BEK 2.0 Payloads – 2

This is an older uri format that is not seen as much lately.

HTTP Request Method = GET
HTTP URI = *.php?*

Regex URI for “\/[a-z0-9-_]+?\.php\?[a-z]{4,7}=[0-9]{10}&[a-z]{5,7}=[a-f0-9]{2,4}”

Examples:

hxxp://69.194.192.203/links/lies_deliberate.php?xuuorn=3736070804&ocrtq=3d&pfxwcdv=03370302073706343433&hinlzz=0a000300050002
hxxp://owner.muzafferkocer.com/watches/temporarily-directory_capable-displayed.php?aclklf=3736070804&smvgbd=4a&tfsyviv=02033506330804020307&zwrz=0302000300020002
hxxp://old.bestseopractices.info/watches/temporarily-directory_capable-displayed.php?smhirjt=3736070804&bbzylqr=44&cwrpqejm=02033506330804020307&ugtolj=0302000300020002
hxxp://209.59.223.163/links/deep_recover-result.php?ecnwz=0505360903&scxtzc=48&hmoxmn=05330b360a3333350307&rgf=0a0005000300040a0b
hxxp://209.59.223.163/links/deep_recover-result.php?vcoqe=0503333538&tycznaj=4a&iyp=05330b360a3333350307&hsupim=030200030005000405
hxxp://209.59.223.163/links/deep_recover-result.php?vcoqe=0503333538&tycznaj=4a&iyp=05330b360a3333350307&hsupim=030200030005000405
hxxp://needle.sewingmachineaccessoriess.info/watches/temporarily-directory_capable-displayed.php?gojw=3408020603&kpfldle=33&yrnfqes=02033506330804020307&dgsuhapp=02000200020002

Comments are closed.