpinfo.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42',b'',0,0,0,0,0,0,good 175 | GET,b'/secured/phpinfo.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42',b'',0,0,0,0,0,0,good 176 | POST,b'/comment.php',b'Submit=Submit&comment=1&name=&phpaction=echo%20%24_POST[comment];',0,0,0,0,3,0,good 177 | GET,b'/comment.php?aid=1',b'',0,0,0,0,0,0,good 178 | GET,b'/comment.php?aid=2',b'',0,0,0,0,0,0,good 179 | GET,b'/comment.php?aid=3',b'',0,0,0,0,0,0,good 180 | GET,b'/comment.php?pid=1',b'',0,0,0,0,0,0,good 181 | GET,b'/comment.php?pid=2',b'',0,0,0,0,0,0,good 182 | GET,b'/comment.php?pid=3',b'',0,0,0,0,0,0,good 183 | GET,b'/comment.php?pid=4',b'',0,0,0,0,0,0,good 184 | GET,b'/comment.php?pid=5',b'',0,0,0,0,0,0,good 185 | GET,b'/comment.php?pid=6',b'',0,0,0,0,0,0,good 186 | GET,b'/comment.php?pid=7',b'',0,0,0,0,0,0,good 187 | GET,b'/redir.php?r=http://www.eclectasy.com/Fractal-Explorer/index.html',b'',0,0,0,0,0,0,good 188 | POST,b'/userinfo.php',b'pass=g00dPa%24%24w0rD&uname=uvhiwqyg',0,0,0,0,0,1,good 189 | -------------------------------------------------------------------------------- /demo_good_and_bad_requests.csv: -------------------------------------------------------------------------------- 1 | method,path,body,single_q,double_q,dashes,braces,spaces,badwords,class 2 | GET,b'/',b'',0,0,0,0,0,0,good 3 | GET,b'/.idea/',b'',0,0,0,0,0,0,good 4 | GET,b'/.idea/.name',b'',0,0,0,0,0,0,good 5 | GET,b'/.idea/acuart.iml',b'',0,0,0,0,0,0,good 6 | GET,b'/.idea/encodings.xml',b'',0,0,0,0,0,0,good 7 | GET,b'/.idea/misc.xml',b'',0,0,0,0,0,0,good 8 | GET,b'/.idea/modules.xml',b'',0,0,0,0,0,0,good 9 | GET,b'/.idea/scopes/',b'',0,0,0,0,0,0,good 10 | GET,b'/.idea/scopes/scope_settings.xml',b'',0,0,0,0,0,0,good 11 | GET,b'/.idea/vcs.xml',b'',0,0,0,0,0,0,good 12 | GET,b'/.idea/workspace.xml',b'',0,0,0,0,0,0,good 13 | GET,b'/404.php',b'',0,0,0,0,0,0,good 14 | GET,b'/AJAX/',b'',0,0,0,0,0,0,good 15 | GET,b'/AJAX/artists.php',b'',0,0,0,0,0,0,good 16 | GET,b'/AJAX/categories.php',b'',0,0,0,0,0,0,good 17 | GET,b'/AJAX/htaccess.conf',b'',0,0,0,0,0,0,good 18 | GET,b'/AJAX/index.php',b'',0,0,0,0,0,0,good 19 | GET,b'/AJAX/infoartist.php',b'',0,0,0,0,0,0,good 20 | GET,b'/AJAX/infocateg.php',b'',0,0,0,0,0,0,good 21 | GET,b'/AJAX/infotitle.php',b'',0,0,0,0,0,0,good 22 | GET,b'/AJAX/showxml.php',b'',0,0,0,0,0,0,good 23 | GET,b'/AJAX/titles.php',b'',0,0,0,0,0,0,good 24 | GET,b'/CVS/',b'',0,0,0,0,0,0,good 25 | GET,b'/CVS/Entries',b'',0,0,0,0,0,0,good 26 | GET,b'/CVS/Entries.Log',b'',0,0,0,0,0,0,good 27 | GET,b'/CVS/Repository',b'',0,0,0,0,0,0,good 28 | GET,b'/CVS/Root',b'',0,0,0,0,0,0,good 29 | GET,b'/Connections/',b'',0,0,0,0,0,0,good 30 | GET,b'/Connections/DB_Connection.php',b'',0,0,0,0,0,0,good 31 | GET,b'/Flash/',b'',0,0,0,0,0,0,good 32 | GET,b'/Flash/add.swf',b'',0,0,0,0,0,0,good 33 | GET,b'/Mod_Rewrite_Shop/',b'',0,0,0,0,0,0,good 34 | GET,b'/Mod_Rewrite_Shop/.htaccess',b'',0,0,0,0,0,0,good 35 | GET,b'/Mod_Rewrite_Shop/BuyProduct-1/',b'',0,0,0,0,0,0,good 36 | GET,b'/Mod_Rewrite_Shop/BuyProduct-2/',b'',0,0,0,0,0,0,good 37 | GET,b'/Mod_Rewrite_Shop/BuyProduct-3/',b'',0,0,0,0,0,0,good 38 | GET,b'/Mod_Rewrite_Shop/Details/color-printer/3/',b'',0,0,0,0,0,0,good 39 | GET,b'/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/',b'',0,0,0,0,0,0,good 40 | GET,b'/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/',b'',0,0,0,0,0,0,good 41 | GET,b'/Mod_Rewrite_Shop/RateProduct-1.html',b'',0,0,0,0,0,0,good 42 | GET,b'/Mod_Rewrite_Shop/RateProduct-2.html',b'',0,0,0,0,0,0,good 43 | GET,b'/Mod_Rewrite_Shop/RateProduct-3.html',b'',0,0,0,0,0,0,good 44 | GET,b'/Mod_Rewrite_Shop/buy.php',b'',0,0,0,0,0,0,good 45 | GET,b'/Mod_Rewrite_Shop/details.php',b'',0,0,0,0,0,0,good 46 | GET,b'/Mod_Rewrite_Shop/images/',b'',0,0,0,0,0,0,good 47 | GET,b'/Mod_Rewrite_Shop/index.php',b'',0,0,0,0,0,0,good 48 | GET,b'/Mod_Rewrite_Shop/rate.php',b'',0,0,0,0,0,0,good 49 | GET,b'/Templates/',b'',0,0,0,0,0,0,good 50 | GET,b'/Templates/main_dynamic_template.dwt.php',b'',0,0,0,0,0,0,good 51 | GET,b'/_mmServerScripts/',b'',0,0,0,0,0,0,good 52 | GET,b'/_mmServerScripts/MMHTTPDB.php',b'',0,0,0,0,0,0,good 53 | GET,b'/_mmServerScripts/mysql.php',b'',0,0,0,0,0,0,good 54 | GET,b'/admin/',b'',0,0,0,0,0,0,good 55 | GET,b'/admin/create.sql',b'',0,0,0,0,0,0,good 56 | GET,b'/artists.php',b'',0,0,0,0,0,0,good 57 | GET,b'/bxss/',b'',0,0,0,0,0,0,good 58 | GET,b'/bxss/adminPan3l/',b'',0,0,0,0,0,0,good 59 | GET,b'/bxss/adminPan3l/index.php',b'',0,0,0,0,0,0,good 60 | GET,b'/bxss/cleanDatabase.php',b'',0,0,0,0,0,0,good 61 | GET,b'/bxss/database_connect.php',b'',0,0,0,0,0,0,good 62 | GET,b'/bxss/index.php',b'',0,0,0,0,0,0,good 63 | GET,b'/bxss/test.js',b'',0,0,0,0,0,0,good 64 | GET,b'/bxss/vuln.php',b'',0,0,0,0,0,0,good 65 | GET,b'/cart.php',b'',0,0,0,0,0,0,good 66 | GET,b'/categories.php',b'',0,0,0,0,0,0,good 67 | GET,b'/cgi-bin/le_check_v3.exe',b'',0,0,0,0,0,0,good 68 | GET,b'/clientaccesspolicy.xml',b'',0,0,0,0,0,0,good 69 | GET,b'/crossdomain.xml',b'',0,0,0,0,0,0,good 70 | GET,b'/database_connect.php',b'',0,0,0,0,0,0,good 71 | GET,b'/disclaimer.php',b'',0,0,0,0,0,0,good 72 | GET,b'/guestbook.php',b'',0,0,0,0,0,0,good 73 | GET,b'/hpp/',b'',0,0,0,0,0,0,good 74 | GET,b'/hpp/index.php',b'',0,0,0,0,0,0,good 75 | GET,b'/hpp/params.php',b'',0,0,0,0,0,0,good 76 | GET,b'/hpp/test.php',b'',0,0,0,0,0,0,good 77 | GET,b'/images/',b'',0,0,0,0,0,0,good 78 | GET,b'/index.bak',b'',0,0,0,0,0,0,good 79 | GET,b'/index.php',b'',0,0,0,0,0,0,good 80 | GET,b'/listproducts.php',b'',0,0,0,0,0,0,good 81 | GET,b'/login.php',b'',0,0,0,0,0,0,good 82 | GET,b'/logout.php',b'',0,0,0,0,0,0,good 83 | GET,b'/pictures/',b'',0,0,0,0,0,0,good 84 | GET,b'/pictures/WS_FTP.LOG',b'',0,0,0,0,0,0,good 85 | GET,b'/pictures/credentials.txt',b'',0,0,0,0,0,0,good 86 | GET,b'/pictures/ipaddresses.txt',b'',0,0,0,0,0,0,good 87 | GET,b'/pictures/path-disclosure-unix.html',b'',0,0,0,0,0,0,good 88 | GET,b'/pictures/path-disclosure-win.html',b'',0,0,0,0,0,0,good 89 | GET,b'/pictures/wp-config.bak',b'',0,0,0,0,0,0,good 90 | GET,b'/product.php',b'',0,0,0,0,0,0,good 91 | GET,b'/search.php',b'',0,0,0,0,0,0,good 92 | GET,b'/secured/',b'',0,0,0,0,0,0,good 93 | GET,b'/secured/database_connect.php',b'',0,0,0,0,0,0,good 94 | GET,b'/secured/index.php',b'',0,0,0,0,0,0,good 95 | GET,b'/secured/newuser.php',b'',0,0,0,0,0,0,good 96 | GET,b'/secured/office.htm',b'',0,0,0,0,0,0,good 97 | GET,b'/secured/phpinfo.php',b'',0,0,0,0,0,0,good 98 | GET,b'/sendcommand.php',b'',0,0,0,0,0,0,good 99 | GET,b'/showimage.php',b'',0,0,0,0,0,0,good 100 | GET,b'/signup.php',b'',0,0,0,0,0,0,good 101 | GET,b'/vendor/',b'',0,0,0,0,0,0,good 102 | GET,b'/vendor/installed.json',b'',0,0,0,0,0,0,good 103 | GET,b'/wvstests/',b'',0,0,0,0,0,0,good 104 | GET,b'/wvstests/pmwiki_2_1_19/',b'',0,0,0,0,0,0,good 105 | GET,b'/wvstests/pmwiki_2_1_19/scripts/',b'',0,0,0,0,0,0,good 106 | GET,b'/wvstests/pmwiki_2_1_19/scripts/version.php',b'',0,0,0,0,0,0,good 107 | GET,b'/.idea',b'',0,0,0,0,0,0,good 108 | GET,b'/.idea/scopes',b'',0,0,0,0,0,0,good 109 | GET,b'/AJAX',b'',0,0,0,0,0,0,good 110 | GET,b'/CVS',b'',0,0,0,0,0,0,good 111 | GET,b'/Connections',b'',0,0,0,0,0,0,good 112 | GET,b'/Flash',b'',0,0,0,0,0,0,good 113 | GET,b'/Mod_Rewrite_Shop',b'',0,0,0,0,0,0,good 114 | GET,b'/Mod_Rewrite_Shop/images',b'',0,0,0,0,0,0,good 115 | GET,b'/Templates',b'',0,0,0,0,0,0,good 116 | GET,b'/_mmServerScripts',b'',0,0,0,0,0,0,good 117 | GET,b'/adm1nPan3l',b'',0,0,0,0,0,0,good 118 | GET,b'/admin',b'',0,0,0,0,0,0,good 119 | GET,b'/bxss',b'',0,0,0,0,0,0,good 120 | GET,b'/bxss/adminPan3l',b'',0,0,0,0,0,0,good 121 | GET,b'/hpp',b'',0,0,0,0,0,0,good 122 | GET,b'/images',b'',0,0,0,0,0,0,good 123 | GET,b'/pictures',b'',0,0,0,0,0,0,good 124 | GET,b'/secured',b'',0,0,0,0,0,0,good 125 | GET,b'/vendor',b'',0,0,0,0,0,0,good 126 | GET,b'/wvstests',b'',0,0,0,0,0,0,good 127 | GET,b'/wvstests/pmwiki_2_1_19',b'',0,0,0,0,0,0,good 128 | GET,b'/wvstests/pmwiki_2_1_19/scripts',b'',0,0,0,0,0,0,good 129 | GET,b'/adm1nPan3l/',b'',0,0,0,0,0,0,good 130 | GET,b'/adm1nPan3l/index.php',b'',0,0,0,0,0,0,good 131 | GET,b'/comment.php',b'',0,0,0,0,0,0,good 132 | GET,b'/redir.php',b'',0,0,0,0,0,0,good 133 | GET,b'/userinfo.php',b'',0,0,0,0,0,0,good 134 | GET,b'/AJAX/infoartist.php?id=1',b'',0,0,0,0,0,0,good 135 | GET,b'/AJAX/infoartist.php?id=2',b'',0,0,0,0,0,0,good 136 | GET,b'/AJAX/infoartist.php?id=3',b'',0,0,0,0,0,0,good 137 | GET,b'/AJAX/infocateg.php?id=1',b'',0,0,0,0,0,0,good 138 | GET,b'/AJAX/infocateg.php?id=2',b'',0,0,0,0,0,0,good 139 | GET,b'/AJAX/infocateg.php?id=3',b'',0,0,0,0,0,0,good 140 | GET,b'/AJAX/infocateg.php?id=4',b'',0,0,0,0,0,0,good 141 | POST,b'/AJAX/infotitle.php',b'id=1',0,0,0,0,0,0,good 142 | POST,b'/AJAX/infotitle.php',b'id=2',0,0,0,0,0,0,good 143 | POST,b'/AJAX/infotitle.php',b'id=3',0,0,0,0,0,0,good 144 | POST,b'/AJAX/infotitle.php',b'id=4',0,0,0,0,0,0,good 145 | POST,b'/AJAX/infotitle.php',b'id=5',0,0,0,0,0,0,good 146 | POST,b'/AJAX/infotitle.php',b'id=6',0,0,0,0,0,0,good 147 | POST,b'/AJAX/infotitle.php',b'id=7',0,0,0,0,0,0,good 148 | POST,b'/AJAX/showxml.php',"b'nodetext1nodetext2'",0,4,0,0,2,0,good 149 | GET,b'/artists.php?artist=1',b'',0,0,0,0,0,0,good 150 | GET,b'/artists.php?artist=2',b'',0,0,0,0,0,0,good 151 | GET,b'/artists.php?artist=3',b'',0,0,0,0,0,0,good 152 | GET,b'/bxss/vuln.php?id=1',b'',0,0,0,0,0,0,good 153 | POST,b'/cart.php',b'addcart=1&price=500',0,0,0,0,0,0,good 154 | POST,b'/cart.php',b'addcart=2&price=800',0,0,0,0,0,0,good 155 | POST,b'/cart.php',b'addcart=3&price=986',0,0,0,0,0,0,good 156 | POST,b'/guestbook.php',b'submit=add%20message&name=anonymous%20user&text=1',0,0,0,0,2,0,good 157 | GET,b'/hpp/?pp=12',b'',0,0,0,0,0,0,good 158 | GET,b'/hpp/index.php?pp=12',b'',0,0,0,0,0,0,good 159 | GET,b'/hpp/params.php?aaaa=',b'',0,0,0,0,0,0,good 160 | GET,b'/hpp/params.php?p=valid&pp=12',b'',0,0,0,0,0,0,good 161 | GET,b'/listproducts.php?artist=1',b'',0,0,0,0,0,0,good 162 | GET,b'/listproducts.php?artist=2',b'',0,0,0,0,0,0,good 163 | GET,b'/listproducts.php?artist=3',b'',0,0,0,0,0,0,good 164 | GET,b'/listproducts.php?cat=1',b'',0,0,0,0,0,0,good 165 | GET,b'/listproducts.php?cat=2',b'',0,0,0,0,0,0,good 166 | GET,b'/listproducts.php?cat=4',b'',0,0,0,0,0,0,good 167 | GET,b'/product.php?pic=1',b'',0,0,0,0,0,0,good 168 | GET,b'/product.php?pic=2',b'',0,0,0,0,0,0,good 169 | GET,b'/product.php?pic=3',b'',0,0,0,0,0,0,good 170 | POST,b'/search.php?test=query',b'goButton=go&searchFor=',0,0,0,0,0,0,good 171 | POST,b'/search.php?test=query',b'goButton=go&searchFor=the',0,0,0,0,0,0,good 172 | POST,b'/secured/newuser.php',b'signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606&urname=wabweamw&uuname=lwsajbes',0,0,0,0,2,1,good 173 | GET,b'/secured/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000',b'',0,0,0,0,0,0,good 174 | GET,b'/secured/phpinfo.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42',b'',0,0,0,0,0,0,good 175 | GET,b'/secured/phpinfo.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42',b'',0,0,0,0,0,0,good 176 | POST,b'/comment.php',b'Submit=Submit&comment=1&name=&phpaction=echo%20%24_POST[comment];',0,0,0,0,3,0,good 177 | GET,b'/comment.php?aid=1',b'',0,0,0,0,0,0,good 178 | GET,b'/comment.php?aid=2',b'',0,0,0,0,0,0,good 179 | GET,b'/comment.php?aid=3',b'',0,0,0,0,0,0,good 180 | GET,b'/comment.php?pid=1',b'',0,0,0,0,0,0,good 181 | GET,b'/comment.php?pid=2',b'',0,0,0,0,0,0,good 182 | GET,b'/comment.php?pid=3',b'',0,0,0,0,0,0,good 183 | GET,b'/comment.php?pid=4',b'',0,0,0,0,0,0,good 184 | GET,b'/comment.php?pid=5',b'',0,0,0,0,0,0,good 185 | GET,b'/comment.php?pid=6',b'',0,0,0,0,0,0,good 186 | GET,b'/comment.php?pid=7',b'',0,0,0,0,0,0,good 187 | GET,b'/redir.php?r=http://www.eclectasy.com/Fractal-Explorer/index.html',b'',0,0,0,0,0,0,good 188 | POST,b'/userinfo.php',b'pass=g00dPa%24%24w0rD&uname=uvhiwqyg',0,0,0,0,0,1,good 189 | -------------------------------------------------------------------------------- /demo_bad_responses.csv: -------------------------------------------------------------------------------- 1 | method,path,body,single_q,double_q,dashes,braces,spaces,badwords,class 2 | GET,b'/',b'',0,0,0,0,0,0,bad 3 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=sample%40email.tst',0,0,0,0,0,0,bad 4 | GET,b'/feedback.jsp',b'',0,0,0,0,0,0,bad 5 | GET,b'/high_yield_investments.htm',b'',0,0,0,0,0,0,bad 6 | GET,b'/index.jsp',b'',0,0,0,0,0,0,bad 7 | GET,b'/login.jsp',b'',0,0,0,0,0,0,bad 8 | GET,b'/retirement.htm',b'',0,0,0,0,0,0,bad 9 | GET,b'/search.jsp',b'',0,0,0,0,0,0,bad 10 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=fdgdnepm&subject=1',0,0,0,0,0,0,bad 11 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,0,0,0,0,bad 12 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 13 | POST,b'/sendFeedback',"b'submit=Submit&cfile=1\'""&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1'",1,1,0,0,0,0,bad 14 | POST,b'/sendFeedback',b'submit=Submit&cfile=jZisTNyw&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,0,0,0,0,bad 15 | POST,b'/sendFeedback',b'submit=Submit&cfile=%5c&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 16 | POST,b'/sendFeedback',b'submit=Submit&cfile=1%00%c0%a7%c0%a2%252527%252522&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 17 | POST,b'/sendFeedback',b'submit=Submit&cfile=-1%20OR%202%2b329-329-1=0%2b0%2b0%2b1%20--%20&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,1,0,4,0,bad 18 | POST,b'/sendFeedback',b'submit=Submit&cfile=-1%20OR%202%2b770-770-1=0%2b0%2b0%2b1&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,0,0,2,0,bad 19 | POST,b'/sendFeedback',b'submit=Submit&cfile=%40%40S44Om&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 20 | POST,b'/sendFeedback',b'submit=Submit&cfile=JyI=&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 21 | POST,b'/sendFeedback',"b""submit=Submit&cfile=-1'%20OR%202%2b395-395-1=0%2b0%2b0%2b1%20--%20&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1""",1,0,1,0,4,0,bad 22 | POST,b'/sendFeedback',"b'submit=Submit&cfile=%bf\'%bf""&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1'",1,1,0,0,0,0,bad 23 | POST,b'/sendFeedback',"b""submit=Submit&cfile=-1'%20OR%202%2b988-988-1=0%2b0%2b0%2b1%20or%20'WxTG2AbU'='&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1""",4,0,0,0,4,0,bad 24 | POST,b'/sendFeedback',"b'submit=Submit&cfile=%f0\'\'%f0""""&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1'",2,2,0,0,0,0,bad 25 | POST,b'/sendFeedback',"b'submit=Submit&cfile=-1""%20OR%202%2b124-124-1=0%2b0%2b0%2b1%20--%20&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1'",0,1,1,0,4,0,bad 26 | POST,b'/sendFeedback',b'submit=Submit&cfile=if(now()=sysdate()%2csleep(6)%2c0)&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,0,4,0,1,bad 27 | POST,b'/sendFeedback',"b""submit=Submit&cfile=0'XOR(if(now()=sysdate()%2csleep(6)%2c0))XOR'Z&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1""",2,0,0,5,0,1,bad 28 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1\'""&email_addr=sample%40email.tst&name=bvxspifs&subject=1'",1,1,0,0,0,0,bad 29 | POST,b'/sendFeedback',"b'submit=Submit&cfile=0""XOR(if(now()=sysdate()%2csleep(9)%2c0))XOR""Z&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1'",0,2,0,5,0,1,bad 30 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=%5c&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 31 | POST,b'/sendFeedback',"b'submit=Submit&cfile=(select(0)from(select(sleep(3)))v)/*\'%2b(select(0)from(select(sleep(3)))v)%2b\'""%2b(select(0)from(select(sleep(3)))v)%2b""*/&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1'",2,2,0,15,0,9,bad 32 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1%00%c0%a7%c0%a2%252527%252522&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 33 | POST,b'/sendFeedback',"b""submit=Submit&cfile=1%20waitfor%20delay%20'0:0:3'%20--%20&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1""",2,0,1,0,5,2,bad 34 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=%40%40yROKk&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 35 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=JyI=&email_addr=sample%40email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 36 | POST,b'/sendFeedback',"b""submit=Submit&cfile=3eJwMr97';%20waitfor%20delay%20'0:0:3'%20--%20&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1""",3,0,1,0,5,2,bad 37 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=%bf\'%bf""&email_addr=sample%40email.tst&name=bvxspifs&subject=1'",1,1,0,0,0,0,bad 38 | POST,b'/sendFeedback',"b""submit=Submit&cfile=xvLeFNxW');select%20pg_sleep(9);%20--%20&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1""",1,0,1,1,3,2,bad 39 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=%f0\'\'%f0""""&email_addr=sample%40email.tst&name=bvxspifs&subject=1'",2,2,0,0,0,0,bad 40 | POST,b'/sendFeedback',"b""submit=Submit&cfile=rAtfeXUn'));select%20pg_sleep(3);%20--%20&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1""",1,0,1,1,3,2,bad 41 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%2540email.tst&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 42 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=1\'""&name=bvxspifs&subject=1'",1,1,0,0,0,0,bad 43 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=%5c&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 44 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=ufni3a3C&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,0,0,0,0,bad 45 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=-1%20OR%202%2b88-88-1=0%2b0%2b0%2b1%20--%20&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,1,0,4,0,bad 46 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=1%00%c0%a7%c0%a2%252527%252522&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 47 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=%40%40zc5QC&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 48 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=-1%20OR%202%2b197-197-1=0%2b0%2b0%2b1&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,0,0,2,0,bad 49 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=JyI=&name=bvxspifs&subject=1',0,0,0,0,0,0,bad 50 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=-1'%20OR%202%2b309-309-1=0%2b0%2b0%2b1%20--%20&email_addr=sample%40email.tst&name=dedooinx&subject=1""",1,0,1,0,4,0,bad 51 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=-1'%20OR%202%2b534-534-1=0%2b0%2b0%2b1%20or%20'1j0qCDDD'='&email_addr=sample%40email.tst&name=dedooinx&subject=1""",4,0,0,0,4,0,bad 52 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=%bf\'%bf""&name=bvxspifs&subject=1'",1,1,0,0,0,0,bad 53 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=%f0\'\'%f0""""&name=bvxspifs&subject=1'",2,2,0,0,0,0,bad 54 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=-1""%20OR%202%2b848-848-1=0%2b0%2b0%2b1%20--%20&email_addr=sample%40email.tst&name=dedooinx&subject=1'",0,1,1,0,4,0,bad 55 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=if(now()=sysdate()%2csleep(6)%2c0)&email_addr=sample%40email.tst&name=dedooinx&subject=1',0,0,0,4,0,1,bad 56 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=1\'""&subject=1'",1,1,0,0,0,0,bad 57 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=0'XOR(if(now()=sysdate()%2csleep(9)%2c0))XOR'Z&email_addr=sample%40email.tst&name=dedooinx&subject=1""",2,0,0,5,0,1,bad 58 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=0""XOR(if(now()=sysdate()%2csleep(3)%2c0))XOR""Z&email_addr=sample%40email.tst&name=dedooinx&subject=1'",0,2,0,5,0,1,bad 59 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=%5c&subject=1',0,0,0,0,0,0,bad 60 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=1%00%c0%a7%c0%a2%252527%252522&subject=1',0,0,0,0,0,0,bad 61 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=(select(0)from(select(sleep(6)))v)/*\'%2b(select(0)from(select(sleep(6)))v)%2b\'""%2b(select(0)from(select(sleep(6)))v)%2b""*/&email_addr=sample%40email.tst&name=dedooinx&subject=1'",2,2,0,15,0,9,bad 62 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=%40%40VaHmC&subject=1',0,0,0,0,0,0,bad 63 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=-1;%20waitfor%20delay%20'0:0:6'%20--%20&email_addr=sample%40email.tst&name=dedooinx&subject=1""",2,0,1,0,5,2,bad 64 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=JyI=&subject=1',0,0,0,0,0,0,bad 65 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=-1);%20waitfor%20delay%20'0:0:9'%20--%20&email_addr=sample%40email.tst&name=dedooinx&subject=1""",2,0,1,0,5,2,bad 66 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=%bf\'%bf""&subject=1'",1,1,0,0,0,0,bad 67 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=1%20waitfor%20delay%20'0:0:9'%20--%20&email_addr=sample%40email.tst&name=dedooinx&subject=1""",2,0,1,0,5,2,bad 68 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=VckmRnqL';%20waitfor%20delay%20'0:0:3'%20--%20&email_addr=sample%40email.tst&name=dedooinx&subject=1""",3,0,1,0,5,2,bad 69 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=%f0\'\'%f0""""&subject=1'",2,2,0,0,0,0,bad 70 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1\'""'",1,1,0,0,0,0,bad 71 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=%5c',0,0,0,0,0,0,bad 72 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=1%00%c0%a7%c0%a2%252527%252522',0,0,0,0,0,0,bad 73 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%2540email.tst&name=dedooinx&subject=1',0,0,0,0,0,0,bad 74 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=%40%40pprjO',0,0,0,0,0,0,bad 75 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=JyI=',0,0,0,0,0,0,bad 76 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=mENbGkPX&name=dedooinx&subject=1',0,0,0,0,0,0,bad 77 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=%bf\'%bf""'",1,1,0,0,0,0,bad 78 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=bvxspifs&subject=%f0\'\'%f0""""'",2,2,0,0,0,0,bad 79 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%2540email.tst%25'%20AND%202*3*8=6*8%20AND%20'Cv1S'!='Cv1S%25&name=dedooinx&subject=1""",4,0,0,0,4,0,bad 80 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=-1%20OR%202%2b768-768-1=0%2b0%2b0%2b1%20--%20&name=dedooinx&subject=1',0,0,1,0,4,0,bad 81 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=-1%20OR%203%2b768-768-1=0%2b0%2b0%2b1%20--%20&name=dedooinx&subject=1',0,0,1,0,4,0,bad 82 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=CuffVvpU',0,0,0,0,0,0,bad 83 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1*1*1*1',0,0,0,0,0,0,bad 84 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=-1%20OR%202%2b162-162-1=0%2b0%2b0%2b1%20--%20',0,0,1,0,4,0,bad 85 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=-1%20OR%203%2b162-162-1=0%2b0%2b0%2b1%20--%20',0,0,1,0,4,0,bad 86 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=-1%20OR%202%2b201-201-1=0%2b0%2b0%2b1',0,0,0,0,2,0,bad 87 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=-1%20OR%203%2b201-201-1=0%2b0%2b0%2b1',0,0,0,0,2,0,bad 88 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=if(now()=sysdate()%2csleep(3)%2c0)',0,0,0,4,0,1,bad 89 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=0'XOR(if(now()=sysdate()%2csleep(6)%2c0))XOR'Z""",2,0,0,5,0,1,bad 90 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=0""XOR(if(now()=sysdate()%2csleep(9)%2c0))XOR""Z'",0,2,0,5,0,1,bad 91 | POST,b'/sendFeedback',"b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=(select(0)from(select(sleep(3)))v)/*\'%2b(select(0)from(select(sleep(3)))v)%2b\'""%2b(select(0)from(select(sleep(3)))v)%2b""*/'",2,2,0,15,0,9,bad 92 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=-1;%20waitfor%20delay%20'0:0:3'%20--%20""",2,0,1,0,5,2,bad 93 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=-1);%20waitfor%20delay%20'0:0:6'%20--%20""",2,0,1,0,5,2,bad 94 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1%20waitfor%20delay%20'0:0:9'%20--%20""",2,0,1,0,5,2,bad 95 | POST,b'/sendFeedback',"b""submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=dedooinx&subject=1Wxz65LR';%20waitfor%20delay%20'0:0:9'%20--%20""",3,0,1,0,5,2,bad 96 | POST,b'/sendFeedback',b'submit=Submit&cfile=1acuuHcCBvsuHU&comments=1&email_addr=sample%40email.tst&name=flqcdnfa&subject=1',0,0,0,0,0,0,bad 97 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=1acuyywbVTeuth&name=flqcdnfa&subject=1',0,0,0,0,0,0,bad 98 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=1acuJSwyuI6kAe&subject=1',0,0,0,0,0,0,bad 99 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1acuxAxtv9NAJU&email_addr=sample%40email.tst&name=flqcdnfa&subject=1',0,0,0,0,0,0,bad 100 | POST,b'/sendFeedback',b'submit=Submit&cfile=comments.txt&comments=1&email_addr=sample%40email.tst&name=flqcdnfa&subject=1acuo9He86pHcd',0,0,0,0,0,0,bad 101 | GET,b'/status_check.jsp',b'',0,0,0,0,0,0,bad 102 | GET,b'/subscribe.jsp',b'',0,0,0,0,0,0,bad 103 | GET,b'/survey_questions.jsp',b'',0,0,0,0,0,0,bad 104 | GET,b'/swagger/index.html',b'',0,0,0,0,0,0,bad 105 | GET,b'/swagger/properties.json',b'',0,0,0,0,0,0,bad 106 | GET,b'/swagger/swagger-ui-bundle.js',b'',0,0,0,0,0,0,bad 107 | GET,b'/swagger/swagger-ui-standalone-preset.js',b'',0,0,0,0,0,0,bad 108 | GET,b'/util/serverStatusCheckService.jsp',b'',0,0,0,0,0,0,bad 109 | GET,b'/admin',b'',0,0,0,0,0,0,bad 110 | GET,b'/admin/clients.xls',b'',0,0,0,0,0,0,bad 111 | GET,b'/doLogin',b'',0,0,0,0,0,0,bad 112 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=sample%2540email.tst',0,0,0,0,0,0,bad 113 | POST,b'/doSubscribe',"b'btnSubmit=Subscribe&txtEmail=1\'""'",1,1,0,0,0,0,bad 114 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=%5c',0,0,0,0,0,0,bad 115 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=1%00%c0%a7%c0%a2%252527%252522',0,0,0,0,0,0,bad 116 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=-1%20OR%202%2b419-419-1=0%2b0%2b0%2b1%20--%20',0,0,1,0,4,0,bad 117 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=-1%20OR%202%2b927-927-1=0%2b0%2b0%2b1',0,0,0,0,2,0,bad 118 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=%40%407bbVp',0,0,0,0,0,0,bad 119 | POST,b'/doSubscribe',"b""btnSubmit=Subscribe&txtEmail=-1'%20OR%202%2b823-823-1=0%2b0%2b0%2b1%20--%20""",1,0,1,0,4,0,bad 120 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=JyI=',0,0,0,0,0,0,bad 121 | POST,b'/doSubscribe',"b""btnSubmit=Subscribe&txtEmail=-1'%20OR%202%2b97-97-1=0%2b0%2b0%2b1%20or%20'Ea1FuPyP'='""",4,0,0,0,4,0,bad 122 | POST,b'/doSubscribe',"b'btnSubmit=Subscribe&txtEmail=%bf\'%bf""'",1,1,0,0,0,0,bad 123 | POST,b'/doSubscribe',"b'btnSubmit=Subscribe&txtEmail=-1""%20OR%202%2b16-16-1=0%2b0%2b0%2b1%20--%20'",0,1,1,0,4,0,bad 124 | POST,b'/doSubscribe',"b'btnSubmit=Subscribe&txtEmail=%f0\'\'%f0""""'",2,2,0,0,0,0,bad 125 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=if(now()=sysdate()%2csleep(9)%2c0)',0,0,0,4,0,1,bad 126 | POST,b'/doSubscribe',"b""btnSubmit=Subscribe&txtEmail=0'XOR(if(now()=sysdate()%2csleep(3)%2c0))XOR'Z""",2,0,0,5,0,1,bad 127 | POST,b'/doSubscribe',"b'btnSubmit=Subscribe&txtEmail=0""XOR(if(now()=sysdate()%2csleep(6)%2c0))XOR""Z'",0,2,0,5,0,1,bad 128 | POST,b'/doSubscribe',"b'btnSubmit=Subscribe&txtEmail=(select(0)from(select(sleep(6)))v)/*\'%2b(select(0)from(select(sleep(6)))v)%2b\'""%2b(select(0)from(select(sleep(6)))v)%2b""*/'",2,2,0,15,0,9,bad 129 | POST,b'/doSubscribe',"b""btnSubmit=Subscribe&txtEmail=1%20waitfor%20delay%20'0:0:9'%20--%20""",2,0,1,0,5,2,bad 130 | POST,b'/doSubscribe',"b""btnSubmit=Subscribe&txtEmail=97rwy5bR';%20waitfor%20delay%20'0:0:9'%20--%20""",3,0,1,0,5,2,bad 131 | POST,b'/doSubscribe',"b""btnSubmit=Subscribe&txtEmail=QvORLL22'));select%20pg_sleep(6);%20--%20""",1,0,1,1,3,2,bad 132 | POST,b'/doSubscribe',b'btnSubmit=Subscribe&txtEmail=1acuJJPrsHsN9m',0,0,0,0,0,0,bad 133 | GET,b'/images',b'',0,0,0,0,0,0,bad 134 | GET,b'/swagger',b'',0,0,0,0,0,0,bad 135 | GET,b'/util',b'',0,0,0,0,0,0,bad 136 | GET,b'/index.jsp?content=%40%40LO9i9',b'',0,0,0,0,0,0,bad 137 | GET,b'/index.jsp?content=%5c',b'',0,0,0,0,0,0,bad 138 | GET,b'/index.jsp?content=-1%20OR%202%2b101-101-1=0%2b0%2b0%2b1',b'',0,0,0,0,2,0,bad 139 | GET,b'/index.jsp?content=-1%20OR%202%2b814-814-1=0%2b0%2b0%2b1%20--%20',b'',0,0,1,0,4,0,bad 140 | GET,b'/index.jsp?content=-1%20OR%203%2b101-101-1=0%2b0%2b0%2b1',b'',0,0,0,0,2,0,bad 141 | GET,b'/index.jsp?content=-1%20OR%203%2b814-814-1=0%2b0%2b0%2b1%20--%20',b'',0,0,1,0,4,0,bad 142 | GET,"b""/index.jsp?content=0'XOR(if(now()=sysdate()%2csleep(9)%2c0))XOR'Z""",b'',2,0,0,5,0,1,bad 143 | GET,b'/index.jsp?content=1%00%c0%a7%c0%a2%252527%252522',b'',0,0,0,0,0,0,bad 144 | GET,"b""/index.jsp?content=1%20waitfor%20delay%20'0:0:3'%20--%20""",b'',2,0,1,0,5,2,bad 145 | GET,b'/index.jsp?content=1acuQko7h4zCOb',b'',0,0,0,0,0,0,bad 146 | GET,"b""/index.jsp?content=BzPl85AB';%20waitfor%20delay%20'0:0:6'%20--%20""",b'',3,0,1,0,5,2,bad 147 | GET,b'/index.jsp?content=JyI=',b'',0,0,0,0,0,0,bad 148 | GET,b'/index.jsp?content=YLSub9gu',b'',0,0,0,0,0,0,bad 149 | GET,b'/index.jsp?content=business.htm',b'',0,0,0,0,0,0,bad 150 | GET,b'/index.jsp?content=business_cards.htm',b'',0,0,0,0,0,0,bad 151 | GET,b'/index.jsp?content=business_deposit.htm',b'',0,0,0,0,0,0,bad 152 | GET,b'/index.jsp?content=business_insurance.htm',b'',0,0,0,0,0,0,bad 153 | GET,b'/index.jsp?content=business_lending.htm',b'',0,0,0,0,0,0,bad 154 | GET,b'/index.jsp?content=business_retirement.htm',b'',0,0,0,0,0,0,bad 155 | GET,"b""/index.jsp?content=dFoiQJbB'));select%20pg_sleep(9);%20--%20""",b'',1,0,1,1,3,2,bad 156 | GET,b'/index.jsp?content=if(now()=sysdate()%2csleep(9)%2c0)',b'',0,0,0,4,0,1,bad 157 | GET,b'/index.jsp?content=inside_investor.htm',b'',0,0,0,0,0,0,bad 158 | GET,b'/index.jsp?content=inside_press.htm',b'',0,0,0,0,0,0,bad 159 | GET,"b""/index.jsp?content=inside_press.htm%25'%20AND%202*3*8=6*8%20AND%20'mJn0'!='mJn0%25""",b'',4,0,0,0,4,0,bad 160 | GET,b'/index.jsp?content=personal_investments.htm',b'',0,0,0,0,0,0,bad 161 | GET,b'/index.jsp?content=personal_other.htm',b'',0,0,0,0,0,0,bad 162 | GET,"b""/index.jsp?content=yGefCFyE');select%20pg_sleep(9);%20--%20""",b'',1,0,1,1,3,2,bad 163 | GET,b'/search.jsp?query=%40%408Tv4t',b'',0,0,0,0,0,0,bad 164 | GET,b'/search.jsp?query=%5c',b'',0,0,0,0,0,0,bad 165 | GET,b'/search.jsp?query=-1%20OR%202%2b543-543-1=0%2b0%2b0%2b1',b'',0,0,0,0,2,0,bad 166 | GET,b'/search.jsp?query=-1%20OR%202%2b751-751-1=0%2b0%2b0%2b1%20--%20',b'',0,0,1,0,4,0,bad 167 | GET,b'/search.jsp?query=-1%20OR%203%2b543-543-1=0%2b0%2b0%2b1',b'',0,0,0,0,2,0,bad 168 | GET,b'/search.jsp?query=-1%20OR%203%2b751-751-1=0%2b0%2b0%2b1%20--%20',b'',0,0,1,0,4,0,bad 169 | GET,"b""/search.jsp?query=-1);%20waitfor%20delay%20'0:0:9'%20--%20""",b'',2,0,1,0,5,2,bad 170 | GET,"b""/search.jsp?query=-1;%20waitfor%20delay%20'0:0:9'%20--%20""",b'',2,0,1,0,5,2,bad 171 | GET,"b""/search.jsp?query=0'XOR(if(now()=sysdate()%2csleep(3)%2c0))XOR'Z""",b'',2,0,0,5,0,1,bad 172 | GET,b'/search.jsp?query=1',b'',0,0,0,0,0,0,bad 173 | GET,b'/search.jsp?query=1%00%c0%a7%c0%a2%252527%252522',b'',0,0,0,0,0,0,bad 174 | GET,"b""/search.jsp?query=1%20waitfor%20delay%20'0:0:3'%20--%20""",b'',2,0,1,0,5,2,bad 175 | GET,b'/search.jsp?query=1*1*1*1',b'',0,0,0,0,0,0,bad 176 | GET,b'/search.jsp?query=1acu3DPGSnsv2R',b'',0,0,0,0,0,0,bad 177 | GET,"b""/search.jsp?query=32kC9Q3I';%20waitfor%20delay%20'0:0:3'%20--%20""",b'',3,0,1,0,5,2,bad 178 | GET,b'/search.jsp?query=JyI=',b'',0,0,0,0,0,0,bad 179 | GET,b'/search.jsp?query=P1Ao4M0h',b'',0,0,0,0,0,0,bad 180 | GET,"b""/search.jsp?query=SZqCLjQf'));select%20pg_sleep(6);%20--%20""",b'',1,0,1,1,3,2,bad 181 | GET,b'/search.jsp?query=if(now()=sysdate()%2csleep(9)%2c0)',b'',0,0,0,4,0,1,bad 182 | GET,"b""/search.jsp?query=lAy6zQTH');select%20pg_sleep(3);%20--%20""",b'',1,0,1,1,3,2,bad 183 | GET,b'/survey_questions.jsp?step=%40%40Ds5q6',b'',0,0,0,0,0,0,bad 184 | GET,b'/survey_questions.jsp?step=%5c',b'',0,0,0,0,0,0,bad 185 | GET,b'/survey_questions.jsp?step=-1%20OR%202%2b207-207-1=0%2b0%2b0%2b1',b'',0,0,0,0,2,0,bad 186 | GET,b'/survey_questions.jsp?step=-1%20OR%202%2b801-801-1=0%2b0%2b0%2b1%20--%20',b'',0,0,1,0,4,0,bad 187 | GET,b'/survey_questions.jsp?step=-1%20OR%203%2b207-207-1=0%2b0%2b0%2b1',b'',0,0,0,0,2,0,bad 188 | GET,b'/survey_questions.jsp?step=-1%20OR%203%2b801-801-1=0%2b0%2b0%2b1%20--%20',b'',0,0,1,0,4,0,bad 189 | GET,"b""/survey_questions.jsp?step=0'XOR(if(now()=sysdate()%2csleep(9)%2c0))XOR'Z""",b'',2,0,0,5,0,1,bad 190 | GET,b'/survey_questions.jsp?step=1%00%c0%a7%c0%a2%252527%252522',b'',0,0,0,0,0,0,bad 191 | GET,"b""/survey_questions.jsp?step=1%20waitfor%20delay%20'0:0:3'%20--%20""",b'',2,0,1,0,5,2,bad 192 | GET,b'/survey_questions.jsp?step=1acuEl4NKjoyi9',b'',0,0,0,0,0,0,bad 193 | GET,"b""/survey_questions.jsp?step=67tGB1lZ';%20waitfor%20delay%20'0:0:3'%20--%20""",b'',3,0,1,0,5,2,bad 194 | GET,b'/survey_questions.jsp?step=JyI=',b'',0,0,0,0,0,0,bad 195 | GET,b'/survey_questions.jsp?step=XAXbMyGj',b'',0,0,0,0,0,0,bad 196 | GET,b'/survey_questions.jsp?step=a',b'',0,0,0,0,0,0,bad 197 | GET,b'/survey_questions.jsp?step=b',b'',0,0,0,0,0,0,bad 198 | GET,"b""/survey_questions.jsp?step=b%25'%20AND%202*3*8=6*8%20AND%20'GfYm'!='GfYm%25""",b'',4,0,0,0,4,0,bad 199 | GET,"b""/survey_questions.jsp?step=d16ENofV');select%20pg_sleep(9);%20--%20""",b'',1,0,1,1,3,2,bad 200 | GET,"b""/survey_questions.jsp?step=dV0g01Yf'));select%20pg_sleep(3);%20--%20""",b'',1,0,1,1,3,2,bad 201 | GET,b'/survey_questions.jsp?step=if(now()=sysdate()%2csleep(6)%2c0)',b'',0,0,0,4,0,1,bad 202 | GET,b'/util/serverStatusCheckService.jsp?HostName=%40%409Fl6x',b'',0,0,0,0,0,0,bad 203 | GET,b'/util/serverStatusCheckService.jsp?HostName=%5c',b'',0,0,0,0,0,0,bad 204 | GET,b'/util/serverStatusCheckService.jsp?HostName=-1%20OR%202%2b174-174-1=0%2b0%2b0%2b1%20--%20',b'',0,0,1,0,4,0,bad 205 | GET,b'/util/serverStatusCheckService.jsp?HostName=-1%20OR%202%2b936-936-1=0%2b0%2b0%2b1',b'',0,0,0,0,2,0,bad 206 | GET,"b""/util/serverStatusCheckService.jsp?HostName=-1'%20OR%202%2b549-549-1=0%2b0%2b0%2b1%20or%20'vUtaJYyD'='""",b'',4,0,0,0,4,0,bad 207 | GET,"b""/util/serverStatusCheckService.jsp?HostName=-1'%20OR%202%2b624-624-1=0%2b0%2b0%2b1%20--%20""",b'',1,0,1,0,4,0,bad 208 | GET,"b""/util/serverStatusCheckService.jsp?HostName=0'XOR(if(now()=sysdate()%2csleep(9)%2c0))XOR'Z""",b'',2,0,0,5,0,1,bad 209 | GET,b'/util/serverStatusCheckService.jsp?HostName=1%00%c0%a7%c0%a2%252527%252522',b'',0,0,0,0,0,0,bad 210 | GET,"b""/util/serverStatusCheckService.jsp?HostName=1%20waitfor%20delay%20'0:0:6'%20--%20""",b'',2,0,1,0,5,2,bad 211 | GET,b'/util/serverStatusCheckService.jsp?HostName=1acuiLpt3w6nt9',b'',0,0,0,0,0,0,bad 212 | GET,"b""/util/serverStatusCheckService.jsp?HostName=4UlDS3Oe';%20waitfor%20delay%20'0:0:9'%20--%20""",b'',3,0,1,0,5,2,bad 213 | GET,b'/util/serverStatusCheckService.jsp?HostName=AltoroMutual',b'',0,0,0,0,0,0,bad 214 | GET,b'/util/serverStatusCheckService.jsp?HostName=JyI=',b'',0,0,0,0,0,0,bad 215 | GET,"b""/util/serverStatusCheckService.jsp?HostName=KU5Umu7O'));select%20pg_sleep(6);%20--%20""",b'',1,0,1,1,3,2,bad 216 | GET,b'/util/serverStatusCheckService.jsp?HostName=S6uO1gvO',b'',0,0,0,0,0,0,bad 217 | GET,"b""/util/serverStatusCheckService.jsp?HostName=eMyncPiA');select%20pg_sleep(3);%20--%20""",b'',1,0,1,1,3,2,bad 218 | GET,b'/util/serverStatusCheckService.jsp?HostName=if(now()=sysdate()%2csleep(6)%2c0)',b'',0,0,0,4,0,1,bad 219 | POST,b'/doLogin',b'btnSubmit=Login&passw=%40%40zQD7D&uid=1',0,0,0,0,0,1,bad 220 | POST,b'/doLogin',b'btnSubmit=Login&passw=%5c&uid=1',0,0,0,0,0,1,bad 221 | POST,b'/doLogin',"b'btnSubmit=Login&passw=%bf\'%bf""&uid=1'",1,1,0,0,0,1,bad 222 | POST,b'/doLogin',"b'btnSubmit=Login&passw=%f0\'\'%f0""""&uid=1'",2,2,0,0,0,1,bad 223 | POST,b'/doLogin',b'btnSubmit=Login&passw=-1%20OR%202%2b66-66-1=0%2b0%2b0%2b1&uid=1',0,0,0,0,2,1,bad 224 | POST,b'/doLogin',b'btnSubmit=Login&passw=-1%20OR%202%2b997-997-1=0%2b0%2b0%2b1%20--%20&uid=1',0,0,1,0,4,1,bad 225 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%20000808=000808%20AND%203%2b1-1-1=1%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,6,1,bad 226 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%202%2b1-1-1=1%20AND%20000808=000808%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,6,1,bad 227 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%202%2b1-1-1=1%20AND%20736=736%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,6,1,bad 228 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%202%2b173-173-1=0%2b0%2b0%2b1%20--%20&uid=1""",1,0,1,0,4,1,bad 229 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%202%2b736-736-1=0%2b0%2b0%2b1%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,4,1,bad 230 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%202%2b808-808-1=0%2b0%2b0%2b1%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,4,1,bad 231 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203%2b736-736-1=0%2b0%2b0%2b1%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,4,1,bad 232 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203%2b808-808-1=0%2b0%2b0%2b1%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,4,1,bad 233 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2*0=6%20AND%20000808=000808%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,6,1,bad 234 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2*0=6%20AND%20736=736%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,6,1,bad 235 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2*1=6%20AND%20000808=000808%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,6,1,bad 236 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2*1=6%20AND%20736=736%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,6,1,bad 237 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2<(0%2b5%2b736-736)%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,1,4,1,bad 238 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2<(0%2b5%2b808-808)%20or%20'ZccQBBVu'='&uid=1""",4,0,0,1,4,1,bad 239 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2=5%20AND%20000808=000808%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,6,1,bad 240 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2=5%20AND%20736=736%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,6,1,bad 241 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2=6%20AND%20000808=000808%20or%20'ZccQBBVu'='&uid=1""",4,0,0,0,6,1,bad 242 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2=6%20AND%20736=736%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,6,1,bad 243 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2>(0%2b5%2b736-736)%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,1,4,1,bad 244 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%203*2>(0%2b5%2b808-808)%20or%20'ZccQBBVu'='&uid=1""",4,0,0,1,4,1,bad 245 | POST,b'/doLogin',"b""btnSubmit=Login&passw=-1'%20OR%20736=736%20AND%203%2b1-1-1=1%20or%20'lk7xZYPZ'='&uid=1""",4,0,0,0,6,1,bad 246 | POST,b'/doLogin',b'btnSubmit=Login&passw=1%00%c0%a7%c0%a2%252527%252522&uid=1',0,0,0,0,0,1,bad 247 | POST,b'/doLogin',"b'btnSubmit=Login&passw=1\'""&uid=1'",1,1,0,0,0,1,bad 248 | POST,b'/doLogin',b'btnSubmit=Login&passw=1acuTtNVRT7x5f&uid=1',0,0,0,0,0,1,bad 249 | POST,b'/doLogin',b'btnSubmit=Login&passw=JyI=&uid=1',0,0,0,0,0,1,bad 250 | POST,b'/doLogin',b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=%40%40RCMkH',0,0,0,0,0,1,bad 251 | POST,b'/doLogin',b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=%5c',0,0,0,0,0,1,bad 252 | POST,b'/doLogin',"b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=%bf\'%bf""'",1,1,0,0,0,1,bad 253 | POST,b'/doLogin',"b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=%f0\'\'%f0""""'",2,2,0,0,0,1,bad 254 | POST,b'/doLogin',b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=1',0,0,0,0,0,1,bad 255 | POST,b'/doLogin',b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=1%00%c0%a7%c0%a2%252527%252522',0,0,0,0,0,1,bad 256 | POST,b'/doLogin',"b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=1\'""'",1,1,0,0,0,1,bad 257 | POST,b'/doLogin',b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=1acuuuKRbeZU2P',0,0,0,0,0,1,bad 258 | POST,b'/doLogin',b'btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=JyI=',0,0,0,0,0,1,bad 259 | POST,b'/doLogin',b'btnSubmit=Login&passw=g00dPa%2524%2524w0rD&uid=1',0,0,0,0,0,1,bad 260 | --------------------------------------------------------------------------------